trace-to-skill 0.1.67 → 0.1.69

package/dist/src/sensitiveAudit.js

@@ -0,0 +1,197 @@
+import { lstat, readdir } from "node:fs/promises";
+import path from "node:path";
+const SKIPPED_DIRS = new Set([
+    ".git",
+    "node_modules",
+    "dist",
+    "build",
+    ".next",
+    ".turbo",
+    ".cache",
+    "DerivedData"
+]);
+const SENSITIVE_PATTERNS = [
+    {
+        kind: "env_file",
+        severity: "critical",
+        reason: "environment files commonly contain API keys, database URLs, tokens, or local secrets.",
+        suggestedExclude: "**/.env*",
+        matches: (_relativePath, basename) => basename === ".env" || basename.startsWith(".env.")
+    },
+    {
+        kind: "package_auth_config",
+        severity: "critical",
+        reason: "package manager auth config can contain registry tokens or publish credentials.",
+        suggestedExclude: "**/.npmrc",
+        matches: (_relativePath, basename) => basename === ".npmrc" || basename === ".pypirc"
+    },
+    {
+        kind: "cloud_credentials",
+        severity: "critical",
+        reason: "cloud credential files can grant access to infrastructure, storage, or production services.",
+        suggestedExclude: "**/.aws/**",
+        matches: (relativePath) => pathSegments(relativePath).includes(".aws")
+    },
+    {
+        kind: "ssh_credentials",
+        severity: "critical",
+        reason: "SSH private keys and SSH config should not enter agent context.",
+        suggestedExclude: "**/.ssh/**",
+        matches: (relativePath, basename) => pathSegments(relativePath).includes(".ssh") ||
+            /^(id_rsa|id_dsa|id_ecdsa|id_ed25519)(\..*)?$/.test(basename)
+    },
+    {
+        kind: "kubernetes_credentials",
+        severity: "critical",
+        reason: "Kubernetes config can contain cluster credentials and access tokens.",
+        suggestedExclude: "**/.kube/**",
+        matches: (relativePath) => pathSegments(relativePath).includes(".kube")
+    },
+    {
+        kind: "docker_credentials",
+        severity: "critical",
+        reason: "Docker config can contain registry credentials or auth helpers.",
+        suggestedExclude: "**/.docker/**",
+        matches: (relativePath) => pathSegments(relativePath).includes(".docker")
+    },
+    {
+        kind: "private_key_or_certificate",
+        severity: "critical",
+        reason: "private key and certificate bundles are high-risk credential material.",
+        suggestedExclude: "**/*.{pem,key,p12}",
+        matches: (_relativePath, basename) => /\.(pem|key|p12)$/i.test(basename)
+    },
+    {
+        kind: "mobile_signing_secret",
+        severity: "high",
+        reason: "mobile signing profiles and certificates can expose release or device signing material.",
+        suggestedExclude: "**/*.{mobileprovision,provisionprofile}",
+        matches: (_relativePath, basename) => /\.(mobileprovision|provisionprofile)$/i.test(basename)
+    },
+    {
+        kind: "database_file",
+        severity: "high",
+        reason: "local databases can contain customer data, user data, cached tokens, or private app state.",
+        suggestedExclude: "**/*.{sqlite,sqlite3,db}",
+        matches: (_relativePath, basename) => /\.(sqlite|sqlite3|db)$/i.test(basename)
+    },
+    {
+        kind: "secret_manifest",
+        severity: "high",
+        reason: "secret manifests and production config files often carry deploy credentials or private endpoints.",
+        suggestedExclude: "**/*secret*",
+        matches: (_relativePath, basename) => /(^|[-_.])(secret|secrets|credential|credentials)([-_.]|$)/i.test(basename) ||
+            /^production\.(json|ya?ml|toml|env)$/i.test(basename)
+    }
+];
+export async function auditSensitivePaths(root = process.cwd()) {
+    const resolvedRoot = path.resolve(root);
+    const findings = [];
+    const stats = { scannedEntries: 0 };
+    await scanDirectory(resolvedRoot, resolvedRoot, findings, stats);
+    const recommendedExcludes = uniqueSorted(findings.map((finding) => finding.suggestedExclude));
+    const criticalFindings = findings.filter((finding) => finding.severity === "critical").length;
+    return {
+        generatedAt: new Date().toISOString(),
+        root: resolvedRoot,
+        status: criticalFindings > 0 ? "fail" : findings.length > 0 ? "warn" : "pass",
+        summary: {
+            scannedEntries: stats.scannedEntries,
+            sensitiveFindings: findings.length,
+            criticalFindings,
+            recommendedExcludes: recommendedExcludes.length
+        },
+        findings: findings.sort((a, b) => a.path.localeCompare(b.path)),
+        recommendedExcludes
+    };
+}
+export function renderSensitiveAuditMarkdown(result) {
+    const lines = [
+        "# trace-to-skill Sensitive Path Audit",
+        "",
+        `Status: **${result.status}**`,
+        "",
+        `Root: \`${result.root}\``,
+        `Scanned entries: ${result.summary.scannedEntries}`,
+        `Sensitive findings: ${result.summary.sensitiveFindings}`,
+        `Critical findings: ${result.summary.criticalFindings}`,
+        "",
+        "This audit is filename/path based and does not read file contents or follow symlink targets.",
+        "",
+        "## Findings",
+        ""
+    ];
+    if (result.findings.length === 0) {
+        lines.push("No sensitive path findings detected.", "");
+    }
+    else {
+        for (const finding of result.findings) {
+            lines.push(`- **${finding.severity}** ${finding.kind}: \`${finding.path}\``, `  - ${finding.reason}`, `  - Suggested exclude: \`${finding.suggestedExclude}\``);
+        }
+        lines.push("");
+    }
+    lines.push("## Recommended Excludes", "");
+    if (result.recommendedExcludes.length === 0) {
+        lines.push("No exclude patterns suggested.", "");
+    }
+    else {
+        lines.push("```gitignore", ...result.recommendedExcludes, "```", "");
+    }
+    lines.push("Suggested next step:", "", "- Add these patterns to the exclusion mechanism your agent surface supports, and keep OS sandbox or permission profiles enabled for hard enforcement.", "- Treat this report as a preflight checklist; it is not a replacement for a sandbox boundary.", "");
+    return lines.join("\n");
+}
+async function scanDirectory(root, dir, findings, stats) {
+    let entries;
+    try {
+        entries = await readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        if (entry.isDirectory() && SKIPPED_DIRS.has(entry.name)) {
+            continue;
+        }
+        const absolutePath = path.join(dir, entry.name);
+        const relativePath = normalizeRelative(path.relative(root, absolutePath));
+        stats.scannedEntries += 1;
+        let entryStats;
+        try {
+            entryStats = await lstat(absolutePath);
+        }
+        catch {
+            continue;
+        }
+        const matched = firstSensitiveMatch(relativePath, entry.name);
+        if (matched) {
+            findings.push({
+                severity: entryStats.isSymbolicLink() ? "critical" : matched.severity,
+                kind: entryStats.isSymbolicLink() ? "sensitive_symlink" : matched.kind,
+                path: relativePath,
+                reason: entryStats.isSymbolicLink()
+                    ? `sensitive-looking symlink path matched ${matched.kind}; symlink targets are not followed by this audit.`
+                    : matched.reason,
+                suggestedExclude: matched.suggestedExclude
+            });
+        }
+        if (matched && entryStats.isDirectory()) {
+            continue;
+        }
+        if (entryStats.isDirectory()) {
+            await scanDirectory(root, absolutePath, findings, stats);
+        }
+    }
+}
+function firstSensitiveMatch(relativePath, basename) {
+    return SENSITIVE_PATTERNS.find((pattern) => pattern.matches(relativePath, basename));
+}
+function pathSegments(relativePath) {
+    return relativePath.split("/");
+}
+function normalizeRelative(relativePath) {
+    return relativePath.split(path.sep).join("/");
+}
+function uniqueSorted(values) {
+    return [...new Set(values)].sort((a, b) => a.localeCompare(b));
+}
+//# sourceMappingURL=sensitiveAudit.js.map

