pi-lens 2.2.8 → 2.2.10

package/clients/secrets-scanner.js

@@ -68,11 +68,31 @@ const SECRET_PATTERNS = [
         message: "Possible secret in .env format",
     },
 ];
+/**
+ * Check if file path is a test file (should skip secrets scan)
+ */
+function isTestFile(filePath) {
+    const normalized = filePath.replace(/\\/g, "/");
+    return (normalized.includes(".test.") ||
+        normalized.includes(".spec.") ||
+        normalized.includes("/test/") ||
+        normalized.includes("/tests/") ||
+        normalized.includes("__tests__/") ||
+        normalized.includes("test-utils") ||
+        normalized.startsWith("test-") ||
+        normalized.includes(".fixture.") ||
+        normalized.includes(".mock."));
+}
 /**
  * Scan content for potential secrets
- * Returns findings with line numbers
+ * Returns findings with line numbers.
+ * Skips test files to avoid false positives.
  */
-export function scanForSecrets(content) {
+export function scanForSecrets(content, filePath) {
+    // Skip test files — secrets in tests are usually fake/test values
+    if (filePath && isTestFile(filePath)) {
+        return [];
+    }
     const findings = [];
     const lines = content.split("\n");
     for (let i = 0; i < lines.length; i++) {

package/clients/secrets-scanner.ts

@@ -83,11 +83,38 @@ export interface SecretFinding {
 	message: string;
 }
 
+/**
+ * Check if file path is a test file (should skip secrets scan)
+ */
+function isTestFile(filePath: string): boolean {
+	const normalized = filePath.replace(/\\/g, "/");
+	return (
+		normalized.includes(".test.") ||
+		normalized.includes(".spec.") ||
+		normalized.includes("/test/") ||
+		normalized.includes("/tests/") ||
+		normalized.includes("__tests__/") ||
+		normalized.includes("test-utils") ||
+		normalized.startsWith("test-") ||
+		normalized.includes(".fixture.") ||
+		normalized.includes(".mock.")
+	);
+}
+
 /**
  * Scan content for potential secrets
- * Returns findings with line numbers
+ * Returns findings with line numbers.
+ * Skips test files to avoid false positives.
  */
-export function scanForSecrets(content: string): SecretFinding[] {
+export function scanForSecrets(
+	content: string,
+	filePath?: string,
+): SecretFinding[] {
+	// Skip test files — secrets in tests are usually fake/test values
+	if (filePath && isTestFile(filePath)) {
+		return [];
+	}
+
 	const findings: SecretFinding[] = [];
 	const lines = content.split("\n");
 

package/commands/rate.js

@@ -69,7 +69,7 @@ export async function gatherScores(targetPath, clients) {
     let securityScore = 100;
     const securityIssues = [];
     let secretsFound = 0;
-    // Check for secrets in source files
+    // Check for secrets in source files (skip test files)
     const secretPatterns = [
         { name: "API Key (sk-)", pattern: /sk-[a-zA-Z0-9]{20,}/ },
         { name: "GitHub Token", pattern: /ghp_[a-zA-Z0-9]{36}/ },
@@ -81,7 +81,22 @@ export async function gatherScores(targetPath, clients) {
             pattern: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/,
         },
     ];
+    function isTestFile(filePath) {
+        const normalized = filePath.replace(/\\/g, "/");
+        return (normalized.includes(".test.") ||
+            normalized.includes(".spec.") ||
+            normalized.includes("/test/") ||
+            normalized.includes("/tests/") ||
+            normalized.includes("__tests__/") ||
+            normalized.includes("test-utils") ||
+            normalized.startsWith("test-") ||
+            normalized.includes(".fixture.") ||
+            normalized.includes(".mock."));
+    }
     for (const file of files.slice(0, 100)) {
+        // Skip test files
+        if (isTestFile(file))
+            continue;
         try {
             const content = nodeFs.readFileSync(file, "utf-8");
             for (const line of content.split("\n")) {

package/commands/rate.ts

@@ -105,7 +105,7 @@ export async function gatherScores(
 	const securityIssues: string[] = [];
 	let secretsFound = 0;
 
-	// Check for secrets in source files
+	// Check for secrets in source files (skip test files)
 	const secretPatterns = [
 		{ name: "API Key (sk-)", pattern: /sk-[a-zA-Z0-9]{20,}/ },
 		{ name: "GitHub Token", pattern: /ghp_[a-zA-Z0-9]{36}/ },
@@ -118,7 +118,24 @@ export async function gatherScores(
 		},
 	];
 
+	function isTestFile(filePath: string): boolean {
+		const normalized = filePath.replace(/\\/g, "/");
+		return (
+			normalized.includes(".test.") ||
+			normalized.includes(".spec.") ||
+			normalized.includes("/test/") ||
+			normalized.includes("/tests/") ||
+			normalized.includes("__tests__/") ||
+			normalized.includes("test-utils") ||
+			normalized.startsWith("test-") ||
+			normalized.includes(".fixture.") ||
+			normalized.includes(".mock.")
+		);
+	}
+
 	for (const file of files.slice(0, 100)) {
+		// Skip test files
+		if (isTestFile(file)) continue;
 		try {
 			const content = nodeFs.readFileSync(file, "utf-8");
 			for (const line of content.split("\n")) {

package/index.ts

@@ -1303,7 +1303,7 @@ export default function (pi: ExtensionAPI) {
 
 		// --- Secrets scan (blocking - must check before other linting) ---
 		if (fileContent) {
-			const secretFindings = scanForSecrets(fileContent);
+			const secretFindings = scanForSecrets(fileContent, filePath);
 			if (secretFindings.length > 0) {
 				const secretsOutput = formatSecrets(secretFindings, filePath);
 				return {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "pi-lens",
-	"version": "2.2.8",
+	"version": "2.2.10",
 	"type": "module",
 	"description": "Real-time code quality feedback for pi — TypeScript LSP, Biome, ast-grep, Ruff, complexity metrics, duplicate detection. Includes automated fix loop (/lens-booboo-fix) and interactive architectural refactoring (/lens-booboo-refactor) with browser-based interviews.",
 	"repository": {