security(public-repo): client-name deny-list + AGENTS.md MUST NOT rule

[tymofiy]

Summary

Two-layer hardening against real-engagement names landing in the public repo (continuation of the 91d5e27 / c6c6167 / f4365c6 de-leak series).

Layer 1 — agent awareness (primary): AGENTS.md adds a 9th MUST NOT rule covering real client / collection / vendor / family names. The rule text uses only fictional placeholders so the file itself never names a real engagement.

Layer 2 — mechanical backstop: lefthook gets a client-names step in both pre-commit and commit-msg that scans against patterns loaded from $DENY_PATTERNS_CLIENT_NAMES. The patterns themselves live in a gitignored .private-deny-list file sourced by .lefthookrc; a committed .private-deny-list.example documents the shape. Fresh clones without a local patterns file fall back to the AGENTS.md behavioral defense — acceptable since putting actual names in the public hook config would defeat the scrub.

Files

File	Change
.gitignore	Ignore .private-deny-list
.lefthookrc	Source .private-deny-list if present
.private-deny-list.example	New — shape doc with placeholder names
lefthook.yml	Add client-names step to pre-commit + commit-msg
AGENTS.md	Add MUST NOT #9

Test plan

• Pre-commit hook fired on this commit and PASSED (proving the new client-names check doesn't false-positive on its own files)
• Regex tested locally: matches real-name strings, does not match generic placeholders
• .private-deny-list correctly marked as ignored (!! in git status --ignored)
• After merge: try to commit a test file containing a deny-listed name → verify hook blocks it
• After merge: try a commit message containing a deny-listed name → verify hook blocks it

🤖 Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: da1639edb2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Reject invalid deny-list regex instead of passing commits

The new client-names hook treats any non-match from grep -E as safe, which means an invalid or unsupported pattern in $DENY_PATTERNS_CLIENT_NAMES silently disables this protection and lets commits through. In pre-commit this is especially hidden because stderr is redirected away, so regex parse errors (or platform-specific incompatibilities) are indistinguishable from “no hit.” This undermines the mechanical backstop exactly when local patterns are misconfigured; the hook should fail closed when grep exits with an error status.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Avoid GNU-only escapes in POSIX regex guidance

This example labels the pattern syntax as “POSIX extended regex” but then recommends \s and \b, which are GNU extensions rather than POSIX ERE constructs. Contributors following this guidance on non-GNU environments (e.g., BSD/macOS default grep) can end up with patterns that do not match as intended, reducing or nullifying the deny-list check. Use POSIX character classes/word-boundary-safe alternatives in the example (or explicitly require GNU grep).

Useful? React with 👍 / 👎.