pezkuwichain/pwap - pwap - PezkuwiChain Git

pezkuwichain/pwap

Fork 0

mirror of https://github.com/pezkuwichain/pwap.git synced 2026-04-21 23:47:56 +00:00

Commit Graph

Author	SHA1	Message	Date
pezkuwichain	18e4adb283	fix: Optimize GitHub Actions workflow and fix .gitattributes warnings - Refactor security-check.yml to separate critical vs optional checks - Make TruffleHog, Gitleaks, and Snyk scans optional (continue-on-error) - Fix .gitattributes negative pattern warning (!.env.example) - Use specific .env patterns instead of wildcards - Improve workflow job organization and summary reporting This ensures the CI/CD pipeline doesn't fail when optional security tools are not configured with tokens, while maintaining strict validation for critical security checks. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-28 21:55:45 +03:00
pezkuwichain	159700eade	feat: Add comprehensive GitHub security integration Security Infrastructure: - Add .gitattributes for merge conflict protection and sensitive file handling - Add SECURITY.md with detailed security policies and procedures - Add pre-commit hook template for local secret detection - Add GitHub Actions workflow for automated security scanning - Add comprehensive documentation for git hooks Code Security Improvements: - Fix AuthContext.tsx: Remove hardcoded credentials, use environment variables - Migrate WalletContext.tsx: Replace Ethereum/MetaMask with Polkadot.js - Refactor lib/wallet.ts: Complete Substrate configuration with asset management - Update TokenSwap.tsx: Add real API integration for balance queries - Update StakingDashboard.tsx: Add blockchain integration placeholders Environment Management: - Update .env with proper security warnings - Update .env.example with comprehensive template - All sensitive data now uses environment variables - Demo mode controllable via VITE_ENABLE_DEMO_MODE flag Security Measures Implemented: ✅ 4-layer protection (gitignore + gitattributes + pre-commit + CI/CD) ✅ Automated secret scanning (TruffleHog + Gitleaks) ✅ Pre-commit hooks prevent accidental commits ✅ CI/CD pipeline validates all PRs ✅ Environment variable validation ✅ Dependency security auditing Breaking Changes: - WalletContext now uses Polkadot.js instead of MetaMask - lib/wallet.ts completely rewritten for Substrate - ASSET_IDs and CHAIN_CONFIG exported from lib/wallet.ts - Demo mode must be explicitly enabled Migration Notes: - Install pre-commit hook: cp .git-hooks/pre-commit.example .git/hooks/pre-commit - Copy environment: cp .env.example .env - Update .env with your credentials - Enable GitHub Actions in repository settings Co-authored-by: Claude <noreply@anthropic.com>	2025-10-28 21:48:48 +03:00

Author

SHA1

Message

Date

pezkuwichain

18e4adb283

fix: Optimize GitHub Actions workflow and fix .gitattributes warnings

- Refactor security-check.yml to separate critical vs optional checks
- Make TruffleHog, Gitleaks, and Snyk scans optional (continue-on-error)
- Fix .gitattributes negative pattern warning (!.env.example)
- Use specific .env patterns instead of wildcards
- Improve workflow job organization and summary reporting

This ensures the CI/CD pipeline doesn't fail when optional security
tools are not configured with tokens, while maintaining strict
validation for critical security checks.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-28 21:55:45 +03:00

pezkuwichain

159700eade

feat: Add comprehensive GitHub security integration

Security Infrastructure:
- Add .gitattributes for merge conflict protection and sensitive file handling
- Add SECURITY.md with detailed security policies and procedures
- Add pre-commit hook template for local secret detection
- Add GitHub Actions workflow for automated security scanning
- Add comprehensive documentation for git hooks

Code Security Improvements:
- Fix AuthContext.tsx: Remove hardcoded credentials, use environment variables
- Migrate WalletContext.tsx: Replace Ethereum/MetaMask with Polkadot.js
- Refactor lib/wallet.ts: Complete Substrate configuration with asset management
- Update TokenSwap.tsx: Add real API integration for balance queries
- Update StakingDashboard.tsx: Add blockchain integration placeholders

Environment Management:
- Update .env with proper security warnings
- Update .env.example with comprehensive template
- All sensitive data now uses environment variables
- Demo mode controllable via VITE_ENABLE_DEMO_MODE flag

Security Measures Implemented:
✅ 4-layer protection (gitignore + gitattributes + pre-commit + CI/CD)
✅ Automated secret scanning (TruffleHog + Gitleaks)
✅ Pre-commit hooks prevent accidental commits
✅ CI/CD pipeline validates all PRs
✅ Environment variable validation
✅ Dependency security auditing

Breaking Changes:
- WalletContext now uses Polkadot.js instead of MetaMask
- lib/wallet.ts completely rewritten for Substrate
- ASSET_IDs and CHAIN_CONFIG exported from lib/wallet.ts
- Demo mode must be explicitly enabled

Migration Notes:
- Install pre-commit hook: cp .git-hooks/pre-commit.example .git/hooks/pre-commit
- Copy environment: cp .env.example .env
- Update .env with your credentials
- Enable GitHub Actions in repository settings

Co-authored-by: Claude <noreply@anthropic.com>

2025-10-28 21:48:48 +03:00

2 Commits