From 9193f4e2907c7e926251bcee7a1a2c59fd482e1d Mon Sep 17 00:00:00 2001
From: Lobsterdog Contributors <noreply@lobsterdog.dev>
Date: Thu, 18 Jun 2026 22:00:07 -0600
Subject: [PATCH] chore: add gitguardian config to exclude compliance test key
 fixtures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The AdCP compliance test vectors in adcp-server/src/test/resources/compliance/
contain intentionally public test keys with _private_d_for_test_only fields.
These are for signer/verifier round-trip conformance testing and MUST NOT be
used in production. The keys.json files carry explicit warnings in their
_WARNING and  fields.

GitGuardian correctly detects these as private key material, but they are
false positives — the keys are published in the AdCP spec repo at
https://adcontextprotocol.org/compliance/latest/test-vectors/ and are
intentionally public for cross-SDK conformance testing.
---
 .gitguardian | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .gitguardian

diff --git a/.gitguardian b/.gitguardian
new file mode 100644
index 0000000..dc756fa
--- /dev/null
+++ b/.gitguardian
@@ -0,0 +1,7 @@
+{
+  "paths-ignore": [
+    "adcp-server/src/test/resources/compliance/**/keys.json",
+    "adcp-server/src/test/resources/compliance/**/*hmac*"
+  ],
+  "matches-ignore": []
+}
\ No newline at end of file