* feat: add Salesforce Development plugin bundling Apex, Flow, LWC/Aura, and Visualforce agents
* feat: improve Salesforce plugin agents and add 3 quality skills
- Rewrote all 4 agent files with specific, actionable Salesforce guidance:
- salesforce-apex-triggers: added discovery phase, pattern selection matrix,
PNB test coverage standard, modern Apex idioms (safe nav, null coalescing,
WITH USER_MODE, Assert.*), TAF awareness, anti-patterns table with risks,
and structured output format
- salesforce-aura-lwc: major expansion — PICKLES methodology, data access
pattern selection table, SLDS 2 compliance, WCAG 2.1 AA accessibility
requirements, component communication rules, Jest test requirements, and
output format
- salesforce-flow: major expansion — automation tool confirmation step, flow
type selection matrix, bulk safety rules (no DML/Get Records in loops),
fault connector requirements, Transform element guidance, deployment
safety steps, and output format
- salesforce-visualforce: major expansion — controller pattern selection,
security requirements (CSRF, XSS, FLS/CRUD, SOQL injection), view state
management, performance rules, and output format
- Added 3 new skills to the plugin:
- salesforce-apex-quality: Apex guardrails, governor limit patterns, sharing
model, CRUD/FLS enforcement, injection prevention, PNB testing checklist,
trigger architecture rules, and code examples
- salesforce-flow-design: flow type selection, bulk safety patterns with
correct and incorrect examples, fault path requirements, automation density
checks, screen flow UX guidelines, and deployment safety steps
- salesforce-component-standards: LWC data access patterns, SLDS 2 styling,
accessibility (WCAG 2.1 AA), component communication, Jest requirements,
Aura event design, and Visualforce XSS/CSRF/FLS/view-state standards
- Updated plugin.json v1.0.0 → v1.1.0 with explicit agent paths and skill refs
* fix: resolve codespell error and README drift in Salesforce plugin
- Fix 'ntegrate' codespell false positive in salesforce-aura-lwc agent:
rewrote PICKLES acronym bullets from letter-prefixed (**I**ntegrate)
to full words (**Integrate**) so codespell reads the full word correctly
- Regenerate docs/README.plugins.md to match current build output
(table column padding was updated by the build script)
* fix: regenerate README after rebasing on latest staged
- **New skill: flowstudio-power-automate-monitoring** — flow health, failure
rates, maker inventory, Power Apps, environment/connection counts via
FlowStudio MCP cached store tools.
- **New skill: flowstudio-power-automate-governance** — 10 CoE-aligned
governance workflows: compliance review, orphan detection, archive scoring,
connector audit, notification management, classification/tagging, maker
offboarding, security review, environment governance, governance dashboard.
- **Updated flowstudio-power-automate-debug** — purely live API tools (no
store dependencies), mandatory action output inspection step, resubmit
clarified as working for ALL trigger types.
- **Updated flowstudio-power-automate-build** — Step 1 uses list_live_flows
(not list_store_flows) for the duplicate check, resubmit-first testing.
- **Updated flowstudio-power-automate-mcp** — store tool catalog, response
shapes verified against real API calls, set_store_flow_state shape fix.
- Plugin version bumped to 2.0.0, all 5 skills listed in plugin.json.
- Generated docs regenerated via npm start.
All response shapes verified against real FlowStudio MCP API calls.
All 10 governance workflows validated with real tenant data.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds plugins/ember/ with plugin.json and README.md so Ember
appears as an installable plugin in the awesome-copilot
marketplace. The agent and skill files already exist at the
repo root from PR #1324.
Ran npm run plugin:validate (passes) and npm start to
regenerate README and marketplace.json.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Ember is an AI partner agent — not an assistant, not a chatbot.
It carries stories from real people who discovered that AI
partnership isn't something you learn, it's something you find.
