repo-cloak-cli 1.3.2 → 1.3.4

package/DEVELOPMENT.md

@@ -0,0 +1,74 @@
+# Development Guide
+
+This guide explains how to set up, run, and test `repo-cloak` locally during development.
+
+## Prerequisites
+
+Ensure you have Node.js (>=18.0.0) installed on your system.
+
+## Setup
+
+First, install the project dependencies:
+
+```bash
+npm install
+```
+
+## Running the CLI Locally
+
+If you want to manually test the CLI functionality without installing it globally, you can execute the main bin file directly:
+
+```bash
+# Start the interactive menu
+npm start
+
+# Or run specific commands directly
+node bin/repo-cloak.js pull
+node bin/repo-cloak.js pull --source ./my-project --dest ./extracted
+```
+
+## Global Local Testing (Recommended)
+
+To test how the CLI behaves globally on your machine (using the `repo-cloak` command anywhere), you can create a symlink from your global `node_modules` to your local project directory using `npm link`.
+
+1. Run this inside the project folder (`repo-cloak`):
+
+```bash
+npm link
+```
+
+2. You can now open any other folder on your computer and test your local changes by simply running:
+
+```bash
+repo-cloak pull
+```
+
+3. When you are done testing and want to remove the symlink, run:
+
+```bash
+npm unlink -g repo-cloak-cli
+```
+
+## Running Tests
+
+This project uses **Vitest** for unit testing.
+
+To run the test suite once:
+
+```bash
+npm test
+```
+
+To run tests in watch mode (automatically re-runs when you save changes):
+
+```bash
+npm run test:watch
+```
+
+## Linting
+
+To check for code style issues using ESLint:
+
+```bash
+npm run lint
+```

package/LINKEDIN.md

@@ -0,0 +1,14 @@
+The race to adopt AI in software development is well underway. Teams that have embraced it are shipping faster, iterating more confidently, and scaling their output in ways that were not possible a year ago.
+
+For enterprise teams, the challenge is different. The codebases they work on carry proprietary logic, internal architecture, and sensitive data that cannot be exposed to external tools. Blocking AI entirely preserves security but costs velocity. Allowing unrestricted access gains velocity but introduces risk.
+
+There is a middle ground worth exploring: controlled, anonymized workspaces where AI operates on the structure and patterns of enterprise code without ever accessing the proprietary source itself. A cloaked environment that gives AI enough context to deliver real value, while maintaining the isolation that enterprise governance requires.
+
+Explored this approach and built Repo-Cloak, an open-source CLI tool that creates these safe, isolated workspaces with automated secret scanning and encrypted reversible mappings. Changes push back into the original repository cleanly, as if AI had been working on the real codebase all along.
+
+Enterprise AI adoption does not have to be all or nothing.
+
+📖 Read the full breakdown here: [Article Link]
+🔧 Try the tool: https://www.npmjs.com/package/repo-cloak-cli
+
+#EnterpriseAI #SoftwareEngineering #CodeSecurity #DeveloperProductivity #OpenSource

