Exclude sensitive files from context packs, enforce provider network policy, add CI cleanliness check, and harden tests

[ProfRandom92]

Motivation

• Prevent accidental leakage of secrets and private keys when building a context pack and ensure providers do not perform live network calls unless explicitly allowed by policy.
• Ensure CI fails if tests or code leave the working tree modified after running, and make smoke tests more robust when mutating repository files.

Description

• Add is_sensitive_context_path to detect filenames like .env, key/cert files, and common credential names and skip them when building a context pack.
• Add ensure_provider_network_allowed and call it for ollama in both handle_ask and handle_propose flows to enforce config.policy.allow_provider_network and per-provider network flags before executing networked providers.
• Extend build_context_pack to exclude sensitive filename patterns and add related patterns to excluded_files so generated packs omit secrets and private keys.
• Add a CI step Clean tree in .github/workflows/ci.yml that runs git diff --exit-code && git diff --cached --exit-code to detect dirty working trees after tests.
• Harden tests/cli_smoke.rs by introducing FileGuard to preserve/restore filesystem artifacts, renaming and adjusting tests to assert network-denied behavior for Ollama, and update proposal/apply tests to use guarded temporary files and updated assertions.
• Minor README formatting cleanup for quickstart/commands listing.

Testing

• Ran the repository CI steps locally: cargo fmt --all --check, cargo check, and cargo test, and the test suite completed successfully.
• Exercised tests/cli_smoke.rs which includes the updated ask, propose, apply, and validate scenarios and they passed under the updated assertions.
• The CI workflow now includes the Clean tree check which will fail if tests leave unstaged or staged modifications in the working tree.

---

Codex Task

[gemini-code-assist]

Code Review

This pull request introduces security enhancements to prevent sensitive files (such as .env, keys, and certificates) from being included in context packs, and enforces network access policies for providers like Ollama. It also refactors the smoke tests to use a FileGuard helper for robust, automatic file cleanup. Feedback on the changes highlights that checking if a filename contains the substring "key" is overly broad and will lead to false positives on harmless files (e.g., keyboard.rs), suggesting a more refined matching logic instead.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Using file_name.contains("key") is extremely broad and will cause false positives by matching common non-sensitive filenames containing the substring "key" (e.g., keyboard.rs, key_value.rs, monkey.rs, donkey.rs, keyring.rs, keychain.rs). This would silently exclude these files from the context pack, leading to incomplete context for the LLM.

By refining the check to target specific patterns like api_key, apikey, secret, token, and exact matches for key or keys, we significantly reduce false positives while still catching actual sensitive files.

        || file_name.contains("api_key")
        || file_name.contains("apikey")
        || file_name.contains("secret")
        || file_name.contains("token")
        || file_name.contains("credential")
        || matches!(file_name, "key" | "keys")