david.delagneau/fidelity-ai-workspace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add daily logs and templates for project fidelity

Browse Source 
- Created daily log entries for May 13, 14, 18, 19, 20, and 21, capturing work done, findings, and next steps.
- Established a daily logs index for easy navigation of daily notes.
- Developed templates for daily logs, decisions, meeting notes, people, systems, and work items to standardize documentation.
- Introduced base files for filtering and displaying various types of project knowledge, including daily notes, decisions, people, systems, work items, and workstreams.
- Added maps for current work, fidelity apps, and fidelity domain to enhance project navigation and context.
This commit is contained in:
David Delagneau
2026-05-21 12:28:07 -06:00
parent 7cbb49134a
commit 1ad707373a
203 changed files with 449 additions and 434 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
workspaces/fidelity/project-knowledge/02-work-items/pdiap-11961.md Normal file
View File

@@ -0,0 +1,39 @@
---
type: work-item
project: fidelity
status: backlog
ticket: PDIAP-11961
title: "Remediation of Exposed Secrets in XFlow iOS SDK - Request for Rotation/Invalidation"
systems: [xflowsdk]
workstreams: [security, backlog-triage]
people: [jeff-dewitte]
related: [pdiap-11962]
updated: 2026-05-05
tags:
- work-item
- fidelity
- security
---
# PDIAP-11961 - Remediation of Exposed Secrets in XFlow iOS SDK - Request for Rotation/Invalidation
## Status
- Backlog item; not assigned yet.
- Jeff relayed that this is not a priority yet, but asked David to keep the details noted for future reference.
---
## Context
- Related to the remaining Google API Key alerts not included in the previous `PDIAP-11962` closure.
- If key rotation or invalidation is required, David/XFlow likely needs backend support or clarification because Google API Key rotation is not owned directly by the XFlow iOS side.
---
## Historical Slack Context
- October 2025 Slack context describes `PDIAP-11961` as the request for rotation/invalidation of active exposed Google API keys.
- The active Google API keys were documented as still valid/in use by the service, so they were intentionally separated from inactive-secret closure evidence.
- `PDIAP-11962` was created as the second-phase closure story to run after `PDIAP-11961` invalidation/rotation work completed.
- Earlier investigation noted that the API key appeared in a service response and that GitHub was flagging the old commit where the key had been hard-coded and later removed.