chore: merkwerk auto-update

- Remove production_test_sequence.sh (DAW-specific production tests)
- Remove setup_env.sh (obsolete .env setup, replaced by furt.conf)
- Sanitize test scripts: replace dragons-at-work.de with example.com
- Sanitize API keys: replace dev keys with placeholder values
- Remove hardcoded DAW fallbacks from http_server.lua and smtp.lua
- Update .gitignore to exclude production-specific test files

Tests remain functional for developers with example domains.
All internal DAW infrastructure details removed from package.

Closes #101

.gitignore

@@ -68,3 +68,4 @@ config.production.lua
 
 config/furt.conf
 
+scripts/production_test_sequence.sh

.version_history

@@ -24,3 +24,4 @@ a670de0f,25a709e,feature/pid-file-service-management,2025-09-05T20:30:13Z,michae
 a670de0f,59f372f,feature/pid-file-service-management,2025-09-07T14:58:01Z,michael,git,lua-api
 a670de0f,683d6e5,fix/validate-config-posix-regex,2025-09-07T16:00:48Z,michael,git,lua-api
 a670de0f,24bd94d,feature/systemd-hardening,2025-09-07T16:40:47Z,michael,git,lua-api
+4ee95dbc,08b49d3,security/sanitize-test-scripts,2025-09-07T19:25:38Z,michael,git,lua-api

scripts/manual_mail_test.sh

@@ -4,11 +4,11 @@
 echo "Testing SMTP with corrected JSON..."
 
 # Simple test without timestamp embedding
-curl -X POST http://127.0.0.1:8080/v1/mail/send \
+curl -X POST http://127.0.0.1:7811/v1/mail/send \
      -H "Content-Type: application/json" \
      -d '{
        "name": "Furt Test User",
-       "email": "michael@dragons-at-work.de",
+       "email": "admin@example.com",
        "subject": "Furt SMTP Test Success!",
        "message": "This is a test email from Furt Lua HTTP-Server. SMTP Integration working!"
      }'

scripts/production_test_sequence.sh

@@ -1,80 +0,0 @@
-#!/bin/bash
-# Production Test für api.dragons-at-work.de
-
-echo "Testing Production API via Apache Proxy"
-echo "======================================="
-
-# Test 1: HTTPS Health Check
-echo ""
-echo "[1] Testing HTTPS Health Check..."
-https_health=$(curl -s https://api.dragons-at-work.de/health)
-echo "HTTPS Response: $https_health"
-
-if echo "$https_health" | grep -q "healthy"; then
-    echo "[OK] HTTPS Proxy working"
-else
-    echo "[ERROR] HTTPS Proxy failed"
-    exit 1
-fi
-
-# Test 2: SMTP Status via HTTPS
-echo ""
-echo "[2] Testing SMTP Configuration via HTTPS..."
-if echo "$https_health" | grep -q '"smtp_configured":true'; then
-    echo "[OK] SMTP configured and accessible via HTTPS"
-else
-    echo "[ERROR] SMTP not configured or not accessible"
-fi
-
-# Test 3: CORS Headers
-echo ""
-echo "[3] Testing CORS Headers..."
-cors_test=$(curl -s -I https://api.dragons-at-work.de/health | grep -i "access-control")
-if [ -n "$cors_test" ]; then
-    echo "[OK] CORS headers present: $cors_test"
-else
-    echo "[WARN] CORS headers missing - add to Apache config"
-fi
-
-# Test 4: Production Mail Test  
-echo ""
-echo "[4] Testing Production Mail via HTTPS..."
-echo "WARNING: This sends real email via production API"
-read -p "Continue with production mail test? (y/N): " -n 1 -r
-echo
-
-if [[ $REPLY =~ ^[Yy]$ ]]; then
-    echo "Sending production test email..."
-    
-    prod_mail_response=$(curl -s -X POST https://api.dragons-at-work.de/v1/mail/send \
-        -H "Content-Type: application/json" \
-        -d '{
-            "name": "Production Test",
-            "email": "test@dragons-at-work.de",
-            "subject": "Production API Test - Apache Proxy Success!",
-            "message": "This email was sent via the production API at api.dragons-at-work.de through Apache proxy to Furt-Lua backend. HTTPS integration working!"
-        }')
-    
-    echo "Production Response: $prod_mail_response"
-    
-    if echo "$prod_mail_response" | grep -q '"success":true'; then
-        echo "[OK] PRODUCTION MAIL SENT VIA HTTPS!"
-        echo "Check admin@dragons-at-work.de for delivery confirmation"
-    else
-        echo "[ERROR] Production mail failed"
-    fi
-else
-    echo "Skipping production mail test"
-fi
-
-# Test 5: Security Headers
-echo ""
-echo "[5] Testing Security Headers..."
-security_headers=$(curl -s -I https://api.dragons-at-work.de/health)
-echo "Security Headers:"
-echo "$security_headers" | grep -i "x-content-type-options\|x-frame-options\|strict-transport"
-
-echo ""
-echo "Production Test Complete!"
-echo "========================"
-echo "Next: Hugo integration with https://api.dragons-at-work.de/v1/mail/send"

