@esoteric-logic/praxis-harness 2.5.1 → 2.7.0

package/base/CLAUDE.md

@@ -134,7 +134,7 @@ Kit manifests live in `~/.claude/kits/<name>/KIT.md`.
 
 ## Rules Registry — Load on Demand Only
 
-### Universal — always active (7 rules)
+### Universal — always active (8 rules)
 | File | Purpose |
 |------|---------|
 | `~/.claude/rules/profile.md` | Who the user is, identities, working style |
@@ -144,6 +144,7 @@ Kit manifests live in `~/.claude/kits/<name>/KIT.md`.
 | `~/.claude/rules/vault.md` | Second brain integration — vault backend, file purposes |
 | `~/.claude/rules/context-management.md` | Context anti-rot, phase scoping, context reset protocol |
 | `~/.claude/rules/memory-boundary.md` | Auto-memory boundary, MEMORY.md cap, dream integration |
+| `~/.claude/rules/security-posture.md` | Sandbox model, credential protection, protected paths |
 
 ### Scoped — load only when paths match
 | File | Loads when |
@@ -152,9 +153,24 @@ Kit manifests live in `~/.claude/kits/<name>/KIT.md`.
 | `~/.claude/rules/terraform.md` | `**/*.tf`, `**/*.tfvars` |
 | `~/.claude/rules/github-actions.md` | `.github/workflows/**` |
 | `~/.claude/rules/powershell.md` | `**/*.ps1`, `**/*.psm1` |
+| `~/.claude/rules/dependency-freshness.md` | `package.json`, `go.mod`, `requirements.txt`, `Cargo.toml`, `pyproject.toml` |
+| `~/.claude/rules/live-docs-required.md` | Dependency manifests, files importing external packages |
 
 ### Auto-invocable skills (replace former universal rules)
 | Skill | Triggers when |
 |-------|--------------|
 | `communication-standards` | Writing client-facing docs, proposals, status reports, commits, PRs |
 | `architecture-patterns` | Writing ADRs, specs, system design, risk docs, blocker reports |
+
+## Judgment & Research Commands
+
+| Command | Purpose |
+|---------|---------|
+| `/duel` | Parallel Alpha/Beta implementation → blind scoring → synthesis |
+| `/deliberate` | Multi-perspective decision analysis with scored option matrix |
+| `/freshness` | Full dependency audit — CVEs, outdated packages, maintenance status |
+| `/research <pkg>` | Live docs (Context7) + CVE/version/maintenance check (Perplexity Sonar) |
+
+MCP server templates: `base/configs/mcp-servers.json` — declarative config for context7, github, perplexity-sonar.
+Dependency registry: `base/configs/registry.json` — single source of truth for all tools, auth, hooks.
+Preflight gate: `bin/praxis-preflight.sh` (alias: `praxis doctor`) — verifies auth, tools, MCP, keys.

