Test: validate push-sentinel action

[Pmaind]

Summary

• Adds a test file with fake AWS key and GitHub token to validate push-sentinel GitHub Action detection

Expected behavior

• Action should detect AKIAIOSFODNN7EXAMPLE as HIGH severity AWS Access Key
• Action should detect ghp_... as HIGH severity GitHub Token
• Action should post a PR comment with findings table
• Action should fail the check (block-on-high is true by default)

🤖 Generated with Claude Code

[github-actions]

🔒 push-sentinel: Potential secrets detected

Severity	Location	Pattern	Risk
🔴 HIGH	test-secret.js:2	AWS Access Key	Full access to AWS resources.
🔴 HIGH	test-secret.js:3	GitHub Token	Full read/write access to GitHub repositories.

Remove the secret or add to .push-sentinel-ignore to suppress.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e82cc92f98

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Remove committed secret fixture from tracked files

This committed literal matches a HIGH-severity secret pattern, so the repo’s push-sentinel workflow (.github/workflows/push-sentinel.yml) will fail this PR because the action defaults to blocking on HIGH findings; the action docs state PRs scan base..HEAD and block-on-high defaults to true. Keeping this fixture in normal tracked code turns the validation test into a merge blocker for any branch that includes this commit, so this should be moved to a non-scanned test mechanism (or removed) rather than committed as-is.

Useful? React with 👍 / 👎.