Three git disasters AI shipped — and what got rotated (step 8/8) · git and github cli

Checkpoint

One last thing before we move on. Same surface as a write step — but the lesson doesn't complete until this passes.

Final drill. You're the new security lead on a five-repo engineering org. Walk through the portfolio and triage.

Write triage_repos(repos) that takes a list of repo dicts (same shape as the previous step) and returns a tuple (scores, riskiest):

scores: a dict mapping each repo's name → its score (0-100), using the same scoring rules as audit_repo:
- +20 for has_gitignore_for_env True
- +20 for has_secret_scanning_hook True
- +20 for reviewer_required_for_main True
- +20 for agent_can_auto_commit False (inverted)
- +20 for secrets_in_env_vars_only True
riskiest: the name of the repo with the LOWEST score (most likely to leak next). On a tie, return the FIRST one — use min with a key= argument and a stable iteration over the input list.

Five repos run. Expected output:

scores: {'core-api': 100, 'admin-dashboard': 60, 'ml-pipeline': 40, 'legacy-billing': 0, 'docs-site': 80}
most likely to leak next: legacy-billing

⌘↵ runs the editor.read, then continue.

Checkpoint

One last thing before we move on. Same surface as a write step — but the lesson doesn't complete until this passes.

Final drill. You're the new security lead on a five-repo engineering org. Walk through the portfolio and triage.

Write triage_repos(repos) that takes a list of repo dicts (same shape as the previous step) and returns a tuple (scores, riskiest):

scores: a dict mapping each repo's name → its score (0-100), using the same scoring rules as audit_repo:
- +20 for has_gitignore_for_env True
- +20 for has_secret_scanning_hook True
- +20 for reviewer_required_for_main True
- +20 for agent_can_auto_commit False (inverted)
- +20 for secrets_in_env_vars_only True
riskiest: the name of the repo with the LOWEST score (most likely to leak next). On a tie, return the FIRST one — use min with a key= argument and a stable iteration over the input list.

Five repos run. Expected output:

scores: {'core-api': 100, 'admin-dashboard': 60, 'ml-pipeline': 40, 'legacy-billing': 0, 'docs-site': 80}
most likely to leak next: legacy-billing

this step needs the editor

on desktop today; in the app (coming soon). save your spot and we'll bring you back here when you're ready.

open this same url on a laptop to keep going today.