Initial commit: Fresh start with current state

2025-11-06 14:04:48 +01:00
commit 15355c35ea
20152 changed files with 1191077 additions and 0 deletions
--- a/.claude/SECURITY_NOTES.md
+++ b/.claude/SECURITY_NOTES.md
@@ -0,0 +1,125 @@
+# Security Notes for Claude Code Setup
+
+## Database Credentials
+
+### Current Configuration
+
+The database password is currently configured in `.mcp.json` in the `env` section:
+
+```json
+"env": {
+  "DB_PASSWORD": "1"
+}
+```
+
+### ⚠️ IMPORTANT: Moving to System Environment Variables
+
+**For production or shared repositories**, move the password to system environment variables:
+
+#### Windows (PowerShell)
+```powershell
+# Set for current session
+$env:DB_PASSWORD = "your-secure-password"
+
+# Set permanently (requires restart)
+[System.Environment]::SetEnvironmentVariable('DB_PASSWORD', 'your-secure-password', 'User')
+```
+
+#### Linux/Mac (Bash)
+```bash
+# Add to ~/.bashrc or ~/.zshrc
+export DB_PASSWORD="your-secure-password"
+
+# Then reload
+source ~/.bashrc
+```
+
+#### Update .mcp.json
+
+Remove the `env` section from the `database-server` configuration in `.mcp.json`:
+
+```json
+"database-server": {
+  "command": "npx",
+  "args": [
+    "-y",
+    "@executeautomation/database-server",
+    "--sqlserver",
+    "--server", "CS-UL-2560",
+    "--database", "TestDB",
+    "--user", "admin",
+    "--password", "${DB_PASSWORD}",
+    "--trustServerCertificate"
+  ]
+  // Remove the "env" section - use system environment variable instead
+}
+```
+
+### Alternative: Use .claude/settings.local.json
+
+For local development, you can also configure environment variables in `.claude/settings.local.json` (which is gitignored):
+
+```json
+{
+  "mcpServers": {
+    "database-server": {
+      "env": {
+        "DB_PASSWORD": "your-local-dev-password"
+      }
+    }
+  }
+}
+```
+
+## API Keys
+
+### Context7 API Key
+
+Currently configured in `.mcp.json`:
+```json
+"CONTEXT7_API_KEY": "ctx7sk-5515b694-54fc-442a-bd61-fa69fa8e6f1a"
+```
+
+**Recommendation**: For public repositories, move this to:
+1. System environment variable (preferred)
+2. `.claude/settings.local.json` (gitignored)
+
+## Best Practices
+
+1. ✅ **Never commit passwords to git**
+   - Use environment variables
+   - Use `.claude/settings.local.json` for local secrets
+   - Add secrets to `.gitignore`
+
+2. ✅ **Use least privilege**
+   - Database: Use read-only accounts when possible
+   - API Keys: Use restricted/scoped keys
+
+3. ✅ **Rotate credentials regularly**
+   - Change passwords periodically
+   - Regenerate API keys if exposed
+
+4. ✅ **Audit access**
+   - Review MCP server permissions in `.claude/settings.json`
+   - Log database operations
+   - Monitor API usage
+
+## Git Configuration
+
+Ensure sensitive files are ignored:
+
+```gitignore
+# In .gitignore
+.claude/settings.local.json
+.env
+.env.local
+*.key
+*.pem
+credentials.json
+```
+
+## Additional Resources
+
+- [Claude Code Security Documentation](https://docs.claude.com/en/docs/claude-code/security)
+- [MCP Security Best Practices](https://modelcontextprotocol.io/security)
+- [Environment Variables Guide](https://docs.claude.com/en/docs/claude-code/configuration#environment-variables)