@node9/proxy 1.12.10 → 1.13.0

package/dist/cli.js

@@ -1266,7 +1266,8 @@ var init_dlp = __esm({
         name: "GitHub Token",
         regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/,
         severity: "block",
-        keywords: ["ghp_", "gho_", "ghu_", "ghs_"]
+        keywords: ["ghp_", "gho_", "ghu_", "ghs_"],
+        minEntropy: 3
       },
       {
         name: "GitHub Fine-Grained PAT",
@@ -1317,7 +1318,8 @@ var init_dlp = __esm({
         name: "GCP API Key",
         regex: /\bAIza[0-9A-Za-z_-]{35}\b/,
         severity: "block",
-        keywords: ["aiza"]
+        keywords: ["aiza"],
+        minEntropy: 3
       },
       {
         name: "GCP Service Account",
@@ -1564,7 +1566,8 @@ var init_dlp = __esm({
         name: "Mapbox Access Token",
         regex: /\bpk\.eyJ1[a-zA-Z0-9._-]{20,}\b/,
         severity: "block",
-        keywords: ["pk.eyj1"]
+        keywords: ["pk.eyj1"],
+        minEntropy: 3
       },
       // ── Notion ────────────────────────────────────────────────────────────────
       {
@@ -9929,6 +9932,7 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
         continue;
       }
       const sessionCalls = [];
+      const toolUseFilePaths = /* @__PURE__ */ new Map();
       for (const line of raw.split("\n")) {
         if (!line.trim()) continue;
         onLine?.();
@@ -9971,6 +9975,33 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
                 }
               }
             }
+            for (const block of content2) {
+              if (block.type !== "tool_result") continue;
+              const filePath = block.tool_use_id ? toolUseFilePaths.get(block.tool_use_id) : void 0;
+              if (filePath) {
+                const ext = import_path17.default.extname(filePath).toLowerCase();
+                if (CODE_EXTENSIONS.has(ext)) continue;
+              }
+              const resultText = typeof block.content === "string" ? block.content : Array.isArray(block.content) ? block.content.map((c) => c.text ?? "").join("\n") : null;
+              if (!resultText) continue;
+              const dlpMatch = scanArgs({ text: resultText });
+              if (dlpMatch) {
+                const isDupe = result.dlpFindings.some(
+                  (f) => f.patternName === dlpMatch.patternName && f.redactedSample === dlpMatch.redactedSample && f.project === projLabel
+                );
+                if (!isDupe) {
+                  result.dlpFindings.push({
+                    patternName: dlpMatch.patternName,
+                    redactedSample: dlpMatch.redactedSample,
+                    toolName: "tool-result",
+                    timestamp: entry.timestamp ?? "",
+                    project: projLabel,
+                    sessionId,
+                    agent: "claude"
+                  });
+                }
+              }
+            }
           }
           continue;
         }
@@ -9990,6 +10021,9 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
           const toolName = block.name ?? "";
           const toolNameLower = toolName.toLowerCase();
           const input = block.input ?? {};
+          if (block.id && typeof input.file_path === "string") {
+            toolUseFilePaths.set(block.id, input.file_path);
+          }
           sessionCalls.push({ toolName, input, timestamp: entry.timestamp ?? "" });
           if (toolNameLower === "bash" || toolNameLower === "execute_bash") {
             result.bashCalls++;
@@ -9997,6 +10031,9 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
           const rawCmd = String(input.command ?? "").trimStart();
           if (/^node9\s+(scan|explain|report|tail|dlp|status|sessions|audit)\b/.test(rawCmd))
             continue;
+          const inputFilePath = typeof input.file_path === "string" ? input.file_path : "";
+          const inputFileExt = inputFilePath ? import_path17.default.extname(inputFilePath).toLowerCase() : "";
+          if (CODE_EXTENSIONS.has(inputFileExt)) continue;
           const dlpMatch = scanArgs(input);
           if (dlpMatch) {