package/MEDIUM.md

@@ -0,0 +1,335 @@
+# Repo-Cloak CLI: Enterprise AI Adoption Doesn't Have to Be All or Nothing
+
+Across the industry, engineering teams are embracing AI coding tools and seeing real results. Faster refactors. Better test coverage. Quicker turnaround on features. Organizations that have gone all-in on AI-assisted development are shipping faster than ever, and the gap between them and everyone else is widening.
+
+Enterprise teams see this happening. They want that same velocity. But they also sit on codebases full of proprietary business logic, internal architecture, customer data flows, and credentials that cannot leave controlled boundaries. Security says no. Compliance says no. And honestly, they are right to say no.
+
+So developers do what they can: copy a few functions into a chat window, rename some symbols by hand, paste the output back, and hope nothing sensitive slipped through. It works, sort of, but it is slow, inconsistent, and impossible to audit.
+
+The result is a frustrating middle ground. Teams that fully block AI tools lose velocity and risk their best engineers getting frustrated. Teams that fully embrace AI tools without guardrails take on exposure they may not fully understand. Neither extreme works well for organizations that need both speed and control.
+
+**What if there was a middle path?**
+
+This article explores one such approach, where developers work with AI on **anonymized abstractions** of their codebase rather than the real thing. AI gets the structural context it needs to produce high-quality output. The proprietary code, the real names, and the secrets never leave the building. And the changes push back cleanly into the original repository, as if AI had been working on the real codebase all along.
+
+---
+
+## Why AI Needs More Than Snippets
+
+AI coding assistants produce dramatically better results when they see real project structure. Hand them a single isolated function, and the output is generic. Hand them a realistic project slice with folder hierarchies, dependency relationships, and naming conventions, and the results transform: meaningful refactors, accurate test generation, pattern-aware code scaffolding.
+
+But realistic project slices contain exactly what enterprises protect most carefully.
+
+```text
+  ┌──────────────────────────────────┐
+  │    Full Enterprise Codebase      │
+  └──────────┬───────────────────────┘
+             │
+  ╔══════════╧═══════════════════════════════╗
+  ║          PROPRIETARY CODE                ║
+  ║                                          ║
+  ║   Business    Internal    Secrets &      ║
+  ║    Logic      Naming     Credentials     ║
+  ║                                          ║
+  ║           Architecture Patterns          ║
+  ║                                          ║
+  ╚════════════════════╤═════════════════════╝
+                       │
+                       ▼
+          ╔══════════════════════════════╗
+          ║  Cannot expose to external  ║
+          ║  tools without controls     ║
+          ╚══════════════════════════════╝
+```
+
+The key insight is this: AI does not actually need the proprietary code itself. It needs the **structure, patterns, and relationships** to reason about. If you can give AI a project that looks and behaves like the real thing architecturally, but with all identifying details swapped out, it can still produce excellent work. And that work can be mapped straight back into the original codebase.
+
+That is the core idea behind **Repo-Cloak**, an open-source CLI tool that creates anonymized workspaces from enterprise codebases.
+
+---
+
+## How It Works
+
+Rather than giving AI tools direct access to source control, you create a deliberate boundary: a cloaked workspace that contains only the files you choose, with identifiers anonymized and secrets caught before anything crosses the line.
+
+```text
+  ╔═══════════════════════════════════════════════╗
+  ║          ENTERPRISE BOUNDARY                  ║
+  ║                                               ║
+  ║   ┌───────────────────────────────────────┐   ║
+  ║   │       Original Repository             │   ║
+  ║   │   (Full source, secrets, real names)   │   ║
+  ║   └──────────────────┬────────────────────┘   ║
+  ╚══════════════════════╪════════════════════════╝
+                         │
+             1. Select specific files (opt-in)
+                         │
+                         ▼
+              ┌─────────────────────┐
+              │   Secret Detection  │
+              │  (20+ categories)   │
+              └──────────┬──────────┘
+                         │
+             2. Scan for embedded secrets
+                         │
+                         ▼
+              ┌─────────────────────┐
+              │    Anonymization    │
+              │  (Case-preserving)  │
+              └──────────┬──────────┘
+                         │
+             3. Rewrite identifiers
+                         │
+                         ▼
+  ┌───────────────────────────────────────────────┐
+  │            CLOAKED WORKSPACE                  │
+  │   Selected files, anonymized identifiers      │
+  │   Safe for AI tools                           │
+  │                                               │
+  │   .repo-cloak-map.json (AES-256 encrypted)    │
+  └──────────────────┬────────────────────────────┘
+                     │
+         4. Collaborate with AI tools
+                     │
+                     ▼
+          ┌─────────────────────┐
+          │   Reverse Mapping   │
+          │  (Decrypt + Merge)  │
+          └──────────┬──────────┘
+                     │
+         5. Restore into original repo
