Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

I’m seeing cursor attempt to autocomplete in my .env file, including usernames and tokens, and this seems like a security issue.

Steps to Reproduce

Open env file with some next/sanity ENV var template like this:

Defaults, used by ./intro-template and can be deleted if the component is removed

NEXT_PUBLIC_VERCEL_GIT_REPO_OWNER=“sanity-io”
NEXT_PUBLIC_VERCEL_GIT_PROVIDER=“github”
NEXT_PUBLIC_VERCEL_GIT_REPO_SLUG=“nextjs-personal-website-cms-sanity-v3”

Required, find them on https://manage.sanity.io

NEXT_PUBLIC_SANITY_PROJECT_ID=
NEXT_PUBLIC_SANITY_DATASET=
SANITY_API_READ_TOKEN=

Optional, useful if you plan to add API functions that can write to your dataset your dataset

SANITY_API_WRITE_TOKEN=

Optional, can be used to change the Studio title in the navbar and differentiate between production and staging environments for your editors

NEXT_PUBLIC_SANITY_PROJECT_TITLE=“Next.js Personal Website with Sanity.io”

see that cursor attempts to tab complete repo owner, sanity API read token, etc.

Expected Behavior

Cursor does not tab complete environment variables

Screenshots / Screen Recordings

Operating System

MacOS

Version Information

IDE Version: 2.4.21

For AI issues: which model did you use?

I have Opus 4.5 selected in chat, not sure if this is being used for autocomplete

Does this stop you from using Cursor

No - Cursor works, but with this issue

Hey @Meredith_Lampe!

You should be able to configure .env to be ignored by adding a .cursorignore to your project.

The docs reference a global cursorignore file – there have been some changes around this in the latest release (not yet reflected in the docs) that I’m following up on.

Don’t you think that introducing breaking changes without backward compatibility — and without notifying users or updating the documentation — isn’t a great practice?