feat(report): improve daily intelligence UX and price tracking

scripts/secret_gate_test.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$ROOT_DIR"
+. "$ROOT_DIR/scripts/secret_gate_lib.sh"
+
+TMP_DIR="$(mktemp -d)"
+cleanup() {
+    rm -rf "$TMP_DIR"
+}
+trap cleanup EXIT
+
+SECRET_FILE="$TMP_DIR/secret.ts"
+CLEAN_FILE="$TMP_DIR/clean.ts"
+AWS_SECRET_FILE="$TMP_DIR/aws.ts"
+ENV_FILE="$TMP_DIR/.env"
+DOCKERIGNORE_FILE="$TMP_DIR/.dockerignore"
+MISSING_DOCKERIGNORE_FIXTURE="$ROOT_DIR/scripts/testdata/empty.dockerignore"
+
+printf 'const key = "sk-test-secret";\n' > "$SECRET_FILE"
+printf 'const ok = true;\n' > "$CLEAN_FILE"
+printf 'const awsKey = "AKIA1234567890ABCDEF";\n' > "$AWS_SECRET_FILE"
+printf 'OPENROUTER_API_KEY=sk-test-secret\n' > "$ENV_FILE"
+printf '.env\n!.env.example\n' > "$DOCKERIGNORE_FILE"
+
+
+set +e
+secret_scan_paths "$SECRET_FILE" "$CLEAN_FILE" > /tmp/secret_gate_test_scan.out 2> /tmp/secret_gate_test_scan.err
+SCAN_RC=$?
+set -e
+if [ "$SCAN_RC" -eq 0 ]; then
+    echo "expected secret_scan_paths to fail"
+    exit 1
+fi
+grep -q "$SECRET_FILE" /tmp/secret_gate_test_scan.out
+
+set +e
+secret_scan_paths "$AWS_SECRET_FILE" > /tmp/secret_gate_test_aws.out 2> /tmp/secret_gate_test_aws.err
+AWS_SCAN_RC=$?
+set -e
+if [ "$AWS_SCAN_RC" -eq 0 ]; then
+    echo "expected secret_scan_paths to fail for aws-style key"
+    exit 1
+fi
+grep -q 'AKIA1234567890ABCDEF' /tmp/secret_gate_test_aws.out
+
+secret_env_files "$DOCKERIGNORE_FILE" > /tmp/secret_gate_test_env.out 2> /tmp/secret_gate_test_env.err
+
+set +e
+secret_env_files "$MISSING_DOCKERIGNORE_FIXTURE" > /tmp/secret_gate_test_env_fail.out 2> /tmp/secret_gate_test_env_fail.err
+ENV_RC=$?
+set -e
+if [ "$ENV_RC" -eq 0 ]; then
+    echo "expected secret_env_files to fail without dockerignore entry"
+    exit 1
+fi
+grep -q "missing .env ignore rule" /tmp/secret_gate_test_env_fail.err
+
+echo "secret_gate_test: PASS"