diff --git a/.gitleaksignore b/.gitleaksignore new file mode 100644 index 0000000..2cfaaaa --- /dev/null +++ b/.gitleaksignore @@ -0,0 +1,48 @@ +# gitleaks ignore — documented false positives +# +# Each line below is a gitleaks fingerprint for a finding that has been +# manually reviewed and confirmed to be a documentation placeholder, test +# constant, env-clearing call, or example-snippet — NOT a real secret. +# +# Filed: Mantis #325. Reviewer: argus + athena. 2026-04-25. +# +# Format per gitleaks: ::: +# The file is anchored to per-commit fingerprints so a future legitimate +# leak in the same file/rule will still be caught. +# +# Why ignore: +# - php/docs/api-keys.md — curl example with placeholder Bearer +# - php/View/Blade/admin/api-key-manager.blade.php — curl example +# - php/tests/Unit/ClaudeServiceTest.php — 'test-api-key' literal in tests +# - php/tests/Feature/AgentApiKeyTest.php — 'ak_test_key_*' test fixture +# - php/Services/AgentDetection.php — docblock example string +# - pkg/agentic/prep_test.go — t.Setenv("CORE_BRAIN_KEY", "") env-clear +# - pkg/orchestrator/security_test.go — MaskToken test fixture +# - src/php/* — older copies of the same files (pre-Burst migration) + +# pkg/agentic/prep_test.go (CORE_BRAIN_KEY env-clear) +4fe1bf0aff66653a28625adde7df28f9b0b292ab:pkg/agentic/prep_test.go:generic-api-key:151 +726a384873dd17e1fb413fb8db9c8e63dd09b826:pkg/agentic/prep_test.go:generic-api-key:151 +da6d6cfa1a6e800364e576087524191e141b41d0:pkg/agentic/prep_test.go:generic-api-key:151 + +# pkg/orchestrator/security_test.go (MaskToken test fixture) +e90a84eaa01dccb9cbf5548bf057745eafa54243:pkg/orchestrator/security_test.go:generic-api-key:107 + +# php/* placeholders + test fixtures — current path +e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/docs/api-keys.md:curl-auth-header:239 +e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/View/Blade/admin/api-key-manager.blade.php:curl-auth-header:151 +e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/tests/Unit/ClaudeServiceTest.php:generic-api-key:33 +e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/tests/Feature/AgentApiKeyTest.php:generic-api-key:892 +e58986a3b4e6bef381b3d436c16e1dbb2262aa5a:php/Services/AgentDetection.php:generic-api-key:272 +ecd47fe3db0a057fcbca69b3e116f593336093dd:php/docs/api-keys.md:curl-auth-header:239 +ecd47fe3db0a057fcbca69b3e116f593336093dd:php/View/Blade/admin/api-key-manager.blade.php:curl-auth-header:151 +ecd47fe3db0a057fcbca69b3e116f593336093dd:php/tests/Unit/ClaudeServiceTest.php:generic-api-key:33 +ecd47fe3db0a057fcbca69b3e116f593336093dd:php/tests/Feature/AgentApiKeyTest.php:generic-api-key:892 +ecd47fe3db0a057fcbca69b3e116f593336093dd:php/Services/AgentDetection.php:generic-api-key:272 + +# src/php/* — older path before pkg-rename (kept as historical fingerprints) +e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/docs/api-keys.md:curl-auth-header:239 +e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/View/Blade/admin/api-key-manager.blade.php:curl-auth-header:151 +e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/tests/Unit/ClaudeServiceTest.php:generic-api-key:33 +e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/tests/Feature/AgentApiKeyTest.php:generic-api-key:892 +e2d1d3266fe6af4f52ba88ba7b02583d9ad73d3b:src/php/Services/AgentDetection.php:generic-api-key:272