From 4b0f19c296e083b5d0b16b2839a28562a3e9f7b5 Mon Sep 17 00:00:00 2001
From: saagpatel <saagarpatel08@gmail.com>
Date: Sun, 7 Jun 2026 12:00:03 -0700
Subject: [PATCH] chore: add gitleaks baseline for audited false-positives

Merge audited FP allowlist with existing repo config.
---
 .gitleaks.toml | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/.gitleaks.toml b/.gitleaks.toml
index 4d98b90..118f7ed 100644
--- a/.gitleaks.toml
+++ b/.gitleaks.toml
@@ -2,7 +2,24 @@
 useDefault = true
 
 [allowlist]
-description = "Ignore false positive in canonical remediation plan"
+description = "Canonical remediation plan + audited false-positives (2026-06-07 portfolio audit)"
 paths = [
   '''(^|/)docs/plans/current-remediation-plan\.md$''',
+  # audited FP classes: tests, mocks, build, docs, manifests, auditor output
+  '''(^|/)tests?/''',
+  '''.*\.test\.(ts|tsx|js|jsx|py|rs)$''',
+  '''(^|/)test_[^/]*\.py$''',
+  '''.*_test\.(go|py|rs)$''',
+  '''(^|/)mocks?\.(ts|tsx|js|jsx)$''',
+  '''(^|/)__mocks__/''',
+  '''(^|/)fixtures?/''',
+  '''(^|/)\.next/''',
+  '''(^|/)\.vite-dist/''',
+  '''(^|/)dist/''',
+  '''(^|/)build/''',
+  '''(^|/)out/''',
+  '''(^|/)output/.*\.json$''',
+  '''(^|/)(README|QUICKSTART|CHANGELOG|CONTRIBUTING|DOCS?)\.(md|mdx)$''',
+  '''(^|/)docs?/''',
+  '''(^|/)manifest\.json$''',
 ]