{"generated":"2026-04-25T02:12:09.978Z","sources":{"ask-patterns.json":{"mtime":1774938915176.4019,"size":2358,"count":16},"credential-patterns.json":{"mtime":1777052874863.0615,"size":1443,"count":10},"deny-patterns.json":{"mtime":1774939731772.2805,"size":6654,"count":46},"mcp-tool-classification.json":{"mtime":1774435129282.1284,"size":1003,"count":0},"sensitive-content-deny.json":{"mtime":1775955777632.6755,"size":159,"count":0},"sensitive-content.json":{"mtime":1773322750000,"size":1651,"count":12},"sensitive-paths.json":{"mtime":1777051482444.4768,"size":5411,"count":39},"sensitive-redirect.json":{"mtime":1774873964973.9507,"size":2049,"count":12}},"rules":{"ask-patterns":[{"regex":"git\\s+push\\s+.*--force","flags":"i","reason":"Git 强制推送可能覆盖远端历史"},{"regex":"git\\s+push\\s+-f\\b","flags":"i","reason":"Git 强制推送可能覆盖远端历史"},{"regex":"git\\s+reset\\s+--hard","flags":"i","reason":"Git 硬重置会丢失未提交的更改"},{"regex":"git\\s+clean\\s+-[fd]","flags":"i","reason":"Git clean 会删除未跟踪的文件"},{"regex":"git\\s+checkout\\s+\\.\\s*","flags":"i","reason":"会丢弃所有未暂存的更改"},{"regex":"git\\s+restore\\s+\\.\\s*","flags":"i","reason":"会丢弃所有未暂存的更改"},{"regex":"git\\s+branch\\s+-D\\b","flags":"i","reason":"强制删除分支"},{"regex":"ALTER\\s+TABLE\\s+\\w+\\s+DROP","flags":"i","reason":"表结构破坏性变更"},{"regex":"docker\\s+system\\s+prune\\s+-a","flags":"i","reason":"Docker 全量清理"},{"regex":"kubectl\\s+delete\\s+(?:namespace|ns|deploy)","flags":"i","reason":"K8s 资源删除"},{"regex":"Remove-Item\\s+.*-Recurse","flags":"i","reason":"PowerShell 递归删除"},{"regex":"Stop-Process\\s+.*-Force","flags":"i","reason":"PowerShell 强制终止进程"},{"regex":"Stop-Computer","flags":"i","reason":"PowerShell 关机"},{"regex":"Restart-Computer\\s+.*-Force","flags":"i","reason":"PowerShell 强制重启"},{"regex":"\\bgit\\s+stash\\s+(drop|clear)\\b","reason":"git stash 删除操作可能丢失暂存的工作","flags":"i"},{"regex":"\\bgit\\s+reflog\\s+expire\\b","reason":"git reflog 过期操作可能导致提交不可恢复","flags":"i"}],"credential-patterns":[{"regex":"(?:password|passwd)=\\S{6,}","flags":"i","reason":"命令中包含明文密码"},{"regex":"(?:secret|token|api[-_]?key)=(?:eyJ|sk-|ghp_|glpat-)\\S{10,}","flags":"i","reason":"命令中包含 API Token"},{"regex":"Authorization:\\s*Bearer\\s+\\S{20,}","flags":"i","reason":"命令中包含 Bearer Token"},{"regex":"AKIA[0-9A-Z]{16}","flags":"i","reason":"命令中包含 AWS Access Key"},{"regex":"sk-ant-[a-zA-Z0-9_-]{20,}","flags":"","reason":"命令中包含 Anthropic API Key"},{"regex":"~.