feat: Sprint C-1 — 팀 보안 강화

lib/team_security.py:
- 경로 마스킹: glob 패턴으로 민감 경로 자동 [MASKED]
- 콘텐츠 필터: 키워드 기반 redact/skip 모드
- 세션 opt-out: CLAUDE_DIARY_SKIP 환경변수 + skip_projects
- 접근 제어: member/lead/admin 3단계 역할 + 권한 필터링

core.py:
- opt-out 체크 (파이프라인 최초)
- 경로 마스킹 + 콘텐츠 필터 (시크릿 스캔 후 적용)

cli.py:
- delete --last / --session 명령어 (세션 삭제)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: solzip

src/claude_diary/cli.py

@@ -74,6 +74,11 @@ def main():
     p_audit.add_argument("--verify", action="store_true", help="Verify source code checksum")
     p_audit.add_argument("-n", type=int, default=10, help="Number of entries (default: 10)")
 
+    # delete
+    p_delete = sub.add_parser("delete", help="Delete a diary session entry")
+    p_delete.add_argument("--last", action="store_true", help="Delete the last session entry")
+    p_delete.add_argument("--session", help="Delete by session ID prefix")
+
     # dashboard
     p_dashboard = sub.add_parser("dashboard", help="Generate HTML dashboard")
     p_dashboard.add_argument("--serve", action="store_true", help="Start local server")
@@ -97,6 +102,7 @@ def main():
         "migrate": cmd_migrate,
         "reindex": cmd_reindex,
         "audit": cmd_audit,
+        "delete": cmd_delete,
         "dashboard": cmd_dashboard,
     }
 
@@ -645,6 +651,73 @@ def cmd_audit(args):
         print(line)
 
 
+# ── Delete ──
+
+def cmd_delete(args):
+    config = load_config()
+    diary_dir = os.path.expanduser(config["diary_dir"])
+    tz_offset = config.get("timezone_offset", 9)
+    local_tz = timezone(timedelta(hours=tz_offset))
+
+    if args.last:
+        # Find today's file and remove last entry
+        today = datetime.now(local_tz).strftime("%Y-%m-%d")
+        filepath = os.path.join(diary_dir, "%s.md" % today)
+        if not os.path.exists(filepath):
+            print("No diary file for today (%s)" % today)
+            return
+
+        with open(filepath, "r", encoding="utf-8") as f:
+            content = f.read()
+
+        # Split by session markers and remove last
+        parts = content.split("### ⏰")
+        if len(parts) <= 1:
+            print("No session entries found in today's diary.")
+            return
+
+        # Remove last entry (everything after last "### ⏰")
+        new_content = "### ⏰".join(parts[:-1])
+        # Remove trailing "---\n\n" if present
+        new_content = new_content.rstrip()
+        if new_content.endswith("---"):
+            new_content = new_content[:-3].rstrip()
+        new_content += "\n\n"
+
+        with open(filepath, "w", encoding="utf-8") as f:
+            f.write(new_content)
+
+        print("Last session entry deleted from %s" % filepath)
+        return
+
+    if args.session:
+        # Search all files for session ID and remove that entry
+        found = False
+        for f in sorted(Path(diary_dir).glob("*.md")):
+            try:
+                content = f.read_text(encoding="utf-8")
+            except Exception:
+                continue
+            if args.session in content:
+                parts = content.split("### ⏰")
+                new_parts = [parts[0]]
+                for part in parts[1:]:
+                    if args.session not in part:
+                        new_parts.append(part)
+                    else:
+                        found = True
+                new_content = "### ⏰".join(new_parts).rstrip() + "\n"
+                f.write_text(new_content, encoding="utf-8")
+                print("Session %s deleted from %s" % (args.session, f.name))
+                break
+
+        if not found:
+            print("Session '%s' not found." % args.session)
+        return
+
+    print("Specify --last or --session <id>")
+
+
 # ── Dashboard ──
 
 def cmd_dashboard(args):

src/claude_diary/core.py

@@ -32,6 +32,12 @@ def process_session(session_id, transcript_path, cwd):
     diary_dir = os.path.expanduser(config.get("diary_dir", "~/working-diary"))
     enrichment = config.get("enrichment", {})
 
