boxpositron/envsitter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reference envsitter-guard in README

Browse Source
This commit is contained in:
David Ibia
2026-01-12 16:15:19 +01:00
parent a1c53aeb5e
commit 7933e9294f
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -9,6 +9,8 @@ Safely inspect and match `.env` secrets **without ever printing values**.
- Do bulk matching (one candidate against many keys, or candidates-by-key) - Do bulk matching (one candidate against many keys, or candidates-by-key)
- Produce deterministic fingerprints for comparisons/auditing - Produce deterministic fingerprints for comparisons/auditing
Related: https://github.com/boxpositron/envsitter-guard — an OpenCode plugin that blocks agents/tools from reading or editing sensitive `.env*` files (preventing accidental secret leaks), while still allowing safe inspection via EnvSitter-style tools (keys + deterministic fingerprints; never values).
## Security model (what this tool does and does not do) ## Security model (what this tool does and does not do)
- Values are read in-process for comparisons, but **never returned** by the library API and **never printed** by the CLI. - Values are read in-process for comparisons, but **never returned** by the library API and **never printed** by the CLI.