element-x-ada/.gitleaks.toml

# gitleaks config — element-x-ada
#
# Element X is a Matrix client (fork). Patterns flagged are all
# public-by-design or doc fixtures:
#  - PostHog apiKey: client-side analytics token, public on every PostHog-
#    integrated mobile app. Identifies the project, doesn't grant write.
#  - user_signing_key in ElementClassicConnection.kt: KDoc EXAMPLE of what
#    the response shape looks like, not a live key
#  - docs/build-logs/*.md: roundtrip-test scratch output

[extend]
useDefault = true

[allowlist]
description = "Public PostHog client keys + Matrix protocol doc examples + build-log scratch"
paths = [
    '''docs/build-logs/.*''',
]
regexTarget = "line"
regexes = [
    # PostHog client API key (public-by-design — ships in every PostHog SDK consumer)
    '''apiKey\s*=\s*"phc_[A-Za-z0-9_-]{30,}"''',
    # Matrix protocol JSDoc examples in KDoc comments (the * prefix is the giveaway)
    '''^\s*\*\s*"user_signing_key"\s*:\s*"''',
]