+                     │
+                     ▼
+  ╔═══════════════════════════════════════════════╗
+  ║       Changes land back with real names       ║
+  ║       Ready for code review and testing       ║
+  ╚═══════════════════════════════════════════════╝
+```
+
+From the AI's perspective, this is just another project to work on. From the organization's perspective, the proprietary code never left. Only its anonymized abstraction did.
+
+---
+
+## Giving AI the Right Context, Nothing More
+
+### Smart File Selection
+
+Nothing leaves the repository boundary unless you explicitly choose it. You navigate the directory tree and opt in, file by file. For teams using Git, this gets even sharper:
+
+```text
+               ┌────────────────────┐
+               │  Git Repository    │
+               │  Detected          │
+               └─────────┬──────────┘
+                         │
+              How would you like to select?
+                         │
+          ┌──────────────┼──────────────┐
+          │              │              │
+          ▼              ▼              ▼
+   ┌─────────────┐┌─────────────┐┌─────────────┐
+   │ Uncommitted ││  Specific   ││   Manual    │
+   │  Changes    ││  Commits    ││  Selection  │
+   │ (working    ││ (by hash or ││  (browse    │
+   │  directory) ││  history)   ││  full tree) │
+   └──────┬──────┘└──────┬──────┘└──────┬──────┘
+          │              │              │
+          └──────────────┼──────────────┘
+                         │
+                         ▼
+              ┌─────────────────────┐
+              │   Selected Files    │
+              └─────────────────────┘
+```
+
+You can target a specific commit, select from recent history, or pull only uncommitted work. AI assistance gets scoped to exactly the delta that matters, not the entire codebase.
+
+### Anonymization That Preserves Structure
+
+This is the piece that makes the approach practical. Identifiers get rewritten, but the project structure stays architecturally identical. AI sees real folder hierarchies, real dependency relationships, real naming patterns. It just does not see _your_ names.
+
+```text
+ ORIGINAL                                CLOAKED
+ ─────────────────────────────           ─────────────────────────────
+ 📂 xcorp-platform/                      📂 acme-platform/
+ ├── 📂 XCorpServices/                   ├── 📂 AcmeServices/
+ │   ├── XCorpPaymentService.cs          │   ├── AcmePaymentService.cs
+ │   ├── XCorpInventoryService.cs        │   ├── AcmeInventoryService.cs
+ │   └── IXCorpNotification.cs           │   └── IAcmeNotification.cs
+ ├── 📂 config/                          ├── 📂 config/
+ │   └── xcorp-settings.json             │   └── acme-settings.json
+ └── 📂 tests/                           └── 📂 tests/
+     └── XCORP_INTEGRATION_TEST.cs           └── ACME_INTEGRATION_TEST.cs
+```
+
+Every casing convention is preserved: `XCorp` becomes `Acme`, `xcorp` becomes `acme`, `XCORP` becomes `ACME`. When AI generates code changes against this workspace, those changes map straight back to the real codebase with a single push command. No manual rename gymnastics. No stitching things back together.
+
+### Secret Scanning Before Anything Moves
+
+Even with anonymized names, enterprise codebases often harbour embedded secrets: API keys left in config files, database connection strings from prototyping, private keys committed years ago. The tool scans every selected file for 20+ categories of sensitive data before extraction happens.
+
+```text
+              ┌─────────────────────┐
+              │   Selected Files    │
+              └──────────┬──────────┘
+                         │
+                         ▼
+              ┌─────────────────────┐
+              │   Secret Scanner    │
+              │   (20+ patterns)    │
+              └──────────┬──────────┘
+                         │
+     ┌───────────┬───────┼───────┬───────────┐
+     │           │       │       │           │
+     ▼           ▼       ▼       ▼           ▼
+  Cloud       Platform Payment Crypto   Infrastructure
+  Keys        Tokens   Keys   Material  & Credentials
+ (AWS,Google) (GitHub, (Stripe)(RSA,DSA) (DB strings,
+              Slack)                     JWTs, OAuth)
+     │           │       │       │           │
+     └───────────┴───────┼───────┴───────────┘
+                         │
+                    Any findings?
+                         │
+              ┌──────────┴──────────┐
+              │                     │
+              ▼                     ▼
+     ┌─────────────────┐   ┌─────────────────┐
+     │   HALT           │   │   CLEAN          │
+     │   Show file and  │   │   Proceed with   │
+     │   line number.   │   │   extraction     │
+     │   Require user   │   │                  │
+     │   confirmation.  │   │                  │
+     └─────────────────┘   └─────────────────┘
+```
+
+If anything triggers, the process halts. File name and line number are displayed. The developer must explicitly confirm before proceeding. The default is no.
+
+---
+
+## A Sample Workflow: Generating Test Cases Without Exposing Business Logic
+
+To see how this plays out in practice, consider a common scenario.
+
+A developer on an enterprise team needs comprehensive test coverage for a payment processing module. The business logic inside the service layer is proprietary, but the **interfaces, abstractions, and frontend forms** that interact with it are not. They contain no trade secrets. They just define the shape of the system.
+
+Here is how the workflow looks:
+
+```text
+  Step 1: Developer runs `repo-cloak pull`
+  ──────────────────────────────────────────────────────────────
+
