Phase 1 wrap-up of AUDIT-2026-Q3:
- .gitleaksignore: appends 28 false-positive fingerprints to existing
10. All hit on public ERC-20/Solana token contract addresses (USDC,
WETH, MATIC, BONK, DAI in main.py.bak + test fixtures + the
cryptoscam-address DB we DETECT). None are RMI secrets.
- .gitleaks.toml: [allowlist] paths = 7 affected files. Active
suppression that drops the working-tree scan from 24 -> 0 findings
(and full-history from 28 -> 0).
- STATUS.md: Phase-1 status snapshot. 12 commits this session. Author
canonical: cryptorugmunch <admin@rugmunch.io>. 2 gating CI jobs
(build, test). Phase 1 DoD all met. Phase 2 (delete dead code)
starts next.