GitHub Secret Scanning

Runtype can now receive GitHub Secret Scanning partner webhooks and automatically revoke leaked API keys found in public repositories. The rollout included signature verification, retry hardening, local route exposure, and smoke coverage for the revocation pipeline.

This shortens the window between a key leak and a real platform response, reducing blast radius without waiting for manual support intervention.