package/base/configs/ci/lint-stack.yml

@@ -0,0 +1,126 @@
+# Polyglot Lint Stack — 3-Layer CI Template
+# Copy to: .github/workflows/lint-stack.yml
+# Conditional: each tool runs only if its language files exist in the repo.
+# Pin actions to SHA — update hashes when upgrading versions.
+
+name: Lint Stack
+on:
+  pull_request:
+    branches: [main, develop]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  # ─────────────────────────────────────────────
+  # LAYER 1: Fast Feedback (~10s per tool)
+  # ─────────────────────────────────────────────
+  lint:
+    name: L1 — Lint + Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      # Python — Ruff
+      - name: Ruff check
+        if: hashFiles('**/*.py') != ''
+        uses: astral-sh/ruff-action@9700c1666704e06e2cf8f9046755e3dfc6297e40 # v3.2.1
+        with:
+          args: "check"
+      - name: Ruff format check
+        if: hashFiles('**/*.py') != ''
+        uses: astral-sh/ruff-action@9700c1666704e06e2cf8f9046755e3dfc6297e40 # v3.2.1
+        with:
+          args: "format --check"
+
+      # JS/TS — Biome
+      - name: Setup Biome
+        if: hashFiles('**/*.js', '**/*.ts', '**/*.jsx', '**/*.tsx') != ''
+        uses: biomejs/setup-biome@1cbe33ead22c7a2fded3b52fa2893611c815c3d2 # v2.5.0
+      - name: Biome CI
+        if: hashFiles('**/*.js', '**/*.ts', '**/*.jsx', '**/*.tsx') != ''
+        run: biome ci .
+
+      # Go — golangci-lint
+      - name: golangci-lint
+        if: hashFiles('go.mod') != ''
+        uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # v7.0.0
+        with:
+          version: v2.1
+
+      # Rust — Clippy
+      - name: Setup Rust toolchain
+        if: hashFiles('Cargo.toml') != ''
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # stable
+        with:
+          toolchain: stable
+          components: clippy, rustfmt
+      - name: Clippy
+        if: hashFiles('Cargo.toml') != ''
+        run: cargo clippy --all-targets --all-features -- -D warnings
+      - name: rustfmt check
+        if: hashFiles('Cargo.toml') != ''
+        run: cargo fmt --all -- --check
+
+      # Shell — ShellCheck
+      - name: ShellCheck
+        if: hashFiles('**/*.sh') != ''
+        run: |
+          sudo apt-get install -y shellcheck
+          find . -name '*.sh' -not -path './node_modules/*' -not -path './vendor/*' | xargs shellcheck -s bash
+
+  # ─────────────────────────────────────────────
+  # LAYER 2: Quality Gates (~2min)
+  # ─────────────────────────────────────────────
+  security-scan:
+    name: L2 — Semgrep
+    runs-on: ubuntu-latest
+    needs: lint
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: semgrep/semgrep-action@713efdd345ae26c72e79b5b32927be8e0e6bab83 # v1
+        with:
+          config: >-
+            p/default
+            p/secrets
+            p/owasp-top-ten
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+
+  # Uncomment to add SonarQube quality gate (requires self-hosted server)
+  # sonarqube:
+  #   name: L2 — SonarQube
+  #   runs-on: ubuntu-latest
+  #   needs: lint
+  #   steps:
+  #     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+  #       with:
+  #         fetch-depth: 0
+  #     - uses: SonarSource/sonarqube-scan-action@0e1a25e90571a34e2ec5c72ee40ba45cc73a1e6e # v4
+  #       env:
+  #         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  #         SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+  #     - uses: SonarSource/sonarqube-quality-gate-action@dc2f7b0dd95544cd550de3066f25f47e3fc20894 # v1.1.0
+  #       timeout-minutes: 5
+  #       env:
+  #         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  # ─────────────────────────────────────────────
+  # LAYER 3: AI Review (~2min, optional)
+  # ─────────────────────────────────────────────
+  # Uncomment to enable AI-powered PR review.
+  # Requires OPENAI_API_KEY secret or self-hosted Ollama.
+  #
+  # ai-review:
+  #   name: L3 — AI Review
+  #   runs-on: ubuntu-latest
+  #   needs: [security-scan]
+  #   steps:
+  #     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+  #     - uses: Codium-ai/pr-agent@main
+  #       env:
+  #         OPENAI_KEY: ${{ secrets.OPENAI_API_KEY }}
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  #       with:
+  #         command: review

package/base/configs/linters/.markdownlint.json

@@ -0,0 +1,7 @@
+{
+  "default": true,
+  "MD013": false,
+  "MD024": { "siblings_only": true },
+  "MD033": false,
+  "MD041": true
+}