             const isDupe = result.dlpFindings.some(
@@ -10493,6 +10530,44 @@ function scanCodexHistory(startDate, onProgress, onLine) {
   }
   return result;
 }
+function scanShellConfig() {
+  const home = import_os12.default.homedir();
+  const configFiles = [".zshrc", ".bashrc", ".bash_profile", ".profile"].map(
+    (f) => import_path17.default.join(home, f)
+  );
+  const findings = [];
+  for (const filePath of configFiles) {
+    if (!import_fs14.default.existsSync(filePath)) continue;
+    let lines;
+    try {
+      lines = import_fs14.default.readFileSync(filePath, "utf-8").split("\n");
+    } catch {
+      continue;
+    }
+    const shortPath = filePath.replace(home, "~");
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith("#")) continue;
+      const dlpMatch = scanArgs({ text: trimmed });
+      if (!dlpMatch) continue;
+      const isDupe = findings.some(
+        (f) => f.patternName === dlpMatch.patternName && f.redactedSample === dlpMatch.redactedSample && f.project === shortPath
+      );
+      if (!isDupe) {
+        findings.push({
+          patternName: dlpMatch.patternName,
+          redactedSample: dlpMatch.redactedSample,
+          toolName: "shell-config",
+          timestamp: "",
+          project: shortPath,
+          sessionId: "",
+          agent: "shell"
+        });
+      }
+    }
+  }
+  return findings;
+}
 function mergeScans(a, b) {
   const dates = [a.firstDate, b.firstDate].filter(Boolean);
   const lastDates = [a.lastDate, b.lastDate].filter(Boolean);
@@ -10607,6 +10682,7 @@ function registerScanCommand(program2) {
       onLine
     );
     const scan = mergeScans(mergeScans(claudeScan, geminiScan), codexScan);
+    scan.dlpFindings.push(...scanShellConfig());
     const summary = buildScanSummary([
       { id: "claude", label: "Claude", icon: "\u{1F916}", scan: claudeScan },
       { id: "gemini", label: "Gemini", icon: "\u264A", scan: geminiScan },
@@ -10660,7 +10736,7 @@ function registerScanCommand(program2) {
       }
       if (scan.dlpFindings.length > 0) {
         console.log(
-          "    " + import_chalk2.default.red("\u{1F511}  Credential leak") + "     " + import_chalk2.default.red.bold(String(scan.dlpFindings.length).padStart(5)) + import_chalk2.default.dim("   secret detected in tool call")
+          "    " + import_chalk2.default.red("\u{1F511}  Credential leak") + "     " + import_chalk2.default.red.bold(String(scan.dlpFindings.length).padStart(5)) + import_chalk2.default.dim("   secret detected in history or shell config")
         );
       }
       if (blockedCount > 0) {
@@ -10669,8 +10745,9 @@ function registerScanCommand(program2) {
         );
       }
       if (scan.loopFindings.length > 0) {
+        const loopCost = summary.loopWastedUSD > 0 ? import_chalk2.default.dim("  \xB7  ") + import_chalk2.default.yellow("~" + fmtCost(summary.loopWastedUSD) + " wasted") : "";
         console.log(
-          "    " + import_chalk2.default.yellow("\u{1F501}  Loop detected") + "      " + import_chalk2.default.yellow.bold(String(scan.loopFindings.length).padStart(5)) + import_chalk2.default.dim("   repeated tool call patterns found")
+          "    " + import_chalk2.default.yellow("\u{1F501}  Loop detected") + "      " + import_chalk2.default.yellow.bold(String(scan.loopFindings.length).padStart(5)) + import_chalk2.default.dim("   repeated tool call patterns found") + loopCost
         );
       }
       if (reviewCount > 0) {
@@ -10690,7 +10767,7 @@ function registerScanCommand(program2) {
         for (const f of shownDlp) {
           const ts = f.timestamp ? import_chalk2.default.dim(fmtTs(f.timestamp) + "  ") : "";
           const proj = import_chalk2.default.dim(f.project.slice(0, 22).padEnd(22) + "  ");
-          const agentBadge = f.agent === "gemini" ? import_chalk2.default.blue("[Gemini]  ") : f.agent === "codex" ? import_chalk2.default.magenta("[Codex]   ") : import_chalk2.default.cyan("[Claude]  ");
