refactor(security): Remove hardcoded API keys and secure configuration (#1)

* refactor(security): Remove hardcoded API keys and secure configuration

Foundation Cleanup - Step 1 Complete ✅

Security improvements:
- Removed hardcoded Google API key from state_llm_integration.py
- All API keys now managed via .env file through SecureConfig
- Added support for OpenAI, Anthropic, DeepSeek API keys in .env.example
- Added detect-secrets pre-commit hook to prevent future leaks
- Added detect-private-key hook for additional protection

Configuration improvements:
- Updated config.yaml with FreeCAD AppImage path configuration
- Documented FreeCAD path for AppImage location
- Prepared for multi-provider LLM architecture (litellm)

Files modified:
- src/ai_designer/core/state_llm_integration.py
- .env.example
- config/config.yaml
- .pre-commit-config.yaml
- docs/EXECUTION_PLAN.md
- docs/IMPLEMENTATION_PLAN.md

Next: Step 2 - Replace exec() with safe execution sandbox

* refactor: consolidate documentation and improve linting setup

- Remove CI/CD workflows (.github/workflows/)
- Re-enable mypy in pre-commit configuration
- Consolidate 28 docs into 14 organized files (50% reduction)
- Create docs/guides/ and docs/advanced/ structure
- Preserve EXECUTION_PLAN.md as requested
- Delete IMPLEMENTATION_PLAN.md and redundant summaries
- Update README.md with new documentation structure

Consolidated docs:
- DeepSeek R1: 3 files → DEEPSEEK_R1_GUIDE.md
- Complex Shapes: 3 files → COMPLEX_SHAPES_GUIDE.md
- State Management: 2 files → STATE_GUIDE.md
- Security: 2 files → SECURITY_GUIDE.md
- Summaries: 5 files → PROJECT_STATUS.md

Linting improvements:
- mypy type checking re-enabled
- All security checks maintained (bandit, detect-secrets)
- Code formatting preserved (black, isort, flake8)

Author: Vansh5632

.env.example

@@ -2,18 +2,43 @@
 # Copy this file to .env and fill in your actual values
 # DO NOT commit .env to version control
 
+# ========================================
+# LLM Provider API Keys
+# ========================================
+
 # Google Generative AI API Key
 # Get your API key from: https://makersuite.google.com/app/apikey
 GOOGLE_API_KEY=your_google_api_key_here
 
-# Redis Configuration (if using Redis)
+# OpenAI API Key (for GPT-4o, GPT-4, etc.)
+# Get your API key from: https://platform.openai.com/api-keys
+OPENAI_API_KEY=your_openai_api_key_here
+
+# Anthropic API Key (for Claude models)
+# Get your API key from: https://console.anthropic.com/
+ANTHROPIC_API_KEY=your_anthropic_api_key_here
+
+# DeepSeek API Key (if using DeepSeek cloud API)
+# Get your API key from: https://platform.deepseek.com/
+DEEPSEEK_API_KEY=your_deepseek_api_key_here
+
+# ========================================
+# Redis Configuration
+# ========================================
 REDIS_HOST=localhost
 REDIS_PORT=6379
 REDIS_DB=0
+REDIS_PASSWORD=
 
+# ========================================
 # FreeCAD Configuration
-FREECAD_PATH=/path/to/freecad
-FREECAD_PYTHON_PATH=/path/to/freecad/python
+# ========================================
+# Path to FreeCAD AppImage or installation directory
+# Example AppImage: /home/username/Downloads/FreeCAD_1.0.1-conda-Linux-x86_64-py311.AppImage
+# Example system install: /usr/lib/freecad
+FREECAD_PATH=/home/vansh5632/Downloads/FreeCAD_1.0.1-conda-Linux-x86_64-py311.AppImage
+FREECAD_LIB_PATH=
+FREECAD_MOD_PATH=
 
 # Development Settings
 DEBUG=false

.github/workflows/ci.yml

@@ -1,17 +1,26 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
       - id: check-yaml
       - id: check-added-large-files
+        args: ['--maxkb=1000']
       - id: check-merge-conflict
       - id: debug-statements
       - id: check-docstring-first
       - id: check-json
       - id: check-toml
       - id: mixed-line-ending
+      - id: detect-private-key
+
+  # Secret detection - CRITICAL for security
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        args: ['--exclude-files', '.secrets.baseline']
 
   - repo: https://github.com/psf/black
     rev: 23.9.1
@@ -31,17 +40,16 @@ repos:
     hooks:
       - id: flake8
 
-  # Temporarily disabled mypy to focus on basic linting
-  # - repo: https://github.com/pre-commit/mirrors-mypy
-  #   rev: v1.5.1
-  #   hooks:
-  #     - id: mypy
-  #       additional_dependencies: [
-  #         types-PyYAML,
-  #         types-requests,
-  #         types-redis,
-  #       ]
-  #       args: [--config-file=mypy.ini]
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.5.1
+    hooks:
+      - id: mypy
+        additional_dependencies: [
+          types-PyYAML,
+          types-requests,
+          types-redis,
+        ]
+        args: [--config-file=mypy.ini]
 
   - repo: https://github.com/PyCQA/bandit
     rev: 1.7.5

.pre-commit-config.yaml

@@ -1,6 +1,16 @@
-api_key: "your_api_key_here"
+# API keys are now managed via .env file for security
+# See .env.example for required environment variables
 freecad_api_url: "http://localhost:8080"
 
+# FreeCAD Installation Configuration
+freecad:
+  # Path to FreeCAD AppImage or installation
+  # Can be overridden by FREECAD_PATH environment variable
+  appimage_path: "/home/vansh5632/Downloads/FreeCAD_1.0.1-conda-Linux-x86_64-py311.AppImage"
+  # These paths are auto-detected from AppImage, only set if custom installation
+  lib_path: ""
+  mod_path: ""
+
 # DeepSeek R1 Local Configuration
 deepseek:
   enabled: true