Includes:
- ember.agent.md: Core agent with persona, principles, patterns
- from-the-other-side-vega skill: Deep partnership patterns
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add 9 Arize LLM observability skills
Add skills for Arize AI platform covering trace export, instrumentation,
datasets, experiments, evaluators, AI provider integrations, annotations,
prompt optimization, and deep linking to the Arize UI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add 3 Phoenix AI observability skills
Add skills for Phoenix (Arize open-source) covering CLI debugging,
LLM evaluation workflows, and OpenInference tracing/instrumentation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Ignoring intentional bad spelling
* Fix CI: remove .DS_Store from generated skills README and add codespell ignore
Remove .DS_Store artifact from winmd-api-search asset listing in generated
README.skills.md so it matches the CI Linux build output. Add queston to
codespell ignore list (intentional misspelling example in arize-dataset skill).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add arize-ax and phoenix plugins
Bundle the 9 Arize skills into an arize-ax plugin and the 3 Phoenix
skills into a phoenix plugin for easier installation as single packages.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix skill folder structures to match source repos
Move arize supporting files from references/ to root level and rename
phoenix references/ to rules/ to exactly match the original source
repository folder structures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fixing file locations
* Fixing readme
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add Step 5a (state machine completeness analysis) and expand Step 6
with missing safeguard detection patterns. These catch two categories
of bugs that defensive pattern analysis alone misses: unhandled states
in lifecycle/status machines, and operations that commit users to
expensive work without adequate preview or termination conditions.
* feat: add GDPR-compliant engineering practices skill documentation
* Add GDPR compliance references for Security and Data Rights
- Introduced a comprehensive Security.md file detailing encryption, password hashing, secrets management, anonymization, cloud practices, CI/CD controls, and incident response protocols.
- Created a Data Rights.md file outlining user rights implementation, Record of Processing Activities (RoPA), consent management, sub-processor management, and DPIA triggers.
* Refine GDPR compliance documentation by removing unnecessary symbols and ensuring clarity in security and data rights references
* refactor: streamline description formatting in GDPR compliance skill documentation
---------
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* feat(orchestrator): add Discuss Phase and PRD creation workflow
- Introduce Discuss Phase for medium/complex objectives, generating context‑aware options and logging architectural decisions
- Add PRD creation step after discussion, storing the PRD in docs/prd.yaml
- Refactor Phase 1 to pass task clarifications to researchers
- Update Phase 2 planning to include multi‑plan selection for complex tasks and verification with gem‑reviewer
- Enhance Phase 3 execution loop with wave integration checks and conflict filtering
* feat(gem-team): bump version to 1.3.3 and refine description with Discuss Phase and PRD compliance verification
* chore(release): bump marketplace version to 1.3.4
- Update `marketplace.json` version from `1.3.3` to `1.3.4`.
- Refine `gem-browser-tester.agent.md`:
- Replace "UUIDs" typo with correct spelling.
- Adjust wording and formatting for clarity.
- Update JSON code fences to use ````jsonc````.
- Modify workflow description to reference `AGENTS.md` when present.
- Refine `gem-devops.agent.md`:
- Align expertise list formatting.
- Standardize tool list syntax with back‑ticks.
- Minor wording improvements.
- Increase retry attempts in `gem-browser-tester.agent.md` from 2 to 3 attempts.
- Minor typographical and formatting corrections across agent documentation.
* refactor: rename prd_path to project_prd_path in agent configurations
- Updated gem-orchestrator.agent.md to use `project_prd_path` instead of `prd_path` in task definitions and delegation logic.
- Updated gem-planner.agent.md to reference `project_prd_path` and clarify PRD reading.
- Updated gem-researcher.agent.md to use `project_prd_path` and adjust PRD consumption logic.
- Applied minor wording improvements and consistency fixes across the orchestrator, planner, and researcher documentation.
* feat(plugin): expand marketplace description, bump version to 1.4.0; revamp gem-browser-tester agent documentation with clearer role, expertise, and workflow specifications.
