From 1864db07438355a06d104a44607699572600fd51 Mon Sep 17 00:00:00 2001
From: Luke Young <bored-engineer@users.noreply.github.com>
Date: Fri, 30 Jan 2026 13:55:32 -0800
Subject: [PATCH 1/5] fix(aws): improve regex

Signed-off-by: Luke Young <bored-engineer@users.noreply.github.com>
---
 data/rules/aws.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/rules/aws.yml b/data/rules/aws.yml
index 6015285..2169cd4 100644
--- a/data/rules/aws.yml
+++ b/data/rules/aws.yml
@@ -84,7 +84,7 @@ rules:
     pattern: |
       (?x)
       (
-        ABSKQmVkcm9ja0FQSUtleS[A-Za-z0-9+/=]{110}
+        ABSKQmVkcm9ja0FQSUtleS[A-Za-z0-9+/]{91,}={0,2}
       )
     min_entropy: 3.0
     confidence: medium
@@ -128,4 +128,4 @@ rules:
             Authorization: "Bearer {{ TOKEN }}"
           response_matcher:
             - type: StatusMatch
-              status: [200]
\ No newline at end of file
+              status: [200]

From 2a18b17ae82c98c0ef6301517c4a5af61a8ca7c7 Mon Sep 17 00:00:00 2001
From: Luke Young <bored-engineer@users.noreply.github.com>
Date: Fri, 30 Jan 2026 21:17:04 -0800
Subject: [PATCH 2/5] feat(age): add rules for post-quantum keys
 (MLKEM768-X25519)

---
 data/rules/age.yml | 43 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/data/rules/age.yml b/data/rules/age.yml
index f296a26..dfd5a44 100644
--- a/data/rules/age.yml
+++ b/data/rules/age.yml
@@ -39,4 +39,45 @@ rules:
       - https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age.1.html
       - https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type
     categories:
-      - secret
\ No newline at end of file
+      - secret
+
+  - name: Age Recipient (MLKEM768-X25519 public key)
+    id: kingfisher.age.3
+    pattern: |
+      (?xi)
+      \b
+      (
+        age1pq1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{1952}
+      )
+      \b
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - 'age1pq1x34nzsvr0rxjsgdn8zgyhfe8j7ceq5r9rdelkjuh3y235jzxshfg87pzf5zrqtzdxz95paef6caq5aapdmwjjqpjfdyxnzr2zampc3uxy0dg4z2n2gm9su72p0pc3u0jvev55l694v78snxg3yzvcl7yda0eyytqj6a0ec477lnhcy5hzpz4zq3pxanve4cn62gqj3pjy5lqj9c6kyj4v2z8alktn8zh99970x79gjkv7522hv9kfz35zsnxhsx8wwtmu9cy3ftzjgwcp4sshn3llnylnpdsyz5jm72vefv4x5vfwytrefxg4wq3mv42wcrvkj742479zrxzpvp2p3e9fed9f0739vcu80r7ma28qfhnvlv4gfzel9q654dj3zmuvvz893azhxdvs9fxd0r7jzchzcfcs5mkyyjxhw0n2z6dvp9yn9qfdp29h0azxqyjw6v7fhyuzj7zel0uq6j9rd7wgrpz7mf5dnj43jwsgvrc8qcnhy7tu6dkdujuxzkp9xj43xe8h92ktre2a3u3s8mm5mrp9nr9pwkgtz4mdlq9hgn4fps4k57ff6wddn2fy23t47sm20r8km8sd2pcyyafnet8f0dajsrlyjeah4n3mssr6aseevuuskdvq5lzguyvpgwpta742c6698vgutzqgny8usfg0w2he7kq5vyxjd0f9hqg8xk26y9e4th0gezq92q4cpp5p2y9hf5f2cje5l0c3sa3a2qxmm38pxxvhxh99yzmfz0zk7r2s64nnwjhkfgfr3gf8xnmppcgmaykvh5sh6g7vk9790rf8ws0axmr2t7z8aae5fq2029uvcn2ghgt4fu4wgwdc0k0cz52qkvwmuzj8p8k5jgf3xzk5zmrkavjekjrpeq408xz3zxazwkc6tyfmhayrkfpjhwtz5mp8j8guqe43k2q6m2kte03vrw27y3wmqyu5etmt9dnkwcnnpmu9gz9dekfhdevf42ucshphnrk38ra6hx8w5f8q5ru0xdhrjxmwqf6cused7zc5xvq43r0zscjglpwlptpwydhqw64xz7ptjdyeyzpq2zkxtmzg29gzjpvzva4d3l0cenn9xs297wf4y4ukwrunf57xj6pm7nvrkwvtrt8hwcmgv8x7ajw7258ugf9wvkmk4052ekg87tw5vnx8nq2swyzv77v8yqlwsenvamr0zssknwts8rrhfuwj7ykysnq9jxy0uv3kuyt22djszjdtvpz6d0s0kwh8ryynddzud92emeyvvyqktd0jtj7rvvg5gch25v8smlvny3kvn5gagyz475ze2y6q466xqmz2n3hs77lddeqyta2nch5k2u5yacuk9ywnwfdzvyejnucz724hj77hrrmakm7pr3kxsrxq22ejexlud9fy2kdqmkg5yncz7jm5wv2qjk5w5kvcpqsry2yqffh2la52dxfjkjq5rzhjzeyn6dupn0qwtyv7s4lwg3xdarsdlwe2y3tujy480y7z39q259fzx6jhd2j0f5hagqpcpees7hzc2yrk5cy788uk3s7qvp5cpepx24gvws3m2g433exgwppnkjscec8qu4y9z9r7vccexjcjaen42245lmgmxmuavg9alej92322gvvyy2t6267v09ch64y0m53jff0vjj96s0ypk60hr3jw4myd6m5hpn3xjstx7tl2szhpr5qe8jj08ydjc4wy2rch2fhuy3pdfjax5awe9j99ly5hkntzz9fe5zatgjvzdd0kgtxs25njnajyf6ssekp7gelxquusn4pt25czh3scj68kq79wdn5tgm6yvm9nzavrg043x3msnygf8dweknw5jmqd0uvny6ttsn09508k0c55zfnegrm9efhxpfqdkmhh6gjtqmwze9pyyzk3tlhl53k2ykx3qheyty7saeq0d3fzv49zc0k'
+    references:
+      - https://age-encryption.org
+      - https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age.1.html
+      - https://github.com/C2SP/C2SP/blob/037e546d164a89fd7577df2c18df80bb54bd246e/age.md#the-mlkem768-x25519-ie-x-wing-hybrid-post-quantum-recipient-type
+
+  - name: Age Identity (MLKEM768-X25519 secret key)
+    id: kingfisher.age.4
+    pattern: |
+      (?x)
+      \b
+      (
+        AGE-SECRET-KEY-PQ-1[0-9A-Z]{58}
+      )
+      \b
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - |
+        # created: 2025-11-17T12:15:17+01:00
+        # public key: age1pq1pd[... 1950 more characters ...]
+        AGE-SECRET-KEY-PQ-1XXC4XS9DXHZ6TREKQTT3XECY8VNNU7GJ83C3Y49D0GZ3ZUME4JWS6QC3EF
+    references:
+      - https://age-encryption.org
+      - https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age.1.html
+      - https://github.com/C2SP/C2SP/blob/037e546d164a89fd7577df2c18df80bb54bd246e/age.md#the-mlkem768-x25519-ie-x-wing-hybrid-post-quantum-recipient-type
+    categories:
+      - secret

