From 689ebe12b79309b228118805258315879694490d Mon Sep 17 00:00:00 2001 From: Flea Flicker Date: Thu, 16 Apr 2026 17:37:09 +0000 Subject: [PATCH] chore(GRO-720): harden .gitignore against agent runtime leaks Add defensive entries to block staging of agent home directories, GH tokens, and infra-repo checkouts. These patterns were confirmed exfiltrated in commit a407f866 on the now-deleted branch. Co-Authored-By: Paperclip --- .gitignore | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.gitignore b/.gitignore index 14923ee..d407f36 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,16 @@ dist/ .turbo/ coverage/ minimax-output/ + +# Agent runtime artifacts — never commit +.gh-token +*.gh-token +.config/gh/ +**/.config/gh/ +infra-repo/ +infra-repo +**/instructions/.gh-token +**/AGENT_HOME/** +$AGENT_HOME/** +.claude/ +.codex/