package/base/configs/linters/.pre-commit-config.yaml

@@ -0,0 +1,63 @@
+repos:
+  # General file hygiene
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-json
+      - id: check-added-large-files
+        args: ['--maxkb=500']
+      - id: detect-private-key
+      - id: check-merge-conflict
+
+  # Layer 1: Python — Ruff
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.11.6
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  # Layer 1: JS/TS — Biome
+  - repo: https://github.com/biomejs/pre-commit
+    rev: v2.0.0
+    hooks:
+      - id: biome-check
+        additional_dependencies: ["@biomejs/biome@2.0.0"]
+
+  # Layer 1: Shell — ShellCheck
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.10.0.1
+    hooks:
+      - id: shellcheck
+        args: [-s, bash]
+
+  # Layer 1: Go — golangci-lint
+  - repo: https://github.com/golangci/golangci-lint
+    rev: v2.1.0
+    hooks:
+      - id: golangci-lint
+
+  # Layer 1: Rust — rustfmt + clippy
+  - repo: local
+    hooks:
+      - id: rustfmt
+        name: rustfmt
+        entry: rustfmt
+        language: system
+        types: [rust]
+      - id: clippy
+        name: clippy
+        entry: cargo clippy -- -D warnings
+        language: system
+        types: [rust]
+        pass_filenames: false
+
+  # Layer 2: Semgrep security scan
+  - repo: https://github.com/semgrep/semgrep
+    rev: v1.120.0
+    hooks:
+      - id: semgrep
+        args: ['--config', 'auto', '--error']

package/base/configs/linters/biome.json

@@ -0,0 +1,41 @@
+{
+  "$schema": "https://biomejs.dev/schemas/2.0.0/schema.json",
+  "organizeImports": { "enabled": true },
+  "linter": {
+    "enabled": true,
+    "rules": {
+      "recommended": true,
+      "complexity": {
+        "noExcessiveCognitiveComplexity": {
+          "level": "warn",
+          "options": { "maxAllowedComplexity": 15 }
+        }
+      },
+      "suspicious": {
+        "noExplicitAny": "warn",
+        "noConsoleLog": "warn"
+      },
+      "correctness": {
+        "noUnusedVariables": "error",
+        "noUnusedImports": "error"
+      }
+    }
+  },
+  "formatter": {
+    "enabled": true,
+    "indentStyle": "space",
+    "indentWidth": 2,
+    "lineWidth": 100
+  },
+  "javascript": {
+    "formatter": {
+      "quoteStyle": "single",
+      "semicolons": "always"
+    }
+  },
+  "json": {
+    "formatter": {
+      "indentWidth": 2
+    }
+  }
+}

package/base/configs/linters/clippy.toml

@@ -0,0 +1,4 @@
+cognitive-complexity-threshold = 20
+too-many-arguments-threshold = 7
+type-complexity-threshold = 250
+single-char-binding-names-threshold = 4

package/base/configs/linters/ruff.toml

@@ -0,0 +1,26 @@
+target-version = "py312"
+line-length = 100
+fix = true
+
+[lint]
+select = [
+  "E", "W",    # pycodestyle
+  "F",         # pyflakes
+  "I",         # isort
+  "N",         # pep8-naming
+  "UP",        # pyupgrade
+  "S",         # bandit (security)
+  "B",         # flake8-bugbear
+  "A",         # flake8-builtins
+  "C4",        # flake8-comprehensions
+  "SIM",       # flake8-simplify
+  "RUF",       # ruff-specific
+]
+ignore = ["E501"]  # line length handled by formatter
+
+[lint.per-file-ignores]
+"tests/**" = ["S101"]  # allow assert in tests
+
+[format]
+quote-style = "double"
+indent-style = "space"

package/base/configs/linters/rustfmt.toml

@@ -0,0 +1,7 @@
+edition = "2024"
+max_width = 100
+tab_spaces = 4
+use_field_init_shorthand = true
+use_try_shorthand = true
+imports_granularity = "Crate"
+group_imports = "StdExternalCrate"

