diff --git a/.codemie/claude.extension.json b/.codemie/claude.extension.json index 1b7234e4..887b6b59 100644 --- a/.codemie/claude.extension.json +++ b/.codemie/claude.extension.json @@ -1,4 +1,4 @@ { - "version": "1.0.6", - "installedAt": "2026-02-06T16:36:05.246Z" + "version": "1.0.14", + "installedAt": "2026-03-25T14:06:12.886Z" } diff --git a/.gitleaks.toml b/.gitleaks.toml deleted file mode 100644 index ad25ff4f..00000000 --- a/.gitleaks.toml +++ /dev/null @@ -1,11 +0,0 @@ -# Gitleaks configuration -# https://github.com/gitleaks/gitleaks - -title = "Gitleaks Configuration" - -[allowlist] -description = "Allowlist for known false positives" -paths = [ - # Generated build artifacts - '''build/''', -] diff --git a/.husky/pre-commit b/.husky/pre-commit index 53b4cf12..fd30c7e3 100644 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -1,21 +1,2 @@ npm run check:pre-commit - -# Check for secrets (only if Docker daemon is running) -if command -v docker >/dev/null 2>&1 && docker info >/dev/null 2>&1; then - echo "Checking for secrets with Gitleaks..." - npm run secrets:check || { - echo "Secrets detected! Please remove sensitive data before committing." - exit 1 - } -else - if command -v colima >/dev/null 2>&1; then - echo "Docker daemon not running - Colima is installed" - echo "Run 'colima start' to enable secrets detection locally" - elif command -v podman >/dev/null 2>&1; then - echo "Docker daemon not running - Podman is installed" - echo "Run 'podman machine start' to enable secrets detection locally" - else - echo "Docker not available - skipping secrets detection" - echo "Install Docker to enable local secrets scanning" - fi -fi +npm run secrets:check diff --git a/cspell.config.yaml b/cspell.config.yaml index 021d8e1d..5a3b8f61 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -202,6 +202,7 @@ words: - phpt - rhtml # Shell commands, utilities and variables + - orbstack - pwgen - bcrypt - urandom diff --git a/faq/how-to-pass-tool-specific-credentials-in-api-requests.md b/faq/how-to-pass-tool-specific-credentials-in-api-requests.md index c077e00a..1086b09b 100644 --- a/faq/how-to-pass-tool-specific-credentials-in-api-requests.md +++ b/faq/how-to-pass-tool-specific-credentials-in-api-requests.md @@ -49,7 +49,7 @@ curl -X 'POST' \ 'http://localhost:8080/v1/assistants/{assistant_id}/model' \ -H 'accept: application/json' \ -H 'user-id: example-user' \ - -H 'Authorization: Bearer example-token' \ + -H 'Authorization: Bearer ' \ -H 'Content-Type: application/json' \ -d '{ "text": "Show my current Jira tickets", diff --git a/package.json b/package.json index 996abeaa..a537bc31 100644 --- a/package.json +++ b/package.json @@ -21,8 +21,8 @@ "format:eslint": "eslint . --fix", "format:prettier": "prettier --write .", "typecheck": "tsc --noEmit", - "secrets:check": "docker run --rm -v \"$(pwd):/path\" ghcr.io/gitleaks/gitleaks:v8.30.1 detect --source=\"/path\" --verbose --no-git", - "secrets:check-git": "docker run --rm -v \"$(pwd):/path\" ghcr.io/gitleaks/gitleaks:v8.30.1 detect --source=\"/path\" --verbose", + "secrets:check": "sh scripts/secrets-check.sh", + "secrets:check-git": "sh scripts/secrets-check.sh --git", "commitlint": "commitlint --edit", "commitlint:last": "commitlint --from HEAD~1 --to HEAD --verbose", "commitlint:test": "commitlint --verbose", diff --git a/scripts/secrets-check.sh b/scripts/secrets-check.sh new file mode 100755 index 00000000..82cbfc49 --- /dev/null +++ b/scripts/secrets-check.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# Secrets detection using Gitleaks via Docker or Podman. +# Usage: +# scripts/secrets-check.sh # scan staged files +# scripts/secrets-check.sh --git # scan full git history + +GITLEAKS_IMAGE="ghcr.io/gitleaks/gitleaks:v8.30.1" +CONTAINER_ENGINE=$(command -v docker 2>/dev/null || command -v podman 2>/dev/null) + +if [[ -z "$CONTAINER_ENGINE" ]]; then + echo "No suitable container engine found - skipping secrets detection" + echo "Install Docker to enable local secrets scanning" + exit 1 +fi + +if ! $CONTAINER_ENGINE info >/dev/null 2>&1; then + if command -v colima >/dev/null 2>&1; then + echo "Docker daemon not running - Colima is installed" + echo "Run 'colima start' to enable secrets detection locally" + elif command -v podman >/dev/null 2>&1; then + echo "Docker daemon not running - Podman is installed" + echo "Run 'podman machine start' to enable secrets detection locally" + elif command -v orbstack >/dev/null 2>&1; then + echo "Docker daemon not running - OrbStack is installed" + echo "Start OrbStack to enable secrets detection locally" + else + echo "Container engine found but daemon is not running" + fi + exit 1 +fi + +echo "Checking for secrets with Gitleaks..." + +if [[ "$1" == "--git" ]]; then + $CONTAINER_ENGINE run --rm -v "$(pwd):/path" "$GITLEAKS_IMAGE" git --no-banner --verbose /path +else + $CONTAINER_ENGINE run --rm -v "$(pwd):/path" "$GITLEAKS_IMAGE" dir --no-banner --verbose /path +fi + +if [[ $? -ne 0 ]]; then + echo "Secrets detected! Please remove sensitive data before committing." + exit 1 +fi