+    # 0. Session opt-out check
+    from claude_diary.lib.team_security import should_skip_session
+    if should_skip_session(cwd, config):
+        sys.stderr.write("[diary] Session skipped (opt-out)\n")
+        return False
+
     local_tz = timezone(timedelta(hours=tz_offset))
     now = datetime.now(local_tz)
     date_str = now.strftime("%Y-%m-%d")
@@ -101,6 +107,25 @@ def process_session(session_id, transcript_path, cwd):
     except Exception:
         pass
 
+    # 5.5 Team security filters (path masking + content filter)
+    try:
+        from claude_diary.lib.team_security import mask_paths, filter_entry_data
+        security = config.get("security", {})
+        mask_patterns = security.get("mask_paths", [])
+        if mask_patterns:
+            entry_data["files_created"] = mask_paths(entry_data["files_created"], mask_patterns)
+            entry_data["files_modified"] = mask_paths(entry_data["files_modified"], mask_patterns)
+
+        content_filters = security.get("content_filters", [])
+        filter_mode = security.get("filter_mode", "redact")
+        if content_filters:
+            should_record = filter_entry_data(entry_data, content_filters, filter_mode)
+            if not should_record:
+                sys.stderr.write("[diary] Session skipped (content filter)\n")
+                return False
+    except Exception:
+        pass
+
     # 6. Format and write (CRITICAL — exit 1 on failure)
     try:
         entry_text = format_entry(entry_data, lang)

