fix(hooks): align pre-push .env detection + fix sed redaction regex (Bugbot)

Two issues from Cursor Bugbot's review of cli #1279:

1. token-guard sed redaction regex couldn't cross delimiter boundary
   (high). The pattern /\bsed\b[^|]*s[/|#][^/|#]*=[^/|#]*<?redact/i
   used [^/|#]* which stops at the / between sed pattern and
   replacement, so 'sed s/=.*/=<redacted>/' (the canonical fix the
   error message suggests) never matched. Replaced with [\s\S]*? to
   reach across the delimiter.

2. pre-push.mts .env detection only matched root-level .env / .env.local
   (high). commit-msg.mts and pre-commit.mts both use basename() with
   a broader pattern. pre-push is the mandatory enforcement layer for
   --no-verify bypasses; weaker detection there meant a nested
   packages/cli/.env.local would slip through. Aligned to basename-
   based matching with the same allowlist (.env.example/.env.test/
   .env.precommit).

Author: jdalton

.claude/hooks/token-guard/index.mts

@@ -41,9 +41,15 @@ const SENSITIVE_ENV_NAMES = [
 ]
 
 // Pipelines that "launder" earlier-stage secrets into safe output.
+// The first two patterns match `sed 's/.../redact.../'` and
+// `sed 's/.../FOO=*****/'` regardless of which delimiter sed uses
+// (`/`, `#`, `|`). `[\s\S]*?` reaches across the delimiter between
+// the search and replacement parts (the previous `[^/|#]*` couldn't
+// cross `/` and so missed the canonical `sed 's/=.*/=<redacted>/'`
+// — the very command the token-guard error message suggests).
 const REDACTION_MARKERS = [
-  /\bsed\b[^|]*s[/|#][^/|#]*=[^/|#]*<?redact/i,
-  /\bsed\b[^|]*s[/|#][^/|#]*[A-Z_]+=[^/|#]*\*+/i,
+  /\bsed\b[^|]*s[/|#][\s\S]*?<?redact/i,
+  /\bsed\b[^|]*s[/|#][\s\S]*?[A-Z_]+=[\s\S]*?\*{3,}/i,
   /\|\s*cut\b[^|]*-d['"]?=['"]?\s*-f\s*1/i,
   /\|\s*awk\b[^|]*-F\s*['"]?=['"]?/i,
   />\s*\/dev\/null/,

.git-hooks/pre-push.mts

@@ -18,6 +18,7 @@
 import { spawnSync } from 'node:child_process'
 import { existsSync, statSync } from 'node:fs'
 
+import { basename } from 'node:path'
 import process from 'node:process'
 
 import {
@@ -190,8 +191,17 @@ const scanFilesInRange = (range: string): number => {
     return 0
   }
 
-  // Top-level sensitive filenames in the change set.
-  const envHits = changed.filter(f => /^\.env(\.local)?$/.test(f))
+  // .env files at any depth — match commit-msg.mts and pre-commit.mts.
+  // Allow .env.example, .env.test, .env.precommit (templates / tracked
+  // placeholders); block bare .env / .env.local / .env.production /
+  // anything else regardless of directory depth.
+  const envHits = changed.filter(f => {
+    const base = basename(f)
+    return (
+      /^\.env(\.[^/]+)?$/.test(base) &&
+      !/^\.env\.(example|test|precommit)$/.test(base)
+    )
+  })
   if (envHits.length > 0) {
     out(red('✗ BLOCKED: Attempting to push .env file!'))
     out(`Files: ${envHits.join(', ')}`)