Adds a secret-scan gate alongside the existing internal-paths block in
the runtime's bundled pre-commit hook. Runs on every commit in every
repo (not scoped to Molecule-AI public repos like the internal-paths
block) — refuses any staged addition matching a high-value credential
shape and prints a recovery message that does NOT echo the secret value.
Pattern set covers GitHub family (ghp_, ghs_, gho_, ghu_, ghr_,
github_pat_), Anthropic / OpenAI / Slack / AWS — same shape as the
tenant-proxy CI scanner; keep aligned when either side adds a pattern.
Single hook file dispatches both checks (renamed
pre-commit-block-internal-paths.sh → pre-commit-checks.sh) so each
agent commit pays one git-config + one hook-install surface, not two.
Both checks share the existing fast-paths (skip if GIT_AUTHOR_NAME
unset; skip during rebase / cherry-pick / merge / revert).
End-to-end test exercises a real bash subprocess against a real temp
git repo with real staged content. Three cases:
- ghs_-prefixed token in package.json (the actual #2090 vector) → refuse
- clean README → pass through
- sk-ant- key in a non-Molecule-AI repo → refuse (secret scan is universal,
internal-paths block is not)
Skipped when bash is not on PATH so Windows test environments without
WSL stay green.
Bumps version 0.1.15 → 0.1.16.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
f1bede31a8