# packs/destructive/config-overwrite.txt — destructive command surface: in-place writes to live config and secret paths.
#
# One regex per line, blank lines and `#`-comments ignored. Each entry is
# matched case-insensitively against the proposed Bash command via grep -E.
# Sections within a file are loaded together for that surface.
#
# Operators choose which surfaces apply via env:
#   LLM_DARK_PATTERNS_DESTRUCTIVE_PACKS=filesystem,container,git-protected
# Default: all surfaces active. Subset via the env var.
#
# Add custom patterns via packs/destructive/extras.txt or via
# ${XDG_CONFIG_HOME}/llm-dark-patterns/packs/destructive/<surface>.txt —
# operator-local additions extend, never replace.

[patterns]
(^|[[:space:];&|])sed[[:space:]]+-i[[:space:]].*\.(env|env\..*|secret|secrets|key|pem|crt)([[:space:]]|$)
(^|[[:space:];&|])sed[[:space:]]+-i[[:space:]].*/(\.storage|\.ssh|\.gnupg|secrets|\.kube)/
(^|[[:space:];&|])(>|tee)[[:space:]]+(/etc/|/var/lib/|/srv/|/opt/[^[:space:]]+/conf|\.env[^[:space:]]*|\.kube/config|secrets/)
(^|[[:space:];&|])truncate[[:space:]]+-s[[:space:]]+0
(^|[[:space:];&|])shred[[:space:]]+-