package/base/configs/linters/semgrep.yml

@@ -0,0 +1,65 @@
+rules:
+  # Usage:
+  #   semgrep --config auto                   (recommended community rules)
+  #   semgrep --config p/owasp-top-ten        (OWASP Top 10)
+  #   semgrep --config p/secrets              (secret detection)
+  #   semgrep --config .semgrep.yml           (this file — custom rules)
+
+  # Custom: ban f-string SQL queries
+  - id: no-fstring-sql-execute
+    patterns:
+      - pattern: cursor.execute($QUERY, ...)
+      - pattern-not: cursor.execute("...", ...)
+      - metavariable-pattern:
+          metavariable: $QUERY
+          pattern: |
+            f"..."
+    message: "Use parameterized queries instead of f-strings in SQL"
+    severity: ERROR
+    languages: [python]
+
+  # Custom: no hardcoded secrets in source
+  - id: hardcoded-secret-assignment
+    pattern-either:
+      - pattern: $KEY = "..."
+    metavariable-regex:
+      metavariable: $KEY
+      regex: ".*(secret|password|token|api_key|apikey|auth_token).*"
+    message: "Possible hardcoded secret — use environment variables"
+    severity: WARNING
+    languages: [python, javascript, typescript, java, go, rust]
+
+  # Custom: no unsafe unwrap in Rust production code
+  - id: rust-no-unwrap
+    pattern: $X.unwrap()
+    message: "Avoid .unwrap() — use .expect() with context or propagate with ?"
+    severity: WARNING
+    languages: [rust]
+    paths:
+      exclude:
+        - "*_test.rs"
+        - "tests/**"
+        - "benches/**"
+
+  # Custom: no fmt.Println in Go production code
+  - id: go-no-fmt-println
+    pattern: fmt.Println(...)
+    message: "Use structured logging instead of fmt.Println"
+    severity: WARNING
+    languages: [go]
+    paths:
+      exclude:
+        - "*_test.go"
+        - "cmd/**"
+
+# Paths to exclude from scanning
+paths:
+  exclude:
+    - node_modules
+    - vendor
+    - .terraform
+    - target
+    - dist
+    - build
+    - "*.min.js"
+    - "*.generated.*"

package/base/configs/mcp-servers.json

@@ -0,0 +1,26 @@
+{
+  "mcpServers": {
+    "context7": {
+      "command": "npx",
+      "args": ["-y", "@upstash/context7-mcp@latest"],
+      "description": "Real-time library documentation — always use before generating code that touches any npm/PyPI/crate dependency"
+    },
+    "github": {
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_TOKEN": "${GITHUB_TOKEN}"
+      },
+      "description": "GitHub MCP — issues, PRs, repos. Token auto-set from gh auth."
+    },
+    "perplexity-sonar": {
+      "command": "npx",
+      "args": ["-y", "mcp-perplexity-server"],
+      "env": {
+        "PERPLEXITY_API_KEY": "${PERPLEXITY_API_KEY}",
+        "PERPLEXITY_MODEL": "sonar-pro"
+      },
+      "description": "Web search for CVEs, changelogs, security advisories. Default sonar-pro. Override per-call: sonar (fast), sonar-reasoning (/deliberate only)."
+    }
+  }
+}