scripts/setup_env.sh

@@ -1,101 +0,0 @@
-#!/bin/bash
-# furt-lua/scripts/setup_env.sh
-# Add SMTP environment variables to existing .env (non-destructive)
-
-set -e
-
-# Colors for output
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-RED='\033[0;31m'
-NC='\033[0m' # No Color
-
-echo -e "${GREEN}=== Furt SMTP Environment Setup ===${NC}"
-
-# Navigate to furt project root
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
-ENV_FILE="$PROJECT_ROOT/.env"
-
-echo -e "${YELLOW}Project root:${NC} $PROJECT_ROOT"
-echo -e "${YELLOW}Environment file:${NC} $ENV_FILE"
-
-# Check if .env exists
-if [ ! -f "$ENV_FILE" ]; then
-    echo -e "${YELLOW}Creating new .env file...${NC}"
-    cat > "$ENV_FILE" << 'EOF'
-# Dragons@Work Project Environment Variables
-
-# Furt SMTP Configuration for mail.dragons-at-work.de
-SMTP_HOST="mail.dragons-at-work.de"
-SMTP_PORT="465"
-SMTP_USERNAME="your_email@dragons-at-work.de"
-SMTP_PASSWORD="your_smtp_password"
-SMTP_FROM="noreply@dragons-at-work.de"
-SMTP_TO="michael@dragons-at-work.de"
-EOF
-    echo -e "${GREEN}[OK] Created new .env file${NC}"
-    echo -e "${YELLOW}[EDIT] Please edit:${NC} nano $ENV_FILE"
-    exit 0
-fi
-
-echo -e "${GREEN}[OK] Found existing .env file${NC}"
-
-# Check if SMTP variables already exist
-smtp_username_exists=$(grep -c "^SMTP_USERNAME=" "$ENV_FILE" 2>/dev/null || echo "0")
-smtp_password_exists=$(grep -c "^SMTP_PASSWORD=" "$ENV_FILE" 2>/dev/null || echo "0")
-
-if [ "$smtp_username_exists" -gt 0 ] && [ "$smtp_password_exists" -gt 0 ]; then
-    echo -e "${GREEN}[OK] SMTP variables already configured${NC}"
-    
-    # Load and show current values
-    source "$ENV_FILE"
-    echo -e "${YELLOW}Current SMTP User:${NC} ${SMTP_USERNAME:-NOT_SET}"
-    echo -e "${YELLOW}Current SMTP Password:${NC} ${SMTP_PASSWORD:+[CONFIGURED]}${SMTP_PASSWORD:-NOT_SET}"
-    
-    echo ""
-    echo -e "${YELLOW}To update SMTP settings:${NC} nano $ENV_FILE"
-    exit 0
-fi
-
-# Add missing SMTP variables
-echo -e "${YELLOW}Adding SMTP configuration to existing .env...${NC}"
-
-# Add section header if not present
-if ! grep -q "SMTP_" "$ENV_FILE" 2>/dev/null; then
-    echo "" >> "$ENV_FILE"
-    echo "# Furt SMTP Configuration for mail.dragons-at-work.de" >> "$ENV_FILE"
-fi
-
-# Add username if missing
-if [ "$smtp_username_exists" -eq 0 ]; then
-    echo "SMTP_HOST=\"mail.dragons-at-work.de\"" >> "$ENV_FILE"
-    echo "SMTP_PORT=\"465\"" >> "$ENV_FILE"
-    echo "SMTP_USERNAME=\"your_email@dragons-at-work.de\"" >> "$ENV_FILE"
-    echo -e "${GREEN}[OK] Added SMTP_HOST, SMTP_PORT, SMTP_USERNAME${NC}"
-fi
-
-# Add password if missing
-if [ "$smtp_password_exists" -eq 0 ]; then
-    echo "SMTP_PASSWORD=\"your_smtp_password\"" >> "$ENV_FILE"
-    echo "SMTP_FROM=\"noreply@dragons-at-work.de\"" >> "$ENV_FILE"
-    echo "SMTP_TO=\"michael@dragons-at-work.de\"" >> "$ENV_FILE"
-    echo -e "${GREEN}[OK] Added SMTP_PASSWORD, SMTP_FROM, SMTP_TO${NC}"
-fi
-
-echo -e "${GREEN}[OK] SMTP configuration added to .env${NC}"
-echo ""
-echo -e "${YELLOW}Next steps:${NC}"
-echo "1. Edit SMTP credentials: nano $ENV_FILE"
-echo "2. Set your actual email@dragons-at-work.de in SMTP_USERNAME"
-echo "3. Set your actual SMTP password in SMTP_PASSWORD"
-echo "4. Test with: ./scripts/start.sh"
-
-echo ""
-echo -e "${YELLOW}Current .env content:${NC}"
-echo "==================="
-cat "$ENV_FILE"
-echo "==================="
-echo ""
-echo -e "${GREEN}Ready for SMTP testing!${NC}"
-

