From 88f22a32192bb242131bca7061c20fa4d35df7b4 Mon Sep 17 00:00:00 2001 From: JacobPEvans <20714140+JacobPEvans-personal@users.noreply.github.com> Date: Sun, 31 May 2026 13:37:44 -0400 Subject: [PATCH] docs(ai-development): note secret-scanning hook and rule Mirror the multi-layer secret-prevention work into the descriptive docs: - claude-code-plugins: hooks now include secret guards (content-guards secret-guard). - ai-assistant-instructions: note the secret-scanning rule + SENSITIVE_DENYLIST contract. Refs: dryvist/claude-code-plugins#338, dryvist/ai-assistant-instructions#663, dryvist/terraform-proxmox#339 Assisted-by: Claude:claude-opus-4-8 --- ai-development/ai-assistant-instructions.mdx | 1 + ai-development/claude-code-plugins.mdx | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ai-development/ai-assistant-instructions.mdx b/ai-development/ai-assistant-instructions.mdx index 2960b9e..1f7f946 100644 --- a/ai-development/ai-assistant-instructions.mdx +++ b/ai-development/ai-assistant-instructions.mdx @@ -18,6 +18,7 @@ import { RepoMeta, RepoFit } from "/snippets/repo-summary.mdx"; - Owns the **model-routing policy** — when to reach for Claude vs Gemini vs Copilot vs local MLX - Owns the **tool-use rules** — Read over `cat`, Edit over `sed`, Bash for shell-only - Owns AI-runtime concerns: skill execution semantics, subagent typing, Nix tool policy, Bifrost-routing details +- Owns the **secret-scanning rule** — the `SENSITIVE_DENYLIST` contract and the multi-layer gate that keeps real homelab values (domains, internal IPs, node and pool names) out of public repos - Symlinks the canonical files into every consuming repo via Nix or a `direnv` hook Cross-repo writing standards that humans also need to read — commit conventions, no-scripts, diagramming, CI/CD policy, Terraform check placement, Nix package placement, scrubbed values — live on this docs site. See [Conventions](/conventions/overview) for the full set. diff --git a/ai-development/claude-code-plugins.mdx b/ai-development/claude-code-plugins.mdx index c665fe3..d26ebaa 100644 --- a/ai-development/claude-code-plugins.mdx +++ b/ai-development/claude-code-plugins.mdx @@ -27,7 +27,7 @@ import { RepoMeta, RepoFit } from "/snippets/repo-summary.mdx"; | **Commands** | `/ship`, `/finalize-pr`, `/wrap-up`, `/retrospecting` | | **Skills** | `receiving-code-review`, `resolve-pr-threads`, `finalize-pr` | | **Agents** | Explore, Plan, code-reviewer | -| **Hooks** | Style guards, permission gates | +| **Hooks** | Style guards, permission gates, secret guards | Reads rules from [Assistant rules](/ai-development/ai-assistant-instructions); installs into Claude Code via its plugin loader.