+          const agentBadge = f.agent === "gemini" ? import_chalk2.default.blue("[Gemini]  ") : f.agent === "codex" ? import_chalk2.default.magenta("[Codex]   ") : f.agent === "shell" ? import_chalk2.default.yellow("[Shell]   ") : import_chalk2.default.cyan("[Claude]  ");
           const sessionSuffix = f.sessionId ? import_chalk2.default.dim(`  \u2192 ${f.sessionId.slice(0, 8)}`) : "";
           console.log(
             `    \u{1F6A8} ${ts}${proj}${agentBadge}` + import_chalk2.default.yellow(f.patternName) + import_chalk2.default.dim("  ") + import_chalk2.default.gray(f.redactedSample) + sessionSuffix
@@ -10722,10 +10799,11 @@ function registerScanCommand(program2) {
       }
       if (scan.loopFindings.length > 0) {
         console.log("  " + import_chalk2.default.dim("\u2500".repeat(70)));
+        const loopCostLabel = summary.loopWastedUSD > 0 ? import_chalk2.default.dim("  \xB7  ") + import_chalk2.default.yellow("~" + fmtCost(summary.loopWastedUSD) + " wasted") : "";
         console.log(
           "  " + import_chalk2.default.yellow.bold("\u{1F501}  Agent Loops") + import_chalk2.default.dim("  \xB7  ") + import_chalk2.default.yellow(
             `${num(scan.loopFindings.length)} repeated pattern${scan.loopFindings.length !== 1 ? "s" : ""} found`
-          )
+          ) + loopCostLabel
         );
         const shownLoops = drillDown ? scan.loopFindings : scan.loopFindings.slice(0, topN);
         for (const f of shownLoops) {
@@ -10848,7 +10926,7 @@ function registerScanCommand(program2) {
     }
   });
 }
-var import_chalk2, import_fs14, import_path17, import_os12, CLAUDE_PRICING, GEMINI_PRICING, LOOP_TOOLS, LOOP_THRESHOLD, DEFAULT_RULE_NAMES;
+var import_chalk2, import_fs14, import_path17, import_os12, CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, LOOP_TOOLS, LOOP_THRESHOLD, DEFAULT_RULE_NAMES;
 var init_scan = __esm({
   "src/cli/commands/scan.ts"() {
     "use strict";
@@ -10884,6 +10962,33 @@ var init_scan = __esm({
       "gemini-1.5-flash": { i: 75e-9, o: 3e-7, cr: 1875e-11 },
       "gemini-3-flash": { i: 1e-7, o: 4e-7, cr: 25e-9 }
     };
+    CODE_EXTENSIONS = /* @__PURE__ */ new Set([
+      ".ts",
+      ".tsx",
+      ".js",
+      ".jsx",
+      ".mjs",
+      ".cjs",
+      ".py",
+      ".rb",
+      ".go",
+      ".rs",
+      ".java",
+      ".kt",
+      ".swift",
+      ".c",
+      ".cpp",
+      ".h",
+      ".cs",
+      ".php",
+      ".sh",
+      ".bash",
+      ".html",
+      ".css",
+      ".scss",
+      ".vue",
+      ".svelte"
+    ]);
     LOOP_TOOLS = /* @__PURE__ */ new Set([
       "bash",
       "execute_bash",
@@ -17566,6 +17671,7 @@ init_core();
 init_setup();
 init_shields();
 init_service();
+init_daemon_starter();
 var DEFAULT_SHIELDS = ["bash-safe", "filesystem", "postgres"];
 function fireTelemetryPing(agents) {
   try {
@@ -17704,6 +17810,19 @@ function registerInitCommand(program2) {
       } else {
         console.log(import_chalk13.default.green("  \u2713 Daemon login service already installed"));
       }
+      if (!isTestingMode()) {
+        process.stdout.write(import_chalk13.default.dim("  Starting daemon..."));
+        const started = await autoStartDaemonAndWait(false);
+        if (started) {
+          process.stdout.write(
+            "\r" + import_chalk13.default.green("  \u2713 Daemon started \u2014 protection is active") + "\n"
+          );
+        } else {
+          process.stdout.write(
+            "\r" + import_chalk13.default.dim("  Daemon will start on next login         ") + "\n"
+          );
+        }
+      }
       console.log("");
     }
     {

package/dist/cli.mjs

@@ -1244,7 +1244,8 @@ var init_dlp = __esm({
         name: "GitHub Token",
         regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/,
         severity: "block",
-        keywords: ["ghp_", "gho_", "ghu_", "ghs_"]
+        keywords: ["ghp_", "gho_", "ghu_", "ghs_"],
+        minEntropy: 3
       },
       {
         name: "GitHub Fine-Grained PAT",
@@ -1295,7 +1296,8 @@ var init_dlp = __esm({
         name: "GCP API Key",
         regex: /\bAIza[0-9A-Za-z_-]{35}\b/,
         severity: "block",
-        keywords: ["aiza"]
