# Gitleaks custom rules for claude-code-skills repo
# Catches personal info that shouldn't be in an open source repo

title = "claude-code-skills sensitive data rules"

[extend]
useDefault = true

# Global allowlist: files that are allowed to contain patterns
# (the config file itself, hooks, and contribution guides)
[allowlist]
paths = [
  '''\.gitleaks\.toml$''',
  '''\.githooks/''',
  '''CONTRIBUTING\.md$''',
  '''CLAUDE\.md$''',
]

[[rules]]
id = "absolute-user-path-macos"
description = "Hardcoded macOS user home directory path"
regex = '''/Users/[a-zA-Z][a-zA-Z0-9_-]+/'''
tags = ["pii", "path"]

[[rules]]
id = "absolute-user-path-linux"
description = "Hardcoded Linux home directory path"
regex = '''/home/[a-zA-Z][a-zA-Z0-9_-]+/'''
tags = ["pii", "path"]

[[rules]]
id = "windows-user-path"
description = "Hardcoded Windows user profile path"
regex = '''C:\\Users\\[a-zA-Z][a-zA-Z0-9_-]+\\'''
tags = ["pii", "path"]

[[rules]]
id = "phone-number-cn"
description = "Chinese mobile phone number"
regex = '''1[3-9]\d{9}'''
tags = ["pii", "phone"]

[[rules]]
id = "douban-user-id-literal"
description = "Hardcoded Douban user ID"
regex = '''songtiansheng'''
tags = ["pii", "username"]

[[rules]]
id = "email-personal"
description = "Personal email address"
regex = '''[a-zA-Z0-9._%+-]+@(gmail|qq|163|126|outlook|hotmail|yahoo|icloud|foxmail)\.[a-zA-Z]{2,}'''
tags = ["pii", "email"]