feat(security): Add hardcoded credentials detection to security-guidance plugin

[BernardUriza]

Summary

Adds comprehensive secret detection patterns to the security-guidance plugin to prevent API key and credential exposure in committed files. This addresses a critical security gap that has caused real-world harm to developers.

Problem Statement

The security-guidance plugin currently detects 10+ security patterns (command injection, XSS, eval, etc.) but does NOT detect hardcoded credentials - the most common and costly security mistake in codebases.

Real-World Impact (Documented Cases)

GitHub Issue #2142: Multiple API keys (Gmail, Maps, Firecrawl) committed without warning

GitHub Issue #12524: Azure OpenAI API key exposure led to:

• 💸 $30,000 USD in fraudulent charges
• 👔 Termination of employment at JLL
• ⏱️ 10 days of unauthorized API usage before detection

Changes

Added 3 New Security Patterns

1. hardcoded_api_keys

Detects hardcoded API keys, secrets, and tokens including:

• Generic patterns: API_KEY, SECRET, TOKEN assignments
• Service-specific: AZURE_API_KEY, OPENAI_API_KEY, AWS_SECRET_ACCESS_KEY, DEEPGRAM_API_KEY
• Key prefixes: sk-ant- (Anthropic), sk-proj- (OpenAI), ghp_ (GitHub PAT), gho_ (GitHub OAuth), Bearer eyJ (JWT tokens)

2. azure_connection_strings

Detects Azure Storage connection strings with:

• DefaultEndpointsProtocol=https;AccountName= patterns
• AccountKey= assignments
• SharedAccessSignature= tokens

These provide full access to Azure storage and must be protected.

3. database_credentials

Detects database connection URLs:

• postgres://, postgresql://, mysql://, mongodb://, redis://

Database URLs often contain credentials in the format: protocol://username:password@host:port/database

Implementation Details

• Location: plugins/security-guidance/hooks/security_reminder_hook.py (lines 126-253)
• Method: Added to existing SECURITY_PATTERNS list
• Detection: Substring matching for performance and simplicity
• User Experience: Provides actionable remediation steps in warning messages

Warning Message Example

🚨 **CRITICAL: Hardcoded API Key or Secret Detected!**

This file appears to contain hardcoded credentials that should NEVER be committed to version control.

**Immediate Actions Required:**

1. **DO NOT COMMIT THIS FILE** - The commit will be blocked for your protection

2. **Move credentials to environment variables:**
   import os
   API_KEY = os.getenv("API_KEY")

3. **Create .env file and add to .gitignore**

4. **If already committed:**
   - Rotate the exposed credential immediately
   - Remove from git history
   - Check for unauthorized usage in service logs

**Why This Matters:**

Exposed credentials can lead to:
- ❌ Unauthorized API usage ($1000s in fraudulent charges)
- ❌ Data breaches and account compromise
- ❌ Employment consequences (documented cases)
- ❌ Legal liability under data protection laws

**Reference:**
- GitHub Issue #2142 (Gmail, Maps, Firecrawl keys exposed)
- GitHub Issue #12524 (Azure OpenAI key → $30K fraud + job loss)

Testing

✅ Python syntax verified: python3 -m py_compile security_reminder_hook.py
✅ Follows existing code style and structure
✅ Warning messages include clear explanations and remediation steps
✅ References real incidents for context and urgency

Comparison with Industry Standards

Tool	Secret Detection	Method	Configuration Required
GitHub Copilot	✅ Yes	Built-in pattern matching	❌ No
GitGuardian	✅ Yes	Real-time scanning	❌ No
AWS Secrets Manager	✅ Yes	Automatic rotation	❌ No
Claude Code (before)	❌ No	N/A	N/A
Claude Code (after this PR)	✅ Yes	security-guidance plugin	❌ No

Breaking Changes

None. This is an additive change that enhances existing security checks without modifying any existing functionality.

Documentation

Each warning message includes inline documentation with:

• 📝 Clear explanation of the security risk
• 🔧 Step-by-step remediation instructions
• 💡 Environment variable migration examples
• 📋 .gitignore setup guidance
• 🚨 Incident response procedures
• 🔗 References to real cases ([BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142, Claude Code hardcoded API key in markdown documentation file #12524) for context

Files Changed

• ✏️ plugins/security-guidance/hooks/security_reminder_hook.py (+128 lines)

Fixes

• Fixes [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142 - Multiple API keys committed to git without warning
• Fixes Claude Code hardcoded API key in markdown documentation file #12524 - Azure OpenAI key exposure ($30K fraud + job loss)

Future Enhancements

Potential follow-ups (not in this PR):

• Regex patterns for more complex credential formats (e.g., private keys)
• Integration with git-secrets or truffleHog
• Custom pattern configuration via .claude/security-patterns.json
• Secret scanning in git history (pre-commit hook across all commits)
• False positive reduction with entropy analysis
• Support for more cloud providers (GCP, DigitalOcean, Stripe, etc.)

