core/go-agent
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
go-agent/codex/code/scripts/detect-secrets.sh
Snider 61e01bfdf1 feat: initial go-agent — agentci + jobrunner + plugins marketplace 
Consolidates three codebases into a single agent orchestration repo:

- agentci (from go-scm): Clotho dual-run verification, agent config,
  SSH security (sanitisation, secure commands, token masking)
- jobrunner (from go-scm): Poll-dispatch-report pipeline with 7 handlers
  (dispatch, completion, auto-merge, publish draft, dismiss reviews,
  send fix command, tick parent epic)
- plugins marketplace (from agentic/plugins): 27 Claude/Codex/Gemini
  plugins with shared MCP server

All 150+ tests passing across 6 packages.

Co-Authored-By: Virgil <virgil@lethean.io>
2026-02-21 15:47:19 +00:00

73 lines
1.7 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Patterns for detecting secrets
PATTERNS=(
# API keys (e.g., sk_live_..., ghp_..., etc.)
"[a-zA-Z0-9]{32,}"
# AWS keys
"AKIA[0-9A-Z]{16}"
# Private keys
"-----BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY-----"
# Passwords in config
"(password|passwd|pwd)\s*[=:]\s*['\"][^'\"]+['\"]"
# Tokens
"(token|secret|key)\s*[=:]\s*['\"][^'\"]+['\"]"
)
# Exceptions for fake secrets
EXCEPTIONS=(
"password123"
"your-api-key-here"
"xxx"
"test"
"example"
)
# File to check is passed as the first argument
FILE_PATH=$1
# Function to check for secrets
check_secrets() {
local input_source="$1"
local file_path="$2"
local line_num=0
while IFS= read -r line; do
line_num=$((line_num + 1))
for pattern in "${PATTERNS[@]}"; do
if echo "$line" | grep -qE "$pattern"; then
# Check for exceptions
is_exception=false
for exception in "${EXCEPTIONS[@]}"; do
if echo "$line" | grep -qF "$exception"; then
is_exception=true
break
fi
done
if [ "$is_exception" = false ]; then
echo "⚠️ Potential secret detected!"
echo "File: $file_path"
echo "Line: $line_num"
echo ""
echo "Found: $line"
echo ""
echo "This looks like a production secret."
echo "Use environment variables instead."
echo ""
# Propose a fix (example for a PHP config file)
if [[ "$file_path" == *.php ]]; then
echo "'stripe' => ["
echo " 'secret' => env('STRIPE_SECRET'), // ✓"
echo "]"
fi
exit 1
fi
fi
done
done < "$input_source"
}
check_secrets "/dev/stdin" "$FILE_PATH"
exit 0
Reference in a new issue View git blame Copy permalink