scripts/stress_test.sh

@@ -4,7 +4,7 @@
 
 BASE_URL="http://127.0.0.1:8080"
 # Use correct API keys that match current .env
-API_KEY="hugo-dev-key-change-in-production"
+API_KEY="YOUR_API_KEY_HERE"
 
 echo "⚡ Furt API Stress Test"
 echo "======================"

scripts/test_auth.sh

@@ -3,8 +3,8 @@
 # Test API-Key-Authentifizierung (ohne jq parse errors)
 
 BASE_URL="http://127.0.0.1:8080"
-HUGO_API_KEY="hugo-dev-key-change-in-production"
-ADMIN_API_KEY="admin-dev-key-change-in-production"
+HUGO_API_KEY="YOUR_API_KEY_HERE"
+ADMIN_API_KEY="YOUR_ADMIN_KEY_HERE"
 INVALID_API_KEY="invalid-key-should-fail"
 
 echo "🔐 Testing Furt API-Key Authentication"

scripts/test_modular.sh

@@ -3,7 +3,7 @@
 # Test der modularen Furt-Architektur
 
 BASE_URL="http://127.0.0.1:8080"
-HUGO_API_KEY="hugo-dev-key-change-in-production"
+HUGO_API_KEY="YOUR_API_KEY_HERE"
 
 echo "🧩 Testing Modular Furt Architecture"
 echo "===================================="

scripts/test_smtp.sh

@@ -54,7 +54,7 @@ fi
 # Test 4: Valid Mail Request (REAL SMTP TEST)
 echo ""
 echo "[4] Testing REAL mail sending..."
-echo "WARNING: This will send a real email to michael@dragons-at-work.de"
+echo "WARNING: This will send a real email to admin@example.com"
 read -p "Continue with real mail test? (y/N): " -n 1 -r
 echo
 
@@ -65,7 +65,7 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
         -H "Content-Type: application/json" \
         -d '{
             "name": "Furt Test User",
-            "email": "test@dragons-at-work.de", 
+            "email": "test@example.com",
             "subject": "Furt SMTP Test - Week 2 Success!",
             "message": "This is a test email from the Furt Lua HTTP-Server.\n\nSMTP Integration is working!\n\nTimestamp: '$(date)'\nServer: furt-lua v1.0"
         }')
@@ -75,7 +75,7 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
     # Check for success
     if echo "$mail_response" | grep -q '"success":true'; then
         echo "[OK] MAIL SENT SUCCESSFULLY!"
-        echo "Check michael@dragons-at-work.de inbox"
+        echo "Check admin@example.com inbox"
 
         # Extract request ID
         request_id=$(echo "$mail_response" | grep -o '"request_id":"[^"]*"' | cut -d'"' -f4)

src/http_server.lua

@@ -91,9 +91,7 @@ end
 function FurtServer:add_cors_headers(request)
     local allowed_origins = config.cors and config.cors.allowed_origins or {
         "http://localhost:1313",
-        "http://127.0.0.1:1313",
-        "https://dragons-at-work.de",
-        "https://www.dragons-at-work.de"
+        "http://127.0.0.1:1313"
     }
 
     -- Check if request has Origin header

src/smtp.lua

@@ -95,11 +95,11 @@ end
 -- Create SMTP instance
 function SMTP:new(config)
     local instance = {
-        server = config.smtp_server or "mail.dragons-at-work.de",
-        port = config.smtp_port or 465,
+        server = config.smtp_server,
+        port = config.smtp_port,
         username = config.username,
         password = config.password,
-        from_address = config.from_address or "noreply@dragons-at-work.de",
+        from_address = config.from_address,
         use_ssl = config.use_ssl or true,
         debug = config.debug or false,
         ssl_compat = SSLCompat