Archon

Elgato_dark/Archon

Fork 0

mirror of https://github.com/coleam00/Archon synced 2026-04-21 21:47:53 +00:00

Commit graph

Author	SHA1	Message	Date
Rasmus Widing	a1e8a16b82	fix(env): detect and refuse target-repo .env with sensitive keys (#1036 ) * fix(env): detect and refuse target-repo .env with sensitive keys (#1034) Bun auto-loads .env from subprocess CWD regardless of the clean env passed to Bun.spawn, silently overriding OAuth auth and billing the wrong API account. This adds a consent-based gate at registration time and a pre-spawn safety net in both Claude and Codex clients. Changes: - Add env-leak-scanner utility that checks 6 auto-loaded .env filenames for 7 sensitive keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.) - Add allow_env_keys boolean column to codebases table (migration 021) - Gate registerRepoAtPath to reject codebases with sensitive .env keys unless explicitly consented via allowEnvKeys flag - Add pre-spawn check in ClaudeClient and CodexClient sendQuery methods - Return 422 from POST /api/codebases on env leak detection - Surface env leak error in web UI with "Allow env keys" checkbox - Classify EnvLeakError as FATAL in workflow executor Fixes #1034 * fix: address review findings for env leak scanner PR - Fix FATAL_PATTERNS 'env leak' pattern that never matched EnvLeakError.message; now checks error.name === 'EnvLeakError' directly (immune to message rewording) - Fix pre-spawn consent lookup for worktree paths: add findCodebaseByPathPrefix() and use it as fallback when exact match returns null; prevents opt-in from being silently ineffective for workflow-based runs - Add allow_env_keys column to 000_combined.sql CREATE TABLE and idempotent ALTER section to fix fresh PostgreSQL installs - Remove non-existent --allow-env-keys CLI flag from error message; replace with web UI-only instruction - Narrow isEnvLeakError check from error.message.includes('env') to startsWith('Cannot add codebase') - Distinguish ENOENT (skip) from EACCES/other errors in scanner catch block; unreadable files now surface as findings to avoid silently bypassing the gate - Use cross-platform grep command instead of macOS-specific sed -i '' syntax - Add audit log (log.warn) when 422 EnvLeakError is returned from API - Add pre-spawn gate tests to claude.test.ts and codex.test.ts (4 tests each) - Add env leak gate tests to clone.test.ts (2 tests) - Add 422 and allowEnvKeys passthrough tests to api.codebases.test.ts * simplify: reduce complexity in changed files	2026-04-08 09:43:47 +03:00

Author

SHA1

Message

Date

Rasmus Widing

a1e8a16b82

fix(env): detect and refuse target-repo .env with sensitive keys (#1036 )

* fix(env): detect and refuse target-repo .env with sensitive keys (#1034)

Bun auto-loads .env from subprocess CWD regardless of the clean env
passed to Bun.spawn, silently overriding OAuth auth and billing the
wrong API account. This adds a consent-based gate at registration time
and a pre-spawn safety net in both Claude and Codex clients.

Changes:
- Add env-leak-scanner utility that checks 6 auto-loaded .env filenames
  for 7 sensitive keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.)
- Add allow_env_keys boolean column to codebases table (migration 021)
- Gate registerRepoAtPath to reject codebases with sensitive .env keys
  unless explicitly consented via allowEnvKeys flag
- Add pre-spawn check in ClaudeClient and CodexClient sendQuery methods
- Return 422 from POST /api/codebases on env leak detection
- Surface env leak error in web UI with "Allow env keys" checkbox
- Classify EnvLeakError as FATAL in workflow executor

Fixes #1034

* fix: address review findings for env leak scanner PR

- Fix FATAL_PATTERNS 'env leak' pattern that never matched EnvLeakError.message;
  now checks error.name === 'EnvLeakError' directly (immune to message rewording)
- Fix pre-spawn consent lookup for worktree paths: add findCodebaseByPathPrefix()
  and use it as fallback when exact match returns null; prevents opt-in from
  being silently ineffective for workflow-based runs
- Add allow_env_keys column to 000_combined.sql CREATE TABLE and idempotent ALTER
  section to fix fresh PostgreSQL installs
- Remove non-existent --allow-env-keys CLI flag from error message; replace with
  web UI-only instruction
- Narrow isEnvLeakError check from error.message.includes('env') to startsWith('Cannot add codebase')
- Distinguish ENOENT (skip) from EACCES/other errors in scanner catch block;
  unreadable files now surface as findings to avoid silently bypassing the gate
- Use cross-platform grep command instead of macOS-specific sed -i '' syntax
- Add audit log (log.warn) when 422 EnvLeakError is returned from API
- Add pre-spawn gate tests to claude.test.ts and codex.test.ts (4 tests each)
- Add env leak gate tests to clone.test.ts (2 tests)
- Add 422 and allowEnvKeys passthrough tests to api.codebases.test.ts

* simplify: reduce complexity in changed files

2026-04-08 09:43:47 +03:00

1 commit