# cc-ci repo-local approval allowlist (Phase 1e HC2) — DEFAULT-DENY.
#
# PR-author-controlled code in a recipe repo's own tests/ dir (repo-local `test_*.py`,
# `install_steps.sh`, `ops.py`) runs on the CI host with /run/secrets/* present, so it is an
# untrusted-code risk. By default the harness runs ONLY cc-ci-authored overlays (tests/<recipe>/...)
# + the generic floor. Repo-local code is discovered-but-NOT-executed unless its recipe is listed
# below.
#
# To approve a recipe: a cc-ci maintainer reviews that recipe's repo-local tests, then adds the
# recipe name here in a cc-ci PR (one name per line; `#` comments + blank lines ignored). A lone `*`
# is NOT a wildcard — every recipe must be listed explicitly.
#
# (default: empty — no recipe trusts repo-local code)