[a-zA-Z0-9_-]{34}","flags":"","reason":"命令中可能包含 Azure AD Client Secret"},{"regex":"sk_live_[A-Za-z0-9]{24,}","flags":"","reason":"Stripe Live Secret Key (文件内容)"},{"regex":"sk_test_[A-Za-z0-9]{24,}","flags":"","reason":"Stripe Test Secret Key (文件内容)"},{"regex":"ghp_[A-Za-z0-9]{36,}","flags":"","reason":"GitHub Personal Access Token (新版)"},{"regex":"xox[baprs]-[A-Za-z0-9-]{10,}","flags":"","reason":"Slack Token"}],"deny-patterns":[{"regex":"rm\\s+(?:-[a-z]+\\s+)*-[a-z]*r[a-z]*\\s+.*[\\/\\\\~]","flags":"i","reason":"递归删除根目录或家目录"},{"regex":"rm\\s+.*--recursive","flags":"i","reason":"递归删除(长选项)"},{"regex":"rm\\s+(?:-[a-z]+\\s+)*-[a-z]*r[a-z]*\\s+\\.(?:[/\\\\]\\S*)?\\s*$","flags":"im","reason":"递归删除当前目录 (仅匹配 . 或 ./ 而非 .dotdir)"},{"regex":"rm\\s+(?:-[a-z]+\\s+)*-[a-z]*r[a-z]*\\s+\\*","flags":"i","reason":"递归删除通配符匹配"},{"regex":"mkfs\\.","flags":"i","reason":"格式化磁盘"},{"regex":"\\bdd\\b.*of=\\/dev\\/","flags":"i","reason":"直写磁盘设备"},{"regex":">\\s*\\/dev\\/sd[a-z]","flags":"i","reason":"重定向到磁盘设备"},{"regex":":\\(\\)\\{\\s*:\\|:&\\s*\\};:","flags":"i","reason":"Fork bomb"},{"regex":"\\w+\\(\\)\\s*\\{\\s*\\w+\\s*\\|\\s*\\w+\\s*&\\s*\\}\\s*;\\s*\\w+","flags":"i","reason":"Fork bomb 变体"},{"regex":"chmod\\s+-R\\s+777\\s+\\/","flags":"i","reason":"递归修改根目录权限"},{"regex":"format\\s+[cC]:","flags":"i","reason":"格式化 C 盘"},{"regex":"rd\\s+\\/s\\s+\\/q\\s+[cC]:","flags":"i","reason":"递归删除 C 盘"},{"regex":"Remove-Item\\s+(?=.*-Recurse)(?=.*-Force).*[A-Za-z]:\\\\","flags":"i","reason":"PowerShell 递归强制删除驱动器根目录"},{"regex":"Remove-Item\\s+(?=.*-Recurse)(?=.*-Force).*\\\\\\\\","flags":"i","reason":"PowerShell 递归强制删除 UNC 路径"},{"regex":"Format-Volume","flags":"i","reason":"PowerShell 格式化磁盘卷"},{"regex":"Clear-Disk","flags":"i","reason":"PowerShell 清除整个磁盘"},{"regex":"Initialize-Disk.*-RemoveData","flags":"i","reason":"PowerShell 初始化磁盘并清除数据"},{"regex":"DROP\\s+DATABASE","flags":"i","reason":"删除整个数据库"},{"regex":"TRUNCATE\\s+TABLE","flags":"i","reason":"清空表全部数据"},{"regex":"curl\\s+.*\\|\\s*(?:ba)?sh","flags":"i","reason":"从网络下载并直接执行脚本"},{"regex":"wget\\s+.*\\|\\s*(?:ba)?sh","flags":"i","reason":"从网络下载并直接执行脚本"},{"regex":"echo\\s+\\S+\\s*\\|\\s*base64\\s+(?:-d|--decode)\\s*\\|\\s*(?:ba)?sh","flags":"i","reason":"Base64 解码管道执行(混淆攻击)"},{"regex":"find\\s+.*-delete","flags":"i","reason":"find -delete 递归删除"},{"regex":"find\\s+.*-exec\\s+rm","flags":"i","reason":"find -exec rm 递归删除"},{"regex":"xargs\\s+rm\\s+-r","flags":"i","reason":"xargs rm -r 递归删除"},{"regex":"rsync\\s+.*--delete.*/","flags":"i","reason":"rsync --delete 危险同步"},{"regex":"curl\\s+.*\\|\\s*(?:python|node|perl|ruby)","flags":"i","reason":"从网络下载管道到脚本解释器"},{"regex":"wget\\s+.