+        keywords: ["aiza"],
+        minEntropy: 3
       },
       {
         name: "GCP Service Account",
@@ -1542,7 +1544,8 @@ var init_dlp = __esm({
         name: "Mapbox Access Token",
         regex: /\bpk\.eyJ1[a-zA-Z0-9._-]{20,}\b/,
         severity: "block",
-        keywords: ["pk.eyj1"]
+        keywords: ["pk.eyj1"],
+        minEntropy: 3
       },
       // ── Notion ────────────────────────────────────────────────────────────────
       {
@@ -9909,6 +9912,7 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
         continue;
       }
       const sessionCalls = [];
+      const toolUseFilePaths = /* @__PURE__ */ new Map();
       for (const line of raw.split("\n")) {
         if (!line.trim()) continue;
         onLine?.();
@@ -9951,6 +9955,33 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
                 }
               }
             }
+            for (const block of content2) {
+              if (block.type !== "tool_result") continue;
+              const filePath = block.tool_use_id ? toolUseFilePaths.get(block.tool_use_id) : void 0;
+              if (filePath) {
+                const ext = path17.extname(filePath).toLowerCase();
+                if (CODE_EXTENSIONS.has(ext)) continue;
+              }
+              const resultText = typeof block.content === "string" ? block.content : Array.isArray(block.content) ? block.content.map((c) => c.text ?? "").join("\n") : null;
+              if (!resultText) continue;
+              const dlpMatch = scanArgs({ text: resultText });
+              if (dlpMatch) {
+                const isDupe = result.dlpFindings.some(
+                  (f) => f.patternName === dlpMatch.patternName && f.redactedSample === dlpMatch.redactedSample && f.project === projLabel
+                );
+                if (!isDupe) {
+                  result.dlpFindings.push({
+                    patternName: dlpMatch.patternName,
+                    redactedSample: dlpMatch.redactedSample,
+                    toolName: "tool-result",
+                    timestamp: entry.timestamp ?? "",
+                    project: projLabel,
+                    sessionId,
+                    agent: "claude"
+                  });
+                }
+              }
+            }
           }
           continue;
         }
@@ -9970,6 +10001,9 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
           const toolName = block.name ?? "";
           const toolNameLower = toolName.toLowerCase();
           const input = block.input ?? {};
+          if (block.id && typeof input.file_path === "string") {
+            toolUseFilePaths.set(block.id, input.file_path);
+          }
           sessionCalls.push({ toolName, input, timestamp: entry.timestamp ?? "" });
           if (toolNameLower === "bash" || toolNameLower === "execute_bash") {
             result.bashCalls++;
@@ -9977,6 +10011,9 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
           const rawCmd = String(input.command ?? "").trimStart();
           if (/^node9\s+(scan|explain|report|tail|dlp|status|sessions|audit)\b/.test(rawCmd))
             continue;
+          const inputFilePath = typeof input.file_path === "string" ? input.file_path : "";
+          const inputFileExt = inputFilePath ? path17.extname(inputFilePath).toLowerCase() : "";
+          if (CODE_EXTENSIONS.has(inputFileExt)) continue;
           const dlpMatch = scanArgs(input);
           if (dlpMatch) {
             const isDupe = result.dlpFindings.some(
@@ -10473,6 +10510,44 @@ function scanCodexHistory(startDate, onProgress, onLine) {
   }
   return result;
 }
+function scanShellConfig() {
+  const home = os12.homedir();
+  const configFiles = [".zshrc", ".bashrc", ".bash_profile", ".profile"].map(
+    (f) => path17.join(home, f)
+  );
+  const findings = [];
+  for (const filePath of configFiles) {
+    if (!fs14.existsSync(filePath)) continue;
+    let lines;
+    try {
+      lines = fs14.readFileSync(filePath, "utf-8").split("\n");
+    } catch {
+      continue;
+    }
+    const shortPath = filePath.replace(home, "~");
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith("#")) continue;
+      const dlpMatch = scanArgs({ text: trimmed });
+      if (!dlpMatch) continue;
+      const isDupe = findings.some(
+        (f) => f.patternName === dlpMatch.patternName && f.redactedSample === dlpMatch.redactedSample && f.project === shortPath
+      );
+      if (!isDupe) {
+        findings.push({
+          patternName: dlpMatch.patternName,
+          redactedSample: dlpMatch.redactedSample,
+          toolName: "shell-config",
+          timestamp: "",
+          project: shortPath,
+          sessionId: "",
+          agent: "shell"
+        });
+      }
+    }
+  }
+  return findings;
+}
 function mergeScans(a, b) {
   const dates = [a.firstDate, b.firstDate].filter(Boolean);
   const lastDates = [a.lastDate, b.lastDate].filter(Boolean);
@@ -10587,6 +10662,7 @@ function registerScanCommand(program2) {
       onLine
     );
     const scan = mergeScans(mergeScans(claudeScan, geminiScan), codexScan);
+    scan.dlpFindings.push(...scanShellConfig());
     const summary = buildScanSummary([
       { id: "claude", label: "Claude", icon: "\u{1F916}", scan: claudeScan },
       { id: "gemini", label: "Gemini", icon: "\u264A", scan: geminiScan },
@@ -10640,7 +10716,7 @@ function registerScanCommand(program2) {
       }
       if (scan.dlpFindings.length > 0) {
         console.log(
-          "    " + chalk2.red("\u{1F511}  Credential leak") + "     " + chalk2.red.bold(String(scan.dlpFindings.length).padStart(5)) + chalk2.dim("   secret detected in tool call")
+          "    " + chalk2.red("\u{1F511}  Credential leak") + "     " + chalk2.red.bold(String(scan.dlpFindings.length).padStart(5)) + chalk2.dim("   secret detected in history or shell config")
         );
       }
       if (blockedCount > 0) {
@@ -10649,8 +10725,9 @@ function registerScanCommand(program2) {
         );
       }
       if (scan.loopFindings.length > 0) {
+        const loopCost = summary.loopWastedUSD > 0 ? chalk2.dim("  \xB7  ") + chalk2.yellow("~" + fmtCost(summary.loopWastedUSD) + " wasted") : "";
         console.log(
-          "    " + chalk2.yellow("\u{1F501}  Loop detected") + "      " + chalk2.yellow.bold(String(scan.loopFindings.length).padStart(5)) + chalk2.dim("   repeated tool call patterns found")
+          "    " + chalk2.yellow("\u{1F501}  Loop detected") + "      " + chalk2.yellow.bold(String(scan.loopFindings.length).padStart(5)) + chalk2.dim("   repeated tool call patterns found") + loopCost
         );
       }
       if (reviewCount > 0) {
@@ -10670,7 +10747,7 @@ function registerScanCommand(program2) {
         for (const f of shownDlp) {
           const ts = f.timestamp ? chalk2.dim(fmtTs(f.timestamp) + "  ") : "";
           const proj = chalk2.dim(f.project.slice(0, 22).padEnd(22) + "  ");
-          const agentBadge = f.agent === "gemini" ? chalk2.blue("[Gemini]  ") : f.agent === "codex" ? chalk2.magenta("[Codex]   ") : chalk2.cyan("[Claude]  ");
+          const agentBadge = f.agent === "gemini" ? chalk2.blue("[Gemini]  ") : f.agent === "codex" ? chalk2.magenta("[Codex]   ") : f.agent === "shell" ? chalk2.yellow("[Shell]   ") : chalk2.cyan("[Claude]  ");
           const sessionSuffix = f.sessionId ? chalk2.dim(`  \u2192 ${f.sessionId.slice(0, 8)}`) : "";
           console.log(
             `    \u{1F6A8} ${ts}${proj}${agentBadge}` + chalk2.yellow(f.patternName) + chalk2.dim("  ") + chalk2.gray(f.redactedSample) + sessionSuffix
@@ -10702,10 +10779,11 @@ function registerScanCommand(program2) {
       }
       if (scan.loopFindings.length > 0) {
         console.log("  " + chalk2.dim("\u2500".repeat(70)));
+        const loopCostLabel = summary.loopWastedUSD > 0 ? chalk2.dim("  \xB7  ") + chalk2.yellow("~" + fmtCost(summary.loopWastedUSD) + " wasted") : "";
         console.log(
           "  " + chalk2.yellow.bold("\u{1F501}  Agent Loops") + chalk2.dim("  \xB7  ") + chalk2.yellow(
             `${num(scan.loopFindings.length)} repeated pattern${scan.loopFindings.length !== 1 ? "s" : ""} found`
-          )
