CI: restore main detect-secrets scan (#38438)

* Tests: stabilize detect-secrets fixtures * Tests: fix rebased detect-secrets false positives * Docs: keep snippets valid under detect-secrets * Tests: finalize detect-secrets false-positive fixes * Tests: reduce detect-secrets false positives * Tests: keep detect-secrets pragmas inline * Tests: remediate next detect-secrets batch * Tests: tighten detect-secrets allowlists * Tests: stabilize detect-secrets formatter drift
2026-03-07 13:06:35 -05:00
parent 46e324e269
commit e4d80ed556
137 changed files with 1231 additions and 2700 deletions
--- a/src/cli/daemon-cli/register-service-commands.test.ts
+++ b/src/cli/daemon-cli/register-service-commands.test.ts
@@ -64,7 +64,7 @@ describe("addGatewayServiceCommands", () => {
      expect.objectContaining({
        rpc: expect.objectContaining({
          token: "tok_status",
-          password: "pw_status",
+          password: "pw_status", // pragma: allowlist secret
        }),
      }),
    );
--- a/src/cli/daemon-cli/status.gather.test.ts
+++ b/src/cli/daemon-cli/status.gather.test.ts
@@ -205,7 +205,7 @@ describe("gatherDaemonStatus", () => {
        },
      },
    };
-    process.env.DAEMON_GATEWAY_PASSWORD = "daemon-secretref-password";
+    process.env.DAEMON_GATEWAY_PASSWORD = "daemon-secretref-password"; // pragma: allowlist secret

    await gatherDaemonStatus({
      rpc: {},
@@ -215,7 +215,7 @@ describe("gatherDaemonStatus", () => {

    expect(callGatewayStatusProbe).toHaveBeenCalledWith(
      expect.objectContaining({
-        password: "daemon-secretref-password",
+        password: "daemon-secretref-password", // pragma: allowlist secret
      }),
    );
  });