The secret scan.
One pasted key can outlive every fix. This gate reads every committed and staged file for the shapes leaked credentials take.
What the check reads
The check builds its file list from git ls-files plus any new files git does not ignore, then skips vendored folders, lockfiles and binary-looking files. Env files are not skipped: a tracked .env is scanned like any other file, and a gitignored one never reaches the list in the first place. Files over 2 MB are scanned in their first and last 256 KB and marked partial in the record, never skipped silently. Every file is matched against eighteen leaked-secret patterns: OpenAI and Anthropic keys, Stripe live, restricted and webhook keys, AWS access key ids, GitHub classic and fine-grained tokens, Google OAuth secrets, Slack tokens, SendGrid keys, npm access tokens, private-key blocks, Vercel tokens, KV REST credentials, bare JWTs that only count when their header actually decodes to one, database URLs with embedded passwords, and Bearer token literals. The Bearer pattern only counts when the captured token looks like a real credential, mixed case plus a digit and at least twenty characters, so placeholders and test fixtures do not trip a false NO-GO.
Why AI-built code ships this
An AI agent that needs a service to answer will happily paste the key inline to make the demo work. It runs, the diff looks plausible at a glance, and the key is now in the repo. From there one public push or one shared clone is all it takes. Rotating a leaked key is always more work than never committing it, and an agent under time pressure does not rotate anything.
Why it blocks
Blocks. A single match in any committed or staged file is a NO-GO: remove the secret and rotate it before shipping. The report prints the file and a masked fingerprint of the match, the first six characters, an ellipsis, the last four and the length. The secret itself is never printed anywhere.
In the proof record
The number of files scanned and either a clean result or, per finding, the file, the pattern name and the masked fingerprint.
✓ Secret scan — Scanned 214 tracked/staged file(s) — no leaked-secret patterns matched. ✗ Secret scan — 1 possible secret(s) in committed/staged files — remove + rotate before shipping.
Honest limits
Pattern matching, not understanding. A credential in a shape the eighteen patterns do not cover can slip through, and a match can be a false positive worth a second look. Gitignored env files never reach the scanner, since git does not list them; that is where secrets are supposed to live locally. Placeholder passwords and database URLs pointing at local dev hosts are deliberately not flagged, so a real credential dressed as a placeholder would pass. And in files over 2 MB only the first and last 256 KB are read, marked partial in the record, so a secret buried in the middle of a giant file can hide. A clean pass means no pattern matched, not that no secret exists.
Want every change gated like this before it ships?
The same gate runs in every engagement, and each piece of work ends on a plain go or no-go, in writing. The gate itself is open source, so you can read exactly what we run.
The other 6 gates
The whole method, from the controlled zone to the proof record: the methodology.