Documentation
¶
Index ¶
Constants ¶
const PathPrefix = ".commitbrief/"
PathPrefix is the trigger condition: any diff file whose path starts with this string (i.e., lives under the .commitbrief/ directory) prompts the user. Root-level COMMITBRIEF.md and .commitbriefignore are intentionally excluded — they are team-shared by design (ADR-0007).
Variables ¶
This section is empty.
Functions ¶
func SecretPatternNames ¶ added in v0.8.0
func SecretPatternNames() []string
SecretPatternNames returns the labels of every pattern the scanner knows about, sorted alphabetically. Used by docs/tests as the authoritative list — keeps drift between the table here and the CHANGELOG/README description detectable.
Types ¶
type SecretMatch ¶ added in v0.8.0
type SecretMatch struct {
Line int // 1-based line number within the diff string
Patterns []string // alphabetised pattern names that matched this line
}
SecretMatch describes a single line in the diff that looks like it might contain a credential the user shouldn't ship to an LLM. Only the line number and the matched-pattern names are recorded — never the matched substring itself, so the scanner's own output can't become a secondary leak vector via logs, stderr, or cache files.
func ScanForSecrets ¶ added in v0.8.0
func ScanForSecrets(diff string) []SecretMatch
ScanForSecrets walks the diff and reports any added line (prefixed with a single `+`, excluding the `+++ b/path` header) that matches one or more of the credential patterns. Removed and context lines are skipped — the goal is to catch *new* leaks, not to re-flag historical content that's already on disk somewhere.
Returns a slice of matches sorted by line number. An empty diff or a diff with no `+` lines returns nil — callers can rely on `len(out) == 0` as the "all clear" signal.
Source Files