Skip to content

Commit 77ff215

Browse files
jacekradkojacekradko
authored
chore(repo): Add AI agent security protections for sensitive files (#7580)
1 parent 04c6245 commit 77ff215

File tree

5 files changed

+75
-0
lines changed

5 files changed

+75
-0
lines changed

.changeset/quick-breads-follow.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
---
2+
---

.claude/settings.json

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
{
2+
"disableBypassPermissionsMode": true,
3+
"permissions": {
4+
"deny": [
5+
"Read(./.env)",
6+
"Read(./.env.*)",
7+
"Read(./secrets/**)",
8+
"Read(./**/credentials.json)",
9+
"Read(./**/*.pem)",
10+
"Read(./**/*.key)",
11+
"Read(./**/.keys.json)",
12+
"Edit(./.env)",
13+
"Edit(./.env.*)",
14+
"Edit(./secrets/**)",
15+
"Edit(./**/credentials.json)",
16+
"Edit(./**/*.pem)",
17+
"Edit(./**/*.key)",
18+
"Edit(./**/.keys.json)",
19+
"Bash(cat .env:*)",
20+
"Bash(cat **/credentials.json:*)",
21+
"Bash(cat **/*.pem:*)",
22+
"Bash(cat **/*.key:*)",
23+
"Bash(cat secrets/**:*)",
24+
"Bash(cat **/.keys.json:*)"
25+
]
26+
}
27+
}

.cursorignore

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# AI Agent Security - Sensitive Files
2+
# These files should never be read by AI tools to prevent
3+
# accidental exposure of secrets to AI service providers.
4+
5+
# Environment files
6+
.env
7+
.env.*
8+
9+
# Secrets directory
10+
secrets/
11+
12+
# Credentials
13+
**/credentials.json
14+
15+
# Private keys
16+
**/*.pem
17+
**/*.key
18+
19+
# Integration keys
20+
**/.keys.json

.geminiignore

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
# AI Agent Security - Sensitive Files
2+
# These files should never be read by AI tools to prevent
3+
# accidental exposure of secrets to AI service providers.
4+
#
5+
# NOTE: Gemini CLI may still read these files if explicitly instructed.
6+
# See: https://github.com/google-gemini/gemini-cli/issues/13385
7+
8+
# Environment files
9+
.env
10+
.env.*
11+
12+
# Secrets directory
13+
secrets/
14+
15+
# Credentials
16+
**/credentials.json
17+
18+
# Private keys
19+
**/*.pem
20+
**/*.key
21+
22+
# Integration keys
23+
**/.keys.json

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,3 +104,6 @@ scripts/.env
104104

105105
# Personal Claude prompt
106106
CLAUDE.local.md
107+
108+
# Claude Code local settings (user-specific permissions)
109+
.claude/settings.local.json

0 commit comments

Comments
 (0)