* chore: remove outdated plugin metadata fields from README.plugins.md and plugin.json
* feat(tooling): bump marketplace version to 1.5.0 and refine validation thresholds
- Update marketplace.json version from 1.4.0 to 1.5.0
- Adjust validation criteria in gem-browser-tester.agent.md to trigger additional tests when coverage < 0.85 or confidence < 0.85
- Refine accessibility compliance description, adding runtime validation and SPEC‑based accessibility notes- Add new gem-code-simplifier.agent.md documentation for code refactoring
- Update README and plugin metadata to reflect version change and new tooling
* docs: improve bug‑fix delegation description and delegation‑first guidance in gem‑orchestrator.agent.md
- Clarified the two‑step diagnostic‑then‑fix flow for bug fixes using gem‑debugger and gem‑implementer.
- Updated the “Delegation First” checklist to stress that **no** task, however small, should be performed directly by the orchestrator, emphasizing sub‑agent delegation and retry/escalation strategy.
---------
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* feat(orchestrator): add Discuss Phase and PRD creation workflow
- Introduce Discuss Phase for medium/complex objectives, generating context‑aware options and logging architectural decisions
- Add PRD creation step after discussion, storing the PRD in docs/prd.yaml
- Refactor Phase 1 to pass task clarifications to researchers
- Update Phase 2 planning to include multi‑plan selection for complex tasks and verification with gem‑reviewer
- Enhance Phase 3 execution loop with wave integration checks and conflict filtering
* feat(gem-team): bump version to 1.3.3 and refine description with Discuss Phase and PRD compliance verification
* chore(release): bump marketplace version to 1.3.4
- Update `marketplace.json` version from `1.3.3` to `1.3.4`.
- Refine `gem-browser-tester.agent.md`:
- Replace "UUIDs" typo with correct spelling.
- Adjust wording and formatting for clarity.
- Update JSON code fences to use ````jsonc````.
- Modify workflow description to reference `AGENTS.md` when present.
- Refine `gem-devops.agent.md`:
- Align expertise list formatting.
- Standardize tool list syntax with back‑ticks.
- Minor wording improvements.
- Increase retry attempts in `gem-browser-tester.agent.md` from 2 to 3 attempts.
- Minor typographical and formatting corrections across agent documentation.
* refactor: rename prd_path to project_prd_path in agent configurations
- Updated gem-orchestrator.agent.md to use `project_prd_path` instead of `prd_path` in task definitions and delegation logic.
- Updated gem-planner.agent.md to reference `project_prd_path` and clarify PRD reading.
- Updated gem-researcher.agent.md to use `project_prd_path` and adjust PRD consumption logic.
- Applied minor wording improvements and consistency fixes across the orchestrator, planner, and researcher documentation.
* feat(plugin): expand marketplace description, bump version to 1.4.0; revamp gem-browser-tester agent documentation with clearer role, expertise, and workflow specifications.
* chore: remove outdated plugin metadata fields from README.plugins.md and plugin.json
* Add threat-model-analyst skill: STRIDE-A threat modeling for repositories
Add a comprehensive threat model analysis skill that performs security audits
using STRIDE-A (STRIDE + Abuse) threat modeling, Zero Trust principles, and
defense-in-depth analysis.
