fix: flag *.map files as dangerous instead of skipping them

herakles-dev · claude · herakles-dev · commit 90ccb96a18d3 · 2026-03-31T17:07:52.000+02:00
Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/agents/opensource-forker.md b/agents/opensource-forker.md
@@ -89,6 +89,7 @@ key-[A-Za-z0-9]{32}
 - `.secrets/`, `secrets/`
 - `.claude/settings.json`
 - `sessions/`
+- `*.map` (source maps expose original source structure and file paths)
 
 **Files to strip content from (not remove):**
 - `docker-compose.yml` — replace hardcoded values with `${VAR_NAME}`
diff --git a/agents/opensource-sanitizer.md b/agents/opensource-sanitizer.md
@@ -21,7 +21,7 @@ You are an independent auditor that verifies a forked project is fully sanitized
 
 ### Step 1: Secrets Scan (CRITICAL — any match = FAIL)
 
-Scan every text file (excluding `node_modules`, `.git`, `__pycache__`, `*.min.js`, `*.map`, binaries):
+Scan every text file (excluding `node_modules`, `.git`, `__pycache__`, `*.min.js`, binaries):
 
 ```
 # API keys
@@ -104,6 +104,7 @@ credentials.json, service-account*.json
 .secrets/, secrets/
 .claude/settings.json
 sessions/
+*.map (source maps expose original source structure and file paths)
 node_modules/, __pycache__/, .venv/, venv/
 ```
 
