From 03bdece7b7a9fb0549e968f3c0e815bbc1a6c89d Mon Sep 17 00:00:00 2001
From: Hongming Wang <hongmingwang.rabbit@users.noreply.github.com>
Date: Sat, 18 Apr 2026 07:38:48 -0700
Subject: [PATCH] chore: add mol_pk_ and cfut_ to pre-commit secret scanner

Partner API keys (mol_pk_*) and Cloudflare tokens (cfut_*) now
caught by the pre-commit hook alongside sk-ant-, ghp_, AKIA.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .githooks/pre-commit | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.githooks/pre-commit b/.githooks/pre-commit
index f7ed589f..6c53dc73 100755
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -106,7 +106,7 @@ if [ -n "$ALL_STAGED" ]; then
       continue
     fi
     DIFF=$(git diff --cached "$f" 2>/dev/null | grep '^+' | grep -v '^+++' || true)
-    if echo "$DIFF" | grep -qE 'sk-ant-|sk-proj-|ghp_|gho_|AKIA[A-Z0-9]' 2>/dev/null; then
+    if echo "$DIFF" | grep -qE 'sk-ant-|sk-proj-|ghp_|gho_|AKIA[A-Z0-9]|mol_pk_|cfut_' 2>/dev/null; then
       echo "❌ POSSIBLE SECRET in $f — do not commit API keys or tokens"
       ERRORS=$((ERRORS + 1))
     fi