src/claude_diary/lib/team_security.py

@@ -0,0 +1,210 @@
+"""Team security module — path masking, content filtering, access control, opt-out."""
+
+import fnmatch
+import os
+import re
+import sys
+
+
+# ── Path Masking ──
+
+def mask_paths(file_list, mask_patterns):
+    """Mask sensitive file paths using glob patterns.
+
+    Args:
+        file_list: List of file path strings
+        mask_patterns: List of glob patterns (e.g., "**/credentials/**", "**/.env*")
+
+    Returns:
+        New list with matched paths replaced by "[MASKED]"
+    """
+    if not mask_patterns:
+        return file_list
+
+    masked = []
+    for fp in file_list:
+        normalized = fp.replace("\\", "/")
+        if _path_matches(normalized, mask_patterns):
+            masked.append("[MASKED]")
+        else:
+            masked.append(fp)
+    return masked
+
+
+def _path_matches(path, patterns):
+    """Check if path matches any glob pattern."""
+    for pattern in patterns:
+        # Normalize pattern
+        p = pattern.replace("\\", "/")
+        # Direct fnmatch
+        if fnmatch.fnmatch(path, p):
+            return True
+        # Check if any path component matches a keyword pattern
+        parts = path.lower().split("/")
+        p_parts = p.lower().replace("**/", "").replace("/**", "").split("/")
+        for keyword in p_parts:
+            if not keyword or keyword == "*":
+                continue
+            for part in parts:
+                if fnmatch.fnmatch(part, keyword):
+                    return True
+    return False
+
+
+# ── Content Filtering ──
+
+def filter_content(text, filter_keywords, mode="redact"):
+    """Filter sensitive content from text.
+
+    Args:
+        text: Text to filter
+        filter_keywords: List of keywords to detect
+        mode: "redact" = replace sentence with [REDACTED], "skip" = return None
+
+    Returns:
+        Filtered text, or None if mode=skip and keyword found
+    """
+    if not text or not filter_keywords:
+        return text
+
+    text_lower = text.lower()
+    for kw in filter_keywords:
+        if kw.lower() in text_lower:
+            if mode == "skip":
+                return None
+            elif mode == "redact":
+                # Replace the sentence containing the keyword
+                sentences = re.split(r'([.!?\n])', text)
+                result = []
+                for i in range(0, len(sentences), 2):
+                    sent = sentences[i] if i < len(sentences) else ""
+                    sep = sentences[i + 1] if i + 1 < len(sentences) else ""
+                    if kw.lower() in sent.lower():
+                        result.append("[REDACTED]" + sep)
+                    else:
+                        result.append(sent + sep)
+                return "".join(result)
+
+    return text
+
+
+def filter_entry_data(entry_data, filter_keywords, mode="redact"):
+    """Apply content filtering to all text fields of entry_data.
+
+    If mode=skip and keyword found, returns False (skip entire session).
+    Otherwise modifies entry_data in-place and returns True.
+    """
+    if not filter_keywords:
+        return True
+
+    # Check if session should be skipped entirely
+    if mode == "skip":
+        all_text = " ".join(
+            entry_data.get("user_prompts", []) +
+            entry_data.get("summary_hints", []) +
+            entry_data.get("commands_run", [])
+        )
+        for kw in filter_keywords:
+            if kw.lower() in all_text.lower():
+                return False
+
+    # Redact mode
+    for field in ("user_prompts", "summary_hints", "commands_run"):
+        items = entry_data.get(field, [])
+        filtered = []
+        for item in items:
+            result = filter_content(item, filter_keywords, mode)
+            if result is not None:
+                filtered.append(result)
+        entry_data[field] = filtered
+
+    return True
+
+
+# ── Session Opt-out ──
+
+def should_skip_session(cwd, config):
+    """Check if the current session should be skipped.
+
+    Checks:
+    1. CLAUDE_DIARY_SKIP=1 environment variable
+    2. Project name in config.skip_projects list
+
+    Returns:
+        True if session should be skipped
+    """
+    # Env var check
+    if os.environ.get("CLAUDE_DIARY_SKIP", "").strip() in ("1", "true", "yes"):
+        return True
+
+    # Project skip list
+    skip_projects = config.get("skip_projects", [])
+    if skip_projects and cwd:
+        project = os.path.basename(cwd.replace("\\", "/").rstrip("/"))
+        if project in skip_projects:
+            return True
+
+    return False
+
+
+# ── Access Control ──
+
+ROLE_PERMISSIONS = {
+    "member": {"own_diary": "full", "others_diary": "summary", "others_detail": False, "team_stats": True},
+    "lead":   {"own_diary": "full", "others_diary": "full", "others_detail": "same_project", "team_stats": True},
+    "admin":  {"own_diary": "full", "others_diary": "full", "others_detail": True, "team_stats": True},
+}
+
+
+def check_access(viewer_role, viewer_name, target_name, target_project=None, viewer_projects=None):
+    """Check if viewer has access to target's diary.
+
+    Args:
+        viewer_role: "member", "lead", or "admin"
+        viewer_name: Name of the person viewing
+        target_name: Name of the diary owner
+        target_project: Project of the diary entry
+        viewer_projects: Projects the viewer is involved in
+
+    Returns:
+        "full", "summary", or "none"
+    """
+    if viewer_name == target_name:
+        return "full"
+
+    perms = ROLE_PERMISSIONS.get(viewer_role, ROLE_PERMISSIONS["member"])
+
+    if viewer_role == "admin":
+        return "full"
+
+    if viewer_role == "lead":
+        if target_project and viewer_projects and target_project in viewer_projects:
+            return "full"
+        return perms["others_diary"]
+
+    # member
+    return "summary"
+
+
+def apply_access_filter(entry_data, access_level):
+    """Filter entry_data based on access level.
+
+    "full": no filtering
+    "summary": only project, categories, code_stats (no prompts, files, commands)
+    "none": empty dict
+    """
+    if access_level == "full":
+        return entry_data
+
+    if access_level == "none":
+        return {}
+
+    # summary mode
+    return {
+        "date": entry_data.get("date", ""),
+        "time": entry_data.get("time", ""),
+        "project": entry_data.get("project", ""),
+        "categories": entry_data.get("categories", []),
+        "code_stats": entry_data.get("code_stats"),
+        "git_info": {"branch": entry_data.get("git_info", {}).get("branch", "")} if entry_data.get("git_info") else None,
+    }