fix(security): allow Feishu frontmatter tokens in gitleaks

Author: Noveris-Teams

.github/workflows/security-hardening.yml

@@ -26,6 +26,7 @@ jobs:
         uses: gitleaks/gitleaks-action@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_CONFIG: gitleaks.toml
 
   dependency-audit:
     name: Dependency Audit (high+)

gitleaks.toml

@@ -0,0 +1,14 @@
+title = "Noveris-AI gitleaks config"
+
+[extend]
+useDefault = true
+
+[[rules]]
+id = "generic-api-key"
+
+[[rules.allowlists]]
+description = "Allow Feishu CMS document tokens stored in post frontmatter"
+regexTarget = "line"
+regexes = [
+  '''^feishuToken:\s*"[A-Za-z0-9_-]{20,}"\s*$'''
+]