+  The tool detects a Git repository and asks how to select files.
+  The developer chooses "Manual Selection" and picks only:
+
+     ✓  IPaymentService.cs          (interface)
+     ✓  IPaymentValidator.cs        (interface)
+     ✓  PaymentRequest.cs           (DTO / model)
+     ✓  PaymentResponse.cs          (DTO / model)
+     ✓  PaymentForm.tsx             (frontend form)
+     ✓  PaymentForm.test.tsx        (existing tests)
+     ✗  PaymentService.cs           (proprietary logic — skipped)
+     ✗  PaymentGatewayAdapter.cs    (proprietary integration — skipped)
+     ✗  appsettings.json            (credentials — skipped)
+
+  Step 2: Secret scanner runs automatically
+  ──────────────────────────────────────────────────────────────
+
+  All selected files are scanned. No secrets found. Extraction proceeds.
+
+  Step 3: Anonymization applied
+  ──────────────────────────────────────────────────────────────
+
+  "XCorp" → "Acme" across file names, folder paths, and contents.
+  A cloaked workspace is created with the anonymized files.
+
+  Step 4: AI generates test cases
+  ──────────────────────────────────────────────────────────────
+
+  The developer opens the cloaked workspace in their IDE with
+  an AI assistant. The AI can see:
+
+     •  The interface contracts (what the service promises to do)
+     •  The data models (what goes in and comes out)
+     •  The frontend form (what the user interacts with)
+     •  The existing test patterns (how tests are structured)
+
+  It generates comprehensive test cases covering:
+     •  Validation edge cases
+     •  Missing field handling
+     •  Boundary conditions on payment amounts
+     •  Form submission error states
+     •  Integration contract tests against the interface
+
+  Step 5: Push changes back
+  ──────────────────────────────────────────────────────────────
+
+  Developer runs `repo-cloak push`. All anonymized names revert
+  to originals. The new test files land in the real repository,
+  ready for code review.
+```
+
+The AI never saw the payment processing logic, the gateway integration, or the credentials. It only saw the abstractions, the shapes, and the patterns. And that was enough to generate meaningful, production-quality test coverage.
+
+This same approach works for other scenarios: generating API documentation from controller signatures, scaffolding new features based on existing patterns, or exploring refactoring strategies across a service boundary. The developer always controls what goes in, and the proprietary core stays untouched.
+
+---
+
+## Pushing Changes Back
+
+This is where the approach pays off. AI generates code against the anonymized workspace. When that work is ready to come home, the mapping (AES-256 encrypted, tied to a local key) reverses every replacement, remaps file paths, and deposits the modified files cleanly into the original repository.
+
+The result is a conventional changeset, ready for code review and testing, as if AI had been working on the real codebase directly. Except it never was.
+
+---
+
+## Where This Fits
+
+```text
+  ┌─────────────────────────────────────────────────────┐
+  │         Existing Enterprise Controls                │
+  │                                                     │
+  │   Access Controls   Security Policies   Contracts   │
+  └─────────────────────────┬───────────────────────────┘
+                            │
+                       works alongside
+                            │
+  ┌─────────────────────────┼───────────────────────────┐
+  │         Repo-Cloak Layer                            │
+  │                                                     │
+  │   Scoped Exposure ........... Opt-in file selection  │
+  │   Secret Detection .......... Automated scanning    │
+  │   Encrypted Mappings ........ AES-256 at rest       │
+  │   Audit Trail ............... Timestamped history   │
+  │   Local Processing .......... Zero external calls   │
+  │                                                     │
+  └─────────────────────────┬───────────────────────────┘
+                            │
+                            ▼
+              ┌───────────────────────────┐
+              │  Controlled AI Adoption   │
+              │  with Audit Trail         │
+              └───────────────────────────┘
+```
+
+This is not a replacement for access controls or compliance frameworks. It is a practical layer that works alongside them. It also does not obfuscate control flow or prevent logical inference about what a component does. AI needs real structure to be useful, so the approach preserves it. What it removes are the obvious identifiers, secrets, and exposure surface that make enterprise teams uncomfortable.
+
+---
+
+## Finding the Balance
+
+Some organizations are going all-in on AI and seeing massive returns. Others have locked it out entirely, and their developers feel it every day. Most enterprise teams sit somewhere in between, wanting the efficiency but unsure how to get there without the risk.
+
+This approach offers one way to find that balance. It is not the only way, and it is not a silver bullet. But it turns an all-or-nothing decision into something more nuanced: _"Which parts of our codebase can benefit from AI assistance, and how do we expose them safely?"_
+
+The codebase stays in its guarded world. The developers get the productivity boost that modern tooling delivers. And the organization gets a governance trail it can actually trust.
+
+---
+
+**Repo-Cloak is open source and available on npm.**
+
+```bash
+npm install -g repo-cloak-cli
+```
+
+[GitHub Repository](https://github.com/iamshz97/repo-cloak) · Works on macOS, Windows, and Linux · MIT License

