chore(security): add .gitleaksignore for 18 documented false-positives
Closes Mantis #325 (agent portion). Each fingerprint listed is a documentation placeholder, test constant, or env-clearing call manually verified to be safe — not a real secret. The fingerprint format anchors per-commit so a future legitimate leak in the same file/rule will still be caught. Categories: - pkg/agentic/prep_test.go — t.Setenv("CORE_BRAIN_KEY", "") env-clear - pkg/orchestrator/security_test.go — MaskToken test fixture - php/docs/api-keys.md — curl-auth-header documentation example - php/View/Blade/admin/api-key-manager.blade.php — same - php/tests/Unit/ClaudeServiceTest.php — 'test-api-key' literal - php/tests/Feature/AgentApiKeyTest.php — 'ak_test_key_*' fixture - php/Services/AgentDetection.php — docblock example - src/php/* — older path of same files (pre-migration commits) Verification: gitleaks detect → 19 → 0 findings. Co-Authored-By: Argus <argus@lthn.ai> Co-Authored-By: Athena <athena@lthn.ai> Co-Authored-By: Virgil <virgil@lethean.io>
This commit is contained in:
Snider
parent
ba8de0c0bb
commit
93c57fd487
1 changed files with 48 additions and 0 deletions
48
.gitleaksignore
Normal file
48
.gitleaksignore
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
# gitleaks ignore — documented false positives
|
||||
#
|
||||
# Each line below is a gitleaks fingerprint for a finding that has been
|
||||
# manually reviewed and confirmed to be a documentation placeholder, test
|
||||
# constant, env-clearing call, or example-snippet — NOT a real secret.
|
||||
#
|
||||
# Filed: Mantis #325. Reviewer: argus + athena. 2026-04-25.
|
||||
#
|
||||
# Format per gitleaks: <commit_sha>:<file>:<rule>:<line>
|
||||
# The file is anchored to per-commit fingerprints so a future legitimate
|
||||
# leak in the same file/rule will still be caught.
|
||||
#
|
||||
# Why ignore:
|
||||
# - php/docs/api-keys.md — curl example with placeholder Bearer
|
||||
# - php/View/Blade/admin/api-key-manager.blade.php — curl example
|
||||
# - php/tests/Unit/ClaudeServiceTest.php — 'test-api-key' literal in tests
|
||||
# - php/tests/Feature/AgentApiKeyTest.php — 'ak_test_key_*' test fixture
|
||||
# - php/Services/AgentDetection.php — docblock example string
|
||||
# - pkg/agentic/prep_test.go — t.Setenv("CORE_BRAIN_KEY", "") env-clear
|
||||
# - pkg/orchestrator/security_test.go — MaskToken test fixture
|
||||
# - src/php/* — older copies of the same files (pre-Burst migration)
|
||||
|
||||
# pkg/agentic/prep_test.go (CORE_BRAIN_KEY env-clear)
|
||||
4fe1bf0aff66653a28625adde7df28f9b0b292ab:pkg/agentic/prep_test.go:generic-api-key:151
|
||||
726a384873dd17e1fb413fb8db9c8e63dd09b826:pkg/agentic/prep_test.go:generic-api-key:151
|
||||
da6d6cfa1a6e800364e576087524191e141b41d0:pkg/agentic/prep_test.go:generic-api-key:151
|
||||
|
||||
# pkg/orchestrator/security_test.go (MaskToken test fixture)
|
||||
e90a84eaa01dccb9cbf5548bf057745eafa54243:pkg/orchestrator/security_test.go:generic-api-key:107
|
||||
|
||||
# php/* placeholders + test fixtures — current path
|
||||
e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/docs/api-keys.md:curl-auth-header:239
|
||||
e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/View/Blade/admin/api-key-manager.blade.php:curl-auth-header:151
|
||||
e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/tests/Unit/ClaudeServiceTest.php:generic-api-key:33
|
||||
e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/tests/Feature/AgentApiKeyTest.php:generic-api-key:892
|
||||
e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/Services/AgentDetection.php:generic-api-key:272
|
||||
ecd47fe3db0a057fcbca69b3e116f593336093dd:php/docs/api-keys.md:curl-auth-header:239
|
||||
ecd47fe3db0a057fcbca69b3e116f593336093dd:php/View/Blade/admin/api-key-manager.blade.php:curl-auth-header:151
|
||||
ecd47fe3db0a057fcbca69b3e116f593336093dd:php/tests/Unit/ClaudeServiceTest.php:generic-api-key:33
|
||||
ecd47fe3db0a057fcbca69b3e116f593336093dd:php/tests/Feature/AgentApiKeyTest.php:generic-api-key:892
|
||||
ecd47fe3db0a057fcbca69b3e116f593336093dd:php/Services/AgentDetection.php:generic-api-key:272
|
||||
|
||||
# src/php/* — older path before pkg-rename (kept as historical fingerprints)
|
||||
e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/docs/api-keys.md:curl-auth-header:239
|
||||
e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/View/Blade/admin/api-key-manager.blade.php:curl-auth-header:151
|
||||
e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/tests/Unit/ClaudeServiceTest.php:generic-api-key:33
|
||||
e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/tests/Feature/AgentApiKeyTest.php:generic-api-key:892
|
||||
e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/Services/AgentDetection.php:generic-api-key:272
|
||||
Loading…
Add table
Reference in a new issue