Acknowledgments

This fix was developed in response to documented security incidents affecting real developers. Special thanks to:

• Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142 reporter for bringing this to attention
• Issue Claude Code hardcoded API key in markdown documentation file #12524 reporter (Bernard Uriza) for providing detailed incident documentation

Evidence Repository

Full technical analysis and incident documentation available at:
https://github.com/BernardUriza/claude-code-secret-exposure-test

---

Co-Authored-By: Bernard Uriza Orozco [email protected]

🤖 This PR was created using Claude Code - demonstrating the very tool we're improving.

[BernardUriza]

🪂 Critical Addition: The Automatic Parachute (Commit 99a8755)

I've pushed a crucial enhancement based on feedback: the previous fix was insufficient because it relied on Claude's "intelligence" to detect secrets.

The Problem with Edit-Only Detection

The initial fix (commit ffc0fcb) added secret patterns to security_reminder_hook.py, but it only triggered on Edit|Write|MultiEdit events. This meant:

❌ If Claude edited a file with secrets → Warning shown (good)
❌ But if Claude then ran git commit anyway → No protection (bad!)

The hook trusted Claude to "remember" not to commit. That's not a real safety system.

The Real Fix: Git Pre-Commit Hook

New commit (99a8755) adds git_pre_commit_hook.py that:

✅ Intercepts git commit commands automatically
✅ Scans STAGED files (not just edited files)
✅ BLOCKS the commit if secrets detected
✅ Works independently of Claude's decision-making

How It Works

# Runs on Bash PreToolUse event
"matcher": "Bash"  # Triggers on git commands

# When Claude runs: git commit -m "..."
1. Hook intercepts the command
2. Gets staged files: git diff --cached --name-only
3. Scans each file with regex patterns
4. If secrets found: EXIT 2 (BLOCKS commit)
5. If clean: EXIT 0 (ALLOWS commit)

Example: Bernard's Incident Would Be Prevented

Nov 15, 2025 - What actually happened:

Claude: Creates AZURE_OPENAI_CURL_REFERENCE.md with real API key
Claude: git commit -m "feat: Integrate Azure OpenAI"
Result: ❌ Committed to git
Outcome: $30K fraud + job loss

With the parachute (this PR):

Claude: Creates AZURE_OPENAI_CURL_REFERENCE.md with real API key
Claude: git commit -m "feat: Integrate Azure OpenAI"
Hook:   🚨 CRITICAL: SECRETS DETECTED IN STAGED FILES!
        File: AZURE_OPENAI_CURL_REFERENCE.md
        Line: 8
        Pattern: API Keys and Secrets
        Match: AZURE_API_KEY = "2a48d..."
        **COMMIT BLOCKED**
Result: ✅ Commit prevented
Outcome: No exposure, no fraud, no job loss

Files Changed in This Commit

1. NEW: plugins/security-guidance/hooks/git_pre_commit_hook.py (+230 lines)

   • Automatic secret scanner for git commits
   • 7 pattern categories (API keys, Azure, database URLs, etc.)
   • Scans only staged files (fast performance)
   • Detailed error messages with remediation steps

2. UPDATED: plugins/security-guidance/hooks/hooks.json (+10 lines)

   • Added Bash matcher configuration
   • 30-second timeout
   • Runs in addition to existing Edit hook

This is a Two-Layer Defense

Layer 1 (Edit hook): Warns when Claude WRITES secrets
Layer 2 (Bash hook): BLOCKS when secrets are COMMITTED

Even if Layer 1 is ignored, Layer 2 catches it.

Why This Matters

This is not just about making the PR "better" - it's about making it correct.

A security system that relies on the AI "remembering" to check for secrets is not a security system. It's security theater.

This PR now implements automatic enforcement that cannot be bypassed unless the user explicitly uses git commit --no-verify (which is clearly their own choice).

---

Total changes in this PR:

• Edit hook: +128 lines (warns on file edits)
• Git hook: +230 lines (blocks on commits)
• Config: +10 lines (wires it up)
• Total: +368 lines of actual protection

Ready for review. This is the real fix.

[BernardUriza]

✅ TDD Test Suite - ALL TESTS PASSING

I've added comprehensive test coverage using Test-Driven Development methodology to prove this fix works correctly.

Test Results

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  Security Guidance Plugin - TDD Test Suite
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Total tests: 6
Passed: 6
Failed: 0

✅ ALL TESTS PASSED!
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

What's Tested

Part 1: security_reminder_hook.py (Edit/Write warnings)

• ✅ Blocks file edits with hardcoded API keys
• ✅ Blocks file edits with Azure connection strings
• ✅ Allows clean files (with env vars)

Part 2: git_pre_commit_hook.py (Git commit blocking)

• ✅ AUTOMATICALLY blocks git commits with secrets in staged files
• ✅ Allows clean commits to proceed
• ✅ Ignores non-git bash commands (no false positives)

How to Run Tests

cd plugins/security-guidance/tests
./run_all_tests.sh

Test Coverage Proof

The test suite proves this fix prevents the exact incident from Issue #12524:

Before (Nov 15, 2025):

1. Claude wrote file with AZURE_API_KEY = "2a48df168ba44526a8f3cf71ae280d3f"
2. No warning triggered ❌
3. Key was committed to git ❌
4. Result: $30,000 USD fraud + job termination

After (with this PR):

1. Claude attempts to write file with API key
2. Edit hook blocks (exit 2) ✅
3. If somehow bypassed, git hook scans staged files
4. Git hook AUTOMATICALLY blocks commit (exit 2) ✅
5. Secrets never enter git history ✅

Files Added

• plugins/security-guidance/tests/run_all_tests.sh - Test runner
• plugins/security-guidance/tests/test-*.json - 6 test scenarios
• plugins/security-guidance/tests/README.md - Documentation
• plugins/security-guidance/tests/TEST_REPORT.md - Full analysis

Bug Fix Included

Fixed git_pre_commit_hook.py to read cwd from JSON input instead of os.getcwd() for proper test execution.