package/base/configs/registry.json

@@ -0,0 +1,121 @@
+{
+  "version": "2.0",
+  "auth": {
+    "claude": {
+      "check": "claude auth status",
+      "fix": "claude auth login",
+      "blocking": true,
+      "description": "Claude Code OAuth — browser login, no API key needed"
+    },
+    "github": {
+      "check": "gh auth status",
+      "fix": "gh auth login",
+      "fallback_env": "GITHUB_TOKEN",
+      "auto_populate": "gh auth token",
+      "blocking": false,
+      "feature": "github-mcp"
+    }
+  },
+  "binaries": {
+    "required": [
+      {"name": "claude", "minVersion": "1.0.0", "install": "npm install -g @anthropic-ai/claude-code"},
+      {"name": "node", "minVersion": "18.0.0", "install": "brew install node"},
+      {"name": "npm", "minVersion": "9.0.0", "install": "npm install -g npm@latest"},
+      {"name": "git", "minVersion": "2.30.0", "install": "brew install git"},
+      {"name": "jq", "minVersion": "1.6", "install": "brew install jq"},
+      {"name": "gh", "minVersion": "2.0.0", "install": "brew install gh"}
+    ],
+    "optional": [
+      {"name": "trufflehog", "feature": "secret-scanning", "install": "brew install trufflehog"},
+      {"name": "gitleaks", "feature": "secret-scanning", "install": "brew install gitleaks"},
+      {"name": "osv-scanner", "feature": "dep-audit", "install": "go install github.com/google/osv-scanner/cmd/osv-scanner@latest"},
+      {"name": "pip-audit", "feature": "dep-audit-python", "install": "pip install pip-audit"},
+      {"name": "docker", "feature": "docker-sandbox", "install": "brew install --cask docker"},
+      {"name": "biome", "feature": "lint-js", "install": "npm install -g @biomejs/biome"},
+      {"name": "ruff", "feature": "lint-python", "install": "pip install ruff"},
+      {"name": "semgrep", "feature": "security-scan", "install": "pip install semgrep"},
+      {"name": "markdownlint", "feature": "lint-markdown", "install": "npm install -g markdownlint-cli"},
+      {"name": "pre-commit", "feature": "pre-commit-hooks", "install": "pip install pre-commit"},
+      {"name": "golangci-lint", "feature": "lint-go", "install": "brew install golangci-lint"},
+      {"name": "rustfmt", "feature": "format-rust", "install": "rustup component add rustfmt"},
+      {"name": "clippy", "feature": "lint-rust", "install": "rustup component add clippy"}
+    ]
+  },
+  "env_vars": {
+    "optional": [
+      {
+        "name": "PERPLEXITY_API_KEY",
+        "description": "Perplexity Sonar — live CVE lookups, dep research",
+        "validation": "starts_with:pplx-",
+        "secure_store": true,
+        "masked_preview": 8,
+        "feature": "live-research",
+        "get_key_url": "https://www.perplexity.ai/settings/api"
+      },
+      {
+        "name": "GITHUB_TOKEN",
+        "description": "Auto-populated from gh auth token — for GitHub MCP",
+        "validation": "starts_with:gh",
+        "secure_store": true,
+        "masked_preview": 8,
+        "feature": "github-mcp",
+        "auto_populate": "gh auth token"
+      },
+      {
+        "name": "OBSIDIAN_VAULT",
+        "description": "Absolute path to Obsidian vault for long-term memory",
+        "validation": "is_directory",
+        "secure_store": false,
+        "feature": "obsidian-memory"
+      }
+    ]
+  },
+  "git_config": {
+    "required": [
+      {"key": "user.name", "description": "git commit author name"},
+      {"key": "user.email", "description": "git commit author email"}
+    ]
+  },
+  "mcp_servers": [
+    {
+      "name": "context7",
+      "package": "@upstash/context7-mcp@latest",
+      "requires_env": [],
+      "zero_config": true,
+      "feature": "live-docs"
+    },
+    {
+      "name": "github",
+      "package": "@modelcontextprotocol/server-github",
+      "requires_env": ["GITHUB_TOKEN"],
+      "feature": "github-mcp"
+    },
+    {
+      "name": "perplexity-sonar",
+      "package": "mcp-perplexity-server",
+      "requires_env": ["PERPLEXITY_API_KEY"],
+      "env_config": {"PERPLEXITY_MODEL": "sonar-pro"},
+      "feature": "live-research"
+    }
+  ],
+  "hooks": {
+    "required": [
+      {"path": "base/hooks/secret-scan.sh", "event": "PreToolUse", "matcher": "Write|Edit|MultiEdit"},
+      {"path": "base/hooks/file-guard.sh", "event": "PreToolUse", "matcher": "Write|Edit|MultiEdit"},
+      {"path": "base/hooks/identity-check.sh", "event": "PreToolUse", "matcher": "Bash"},
+      {"path": "base/hooks/credential-guard.sh", "event": "PreToolUse", "matcher": "Bash"},
+      {"path": "base/hooks/quality-check.sh", "event": "PostToolUse", "matcher": "Write|Edit|MultiEdit"},
+      {"path": "base/hooks/session-data-collect.sh", "event": "Stop", "matcher": ""}
+    ],
+    "optional": [
+      {"path": "base/hooks/recursion-guard.sh", "event": "PreToolUse", "matcher": "", "feature": "recursion-detection"},
+      {"path": "base/hooks/dep-audit.sh", "event": "PostToolUse", "matcher": "Write|Edit|MultiEdit", "feature": "dep-audit"}
+    ]
+  },
+  "claude_settings": {
+    "required": [
+      {"path": "sandbox.failIfUnavailable", "expected": true},
+      {"path": "sandbox.allowUnsandboxedCommands", "expected": false}
+    ]
+  }
+}

