# System Reform Open Questions (3 CEO Decisions)

# Open Questions — 3 CEO Decisions Pending

## OPEN QUESTION #1 — CRITICAL SECURITY

**Timestamp:** 2026-04-29T05:50:00Z  
**Project:** client/lumiscare (repo: github.com/johnatbasicas/vivacare)  
**Decision needed:** RSA private key files (MyPrivate.key, CAPrivate.key) are git-tracked and pushed to GitHub.

**CEO action required:**

1. Determine if these keys are in use (do they protect any live SSL endpoint?)
2. If yes: revoke and reissue immediately (treat as compromised)
3. Remove from git history via git filter-repo (requires force push)
4. Add \*.key, \*.pem to .gitignore in all client sub-projects

**Blast radius:** If keys are live SSL/TLS certs, they could be used for MITM attacks on whatever service they protect. If VivaCare/Lumiscare app, patient data could be at risk.

**Recommendation:** REVOKE IMMEDIATELY regardless of current use status. Exposed private keys are non-recoverable.

## OPEN QUESTION #2 — bih-tenders sunset

**Project:** bih-tenders  
**Decision needed:** CLAUDE.md says "Active" but MEMORY context confirms "BiH dead" post-Intesa/HR pivot. Should bih-tenders be formally deprecated and archived?

**Recommendation:** YES, deprecate. Mark status: "deprecated" in CLAUDE.md, run sunset procedure (Blueprint Section 4.9), archive project. No blast radius — not deployed, no customers.

## OPEN QUESTION #3 — tools/ directory confusion

**Project:** ~/projects/tools/ vs ~/system/tools/  
**Decision needed:** Should ~/projects/tools/ be renamed to ~/projects/autocoder/ or ~/projects/internal-tools/ to remove ambiguity?

**Recommendation:** Rename to ~/projects/autocoder/. This removes the naming collision with ~/system/tools/ (canonical ALAI runtime).

**File location:** /Users/makinja/system/specs/system-reform-open-questions.md  
**MC Task:** #10043  
**Tags:** system-reform-2026-04, MC-10043, petter-graff, CEO-decision