Pre-cleanup snapshot - all current files

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

modules/shhh/patterns.yaml

@@ -0,0 +1,121 @@
+# SHHH Secrets Detection Patterns
+# Configuration for the Secrets Sentinel monitoring system
+
+patterns:
+  AWS_ACCESS_KEY:
+    regex: "AKIA[0-9A-Z]{16}"
+    severity: "CRITICAL"
+    confidence: 0.95
+    active: true
+    description: "AWS Access Key ID"
+    remediation: "Revoke via AWS IAM immediately"
+    
+  AWS_SECRET_KEY:
+    regex: "[A-Za-z0-9/+=]{40}"
+    severity: "CRITICAL"
+    confidence: 0.85
+    active: true
+    description: "AWS Secret Access Key"
+    remediation: "Revoke via AWS IAM immediately"
+    context_required: true  # Requires context analysis
+    
+  PRIVATE_KEY:
+    regex: "-----BEGIN [A-Z ]*PRIVATE KEY-----"
+    severity: "CRITICAL"
+    confidence: 0.98
+    active: true
+    description: "Private Key (RSA, SSH, etc.)"
+    remediation: "Rotate key immediately"
+    
+  GITHUB_TOKEN:
+    regex: "ghp_[0-9A-Za-z]{36}"
+    severity: "HIGH"
+    confidence: 0.92
+    active: true
+    description: "GitHub Personal Access Token"
+    remediation: "Revoke via GitHub settings"
+    
+  GITHUB_OAUTH:
+    regex: "gho_[0-9A-Za-z]{36}"
+    severity: "HIGH"
+    confidence: 0.92
+    active: true
+    description: "GitHub OAuth Token"
+    remediation: "Revoke via GitHub app settings"
+    
+  SLACK_TOKEN:
+    regex: "xox[baprs]-[0-9A-Za-z-]{10,48}"
+    severity: "HIGH"
+    confidence: 0.90
+    active: true
+    description: "Slack Bot/User Token"
+    remediation: "Revoke via Slack Admin API"
+    
+  JWT_TOKEN:
+    regex: "eyJ[A-Za-z0-9_-]+?\\.[A-Za-z0-9_-]+?\\.[A-Za-z0-9_-]+?"
+    severity: "MEDIUM"
+    confidence: 0.85
+    active: true
+    description: "JSON Web Token"
+    remediation: "Invalidate token and rotate signing key"
+    
+  GOOGLE_API_KEY:
+    regex: "AIza[0-9A-Za-z\\-_]{35}"
+    severity: "HIGH"
+    confidence: 0.90
+    active: true
+    description: "Google API Key"
+    remediation: "Revoke via Google Cloud Console"
+    
+  DOCKER_TOKEN:
+    regex: "dckr_pat_[a-zA-Z0-9_-]{32,}"
+    severity: "MEDIUM"
+    confidence: 0.88
+    active: true
+    description: "Docker Personal Access Token"
+    remediation: "Revoke via Docker Hub settings"
+    
+  GENERIC_API_KEY:
+    regex: "[Aa][Pp][Ii]_?[Kk][Ee][Yy].*['\"][0-9a-zA-Z]{32,}['\"]"
+    severity: "MEDIUM"
+    confidence: 0.70
+    active: true
+    description: "Generic API Key Pattern"
+    remediation: "Verify and revoke if legitimate"
+
+# Pattern exceptions - known test/dummy values to ignore
+exceptions:
+  test_patterns:
+    - "AKIA-TESTKEY-123"
+    - "AKIAIOSFODNN7EXAMPLE"
+    - "xoxb-test-token"
+    - "ghp_test123456789012345678901234567890"
+    - "-----BEGIN EXAMPLE PRIVATE KEY-----"
+    
+  development_indicators:
+    - "test"
+    - "example" 
+    - "demo"
+    - "mock"
+    - "fake"
+    - "dummy"
+
+# Quarantine settings
+quarantine:
+  high_severity_auto_quarantine: true
+  medium_severity_review_required: true
+  retention_days: 90
+  max_entries: 10000
+
+# Alert settings  
+alerts:
+  webhook_timeout_seconds: 5
+  retry_attempts: 3
+  retry_delay_seconds: 2
+  
+# Revocation hooks
+revocation_hooks:
+  AWS_ACCESS_KEY: "https://security.chorus.services/hooks/aws-revoke"
+  GITHUB_TOKEN: "https://security.chorus.services/hooks/github-revoke"
+  SLACK_TOKEN: "https://security.chorus.services/hooks/slack-revoke"
+  GOOGLE_API_KEY: "https://security.chorus.services/hooks/google-revoke"