{
  "_comment": "命令行凭证泄露检测 (ask) — 由 block-dangerous-commands.js 加载",
  "_version": "v3.9-staging-ext",
  "patterns": [
    {
      "regex": "(?:password|passwd)=\\S{6,}",
      "flags": "i",
      "reason": "命令中包含明文密码"
    },
    {
      "regex": "(?:secret|token|api[-_]?key)=(?:eyJ|sk-|ghp_|glpat-)\\S{10,}",
      "flags": "i",
      "reason": "命令中包含 API Token"
    },
    {
      "regex": "Authorization:\\s*Bearer\\s+\\S{20,}",
      "flags": "i",
      "reason": "命令中包含 Bearer Token"
    },
    {
      "regex": "AKIA[0-9A-Z]{16}",
      "flags": "i",
      "reason": "命令中包含 AWS Access Key"
    },
    {
      "regex": "sk-ant-[a-zA-Z0-9_-]{20,}",
      "flags": "",
      "reason": "命令中包含 Anthropic API Key"
    },
    {
      "regex": "~.[a-zA-Z0-9_-]{34}",
      "flags": "",
      "reason": "命令中可能包含 Azure AD Client Secret"
    },
    {
      "regex": "sk_live_[A-Za-z0-9]{24,}",
      "flags": "",
      "reason": "Stripe Live Secret Key (文件内容)"
    },
    {
      "regex": "sk_test_[A-Za-z0-9]{24,}",
      "flags": "",
      "reason": "Stripe Test Secret Key (文件内容)"
    },
    {
      "regex": "ghp_[A-Za-z0-9]{36,}",
      "flags": "",
      "reason": "GitHub Personal Access Token (新版)"
    },
    {
      "regex": "xox[baprs]-[A-Za-z0-9-]{10,}",
      "flags": "",
      "reason": "Slack Token"
    }
  ]
}