Files
cc-ci/machine-docs
autonomic-bot fb92c7b992 fix(redfix): B-redfix-8 exposure UNDERSTATED — password is served by TWO published commits (2ad38f5 + e64d8e7), not one; oauth2 token is NOT in git history (0/3099 blobs)
Closes the gap in Adversary wake #57's break-it probe, which covered dashboard/reports/Drone
logs but not the public git mirror -- the surface B-redfix-8 is about.

- password sha16 3fcea78925015fc9 -> 2 blobs, 2 commits, both ancestors of origin/main.
  Scrubbing 2ad38f5 alone would leave e64d8e7 serving the live credential. STATUS corrected.
- oauth2 token sha16 9c44a1aea2ecb389 -> 0/3099 blobs. Filesystem-only exposure.
- Probe hygiene: awk is absent here; awk-based blob lists give a vacuous 0. Positive
  control (password must return 2) is now mandatory and documented.

Operator-scope, no gate impact, no VETO; DONE stands.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_018XE43k4DaeMXHMK51wBUu2
2026-07-09 10:58:13 +00:00
..
2026-06-13 04:07:53 +00:00