package/README.md

@@ -1,8 +1,10 @@
 # repo-cloak 🎭
 
+> ⚠️ **ARCHIVED**: This CLI project is no longer actively maintained. All new development has moved to the official [Repo-Cloak VS Code Extension](https://github.com/iamshz97/repo-cloak-vs-code).
+
 > **Selectively extract and anonymize files from repositories**
 
-Perfect for sharing code with AI agents without exposing proprietary details. Extract specific files, replace sensitive information (company names, project names, etc.), and restore them later.
+Create controlled, anonymized workspaces from enterprise codebases. Perfect for sharing code with AI agents without exposing proprietary details. Extract specific files, replace sensitive information, scan for secrets, and restore changes later.
 
 [![npm version](https://img.shields.io/npm/v/repo-cloak-cli.svg)](https://www.npmjs.com/package/repo-cloak-cli)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
@@ -10,10 +12,13 @@ Perfect for sharing code with AI agents without exposing proprietary details. Ex
 ## ✨ Features
 
 - 🔍 **Interactive file browser** - Navigate and select files with a beautiful TUI
-- 🎭 **Smart anonymization** - Replace sensitive keywords while preserving case
-- 📁 **Structure preservation** - Maintains original folder hierarchy
+- 🎭 **Smart anonymization** - Replace sensitive keywords while preserving case (UPPER, lower, TitleCase)
+- 📁 **Structure preservation** - Maintains original folder hierarchy, file names, and paths
 - 🔄 **Push/Pull workflow** - Extract files, work on them, push back with original names
-- 💾 **Mapping file** - Tracks all replacements for seamless restoration
+- 🔐 **Encrypted mappings** - AES-256 encrypted mapping file tied to a local secret key
+- 🛡️ **Secret scanning** - Automatically detects API keys, tokens, credentials, and secrets before extraction
+- 📂 **Git-aware selection** - Pull files from specific commits, recent history, or uncommitted changes
+- 🤖 **AI agent context** - Auto-generates AGENTS.md in cloaked workspaces to guide AI assistants
 - 🌍 **Cross-platform** - Works on Windows, macOS, and Linux
 
 ## 📦 Installation
@@ -22,12 +27,6 @@ Perfect for sharing code with AI agents without exposing proprietary details. Ex
 npm install -g repo-cloak-cli
 ```
 
-### To install locally
-
-```bash
-npm install D:\Projects\repo-cloak
-```
-
 Or use directly with npx:
 
