store: PR review: paper-dynasty-discord#43 — explicit .gitignore for service-creds.json

graph/workflows/pr-review-paper-dynasty-discord43-explicit-gitignore-for-ser-d71493.md

@@ -0,0 +1,28 @@
+---
+id: d714936b-855b-46f0-ad85-c8bb55f743ad
+type: workflow
+title: "PR review: paper-dynasty-discord#43 — explicit .gitignore for service-creds.json"
+tags: [pr-reviewer, paper-dynasty-discord, gitignore, security, credentials]
+importance: 0.4
+confidence: 0.8
+created: "2026-03-03T19:03:04.484112+00:00"
+updated: "2026-03-03T19:03:04.484112+00:00"
+---
+
+## PR Review: paper-dynasty-discord#43
+
+**Verdict**: APPROVED (posted as COMMENT due to Gitea self-approval restriction)
+
+**PR Title**: fix: add explicit .gitignore entry for service-creds.json (#40)
+
+**Files Reviewed**: `.gitignore`
+
+**Summary**: Single-line addition of `storage/paper-dynasty-service-creds.json` to `.gitignore`. The existing `storage*` wildcard already covers the file, making this technically redundant. However, the explicit entry is justified as defense-in-depth for a sensitive Google Sheets service credential file referenced in `cogs/gameplay.py:120`.
+
+**Key Findings**:
+- Redundant but intentional — `storage*` already ignores the entire `storage/` directory
+- No ordering issues or negation rules that could cause conflicts
+- Positive security posture: protects against accidental exposure if `storage*` is ever removed
+- Clean, minimal change following existing "Project specifics" block convention
+
+**Note**: Gitea blocks self-approval (`approve your own pull is not allowed`), so APPROVED verdict was posted as a COMMENT review instead.