package/base/hooks/credential-guard.sh

@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+# credential-guard.sh — PreToolUse:Bash hook
+# Blocks Bash commands that access credential files or sensitive directories.
+# Exit 0 = allow, Exit 2 = block with message.
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+if [[ -z "$COMMAND" ]]; then
+  exit 0
+fi
+
+# ── Allowlist: verification commands that reference credential paths safely ──
+SAFE_PATTERNS=(
+  "ssh-keygen -l"
+  "ssh-keygen -lf"
+  "gh auth status"
+  "gh auth token"
+  "gh auth switch"
+  "aws sts get-caller-identity"
+  "az account show"
+  "gcloud auth list"
+  "kubectl config current-context"
+  "docker login --help"
+  "gpg --list-keys"
+  "security find-identity"
+)
+
+for safe in "${SAFE_PATTERNS[@]}"; do
+  if echo "$COMMAND" | grep -qF "$safe"; then
+    exit 0
+  fi
+done
+
+# ── Blocked paths: credential stores and private key locations ──
+BLOCKED_PATHS=(
+  "$HOME/.ssh"
+  "$HOME/.aws"
+  "$HOME/.azure"
+  "$HOME/.kube"
+  "$HOME/.gnupg"
+  "$HOME/.docker/config.json"
+  "$HOME/Library/Keychains"
+  "$HOME/.config/gcloud"
+  "$HOME/.praxis/secrets"
+)
+
+# Expand ~ in commands for matching
+EXPANDED_CMD=$(echo "$COMMAND" | sed "s|~|$HOME|g")
+
+for blocked in "${BLOCKED_PATHS[@]}"; do
+  if echo "$EXPANDED_CMD" | grep -qF "$blocked"; then
+    echo "BLOCKED: Command references protected credential path: $blocked" >&2
+    echo "Praxis credential-guard prevents access to sensitive directories." >&2
+    echo "If this is a legitimate operation, use the allowlisted verification commands." >&2
+
+    # Log to audit trail
+    AUDIT_FILE="$HOME/.claude/praxis-audit.jsonl"
+    if command -v jq &>/dev/null; then
+      jq -nc \
+        --arg ts "$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
+        --arg tool "Bash" \
+        --arg event "credential-guard-block" \
+        --arg path "$blocked" \
+        --arg cmd "${COMMAND:0:200}" \
+        --arg session "$PPID" \
+        '{ts: $ts, tool: $tool, event: $event, blocked_path: $path, command_prefix: $cmd, session_id: $session}' \
+        >> "$AUDIT_FILE" 2>/dev/null || true
+    fi
+
+    exit 2
+  fi
+done
+
+# ── Blocked file patterns: private keys and env files ──
+BLOCKED_FILE_PATTERNS=(
+  "_rsa[[:space:]]"
+  "_rsa$"
+  "_ed25519[[:space:]]"
+  "_ed25519$"
+  "\.pem[[:space:]]"
+  "\.pem$"
+  "\.p12[[:space:]]"
+  "\.p12$"
+  "\.pfx[[:space:]]"
+  "\.pfx$"
+)
+
+for pattern in "${BLOCKED_FILE_PATTERNS[@]}"; do
+  if echo "$EXPANDED_CMD" | grep -qE "$pattern"; then
+    echo "BLOCKED: Command references private key or certificate file pattern." >&2
+    echo "Praxis credential-guard prevents access to private key files." >&2
+    exit 2
+  fi
+done
+
+exit 0