*\\|\\s*(?:python|node|perl|ruby)","flags":"i","reason":"从网络下载管道到脚本解释器"},{"regex":"chmod\\s+000\\s+/","flags":"i","reason":"chmod 000 锁定根目录权限"},{"regex":"iptables\\s+-F","flags":"i","reason":"iptables 刷空防火墙规则"},{"regex":"(?:cp|mv|install)\\s+.*\\.claude[/\\\\](?:hooks|scripts|constitution)[/\\\\]","flags":"i","reason":"cp/mv/install 覆盖 .claude 核心基础设施文件"},{"regex":"(?:cp|mv|install|ln)\\s+.*\\.claude[/\\\\](?:settings\\.json|feature-flags\\.json|\\.credentials\\.json|skills-index\\.json)","flags":"i","reason":"cp/mv/ln 覆盖 .claude 核心配置文件"},{"regex":"(?:truncate|unlink)\\s+.*\\.claude[/\\\\]","flags":"i","reason":"truncate/unlink 破坏 .claude 基础设施文件"},{"regex":"node\\s+(?:-e|--eval)\\s+.*(?:writeFile|writeFileSync|appendFile|appendFileSync).*\\.claude","flags":"i","reason":"P2-RT3: 通过 node -e 脚本 API 写入 .claude 基础设施文件"},{"regex":"python[23]?\\s+(?:-c)\\s+.*(?:open|write).*\\.claude","flags":"i","reason":"P2-RT3: 通过 python -c 脚本 API 写入 .claude 基础设施文件"},{"regex":"powershell.*(?:Set-Content|Add-Content|Out-File).*\\.claude","flags":"i","reason":"P2-RT3: 通过 PowerShell 写入 .claude 基础设施文件"},{"regex":"\\beval\\s+[\"']?\\$\\(","flags":"","reason":"RT-7: eval 执行命令替换 (代码注入)"},{"regex":"\\beval\\s+[\"']?\\$[A-Z_]","flags":"","reason":"RT-7: eval 执行变量内容 (代码注入)"},{"regex":"\\$\\{![^}]+\\}","flags":"","reason":"RT-7: Bash 间接变量引用 (代码注入)"},{"regex":"npm\\s+publish","flags":"i","reason":"RT-7: npm 发布应走 CI/CD Pipeline"},{"regex":"terraform\\s+destroy","flags":"i","reason":"R1: Terraform 销毁基础设施 (从 ask 升级为 deny)"},{"regex":"DROP\\s+TABLE","flags":"i","reason":"R1: 删除数据表 (从 ask 升级为 deny)"},{"regex":"\\bshred\\b","flags":"i","reason":"R1: shred 安全删除不可恢复 (从 ask 升级为 deny)"},{"regex":"\\bdiskpart\\b","flags":"i","reason":"R1: diskpart 磁盘分区高危操作 (从 ask 升级为 deny)"},{"regex":"DELETE\\s+FROM\\s+\\w+\\s*(?:;|$)","flags":"i","reason":"R1: 全表 DELETE 无 WHERE 条件 (从 ask 升级为 deny)"},{"regex":"printf\\s+.*\\|\\s*(?:ba)?sh","flags":"i","reason":"R1: printf 管道到 shell 执行 (编码绕过防护)"}],"mcp-tool-classification":[],"sensitive-content-deny":[],"sensitive-content":[{"regex":"(?:password|passwd|pwd)\\s*[:=]\\s*['\"][^'\"]{4,}","flags":"i","reason":"明文密码"},{"regex":"(?:secret[-_]?key|api[-_]?key|access[-_]?key)\\s*[:=]\\s*['\"][^'\"]{8,}","flags":"i","reason":"API 密钥"},{"regex":"-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----","flags":"","reason":"私钥内容"},{"regex":"AKIA[0-9A-Z]{16}","flags":"","reason":"AWS Access Key"},{"regex":"sk-[a-zA-Z0-9]{20,}","flags":"","reason":"OpenAI/Stripe 密钥"},{"regex":"ghp_[a-zA-Z0-9]{36}","flags":"","reason":"GitHub Personal Access Token"},{"regex":"glpat-[a-zA-Z0-9\\-_]{20,}","flags":"","reason":"GitLab Personal Access Token"},{"regex":"xoxb-[0-9]{10,}-[a-zA-Z0-9]+","flags":"","reason":"Slack Bot Token"},{"regex":"\"type\"\\s*:\\s*\"service_account\"","flags":"","reason":"GCP Service Account Key"},{"regex":"DefaultEndpointsProtocol=.