# gitleaks configuration — elizaOS workspace # SOC2 CC7.1 (monitoring) — automated secret-detection at the SCM boundary. # # Uses the upstream default ruleset and layers on workspace-specific allowlist # entries. To rebuild the embedded default rules, see: # https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml title = "elizaOS gitleaks config" [extend] # Pull in upstream default ruleset. useDefault = true # Allowlists for known false positives only. Entries here MUST be reviewed — # never add a real secret pattern. Prefer narrow path scopes over broad regexes. [[allowlists]] description = "Test fixtures and example placeholders" paths = [ '''(^|/)__fixtures__/''', '''(^|/)__mocks__/''', '''(^|/)test/fixtures/''', '''(^|/)tests/fixtures/''', '''(^|/)tests/e2e/.*\.spec\.ts$''', '''.*\.example$''', '''\.env\.example$''', '''\.env\.sample$''', '''docs/.*\.mdx?$''', ] # The secret-swap PII detector suites (#10469) MUST embed example secret SHAPES # (a Stripe-style key, a GCP key, a JWT, …) to prove the detectors fire — none # are real credentials. Narrow per-file scope, not a broad regex. [[allowlists]] description = "secret-swap PII detector test fixtures — example secret shapes under test (#10469)" paths = [ '''packages/core/src/security/pii-detectors\.test\.ts$''', '''packages/core/src/security/pii-detectors-extended\.test\.ts$''', '''packages/core/src/security/secret-swap\.redteam\.test\.ts$''', '''packages/core/src/security/secret-swap\.fuzz\.test\.ts$''', '''packages/core/src/security/secret-swap\.bench\.ts$''', '''packages/core/src/security/guarded-stream\.test\.ts$''', '''test-results/evidence/10469-live-model/.*''', ] [[allowlists]] description = "Headscale DEPLOY.md CLI examples (`headscale apikeys create` — not a credential)" paths = [ '''(^|/)packages/cloud/services/headscale/DEPLOY\.md$''', ] [[allowlists]] description = "Documented placeholder strings" regexTarget = "match" regexes = [ '''example\.com''', '''0x0000000000000000000000000000000000000000''', '''sk-XXXX''', '''sk-test_''', '''AKIAIOSFODNN7EXAMPLE''', '''wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY''', # `Authorization: Bearer YOUR_API_KEY` placeholders in documented curl # examples (affiliates monetization page, API route explorer, etc.). The # curl-auth-header rule flags the literal placeholder token; it is the # documentation stand-in, never a real key (a real key would be a different # match and would not contain this literal). '''YOUR_API_KEY''', '''YOUR_CODE_HERE''', ] [[allowlists]] description = "PEM envelope template wrappers (no key material checked in)" paths = [ '''(^|/)packages/cloud/shared/src/lib/auth/agent-token\.ts$''', ] regexTarget = "match" regexes = [ '''-----BEGIN PRIVATE KEY-----''', '''-----END PRIVATE KEY-----''', ] [[allowlists]] description = "Generated lockfiles — hash output, not secrets" paths = [ '''(^|/)bun\.lock$''', '''(^|/)package-lock\.json$''', '''(^|/)yarn\.lock$''', '''(^|/)pnpm-lock\.yaml$''', '''(^|/)Cargo\.lock$''', '''(^|/)poetry\.lock$''', '''(^|/)uv\.lock$''', ] # Vendored third-party dependency patches (Bun/npm `patches/` overlays). These # are upstream package diffs that embed base64/hex blobs (compiled artifacts, # native binaries) whose high-entropy lines trip generic token rules — e.g. the # llama-cpp-capacitor patch matched `sourcegraph-access-token`. They are not our # credentials. Scoped to `patches/` directories so real source is still scanned. [[allowlists]] description = "Vendored dependency patch overlays — upstream blobs, not secrets" paths = [ '''(^|/)patches/[^/]+\.patch$''', ] # Hardware part-selection YAMLs under packages/research/chip/board/kicad/. The # generic-api-key rule flags keys like `side_key_*`, `selected_side_key_*` whose # values are component family names (e.g. Panasonic_EVQ-P7_EVQ-P3_EVQ-9P7, # Littelfuse_CK_KMR2). These are mechanical-button part identifiers in # engineering planning docs, not credentials. [[allowlists]] description = "Hardware side-button part-name configs (not API keys)" paths = [ '''(^|/)packages/research/chip/board/kicad/.