Add README with setup docs and clarify secret placeholder conventions#2
Closed
Copilot wants to merge 1 commit intokpj2006-patch-1from
Closed
Add README with setup docs and clarify secret placeholder conventions#2Copilot wants to merge 1 commit intokpj2006-patch-1from
Copilot wants to merge 1 commit intokpj2006-patch-1from
Conversation
Open
Copilot
AI
changed the title
[WIP] Update README.md to clarify secret scanning behavior
Add README with setup docs and clarify secret placeholder conventions
Feb 20, 2026
Copilot stopped work on behalf of
kpj2006 due to an error
February 20, 2026 14:01
kpj2006
approved these changes
Feb 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a top-level
README.mdcovering purpose, workflow usage, and required secrets. A contributor question surfaced that demo token strings committed as documentation examples (ghp_...,github_pat_...) were not blocked by push protection — clarifying why that is expected behavior and what placeholder convention to use instead.Changes
README.md— initial documentation: purpose, usage pointer todocs/SETUP.md, and required secrets reference (GIST_PAT,DISCORD_BOT_TOKEN, etc.)ghp_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) to avoid confusion and prevent future false-positive questionsWhy push protection didn't fire
GitHub validates an embedded CRC checksum in
ghp_andgithub_pat_tokens — strings that match the format but weren't generated by GitHub fail this check and pass through intentionally. Only tokens that could actually authenticate are blocked. Using clearly non-token placeholders eliminates the ambiguity entirely.✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.