Skip to content

fix(workspace): protect env file reads#9

Merged
eersnington merged 4 commits intomainfrom
fix/env-public-prefix
Apr 23, 2026
Merged

fix(workspace): protect env file reads#9
eersnington merged 4 commits intomainfrom
fix/env-public-prefix

Conversation

@eersnington
Copy link
Copy Markdown
Owner

@eersnington eersnington commented Apr 23, 2026

Summary

Adds env-aware WORKSPACE read behavior so .env* files are not exposed as raw file contents to guest code.

  • discovers root-level .env and .env.* files as env sources by default
  • returns filtered synthetic dotenv content for configured env sources
  • denies reads for env-like files that are not configured env sources
  • adds workspace.denyRead for extra non-env read-deny patterns
  • prevents grep from surfacing denied env/private content
  • documents the behavior in the README

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 23, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agent-container Ready Ready Preview, Comment, Open in v0 Apr 23, 2026 9:31pm

@eersnington eersnington merged commit 1690b9d into main Apr 23, 2026
6 checks passed
@eersnington eersnington deleted the fix/env-public-prefix branch April 23, 2026 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eersnington