bookworm-smart-assistant/hooks/rules/credential-patterns.json

{
  "_comment": "命令行凭证泄露检测 (ask) — 由 block-dangerous-commands.js 加载",
  "_version": "v3.9-staging-ext",
  "patterns": [
    {
      "regex": "(?:password|passwd)=\\S{6,}",
      "flags": "i",
      "reason": "命令中包含明文密码"
    },
    {
      "regex": "(?:secret|token|api[-_]?key)=(?:eyJ|sk-|ghp_|glpat-)\\S{10,}",
      "flags": "i",
      "reason": "命令中包含 API Token"
    },
    {
      "regex": "Authorization:\\s*Bearer\\s+\\S{20,}",
      "flags": "i",
      "reason": "命令中包含 Bearer Token"
    },
    {
      "regex": "AKIA[0-9A-Z]{16}",
      "flags": "i",
      "reason": "命令中包含 AWS Access Key"
    },
    {
      "regex": "sk-ant-[a-zA-Z0-9_-]{20,}",
      "flags": "",
      "reason": "命令中包含 Anthropic API Key"
    },
    {
      "regex": "~.[a-zA-Z0-9_-]{34}",
      "flags": "",
      "reason": "命令中可能包含 Azure AD Client Secret"
    },
    {
      "regex": "sk_live_[A-Za-z0-9]{24,}",
      "flags": "",
      "reason": "Stripe Live Secret Key (文件内容)"
    },
    {
      "regex": "sk_test_[A-Za-z0-9]{24,}",
      "flags": "",
      "reason": "Stripe Test Secret Key (文件内容)"
    },
    {
      "regex": "ghp_[A-Za-z0-9]{36,}",
      "flags": "",
      "reason": "GitHub Personal Access Token (新版)"
    },
    {
      "regex": "xox[baprs]-[A-Za-z0-9-]{10,}",
      "flags": "",
      "reason": "Slack Token"
    }
  ]
}
Initial: Bookworm Smart Assistant v6.5.1 (byte-preserved, 809 files, fp 26b83e1b38cdf64a) 2026-04-21 17:57:05 +08:00			`{`
			`"_comment": "命令行凭证泄露检测 (ask) — 由 block-dangerous-commands.js 加载",`
release: v6.7.0 - OTA E2E test release - VERSION file as authoritative version source - export.mjs reads VERSION with package.json fallback - bw-ota.ps1 DryRun mode for safe testing - auto-setup.ps1 bumped to v3.2.0 (Phase 8 OTA) 2026-04-27 17:59:44 +08:00			`"_version": "v3.9-staging-ext",`
Initial: Bookworm Smart Assistant v6.5.1 (byte-preserved, 809 files, fp 26b83e1b38cdf64a) 2026-04-21 17:57:05 +08:00			`"patterns": [`
			`{`
			`"regex": "(?:password\|passwd)=\\S{6,}",`
			`"flags": "i",`
			`"reason": "命令中包含明文密码"`
			`},`
			`{`
			`"regex": "(?:secret\|token\|api[-_]?key)=(?:eyJ\|sk-\|ghp_\|glpat-)\\S{10,}",`
			`"flags": "i",`
			`"reason": "命令中包含 API Token"`
			`},`
			`{`
			`"regex": "Authorization:\\s*Bearer\\s+\\S{20,}",`
			`"flags": "i",`
			`"reason": "命令中包含 Bearer Token"`
			`},`
			`{`
			`"regex": "AKIA[0-9A-Z]{16}",`
			`"flags": "i",`
			`"reason": "命令中包含 AWS Access Key"`
			`},`
			`{`
			`"regex": "sk-ant-[a-zA-Z0-9_-]{20,}",`
			`"flags": "",`
			`"reason": "命令中包含 Anthropic API Key"`
			`},`
			`{`
			`"regex": "~.[a-zA-Z0-9_-]{34}",`
			`"flags": "",`
			`"reason": "命令中可能包含 Azure AD Client Secret"`
release: v6.7.0 - OTA E2E test release - VERSION file as authoritative version source - export.mjs reads VERSION with package.json fallback - bw-ota.ps1 DryRun mode for safe testing - auto-setup.ps1 bumped to v3.2.0 (Phase 8 OTA) 2026-04-27 17:59:44 +08:00			`},`
			`{`
			`"regex": "sk_live_[A-Za-z0-9]{24,}",`
			`"flags": "",`
			`"reason": "Stripe Live Secret Key (文件内容)"`
			`},`
			`{`
			`"regex": "sk_test_[A-Za-z0-9]{24,}",`
			`"flags": "",`
			`"reason": "Stripe Test Secret Key (文件内容)"`
			`},`
			`{`
			`"regex": "ghp_[A-Za-z0-9]{36,}",`
			`"flags": "",`
			`"reason": "GitHub Personal Access Token (新版)"`
			`},`
			`{`
			`"regex": "xox[baprs]-[A-Za-z0-9-]{10,}",`
			`"flags": "",`
			`"reason": "Slack Token"`
Initial: Bookworm Smart Assistant v6.5.1 (byte-preserved, 809 files, fp 26b83e1b38cdf64a) 2026-04-21 17:57:05 +08:00			`}`
			`]`
			`}`