From f762ad52a366e5139c80240930727c4cbecbf522 Mon Sep 17 00:00:00 2001
From: ozan <ozan@tinqs.com>
Date: Wed, 10 Jun 2026 22:04:08 +0100
Subject: [PATCH] blog: scrub internal codename + admin URL from
 pre-commit-agent post
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The redaction-pattern example ironically named the real classified codename and a
real internal admin URL in a public post. Genericized both to placeholders
(<internal-codename>, admin.<internal-domain>) — the example still illustrates the
pattern format without leaking. Rebuilt HTML.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 posts/pre-commit-agent.md | 4 ++--
 pre-commit-agent.html     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/posts/pre-commit-agent.md b/posts/pre-commit-agent.md
index e1524a6..78a33d5 100644
--- a/posts/pre-commit-agent.md
+++ b/posts/pre-commit-agent.md
@@ -21,11 +21,11 @@ We built a pre-commit hook with two layers: a regex blocklist that's instant and
 A text file of patterns, each tagged with scope and message:
 
 ```
-public|\bCosmos\b|Classified codename — use "advanced colonist AI"
+public|\b<internal-codename>\b|Classified codename — use the public-facing alias
 all|github\.com/(tinqs-ltd|tinqs)/|GitHub repos deleted — use tinqs.com
 all|sk-[a-zA-Z0-9]{20,}|Possible API key leaked
 all|AKIA[A-Z0-9]{16}|AWS access key leaked
-public|admin\.arikigame\.com|Internal admin URL in public content
+public|admin\.<internal-domain>|Internal admin URL in public content
 ```
 
 The scope field controls where patterns apply. `all` means every file. `public` means only public-facing content — blog posts, website, marketing pages. We *want* classified codenames in internal architecture docs. We just don't want them in blog posts.
diff --git a/pre-commit-agent.html b/pre-commit-agent.html
index e7cfcfa..7e23e4d 100644
--- a/pre-commit-agent.html
+++ b/pre-commit-agent.html
@@ -269,11 +269,11 @@
 <p>We built a pre-commit hook with two layers: a regex blocklist that's instant and free, and an LLM review that costs $0.001. Together they catch everything.</p>
 <h2>Layer 1: Regex blocklist (0ms, $0.00)</h2>
 <p>A text file of patterns, each tagged with scope and message:</p>
-<pre><code>public|\bCosmos\b|Classified codename — use "advanced colonist AI"
+<pre><code>public|\b&lt;internal-codename&gt;\b|Classified codename — use the public-facing alias
 all|github\.com/(tinqs-ltd|tinqs)/|GitHub repos deleted — use tinqs.com
 all|sk-[a-zA-Z0-9]{20,}|Possible API key leaked
 all|AKIA[A-Z0-9]{16}|AWS access key leaked
-public|admin\.arikigame\.com|Internal admin URL in public content</code></pre>
+public|admin\.&lt;internal-domain&gt;|Internal admin URL in public content</code></pre>
 <p>The scope field controls where patterns apply. <code>all</code> means every file. <code>public</code> means only public-facing content — blog posts, website, marketing pages. We <em>want</em> classified codenames in internal architecture docs. We just don't want them in blog posts.</p>
 <p>The blocklist runs grep against the staged diff. No network call, no API, no latency. Match found → commit blocked immediately with file path and explanation. This catches 80% of issues before the LLM wakes up.</p>
 <h2>Layer 2: DeepSeek V4 Flash review (~4s, $0.001)</h2>