Skip to content

safety: add a secret-leak check on ledger/PR content #9

Description

@lorenzoliuzzo

Part of the fleet milestone (#1 §4).

Gap

No secret-leak check on ledger/PR content. dev-ledger/*.jsonl and PR bodies are
free-text (detail, data); nothing scans them before commit/push. Low risk
today (no tool touches real credentials) but a cheap tripwire is worth having
before MyCoder starts writing arbitrary diffs.

Do

  • A cheap regex/gitleaks-style pre-commit gate in the shared template.
  • A CI check on PR diffs for the same patterns.

Acceptance

A planted fake secret in a ledger entry or PR body is caught locally and in CI.

Metadata

Metadata

Assignees

No one assigned

    Labels

    safetyFleet safety / process gap

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions