From e5f659978bf526da5912d2f9d7a342ee3d6224c9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 14:29:28 +0000
Subject: [PATCH 1/7] Initial plan


From 7f0309a767b985cd963c86c34055eae48fb0131b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 14:32:34 +0000
Subject: [PATCH 2/7] Fix wiki-management.yml to exclude code blocks from
 sensitive data scan

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
---
 .github/workflows/wiki-management.yml | 31 +++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/wiki-management.yml b/.github/workflows/wiki-management.yml
index a36e12261e8a..4b073e045061 100644
--- a/.github/workflows/wiki-management.yml
+++ b/.github/workflows/wiki-management.yml
@@ -49,14 +49,41 @@ jobs:
           
           FOUND_ISSUES=0
           
+          # Create a temporary directory for cleaned files
+          TEMP_DIR=$(mktemp -d)
+          
+          # Process each markdown file and strip code blocks
+          find wiki/ -name "*.md" -type f | while read -r file; do
+            # Remove code blocks (content between ``` markers) to avoid false positives
+            # This is safe because:
+            # 1. Code blocks are typically examples, not real credentials
+            # 2. Real credentials should never be in documentation
+            # 3. We still scan all non-code-block content
+            
+            cleaned_file="$TEMP_DIR/$(basename "$file")"
+            
+            # Use awk to remove content between ``` markers
+            awk '
+              /^```/ {
+                in_code_block = !in_code_block
+                next
+              }
+              !in_code_block { print }
+            ' "$file" > "$cleaned_file"
+          done
+          
+          # Scan the cleaned files
           for pattern in "${PATTERNS[@]}"; do
             echo "Checking for pattern: $pattern"
-            if grep -rniE "$pattern" wiki/ 2>/dev/null; then
+            if grep -rniE "$pattern" "$TEMP_DIR" 2>/dev/null; then
               echo "⚠️ WARNING: Potential sensitive data found matching pattern: $pattern"
               FOUND_ISSUES=$((FOUND_ISSUES + 1))
             fi
           done
           
+          # Clean up
+          rm -rf "$TEMP_DIR"
+          
           if [ $FOUND_ISSUES -gt 0 ]; then
             echo "❌ Found $FOUND_ISSUES potential security issues"
             echo "Please review and ensure no real credentials are committed"
@@ -64,7 +91,7 @@ jobs:
             exit 1
           fi
           
-          echo "✅ No sensitive data patterns detected"
+          echo "✅ No sensitive data patterns detected (code blocks excluded from scan)"
       
       - name: Check markdown links
         run: |

From e3ab979e45a6b8728282d51fbbc3f92a71a91321 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 14:33:28 +0000
Subject: [PATCH 3/7] Add documentation for privacy-safe scanning practices

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
---
 .github/workflows/wiki-management.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/wiki-management.yml b/.github/workflows/wiki-management.yml
index 4b073e045061..ac04a4aeb91b 100644
--- a/.github/workflows/wiki-management.yml
+++ b/.github/workflows/wiki-management.yml
@@ -1,6 +1,13 @@
 # Copyright (c) 2026 The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or https://opensource.org/license/mit.
+#
+# This workflow validates wiki content for sensitive data patterns while
+# using privacy-safe practices:
+# - Excludes markdown code blocks to avoid false positives from examples
+# - Still scans all non-code content for real credential leaks
+# - Validates markdown links and syntax
+# - Checks file naming conventions
 
 name: Wiki Management
 
@@ -33,6 +40,7 @@ jobs:
       - name: Check for sensitive data patterns
         run: |
           echo "🔍 Scanning wiki files for sensitive data patterns..."
+          echo "Note: Code blocks (```) are excluded to avoid false positives from examples"
           
           # Define patterns to check for
           PATTERNS=(

From c2639083261cc6d65817514799001db6d0bebb8d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 14:34:53 +0000
Subject: [PATCH 4/7] Trigger workflow on PR for workflow file changes

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
---
 .github/workflows/wiki-management.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/wiki-management.yml b/.github/workflows/wiki-management.yml
index ac04a4aeb91b..f77d3ad915e6 100644
--- a/.github/workflows/wiki-management.yml
+++ b/.github/workflows/wiki-management.yml
@@ -22,6 +22,7 @@ on:
   pull_request:
     paths:
       - 'wiki/**'
+      - '.github/workflows/wiki-management.yml'
   workflow_dispatch:
 
 permissions:

From 39ec7b480d17dfc6df97a34c123fe83676fb6d43 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 14:37:56 +0000
Subject: [PATCH 5/7] Fix file collision issue and improve documentation

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
---
 .github/workflows/wiki-management.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/wiki-management.yml b/.github/workflows/wiki-management.yml
index f77d3ad915e6..f8d435dc81d0 100644
--- a/.github/workflows/wiki-management.yml
+++ b/.github/workflows/wiki-management.yml
@@ -69,9 +69,14 @@ jobs:
             # 2. Real credentials should never be in documentation
             # 3. We still scan all non-code-block content
             
-            cleaned_file="$TEMP_DIR/$(basename "$file")"
+            # Create unique filename preserving directory structure
+            relative_path="${file#wiki/}"
+            cleaned_file="$TEMP_DIR/${relative_path//\//_}"
             
             # Use awk to remove content between ``` markers
+            # Note: This handles triple-backtick code blocks
+            # Inline code and indented blocks are still scanned as they're less likely
+            # to contain multiline example credentials
             awk '
               /^```/ {
                 in_code_block = !in_code_block

From 19baa36be8a2ef1e53f5a04d6269e52e51684ef7 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 14:39:01 +0000
Subject: [PATCH 6/7] Use directory structure preservation to avoid all
 collisions

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
---
 .github/workflows/wiki-management.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/wiki-management.yml b/.github/workflows/wiki-management.yml
index f8d435dc81d0..5bcc1607fbdc 100644
--- a/.github/workflows/wiki-management.yml
+++ b/.github/workflows/wiki-management.yml
@@ -69,14 +69,17 @@ jobs:
             # 2. Real credentials should never be in documentation
             # 3. We still scan all non-code-block content
             
-            # Create unique filename preserving directory structure
+            # Preserve directory structure to avoid any filename collisions
             relative_path="${file#wiki/}"
-            cleaned_file="$TEMP_DIR/${relative_path//\//_}"
+            cleaned_file="$TEMP_DIR/$relative_path"
+            mkdir -p "$(dirname "$cleaned_file")"
             
-            # Use awk to remove content between ``` markers
+            # Use awk to remove content between ``` markers (with optional language specifier)
             # Note: This handles triple-backtick code blocks
             # Inline code and indented blocks are still scanned as they're less likely
             # to contain multiline example credentials
+            # If code blocks are malformed (odd number of markers), the scanner may
+            # include some code content, which is acceptable for security scanning
             awk '
               /^```/ {
                 in_code_block = !in_code_block

From a55f876c9be11ee39174d2df9e80fbaed541bcc1 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 14:40:10 +0000
Subject: [PATCH 7/7] Add explicit initialization for better code clarity

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
---
 .github/workflows/wiki-management.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/wiki-management.yml b/.github/workflows/wiki-management.yml
index 5bcc1607fbdc..bae27b656611 100644
--- a/.github/workflows/wiki-management.yml
+++ b/.github/workflows/wiki-management.yml
@@ -81,6 +81,7 @@ jobs:
             # If code blocks are malformed (odd number of markers), the scanner may
             # include some code content, which is acceptable for security scanning
             awk '
+              BEGIN { in_code_block = 0 }
               /^```/ {
                 in_code_block = !in_code_block
                 next