yunxiafei
89a243be70
Some checks are pending
CI / docs-scope (push) Waiting to run
CI / changed-scope (push) Blocked by required conditions
CI / build-artifacts (push) Blocked by required conditions
CI / release-check (push) Blocked by required conditions
CI / checks (pnpm canvas:a2ui:bundle && bunx vitest run --config vitest.unit.config.ts, bun, test) (push) Blocked by required conditions
CI / checks (pnpm canvas:a2ui:bundle && pnpm test, node, 2, 1, test) (push) Blocked by required conditions
CI / checks (pnpm canvas:a2ui:bundle && pnpm test, node, 2, 2, test) (push) Blocked by required conditions
CI / checks (pnpm protocol:check, node, protocol) (push) Blocked by required conditions
CI / checks (pnpm test:channels, node, channels) (push) Blocked by required conditions
CI / checks (pnpm test:extensions, node, extensions) (push) Blocked by required conditions
CI / check (push) Blocked by required conditions
CI / startup-memory (push) Blocked by required conditions
CI / check-docs (push) Blocked by required conditions
CI / compat-node22 (push) Blocked by required conditions
CI / skills-python (push) Blocked by required conditions
CI / secrets (push) Waiting to run
CI / checks-windows (pnpm test, node, 6, 1, test) (push) Blocked by required conditions
CI / checks-windows (pnpm test, node, 6, 2, test) (push) Blocked by required conditions
CI / checks-windows (pnpm test, node, 6, 3, test) (push) Blocked by required conditions
CI / checks-windows (pnpm test, node, 6, 4, test) (push) Blocked by required conditions
CI / checks-windows (pnpm test, node, 6, 5, test) (push) Blocked by required conditions
CI / checks-windows (pnpm test, node, 6, 6, test) (push) Blocked by required conditions
CI / macos (push) Blocked by required conditions
CI / ios (push) Waiting to run
CI / android (./gradlew --no-daemon :app:assembleDebug, build) (push) Blocked by required conditions
CI / android (./gradlew --no-daemon :app:testDebugUnitTest, test) (push) Blocked by required conditions
Docker Release / validate_manual_backfill (push) Waiting to run
Docker Release / approve_manual_backfill (push) Blocked by required conditions
Docker Release / build-amd64 (push) Blocked by required conditions
Docker Release / build-arm64 (push) Blocked by required conditions
Docker Release / create-manifest (push) Blocked by required conditions
Install Smoke / docs-scope (push) Waiting to run
Install Smoke / install-smoke (push) Blocked by required conditions
Sandbox Common Smoke / sandbox-common-smoke (push) Waiting to run
Workflow Sanity / no-tabs (push) Waiting to run
Workflow Sanity / actionlint (push) Waiting to run
Workflow Sanity / config-docs-drift (push) Waiting to run
46 lines
2.3 KiB
INI
46 lines
2.3 KiB
INI
# detect-secrets exclusion patterns (regex)
|
|
#
|
|
# Note: detect-secrets does not read this file by default. If you want these
|
|
# applied, wire them into your scan command (e.g. translate to --exclude-files
|
|
# / --exclude-lines) or into a baseline's filters_used.
|
|
|
|
[exclude-files]
|
|
# pnpm lockfiles contain lots of high-entropy package integrity blobs.
|
|
pattern = (^|/)pnpm-lock\.yaml$
|
|
|
|
[exclude-lines]
|
|
# Fastlane checks for private key marker; not a real key.
|
|
pattern = key_content\.include\?\("BEGIN PRIVATE KEY"\)
|
|
# UI label string for Anthropic auth mode.
|
|
pattern = case \.apiKeyEnv: "API key \(env var\)"
|
|
# CodingKeys mapping uses apiKey literal.
|
|
pattern = case apikey = "apiKey"
|
|
# Schema labels referencing password fields (not actual secrets).
|
|
pattern = "gateway\.remote\.password"
|
|
pattern = "gateway\.auth\.password"
|
|
# Schema label for talk API key (label text only).
|
|
pattern = "talk\.apiKey"
|
|
# checking for typeof is not something we care about.
|
|
pattern = === "string"
|
|
# specific optional-chaining password check that didn't match the line above.
|
|
pattern = typeof remote\?\.password === "string"
|
|
# Docker apt signing key fingerprint constant; not a secret.
|
|
pattern = OPENCLAW_DOCKER_GPG_FINGERPRINT=
|
|
# Credential matrix metadata field in docs JSON; not a secret value.
|
|
pattern = "secretShape": "(secret_input|sibling_ref)"
|
|
# Docs line describing API key rotation knobs; not a credential.
|
|
pattern = API key rotation \(provider-specific\): set `\*_API_KEYS`
|
|
# Docs line describing remote password precedence; not a credential.
|
|
pattern = passw[o]rd: `OPENCLAW_GATEWAY_PASSW[O]RD` -> `gateway\.auth\.passw[o]rd` -> `gateway\.remote\.passw[o]rd`
|
|
pattern = passw[o]rd: `OPENCLAW_GATEWAY_PASSW[O]RD` -> `gateway\.remote\.passw[o]rd` -> `gateway\.auth\.passw[o]rd`
|
|
# Test fixture starts a multiline fake private key; detector should ignore the header line.
|
|
pattern = const key = `-----BEGIN PRIVATE KEY-----
|
|
# Docs examples: literal placeholder API key snippets and shell heredoc helper.
|
|
pattern = export CUSTOM_API_K[E]Y="your-key"
|
|
pattern = grep -q 'N[O]DE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache' ~/.bashrc \|\| cat >> ~/.bashrc <<'EOF'
|
|
pattern = env: \{ MISTRAL_API_K[E]Y: "sk-\.\.\." \},
|
|
pattern = "ap[i]Key": "xxxxx",
|
|
pattern = ap[i]Key: "A[I]za\.\.\.",
|
|
# Sparkle appcast signatures are release metadata, not credentials.
|
|
pattern = sparkle:edSignature="[A-Za-z0-9+/=]+"
|