From f1db85ceddd37b370491d57f8167b6294ad0861f Mon Sep 17 00:00:00 2001
From: bussyjd <jd@obol.tech>
Date: Wed, 13 Aug 2025 21:10:26 +0400
Subject: [PATCH 1/2] misc: improve security checks

---
 .githooks/pre-commit | 39 +++++++++++++++++++++++++++++++++++++++
 .gitignore           | 17 +++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100755 .githooks/pre-commit

diff --git a/.githooks/pre-commit b/.githooks/pre-commit
new file mode 100755
index 00000000..c2068c1b
--- /dev/null
+++ b/.githooks/pre-commit
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Pre-commit hook to prevent sensitive data leaks
+
+set -e
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m'
+
+echo "🔍 Checking for sensitive files..."
+
+# Critical patterns to block
+blocked_patterns=(
+    "canary-.*/"
+    "node[0-9]+/"
+    "cluster-lock\.json"
+    "validator_keys/"
+    "keystore-.*\.(json|txt)"
+    "charon-enr-private-key"
+    ".*private.*key"
+)
+
+found_issues=0
+for file in $(git diff --cached --name-only); do
+    for pattern in "${blocked_patterns[@]}"; do
+        if echo "$file" | grep -qE "$pattern"; then
+            echo -e "${RED}❌ BLOCKED: $file (matched: $pattern)${NC}"
+            found_issues=1
+        fi
+    done
+done
+
+if [ $found_issues -eq 0 ]; then
+    echo -e "${GREEN}✅ No sensitive files detected${NC}"
+else
+    echo -e "${RED}Remove sensitive files before committing!${NC}"
+    exit 1
+fi
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index be6f45cf..2ba94c10 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,20 @@ data/
 .charon
 prometheus/prometheus.yml
 commit-boost/config.toml
+
+# Cluster data and keys
+**/canary-*/
+**/node[0-9]*/
+**/cluster-lock.json
+**/validator_keys/
+**/keystore-*.json
+**/keystore-*.txt
+**/charon-enr-private-key
+
+# Dependencies
+**/node_modules/
+
+# Local test files
+test-*.yaml
+demo-*.yaml
+*.log

From a217272ea9211884c60e4c7378a7814e4a838c30 Mon Sep 17 00:00:00 2001
From: bussyjd <jd@obol.tech>
Date: Wed, 13 Aug 2025 21:11:56 +0400
Subject: [PATCH 2/2] chore: cleanup

---
 .gitignore | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index 2ba94c10..6babc6a2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,12 +21,4 @@ commit-boost/config.toml
 **/validator_keys/
 **/keystore-*.json
 **/keystore-*.txt
-**/charon-enr-private-key
-
-# Dependencies
-**/node_modules/
-
-# Local test files
-test-*.yaml
-demo-*.yaml
-*.log
+**/charon-enr-private-key
\ No newline at end of file