docs(wiki): sync from modules/ @ 556b5a72
@@ -438,6 +438,15 @@ runs on every push and blocks the merge.
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
### Gate 0: your hosted forge
|
||||||
|
|
||||||
|
Most hosted forges run their own secret scanner on every push and reject the push if it finds a
|
||||||
|
recognized key pattern (GitHub calls this *push protection*; GitLab and others have equivalents).
|
||||||
|
That happens **before** any CI you wrote runs, so it is effectively *Gate 0* in this module. The
|
||||||
|
planted `SYNC_API_KEY` in `lab/config.py` uses a generic high-entropy value (not an issuer
|
||||||
|
pattern) so the lab can ship; in your real repo, treat your forge's push protection as the
|
||||||
|
earliest gate and never paper over a bypass.
|
||||||
|
|
||||||
## Where it breaks
|
## Where it breaks
|
||||||
|
|
||||||
The honest limits (these gates are necessary, not sufficient):
|
The honest limits (these gates are necessary, not sufficient):
|
||||||
|
|||||||
Reference in New Issue
Block a user