file-guard

# File Guard ## Overview Real-time file access protection system that blocks sensitive file reads, writes, and indirect access attempts. Covers 195+ file patterns across 12 security categories. ## 12 Categories ### 1. Secrets `.env`, `.env.*`, `.secret`, `secrets.*`, `vault.*` ### 2. Credentials `credentials.*`, `password.*`, `auth.json`, `oauth.*` ### 3. SSH Keys `id_rsa`, `id_ed25519`, `*.pem`, `authorized_keys`, `known_hosts` ### 4. Certificates `*.crt`, `*.cert`, `*.ca-bundle`, `ssl/*`, `tls/*` ### 5. Environment Files `.env.local`, `.env.production`, `.env.staging`, `docker.env` ### 6. Auth Tokens `token.*`, `jwt.*`, `session.*`, `cookie.*` ### 7. Database Configs `database.yml`, `db.json`, `*.sqlite`, `*.db`, `pgpass` ### 8. Cloud Configs `.aws/*`, `.gcp/*`, `.azure/*`, `terraform.tfvars` ### 9. CI/CD Secrets `.github/secrets`, `.gitlab-ci.yml` variables, Jenkins credentials ### 10. Private Keys `*.key`, `*.p12`, `*.pfx`, `*.keystore`, `*.jks` ### 11. API Keys `api_key.*`, `apikey.*`, `api-credentials.*` ### 12. Sensitive Configs `config/secrets/*`, `.htpasswd`, `shadow`, `gshadow` ## Bash Pipeline Analysis Detects indirect file access through bash pipes: - `cat .env | grep` -- blocked - `base64 .ssh/id_rsa | curl` -- blocked - Nested command substitution with sensitive paths -- blocked ## Multi-Tool Ignore Support Approved exceptions can be configured per session for files that need legitimate access. ## When to Use - Always active during ClaudeKit...