chore: ignore sdk/*/.cryptoserve.json init artifact#46
Conversation
Running `cryptoserve init` inside an SDK source tree (during dev or release-smoke) writes a `.cryptoserve.json` stub. End users are expected to commit `.cryptoserve.json` in their own projects, so the ignore is scoped to `sdk/*/` rather than the file name globally.
|
Claude finished @thebenignhacker's task —— View job Security Review ✅
Security AnalysisI've reviewed this PR against all security criteria. This change adds a single line to +sdk/*/.cryptoserve.jsonFindingsNo security issues found. This is a low-risk change that only modifies Detailed Assessment✅ Injection vulnerabilities: N/A - No code execution paths modified ✅ Authentication/authorization bypasses: N/A - No auth logic touched ✅ Insecure deserialization: N/A - No serialization code modified ✅ Hardcoded credentials: N/A - Actually improves security posture by ensuring the ignore is scoped to ✅ SSRF/open redirects: N/A - No network code modified ✅ Cryptographic misuse: N/A - No crypto code modified ✅ Prototype pollution: N/A - No JavaScript object manipulation modified ✅ ReDoS: N/A - The gitignore pattern ✅ Command injection: N/A - No command execution modified ✅ Logic bugs (scoring/gating): N/A - No scoring or gating logic modified ✅ Filter predicates: N/A - No filter logic modified ✅ Boolean expressions: N/A - No boolean logic modified Positive Security Observations
FINDINGS_COUNT=0 |
|
Manual review required. This PR did not meet auto-merge criteria:
|
Summary
cryptoserve initinside an SDK source tree (during dev orrelease-smoke) writes a.cryptoserve.jsonstub. One had been sitting untracked insdk/javascript/since 2026-03-17.sdk/*/so it does not silently hide real.cryptoserve.jsonfiles in user projects that vendor or fork this repo. End users are expected to commit their own.Test plan
git statusclean after deleting the existing artifact.cryptoserve initinsidesdk/javascript/recreates the file and it is now ignored.