The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Mar 25, 2026 6:59pm

Merging this PR will not alter performance

✅ 16 untouched benchmarks

_{Comparing worktree-floofy-prancing-crystal (b77e1cc) with main (7d7045c)}

Greptile Summary

This PR removes an accidentally committed .claude/settings.json that contained developer-machine-specific Claude Code permissions (absolute paths to private local branches) and adds a semgrep rule to prevent the file from being re-added. The file deletion is correct and necessary. The defense-in-depth approach of adding a static-analysis rule is sound, but its stated blocking behaviour in CI is unverified.

Key findings:

• ✅ .claude/settings.json is correctly removed; it exposed internal branch names (litellm-mcp-jwt-groups, litellm-claude-code-guardrails, etc.) and krrishdholakia's local machine paths.
• ⚠️ No GitHub Actions workflow invokes semgrep scan, so the new rule does not automatically block PRs unless a Semgrep SaaS / GitHub App integration exists outside the visible workflow files. The PR description's claim that "the CI semgrep job runs with --error" is not evidenced by any workflow file.
• ℹ️ .claude is already listed on line 5 of the root .gitignore, so the rule's message telling contributors to "add .claude/ to .gitignore instead" is misleading.

Confidence Score: 4/5

• Safe to merge for the deletion itself; the semgrep rule's CI enforcement should be confirmed or added before treating it as a blocking guardrail.
• The primary fix (deleting the leaked settings file) is straightforward and unambiguously correct. The new semgrep rule is well-formed and the author verified it locally. The main gap is the absence of a visible CI job to actually run it, which means the "blocking" claim is unverified. This is worth resolving but does not block the safety benefit of the deletion itself.
• .semgrep/rules/security/no-claude-directory.yml — confirm CI integration exists or add a workflow step.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Developer commits a file\nunder .claude/] --> B{.gitignore check\n.claude already listed}
    B -->|File force-added\nor was pre-tracked| C[File included in commit]
    B -->|Normal add| D[git silently ignores file ✅]
    C --> E{CI Pipeline}
    E --> F[test-linting.yml\nBlack / Ruff / MyPy / ggshield]
    E --> G{Semgrep scan?\nno-claude-directory rule}
    G -->|No workflow found| H[⚠️ Rule NOT enforced automatically]
    G -->|If Semgrep SaaS / App configured| I[Rule fires → ERROR → PR blocked ✅]
    F --> J[PR may still be merged\nwithout semgrep check]

_{Reviews (1): Last reviewed commit: "security: remove .claude/settings.json a..." | Re-trigger Greptile}