leakferret 0.2.0

Context-aware secret scanning for Ruby projects. A thin wrapper around the native leakferret binary (written in Rust): it finds hardcoded secrets, confirms which ones are actually live by calling the provider, and rewrites them to read from environment variables instead. Precompiled platform gems bundle the native binary inside the gem, so a normal `gem install` ships the binary through RubyGems itself: no download, no network access, and no Rust toolchain. You can audit exactly what you are about to run with `gem unpack leakferret`. The gem never fetches and runs a binary off the internet - there is no download code to vet. On a platform without a prebuilt gem, the source gem tells you to build from source (`cargo install leakferret-cli`) or point LEAKFERRET_BIN at a binary. The API exposes Leakferret.scan, Leakferret.verify, and Leakferret.rewrite (each returning Finding objects), plus a `leakferret` command-line tool.