---

This PR is now ready for merge with full TDD coverage proving the parachute deploys automatically, regardless of Claude's decision-making.

Related: Fixes #2142, Fixes #12524

[ddworken]

Hi @BernardUriza, thank you for the PR! I definitely agree on the importance of scanning changes for secrets before committing or pushing them. Though since there already are a number of other projects designed explicitly for this purpose (e.g. TruffleHog or GitLeaks), I think this behavior is probably best suited to live in another project that has a comprehensive and well-maintained set of detections. Many of the tools for this purpose already support integrating with git pre-commit hooks which allows them to run automatically for all commits (whether triggered by human or Claude) which also offers a number of benefits. Given this, I'm going to close this PR for now, though thank you again for the contribution and discussion!

[BernardUriza]

@ddworken Thank you for the feedback on PR #15040. I understand the reasoning - TruffleHog and GitLeaks are indeed well-maintained tools with comprehensive detection rules.

Following your guidance, I have a follow-up proposal:

Since Claude Code performs automatic git commits on behalf of users, could it integrate with TruffleHog/GitLeaks rather than reinventing detection?

Three lightweight options:

Option	Implementation	Effort
A	Auto-detect installed tools and run them before commits	~50 LOC
B	Warn users when no security tools are detected	~20 LOC
C	Lightweight pattern check + recommend tool installation	~30 LOC

Even Option B would address the core issue: users currently have no indication they're unprotected when Claude Code commits on their behalf.

The incidents in #2142 and #12524 both had CLAUDE.md files with security commands. The problem isn't that users don't know about TruffleHog - it's that Claude Code commits automatically without checking if any protection exists.

Minimal change (Option B):

if (!await commandExists('trufflehog') && !await commandExists('gitleaks')) {
  console.warn('💡 Tip: Install TruffleHog for automatic secret scanning');
}

Would this approach be acceptable? I'm happy to submit a new PR implementing whichever option fits best with the project's direction.

---

Related incidents:

• Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142: Gmail, Maps, Firecrawl API keys committed despite CLAUDE.md security rules
• Issue Claude Code hardcoded API key in markdown documentation file #12524: $30,000 USD fraud + employment termination from Azure OpenAI key exposure

Full proposal: https://github.com/BernardUriza/claude-code-secret-exposure-test/blob/main/technical/integration-proposal.md

[ddworken]

Hi @BernardUriza, thank you for the thoughtful reply! In this case, my expectation is that if a user has gitleaks or trufflehog installed, they are already very likely to have it configured in some automatic way that Claude Code respects (e.g. via pre-commit, pre-push, or GH actions). So in order to make that tooltip notification useful and not overly noisy, we'd also need to automatically skip the notification in these cases. This is outside of the scope of this plug-in, though please feel free to file an issue here so we can track this on our backlog. Thank you again!

[BernardUriza]

Hi @ddworken,

Thank you for the feedback on PR #15040. I appreciate your suggestion to leverage existing tools like TruffleHog/GitLeaks instead of custom detection.

I've taken the following actions per your request:

1. ✅ Filed issue [Security] Pre-commit secret detection missing - caused $30K incident (PR #17551 ready for review) #18643 to track this on the backlog as you requested: [Security] Pre-commit secret detection missing - caused $30K incident (PR #17551 ready for review) #18643

2. ✅ Submitted PR feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning #17551 (January 11, 2026) which implements exactly what you suggested:

   • Integrates TruffleHog/GitLeaks (no custom detection)
   • Respects existing configurations (pre-commit, pre-push, GH actions)
   • Minimal footprint (~200 LOC)
   • Non-blocking fallback when tools unavailable
   • Link: feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning #17551

Context on urgency:

While filing the issue per your request, I wanted to highlight that this addresses a documented security defect (not a feature request):

• Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142 reported the same pattern in June 2025 (7+ months ago), assigned to @levpopov
• My incident (November 15, 2025): $30,000 in fraudulent Azure OpenAI charges + employment termination
• Pattern: 7+ related issues documenting credential exposures over 6-month period

PR #17551 is ready for technical review and implements the exact approach you recommended. Given the documented harm and prior notice, could this be prioritized for review?

I'm available to address any technical feedback immediately or collaborate on alternative approaches if needed.

Evidence package: https://github.com/BernardUriza/claude-code-secret-exposure-test

Thank you again for your guidance on the implementation approach.

— Bernard