chore(hooks): path-guard + token-guard + .sh→.mts conversion

[John-David Dalton (jdalton)]

Self-landable split from #620. Combines the hook overhaul into one atomic PR.

Path-guard infra

• .claude/hooks/path-guard/ — hook + tests + canonical segments.mts
• .claude/skills/path-guard/ — audit-and-fix skill
• .claude/skills/_shared/path-guard-rule.md — canonical mantra rule
• scripts/check-paths.mts — the whole-repo gate
• .github/paths-allowlist.yml — empty starter, full schema docs
• .claude/settings.json — wires hook on Edit|Write
• scripts/check.mts — invokes the gate

Detection features: template-literal path detection · drift-resistant allowlist via snippet_hash · --show-hashes CLI flag · paren-balanced parser · multi-line YAML reasons.

Token-guard hook

• .claude/hooks/token-guard/ — renamed from token-hygiene. Word-boundary match for sensitive env names. ALWAYS_DANGEROUS check skips when a redaction pipeline is present (so env | sed s/=.*/=<redacted>/ — the suggested fix — actually passes).

.sh → .mts hook conversion (Node 25+)

• .git-hooks/_helpers.mts (was _helpers.sh) — exports filterAllowedApiKeys + scanners for personal paths, AWS keys, GitHub tokens, private keys, AI attribution
• .git-hooks/{commit-msg,pre-commit,pre-push}.mts (were .sh)
• .husky/* shims invoke node directly

Fleet hooks

• .claude/hooks/check-new-deps — npm dep introspection
• .claude/hooks/private-name-guard
• .claude/hooks/public-surface-reminder
• .claude/hooks/release-workflow-guard

Verification

pnpm install         ✓
pnpm run check --all ✓
pnpm test --all      ✓ 565/565 tests pass

Test plan

• Lint + typecheck pass locally
• All 565 tests pass locally
• CI matrix passes

[John-David Dalton (jdalton)]

bugbot run