v1.86.0

.github/workflows/ci.yml

@@ -5,6 +5,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 env:
   VCPKG_ROOT: C:\vcpkg
   VCPKG_DOWNLOADS: C:\vcpkg\downloads

AGENTS.md

@@ -18,10 +18,6 @@ Key capabilities:
 - Applies to the entire repository rooted at this file.
 - If a deeper `AGENTS.md` exists in a subdirectory, that file takes precedence for its subtree.
 
-## Project Overview
-- Project: `kingfisher` (Rust)
-- Purpose: secret detection, live validation, and remediation tooling
-- Primary binary: `kingfisher`
 
 ## Repository Structure
 - `src/`: main binary source
@@ -102,7 +98,7 @@ Key capabilities:
 Use this when creating or updating rules in `crates/kingfisher-rules/data/rules/`.
 
 1. Pick a nearby reference rule file in the same provider family and copy its structure.
-2. Define a stable rule id (`id`, prefixed with `kingisher.` and detection regex (`pattern`) under `rules:`.
+2. Define a stable rule id (`id`, prefixed with `kingfisher.` and detection regex (`pattern`) under `rules:`.
 3. Include `examples` that must match. These can be tested with `cargo test check_rules` or `kingfisher rules check --rules-path crates/kingfisher-rules/data/rules/slack.yml --load-builtins=false --no-update-check`
 4. Set guardrails:
    - `min_entropy` for high-entropy tokens.

Makefile

@@ -421,18 +421,16 @@ endif
 	      export PATH=/clangarm64/bin:$$PATH; \
 	      ;; \
 	  esac; \
-	  command -v mingw32-make >/dev/null 2>&1 || { \
-	    echo "Installing ARM64 MinGW/clang dependencies..."; \
-	    pacman --noconfirm --needed -S \
-	      mingw-w64-clang-aarch64-toolchain \
-	      mingw-w64-clang-aarch64-cmake \
-	      mingw-w64-clang-aarch64-boost \
-	      mingw-w64-clang-aarch64-pkgconf \
-	      mingw-w64-clang-aarch64-ragel \
-	      mingw-w64-clang-aarch64-pcre2 \
-	      mingw-w64-clang-aarch64-python \
-	      git make; \
-	  }; \
+	  echo "Ensuring ARM64 MinGW/clang dependencies are installed..."; \
+	  pacman --noconfirm --needed -S \
+	    mingw-w64-clang-aarch64-toolchain \
+	    mingw-w64-clang-aarch64-cmake \
+	    mingw-w64-clang-aarch64-boost \
+	    mingw-w64-clang-aarch64-pkgconf \
+	    mingw-w64-clang-aarch64-ragel \
+	    mingw-w64-clang-aarch64-pcre2 \
+	    mingw-w64-clang-aarch64-python \
+	    git make; \
 	  repo_root="$$(pwd)"; \
 	  test -d /tmp/vectorscan-arm64 || git clone --depth 1 --branch vectorscan/5.4.11 https://github.com/VectorCamp/vectorscan.git /tmp/vectorscan-arm64; \
 	  mkdir -p /tmp/vectorscan-arm64/build; \

crates/kingfisher-rules/data/rules/branchio.yml

@@ -55,7 +55,7 @@ rules:
       (?:BRANCH_SECRET|branch_secret|BRANCH_KEY_SECRET)
       \s* [=:] \s* ["']?
       (
-        (?P<BRANCH_SECRET>[A-Za-z0-9]{40,64})
+        ([A-Za-z0-9]{40,64})
       )
       ["']?
     confidence: medium