From 94869fcb903d936fd7779e9b7eb925cf8b5d21d7 Mon Sep 17 00:00:00 2001
From: Forge <kooshapari@gmail.com>
Date: Sat, 2 May 2026 05:12:55 -0700
Subject: [PATCH] chore: bootstrap .trufflehog.yml secrets scanning config

Adds Phenotype org standard TruffleHog v2 configuration for secrets
detection. Repo is Go (not Rust), so deny.toml not applicable.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .trufflehog.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 .trufflehog.yml

diff --git a/.trufflehog.yml b/.trufflehog.yml
new file mode 100644
index 0000000..0f4465e
--- /dev/null
+++ b/.trufflehog.yml
@@ -0,0 +1,25 @@
+# TruffleHog secrets scanning configuration
+# Phenotype org standard
+version: 2
+
+exclude:
+  paths:
+    - ".git/**"
+    - "target/**"
+    - "node_modules/**"
+    - "*.sum"
+    - "*.lock"
+    - ".venv/**"
+    - "__pycache__/**"
+    - ".next/**"
+
+include:
+  files:
+    - "*"
+
+rules:
+  - base64:
+      enabled: true
+      entropy: 0.7
+  - detected:
+      enabled: true