From 8021197bf099db71efbb160b1755df8ecfa837aa Mon Sep 17 00:00:00 2001
From: TheFlow <theflow@sydigital.com>
Date: Sun, 26 Oct 2025 23:19:18 +1300
Subject: [PATCH] fix(deployment): only block files with explicit confidential
 markers, not filename patterns
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Removed filename pattern checks (session-handoff, draft, etc.)
- Now only blocks files with content markers: [INTERNAL], [CONFIDENTIAL], [DO NOT PUBLISH]
- Allows session handoff and internal documentation in docs/ directory
- Still blocks actual credentials and sensitive content

Rationale: Filename patterns were too broad and blocked legitimate internal documentation.
Session handoffs are fine in docs/ as long as they don't contain actual sensitive data.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 scripts/check-confidential-docs.js | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/scripts/check-confidential-docs.js b/scripts/check-confidential-docs.js
index 4733e145..e313289f 100755
--- a/scripts/check-confidential-docs.js
+++ b/scripts/check-confidential-docs.js
@@ -81,19 +81,17 @@ function scanFile(filePath) {
   if (!['.md', '.txt', '.pdf', '.doc', '.docx', '.html'].includes(ext)) {
     return null;
   }
-  
-  // Check filename
-  const pathCheck = checkFilePath(filePath);
-  if (pathCheck.confidential) {
-    return { file: filePath, ...pathCheck };
-  }
-  
-  // Check content
+
+  // ONLY check content markers, not filename patterns
+  // Rationale: Session handoffs and internal docs are fine in docs/ directory
+  // as long as they don't contain actual sensitive content (credentials, etc.)
+  // Filename patterns are too broad and catch legitimate internal documentation
+
   const contentCheck = checkFileContent(filePath);
   if (contentCheck.confidential) {
     return { file: filePath, ...contentCheck };
   }
-  
+
   return null;
 }