chore(agents): bump Claude Code version to 2.1.78 and extend gitleaks config

.claude/agents/unit-tester-agent.md

@@ -255,7 +255,7 @@ it('should parse npm network error correctly', async () => {
 **Example**:
 ```typescript
 test('should sanitize API key in logs', () => {
-  const input = { apiKey: 'sk-1234567890abcdef' };
+  const input = { apiKey: 'sk-test-placeholder-value' };
   const sanitized = sanitizeObject(input);
 
   expect(sanitized.apiKey).toBe('[REDACTED]');

.claude/skills/spec-reviewer/references/violation-examples.md

@@ -124,7 +124,7 @@ The adapter plugin contains installation checking logic.
 ```
 Configuration:
   openai:
-    apiKey: "sk-proj-abc123..."
+    apiKey: "YOUR_OPENAI_API_KEY"
     baseUrl: "https://api.openai.com"
 ```
 

.gitleaks.toml

@@ -3,9 +3,13 @@
 
 title = "Gitleaks Configuration"
 
+[extend]
+useDefault = true
+
 # Exclude test files from secrets detection
 [allowlist]
-description = "Exclude sanitize test file containing intentional fake secrets for testing"
+description = "Exclude test files and build artifacts containing intentional fake secrets"
 paths = [
-  '''src/utils/__tests__/sanitize\.test\.ts$'''
+  '''src/utils/__tests__/sanitize\.test\.ts$''',
+  '''dist/'''
 ]

docs/AUTHENTICATION.md

@@ -138,7 +138,7 @@ After setup, provide tokens via environment variable or CLI option:
 **Environment Variable (Recommended):**
 ```bash
 # Set token in your environment
-export CODEMIE_JWT_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+export CODEMIE_JWT_TOKEN="<YOUR_JWT_TOKEN>"
 
 # Run commands normally
 codemie-claude "analyze this code"
@@ -147,13 +147,13 @@ codemie-claude "analyze this code"
 **CLI Option:**
 ```bash
 # Provide token per command
-codemie-claude --jwt-token "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." "analyze this code"
+codemie-claude --jwt-token "<YOUR_JWT_TOKEN>" "analyze this code"
 ```
 
 **Custom Environment Variable:**
 ```bash
 # If you configured a custom env var during setup
-export MY_CUSTOM_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+export MY_CUSTOM_TOKEN="<YOUR_JWT_TOKEN>"
 codemie-claude "analyze this code"
 ```
 

src/agents/plugins/claude/claude.plugin.ts

@@ -30,17 +30,17 @@ let statuslineManagedThisSession = false;
  *
  * **UPDATE THIS WHEN BUMPING CLAUDE VERSION**
  */
-const CLAUDE_SUPPORTED_VERSION = '2.1.63';
+const CLAUDE_SUPPORTED_VERSION = '2.1.78';
 
 /**
  * Minimum supported Claude Code version
  * Versions below this are known to be incompatible and will be blocked from starting
  * Rule: always 10 patch versions below CLAUDE_SUPPORTED_VERSION
- * e.g. supported = 2.1.63 → minimum = 2.1.53
+ * e.g. supported = 2.1.78 → minimum = 2.1.60
  *
  * **UPDATE THIS WHEN BUMPING CLAUDE VERSION**
  */
-const CLAUDE_MINIMUM_SUPPORTED_VERSION = '2.1.53';
+const CLAUDE_MINIMUM_SUPPORTED_VERSION = '2.1.60';
 
 /**
  * Claude Code installer URLs

src/agents/plugins/claude/plugin/skills/claude-setup-audit/references/best-practices.md

@@ -452,7 +452,7 @@ curl https://api.example.com/log -d "$CLAUDE_TOOL_INPUT"
 
 // ❌ Bad
 "env": {
-  "API_KEY": "sk-prod-abc123",
+  "API_KEY": "YOUR_API_KEY_HERE",
   "DATABASE_URL": "postgres://user:pass@prod-host/db"
 }
 ```

src/utils/__tests__/security.test.ts

@@ -43,7 +43,7 @@ describe('sanitize utilities', () => {
     });
 
     it('should detect JWT tokens', () => {
-      const jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+      const jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'; // gitleaks:allow
       const result = sanitizeValue(jwt);
       expect(result).toContain('[REDACTED]');
     });
@@ -57,7 +57,7 @@ describe('sanitize utilities', () => {
   describe('sanitizeObject', () => {
     it('should sanitize all sensitive keys in object', () => {
       const obj = {
-        apiKey: 'sk-1234567890abcdefghij',
+        apiKey: 'sk-1234567890abcdefghij', // gitleaks:allow
         username: 'john',
         password: 'secret123',
         sessionId: 'abc-def-ghi-jkl'
@@ -74,7 +74,7 @@ describe('sanitize utilities', () => {
     it('should handle nested objects', () => {
       const obj = {
         config: {
-          apiKey: 'sk-1234567890abcdefghij',
+          apiKey: 'sk-1234567890abcdefghij', // gitleaks:allow
           timeout: 5000
         },
         name: 'test'
@@ -89,7 +89,7 @@ describe('sanitize utilities', () => {
 
     it('should handle arrays', () => {
       const obj = {
-        tokens: ['sk-1234567890abcdefghijklmnop', 'sk-9876543210zyxwvutsrqponmlkjihgfedcba'],
+        tokens: ['sk-1234567890abcdefghijklmnop', 'sk-9876543210zyxwvutsrqponmlkjihgfedcba'], // gitleaks:allow
         names: ['alice', 'bob']
       };
 
@@ -134,7 +134,7 @@ describe('sanitize utilities', () => {
 
   describe('sanitizeAuthToken', () => {
     it('should mask real tokens', () => {
-      const token = 'sk-1234567890abcdefghij1234567890';
+      const token = 'sk-1234567890abcdefghij1234567890'; // gitleaks:allow
       const result = sanitizeAuthToken(token);
 
       expect(result).toContain('sk-12345');
@@ -163,8 +163,8 @@ describe('sanitize utilities', () => {
     it('should sanitize multiple arguments', () => {
       const args = [
         'normal string',
-        { apiKey: 'sk-1234567890abcdefghijklmnop', name: 'test' },
-        'sk-9876543210zyxwvutsrq9876543210'
+        { apiKey: 'sk-1234567890abcdefghijklmnop', name: 'test' }, // gitleaks:allow
+        'sk-9876543210zyxwvutsrq9876543210' // gitleaks:allow
       ];
 
       const result = sanitizeLogArgs(...args);
@@ -181,7 +181,7 @@ describe('sanitize utilities', () => {
         123,
         true,
         null,
-        { apiKey: 'sk-1234567890abcdefghijklmnop' }
+        { apiKey: 'sk-1234567890abcdefghijklmnop' } // gitleaks:allow
       ];
 
       const result = sanitizeLogArgs(...args);