fix(security): protect .docker, .azure, and .config/gh from read and write

2026-05-29 06:31:32 +00:00 · 2026-03-31 21:08:06 +03:00 · 2026-03-31 21:08:06 +03:00 · 655eea2db8
commit 655eea2db8
parent c94a5fa1b2
2 changed files with 4 additions and 1 deletions
--- a/agent/context_references.py
+++ b/agent/context_references.py
@ -17,7 +17,7 @@ REFERENCE_PATTERN = re.compile(
    r"(?<![\w/])@(?:(?P<simple>diff|staged)\b|(?P<kind>file|folder|git|url):(?P<value>\S+))"
 )
 TRAILING_PUNCTUATION = ",.;!?"
-_SENSITIVE_HOME_DIRS = (".ssh", ".aws", ".gnupg", ".kube")
+_SENSITIVE_HOME_DIRS = (".ssh", ".aws", ".gnupg", ".kube", ".docker", ".azure")
 _SENSITIVE_HERMES_DIRS = (Path("skills") / ".hub",)
 _SENSITIVE_HOME_FILES = (
    Path(".ssh") / "authorized_keys",