diff --git a/todo.md b/todo.md
index 6c0ed39..e69de29 100644
--- a/todo.md
+++ b/todo.md
@@ -1,76 +0,0 @@
-
-● Based on the infrastructure we built, here are the exact tasks to set up secrets in
-  Pulumi ESC:
-
-  1. Install Pulumi ESC CLI
-
-  curl -fsSL https://get.pulumi.com/esc/install.sh | sh
-  export PATH="$HOME/.pulumi/bin:$PATH"
-
-  2. Login to Pulumi
-
-  esc login
-
-  This will open a browser for authentication. You'll get a PULUMI_ACCESS_TOKEN - save
-  this for GitLab CI.
-
-  3. Create Production Environment
-
-  esc env init <your-org>/prod
-
-  Replace <your-org> with your Pulumi organization name.
-
-  4. Set All Required Secrets
-
-  # SSH Keys
-  esc env set <your-org>/prod SSH_PUBLIC_KEY "ssh-rsa AAAA..."
-  esc env set <your-org>/prod SSH_PRIVATE_KEY_PATH "/path/to/private/key"
-
-  # Hetzner
-  esc env set <your-org>/prod HETZNER_API_TOKEN "your-hetzner-token"
-
-  # Cloudflare R2 (for artifact storage)
-  esc env set <your-org>/prod R2_ACCESS_KEY_ID "your-r2-access-key"
-  esc env set <your-org>/prod R2_SECRET_ACCESS_KEY "your-r2-secret-key"
-  esc env set <your-org>/prod R2_ENDPOINT "account-id.r2.cloudflarestorage.com"
-  esc env set <your-org>/prod R2_ARTIFACTS_BUCKET "materia-artifacts"
-
-  # Cloudflare R2 Data Catalog (for Iceberg)
-  esc env set <your-org>/prod CLOUDFLARE_API_TOKEN "your-cf-api-token"
-  esc env set <your-org>/prod ICEBERG_REST_URI "https://api.cloudflare.com/client/v4/acco
-  unts/YOUR_ACCOUNT_ID/r2/buckets/YOUR_WAREHOUSE_BUCKET/iceberg"
-  esc env set <your-org>/prod R2_WAREHOUSE_NAME "materia"
-
-  5. Verify Secrets
-
-  esc env open <your-org>/prod --format shell
-
-  This shows all secrets as environment variables. You should see all the keys listed
-  above.
-
-  6. Test Locally
-
-  eval $(esc env open <your-org>/prod --format shell)
-  materia secrets list
-  materia secrets test
-
-  7. Configure GitLab CI
-
-  In your GitLab project settings → CI/CD → Variables, add:
-
-  - Key: PULUMI_ACCESS_TOKEN
-  - Value: (the token from step 2)
-  - Protected: Yes
-  - Masked: Yes
-
-  That's it! The CI/CD pipeline and materia CLI will automatically pull all other secrets
-   from ESC.
-
-  Where to Get Each Secret
-
-  - SSH Keys: Generate with ssh-keygen -t rsa -b 4096
-  - Hetzner API Token: https://console.hetzner.cloud/ → Project → Security → API Tokens
-  - R2 Credentials: Cloudflare Dashboard → R2 → Manage R2 API Tokens
-  - Cloudflare API Token: Cloudflare Dashboard → My Profile → API Tokens (needs R2
-  permissions)
-  - Iceberg REST URI: Format shown above - get account ID from Cloudflare dashboard URL