chore: ignore local agent artifacts#17
Conversation
Suppress 16 false-positive findings from the Five-Gates adversarial corpus (intentional fake JWT secrets and attack tokens, not real credentials). Downstream users running gitleaks against this toolkit will no longer trip on the bundled security-test inputs.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5289565aca
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| paths = [ | ||
| '''evals/quality/tasks\.py''', | ||
| '''tests/adversarial/injection_corpus\.jsonl''', | ||
| '''tests/gates/test_gate_safety\.py''', | ||
| ] |
There was a problem hiding this comment.
Because this is a global Gitleaks path allowlist, every finding in these matched files is suppressed, not just the known fake JWT/test corpus values. In the scenario where a real API key or token is accidentally added later to evals/quality/tasks.py, tests/adversarial/injection_corpus.jsonl, or tests/gates/test_gate_safety.py, the scanner will stay silent even though SECURITY.md says secrets must never be hardcoded; prefer line/fingerprint-specific ignores or regexes for the intentional fixtures.
Useful? React with 👍 / 👎.
1 participant
Summary
.gitignore.Verification
git diff --check-> passedNotes