package/dist/src/sensitiveAudit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitiveAudit.js","sourceRoot":"","sources":["../../src/sensitiveAudit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,IAAI,MAAM,WAAW,CAAC;AAgD7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,MAAM;IACN,cAAc;IACd,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAuB;IAC7C;QACE,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,uFAAuF;QAC/F,gBAAgB,EAAE,UAAU;QAC5B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;KAC1F;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iFAAiF;QACzF,gBAAgB,EAAE,WAAW;QAC7B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,SAAS;KACtF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,6FAA6F;QACrG,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;KACvE;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,QAAQ,EAAE,EAAE,CAClC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC3C,8CAA8C,CAAC,IAAI,CAAC,QAAQ,CAAC;KAChE;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,sEAAsE;QAC9E,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;KACxE;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,eAAe;QACjC,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;KAC1E;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,wEAAwE;QAChF,gBAAgB,EAAE,oBAAoB;QACtC,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;KACzE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,yFAAyF;QACjG,gBAAgB,EAAE,yCAAyC;QAC3D,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,wCAAwC,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC9F;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,4FAA4F;QACpG,gBAAgB,EAAE,0BAA0B;QAC5C,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC/E;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,mGAAmG;QAC3G,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CACnC,4DAA4D,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3E,sCAAsC,CAAC,IAAI,CAAC,QAAQ,CAAC;KACxD;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE;IAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;IAEpC,MAAM,aAAa,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEjE,MAAM,mBAAmB,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC9F,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAE9F,OAAO;QACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC7E,OAAO,EAAE;YACP,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,iBAAiB,EAAE,QAAQ,CAAC,MAAM;YAClC,gBAAgB;YAChB,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;SAChD;QACD,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,mBAAmB;KACpB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,MAA4B;IACvE,MAAM,KAAK,GAAG;QACZ,uCAAuC;QACvC,EAAE;QACF,aAAa,MAAM,CAAC,MAAM,IAAI;QAC9B,EAAE;QACF,WAAW,MAAM,CAAC,IAAI,IAAI;QAC1B,oBAAoB,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE;QACnD,uBAAuB,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE;QACzD,sBAAsB,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE;QACvD,EAAE;QACF,8FAA8F;QAC9F,EAAE;QACF,aAAa;QACb,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CACR,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,IAAI,OAAO,OAAO,CAAC,IAAI,IAAI,EAChE,OAAO,OAAO,CAAC,MAAM,EAAE,EACvB,4BAA4B,OAAO,CAAC,gBAAgB,IAAI,CACzD,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,mBAAmB,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,IAAI,CACR,sBAAsB,EACtB,EAAE,EACF,uJAAuJ,EACvJ,+FAA+F,EAC/F,EAAE,CACH,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,IAAY,EACZ,GAAW,EACX,QAAiC,EACjC,KAAiC;IAEjC,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QAE1B,IAAI,UAAU,CAAC;QACf,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,OAAO,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ;gBACrE,IAAI,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI;gBACtE,IAAI,EAAE,YAAY;gBAClB,MAAM,EAAE,UAAU,CAAC,cAAc,EAAE;oBACjC,CAAC,CAAC,0CAA0C,OAAO,CAAC,IAAI,mDAAmD;oBAC3G,CAAC,CAAC,OAAO,CAAC,MAAM;gBAClB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,MAAM,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAoB,EAAE,QAAgB;IACjE,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,YAAY,CAAC,YAAoB;IACxC,OAAO,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,YAAoB;IAC7C,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,YAAY,CAAC,MAAgB;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC"}