 ```bash
@@ -47,10 +46,23 @@ repo-cloak pull --source ./my-project --dest ./extracted
 ```
 
 1. Select files/folders to extract
-2. Enter destination path
+2. Secret scanner checks for embedded credentials
 3. Add keyword replacements (e.g., "Microsoft Corp" → "ACME Inc")
 4. Confirm and extract!
 
+### Pull from Git Commits
+
+```bash
+# Pull files changed in a specific commit
+repo-cloak pull --commit a1b2c3d
+
+# Pull files from multiple commits
+repo-cloak pull --commit a1b2c3d e4f5g6h
+
+# Browse and select from recent commits interactively
+repo-cloak pull --list-commits 10
+```
+
 ### Push (Restore)
 
 ```bash
@@ -78,29 +90,53 @@ repo-cloak push --force
 ## 🎯 Use Cases
 
 - **AI Code Review** - Share proprietary code with AI tools by anonymizing company/project names
+- **Test Generation** - Expose interfaces and DTOs to AI for generating test coverage without revealing business logic
 - **Open Source Templates** - Extract project templates while removing internal references
 - **Code Samples** - Create sanitized examples from production code
 - **Compliance** - Remove sensitive identifiers before sharing code externally
 
+## 🛡️ Secret Scanning
+
+Before any file leaves your repository, Repo-Cloak scans for **20+ categories** of sensitive data:
+
+| Category               | Examples                                                        |
+| ---------------------- | --------------------------------------------------------------- |
+| Cloud Keys             | AWS Access Keys, Google API Keys, Azure tokens                  |
+| Platform Tokens        | GitHub PATs, Slack tokens, Discord bot tokens                   |
+| Payment Keys           | Stripe live & test keys                                         |
+| Cryptographic Material | RSA, DSA, OpenSSH private keys                                  |
+| Authentication         | JWTs, Bearer tokens, OAuth access tokens                        |
+| Infrastructure         | Database connection strings (PostgreSQL, MongoDB, MySQL, Redis) |
+| Credentials            | Passwords, secrets, and passphrase assignments                  |
+| Service Keys           | Heroku, Mailgun, and other platform-specific keys               |
+
+If secrets are detected, extraction halts with a warning showing exact file and line numbers. You must explicitly confirm before proceeding.
+
 ## 📋 Commands
 
-| Command | Description |
-|---------|-------------|
-| `repo-cloak` | Interactive menu to choose pull or push |
-| `repo-cloak pull` | Extract and anonymize files |
-| `repo-cloak push` | Restore files with original names |
-| `repo-cloak --help` | Show help |
-| `repo-cloak --version` | Show version |
+| Command                           | Description                             |
+| --------------------------------- | --------------------------------------- |
+| `repo-cloak`                      | Interactive menu to choose pull or push |
+| `repo-cloak pull`                 | Extract and anonymize files             |
+| `repo-cloak pull --commit <hash>` | Pull files from specific commits        |
+| `repo-cloak pull --list-commits`  | Select from recent commit history       |
+| `repo-cloak push`                 | Restore files with original names       |
+| `repo-cloak --help`               | Show help                               |
+| `repo-cloak --version`            | Show version                            |
 
 ## 🔧 Options
 
 ### Pull Options
+
 - `-s, --source <path>` - Source directory (default: current directory)
 - `-d, --dest <path>` - Destination directory
+- `-c, --commit <hash...>` - Pull files from specific commit(s)
+- `-l, --list-commits [count]` - List and select from recent commits (default: 10)
 - `-f, --force` - Force pull all files (skip prompts, requires existing mapping)
 - `-q, --quiet` - Minimal output
 
 ### Push Options
+
 - `-s, --source <path>` - Cloaked backup directory
 - `-d, --dest <path>` - Destination directory
 - `-f, --force` - Force push/restore all files (skip confirmation)
@@ -110,20 +146,26 @@ repo-cloak push --force
 
 1. **Pull** creates a `.repo-cloak-map.json` file in the destination that stores:
    - Original source path
-   - All keyword replacements
-   - File list with mappings
-   - Timestamp
+   - All keyword replacements (encrypted with AES-256)
+   - File list with path mappings
+   - Pull history with timestamps
+
+2. **Secret Scanner** runs automatically on all selected files before extraction, checking for API keys, tokens, credentials, private keys, and database connection strings.
+
+3. **AGENTS.md** is auto-generated in the cloaked workspace to instruct AI agents about the partial, anonymized nature of the repository and guide their behavior.
 
