9d739dfa5d
- All gsdDir/gsdRoot/gsdHome → sfDir/sfRootDir/sfHome - GSDWorkspace* → SFWorkspace* interfaces - bootstrapGsdProject → bootstrapProject - runGSDDoctor → runSFDoctor - GsdClient → SfClient, gsd-client.ts → sf-client.ts - .gsd/ → .sf/ in all tests, docs, docker, native, vscode - Auto-migration: headless detects .gsd/ → renames to .sf/ - Deleted gsd-phase-state.ts backward-compat re-export - Renamed bin/gsd-from-source → bin/sf-from-source - Updated mintlify docs, github workflows, docker configs
44 lines
1.3 KiB
Text
44 lines
1.3 KiB
Text
# .secretscanignore — patterns to exclude from secret scanning
|
|
#
|
|
# Format:
|
|
# filepath:regex — ignore matches of regex only in the given file
|
|
# regex — ignore matches of regex in all files
|
|
#
|
|
# Examples:
|
|
# tests/fixtures/fake-creds.json:AKIA.*
|
|
# EXAMPLE_KEY_DO_NOT_USE
|
|
# src/config.example.ts:password\s*=\s*"changeme"
|
|
|
|
# Secret scanner test file (contains intentional fake secrets as test inputs)
|
|
src/tests/secret-scan.test.ts:.*
|
|
|
|
# Test fixtures with dummy credentials
|
|
tests/*:AKIA_EXAMPLE
|
|
tests/*:test-secret-value
|
|
tests/*:fake[-_]?(password|secret|token|key)
|
|
|
|
# Web contract/integration test dummy API keys (not real secrets)
|
|
src/tests/integration/web-mode-assembled.test.ts:sk-assembled-test-key
|
|
src/tests/integration/web-mode-runtime-fixtures.ts:sk-runtime-recovery-secret
|
|
src/tests/web-onboarding-contract.test.ts:sk-test-secret
|
|
|
|
# Doctor environment tests use dummy localhost DB URLs
|
|
src/resources/extensions/sf/tests/doctor-environment.test.ts:postgres://localhost
|
|
|
|
|
|
# Documentation examples
|
|
*.md:AKIA[0-9A-Z]{16}
|
|
*.md:sk_(live|test)_
|
|
|
|
# Environment variable references (not actual values)
|
|
process\.env\.\w+
|
|
\$\{?\w+_KEY\}?
|
|
\$\{?\w+_SECRET\}?
|
|
\$\{?\w+_TOKEN\}?
|
|
|
|
# Placeholder/example values
|
|
changeme
|
|
your[-_]?api[-_]?key[-_]?here
|
|
REPLACE_ME
|
|
xxx+
|
|
TODO.*secret
|