use camino::Utf8PathBuf;
use cordance_core::advise::{AdviseFinding, Severity};
use cordance_core::pack::CordancePack;
use super::AdviseRule;
pub struct RSecrets1;
impl AdviseRule for RSecrets1 {
fn id(&self) -> &'static str {
"R-secrets-1"
}
fn doctrine_anchor(&self) -> &'static str {
"doctrine/principles/configuration-and-secrets.md"
}
fn check(&self, pack: &CordancePack) -> Vec<AdviseFinding> {
let has_env_files = pack
.sources
.iter()
.any(|r| r.path.as_str().to_ascii_lowercase().contains(".env"));
if !has_env_files {
return vec![];
}
let has_gitignore = pack
.sources
.iter()
.any(|r| r.path.as_str() == ".gitignore" || r.path.as_str().ends_with("/.gitignore"));
if has_gitignore {
return vec![];
}
vec![AdviseFinding {
id: self.id().into(),
severity: Severity::Warning,
summary: "Found .env-pattern files. Ensure .gitignore excludes secrets.".into(),
doctrine_anchor: Utf8PathBuf::from(self.doctrine_anchor()),
project_paths: vec![".env".into()],
remediation: "Add *.env, *.env.local, *.env.production to .gitignore.".into(),
}]
}
}