How a Clean Repository Became Our First Real Credential

We were three days from pushing AI Agents Salebot to GitLab—94 files, 30,000 lines of Python, everything supposedly ready. Then reality hit: our .gitignore was a lie.

The project had grown organically. Every sprint left artifacts we stopped noticing. Local databases scattered in data/. Development notes in docs/archive/ that meant nothing outside our heads. Vosk speech recognition models, each several megabytes, justified during development but indefensible in a public repository. Worse, a .env file with actual credentials instead of .env.example as a template.

Most developers would have pushed anyway. We didn’t.

The first decision was about licensing. MIT felt too permissive for code handling API authentication and security logic. We switched to GPL-3.0—copyleft teeth that ensure anyone building on our work must open-source their improvements. Two minutes to update the LICENSE file, but it changed everything we were saying about what should be free.

Then came the aggressive editing. docs/archive/ went completely. Local logs, gone. The Vosk models, precious as they’d been during development, couldn’t justify their weight. We kept .env.example for bootstrap guidance and removed everything else that was environment-specific or temporary.

The structure that emerged was boring in the best way: src/ for modules, tests/ for pytest suites, scripts/ for utilities. Standard, unsexy, exactly right.

Initialization mattered more than I expected. We used git init --initial-branch=main --object-format=sha1, explicitly choosing SHA-1 for GitLab compatibility instead of letting Git decide. The first real commit—hash 4ef013c—contained exactly what belonged: the entry point bot.py, all 17 Python modules with their async patterns intact, test suites, documentation. Nothing else. No mystery files. No “we’ll figure this out later.”

Here’s what surprised me: this cleanup work wasn’t about perfection. It was about respect. When someone clones your repository, they deserve exactly what works, nothing more. No extraneous models slowing their install. No abandoned notes in the history. No local configuration bleeding through.

We pushed to GitLab expecting smooth sailing. DNS hiccups happened (naturally), but the repository itself was solid. Clean history. Clear purpose. Protected intent.

The technical debt we almost shipped with would have haunted us through first contributions. Instead, we made a choice: work quietly, clean thoroughly, then show up ready. That’s how open source earns credibility—not through feature count, but through respect for the person who clones your code at 2 AM to understand how something works.

Fun fact: There are only 10 kinds of people in this world—those who know binary, and those who don’t. 😄