feat: additive security improvements — prompt guard, content filter, data classification

Prompt Injection Detection (EGAI 4.6.3.2):
- 12-pattern regex scanner on user messages before AI processing
- Logs warning + creates SecurityAlert audit entry on detection
- Reinforces system prompt instead of blocking (non-breaking)

AI Output Content Filter (EGAI 4.3.2.1):
- Scans AI responses for leaked credentials/secrets
- Auto-redacts passwords, API keys, bearer tokens, private keys
- Logs warning + SecurityAlert audit when redaction occurs

AI Tool Execution Audit Trail (IAAI 3.6.35):
- Every AI tool call creates AiToolExecution audit entry
- Logs tool name, parameters, userId, source: "ai"

Data Classification Labels (EGAI 4.2):
- DATA_CLASSIFICATION constant mapping all fields to HC/C/IR/U
- Exported from @capakraken/shared

All changes strictly additive — no existing logic modified.

Co-Authored-By: claude-flow <ruv@ruv.net>

packages/shared/src/constants/data-classification.ts

@@ -0,0 +1,32 @@
+/**
+ * Accenture Data Classification labels for CapaKraken fields.
+ * HC = Highly Confidential, C = Confidential, IR = Internal/Restricted, U = Unrestricted
+ *
+ * EGAI 4.2 / Data Classification Standard
+ */
+export const DATA_CLASSIFICATION = {
+  // Highly Confidential
+  passwordHash: "HC",
+  totpSecret: "HC",
+  apiKeys: "HC",
+
+  // Confidential
+  lcrCents: "C",
+  ucrCents: "C",
+  budgetCents: "C",
+  chargeabilityTarget: "C",
+  email: "C",
+
+  // Internal/Restricted
+  displayName: "IR",
+  eid: "IR",
+  chapter: "IR",
+  skills: "IR",
+
+  // Unrestricted
+  projectName: "U",
+  shortCode: "U",
+  roleName: "U",
+} as const;
+
+export type DataClassification = "HC" | "C" | "IR" | "U";

packages/shared/src/constants/index.ts

@@ -2,6 +2,7 @@ export * from "./germanStates.js";
 export * from "./publicHolidays.js";
 export * from "./columns.js";
 export * from "./dispo-import.js";
+export * from "./data-classification.js";
 
 export const BUDGET_WARNING_THRESHOLDS = {
   INFO: 70,