From 7764572615dfaa4411507b94797c2c8a1f52f40a Mon Sep 17 00:00:00 2001
From: Luke Young <bored-engineer@users.noreply.github.com>
Date: Fri, 30 Jan 2026 22:17:15 -0800
Subject: [PATCH 3/5] pick arbitrary upper bound

---
 data/rules/aws.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/rules/aws.yml b/data/rules/aws.yml
index 2169cd4..3bfc6c8 100644
--- a/data/rules/aws.yml
+++ b/data/rules/aws.yml
@@ -84,7 +84,7 @@ rules:
     pattern: |
       (?x)
       (
-        ABSKQmVkcm9ja0FQSUtleS[A-Za-z0-9+/]{91,}={0,2}
+        ABSKQmVkcm9ja0FQSUtleS[A-Za-z0-9+/]{91,121}={0,2}
       )
     min_entropy: 3.0
     confidence: medium

From 408de4384d6ef4189c6a961cb5c7b7e799b784dc Mon Sep 17 00:00:00 2001
From: Luke Young <bored-engineer@users.noreply.github.com>
Date: Sat, 31 Jan 2026 13:27:52 -0800
Subject: [PATCH 4/5] Fix regex pattern formatting in age.yml

---
 data/rules/age.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/rules/age.yml b/data/rules/age.yml
index daf1430..c68a5e4 100644
--- a/data/rules/age.yml
+++ b/data/rules/age.yml
@@ -44,7 +44,7 @@ rules:
   - name: Age Recipient (MLKEM768-X25519 public key)
     id: kingfisher.age.3
     pattern: |
-      (?xi)
+      (?x)
       \b
       (
         age1pq1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{1952}

From eaa99a77c44c4ce47f98bd01e846c90badae5bd4 Mon Sep 17 00:00:00 2001
From: Luke Young <bored-engineer@users.noreply.github.com>
Date: Sat, 31 Jan 2026 13:30:17 -0800
Subject: [PATCH 5/5] Update regex pattern for AWS Access Key ID

Refactor regex pattern for AWS Access Key ID rule.

Signed-off-by: Luke Young <bored-engineer@users.noreply.github.com>
---
 data/rules/aws.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/rules/aws.yml b/data/rules/aws.yml
index 6015285..71218f2 100644
--- a/data/rules/aws.yml
+++ b/data/rules/aws.yml
@@ -2,7 +2,7 @@ rules:
   - name: AWS Access Key ID
     id: kingfisher.aws.1
     pattern: |
-      (?xi)             
+      (?x)             
       \b
       (
         (?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)
@@ -128,4 +128,4 @@ rules:
             Authorization: "Bearer {{ TOKEN }}"
           response_matcher:
             - type: StatusMatch
-              status: [200]
\ No newline at end of file
+              status: [200]