Severity: Low — the leaked values are Composio reference identifiers, not credentials (useless without the Composio API key, which is not in the repo), and no OAuth tokens / message bodies / third-party PII are present. Parent: #306. Related: #305.
Problem
data.db-wal and data.db-shm (SQLite write-ahead-log sidecars) were committed in the initial setup commit d851160 and removed in 35a4999 — but they remain reachable in git history and are checkout-able from the public repo. (.gitignore already excludes *.db / *.db-wal / *.db-shm, so current HEAD is clean and this can't recur.)
Decoded blob contents (verified; values redacted here):
gmail_accounts table → gmail_connected_account_id = ca_Oxz…, ca_eEf…; gmail_pending_connection_id = ca_8h3…; auth_config_gmail = ac_qsg…; gmail_pending_entity_id = augmentagent-…- schema for
actions / config / emails / senders / gmail_accounts
- the
emails table was empty (freshly-initialized DB) — confirmed no message bodies, contact emails/names/phones, or OAuth/refresh/access tokens.
Exposure is limited to internal Composio identifiers + table schema. Low impact, but real and shouldn't sit in public history.
Fix
Acceptance
No data.db* blob is reachable from any ref; the identifiers no longer appear anywhere in history.
Filed from a manual publish-safety audit, 2026-06-24.
Severity: Low — the leaked values are Composio reference identifiers, not credentials (useless without the Composio API key, which is not in the repo), and no OAuth tokens / message bodies / third-party PII are present. Parent: #306. Related: #305.
Problem
data.db-walanddata.db-shm(SQLite write-ahead-log sidecars) were committed in the initialsetupcommitd851160and removed in35a4999— but they remain reachable in git history and are checkout-able from the public repo. (.gitignorealready excludes*.db/*.db-wal/*.db-shm, so current HEAD is clean and this can't recur.)Decoded blob contents (verified; values redacted here):
gmail_accountstable →gmail_connected_account_id = ca_Oxz…,ca_eEf…;gmail_pending_connection_id = ca_8h3…;auth_config_gmail = ac_qsg…;gmail_pending_entity_id = augmentagent-…actions/config/emails/senders/gmail_accountsemailstable was empty (freshly-initialized DB) — confirmed no message bodies, contact emails/names/phones, or OAuth/refresh/access tokens.Exposure is limited to internal Composio identifiers + table schema. Low impact, but real and shouldn't sit in public history.
Fix
git filter-repo --path data.db-wal --path data.db-shm --invert-paths— bundle into the single history rewrite alongside the companion path/authorship issues in this batch.ca_…/ac_…IDs are dead references.git log --all --diff-filter=A -- 'data.db-wal' 'data.db-shm'→ empty after rewrite.Acceptance
No
data.db*blob is reachable from any ref; the identifiers no longer appear anywhere in history.Filed from a manual publish-safety audit, 2026-06-24.