chore: improve secretlint performance by adding ignore patterns

[marcusquinn]

Summary

• Add python-env, .osgrep, .scannerwork to .secretlintignore
• Add bun.lock to .gitignore to maintain subset rule (.secretlintignore ⊆ .gitignore)
• Increase Docker timeout from 30s to 60s in linters-local.sh
• Mark t063 as completed in TODO.md

Problem

Secretlint was scanning 19,790 files (572MB) including python-env binaries, causing 60+ minute hangs when running linters-local.sh.

Solution

Added missing ignore patterns that mirror .gitignore entries. Result: ~230 files scanned in seconds.

Split from #92

This was originally part of #92 but split out to keep that PR focused on the core bug fix (jq output suppression).

[coderabbitai]

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 59 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 39d93ca and f70b23e.

📒 Files selected for processing (4)

• .agent/scripts/linters-local.sh
• .gitignore
• .secretlintignore
• TODO.md

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical performance bottleneck in the Secretlint scanning process by introducing targeted ignore patterns for large, irrelevant directories and files. These changes drastically reduce the scan duration from over an hour to mere seconds, thereby streamlining the local development workflow and ensuring the linter remains effective without causing significant delays.

Highlights

• Secretlint Performance Improvement: Added new ignore patterns to .secretlintignore for python-env, .osgrep, and .scannerwork directories, significantly reducing the number of files scanned by Secretlint.
• Bun Lock File Management: Included bun.lock in both .gitignore and .secretlintignore to ensure consistency and prevent unnecessary scanning of generated lock files.
• Docker Timeout Adjustment: Increased the Docker timeout for Secretlint scans in linters-local.sh from 30 seconds to 60 seconds to accommodate potentially longer scan times, although performance improvements should mitigate this.
• Task Completion: Updated TODO.md to mark task t063 (Fix secretlint scanning performance) as completed.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 261 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Jan 14 19:25:42 UTC 2026: Code review monitoring started
Wed Jan 14 19:25:42 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 261
Wed Jan 14 19:25:42 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Wed Jan 14 19:25:44 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 261
• VULNERABILITIES: 0

Generated on: Wed Jan 14 19:26:21 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[gemini-code-assist]

Code Review

This pull request significantly improves the performance of secretlint by adding necessary ignore patterns, which is a great fix. My review includes a couple of suggestions for further improvement. In linters-local.sh, I've recommended using a variable for the Docker timeout to enhance maintainability. For TODO.md, I've identified a missing closing comment tag and outdated summary data, providing a suggestion to correct both issues.

[gemini-code-assist]

To improve maintainability and avoid repetition, consider defining the timeout value in a variable. This avoids repeating the magic number 60 and makes it easier to update in the future.

Suggested change

	print_info "Secretlint: Using Docker for scan (60s timeout)..."
	# Use gtimeout (macOS) or timeout (Linux) to prevent Docker from hanging
	local timeout_cmd=""
	if command -v gtimeout &> /dev/null; then
	timeout_cmd="gtimeout 30"
	timeout_cmd="gtimeout 60"
	elif command -v timeout &> /dev/null; then
	timeout_cmd="timeout 30"
	timeout_cmd="timeout 60"
	fi
	local secretlint_timeout=60
	print_info "Secretlint: Using Docker for scan (${secretlint_timeout}s timeout)..."
	# Use gtimeout (macOS) or timeout (Linux) to prevent Docker from hanging
	local timeout_cmd=""
	if command -v gtimeout &> /dev/null; then
	timeout_cmd="gtimeout ${secretlint_timeout}"
	elif command -v timeout &> /dev/null; then
	timeout_cmd="timeout ${secretlint_timeout}"
	fi

[gemini-code-assist]

This TOON:summary block is missing its closing --> tag, which will likely break parsing tools.

Additionally, the summary data seems stale. With task t063 added and completed, the total and done counts should be updated. It looks like total should be 57 and done should be 27. Please update the summary line and add the closing tag.

Suggested change

	<!--TOON:summary{total,pending,in_progress,in_review,done,declined,total_est,total_actual,blocked_count,ready_count}:
	56,45,0,0,26,0,28d3h,16h50m,0,45
	<!--TOON:summary{total,pending,in_progress,in_review,done,declined,total_est,total_actual,blocked_count,ready_count}:
	57,45,0,0,27,0,28d3h30m,16h50m,0,45
	-->

[augmentcode]

🤖 Augment PR Summary

Summary: Improves Secretlint scan performance by expanding .secretlintignore (python/env dirs, tool caches, bun lockfile) and aligning ignores with .gitignore.

Why: Prevents Secretlint from traversing large, irrelevant directories that previously caused 60+ minute hangs; also bumps Docker scan timeout from 30s to 60s.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

[marcusquinn]

@alex-solovyev - This PR was split from #92 (your original contribution). It contains the secretlint performance improvements. Would appreciate your review!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 261 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Jan 14 19:30:33 UTC 2026: Code review monitoring started
Wed Jan 14 19:30:34 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 261
Wed Jan 14 19:30:34 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Wed Jan 14 19:30:36 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 261
• VULNERABILITIES: 0

Generated on: Wed Jan 14 19:31:15 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring