kingfisher/crates/kingfisher-rules/data/rules/arcjet.yml

rules:
  - name: Arcjet API Key
    id: kingfisher.arcjet.1
    pattern: |
      (?x)
      \b
      (
        ajkey_[a-z0-9]{26}
      )
      \b
    pattern_requirements:
      min_digits: 3
      min_lowercase: 6
    min_entropy: 3.5
    confidence: medium
    categories: [api, key]
    examples:
      - 'ARCJET_KEY=ajkey_01kpe3gbb3ek3asrwvfsmtjtam'
      - 'ARCJET_KEY="ajkey_01kpe3k7r4n6v9s2q1w8x5y7zc"'
    references:
      - https://docs.arcjet.com/environment
      - https://docs.arcjet.com/reference/nodejs
      - https://docs.arcjet.com/troubleshooting/
      - https://github.com/arcjet/arcjet-js/blob/main/protocol/client.ts
      - https://github.com/arcjet/arcjet-js/blob/main/protocol/proto/decide/v1alpha1/decide_pb.d.ts
    # No standalone validation is added: Arcjet's public DecideService endpoint
    # accepts multiple mutated ajkey_ values and returns CONCLUSION_ALLOW, so it
    # is not reliable for distinguishing valid from invalid site keys.