+          ) + loopCostLabel
         );
         const shownLoops = drillDown ? scan.loopFindings : scan.loopFindings.slice(0, topN);
         for (const f of shownLoops) {
@@ -10828,7 +10906,7 @@ function registerScanCommand(program2) {
     }
   });
 }
-var CLAUDE_PRICING, GEMINI_PRICING, LOOP_TOOLS, LOOP_THRESHOLD, DEFAULT_RULE_NAMES;
+var CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, LOOP_TOOLS, LOOP_THRESHOLD, DEFAULT_RULE_NAMES;
 var init_scan = __esm({
   "src/cli/commands/scan.ts"() {
     "use strict";
@@ -10860,6 +10938,33 @@ var init_scan = __esm({
       "gemini-1.5-flash": { i: 75e-9, o: 3e-7, cr: 1875e-11 },
       "gemini-3-flash": { i: 1e-7, o: 4e-7, cr: 25e-9 }
     };
+    CODE_EXTENSIONS = /* @__PURE__ */ new Set([
+      ".ts",
+      ".tsx",
+      ".js",
+      ".jsx",
+      ".mjs",
+      ".cjs",
+      ".py",
+      ".rb",
+      ".go",
+      ".rs",
+      ".java",
+      ".kt",
+      ".swift",
+      ".c",
+      ".cpp",
+      ".h",
+      ".cs",
+      ".php",
+      ".sh",
+      ".bash",
+      ".html",
+      ".css",
+      ".scss",
+      ".vue",
+      ".svelte"
+    ]);
     LOOP_TOOLS = /* @__PURE__ */ new Set([
       "bash",
       "execute_bash",
@@ -17535,6 +17640,7 @@ init_core();
 init_setup();
 init_shields();
 init_service();
+init_daemon_starter();
 import chalk13 from "chalk";
 import fs33 from "fs";
 import path35 from "path";
@@ -17678,6 +17784,19 @@ function registerInitCommand(program2) {
       } else {
         console.log(chalk13.green("  \u2713 Daemon login service already installed"));
       }
+      if (!isTestingMode()) {
+        process.stdout.write(chalk13.dim("  Starting daemon..."));
+        const started = await autoStartDaemonAndWait(false);
+        if (started) {
+          process.stdout.write(
+            "\r" + chalk13.green("  \u2713 Daemon started \u2014 protection is active") + "\n"
+          );
+        } else {
+          process.stdout.write(
+            "\r" + chalk13.dim("  Daemon will start on next login         ") + "\n"
+          );
+        }
+      }
       console.log("");
     }
     {

package/dist/index.js

@@ -1045,7 +1045,8 @@ var DLP_PATTERNS = [
     name: "GitHub Token",
     regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/,
     severity: "block",
-    keywords: ["ghp_", "gho_", "ghu_", "ghs_"]
+    keywords: ["ghp_", "gho_", "ghu_", "ghs_"],
+    minEntropy: 3
   },
   {
     name: "GitHub Fine-Grained PAT",
@@ -1096,7 +1097,8 @@ var DLP_PATTERNS = [
     name: "GCP API Key",
     regex: /\bAIza[0-9A-Za-z_-]{35}\b/,
     severity: "block",
-    keywords: ["aiza"]
+    keywords: ["aiza"],
+    minEntropy: 3
   },
   {
     name: "GCP Service Account",
@@ -1343,7 +1345,8 @@ var DLP_PATTERNS = [
     name: "Mapbox Access Token",
     regex: /\bpk\.eyJ1[a-zA-Z0-9._-]{20,}\b/,
     severity: "block",
-    keywords: ["pk.eyj1"]
+    keywords: ["pk.eyj1"],
+    minEntropy: 3
   },
   // ── Notion ────────────────────────────────────────────────────────────────
   {

package/dist/index.mjs

@@ -1015,7 +1015,8 @@ var DLP_PATTERNS = [
     name: "GitHub Token",
     regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/,
     severity: "block",
-    keywords: ["ghp_", "gho_", "ghu_", "ghs_"]
+    keywords: ["ghp_", "gho_", "ghu_", "ghs_"],
+    minEntropy: 3
   },
   {
     name: "GitHub Fine-Grained PAT",
@@ -1066,7 +1067,8 @@ var DLP_PATTERNS = [
     name: "GCP API Key",
     regex: /\bAIza[0-9A-Za-z_-]{35}\b/,
     severity: "block",
-    keywords: ["aiza"]
+    keywords: ["aiza"],
+    minEntropy: 3
   },
   {
     name: "GCP Service Account",
@@ -1313,7 +1315,8 @@ var DLP_PATTERNS = [
     name: "Mapbox Access Token",
     regex: /\bpk\.eyJ1[a-zA-Z0-9._-]{20,}\b/,
     severity: "block",
-    keywords: ["pk.eyj1"]
+    keywords: ["pk.eyj1"],
+    minEntropy: 3
   },
   // ── Notion ────────────────────────────────────────────────────────────────
   {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.12.10",
+  "version": "1.13.0",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",