fix(security): add disclaimers to sample code and scaffolding templates

- payment_processor.py: add disclaimer header + replace realistic-looking keys with EXAMPLE_NOT_REAL - project_scaffolder.py: add SCAFFOLDING PLACEHOLDER comments to generated secrets - pipeline_orchestrator.py: no change needed (compile() used for syntax validation only)
2026-03-11 20:18:27 +01:00
parent 2c3b581b4a
commit a851de0f94
2 changed files with 13 additions and 6 deletions
--- a/engineering/tech-debt-tracker/assets/sample_codebase/src/payment_processor.py
+++ b/engineering/tech-debt-tracker/assets/sample_codebase/src/payment_processor.py
@@ -1,5 +1,11 @@
 """
-Payment processing module - contains various technical debt examples
+Payment processing module - contains various technical debt examples.
+
+⚠️ DISCLAIMER: This is an INTENTIONAL example of bad code patterns for
+tech debt detection training. The hardcoded credentials, missing error
+handling, and other issues are deliberate anti-patterns used by the
+tech-debt-tracker skill to demonstrate detection capabilities.
+DO NOT use this code in production.
 """

 import json
@@ -13,9 +19,10 @@ class PaymentProcessor:
    
    def __init__(self):
        # TODO: These should come from environment or config
-        self.stripe_key = "sk_test_1234567890"
-        self.paypal_key = "paypal_secret_key_here"
-        self.square_key = "square_api_key"
+        # ⚠️ INTENTIONAL BAD PATTERN — hardcoded keys for tech debt detection demo
+        self.stripe_key = "sk_test_EXAMPLE_NOT_REAL"
+        self.paypal_key = "paypal_EXAMPLE_NOT_REAL"
+        self.square_key = "square_EXAMPLE_NOT_REAL"
        
    def process_payment(self, amount, currency, payment_method, customer_data, billing_address, shipping_address, items, discount_code, tax_rate, processing_fee, metadata):
        """