751f1199c8
The previous ENV regex `/[\\/]\.env\.[a-z]+$/` only matched a single lowercase segment after `.env`. Multi-segment and mixed-case variants such as `.env.production.local.backup`, `.env.stage-1.local`, and `.env.CI.secret` slipped past the hook. Replaced with `/[\\/]\.env(\.[A-Za-z0-9._-]+)*$/` which matches `.env` plus any number of dot-separated alphanumeric/dot/hyphen/underscore segments. `.envrc` (direnv config, no dot separator) is still allowed. Addresses critical review 2026-04-20 §2 B1 (HIGH). Tests: 7 added (6 new multi-segment BLOCK cases + 1 .envrc ALLOW). All 1494 tests pass. |
||
|---|---|---|
| .. | ||
| post-mcp-verify.mjs | ||
| post-session-guard.mjs | ||
| pre-bash-destructive.mjs | ||
| pre-compact-scan.mjs | ||
| pre-edit-secrets.mjs | ||
| pre-install-supply-chain.mjs | ||
| pre-prompt-inject-scan.mjs | ||
| pre-write-pathguard.mjs | ||
| update-check.mjs | ||