promptdojo_

.env, os.getenv, and the leak recovery you'll do at least once — step 9 of 9

Checkpoint

One last thing before we move on. Same surface as a write step — but the lesson doesn't complete until this passes.

Final drill. Build a "ready to commit?" guard. Write audit_files(files) that takes a list of dicts, each shaped {"path": "<filename>", "content": "<text>"}, and returns a list of strings — one warning per problem found. Rules, applied in order:

  • If a file's path matches .env or starts with .env. (but not .env.example), append f"do not commit {path}" and STOP checking that file (don't run the second rule on env files).
  • Otherwise, if the file's content contains the substring "sk-ant-" or "sk-test-", append f"hardcoded key in {path}".

Files matching neither rule produce no warnings.

Then the script will exercise four files and print every warning, one per line.

Expected output:

do not commit .env
hardcoded key in src/bad.py

full-screen editor opens — close anytime to keep reading.