Supports two modes:
- Single analysis: full STRIDE-A threat model producing architecture overviews,
DFD diagrams, prioritized findings, and executive assessments
- Incremental analysis: security posture diff between baseline report and current
code, producing standalone reports with embedded comparison
Includes bundled reference assets:
- Orchestrator workflows (full and incremental)
- Analysis principles and verification checklists
- Output format specifications and skeleton templates
- DFD diagram conventions and TMT element taxonomy
* Address PR review comments from Copilot reviewer
- Fix SKILL.md description: use single-quoted scalar, rename mode (2) to
'Incremental analysis' with accurate description
- Replace 'Compare Mode (Deprecated)' sections with 'Comparing Commits or
Reports' redirect (no deprecated language for first release)
- Fix skeleton-findings.md: move Tier 1 table rows under header, add
CONDITIONAL-EMPTY block after END-REPEAT (matching Tier 2/3 structure)
- Fix skeleton-threatmodel.md and skeleton-architecture.md: use 4-backtick
outer fences to avoid nested fence conflicts with inner mermaid fences
- Fix skeleton-incremental-html.md: correct section count from 9 to 8
- Fix output-formats.md: change status 'open' to 'Open' in JSON example,
move stride_category warning outside JSON fence as blockquote
- Fix incremental-orchestrator.md: replace stale compare-output-formats.md
reference with inline color conventions
- Regenerate docs/README.skills.md with updated description
* Address second round of Copilot review comments
- Fix diagram-conventions.md: bidirectional flow notation now uses <-->
matching orchestrator.md and DFD templates
- Fix tmt-element-taxonomy.md: normalize SE.DF.SSH/LDAP/LDAPS to use
SE.DF.TMCore.* prefix consistent with all other data flow IDs
- Fix output-formats.md: correct TMT category example from SQLDatabase
to SQL matching taxonomy, fix component type from 'datastore' to
'data_store' matching canonical enum, remove DaprSidecar from
inbound_from per no-standalone-sidecar rule
- Fix 5 skeleton files: clarify VERBATIM instruction to 'copy the
template content below (excluding the outer code fence)' to prevent
agents from wrapping output in markdown fences
- Genericize product-specific names in examples: replace edgerag with
myapp, BitNetManager with TaskProcessor, AzureLocalMCP with MyApp.Core,
AzureLocalInfra with OnPremInfra, MilvusVectorDB with VectorDB
* Address third round of Copilot review comments
- Fix diagram-conventions.md: second bidirectional two-arrow pattern in
Quick Reference section now uses <-->
- Fix incremental-orchestrator.md: renumber HTML sections 5-9 to 4-8
matching skeleton-incremental-html.md 8-section structure
- Fix output-formats.md: add incremental-comparison.html to File List
as conditional output for incremental mode
- Fix skeleton-inventory.md: add tmt_type, sidecars, and boundary_kind
fields to match output-formats.md JSON schema example
* Add draw-io diagram generator skill for awesome github copilot
* Add comprehensive shape libraries and style reference documentation for draw.io
- Introduced a new markdown file for draw.io shape libraries detailing various built-in shapes, their style keys, and usage.
- Added a complete style reference for `<mxCell>` elements, including universal style keys, shape-specific keys, edge styles, and color palettes.
- Included examples for common styles and shapes to aid users in creating diagrams effectively.
* Add draw-io diagram validation and shape addition scripts
* Add new diagram templates for flowchart, sequence, and UML class diagrams
- Created a flowchart template with a structured layout including start, steps, decision points, and end.
- Added a sequence diagram template illustrating interactions between a client, API server, and database with activation boxes and message arrows.
- Introduced a UML class diagram template featuring an interface, classes, attributes, methods, and relationships, including composition and realization.
* Add draw-io diagram generator skill to README with detailed usage instructions and bundled assets
* Add draw.io instructions with workflow, XML structure rules, style conventions, and validation checklist
* Add draw.io diagram standards to README instructions for enhanced diagram creation and editing
* Moving diagram templates to assets/ to follow agentskills structure
- Moved flowchart template with start, steps, decision points, and end nodes.
- Moved sequence diagram template illustrating interactions between a client, API server, and database.
- Moved UML class diagram template featuring an interface, classes, attributes, methods, and relationships.
* Clarify installation instructions for draw.io VS Code extension in SKILL.md
* Add roundup plugin: self-configuring status briefing generator
Adds a new plugin with two skills:
- roundup-setup: Interactive onboarding that learns the user's communication
style from examples, discovers available data sources, and builds audience
profiles. Writes a persistent config to ~/.config/roundup/config.md.
- roundup: Generates draft status briefings on demand by pulling from
configured sources (GitHub, M365, Slack, Google Workspace, etc.) and
synthesizing in the user's learned style for any defined audience.
