Skip to content

Built-in Detections

Pacakaged Rules

AKA ships seven rule packs out of the box — 101 detection rules in total. Every pack is bundled into the plugin and installed active by default, under the log-only Monitor policy until you assign a stronger action (Warn / Redact / Block) to a detection from the dashboard. All rules include positive and negative fixtures that run as part of the test suite.

Pack updates are manual. The plugin scans with your installed snapshot of each pack (enabled packs only). Upgrading the plugin/CLI records the newer packs as available but changes nothing until you apply the update — from the dashboard's Detections page (Update), with aka detections update, or after reviewing /aka:detections in Claude Code. New packs added in a release are auto-installed (monitor-only); packs you already have are never modified automatically, and your enabled/policy choices survive every update.

core-pii

Location: rules/core-pii/

Detects personally identifiable information commonly found in prompts. 14 rules.

Rule ID Severity Matcher Description
email medium regex Standard email addresses (user@example.com)
ssn high regex US Social Security Numbers (123-45-6789)
phone-us high regex US phone numbers incl. +1 and area codes
phone-intl high regex International E.164 numbers
ip-address low regex IPv4 addresses
dob high regex Dates of birth (1900–2019)
drivers-license-us high regex US driver's license numbers (requires license/DL context)
passport-us high regex US passport numbers (A12345678)
home-address medium keyword Contextual address phrases
name medium keyword Contextual name introduction phrases
vin medium regex Vehicle Identification Numbers (17 chars)
mac-address low regex MAC addresses (AA:BB:CC:DD:EE:FF)
national-id high regex Multi-country: Aadhaar, UK NI, Canadian SIN
zip low regex US ZIP / ZIP+4 postal codes

core-financial

Location: rules/core-financial/

Detects financial account information. 8 rules.

Rule ID Severity Matcher Post-Validators Description
credit-card critical regex luhn Visa, MC, Amex, Discover card numbers
iban high regex International Bank Account Numbers
routing-number high regex US ABA routing numbers (9 digits, requires routing/ABA/RTN context)
swift high regex SWIFT/BIC codes (8 or 11 chars, requires SWIFT/BIC context)
cvv high regex Card security codes (contextual)
cusip medium regex US securities identifiers (requires CUSIP context)
paypal medium regex PayPal transaction IDs (requires PayPal context)
salary low keyword Salary/compensation contextual phrases

secrets

Location: rules/secrets/

Detects credentials and tokens that should never be shared with AI models. 21 rules.

Rule ID Severity Matcher Post-Validators Description
aws-access-key critical regex entropy AWS Access Key IDs (AKIA/ASIA/AROA/etc.)
aws-secret-key critical regex entropy AWS Secret Access Keys (40-char, requires aws-secret-key context)
gcp-service-account critical regex GCP service account emails
azure-connection-string critical regex Azure Storage/Service Bus/Cosmos connection strings (two keys)
openai-api-key critical regex entropy OpenAI API keys (sk-proj-..., sk-...)
anthropic-api-key critical regex entropy Anthropic API keys (sk-ant-...)
stripe-live-key critical regex entropy Stripe live keys (sk_live_, pk_live_)
slack-token critical regex Slack tokens (xoxb-, xoxp-, xapp-)
discord-token critical regex entropy Discord bot tokens (3-part format)
sendgrid-key critical regex entropy SendGrid API keys (SG.)
twilio-key critical regex Twilio Account SIDs (AC...)
gitlab-token critical regex entropy GitLab PATs (glpat-)
digitalocean-token critical regex DigitalOcean PATs (dop_v1_)
datadog-key critical regex entropy Datadog API/APP keys
npm-token critical regex entropy npm access tokens (npm_)
heroku-api-key critical regex Heroku API keys (UUID, requires heroku context)
cloudflare-api-key critical regex entropy Cloudflare API tokens (40-char, requires cloudflare context)
pulumi-access-token critical regex entropy Pulumi access tokens (pul-)
terraform-cloud-token critical regex entropy Terraform Cloud user tokens
vault-token critical regex entropy HashiCorp Vault tokens (hvs., s.)
github-pat critical regex GitHub PATs/OAuth/App tokens

secrets-infra

Location: rules/secrets-infra/

Detects infrastructure-level secrets and credentials. 13 rules.

Rule ID Severity Matcher Post-Validators Description
ssh-private-key critical regex RSA/DSA/EC/OpenSSH private key blocks
db-connection-string critical regex DB URLs with credentials (postgresql://user:pass@...)
jwt-token high regex entropy JSON Web Tokens (3-part base64url)
basic-auth-url critical regex HTTP URLs with embedded credentials
basic-auth-header critical regex HTTP Basic auth Authorization headers
pgp-private-key critical regex PGP private key blocks
bearer-token high regex entropy Generic Authorization Bearer tokens
env-key-value high keyword Sensitive env vars with values
password-field high keyword JSON/YAML password/secret/token fields
docker-config-auth critical regex Docker config.json base64 auth
kubeconfig-token critical regex Kubernetes kubeconfig embedded tokens
api-key-header high regex entropy API keys in x-api-key/api-key/apikey headers
generic-high-entropy-secret high regex entropy High-entropy values on credential-shaped keys (fallback)

core-phi

Location: rules/core-phi/

Detects protected health information (HIPAA-relevant). 8 rules.