*\.yaml$''', ] regexTarget = "match" regexes = [ '''(side_key|selected_side_key|side_key_alternate|side_key_primary|selected_side_key_family)\s*:\s*[A-Za-z][A-Za-z0-9_\-]*''', ] # evidence/tee/*.json: keyMaterialSha256 fields are SHA-256 digests of TEE key # material captured for attestation evidence — the hashes themselves are not # secrets, and publishing them is the entire point of the evidence artifact. [[allowlists]] description = "TEE attestation evidence: SHA-256 of key material, not the key" paths = [ '''(^|/)evidence/tee/.*\.json$''', ] regexTarget = "match" regexes = [ '''"keyMaterialSha256"\s*:\s*"[0-9a-fA-F]{64}"''', ] # FIPS-197 AES test vectors. The constant 0x2B7E151628AED2A6ABF7158809CF4F3C is # the published AES key from NIST FIPS-197 Appendix C — used to cross-check the # RTL roundtrip against the reference. Public standard, not a credential. [[allowlists]] description = "FIPS-197 published AES test vector" paths = [ '''(^|/)packages/research/chip/verify/cocotb/security/test_e1_mcie\.py$''', ] regexTarget = "match" regexes = [ '''0x2B7E1516_28AED2A6_ABF71588_09CF4F3C''', ] # Python tuple unpacking of an Ed25519 reference backend: the identifier # `ed25519_verify_raw` is a function name returned from `_loader()`, not a key. # Triggered by gitleaks 8.30+ generic-api-key regex on `, = ...`. [[allowlists]] description = "Ed25519 reference backend function-name tuple unpacking" paths = [ '''(^|/)packages/research/chip/tests/security/negative/(ed25519_ref|opnphn)\.py$''', ] regexTarget = "match" regexes = [ '''Ed25519PrivateKey,\s*ed25519_verify_raw''', ] # Anvil / Hardhat well-known deterministic dev account #0 private key. Public, # documented, used by every Ethereum dev tool's local node. Lives in an e2e # helper that injects a fake wallet for Playwright tests. [[allowlists]] description = "Anvil/Hardhat well-known test private key (public dev fixture)" paths = [ '''(^|/)packages/cloud-frontend/tests/e2e/_helpers/injected-eth\.ts$''', ] regexTarget = "match" regexes = [ '''0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80''', ] [[allowlists]] description = "Robot material identifiers (not credentials; match target)" paths = [ '''(^|/)packages/research/robot/eliza_robot/erobot/(mjcf|spec)\.py$''', ] regexTarget = "match" regexes = [ '''material_key="(PA6_GF30|PC_ABS|TPU_SHORE_A95)"''', ] [[allowlists]] description = "Robot material identifiers (not credentials; secret target)" paths = [ '''(^|/)packages/research/robot/eliza_robot/erobot/(mjcf|spec)\.py$''', ] regexTarget = "secret" regexes = [ '''^(PA6_GF30|PC_ABS|TPU_SHORE_A95)$''', ] # KiCad placement CSV part designators. positions.csv rows carry mechanical # part/connector names like `power_volume_side_key_flex_connector` (the # power/volume side-button flex connector, a Panasonic EVQ_P7 switch). The # `*_side_key_*` token trips generic-api-key; it is a board part name, not a # credential. Scoped to the placement CSVs only. [[allowlists]] description = "KiCad placement-CSV connector/part designators (not API keys)" paths = [ '''(^|/)packages/research/chip/board/kicad/.