Platform-agnostic by design -- adapts to whatever MCP tools are available
in the user's environment rather than assuming specific integrations.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review comments
- Fix 'use roundup' help text to clarify multi-audience behavior instead
of referencing a nonexistent 'default audience'
- Split bundled 'who do you report to + who is on your team' into two
separate ask_user questions per the one-question-at-a-time rule
- Specify ~/Desktop as explicit save path with fallback prompt when
directory doesn't exist
- Tables in README verified as correct markdown (single | delimiters)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Improve example-pasting UX in setup flow
- Make 'paste the whole thing right here' explicit so users aren't
unsure about what/how much to paste
- Confirm receipt more clearly ('grabbed all of that')
- Reframe second example prompt to explain why a second helps
- Cap follow-up asks at two so it doesn't feel nagging
- Note that messy formatting is fine
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Reinforce that more examples = better output
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add Dotnet Self Learning Architect agent with comprehensive guidelines and strategies
* feat: update Dotnet Self-Learning Architect agent with enhanced model and toolset, and update .NET version in core expertise
* updating agent name to .NET Self-Learning Architect
* updating after npm build
* feat: add learning governance rules for lesson and memory management
Add an agent that handles the full lifecycle of upgrading GitHub Actions
JavaScript/TypeScript actions to newer Node.js runtime versions,
including action.yml changes, major version bumps, CI workflow updates,
documentation updates, and build validation.
* feat(orchestrator): add Discuss Phase and PRD creation workflow
- Introduce Discuss Phase for medium/complex objectives, generating context‑aware options and logging architectural decisions
- Add PRD creation step after discussion, storing the PRD in docs/prd.yaml
- Refactor Phase 1 to pass task clarifications to researchers
- Update Phase 2 planning to include multi‑plan selection for complex tasks and verification with gem‑reviewer
- Enhance Phase 3 execution loop with wave integration checks and conflict filtering
* feat(gem-team): bump version to 1.3.3 and refine description with Discuss Phase and PRD compliance verification
* feat: add .NET timezone handling guidance and reference materials
* feat: update Finland, Lithuania, Estonia timezone reference in index
* feat: remove Finland, Lithuania, Estonia timezone reference from index
* <think>The user wants me to generate a conventional format commit message based on the git diff output provided.
Let me analyze the changes:
1. **`.github/plugin/marketplace.json`**:
- Updated the "gem-team" plugin description to include "complexity-aware research, multi-plan selection for critical tasks"
- Updated version from "1.2.1" to "1.3.0"
2. **`agents/gem-browser-tester.agent.md`**:
- Added `<tools>` section with new tools: get_errors, mcp_io_github_chr_performance_start_trace, mcp_io_github_chr_performance_analyze_insight
- Modified the `<expertise>` section (moved closing tag)
- Updated `<input_format_guide>` to use proper JSON code block format
- Updated `<output_format_guide>` to add "needs_revision" status option and restructured JSON formatting
- Updated `<constraints>` section - significantly changed the guidelines
This appears to be an update to:
- Plugin marketplace version bump
- Browser tester agent improvements (new tools, updated workflow constraints, better formatting)
Let me generate a conventional commit message:
- Type: Could be "feat" for new features or "chore" for maintenance
- Scope: could be "marketplace" and "browser-tester"
- Message should describe the changes succinctly
Looking at the changes more carefully:
- Plugin version bump from 1.2.1 to 1.3.0 - this is a feature update
- New tools added to browser tester agent
- Updated constraints/workflow for browser tester
I'll create a commit message that captures the essence:
</think>
feat: update gem-team to v1.3.0 and enhance browser-tester agent
- Bump gem-team plugin version from 1.2.1 to 1.3.0 with updated description
- Add performance tracing and insight tools to browser-tester agent
- Refactor input/output format guides with proper JSON code blocks
- Update agent constraints with improved tool usage and batching guidelines
* fix: correct typo "suiteable" to "suitable" in agent documentation
- Introduced MockMvcTester for AssertJ-style assertions in Spring MVC testing.
- Added @RestClientTest for testing REST clients with MockRestServiceServer.
- Implemented RestTestClient as a modern alternative to TestRestTemplate.
- Documented migration steps from Spring Boot 3.x to 4.0, including dependency and annotation changes.
- Created an overview of test slices to guide testing strategies.