*AccountKey=","flags":"i","reason":"Azure Storage 连接串"},{"regex":"eyJ[a-zA-Z0-9_-]+\\.eyJ[a-zA-Z0-9_-]+","flags":"","reason":"JWT Token"},{"regex":"\\d+\\.\\d+\\.\\d+\\.\\d+.*(?:password|passwd|pwd)\\s*[:=]\\s*\\S+","flags":"i","reason":"IP 地址 + 密码组合"}],"sensitive-paths":[{"regex":"\\.env$","flags":"i","reason":".env 环境变量文件"},{"regex":"\\.env\\.\\w+$","flags":"i","reason":".env.* 环境变量文件"},{"regex":"credentials?\\.(json|yaml|yml|toml|xml)$","flags":"i","reason":"凭证配置文件"},{"regex":"secrets?\\.(json|yaml|yml|toml|xml)$","flags":"i","reason":"密钥配置文件"},{"regex":"\\.pem$","flags":"i","reason":"PEM 证书/密钥文件"},{"regex":"\\.key$","flags":"i","reason":"私钥文件"},{"regex":"\\.p12$","flags":"i","reason":"PKCS12 证书文件"},{"regex":"\\.pfx$","flags":"i","reason":"PFX 证书文件"},{"regex":"id_rsa","flags":"i","reason":"SSH RSA 私钥"},{"regex":"id_ed25519","flags":"i","reason":"SSH ED25519 私钥"},{"regex":"\\.ssh[\\/\\\\]config$","flags":"i","reason":"SSH 配置文件"},{"regex":"\\.npmrc$","flags":"i","reason":"npm 配置(可能含 token)"},{"regex":"\\.pypirc$","flags":"i","reason":"PyPI 配置(可能含 token)"},{"regex":"\\.kube[\\/\\\\]config$","flags":"i","reason":"Kubernetes 配置"},{"regex":"service[-_]?account.*\\.json$","flags":"i","reason":"GCP 服务账号密钥"},{"regex":"firebase[-_]?adminsdk.*\\.json$","flags":"i","reason":"Firebase Admin SDK 密钥"},{"regex":"\\.docker[\\/\\\\]config\\.json$","flags":"i","reason":"Docker 注册表凭证"},{"regex":"\\.netrc$","flags":"i","reason":".netrc 网络凭证文件"},{"regex":"\\.git-credentials$","flags":"i","reason":"Git 明文凭证存储"},{"regex":"\\.htpasswd$","flags":"i","reason":"HTTP Basic Auth 密码文件"},{"regex":"wp-config\\.php$","flags":"i","reason":"WordPress 数据库凭证"},{"regex":"[\\\\/]\\.claude[\\\\/]settings\\.json$","flags":"i","reason":"Claude Code 核心权限配置文件"},{"regex":"[\\\\/]\\.claude[\\\\/]settings\\.local\\.json$","flags":"i","reason":"Claude Code 本地配置文件"},{"regex":"[\\\\/]\\.claude[\\\\/]hooks[\\\\/][^\\\\/]+\\.js$","flags":"i","reason":"安全防护钩子文件"},{"regex":"[\\\\/]\\.claude[\\\\/]hooks[\\\\/]rules[\\\\/][^\\\\/]+\\.json$","flags":"i","reason":"安全规则配置文件"},{"regex":"[\\/].claude[\\/]debug[\\/](?:route-state|adaptive-disambiguator|session-memory|route-weights|route-feedback)","flags":"i","reason":"路由状态文件 (防 Write/Edit 投毒)"},{"regex":"[\\/].claude[\\/]hooks[\\/]checksums.