{
  "_comment": "命令行凭证泄露检测 (ask) — 由 block-dangerous-commands.js 加载",
  "_version": "v3.8",
  "patterns": [
    {
      "regex": "(?:password|passwd)=\\S{6,}",
      "flags": "i",
      "reason": "命令中包含明文密码"
    },
    {
      "regex": "(?:secret|token|api[-_]?key)=(?:eyJ|sk-|ghp_|glpat-)\\S{10,}",
      "flags": "i",
      "reason": "命令中包含 API Token"
    },
    {
      "regex": "Authorization:\\s*Bearer\\s+\\S{20,}",
      "flags": "i",
      "reason": "命令中包含 Bearer Token"
    },
    {
      "regex": "AKIA[0-9A-Z]{16}",
      "flags": "i",
      "reason": "命令中包含 AWS Access Key"
    },
    {
      "regex": "sk-ant-[a-zA-Z0-9_-]{20,}",
      "flags": "",
      "reason": "命令中包含 Anthropic API Key"
    },
    {
      "regex": "~.[a-zA-Z0-9_-]{34}",
      "flags": "",
      "reason": "命令中可能包含 Azure AD Client Secret"
    }
  ]
}