feat(security): add pre-commit config with TruffleHog secret scanning#67
Merged
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
williaby
added a commit
that referenced
this pull request
May 9, 2026
) * fix(compliance): cover pre-existing files in REUSE.toml Add a new annotation block covering 1 files that predated the centralized REUSE.toml coverage. These files were flagged by `reuse lint` (Check REUSE Compliance workflow) but had no matching path entry. Licensed CC0-1.0 to match the existing configuration-files annotation pattern in this repo's REUSE.toml. Unblocks the TruffleHog rollout PR #67 on this repo (which was failing the Check REUSE Compliance gate due to these pre-existing missing-info files, not because of the TruffleHog change). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(compliance): wrap instructional SPDX echoes in python-reuse.yml Root cause of REUSE failure: shell echo statements like `echo '# SPDX-License-Identifier: MIT'` in the workflow's summary step were parsed by the REUSE tool as actual SPDX expressions, producing the invalid value `MIT' >> $GITHUB_STEP_SUMMARY` and triggering both "INVALID SPDX LICENSE EXPRESSIONS" and "MISSING LICENSING INFORMATION" gates on the same file. Wrap the instructional echoes with `# REUSE-IgnoreStart` / `# REUSE-IgnoreEnd` comments per REUSE 3.3 spec. The existing global `**` MIT annotation in REUSE.toml then applies to python-reuse.yml without an override. Revert the previous CC0-1.0 annotation block; reusable workflows referenced via `uses:` are not redistributed, so the MIT default applies. CC0 in this org is reserved for ML training-data contexts. Verified: `reuse lint` passes locally with 125/125 files compliant and 0 invalid SPDX expressions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Add a baseline `.pre-commit-config.yaml` with file-quality hooks (trailing-whitespace, end-of-file, large-file, merge-conflict, private-key) and a TruffleHog secret-scanning hook scoped to staged files. Run `pre-commit install` after pulling to activate the hooks locally. See `.claude/rules/pre-commit.md` invariant `PC-HOOK-STAGED-SCOPE` for the scope principle. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
williaby
force-pushed
the
feat/add-pre-commit-config
branch
from
63c0b74 to
6217f89
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add a baseline
.pre-commit-config.yamlwith file-quality hooks(trailing-whitespace, end-of-file, large-file, merge-conflict, private-key)
and a TruffleHog secret-scanning hook scoped to staged files.
Run
pre-commit installafter pulling to activate the hooks locally.See
.claude/rules/pre-commit.mdinvariantPC-HOOK-STAGED-SCOPEfor thescope principle.
Why
Resolves observation #4 from
~/.claude/skill-observations/log.md.Part of a fleet-wide TruffleHog rollout following the methodology in the
pre-commit-authoringskill and thePC-HOOK-STAGED-SCOPEinvariant in.claude/rules/pre-commit.md.Generated with Claude Code