(json|sig)","flags":"i","reason":"完整性校验文件"},{"regex":"[\\\\/]\\.claude[\\\\/]constitution[\\\\/]","flags":"i","reason":"AI 宪法文件 (不可修改)"},{"regex":"[\\\\/]\\.claude[\\\\/]feature-flags\\.json$","flags":"i","reason":"功能开关配置 (控制安全钩子启停)"},{"regex":"[\\\\/]\\.claude[\\\\/]debug[\\\\/]user-overrides\\.json$","flags":"i","reason":"逃生舱状态文件 (防投毒)"},{"regex":"[\\\\/]\\.claude[\\\\/]skills-index\\.json$","flags":"i","reason":"路由技能索引 (防篡改)"},{"regex":"[\\\\/]\\.claude[\\\\/]SKILL-REGISTRY\\.md$","flags":"i","reason":"技能注册表 (防篡改)"},{"regex":"[\\\\/]\\.claude[\\\\/]scripts[\\\\/][^\\\\/]+\\.js$","flags":"i","reason":"Hook dependency scripts (tamper protection)"},{"regex":"[\\\\/]\\.claude[\\\\/]CLAUDE\\.md$","flags":"i","reason":"System instruction file (prompt injection protection)"},{"regex":"[\\\\/]\\.claude[\\\\/]debug[\\\\/]security-","flags":"i","reason":"Security audit logs (tamper protection)"},{"regex":"[\\/].claude[\\/]debug[\\/]","flags":"i","reason":"调试数据目录 (仅 hook 内部可写, 防 AI/MCP 投毒)"},{"regex":"[\\\\/]\\.claude[\\\\/]ai-delivery-pipeline[\\\\/]staging[\\\\/]","flags":"i","reason":"AI 交付流水线 staging 区 (应通过 pipeline 流转, 禁止直写)"},{"regex":"[\\\\/]\\.claude[\\\\/]ai-delivery-pipeline[\\\\/]quarantine[\\\\/]","flags":"i","reason":"AI 交付流水线 quarantine 区 (防恶意样本读回 / red-team 攻击 3)"},{"regex":"[\\\\/]\\.claude[\\\\/]ai-delivery-pipeline[\\\\/]delivery[\\\\/]","flags":"i","reason":"AI 交付流水线 delivery 区 (禁绕过验证管道直覆盖)"}],"sensitive-redirect":[{"regex":"(?:[^=]>|>>)\\s*\\S*\\.env\\b","flags":"i","reason":"重定向写入 .env 文件"},{"regex":"(?:[^=]>|>>)\\s*\\S*\\.env\\.\\S+","flags":"i","reason":"重定向写入 .env.* 文件"},{"regex":"(?:[^=]>|>>)\\s*\\S*(?:credentials|secrets)\\.\\w+","flags":"i","reason":"重定向写入凭证/密钥文件"},{"regex":"(?:[^=]>|>>)\\s*\\S*\\.(?:pem|key|p12|pfx)\\b","flags":"i","reason":"重定向写入证书/密钥文件"},{"regex":"(?:[^=]>|>>)\\s*\\S*id_(?:rsa|ed25519|ecdsa)\\b","flags":"i","reason":"重定向写入 SSH 私钥文件"},{"regex":"(?:[^=]>|>>)\\s*\\S*\\.npmrc\\b","flags":"i","reason":"重定向写入 .npmrc 文件"},{"regex":"(?:[^=]>|>>)\\s*\\S*\\.pypirc\\b","flags":"i","reason":"重定向写入 .pypirc 文件"},{"regex":"\\btee\\s+\\S*\\.env\\b","flags":"i","reason":"tee 写入 .env 文件"},{"regex":"\\btee\\s+\\S*(?:credentials|secrets)\\.\\w+","flags":"i","reason":"tee 写入凭证/密钥文件"},{"regex":"(?:[^=]>|>>)\\s*\\S*\\.claude[/\\\\](?:hooks|settings|scripts)","flags":"i","reason":"重定向写入 .claude 基础设施文件"},{"regex":"\\btee\\s+\\S*\\.claude[/\\\\](?:hooks|settings|scripts)","flags":"i","reason":"tee 写入 .claude 基础设施文件"},{"regex":"(?:(?:[^=]>|>>)\\s*|\\btee\\s+)\\S*\\.claude[\\\\/]debug[\\\\/](?:route-state|route-feedback|adaptive-disambiguator|session-memory)","flags":"i","reason":"路由状态文件写保护 (ask): 防止通过 Bash 重定向篡改路由状态"}]}}