package/docs/CODEX_ISSUE_MAP.md

@@ -13,6 +13,8 @@ npx trace-to-skill codex-report redacted-runs --output openai-codex-issue.md
 npx trace-to-skill usage-evidence ./usage-notes.md --output usage-evidence.md
 npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json
 npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
+npx trace-to-skill sensitive-audit . --format json
+npx trace-to-skill lsp-audit . --format json
 ```
 
 ## Issue Clusters
@@ -38,7 +40,8 @@ npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
 | Bundled plugin cache and marketplace drift | Computer Use unavailable, Browser/Chrome plugin unavailable, generated runtime marketplace omits bundled plugins, missing `.mcp.json` or `plugin.json`, helper app not installed, `CODEX_HOME` points at another runtime | `codex_plugin_runtime`, `codex_mcp_runtime` | `trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json` |
 | Support diagnostics packaging | maintainers ask for more detail, but raw `config.toml`, `logs_2.sqlite`, `state_5.sqlite`, `session_index.jsonl`, rollout JSONL, or local logs are too private to post | multiple | `trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics` |
 | Quota mismatch | `/status` or usage page shows quota left, but runtime says `You've hit your usage limit`; account/workspace reset or cache confusion | `quota_mismatch` | `trace-to-skill usage-evidence ./usage-notes.md` or `trace-to-skill codex-report ./runs` |
-| Sensitive file exclusion | `.env`, private keys, `.npmrc`, cloud credentials, local databases, or production secret manifests entered agent context | `sensitive_file_access` | `trace-to-skill codex-report ./runs` |
+| Sensitive file exclusion | teams need deterministic `.agentignore` / `.aiexclude` / `.codexignore` candidates before agent runs, or traces show `.env`, private keys, `.npmrc`, cloud credentials, local databases, signing files, or secret manifests entering context | `sensitive_file_access` plus sensitive path metadata | `trace-to-skill sensitive-audit . --format json` before runs, `trace-to-skill codex-report ./runs` after incidents |
+| LSP auto-detect readiness | Codex users want language-aware navigation, diagnostics, references, rename, or install guidance before edits | language-server metadata | `trace-to-skill lsp-audit . --format json` |
 | Context compaction failures | `Error running remote compact task`, `context_length_exceeded`, compaction loops, `responses/compact` stream disconnects | `context_compaction` | `trace-to-skill analyze ./runs` |
 | Latest-turn drift | Codex answers an older prompt, repeats a previous response, redoes an already fixed task, forgets recent edits after compaction, or leaks raw tool payload text | `codex_latest_turn_drift` | `trace-to-skill codex-report ./runs` |
 | Session resume and state failures | `codex resume` picker freezes, large rollout JSONL, short `session_index.jsonl`, `Could not load archived chats`, `state_5.sqlite`, `thread_goals` | `codex_session_state` | `trace-to-skill codex-report ./runs` or `trace-to-skill session-audit ~/.codex --format json` |
@@ -80,6 +83,8 @@ npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
 - Include line-linked evidence rather than screenshots alone when logs are available.
 - Redact tokens, API keys, emails, local home paths, customer data, and hidden Unicode before posting publicly.
 - For sensitive-file reports, attach only redacted excerpts and the file path/class, not the original credential material.
+- For preflight exclusion reports, attach `sensitive-audit` output and recommended exclude globs; it does not read file contents or follow symlink targets.
+- For LSP readiness reports, attach `lsp-audit` output so maintainers can see detected languages, evidence files, missing server commands, and install hints without auto-installing tools.
 
 ## Related OpenAI/Codex Threads Used For Fixtures
 

package/docs/DISCOVERY.md

@@ -46,6 +46,8 @@ This page is written for maintainers, search engines, package indexes, and AI re
 - Codex Desktop, app-server, VS Code extension, renderer, GPU, shell snapshot, or helper processes leak local resources or keep burning CPU/GPU/RAM after the useful work should be idle.
 - Codex reports `You've hit your usage limit` even though `/status` or the usage dashboard shows quota left, or quota appears shared across accounts.
 - A Codex or agent trace reads, attaches, diffs, uploads, or indexes sensitive files such as `.env`, private keys, package auth files, cloud credentials, local databases, or production secret manifests.
+- A maintainer wants a filename/path-only preflight report for `.env`, private keys, package auth files, cloud credentials, local databases, signing files, and secret manifests before starting an AI agent.
+- A maintainer wants Codex to use language-aware navigation, diagnostics, rename, or references, but does not know which LSP servers are installed on the current machine.
 - A repository has conflicting `AGENTS.md`, `CLAUDE.md`, Cursor, Copilot, or Gemini instructions.
 - A monorepo has nested `AGENTS.md` files, `@file.md` instruction includes, or invalid instruction-file encoding that makes Codex load the wrong policy.
 - A workflow wants to feed GitHub issue, PR, comment, discussion, check-run, or commit text into an agent but needs prompt-injection checks first.
@@ -77,6 +79,8 @@ npx trace-to-skill scorecard .
 npx trace-to-skill lint-agents .
 npx trace-to-skill guard-github-event "$GITHUB_EVENT_PATH"
 npx trace-to-skill session-audit ~/.codex --format json
+npx trace-to-skill sensitive-audit . --format json
+npx trace-to-skill lsp-audit . --format json
 npx trace-to-skill config-audit ~/.codex --format json
 npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json
 npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
@@ -94,6 +98,8 @@ npx trace-to-skill suggest ./runs --target agents-md
 - `trace-to-skill doctor --format json`
 - `trace-to-skill demo --format json`
 - `trace-to-skill redact --format json`
+- `trace-to-skill sensitive-audit --format json`
+- `trace-to-skill lsp-audit --format json`
 - `trace-to-skill scorecard --format json`
 - `trace-to-skill session-audit --format json`
 - `trace-to-skill config-audit --format json`
@@ -113,6 +119,8 @@ npx trace-to-skill suggest ./runs --target agents-md
 - `schemas/agents-lint-result.schema.json`
 - `schemas/doctor-result.schema.json`
 - `schemas/redact-result.schema.json`
+- `schemas/sensitive-audit-result.schema.json`
+- `schemas/lsp-audit-result.schema.json`
 - `schemas/scorecard-result.schema.json`
 - `schemas/oss-brief-result.schema.json`
 - `schemas/patch-guard-result.schema.json`
@@ -124,7 +132,7 @@ npx trace-to-skill suggest ./runs --target agents-md
 
 ## Related Keywords
 
-Codex, OpenAI Codex, Codex issue report, OpenAI triage, Codex diagnostics bundle, privacy-preserving support bundle, Codex plugin audit, Computer Use unavailable, Codex Browser plugin unavailable, bundled marketplace mismatch, generated runtime marketplace, plugin manifest missing, CODEX_HOME mismatch, Codex CLI, Codex sandbox, Windows sandbox, Codex config audit, Codex config.toml, Codex global state, .codex-global-state.json, Codex Speed reset, Codex Fast resets to Standard, service_tier fast, default-service-tier priority, has-user-changed-service-tier, Codex Preferences unable to save, configVersionConflict, default_permissions missing profile, Codex Windows helper path, Codex WindowsApps, Codex rg Access Denied, Codex ripgrep, CodexSandboxUsers, LocalCache Local OpenAI Codex bin, node_repl spawn setup refresh, Codex approval friction, Approve for this session, Allow for this session, approval_policy never, MCP approval prompts, default_tools_approval_mode, Playwright MCP approvals, Chrome DevTools MCP approvals, Codex auth, token_exchange_failed, Codex connectivity, stream disconnected, Codex connector auth cache, Codex Apps stale link, codex_apps_tools, codex_app_directory, Reauthentication required, refresh token revoked, isAccessible false, link_ connector, Codex deeplink, Codex OAuth callback, codex://oauth_callback, Unable to find Electron app, Error launching app, type=click&tag, AppUserModelID, DelegateExecute, codex app path, Codex remote compact, responses/compact, /compact timeout, tcp_user_timeout, stream_idle_timeout_ms, Codex remote control, Codex mobile, Waiting for desktop, Directory Unavailable, stale listener, Codex terminal output, Codex scrollback, Codex terminal history, terminal output integrity, missing_count, missing_examples, tmux_scrollback_repro.sh, line_truncation_repro.md, Windows Terminal scrollback, transcript mode, Codex subagent lifecycle, stale subagents, close_agent, thread_spawn_edges, agent thread limit reached, agents.max_threads, list_agents, /agents, subagent child threads, fork_context, unbiased review, subagent recent conversations, Codex MCP runtime, MCP unsupported call, mcp__node_repl__js, MCP namespace serverName, MCP Transport closed, StdioServerTransport, Codex plugin runtime, Computer Use native pipe path unavailable, SKY_CUA_NATIVE_PIPE_DIRECTORY, Plugin loading failed, plugin/list unknown variant vertical, Codex Browser plugin, Codex Computer Use, Codex Chrome plugin, stale plugin cache, codex plugin add, Codex file tree, Toggle File Tree, missing folder icon, floating file panel stale, file preview fails, workspace navigation, Codex latest-turn drift, Codex replies to earlier messages, stale prompt response, ignoring latest message, previous prompt, auto compaction forgets edits, raw tool payload leak, write_stdin session_id, Codex latency regression, GPT-5.5 Fast slow, Codex too slow, thinking stalls, Codex thinking hang, Codex stuck thinking, Codex Working stuck, no streamed follow-up, first response_item delayed, responses_http time.idle, model_client.stream_responses_api, turn/start, task_started, Codex Copy as Markdown missing, Codex Pasted text.txt, Codex long pasted prompt attachment, Codex clipboard export, Codex paste as text, Codex generated attachment preview edit, Codex goal ignores attachment, pasted-text-attachments.json, fileAttachments promptRaw composer.getText, pre-first-token latency, search/read latency, runtime scheduling latency, Codex resume, Codex session audit, Codex history audit, Codex session index, session_index.jsonl, Codex session state, rollout JSONL, logs_2.sqlite, codex-tui.log, sandbox.log, thread_goals, state_5.sqlite, goals_1.sqlite, archived chats, Codex token burn, Codex usage evidence, Codex rate-limit evidence, Codex usage drain, Codex usage reset, Codex weekly reset drift, reset_at changed, deterministic reset, rate limit reset, write_stdin polling, cached input tokens, compaction tax, background process polling, Codex resource leak, Codex performance, high CPU, high GPU, shell-snapshot, Code Helper Renderer, Codex tool-call integrity, apply_patch, apply_patch Add File overwrite, patch guard, guard-patch, Add File symlink, tool_call_id, failed revert changes, patch safety, Codex quota, usage limit, rate limits, sensitive files, Codex privacy, .env, private keys, credential files, AGENTS.md, SKILL.md, Claude Code, Cursor, Copilot coding agent, Gemini CLI, MCP, Model Context Protocol, prompt injection, agent evals, AI code review, open-source maintainers, trace redaction, SARIF, GitHub Actions.
