specstory-guard
SKILL.md
SpecStory Guard
A pre-commit guardrail that scans .specstory/history for potential secrets and blocks commits until they are removed or redacted.
How It Works
- Installs a git pre-commit hook in your repository
- Scans
.specstory/historyfiles on every commit - Detects common secret patterns (API keys, tokens, private keys)
- Blocks the commit if secrets are found
- Reports findings with redacted previews for safe review
Why Use Guard?
AI coding sessions may inadvertently capture sensitive data:
- API keys you pasted into chat
- Environment variables in command output
- Private keys or tokens in error messages
- Credentials in configuration examples