feat(betterleaks): pre-commit-framework template for repos#38
Merged
Conversation
Adds `betterleaks/.pre-commit-config.example.yaml`: a ready-to-copy .pre-commit-config.yaml that wires the same betterleaks ruleset into the developer's local git workflow. Setup once per laptop: pip install pre-commit # or: brew install pre-commit pre-commit install After that, `git commit` runs betterleaks on the staged diff and refuses to create the commit when a secret is detected. Same rules as the per-PR Secret Leak Check, so the local feedback matches what the PR check would say. Pinned to betterleaks v1.2.0, matching the per-PR scan workflow. Uses the Docker variant by default (no Go/Rust toolchain needed), with golang and system variants documented as alternatives. Companion TechDocs handbook update goes in geolonia/geolonia-operations.
WalkthroughA new example pre-commit configuration file for Betterleaks is added, documenting hook installation, setup instructions, and the Docker-based hook pinned to version 1.2.0 with commented non-Docker alternatives. ChangesBetterleaks Pre-commit Configuration Example
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Secret Leak CheckOK No secrets detected in this PR's diff. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@betterleaks/.pre-commit-config.example.yaml`:
- Line 11: The line containing the fragment "The same rule set as the per-PR
Secret Leak Check" is missing a verb; update that sentence in
betterleaks/.pre-commit-config.example.yaml to a complete sentence such as "This
uses the same rule set as the per-PR Secret Leak Check" (or "The same rule set
is used as the per-PR Secret Leak Check") so the sentence is grammatically
correct and self-contained.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: f6140f24-6d4f-4a8b-bfbd-82a59061da61
📒 Files selected for processing (1)
betterleaks/.pre-commit-config.example.yaml
| # | ||
| # After that, `git commit` runs Betterleaks on the staged diff and refuses | ||
| # to create the commit if a secret is detected. The same rule set as the | ||
| # per-PR Secret Leak Check, so feedback is consistent between the two. |
There was a problem hiding this comment.
Fix incomplete sentence.
The sentence fragment "The same rule set as the per-PR Secret Leak Check" is missing a verb.
📝 Proposed fix
-# to create the commit if a secret is detected. The same rule set as the
+# to create the commit if a secret is detected. Uses the same rule set as the🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@betterleaks/.pre-commit-config.example.yaml` at line 11, The line containing
the fragment "The same rule set as the per-PR Secret Leak Check" is missing a
verb; update that sentence in betterleaks/.pre-commit-config.example.yaml to a
complete sentence such as "This uses the same rule set as the per-PR Secret Leak
Check" (or "The same rule set is used as the per-PR Secret Leak Check") so the
sentence is grammatically correct and self-contained.
This was referenced May 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds `betterleaks/.pre-commit-config.example.yaml`: an opt-in template that wires the same betterleaks ruleset into each developer's local git workflow.
Once a repo copies this to `.pre-commit-config.yaml` and a developer runs `pre-commit install` on their laptop, `git commit` refuses to create commits containing secrets. Same rules as the per-PR Secret Leak Check, so feedback is consistent before and after pushing.
Defaults
What this is not
Test plan
Summary by CodeRabbit