Part of the fleet milestone (#1 §4).
Gap
No secret-leak check on ledger/PR content. dev-ledger/*.jsonl and PR bodies are
free-text (detail, data); nothing scans them before commit/push. Low risk
today (no tool touches real credentials) but a cheap tripwire is worth having
before MyCoder starts writing arbitrary diffs.
Do
Acceptance
A planted fake secret in a ledger entry or PR body is caught locally and in CI.
Part of the fleet milestone (#1 §4).
Gap
No secret-leak check on ledger/PR content.
dev-ledger/*.jsonland PR bodies arefree-text (
detail,data); nothing scans them before commit/push. Low risktoday (no tool touches real credentials) but a cheap tripwire is worth having
before MyCoder starts writing arbitrary diffs.
Do
gitleaks-style pre-commit gate in the shared template.Acceptance
A planted fake secret in a ledger entry or PR body is caught locally and in CI.