2026-04-25 — HF_TOKEN rotation

What changed

The HF_TOKEN that surfaced as the leaked value in PR #631 (filed as SSOT-10 / #654, P2 private-repo hygiene) has been rotated on EC2. Repo-tracked files (voice/.env.example, voice/docker-compose.yml) continue to reference HF_TOKEN by name without value, consistent with the canonical-path work in PR-B #681.

Why

#654 was scoped as private-repo hygiene rather than incident response: the leaked token had gated-model-read access only, and the audience was the trusted collaborator list of a private repo. Rotation, not history scrub, was sufficient mitigation per the issue's decision matrix. This entry closes the audit loop.

Scope

Operational only. No source-tree change beyond this changelog entry — the rotation happened on EC2 at /home/ubuntu/fragjulia/voice/.env (mode 600). The previous .env was backed up out-of-band; the intermediate token-handoff file was shredded.

Verification

voice-agent restarted, reported healthy within 30 s, registered a fresh LiveKit worker, and shows no auth failures in logs. This effectively passes #670 Success Probe #2 at the consumption-path level. The formal docker exec voice-agent huggingface-cli whoami probe is still recommended before R-10 closes.

Convention captured

Token value, prefix, length, scopes, and character-level identifying detail are intentionally omitted from this entry. Per the issue body's request: "neutral summary — no scopes, no identifying token characters, no timing detail that would help an attacker." Future rotation changelog entries should follow the same shape.

Follow-ups

• Formal huggingface-cli whoami probe under #670 Success Probe #2 (ties into R-10 final close).
• Scrub-vs-accept on PR #631 history (#654 step 6) defaulted to Accept; no further git-history action planned.