fix gitleaks 04/02/26

[transphorm]

Summary

Test plan

---

Native Consolidation Checklist

• CONTRACTS.md reviewed - no unintended contract changes
• Layer 1 bridge contract tests pass (cd app && yarn jest:run / yarn workspace @selfxyz/rn-sdk-test-app test)
• Layer 3 builds pass (app iOS, RN test app iOS, RN test app Android)
• Layer 4 manual smoke test signed off (if consolidation PR)
• No new native business logic added (logic belongs in TypeScript)

Summary by CodeRabbit

• Chores
  • Updated development tools configuration to extend compatibility with additional asset file types in mobile platform directories, ensuring consistent processing during development and build workflows.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
self-webview-app	Building	Preview, Comment	Apr 3, 2026 6:19pm

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6710520052

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Narrow gitleaks allowlist for native shell JS bundles

Allowlisting packages/native-shell-android/src/main/assets/self-wallet/assets/.*\.js disables secret scanning for every committed JS asset in that bundle directory, not just the known false positives. In practice, if a real credential (API key, token, private key) is accidentally embedded in the shipped web bundle, gitleaks will now miss it entirely, which is a security regression introduced by this commit; prefer a targeted regex allowlist for the specific false-positive pattern(s) instead of path-wide exclusion.

Useful? React with 👍 / 👎.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1e1c2b73-0fb1-4806-8c71-3d19a8db0749

📥 Commits

Reviewing files that changed from the base of the PR and between d23cc2b and 6710520.

📒 Files selected for processing (1)

• gitleaks-override.toml

---

📝 Walkthrough

Walkthrough

A single line added to Gitleaks configuration to exempt JavaScript files located in packages/native-shell-android/src/main/assets/self-wallet/assets/ from secret detection checks.

Changes

Cohort / File(s)	Summary
Gitleaks Configuration gitleaks-override.toml	Added allowlist.paths override to exempt .js files under packages/native-shell-android/src/main/assets/self-wallet/assets/ from Gitleaks checks.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch justin/address-gitleaks-errors

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}