+Codex, OpenAI Codex, Codex issue report, OpenAI triage, Codex LSP, Codex language server, lsp-audit, language-server readiness, typescript-language-server, pyright-langserver, gopls, rust-analyzer, sourcekit-lsp, clangd, Codex diagnostics bundle, privacy-preserving support bundle, sensitive path audit, sensitive-audit, agentignore, .agentignore, codexignore, .codexignore, aiexclude, .aiexclude, exclude sensitive files, Codex plugin audit, Computer Use unavailable, Codex Browser plugin unavailable, bundled marketplace mismatch, generated runtime marketplace, plugin manifest missing, CODEX_HOME mismatch, Codex CLI, Codex sandbox, Windows sandbox, Codex config audit, Codex config.toml, Codex global state, .codex-global-state.json, Codex Speed reset, Codex Fast resets to Standard, service_tier fast, default-service-tier priority, has-user-changed-service-tier, Codex Preferences unable to save, configVersionConflict, default_permissions missing profile, Codex Windows helper path, Codex WindowsApps, Codex rg Access Denied, Codex ripgrep, CodexSandboxUsers, LocalCache Local OpenAI Codex bin, node_repl spawn setup refresh, Codex approval friction, Approve for this session, Allow for this session, approval_policy never, MCP approval prompts, default_tools_approval_mode, Playwright MCP approvals, Chrome DevTools MCP approvals, Codex auth, token_exchange_failed, Codex connectivity, stream disconnected, Codex connector auth cache, Codex Apps stale link, codex_apps_tools, codex_app_directory, Reauthentication required, refresh token revoked, isAccessible false, link_ connector, Codex deeplink, Codex OAuth callback, codex://oauth_callback, Unable to find Electron app, Error launching app, type=click&tag, AppUserModelID, DelegateExecute, codex app path, Codex remote compact, responses/compact, /compact timeout, tcp_user_timeout, stream_idle_timeout_ms, Codex remote control, Codex mobile, Waiting for desktop, Directory Unavailable, stale listener, Codex terminal output, Codex scrollback, Codex terminal history, terminal output integrity, missing_count, missing_examples, tmux_scrollback_repro.sh, line_truncation_repro.md, Windows Terminal scrollback, transcript mode, Codex subagent lifecycle, stale subagents, close_agent, thread_spawn_edges, agent thread limit reached, agents.max_threads, list_agents, /agents, subagent child threads, fork_context, unbiased review, subagent recent conversations, Codex MCP runtime, MCP unsupported call, mcp__node_repl__js, MCP namespace serverName, MCP Transport closed, StdioServerTransport, Codex plugin runtime, Computer Use native pipe path unavailable, SKY_CUA_NATIVE_PIPE_DIRECTORY, Plugin loading failed, plugin/list unknown variant vertical, Codex Browser plugin, Codex Computer Use, Codex Chrome plugin, stale plugin cache, codex plugin add, Codex file tree, Toggle File Tree, missing folder icon, floating file panel stale, file preview fails, workspace navigation, Codex latest-turn drift, Codex replies to earlier messages, stale prompt response, ignoring latest message, previous prompt, auto compaction forgets edits, raw tool payload leak, write_stdin session_id, Codex latency regression, GPT-5.5 Fast slow, Codex too slow, thinking stalls, Codex thinking hang, Codex stuck thinking, Codex Working stuck, no streamed follow-up, first response_item delayed, responses_http time.idle, model_client.stream_responses_api, turn/start, task_started, Codex Copy as Markdown missing, Codex Pasted text.txt, Codex long pasted prompt attachment, Codex clipboard export, Codex paste as text, Codex generated attachment preview edit, Codex goal ignores attachment, pasted-text-attachments.json, fileAttachments promptRaw composer.getText, pre-first-token latency, search/read latency, runtime scheduling latency, Codex resume, Codex session audit, Codex history audit, Codex session index, session_index.jsonl, Codex session state, rollout JSONL, logs_2.sqlite, codex-tui.log, sandbox.log, thread_goals, state_5.sqlite, goals_1.sqlite, archived chats, Codex token burn, Codex usage evidence, Codex rate-limit evidence, Codex usage drain, Codex usage reset, Codex weekly reset drift, reset_at changed, deterministic reset, rate limit reset, write_stdin polling, cached input tokens, compaction tax, background process polling, Codex resource leak, Codex performance, high CPU, high GPU, shell-snapshot, Code Helper Renderer, Codex tool-call integrity, apply_patch, apply_patch Add File overwrite, patch guard, guard-patch, Add File symlink, tool_call_id, failed revert changes, patch safety, Codex quota, usage limit, rate limits, sensitive files, Codex privacy, .env, private keys, credential files, AGENTS.md, SKILL.md, Claude Code, Cursor, Copilot coding agent, Gemini CLI, MCP, Model Context Protocol, prompt injection, agent evals, AI code review, open-source maintainers, trace redaction, SARIF, GitHub Actions.
 
 ## Non-Goals
 

package/docs/OPENAI_OSS_BRIEF.md

@@ -3,7 +3,7 @@
 | Field | Value |
 | --- | --- |
 | Repository | https://github.com/grnbtqdbyx-create/trace-to-skill |
-| Package | trace-to-skill@0.1.67 |
+| Package | trace-to-skill@0.1.69 |
 | License | Apache-2.0 |
 | Codex readiness | ready (100/100) |
 | Benchmark | pass, 33 cases |
@@ -27,7 +27,7 @@ API credits would power optional maintainer workflows on top of the local determ
 ## Evidence
 
 - Public repository: https://github.com/grnbtqdbyx-create/trace-to-skill
-- One-command package: npx trace-to-skill@0.1.67
+- One-command package: npx trace-to-skill@0.1.69
 - Open-source license: Apache-2.0
 - Codex readiness doctor: ready, 100/100, 0 failed checks.
 - Public fixture benchmark: pass, 33 cases.

package/docs/USE_CASES.md

@@ -20,6 +20,8 @@ npx trace-to-skill demo connector-auth-cache
 npx trace-to-skill demo mcp-discovery-mismatch
 npx trace-to-skill demo terminal-output-integrity
 npx trace-to-skill demo subagent-lifecycle
+npx trace-to-skill sensitive-audit .
+npx trace-to-skill lsp-audit .
 ```
 
