From bac3fe480753bf61fbd483090219a45d4eb7b285 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Wed, 1 Jul 2026 21:42:11 -0400 Subject: fix(sweep): treat the bare cjennings ssh-alias remote as private The public-reachability check excluded only the literal cjennings.net host, so a remote addressed through the ~/.ssh/config alias (git@cjennings:repo.git) read as public and drew a false WARN on rulesets itself. --- scripts/sweep-gitignore-tooling.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'scripts/sweep-gitignore-tooling.sh') diff --git a/scripts/sweep-gitignore-tooling.sh b/scripts/sweep-gitignore-tooling.sh index f04d3cd..68bfe2d 100755 --- a/scripts/sweep-gitignore-tooling.sh +++ b/scripts/sweep-gitignore-tooling.sh @@ -99,8 +99,10 @@ for project in "${projects[@]}"; do tracked_tooling+=("$path") fi done + # Private = the cjennings.net server, whether addressed by FQDN or by the + # bare `cjennings` ssh-config alias (git@cjennings:repo.git). public_remote="$(git -C "$project" remote -v 2>/dev/null \ - | awk '{print $2}' | grep -v 'cjennings\.net' | sort -u | head -1 || true)" + | awk '{print $2}' | grep -vE '(@|://)cjennings(\.net)?[:/]' | sort -u | head -1 || true)" if [ "${#tracked_tooling[@]}" -gt 0 ] && [ -n "$public_remote" ]; then echo "skip $name — track-mode (.ai/ not gitignored)" echo " WARN $name: tracked tooling (${tracked_tooling[*]}) is publicly reachable via $public_remote — gitignore the set and 'git -C $project rm --cached -r ' unless this is a deliberate team-shared config" -- cgit v1.2.3