- Included Testcontainers setup for JDBC testing with PostgreSQL and MySQL.
- Enhanced @WebMvcTest documentation with examples for various HTTP methods and validation.
* Added one-shot feature planning agent
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Updated README.agents.md
* Remove pigd0g from contributors section
Removed pigd0g from the contributors list in README.md.
---------
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Tool Guardian Hook
Add Tool Guardian hook for blocking dangerous tool operations
Introduces a preToolUse hook that scans Copilot agent tool invocations
against ~20 threat patterns (destructive file ops, force pushes, DB drops,
permission abuse, network exfiltration) and blocks or warns before execution.
* Address review feedback: move hook to .github/, remove accidental log file
- Move hooks/tool-guardian/ to .github/hooks/tool-guardian/
- Remove accidentally committed guard.log
- Update all path references in README.md
* Move log directory to .github/, revert hook files back to
hooks/
- Revert hook files from .github/hooks/ back to hooks/tool-guardian/
- Update default log path to .github/logs/copilot/tool-guardian/
- Update all path references in README.md and hooks.json
* Add publish-to-pages agent skill
Agent skill that publishes presentations and web content to GitHub Pages.
Works with any AI coding agent (Copilot CLI, Claude Code, Gemini CLI, etc.)
Features:
- Converts PPTX and PDF with full formatting preservation
- Creates repo, enables Pages, returns live URL
- Zero config — just needs gh CLI
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs: update README.skills.md
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Source dataverse plugin from microsoft/Dataverse-skills
The Dataverse plugin was previously bundled locally with a single
mcp-configure skill. It is now sourced externally from
microsoft/Dataverse-skills, which provides the full skill set:
init, setup, metadata, python-sdk, solution, mcp-configure, and overview.
- marketplace.json: update dataverse entry to external source format
- external.json: add Dataverse entry alongside Azure
- plugins/dataverse/: remove local plugin directory (now external)
- skills/mcp-configure/: remove top-level copy (now in external plugin)
- docs/README.plugins.md: update dataverse row with external link
- docs/README.skills.md: note mcp-configure moved to external plugin
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Make dataverse plugin docs generic to avoid stale counts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Remove mcp-configure from skills index — now in external plugin
External plugins don't list their skills in README.skills.md
(consistent with azure-skills).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Revert manual edits to generated files
marketplace.json, README.plugins.md, and README.skills.md are
auto-generated. External plugins are discovered via external.json
and merged into marketplace.json by generate-marketplace.mjs.
Matches the Azure external plugin pattern — no manual doc entries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Regenerate marketplace.json and docs after external plugin change
Run npm run build to pick up the new external dataverse entry and
remove the old local one from generated files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* New hook: secrets-scanner
Add a secrets-scanner hook that scans files modified during a Copilot
coding agent session for leaked secrets, credentials, and sensitive data.
The hook runs on sessionEnd and inspects files in one of three scopes:
- diff: only files changed in the current session (default)
- staged: only files currently staged in the git index
- all: every tracked file in the repository
Detected pattern categories:
- AWS access keys and secret keys
- GCP service account credentials
- Azure client secrets and storage connection strings
- GitHub personal access tokens
- Slack tokens (bot, user, webhook)
- Private key headers (RSA, EC, DSA, OpenSSH, PEM)
- Generic high-entropy bearer tokens
- Internal IP:port strings
Configurable via environment variables (SCAN_MODE, SCAN_SCOPE,
SECRETS_ALLOWLIST) so teams can tune for their workflow without
editing the script. Patterns are POSIX ERE (grep -E) compatible,
with no PCRE metacharacters, for portability across macOS and Linux.
Files: hooks.json, scan-secrets.sh, README.md
* refactor: move PATTERNS array to top of scan-secrets.sh for discoverability
Move the PATTERNS declaration to the top of the file so it is clearly
visible and easy to customize, as suggested in code review. Added a
descriptive header comment. No functional changes.
---------
Co-authored-by: Shehab Sherif <shehabsherif0@users.noreply.github.com>