 What it proves:
@@ -27,6 +29,8 @@ What it proves:
 - packaged fixtures can produce a real Codex issue report immediately
 - maintainers can inspect the output shape before sharing any private log
 - demos cover remote compact failures, Windows helper path failures, patch overwrite safety, approval friction, latency, Thinking hangs, clipboard/attachment regressions, deeplink/OAuth launch regressions, connector auth-cache regressions, MCP discovery/config-scope mismatches, terminal output/scrollback integrity, subagent lifecycle drift, token burn, sensitive files, and prompt injection
+- `sensitive-audit` scans filenames and paths before an agent run, without reading file contents, so teams can build `.agentignore`, `.aiexclude`, `.codexignore`, or sandbox permission profiles from a concrete repo report
+- `lsp-audit` scans repo language signals and PATH availability so teams know which language servers are ready before asking Codex for symbol-aware edits
 
 See the generated demo output in [docs/DEMO.md](DEMO.md).
 
@@ -49,7 +53,7 @@ What it proves:
 Recommended CI surface:
 
 ```yaml
-- uses: grnbtqdbyx-create/trace-to-skill@v0.1.67
+- uses: grnbtqdbyx-create/trace-to-skill@v0.1.69
   with:
     mode: all
     doctor-threshold: "85"
@@ -79,7 +83,25 @@ This checks:
 
 The goal is not to ban powerful tools. The goal is to make trust boundaries visible before an agent acts.
 
-## 4. Sandbox And Permission Failure Triage
+## 4. Language-Server Readiness Before Agent Edits
+
+Use this when a repo wants Codex to navigate definitions, references, diagnostics, or rename/refactor flows, but language-server setup differs across machines.
+
+```bash
+npx trace-to-skill lsp-audit . --format json
+npx trace-to-skill lsp-audit . --output lsp-readiness.md
+```
+
+What it proves:
+
+- which languages were detected from manifests and source files
+- whether matching LSP commands such as `typescript-language-server`, `pyright-langserver`, `gopls`, `rust-analyzer`, `sourcekit-lsp`, `jdtls`, `clangd`, `ruby-lsp`, `intelephense`, or `csharp-ls` are on `PATH`
+- exact install hints and evidence files to document in `AGENTS.md`, CI, devcontainers, or setup scripts
+- a stable JSON shape that bots can use before proposing symbol-aware edits
+
+It does not auto-install anything or grant new permissions; it is a readiness report.
+
+## 5. Sandbox And Permission Failure Triage
 
 Use this when Codex cannot start tools, apply patches, or write to the workspace because sandbox setup or permissions fail.
 
@@ -100,7 +122,7 @@ For Codex App reports where Speed resets from Fast to Standard after restart, in
 
 `diagnostics-bundle` combines the config, plugin, and session summaries into a metadata-only support folder with a manifest and README. Use it when OpenAI asks for more evidence but raw `config.toml`, SQLite state, rollout JSONL, and local logs should not be posted publicly.
 
-## 5. Codex Auth And Connectivity Triage
+## 6. Codex Auth And Connectivity Triage
 
 Use this when Codex cannot log in, exchange an auth token, stream a response, or connect through a container, proxy, VPN, corporate CA, IPv6 network, or Cloudflare challenge.
 
@@ -110,7 +132,7 @@ npx trace-to-skill analyze ./runs --format json
 
 This catches signals such as `token_exchange_failed`, `auth.openai.com/oauth/token`, `codex_login::server`, `cf-mitigated: challenge`, missing `ca-certificates`, `update-ca-certificates`, `CODEX_CA_CERTIFICATE`, IPv6 fallback evidence, proxy/MITM TLS failures, and `stream disconnected before completion` on `chatgpt.com/backend-api/codex/responses`.
 
-## 6. Codex Remote Compact Failure Triage
+## 7. Codex Remote Compact Failure Triage
 
 Use this when `/compact` or auto-compaction fails during a long Codex session and the user cannot continue without recreating context.
 
@@ -120,7 +142,7 @@ npx trace-to-skill codex-report ./runs --output openai-codex-compact-issue.md
 
 This catches signals such as `Error running remote compact task`, `timeout waiting for child process to exit`, `stream disconnected before completion`, `responses/compact`, `tcp_user_timeout`, `stream_idle_timeout_ms`, provider-id timeout workarounds, Azure provider config drift, and long-running tasks broken by failed compaction.
 
-## 7. Codex Usage Evidence Packaging
+## 8. Codex Usage Evidence Packaging
 
 Use this when a Codex usage issue has scattered evidence across `/status`, dashboard notes, reset tables, and token totals.
 
@@ -131,7 +153,7 @@ npx trace-to-skill usage-evidence ./usage-notes.md --format json
 
 This turns Markdown polling tables, CSV-like rows, JSON/JSONL snapshots, `reset_at` values, usage-limit errors, and `Token usage: total=... cached` lines into a single report with reset drift, quota jumps, cached-input-heavy turns, and remaining-quota contradictions.
 
-## 8. Codex Windows Helper Path Triage
+## 9. Codex Windows Helper Path Triage
 
 Use this when Codex Desktop on Windows discovers bundled tools or plugin helpers but cannot execute them from the integrated terminal, tool runner, Browser, Chrome, Computer Use, or node_repl path.
 
@@ -141,7 +163,7 @@ npx trace-to-skill codex-report ./runs --output openai-codex-windows-helper-issu
 
 This catches signals such as `Program 'rg.exe' failed to run`, `Access is denied`, `WindowsApps\OpenAI.Codex...\app\resources`, missing `%LOCALAPPDATA%\OpenAI\Codex\bin`, missing MSIX LocalCache helper bins, `CodexSandboxUsers` ACL/RX problems, `copyfile` failures from WindowsApps bundled plugin manifests, EFS/Application Protected attributes, `windows sandbox failed: spawn setup refresh`, `missing-helper-path`, and unavailable Browser/Chrome/Computer Use plugin helpers.
 
-## 9. Codex Mobile And Remote-Control Route Health
+## 10. Codex Mobile And Remote-Control Route Health
 
 Use this when Codex mobile, SSH remote, or desktop remote-control says it is connected but commands do not reach the expected host, workspace, or app-server.
 
@@ -151,7 +173,7 @@ npx trace-to-skill analyze ./runs --format json
 
 This catches signals such as `Waiting for desktop`, `Directory: Unavailable`, stale `server_name` enrollment, stale remote-control listener, `127.0.0.1:14567`, missing cached helper files such as `codex-windows-sandbox-setup.exe` or `codex-command-runner.exe`, empty backend environments, stale Android session lists, and temporary recovery after re-pairing or listener restart.
 
-## 10. Codex Terminal Output And Scrollback Integrity
+## 11. Codex Terminal Output And Scrollback Integrity
 
 Use this when Codex terminal output, streamed assistant text, or scrollback becomes untrustworthy even though raw logs, transcripts, or transaction views still contain the missing lines.
 
@@ -165,7 +187,7 @@ This catches signals such as Windows Terminal scrollback lines disappearing, str
 
 Include the Codex CLI/app/extension version, OS, shell, terminal emulator and version, WSL/SSH/tmux/Zellij state, model, whether streaming was active, exact scroll action, terminal dimensions and scrollback settings, first missing or duplicated line id, raw log/transcript proof, terminal capture, numbered-line harness output, control run, `/resume` or transcript recovery behavior, and whether another terminal or downgrade changes the result.
 
-## 11. Codex Subagent Lifecycle And State Reconciliation
+## 12. Codex Subagent Lifecycle And State Reconciliation
 
 Use this when subagents appear completed, closed, stale, or interrupted but Codex cannot reconcile UI state, live handles, persisted spawn edges, parent discoverability, and active spawn quota.
 
@@ -179,7 +201,7 @@ This catches signals such as completed subagents remaining visible in the Subage
 
 Include Codex app/CLI/extension version, OS, surface, model, subscription/workspace, root thread id, subagent ids/nicknames/roles, spawn/close/list commands, `close_agent` results, `list_agents` or `/agents` output, `thread_spawn_edges` status counts, `agents.max_threads` or registry quota evidence, recent-list/sidebar behavior, child-thread archive/top-level status, last-progress or halt reason, MCP server state, compaction/resume timing, redacted UI evidence, restart/reload behavior, and whether stale agents are UI-only or still block spawns.
 
-## 12. Codex MCP Runtime Triage
+## 13. Codex MCP Runtime Triage
 
 Use this when MCP tools are configured and visible, but Codex cannot actually call them at runtime.
 