Rule ID Severity Matcher Description
mrn high regex Medical Record Numbers (contextual)
hipaa-identifier high regex Health plan beneficiary / claim numbers
member-id high regex Health plan member IDs
group-id high regex Health plan group IDs
icd10-code medium regex ICD-10 diagnosis codes (requires ICD/diagnosis/dx context)
ndc-code medium regex National Drug Codes
genetic-data high keyword DNA/genetic data references
biometric-ref high keyword Biometric data references

core-code-context

Location: rules/core-code-context/

Detects internal code and infrastructure context that should not leave the organization. 8 rules.

Rule ID Severity Matcher Description
internal-ip low regex RFC 1918 private IPs (10.x, 172.16-31.x, 192.168.x)
localhost-ref low regex localhost, 127.0.0.1, ::1 references
internal-domain low regex .internal, .corp, .local domains
file-path low regex Absolute Unix (known roots) / Windows file paths
stack-trace low regex Stack traces revealing internal structure
internal-url low keyword Dev/staging environment URLs
feature-flag low keyword Feature flag / toggle names
db-table-name low keyword Internal SQL table names

code-flaws

Location: rules/code-flaws/

Detects insecure code patterns across Python, JS/TS, Java, Ruby, PHP, and .NET. Rules fire on both code written by Claude (PreToolUse on Write/Edit) and existing code read from disk (PostToolUse on Read). 29 rules covering OWASP Top 10 and related weaknesses.

Rule ID Severity Matcher Description
sql-inject-concat high regex SQL queries built with + string concatenation
sql-inject-concat-dot high regex SQL queries built with PHP . string concatenation (PHP files only)
sql-inject-format high regex SQL queries via Python % format or f-strings
sql-inject-interp high regex SQL queries via Ruby #{} or PHP $var interpolation
cmd-inject-shell critical regex subprocess.*shell=True near user-controlled input
cmd-inject-exec critical regex Java Runtime.getRuntime().exec() near user input
cmd-inject-node-exec critical regex Node.js exec/execSync with non-literal argument near user input
xss-inner-html high keyword .innerHTML = / .innerHTML= assignments
xss-dangerously-set high keyword React dangerouslySetInnerHTML
xss-unescaped-render high regex raw(), .html_safe, \| safe, mark_safe() in templates
deser-pickle critical regex Python pickle.loads() / pickle.load()
deser-yaml-unsafe high regex yaml.load() without SafeLoader
deser-java-ois critical regex Java ObjectInputStream + readObject()
hardcoded-password high regex password/passwd/pwd assigned a high-entropy string literal
hardcoded-secret-key high regex secret_key/api_key/auth_token assigned a high-entropy string literal
dev-debug-enabled medium regex DEBUG = True / debug: true in config
dev-placeholder-secret high keyword Placeholder strings (changeme, your-secret, etc.) near key/token fields
dev-wildcard-cors medium regex CORS wildcard: Access-Control-Allow-Origin: *, origin: '*', CORS_ALLOW_ALL_ORIGINS = True
auth-ssl-verify-false high regex requests.*verify=False disabling TLS validation
auth-jwt-no-verify critical regex JWT decoded with verify=False / algorithms=[] near jwt/decode/token
path-traversal-open high regex open(request.* / open(params.* with user-controlled path
path-traversal-join high regex os.path.join(base, user_*) with user-controlled component
crypto-weak-hash-md5 medium regex MD5 used as a hash (hashlib.md5, MessageDigest("MD5"), Digest::MD5)
crypto-weak-hash-sha1 medium regex SHA-1 used near password/credential/token context
crypto-insecure-random medium regex Math.random() / random.random() near security-sensitive labels
prototype-pollution-merge high regex Object.assign(target, req.body) / _.merge(target, request.*)
eval-dynamic-exec critical regex eval/exec with non-literal argument near user input
ssrf-user-url high regex fetch/axios/requests.get called directly with req.*/params.*
regex-redos-backtrack medium regex Catastrophic backtracking patterns like (a+)+

config-posture

Structural rules over the plugin's configuration-inventory scan (skills & hooks), evaluated once per session on SessionStart. Unlike the text packs above, these compare hook entries against each other, so they live as pure functions in packages/detections/src/posture/ (fixture-tested like every pack) rather than in the regex rule format. Findings are observational (warn) and power the hook status/warning lines on the config read surface.

Rule Severity Fires when
hook-conflict medium Two hooks on the same event with overlapping matchers both mutate the tool target — run order is undefined
hook-unknown medium A settings-scope hook's command is attributable to no installed plugin and no recognizable tool (v1 heuristic)
hook-external-egress high A hook command contains network-egress primitives (curl, wget, nc, ssh, …) or a URL

Running the test suite

pnpm --filter @akasecurity/detections test

# Watch mode during rule development
pnpm --filter @akasecurity/detections test -- --watch

Fixture tests auto-discover across all packs - no need to register new rules manually.

Adding your own rules

See Writing Rules for the full guide. Create a new directory under rules/, add a manifest.json, your rule JSON files, and fixtures/ — the test runner and pack loader auto-discover everything.