Feat/auth sanitizer

[pboling]

No description provided.

[Copilot]

Pull request overview

This PR adds inspect-time redaction of command option state (to avoid leaking OAuth secrets in logs/debug output) via auth-sanitizer, along with supporting dependency/tooling updates and some spec refactors/cleanups.

Changes:

• Integrate auth-sanitizer into OAuth::TTY::Command and add a spec asserting redaction in #inspect.
• Update dependency declarations/locks (including stdlib-extracted cgi) and refine several RSpec doubles/stubs.
• Add/adjust project docs and tooling files (IRP, SECURITY.md link, mise config, signature files).

Reviewed changes

Copilot reviewed 23 out of 25 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
spec/oauth/tty/commands/sign_command_spec.rb	Adds spec ensuring secrets are redacted from command #inspect.
spec/oauth/tty/commands/query_command_spec.rb	Updates doubles to verified constant references and adjusts stubbing.
spec/oauth/tty/commands/authorize_command_spec.rb	Refactors stubs/verified doubles and consolidates helper stubbing.
spec/oauth/tty/command_spec.rb	Reworks test command subclass to avoid leaky constant declarations.
spec/oauth/tty/cli_spec.rb	Updates verified doubles/stubbing patterns for CLI integration specs.
spec/oauth/tty_spec.rb	Removes empty example group.
spec/oauth/cli_spec.rb	Adds spec for OAuth::CLI alias behavior.
spec/oauth/backwards_compatibility_spec.rb	Removes prior backwards-compatibility alias spec (replaced by class-focused spec).
spec/config/vcr.rb	Adds cgi requires to support environments where CGI is an extracted gem.
spec/config/debug.rb	Removes debug logging noise when DEBUG is enabled.
sig/oauth/tty/command.rbs	Adds RBS signature for OAuth::TTY::Command including sanitizer mixin.
SECURITY.md	Links to new IRP documentation.
README.md	Removes CodeTriage badges from the badge list/footer references.
oauth-tty.gemspec	Adds runtime deps (cgi, auth-sanitizer) and pins some dev dependency versions.
mise.toml	Adds shared dev environment configuration via mise.
lib/oauth/tty/command.rb	Adds sanitizer integration + filtered attributes and custom #inspect output redaction.
lib/oauth/tty/cli.rb	Refactors class method definition style (class << self).
lib/oauth/tty.rb	Requires auth/sanitizer during library load.
IRP.md	Adds an Incident Response Plan document.
gemfiles/modular/documentation.gemfile	Switches yard-junk to a released version constraint.
Gemfile.lock	Updates lockfile contents (notably oauth source now via local PATH).
Gemfile	Switches oauth dependency to local path and adds conditional nomono dev wiring.
CHANGELOG.md	Documents the inspect-time redaction change.
.tool-versions	Updates Ruby tool version for local dev tooling.
.rubocop_gradual.lock	Removes the gradual RuboCop lock file.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.