*/positions\.csv$''', ] regexTarget = "match" regexes = [ '''[a-z0-9_]*side_key[a-z0-9_]*''', ] # Captured Android boot/kernel/logcat/HAL evidence dumps for the e1 SoC bring-up # (Cuttlefish/VINTF/launcher runtime). These are machine-captured log artifacts, # not source: they legitimately contain log-line tokens that trip generic-api-key # — e.g. `mVmCountKey = vm_count_key1` (Android voicemail-count preference key), # `SatelliteController: onAccessStateChanged`, and a `Build time autogenerated # kernel key: ` (an ephemeral per-build module-signing key logged at boot). # None are credentials. Path-scoped to the evidence dump dir (cf. the vendored # Tails snapshot allowlist above). [[allowlists]] description = "Captured Android kernel/logcat/HAL evidence dumps (log tokens, not credentials)" paths = [ '''(^|/)packages/research/chip/docs/evidence/android/''', ] # cloud-frontend ships generated `llms.txt` / `llms-full.txt` under its static # `public/` dir (and `.well-known/` mirrors) — a concatenated dump of the public # product docs for LLM ingestion. They embed token-like strings from documented # API-key shapes and sample IDs but are generated, publicly served content with # no real credentials. Scoped to those exact generated files. [[allowlists]] description = "cloud-frontend generated LLM docs dumps (public generated content)" paths = [ '''(^|/)packages/cloud-frontend/public/(\.well-known/)*llms(-full)?\.txt$''', ] # Benchmark/eval suite fixture DATA (not source). configbench, claw-eval, # loca-bench, qwen-claw-bench, nl2repo, openclaw, etc. ship synthetic # config/credential data by design — several scenarios specifically exercise # secret/config handling, so their JSON/env/yaml fixtures carry fake # api_key/token/password values. These are committed test data, not real # secrets. Scoped to fixture/data directories under packages/benchmarks; the # benchmark *source* (.ts) is still scanned. [[allowlists]] description = "Benchmark suite fixture data dirs (synthetic test credentials)" paths = [ '''(^|/)packages/benchmarks/.*/(fixtures|config|configs|data|assets|task-configs|task_configs|test_files|envs|gem)/.*\.(json|env|ya?ml|md|txt|csv)$''', ] # eliza-1 smoke SFT corpus (~400 rows) is INTENTIONALLY tracked (see the # `!data/final-eliza1-smoke/**` re-includes in packages/training/.gitignore) so the # e2e SFT pipeline can be smoke-tested from a fresh clone. Its synthetic/captured # conversation rows carry tokens that trip generic-api-key: a documentation-style # `api_key: sk_live_abc123xyz` placeholder and a captured Daytona/Node sandbox env # dump whose `GPG_KEY=<40-hex>` is the official `node` base image's PUBLIC signing-key # fingerprint (plus non-secret DAYTONA_SANDBOX_* ids). No real credentials. Needed # because gitleaks scans the add in commit d28c72036d's range. [[allowlists]] description = "eliza-1 smoke SFT corpus (synthetic/captured-public tokens, not credentials)" paths = [ '''(^|/)packages/training/data/final-eliza1-smoke/.*\.jsonl$''', ] # eliza-1 smoke SFT corpus (final-eliza1-smoke/*.jsonl): a ~400-row e2e pipeline # validator DELIBERATELY kept in git (see packages/training/.gitignore negations) # so the SFT pipeline can be smoke-tested from a fresh clone. Its synthetic # training rows include captured Daytona/Node sandbox env dumps — GPG_KEY is the # Node base image's PUBLIC release-key fingerprint, DAYTONA_SANDBOX_* are ids — # and dummy api-key examples (sk_live_abc123xyz). Generated content, not # credentials. Scoped to the corpus jsonl only. [[allowlists]] description = "eliza-1 smoke SFT corpus (synthetic training rows, not credentials)" paths = [ '''(^|/)packages/training/data/final-eliza1-smoke/.*\.jsonl$''', ]