# gitleaks fingerprint ignore list.
#
# Every entry below is a journal-redactor test fixture in server.test.ts —
# string-concatenated or join-built secret shapes that exist so the redactor
# can be exercised on the patterns it is supposed to scrub. They are not
# real secrets.
#
# gitleaks scans git HISTORY, so we have to keep the fingerprint for every
# commit that introduced or moved a fixture (not just HEAD). Regenerate:
#
#   gitleaks detect --redact --verbose --exit-code 0 \
#     | awk '/^Fingerprint:/ {print $2}'
#
# Pre-reformat fixtures (historical — commits 2395053, 4259082,
# d532b79, 072786d; lines reference the commit they were introduced in):
239505312e9395b7bc565900f7af2b1001b44c40:server.test.ts:generic-api-key:5750
425908256ad4a7c96381d3f82311943e1a94a71e:server.test.ts:generic-api-key:5750
d532b79d9dff7aaf5861289c21fed390d2ddf239:server.test.ts:aws-access-token:3470
072786d61ffb8e1139c09cba2b29c641b4944384:server.test.ts:aws-access-token:3321
072786d61ffb8e1139c09cba2b29c641b4944384:server.test.ts:aws-access-token:3352
072786d61ffb8e1139c09cba2b29c641b4944384:server.test.ts:aws-access-token:3494
072786d61ffb8e1139c09cba2b29c641b4944384:server.test.ts:jwt:3329
# Post-reformat (ccsc-5vx, commit cfd008f) — the jwt fixture at its
# new line:
cfd008ff32c10937c2d1de4518cd7c3692a6ef2b:server.test.ts:jwt:5928
# Same fixture, merged-to-main SHA from PR #143 squash/rebase:
dd7a3aeb44cdfcdc4c1010608184a06dc3b7e797:server.test.ts:jwt:5928

# bd-managed memory entries in .beads/issues.jsonl have high-entropy
# free-text "value" fields (state observations) that gitleaks
# fingerprints as generic-api-key. The bd hook auto-stages this file
# on every commit. Cross-repo / structural fix tracked at OPS-x6n in
# intentsolutions-vps-runbook (proper solution = .gitleaks.toml path
# allowlist for ^\.beads/, doesn't require re-fingerprinting on every
# memory change).
14e960146b419d2ed9d3cb99e44b604b7f196d2f:.beads/issues.jsonl:generic-api-key:199
