singularity/singularity-forge

Fork 0

Commit graph

Author	SHA1	Message	Date
Lex Christopherson	9f4bf8c452	fix: restore PR files lost during merge conflict resolution Files added by PR #2008 that were not in main were dropped during the merge. Restore all src/, docs/, and scripts/ files from the pre-merge PR head. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-25 22:39:33 -06:00
Jeremy McSpadden	9153506fba	chore(contrib): add CODEOWNERS and team workflow docs (#2286 ) * chore(contrib): add commit-msg hook, CODEOWNERS, team workflow docs - Extend install-hooks.sh with commit-msg hook that enforces Conventional Commits format on every commit - Add .github/CODEOWNERS mapping packages, CI, scripts, and security-sensitive files to @gsd-build/maintainers - CONTRIBUTING.md: add Branching and commits section with naming convention, commit format, and rebase guidance - CONTRIBUTING.md: add Working with GSD section covering mode: team, unique milestone IDs, and worktree isolation for multi-dev workflows - CONTRIBUTING.md: surface npm run secret-scan:install-hook in Local development with explanation of both hooks it installs - CONTRIBUTING.md: align AI disclosure section — no AI tool authorship in commits, Draft PR requirement for multi-phase agent work * chore: remove install-hooks.sh — local git hook installation is too intrusive for a contributor PR	2026-03-24 07:35:40 -06:00
Jeremy McSpadden	d24095971c	feat: add pre-commit secret scanner and CI secret detection (#1148 ) * feat: add pre-commit secret scanner and CI secret detection Add a comprehensive secret scanning system to prevent accidental credential leaks in commits and pull requests: - scripts/secret-scan.sh: ERE-based scanner (macOS/Linux compatible) that detects AWS keys, API tokens, private keys, database URLs, GitHub/GitLab/Slack/Stripe/Google/npm tokens, and hardcoded passwords - scripts/install-hooks.sh: one-command git pre-commit hook installer - .secretscanignore: allowlist for known false positives (test fixtures, env var references, placeholder values) - CI job: secret-scan step in ci.yml scans PR diffs against origin/main - npm scripts: test:secret-scan, secret-scan, secret-scan:install-hook - 17 tests covering detection, non-detection, binary skipping, CI mode * fix: exclude secret-scan test file from CI scanning The test file contains intentional fake secrets as test inputs. Add it to .secretscanignore so CI doesn't flag them. * fix: skip secret-scan tests on Windows (requires bash/POSIX grep)	2026-03-18 08:33:17 -06:00

Author

SHA1

Message

Date

Lex Christopherson

9f4bf8c452

fix: restore PR files lost during merge conflict resolution

Files added by PR #2008 that were not in main were dropped during
the merge. Restore all src/, docs/, and scripts/ files from the
pre-merge PR head.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-25 22:39:33 -06:00

Jeremy McSpadden

9153506fba

chore(contrib): add CODEOWNERS and team workflow docs (#2286 )

* chore(contrib): add commit-msg hook, CODEOWNERS, team workflow docs

- Extend install-hooks.sh with commit-msg hook that enforces
  Conventional Commits format on every commit
- Add .github/CODEOWNERS mapping packages, CI, scripts, and
  security-sensitive files to @gsd-build/maintainers
- CONTRIBUTING.md: add Branching and commits section with naming
  convention, commit format, and rebase guidance
- CONTRIBUTING.md: add Working with GSD section covering mode: team,
  unique milestone IDs, and worktree isolation for multi-dev workflows
- CONTRIBUTING.md: surface npm run secret-scan:install-hook in Local
  development with explanation of both hooks it installs
- CONTRIBUTING.md: align AI disclosure section — no AI tool authorship
  in commits, Draft PR requirement for multi-phase agent work

* chore: remove install-hooks.sh — local git hook installation is too intrusive for a contributor PR

2026-03-24 07:35:40 -06:00

Jeremy McSpadden

d24095971c

feat: add pre-commit secret scanner and CI secret detection (#1148 )

* feat: add pre-commit secret scanner and CI secret detection

Add a comprehensive secret scanning system to prevent accidental
credential leaks in commits and pull requests:

- scripts/secret-scan.sh: ERE-based scanner (macOS/Linux compatible)
  that detects AWS keys, API tokens, private keys, database URLs,
  GitHub/GitLab/Slack/Stripe/Google/npm tokens, and hardcoded passwords
- scripts/install-hooks.sh: one-command git pre-commit hook installer
- .secretscanignore: allowlist for known false positives (test fixtures,
  env var references, placeholder values)
- CI job: secret-scan step in ci.yml scans PR diffs against origin/main
- npm scripts: test:secret-scan, secret-scan, secret-scan:install-hook
- 17 tests covering detection, non-detection, binary skipping, CI mode

* fix: exclude secret-scan test file from CI scanning

The test file contains intentional fake secrets as test inputs.
Add it to .secretscanignore so CI doesn't flag them.

* fix: skip secret-scan tests on Windows (requires bash/POSIX grep)

2026-03-18 08:33:17 -06:00

3 commits