From 7d16f05df6bddbb5cd01be2e5de0563fcc3f6b66 Mon Sep 17 00:00:00 2001
From: Mick Grove <mick.grove@mongodb.com>
Date: Fri, 17 Apr 2026 08:30:05 -0700
Subject: [PATCH] performance improvements and rule improvements

---
 crates/kingfisher-rules/data/rules/aikido.yml | 68 ++++++++++++++++++-
 1 file changed, 67 insertions(+), 1 deletion(-)

diff --git a/crates/kingfisher-rules/data/rules/aikido.yml b/crates/kingfisher-rules/data/rules/aikido.yml
index e1eb35a..f8570db 100644
--- a/crates/kingfisher-rules/data/rules/aikido.yml
+++ b/crates/kingfisher-rules/data/rules/aikido.yml
@@ -1,11 +1,77 @@
 rules:
+  - name: Aikido Client ID
+    id: kingfisher.aikido.2
+    pattern: |
+      (?x)
+      \b
+      (
+        AIK_CLIENT_[A-Za-z0-9]{24}
+      )
+      \b
+    pattern_requirements:
+      min_digits: 2
+      min_uppercase: 2
+      min_lowercase: 2
+    min_entropy: 3.0
+    confidence: medium
+    visible: false
+    examples:
+      - 'AIK_CLIENT_ID=AIK_CLIENT_a1B2c3D4e5F6g7H8i9J0k1L2'
+    references:
+      - https://apidocs.aikido.dev/reference/authorization
+      - https://apidocs.aikido.dev/reference/getaccesstoken
+
+  - name: Aikido Client Secret
+    id: kingfisher.aikido.3
+    pattern: |
+      (?x)
+      \b
+      (
+        AIK_SECRET_[A-Za-z0-9]{64}
+      )
+      \b
+    pattern_requirements:
+      min_digits: 4
+      min_uppercase: 4
+      min_lowercase: 4
+    min_entropy: 3.5
+    confidence: medium
+    examples:
+      - 'AIK_CLIENT_SECRET=AIK_SECRET_a1B2c3D4e5F6g7H8i9J0k1L2m3N4o5P6q7R8s9T0u1V2w3X4y5Z6a7B8c9D0e1F2'
+    depends_on_rule:
+      - rule_id: kingfisher.aikido.2
+        variable: CLIENT_ID
+    references:
+      - https://apidocs.aikido.dev/reference/authorization
+      - https://apidocs.aikido.dev/reference/getaccesstoken
+    validation:
+      type: Http
+      content:
+        request:
+          method: POST
+          url: https://app.aikido.dev/api/oauth/token
+          headers:
+            Accept: application/json
+            Content-Type: application/x-www-form-urlencoded
+            Authorization: "Basic {{ CLIENT_ID | append: ':' | append: TOKEN | b64enc }}"
+          body: grant_type=client_credentials
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: JsonValid
+            - type: WordMatch
+              words:
+                - '"access_token"'
+                - '"token_type"'
+
   - name: Aikido CI Token
     id: kingfisher.aikido.1
     pattern: |
       (?x)
       \b
       (
-        AIK_CI_[a-zA-Z0-9]{20,44}
+        AIK_CI_[A-Za-z0-9]{20,44}
       )
       \b
     min_entropy: 3.0