From c4b698f996cbd4fd32ecdc80fd3617085059382b Mon Sep 17 00:00:00 2001
From: Corey Haines <34802794+coreyhaines31@users.noreply.github.com>
Date: Tue, 17 Feb 2026 15:12:00 -0800
Subject: [PATCH] chore: harden repo for open source contributors

- Expand .gitignore with .env, .DS_Store, node_modules, editor files,
  and macOS iCloud duplicate patterns
- Add security section to CLI README warning against hardcoded keys
- Update AGENTS.md with CLI tools in repo structure and build commands
- Trash 40 macOS "2.md" duplicate files from working tree

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitignore           | 23 +++++++++++++++++++++++
 AGENTS.md            | 15 ++++++++++++---
 tools/clis/README.md |  9 +++++++++
 3 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 28fd24c..35fe046 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,25 @@
+# Dependencies
+node_modules/
+
+# Environment variables / secrets
+.env
+.env.*
+!.env.example
+
+# macOS
+.DS_Store
+**/. DS_Store
+
+# macOS / iCloud duplicate files
+* 2.*
+* 2/
+
 # Remotion video project
 video/
+
+# Editor
+*.swp
+*.swo
+*~
+.idea/
+.vscode/
diff --git a/AGENTS.md b/AGENTS.md
index f75797c..e562a60 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -20,6 +20,10 @@ marketingskills/
 ├── skills/                # Agent Skills
 │   └── skill-name/
 │       └── SKILL.md       # Required skill file
+├── tools/
+│   ├── clis/              # Zero-dependency Node.js CLI tools (51 tools)
+│   ├── integrations/      # API integration guides per tool
+│   └── REGISTRY.md        # Tool index with capabilities
 ├── CONTRIBUTING.md
 ├── LICENSE
 └── README.md
@@ -27,14 +31,19 @@ marketingskills/
 
 ## Build / Lint / Test Commands
 
-**Not applicable** - This is a content-only repository with no executable code.
-
-Verify manually:
+**Skills** are content-only (no build step). Verify manually:
 - YAML frontmatter is valid
 - `name` field matches directory name exactly
 - `name` is 1-64 chars, lowercase alphanumeric and hyphens only
 - `description` is 1-1024 characters
 
+**CLI tools** (`tools/clis/*.js`) are zero-dependency Node.js scripts (Node 18+). Verify with:
+```bash
+node --check tools/clis/<name>.js   # Syntax check
+node tools/clis/<name>.js           # Show usage (no args = help)
+node tools/clis/<name>.js <cmd> --dry-run  # Preview request without sending
+```
+
 ## Agent Skills Specification
 
 Skills follow the [Agent Skills spec](https://agentskills.io/specification.md).
diff --git a/tools/clis/README.md b/tools/clis/README.md
index 0e38cd9..53f85e8 100644
--- a/tools/clis/README.md
+++ b/tools/clis/README.md
@@ -88,6 +88,15 @@ Every CLI reads credentials from environment variables:
 | `wistia` | `WISTIA_API_KEY` |
 | `zapier` | `ZAPIER_API_KEY` |
 
+## Security
+
+**Never hardcode API keys or tokens in scripts.** All CLIs read credentials exclusively from environment variables.
+
+- Store keys in your shell profile (`~/.zshrc`, `~/.bashrc`) or a `.env` file
+- The `.env` file is gitignored — but double-check before committing
+- Use `--dry-run` on any command to preview the request without sending it (credentials are masked as `***`)
+- If you fork this repo, audit your commits to ensure no secrets are included
+
 ## Command Pattern
 
 All CLIs follow the same structure: