Skip to content

chore: drop legacy secrets ignore#64

Merged
VdustR merged 1 commit into
mainfrom
codex/drop-legacy-secrets-ignore
May 18, 2026
Merged

chore: drop legacy secrets ignore#64
VdustR merged 1 commit into
mainfrom
codex/drop-legacy-secrets-ignore

Conversation

@VdustR
Copy link
Copy Markdown
Owner

@VdustR VdustR commented May 18, 2026

Summary

  • remove the legacy .secrets entry from the global gitignore source
  • update Claude guidance so secret-file examples point to .env and .env.local

Verification

  • git diff --check -- .claude/CLAUDE.md .gitignore
  • exact legacy .secrets scan on changed files returned no matches

Risk

Low. This only updates dotfiles guidance and the global gitignore source. Existing local secret files should already be migrated away from .secrets.

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 18, 2026

⚠️ No Changeset found

Latest commit: 77b7a48

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@VdustR
Copy link
Copy Markdown
Owner Author

VdustR commented May 18, 2026

@changeset-bot

No Changeset found

No changeset is needed for this PR. The change only updates personal dotfiles guidance and the global gitignore source; it does not affect a versioned package artifact.

@VdustR VdustR marked this pull request as ready for review May 18, 2026 02:41
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the documentation for safe agent actions in .claude/CLAUDE.md and removes .secrets from the .gitignore file. The review feedback suggests expanding the list of secret file examples in the documentation to include *.pem, *.key, and restoring ~/.secrets to provide more comprehensive security guardrails for the agent.

Comment thread .claude/CLAUDE.md
- Only execute explicitly requested actions
- **Requires explicit instruction**: git operations (commits, pushes, branch changes), deploys
- **Safe without asking**: tests, linting, type checks, read-only git (`git diff`, `git status`, `git log`), reading files (except secret files, e.g., `~/.secrets`, `.env`), exploring codebase
- **Safe without asking**: tests, linting, type checks, read-only git (`git diff`, `git status`, `git log`), reading files (except secret files, e.g., `.env`, `.env.local`), exploring codebase
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

The list of secret file examples should be comprehensive to ensure the agent avoids all sensitive files. Since *.pem and *.key are also ignored in .gitignore, adding them here provides better security guardrails. Additionally, keeping ~/.secrets is advisable as this configuration is synced globally and the agent may encounter this legacy pattern in other contexts or the home directory.

Suggested change
- **Safe without asking**: tests, linting, type checks, read-only git (`git diff`, `git status`, `git log`), reading files (except secret files, e.g., `.env`, `.env.local`), exploring codebase
- **Safe without asking**: tests, linting, type checks, read-only git (`git diff`, `git status`, `git log`), reading files (except secret files, e.g., `.env`, `.env.local`, `*.pem`, `*.key`, `~/.secrets`), exploring codebase

@VdustR VdustR merged commit ad2bb37 into main May 18, 2026
@VdustR VdustR deleted the codex/drop-legacy-secrets-ignore branch May 18, 2026 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@VdustR