-2. **Push** reads this mapping file to:
+4. **Push** reads the encrypted mapping file to:
    - Reverse all keyword replacements
    - Restore files to original or new location
 
 ## 🔒 Privacy by Design
 
 - No data is sent to any external servers
-- All processing happens locally
+- All processing happens locally on your machine
+- Mapping files are AES-256 encrypted with locally generated keys
 - Binary files are copied without modification
 - Hidden files and common ignored directories (node_modules, .git) are skipped
+- Secret scanning catches embedded credentials before extraction
 
 ## 🤝 Contributing
 

package/SLIDES-TO-GENERATE-BY-NOTEBOOK-LLM.md

@@ -0,0 +1,52 @@
+# Slides for NotebookLM
+
+Style: Apple minimalistic. White background, dark text, one accent color (blue), no shadows/gradients, rounded boxes, generous whitespace.
+
+---
+
+## Slide 1: The Enterprise AI Dilemma
+
+A large rounded box labeled "Enterprise Codebase". Inside it, four items in a grid: Business Logic, Internal Naming, Secrets & Credentials, Architecture Patterns. Label the box "Proprietary Code". Below it: "Cannot expose to external tools without controls" in muted red.
+
+---
+
+## Slide 2: The Cloaked Workspace Flow
+
+Vertical flow, five steps connected by arrows top to bottom:
+
+1. Original Repository (inside "Enterprise Boundary" border)
+2. Secret Detection (20+ categories)
+3. Anonymization (Case-preserving)
+4. Cloaked Workspace (Safe for AI tools)
+5. Reverse Mapping (Decrypt + Merge)
+   Arrow from step 5 loops back to step 1: "Changes restored".
+
+---
+
+## Slide 3: Git-Aware File Selection
+
+One box at top: "Git Repository Detected". Three boxes below side by side: "Uncommitted Changes", "Specific Commits", "Manual Selection". All three connect to one box at bottom: "Selected Files".
+
+---
+
+## Slide 4: Anonymization
+
+Two columns. Left: "Original" showing xcorp-platform/ with XCorpServices/, XCorpPaymentService.cs, xcorp-settings.json. Right: "Cloaked" showing acme-platform/ with AcmeServices/, AcmePaymentService.cs, acme-settings.json. Arrow between columns. Monospaced file names.
+
+---
+
+## Slide 5: Secret Scanner
+
+Flow: "Selected Files" → "Secret Scanner (20+ patterns)" → five categories in a row (Cloud Keys, Platform Tokens, Payment Keys, Crypto Material, Infrastructure). Below: two outcomes side by side. Left: "HALT - Show file + line, require confirmation" (red). Right: "CLEAN - Proceed" (green).
+
+---
+
+## Slide 6: What Gets Selected vs. Skipped
+
+Two-column list. Left (green checkmarks): IPaymentService.cs, IPaymentValidator.cs, PaymentRequest.cs, PaymentResponse.cs, PaymentForm.tsx, PaymentForm.test.tsx. Right (red crosses): PaymentService.cs (proprietary), PaymentGatewayAdapter.cs (proprietary), appsettings.json (credentials).
+
+---
+
+## Slide 7: Where Repo-Cloak Fits
+
+Two stacked boxes. Top (gray): "Existing Controls" with Access Controls, Security Policies, Contracts. Bottom (blue tint): "Repo-Cloak Layer" with Scoped Exposure, Secret Detection, Encrypted Mappings, Audit Trail, Local Processing. Label between: "works alongside". Below both: "Controlled AI Adoption with Audit Trail".