settings-local-json-credential-gap

secret-scanner hook only covers git commits — settings.local.json unprotected

The secret-scanner.py PreToolUse(Bash) hook scans staged files before git commit for 50+ secret patterns. But settings.local.json accumulates API keys via Claude Code’s permission auto-allow system — user clicks “allow” on Bash(export API_KEY="...") and the key is persisted in the allow array. These are never git-committed, so secret-scanner never sees them.

Fix: workspace-hygiene startup check #1 scans settings.local.json for credential patterns (AWS keys, hex tokens ≥32 chars, base64 API keys, inline assignments) at every session start. CRITICAL severity = blocks until removed. Session-close Action #2 re-scans as final defense.

Credential patterns: AKIA[A-Z0-9]{16}, [a-f0-9]{32,}, AQ\.[A-Za-z0-9_-]{20,}, Bash(export.*=["'][^"']{16,})

Related

• workspace-memory-split-brain
• enterprise-capability-expansion-5-pillars-from-digital-employee-analysis
• claude-code-to-nova-enterprise-backup-v3-2026-03-25 (archived)
• clawteam-openclaw-multi-agent-swarm-evaluation
• claude-code-to-nova-20260327-090715 (archived)