style(no-slop): remove every em-dash + banned words across all modules + capstone
Apply the no-ai-slop standard (now binding in AGENTS.md): the em-dash character is banned outright (restructured, not blind-replaced), plus the banned word/phrase list (delve, leverage, robust, seamless, truly, unlock, etc.). 0 em-dashes remain in modules + capstone; the only "robust" left is the planted M10 ai-change.patch trap. Module H1 titles use a colon separator. All deliberate teaching devices preserved; labs compile/parse (py/sh/yaml/json); no junk. AGENTS.md updated with the hard no-slop rules. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TfzV5QvtPDz8LJS3Pu5VLT
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
"""Cloud-sync config for tasks-app — a realistic snapshot of what an AI hands you.
|
||||
"""Cloud-sync config for tasks-app: a realistic snapshot of what an AI hands you.
|
||||
|
||||
Asked to "sync tasks to a cloud service," a model will produce something like this: it works, it
|
||||
reads naturally, it passes lint and tests... and it carries two planted flaws: a live credential
|
||||
@@ -24,15 +24,15 @@ def sync_headers() -> dict:
|
||||
|
||||
# --- The problem the SAST scanner should flag (Gate 3) -----------------------------------------
|
||||
# AI-classic: "sign" the request body with a quick hash. MD5 is broken for anything
|
||||
# security-relevant — a textbook weak-crypto idiom. A secret scanner won't catch this (it's not a
|
||||
# security-relevant; a textbook weak-crypto idiom. A secret scanner won't catch this (it's not a
|
||||
# secret); a SAST tool like bandit will (it's insecure code you wrote). DO NOT imitate.
|
||||
def sign_payload(body: str) -> str:
|
||||
return hashlib.md5(body.encode()).hexdigest()
|
||||
|
||||
|
||||
# --- The fix (Part C) --------------------------------------------------------------------------
|
||||
# Read the secret from the environment instead of committing it. Proper secret management — env
|
||||
# files, secret stores, per-environment config — is Module 17. This is just enough to make the
|
||||
# Read the secret from the environment instead of committing it. Proper secret management (env
|
||||
# files, secret stores, per-environment config) is Module 17. This is just enough to make the
|
||||
# scanner go quiet honestly.
|
||||
#
|
||||
# import os
|
||||
|
||||
Reference in New Issue
Block a user