Feat/community rules expansion

[RonCodes88]

Rules added

Destructive infrastructure

• rogue.terraform-destroy — block terraform destroy and auto-approved applies
• rogue.cloud-resource-destroy — block force-flagged AWS / GCP / Azure deletes
• rogue.k8s-destructive — block kubectl delete --all, namespace/PV/secret deletes, helm uninstall
• rogue.docker-prune — block docker system prune, volume rm, compose down -v
• rogue.sql-mass-mutation — block TRUNCATE, DROP DATABASE, unbounded DELETE/UPDATE, FLUSHALL

Agent persistence

• rogue.cron-persistence — block crontab installs and writes to /etc/cron.*
• rogue.launchd-persistence — block macOS LaunchAgent / LaunchDaemon installs
• rogue.systemd-persistence — block systemd unit writes and systemctl enable
• rogue.shell-rc-write — block writes to .bashrc / .zshrc / .profile
• rogue.reverse-shell — block bash -i >& /dev/tcp/, nc -e, socat exec, scripted socket shells

Data exfiltration

• exfil.dns-tunnel — block long base64 / hex subdomain queries via dig / nslookup / ping (CVE-2025-55284)
• exfil.git-remote-add — block git remote add, push to literal URL, gh repo/gist create
• exfil.cloud-cred-read — block reads of gcloud / Azure / Docker / Terraform credential stores
• exfil.browser-credential-read — block reads of Chrome / Firefox / Safari / Slack / IDE session stores

Supply chain

• supply-chain.npm-untrusted — block npm / yarn / pnpm installs from URL / git / tarball, plus publish / token
• supply-chain.pip-untrusted — block pip / uv / poetry / conda installs from URL / git / alt-index, plus publish
• supply-chain.installer-curl-bash — block fetch-then-execute installer variants beyond curl | sh

System integrity

• rogue.permission-loosening — block chmod 777, chmod +s, recursive system chown
• rogue.security-disable — block firewall / SELinux / SIP / audit / shell-history disables
• rogue.system-auth-write — block writes to /etc/sudoers, /etc/passwd, /etc/hosts, ~/.ssh/authorized_keys
• rogue.git-history-rewrite — block filter-branch, reflog expire, gc --prune=now, hard-reset to remote

[knhn1004]

Reviewed end-to-end on a local daemon — installed all 22 rules, verified each fires with the expected rule_id against the documented attack shape, and ran 14 false-positive checks (terraform plan, npm install lodash, kubectl get pods, chmod 644, etc.) with no spurious denies.

• Schema validation: ✓ (CI already green; my local re-run also passes)
• RE2 compatibility: ✓ (no negative lookaheads or backreferences; all 22 regex sets compile inside the daemon)
• README coverage: ✓ (every rule has one)
• Real-world citations are spot-on — DataTalks.Club, Shai-Hulud, Replit, CVE-2025-55284, hermes-px, ShinyHunters, Claude Fraud, etc. — each links a regex shape to a documented incident.

A couple of small notes for follow-ups, not blocking:

• rogue.cron-persistence: the canonical install pattern often includes a curl … | sh, which trips rogue.destructive-bash first. Both rules independently work; ordering just means cron-persistence won't always be the chosen rule_id. Worth a sentence in the README.
• rogue.git-history-rewrite matches git branch -D, which is legitimate for short-lived branch cleanup. Severity is "high" and default mode is monitor, so the noise floor is acceptable, but operators flipping to enforce will want to know.

LGTM. Merging with auto-merge.