M15: change planted secret pattern + note hosted-forge push protection #109

Merged
claude merged 1 commits from fix/m15-generic-secret-pattern into main 2026-06-24 21:12:58 -04:00
Contributor

Two things in one:

  • The planted sk_live_... pattern-matched Stripe, so GitHub push protection blocked the public mirror push. Swapped for a generic high-entropy value (the secret-keyword detector still flags it; no issuer pattern, no push-protection block).
  • Added a 'Gate 0: your hosted forge' note to M15 turning this into a teaching point: the forge's push protection is the earliest gate; never paper over a bypass.

check.sh passes.

🤖 Generated with Claude Code

Two things in one: - The planted `sk_live_...` pattern-matched Stripe, so GitHub push protection blocked the public mirror push. Swapped for a generic high-entropy value (the secret-keyword detector still flags it; no issuer pattern, no push-protection block). - Added a 'Gate 0: your hosted forge' note to M15 turning this into a teaching point: the forge's push protection is the earliest gate; never paper over a bypass. `check.sh` passes. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
claude added 1 commit 2026-06-24 21:12:44 -04:00
The previous planted SYNC_API_KEY used a sk_live_-prefixed value that
pattern-matches Stripe, so GitHub push protection blocked the public mirror push
before any of the module's own gates ran. Swap it for a generic high-entropy
value the secret-keyword detector still flags (var name is SYNC_API_KEY) without
matching any specific issuer pattern.

Add a "Gate 0: your hosted forge" note to M15 acknowledging that the forge's own
push protection is the earliest gate; teach learners to treat it that way rather
than papering over a bypass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TfzV5QvtPDz8LJS3Pu5VLT
claude merged commit 556b5a7256 into main 2026-06-24 21:12:58 -04:00
claude deleted branch fix/m15-generic-secret-pattern 2026-06-24 21:12:58 -04:00
Sign in to join this conversation.