System Reform Open Questions (3 CEO Decisions)

Open Questions — 3 CEO Decisions Pending OPEN QUESTION #1 — CRITICAL SECURITY Timestamp: 2026-04-29T05:50:00Z Project: client/lumiscare (repo: github.com/johnatbasicas/vivacare) Decision needed: RSA private key files (MyPrivate.key, CAPrivate.key) are git-tracked and pushed to GitHub. CEO action required: Determine if these keys are in use (do they protect any live SSL endpoint?) If yes: revoke and reissue immediately (treat as compromised) Remove from git history via git filter-repo (requires force push) Add *.key, *.pem to .gitignore in all client sub-projects Blast radius: If keys are live SSL/TLS certs, they could be used for MITM attacks on whatever service they protect. If VivaCare/Lumiscare app, patient data could be at risk. Recommendation: REVOKE IMMEDIATELY regardless of current use status. Exposed private keys are non-recoverable. OPEN QUESTION #2 — bih-tenders sunset Project: bih-tenders Decision needed: CLAUDE.md says "Active" but MEMORY context confirms "BiH dead" post-Intesa/HR pivot. Should bih-tenders be formally deprecated and archived? Recommendation: YES, deprecate. Mark status: "deprecated" in CLAUDE.md, run sunset procedure (Blueprint Section 4.9), archive project. No blast radius — not deployed, no customers. OPEN QUESTION #3 — tools/ directory confusion Project: ~/projects/tools/ vs ~/system/tools/ Decision needed: Should ~/projects/tools/ be renamed to ~/projects/autocoder/ or ~/projects/internal-tools/ to remove ambiguity? Recommendation: Rename to ~/projects/autocoder/. This removes the naming collision with ~/system/tools/ (canonical ALAI runtime). File location: /Users/makinja/system/specs/system-reform-open-questions.md MC Task: #10043 Tags: system-reform-2026-04, MC-10043, petter-graff, CEO-decision