From 0ff377af6fd0121c759fef2ef11630c3a3aac976 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 29 Jun 2026 15:59:16 +0800
Subject: [PATCH] fix(security): resolve gitea inventory validator input from
 repo root

---
 .../gitea-authenticated-inventory-payload-validator.py         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/security/gitea-authenticated-inventory-payload-validator.py b/scripts/security/gitea-authenticated-inventory-payload-validator.py
index c41bdc43..8f7528a2 100644
--- a/scripts/security/gitea-authenticated-inventory-payload-validator.py
+++ b/scripts/security/gitea-authenticated-inventory-payload-validator.py
@@ -48,6 +48,7 @@ SECRET_PATTERNS = {
     "token_assignment": re.compile(r"\btoken\s*[:=]\s*[^,\s]+", re.IGNORECASE),
 }
 SECRET_QUERY_KEYS = {"access_token", "auth", "key", "password", "secret", "token"}
+ROOT = Path(__file__).resolve().parents[2]
 
 
 def parse_args() -> argparse.Namespace:
@@ -57,7 +58,7 @@ def parse_args() -> argparse.Namespace:
     parser.add_argument(
         "--input",
         type=Path,
-        default=Path("docs/security/gitea-repo-inventory.snapshot.json"),
+        default=ROOT / "docs/security/gitea-repo-inventory.snapshot.json",
         help="Payload JSON to validate.",
     )
     parser.add_argument("--output", type=Path, help="Write validation JSON here.")