Secrets: add inline allowlist review set (#38314)

* Secrets: add inline allowlist review set * Secrets: narrow detect-secrets file exclusions * Secrets: exclude Docker fingerprint false positive * Secrets: allowlist test and docs false positives * Secrets: refresh baseline after allowlist updates * Secrets: fix gateway chat fixture pragma * Secrets: format pre-commit config * Android: keep talk mode fixture JSON valid * Feishu: rely on client timeout injection * Secrets: allowlist provider auth test fixtures * Secrets: allowlist onboard search fixtures * Secrets: allowlist onboard mode fixture * Secrets: allowlist gateway auth mode fixture * Secrets: allowlist APNS wake test key * Secrets: allowlist gateway reload fixtures * Secrets: allowlist moonshot video fixture * Secrets: allowlist auto audio fixture * Secrets: allowlist tiny audio fixture * Secrets: allowlist embeddings fixtures * Secrets: allowlist resolve fixtures * Secrets: allowlist target registry pattern fixtures * Secrets: allowlist gateway chat env fixture * Secrets: refresh baseline after fixture allowlists * Secrets: reapply gateway chat env allowlist * Secrets: reapply gateway chat env allowlist * Secrets: stabilize gateway chat env allowlist * Secrets: allowlist runtime snapshot save fixture * Secrets: allowlist oauth profile fixtures * Secrets: allowlist compaction identifier fixture * Secrets: allowlist model auth fixture * Secrets: allowlist model status fixtures * Secrets: allowlist custom onboarding fixture * Secrets: allowlist mattermost token summary fixtures * Secrets: allowlist gateway auth suite fixtures * Secrets: allowlist channel summary fixture * Secrets: allowlist provider usage auth fixtures * Secrets: allowlist media proxy fixture * Secrets: allowlist secrets audit fixtures * Secrets: refresh baseline after final fixture allowlists * Feishu: prefer explicit client timeout * Feishu: test direct timeout precedence
2026-05-06 09:11:37 +00:00 · 2026-03-06 19:35:26 -05:00
parent 3070fafec1
commit 42e3d8d693
80 changed files with 363 additions and 317 deletions
--- a/src/gateway/auth-mode-policy.test.ts
+++ b/src/gateway/auth-mode-policy.test.ts
@@ -13,7 +13,7 @@ describe("gateway auth mode policy", () => {
        auth: {
          mode: "token",
          token: "token-value",
-          password: "password-value",
+          password: "password-value", // pragma: allowlist secret
        },
      },
    };
@@ -36,7 +36,7 @@ describe("gateway auth mode policy", () => {
      gateway: {
        auth: {
          token: "token-value",
-          password: "password-value",
+          password: "password-value", // pragma: allowlist secret
        },
      },
    };
@@ -65,7 +65,7 @@ describe("gateway auth mode policy", () => {
      gateway: {
        auth: {
          token: "token-value",
-          password: "password-value",
+          password: "password-value", // pragma: allowlist secret
        },
      },
    };