bookworm/bookworm-smart-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
131840c962
bookworm-smart-assistant/hooks/rules/sensitive-paths.json
Bookworm Admin b7a8e29d21 release: v6.7.0 - OTA E2E test release 
- VERSION file as authoritative version source
- export.mjs reads VERSION with package.json fallback
- bw-ota.ps1 DryRun mode for safe testing
- auto-setup.ps1 bumped to v3.2.0 (Phase 8 OTA)
2026-04-27 17:59:44 +08:00

202 lines
5.3 KiB
JSON
Raw Blame History

{
"_comment": "敏感文件路径模式 (deny) — 由 block-sensitive-files.js 加载",
"_version": "v3.10-s1-delivery-pipeline",
"patterns": [
{
"regex": "\\.env$",
"flags": "i",
"reason": ".env 环境变量文件"
},
{
"regex": "\\.env\\.\\w+$",
"flags": "i",
"reason": ".env.* 环境变量文件"
},
{
"regex": "credentials?\\.(json|yaml|yml|toml|xml)$",
"flags": "i",
"reason": "凭证配置文件"
},
{
"regex": "secrets?\\.(json|yaml|yml|toml|xml)$",
"flags": "i",
"reason": "密钥配置文件"
},
{
"regex": "\\.pem$",
"flags": "i",
"reason": "PEM 证书/密钥文件"
},
{
"regex": "\\.key$",
"flags": "i",
"reason": "私钥文件"
},
{
"regex": "\\.p12$",
"flags": "i",
"reason": "PKCS12 证书文件"
},
{
"regex": "\\.pfx$",
"flags": "i",
"reason": "PFX 证书文件"
},
{
"regex": "id_rsa",
"flags": "i",
"reason": "SSH RSA 私钥"
},
{
"regex": "id_ed25519",
"flags": "i",
"reason": "SSH ED25519 私钥"
},
{
"regex": "\\.ssh[\\/\\\\]config$",
"flags": "i",
"reason": "SSH 配置文件"
},
{
"regex": "\\.npmrc$",
"flags": "i",
"reason": "npm 配置(可能含 token)"
},
{
"regex": "\\.pypirc$",
"flags": "i",
"reason": "PyPI 配置(可能含 token)"
},
{
"regex": "\\.kube[\\/\\\\]config$",
"flags": "i",
"reason": "Kubernetes 配置"
},
{
"regex": "service[-_]?account.*\\.json$",
"flags": "i",
"reason": "GCP 服务账号密钥"
},
{
"regex": "firebase[-_]?adminsdk.*\\.json$",
"flags": "i",
"reason": "Firebase Admin SDK 密钥"
},
{
"regex": "\\.docker[\\/\\\\]config\\.json$",
"flags": "i",
"reason": "Docker 注册表凭证"
},
{
"regex": "\\.netrc$",
"flags": "i",
"reason": ".netrc 网络凭证文件"
},
{
"regex": "\\.git-credentials$",
"flags": "i",
"reason": "Git 明文凭证存储"
},
{
"regex": "\\.htpasswd$",
"flags": "i",
"reason": "HTTP Basic Auth 密码文件"
},
{
"regex": "wp-config\\.php$",
"flags": "i",
"reason": "WordPress 数据库凭证"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]settings\\.json$",
"flags": "i",
"reason": "Claude Code 核心权限配置文件"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]settings\\.local\\.json$",
"flags": "i",
"reason": "Claude Code 本地配置文件"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]hooks[\\\\/][^\\\\/]+\\.js$",
"flags": "i",
"reason": "安全防护钩子文件"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]hooks[\\\\/]rules[\\\\/][^\\\\/]+\\.json$",
"flags": "i",
"reason": "安全规则配置文件"
},
{
"regex": "[\\/].claude[\\/]debug[\\/](?:route-state|adaptive-disambiguator|session-memory|route-weights|route-feedback)",
"flags": "i",
"reason": "路由状态文件 (防 Write/Edit 投毒)"
},
{
"regex": "[\\/].claude[\\/]hooks[\\/]checksums.(json|sig)",
"flags": "i",
"reason": "完整性校验文件"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]constitution[\\\\/]",
"flags": "i",
"reason": "AI 宪法文件 (不可修改)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]feature-flags\\.json$",
"flags": "i",
"reason": "功能开关配置 (控制安全钩子启停)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]debug[\\\\/]user-overrides\\.json$",
"flags": "i",
"reason": "逃生舱状态文件 (防投毒)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]skills-index\\.json$",
"flags": "i",
"reason": "路由技能索引 (防篡改)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]SKILL-REGISTRY\\.md$",
"flags": "i",
"reason": "技能注册表 (防篡改)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]scripts[\\\\/][^\\\\/]+\\.js$",
"flags": "i",
"reason": "Hook dependency scripts (tamper protection)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]CLAUDE\\.md$",
"flags": "i",
"reason": "System instruction file (prompt injection protection)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]debug[\\\\/]security-",
"flags": "i",
"reason": "Security audit logs (tamper protection)"
},
{
"regex": "[\\/].claude[\\/]debug[\\/]",
"flags": "i",
"reason": "调试数据目录 (仅 hook 内部可写, 防 AI/MCP 投毒)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]ai-delivery-pipeline[\\\\/]staging[\\\\/]",
"flags": "i",
"reason": "AI 交付流水线 staging 区 (应通过 pipeline 流转, 禁止直写)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]ai-delivery-pipeline[\\\\/]quarantine[\\\\/]",
"flags": "i",
"reason": "AI 交付流水线 quarantine 区 (防恶意样本读回 / red-team 攻击 3)"
},
{
"regex": "[\\\\/]\\.claude[\\\\/]ai-delivery-pipeline[\\\\/]delivery[\\\\/]",
"flags": "i",
"reason": "AI 交付流水线 delivery 区 (禁绕过验证管道直覆盖)"
}
]
}
Reference in New Issue View Git Blame Copy Permalink