@@ -190,7 +212,7 @@ npx trace-to-skill config-audit ~/.codex --format json
 
 This catches signals such as `user cancelled MCP tool call`, `request_user_input is not supported in exec mode`, `Approve app tool call?`, `tool_call_mcp_elicitation`, routed callable names like `mcp__node_repl__js` becoming `unsupported call`, deferred discovery dropping namespace or `serverName`, `tools/list` succeeding while Codex routing fails, and stdio transport lifecycle failures such as `Transport closed`, `stdin_end`, `stdin_close`, `transport_close`, or stderr backpressure.
 
-## 13. Codex Resume And Session State Triage
+## 14. Codex Resume And Session State Triage
 
 Use this when long Codex sessions become difficult to resume, Desktop history rendering gets sluggish, or local state migrations break goals/projects/history.
 
@@ -207,7 +229,7 @@ This catches signals such as `codex resume` picker hangs, `codex resume <id>` wo
 
 For mixed resume, crash, config, plugin, or history issues, `diagnostics-bundle` writes the session, config, and plugin reports together with a checklist of files not to attach publicly.
 
-## 14. Codex File Tree UI Evidence
+## 15. Codex File Tree UI Evidence
 
 Use this when Codex Desktop cannot reveal project files through the native file tree, folder icon, floating file panel, or built-in preview.
 
@@ -218,7 +240,7 @@ npx trace-to-skill codex-report ./runs --output openai-codex-issue.md
 
 This catches signals such as `View > Toggle File Tree` doing nothing, `Cmd+Shift+E` or `Ctrl+Shift+E` having no visible effect, the folder icon disappearing, the floating file panel showing stale or unclickable entries after add/rename/delete operations, and `.doc`, `.pdf`, or `.ppt` previews failing until restart.
 
-## 15. Codex Token Burn Attribution
+## 16. Codex Token Burn Attribution
 
 Use this when Codex usage drains faster than expected and the trace needs to separate useful model work from orchestration overhead.
 
@@ -229,7 +251,7 @@ npx trace-to-skill codex-report ./runs --output openai-codex-issue.md
 
 This catches signals such as tokens `burning very fast`, usage dropping by visible percentages after one or two prompts, weekly allowance depletion, 5-hour usage reaching 0%, large `input` plus `cached input` totals, `write_stdin` empty polling, background commands repeatedly reporting no new output, idle app usage, compaction tax, retry/tool loops, and missing attribution between normal turns, compaction, background polling, subagents, and retries.
 
-## 16. Usage Reset Drift Evidence
+## 17. Usage Reset Drift Evidence
 
 Use this when Codex reset timing changes unexpectedly or users lose the ability to plan paid usage.
 
@@ -240,7 +262,7 @@ npx trace-to-skill codex-report ./runs --output openai-codex-issue.md
 
 This catches signals such as weekly reset dates moving from one date to another, `reset_at` jumping after the first prompt, saved weekly usage being wiped or pushed into the next window, outage compensation resets changing the anchor, `/status` and dashboard disagreement, and requests for deterministic reset schedules or rollover of unused prior-window usage.
 
-## 17. Quota And Usage-Limit Evidence
+## 18. Quota And Usage-Limit Evidence
 
 Use this when Codex blocks a prompt with a usage-limit message but another surface still shows remaining quota.
 
@@ -250,7 +272,7 @@ npx trace-to-skill analyze ./runs --format json
 
 This catches traces where `/status` or the usage page shows remaining 5h or weekly quota, accounts appear to share limits unexpectedly, a Team account inherits a Plus account's limit state, or quota reset times jump after logout/login.
 
-## 18. Codex Resource Leak Evidence
+## 19. Codex Resource Leak Evidence
 
 Use this when Codex Desktop, the VS Code extension, renderer, app-server, GPU process, shell snapshot, or helper process keeps burning local resources after the useful work should be idle.
 
@@ -263,7 +285,7 @@ This catches signals such as high `Code Helper (Renderer)` or `Code Helper (Plug
 
 Include process names/PIDs, CPU/GPU/RSS samples over time, log-loop snippets, workspace Git-root state, animation/reduce-motion state, and whether closing the panel/app, killing exact PIDs, `git init`, rollback, or restart clears the leak.
 
-## 19. Codex Thinking Hang Evidence
+## 20. Codex Thinking Hang Evidence
 
 Use this when Codex accepts a prompt, finishes a local tool call, or keeps a Responses stream open but the UI/CLI remains on Thinking or Working with no visible assistant follow-up.
 
@@ -277,7 +299,7 @@ This catches signals such as `turn/start`, `task_started`, a completed local too
 
 Include the Codex version, OS, model and reasoning/speed settings, turn or thread id, prompt timestamp, last successful tool output, first `response_item` timestamp, `responses_http` or websocket transport evidence, `time.busy` / `time.idle`, MCP/subagent state, stop/interrupt behavior, and whether a new thread or minimal config recovers.
 
-## 20. Codex Clipboard And Pasted-Text Attachment Evidence
+## 21. Codex Clipboard And Pasted-Text Attachment Evidence
 
 Use this when copy/export, long pasted prompts, or generated `Pasted text.txt` attachments break Codex prompt, `/goal`, or support-report workflows.
 
@@ -291,7 +313,7 @@ This catches signals such as `Copy as Markdown` disappearing from the Copy menu,
 
 Include app version, OS, surface, exact copy menu items, source text size, paste action, visible editor text, generated attachment name/path/size, `pasted-text-attachments.json` or fileAttachments metadata, command path such as `/goal`, preview/edit/revert actions tried, clipboard payload format, and whether paste-as-text, opt-out, explicit file reference, or downgrade changes behavior.
 
-## 21. Codex Deeplink And External Launch Evidence
+## 22. Codex Deeplink And External Launch Evidence
 
 Use this when OAuth callbacks, notification clicks, browser extension activation, mobile pairing, or CLI app-open commands fail to route back into Codex.
 
@@ -305,7 +327,7 @@ This catches signals such as `codex://oauth_callback?code=...` opening an Electr
 
 Include app/CLI/extension version, OS/build, install source, package id/path, affected surface, exact redacted URI shape, browser and connector/plugin name, error dialog text, whether the app was already running, AppX/MSIX evidence such as AppUserModelID and DelegateExecute, HKCU/HKCR `codex` keys, command-line arguments, repair/reinstall/re-register attempts, and whether manual `codex://test` or `Start-Process` reproduces.
 
-## 22. Codex App Connector Auth Cache Evidence
+## 23. Codex App Connector Auth Cache Evidence
 
 Use this when Codex app connectors appear installed but keep stale auth or discovery metadata after a reauth-required response.
 
@@ -319,7 +341,7 @@ This catches signals such as `401: "Server returned 401: 'Reauthentication requi
 
 Include app/CLI version, OS, connector/plugin name and id, installed plugin root, exact tool name, redacted `codex_apps_tools` and `codex_app_directory` metadata, `link_*` id before/after reconnect, `isAccessible` state, restart/remove/re-add/cache-clear/sign-in attempts, ChatGPT app page state, and whether an external MCP workaround succeeds.
 
-## 23. Codex MCP Discovery And Config Scope Evidence
+## 24. Codex MCP Discovery And Config Scope Evidence
 
 Use this when MCP servers work in Codex CLI or one config scope but are missing in VS Code, Desktop, WSL, remote sessions, project-local config, or an older conversation.
 
@@ -333,7 +355,7 @@ This catches signals such as `MCP servers not detected in Codex VS Code extensio
 
 Include app/CLI/extension version, OS, IDE, remote/WSL/SSH state, workspace root, effective `CODEX_HOME`, all config files considered (`~/.codex/config.toml`, project `.codex/config.toml`, `.vscode/mcp.json`, `.mcp.json`), redacted MCP sections, trust/profile/default-permissions state, `codex mcp list`, `codex mcp get <server>`, CLI-versus-Desktop/VS Code comparison, loaded config path/log lines, whether moving the same server to user-global config fixes it, and whether the current session exposes `mcp__*` tools.
 
-## 24. Patch Overwrite Guard
+## 25. Patch Overwrite Guard
 
 Use this before applying a generated patch when you want create/update/delete semantics checked against the actual workspace.
 
@@ -350,7 +372,20 @@ For a public demo report:
 npx trace-to-skill demo patch-overwrite
 ```
 
