From 4e04c59df30deb246dc28d20b7378fb1c676d825 Mon Sep 17 00:00:00 2001 From: bcode Date: Tue, 12 May 2026 03:23:35 +0000 Subject: [PATCH 1/2] chore: ignore http-recorder test fixtures in GitGuardian scans The package contains intentionally-fake API-key-shaped strings used as fixtures asserting the http-recorder's secretFindings() redaction logic. Mirrors .gitleaksignore for the GitGuardian scanner. @opencode-ai/http-recorder is upstream-only dev/test code; not a dependency of any shipped package. --- .gitguardian.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .gitguardian.yaml diff --git a/.gitguardian.yaml b/.gitguardian.yaml new file mode 100644 index 000000000..e9b666426 --- /dev/null +++ b/.gitguardian.yaml @@ -0,0 +1,14 @@ +# GitGuardian config — https://docs.gitguardian.com/internal-repositories-monitoring/integrations/source-code-managers/github +# +# We mirror `.gitleaksignore` here. Both files exist because gitleaks and +# GitGuardian are separate scanners with their own ignore mechanisms. +# +# The `packages/http-recorder/test/record-replay.test.ts` file contains +# intentionally-fake API-key-shaped strings used as fixtures asserting the +# http-recorder's `secretFindings()` redaction logic works. The fixtures +# are not real credentials and the package (`@opencode-ai/http-recorder`) +# is upstream-only dev/test code — not a dependency of anything we ship +# (`browsercode-core`, `bcode-browser`, `bcode-laminar`). +version: 2 +paths-ignore: + - "packages/http-recorder/test/**" From 12501e96cb2e29da52b47a9bfc0bbfbb3e4a4c05 Mon Sep 17 00:00:00 2001 From: bcode Date: Tue, 12 May 2026 03:27:02 +0000 Subject: [PATCH 2/2] chore: scope GitGuardian ignore to the specific fixture file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR feedback: ignoring the whole packages/http-recorder/test/** directory is too broad — a future real leak in fixtures/recordings/ would be missed. Narrow to the single record-replay.test.ts file that contains the intentional API-key-shaped fixtures. --- .gitguardian.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitguardian.yaml b/.gitguardian.yaml index e9b666426..9f47eda01 100644 --- a/.gitguardian.yaml +++ b/.gitguardian.yaml @@ -11,4 +11,4 @@ # (`browsercode-core`, `bcode-browser`, `bcode-laminar`). version: 2 paths-ignore: - - "packages/http-recorder/test/**" + - "packages/http-recorder/test/record-replay.test.ts"