Source: 2026-04-20 multi-expert AADM audit. Security auditor.
Problem
Nothing prevents an engineer pasting a PHI sample, secret, or customer record into CLAUDE.md's "Client-specific context" section. That content then enters every Claude session transcript.
Fix
Pre-commit hook scanning CLAUDE.md and sprints/**/*.md for:
Block commit on hit; require explicit override + suppression entry.
Acceptance
A planted email in CLAUDE.md fails commit. An explicit override path with audit trail exists.
Depends on
Source: 2026-04-20 multi-expert AADM audit. Security auditor.
Problem
Nothing prevents an engineer pasting a PHI sample, secret, or customer record into
CLAUDE.md's "Client-specific context" section. That content then enters every Claude session transcript.Fix
Pre-commit hook scanning
CLAUDE.mdandsprints/**/*.mdfor:SECURITY-OPS.md(Add metrics Phase 1 — gate-event logger (#12) #14) defines.Block commit on hit; require explicit override + suppression entry.
Acceptance
A planted email in
CLAUDE.mdfails commit. An explicit override path with audit trail exists.Depends on