-## 25. OpenAI Codex Issue Report
+## 26. Sensitive Path Preflight Before Agent Runs
+
+Use this before giving an AI coding agent a repository.
+
+```bash
+npx trace-to-skill sensitive-audit . --format json
+npx trace-to-skill sensitive-audit . --output sensitive-paths.md
+```
+
+This finds sensitive-looking paths such as `.env`, `.env.*`, `.npmrc`, `.pypirc`, `.aws/**`, `.ssh/**`, `.kube/**`, `.docker/**`, private keys, certificates, local databases, mobile signing files, and secret manifests without reading file contents or following symlink targets.
+
+The output includes a stable JSON schema plus recommended exclude globs that can seed `.agentignore`, `.aiexclude`, `.codexignore`, local sandbox permission profiles, or team security review checklists. It is a preflight report, not a sandbox boundary.
+
+## 27. OpenAI Codex Issue Report
 
 Use this when you want to file or update an OpenAI/Codex issue with a concise, evidence-backed report instead of pasting a full transcript.
 
@@ -363,7 +398,7 @@ The report includes the likely Codex failure class, line-linked evidence, diagno
 
 For a cluster-to-command map of current Codex issue patterns, see [CODEX_ISSUE_MAP.md](CODEX_ISSUE_MAP.md).
 
-## 26. Sensitive File Access Evidence
+## 28. Sensitive File Access Evidence
 
 Use this when a trace suggests an agent read, attached, uploaded, diffed, or indexed credential-bearing files.
 
@@ -376,7 +411,7 @@ This catches signals such as `.env`, `.env.production`, `.npmrc`, `.pypirc`, `.n
 
 Before publishing evidence, run `trace-to-skill redact` and attach only redacted excerpts plus the file path/class.
 
-## 27. GitHub Context Guard
+## 29. GitHub Context Guard
 
 Use this before an agent reads untrusted GitHub text.
 
@@ -393,7 +428,7 @@ Use it when:
 - a bot asks Codex to triage untrusted user reports
 - logs or comments might contain instructions like "ignore previous instructions" or "print secrets"
 
-## 28. Failed Agent Run To Reviewable Rule
+## 30. Failed Agent Run To Reviewable Rule
 
 Use this when a coding agent made a repeated workflow mistake.
 
@@ -411,7 +446,7 @@ Recommended maintainer loop:
 4. Copy only evidence-backed rules into the real policy file.
 5. Run `eval` or `scorecard` in CI so the same failure does not silently return.
 
-## 29. Privacy-Preserving Adoption
+## 31. Privacy-Preserving Adoption
 
 Use this when you want public evidence without leaking private traces.