last week cursor decided no matter what setting I had, it was going to read and find all .env var. Even with gitignore and cursorignore files, the agent ran command after command until it grepped the api string it knew to look for.
- yes I rotated my keys
- yes I know to use prod keys and dev keys
- yes I stopped the agent in the chat instance
- yes I have the agent running pretty fast sometimes
- no, the agent should never be allowed to grep keys just because it knows that specific key would starts with xboyb- or whatever.
However, what is the point of the ignore files if they aren’t ignored. The agent is smart enough to know how to find the files and keys if it really wants to, so the allowed commands list is sort of ■■■■, I mean I would have an allow list a mile long for all the basic functions. The previous disallow list seemed to work fine for a long time, then it changed and is now deprecated.
I think that .env files should be a standard blocked file across the board. Agents can easily use the .env.example and generate examples if it want’s to show what needs placed into .env but at no point should I need to worry about getting an email saying my api key was leaked due to a cursor agent grep or cat my dotfiles.