## Problem `mise run security` fails at `security:secrets` with 53 gitleaks findings after the custom `aws-account-id` rule landed in f57b931. ## Acceptance criteria - [ ] `mise run security:secrets` passes (0 leaks) - [ ] False positives allowlisted: mise-action SHA pins, threat-composer artifacts, test fixtures, placeholder UUIDs - [ ] Real account IDs removed from current source files (e.g. drawio diagrams) - [ ] Historical remediated leaks baselined via `.gitleaksignore` where history cannot be rewritten
Problem
mise run securityfails atsecurity:secretswith 53 gitleaks findings after the customaws-account-idrule landed in f57b931.Acceptance criteria
mise run security:secretspasses (0 leaks).gitleaksignorewhere history cannot be rewritten