diff --git a/.gitattributes b/.gitattributes index 7f0f3d3..60f6899 100644 --- a/.gitattributes +++ b/.gitattributes @@ -5,6 +5,7 @@ *.h text eol=lf *.md text eol=lf *.json text eol=lf +*.toml text eol=lf *.yml text eol=lf *.yaml text eol=lf *.txt text eol=lf diff --git a/.github/workflows/repo-sentinel.yml b/.github/workflows/repo-sentinel.yml new file mode 100644 index 0000000..1e7ec92 --- /dev/null +++ b/.github/workflows/repo-sentinel.yml @@ -0,0 +1,36 @@ +name: Repo Sentinel + +on: + push: + pull_request: + workflow_dispatch: + +permissions: + contents: read + +jobs: + repo-sentinel: + name: Repo Sentinel + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Set up Python + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 + with: + python-version: "3.14" + + - name: Install repo-sentinel-lite + run: | + python -m venv "$RUNNER_TEMP/repo-sentinel-venv" + "$RUNNER_TEMP/repo-sentinel-venv/bin/python" -m pip install --upgrade pip + "$RUNNER_TEMP/repo-sentinel-venv/bin/python" -m pip install repo-sentinel-lite + + - name: Run repository hygiene gate + run: | + "$RUNNER_TEMP/repo-sentinel-venv/bin/repo-sentinel" scan \ + --fail-on-severity error \ + --format text \ + . diff --git a/.reposentinel.toml b/.reposentinel.toml new file mode 100644 index 0000000..508c3da --- /dev/null +++ b/.reposentinel.toml @@ -0,0 +1,22 @@ +# LogLens uses repo-sentinel-lite as a narrow hygiene gate: +# required repository files plus accidental sensitive filenames. +# +# High-entropy content scanning is intentionally disabled here so fixture logs +# and C++ build outputs do not affect this gate. +max_text_file_size = 0 +entropy_threshold = 999.0 + +ignore_globs = [ + "build/**", + "build_manual*", + "out/**", + "report.md", + "report.json", + "*.exe", + "CMakeFiles", + "CMakeFiles/**", + "CMakeCache.txt", + "cmake_install.cmake", + "compile_commands.json", + "*.vcxproj.user", +]