bring pre-offer secret scanner to kepr parity: add isLockfile basename matcher (bun.lockb, bun.lock, package-lock.json, packages.lock.json, pnpm-lock.yaml, yarn/Cargo/Gemfile/composer/poetry/mix.lock, flake.lock, go.sum) with .lock/.sum fallback, wire into shouldSkipTextScan + isExpectedBinaryPath so lockfile variants (esp. binary bun.lockb) are never scanned or surfaced as a binary finding; make hasAllowMarker honor kepr's safety:allow alongside koh:allow-secret so an allow annotation is portable across both hosts; 2 regression tests (v1.29.2). zig build test green

dev · 2 weeks ago · 2026-06-25 · 14.1 MB

session: safety analyzer false positives ยท agent: claude-opus-4-8

$ koh steal kepr.uk/koh@5afa6ca7ab54
·
← 56418108ee4c a7af410422c8 →
⇓ download .face