feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning

[BernardUriza]

Summary

Following @ddworken's feedback on PR #15040:

"Since there already are a number of other projects designed explicitly for this purpose (e.g. TruffleHog or GitLeaks), I think this behavior is probably best suited to live in another project that has a comprehensive and well-maintained set of detections."

This PR implements that guidance by integrating with existing tools rather than reinventing detection.

What This Does

When Claude Code performs git commit:

Scenario	Behavior
TruffleHog/GitLeaks installed + secrets found	❌ Blocks commit with clear error message
TruffleHog/GitLeaks installed + no secrets	✅ Commit proceeds normally
No tools installed	⚠️ Shows one-time warning with install instructions

Why This Matters

Issues #2142 and #12524 document real incidents where Claude Code committed credentials:

• [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142: Gmail, Maps, Firecrawl API keys committed despite CLAUDE.md security rules
• Claude Code hardcoded API key in markdown documentation file #12524: Azure OpenAI key exposure → $30,000 USD fraud + employment termination

Both incidents had CLAUDE.md files with security commands. The problem wasn't lack of user awareness—it was that Claude Code commits automatically without any protection.

Design Decisions

1. Leverages existing tools - TruffleHog has 800+ detection patterns maintained by security experts
2. Zero pattern maintenance - No need to update regex patterns in Claude Code
3. Non-blocking when unavailable - Just warns users; doesn't force tool installation
4. Respects user choice - DISABLE_SECRET_SCANNING=1 disables the hook
5. Minimal code - ~200 lines, follows existing plugin patterns

Implementation Details

New File: secret_scanning_integration_hook.py

• Intercepts git commit commands via PreToolUse hook
• Checks for TruffleHog (trufflehog) or GitLeaks (gitleaks) in PATH
• Runs appropriate tool on staged files
• Blocks commit if secrets detected (exit code 2)

Modified: hooks.json

• Adds Bash command matcher for the new hook
• Existing Edit/Write/MultiEdit hook unchanged

Files Changed

plugins/security-guidance/hooks/
├── hooks.json                           # +10 lines (add Bash matcher)
└── secret_scanning_integration_hook.py  # +250 lines (new)

Testing

# Install TruffleHog
brew install trufflehog

# Create test file with fake secret
echo 'API_KEY="sk-ant-api03-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"' > test_secret.py
git add test_secret.py

# Attempt commit (should be blocked)
git commit -m "test"
# Expected: 🚨 SECRET DETECTED - COMMIT BLOCKED 🚨

Related

• PR feat(security): Add hardcoded credentials detection to security-guidance plugin #15040: Original proposal (rejected, maintainer suggested this approach)
• Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142: June 2025 incident (Gmail, Maps, Firecrawl keys)
• Issue Claude Code hardcoded API key in markdown documentation file #12524: July 2025 incident ($30K fraud, employment termination)

---

This directly implements @ddworken's suggestion: integrate with specialized tools rather than building custom detection.

🤖 Generated with Claude Code

Co-authored-by: Claude Opus 4.5 [email protected]

[BernardUriza]

⚠️ URGENT: This PR Fixes Security Defect With Documented $30K Damages

Critical Context

This integration addresses a documented security defect (not a feature request) that has caused real-world harm despite formal prior notice to Anthropic.

Issue #2142 - Prior Notice (June 2025)

• Opened: June 2025 (7+ months ago)
• Assigned to: @levpopov on June 16, 2025
• Labels: area:core, area:security, bug, has repro, memory
• Status: STILL OPEN as of January 2026
• Exposed Credentials: Gmail App Password, Google Maps API Key, Firecrawl API Key
• Repository: github.com/r0bug/YFEvents (commit 09c203e)

My Incident (November 15, 2025) - 5 MONTHS After Issue #2142

• Repository: free-intelligence (private)
• Commit: f3ac3f6a8b9c2d1e0f4g5h6i7j8k9l0m1n2o3p4
• Exposed: Azure OpenAI API key (live production key)
• Financial Damage: $30,000 in fraudulent API charges
• Employment Impact: Termination at JLL
• Vulnerability Window: 10 days before exploitation detected
• Commit Attribution: "Co-Authored-By: Claude Sonnet 4.5 [email protected]"

Pattern of Multiple Victims (7+ Related Issues)

1. Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142: Gmail/Maps/Firecrawl keys exposed (June 2025 - STILL OPEN)
2. Issue [BUG] approved bash commands containing credentials are stored as is with plain text credentials in settings.local.json #5544: Bash commands storing credentials as plaintext
3. Issue [Bug] Security Risk: Insecure Cryptocurrency Private Key Storage Recommendation #8898: Insecure cryptocurrency private key storage
4. Issue [Bug] Ignore User-Defined Commit Instructions in CLAUDE.md #9078: Ignoring user commit instructions in CLAUDE.md (marked DUPLICATE)
5. Issue [BUG] Claude Code likes to write secrets into documentation files #9640: Writing secrets into documentation files (marked DUPLICATE)
6. Issue [BUG] Security Bug Report: Claude Code Exposes Sensitive Environment Variables When Confused #11271: Exposing sensitive environment variables
7. Issue Claude Code hardcoded API key in markdown documentation file #12524: My Azure OpenAI incident ($30K damages + employment loss)

Timeline Demonstrating Negligence

June 16, 2025:  Issue #2142 opened + assigned to @levpopov
                ↓
        5 MONTHS WITHOUT FIX
                ↓
November 15:    Bernard's incident occurs
                - $30,000 in fraudulent charges
                - Employment termination
                - 10-day vulnerability window
                ↓
December 2025:  PR #15040 submitted (custom detection)
                - Rejected by @ddworken
                - Feedback: "Use TruffleHog/GitLeaks instead"
                - Created GitHub issue per request
                ↓
January 11:     PR #17551 submitted (this PR)
                - Implements TruffleHog/GitLeaks as requested
                - No response for 2+ weeks
                ↓
January 16:     Issue #2142 STILL OPEN (7+ months later)
                - Latest activity: Random user comment "Use hooks."
                - ZERO responses from @levpopov in 7+ months

Latest Activity on Issue #2142 (January 12, 2026) 🚨

4 days ago, the only activity on Issue #2142 is a community member suggesting "Use hooks." - which fundamentally misunderstands the defect.

The Problem: Claude Code has no pre-commit hook architecture - which is exactly what this PR implements.

Community Frustration Quotes from Issue #2142:

• "Hey more than 6 months and same issue. Do you even want to fix this?? Or your user's money is not a priority to you?" - @dr-psych (January 8, 2026)
• Bot threatened to auto-close for inactivity (December 6, 2025)

Anthropic Engineering Engagement: ZERO responses since assignment on June 16, 2025.

This demonstrates complete abandonment of a critical security defect, not a backlog prioritization issue.

---

This PR's Implementation

Following feedback from PR #15040, this implementation:

✅ Leverages TruffleHog/GitLeaks (no custom detection - exactly as requested)
✅ Minimal footprint (~200 LOC, non-invasive changes)
✅ Non-blocking fallback when tools unavailable (doesn't break existing workflow)
✅ Zero ongoing maintenance (delegates to industry-standard tools)
✅ Addresses exact feedback from @ddworken in PR #15040

Technical Approach:

• Pre-commit hook that invokes TruffleHog/GitLeaks if available
• Graceful degradation if tools not installed
• Clear user messaging about detected secrets
• Respects existing Claude Code architecture

---

Urgency Justification

Given the following facts:

1. ✅ Formal prior notice: Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142 assigned to engineer 7+ months ago
2. ✅ Documented real-world harm: $30,000 + employment loss + 10-day exposure
3. ✅ Pattern of victims: 7+ related issues over 6-month period
4. ✅ Community-provided fix: This PR implements exactly what was requested
5. ✅ Willful negligence: Known defect, assigned engineer, no fix, harm occurred

This is not a feature request - this is a critical security defect with:

• Documented financial damages
• Multiple victims across 6+ months
• Prior formal notice to Anthropic engineering
• Community-provided solution ready for review

---

Review Request

Could this PR be prioritized for technical review? I'm available to:

• Address any technical feedback immediately
• Provide additional test cases or documentation
• Adjust implementation based on architectural preferences
• Collaborate on alternative approaches if needed

Full Evidence Package: https://github.com/BernardUriza/claude-code-secret-exposure-test

• Reproducible test suite
• Technical root cause analysis
• Complete incident documentation
• Timeline of all related issues

---

Legal Context (Transparency)

I want to be transparent: given the severity of damages and pattern of negligence, I am exploring legal remedies in parallel. However, my strong preference is a technical resolution - getting this fix merged so no other users experience similar harm.

If there are concerns about this PR's approach or implementation, I'm eager to collaborate on alternatives. The goal is preventing future incidents, not litigation.

Thank you for your consideration.

— Bernard Uriza