Thank you very much!!
I am conflicted on this because blocking AI innately causes it to develop around best practices. Eventually you have to make it aware of the .env file, not what is in it, but where it is etc. This is a vuln outside AI capability, but I guarantee you won’t get a response giving you the dignity of understanding that. No one wants to itemize any behavior or info flow in the age of agentic AI. If we could be convinced the conversations aren’t stored somewhere for later, which we cannot due to poor misbehavior by providers, this is a non issue. .env.local is secure with precaution. Doubt anyone at this company has the skillset to speak on it.