feat: block sensitive files from being read with strikethrough UI

Author: brandonkachen

cli/src/__tests__/unit/create-run-config.test.ts

@@ -0,0 +1,74 @@
+import { describe, test, expect } from 'bun:test'
+
+import { isSensitiveFile, isEnvTemplateFile } from '../../utils/create-run-config'
+
+describe('isSensitiveFile', () => {
+  test.each([
+    // Env files (blocked)
+    ['.env', true],
+    ['.env.local', true],
+    ['config/.env.production', true],
+
+    // Env templates (allowed)
+    ['.env.example', false],
+    ['.env.sample', false],
+    ['.env.template', false],
+
+    // Sensitive extensions
+    ['private.pem', true],
+    ['server.key', true],
+    ['cert.p12', true],
+    ['app.keystore', true],
+    ['server.crt', true],
+
+    // Sensitive basenames
+    ['.htpasswd', true],
+    ['.netrc', true],
+    ['credentials', true],
+    ['.npmrc', true],
+    ['.yarnrc.yml', true],
+    ['auth.json', true],
+    ['terraform.tfvars', true],
+
+    // SSH keys (prefix pattern)
+    ['id_rsa', true],
+    ['id_ed25519', true],
+    ['id_rsa_github', true],
+    ['id_rsa.pub', false], // public keys allowed
+
+    // Credentials suffix pattern
+    ['aws_credentials', true],
+    ['db_credentials', true],
+
+    // Substring patterns
+    ['kubeconfig', true],
+    ['my-kubeconfig.yaml', true],
+    ['terraform.tfstate', true],
+    ['prod.tfstate.backup', true],
+
+    // Non-sensitive (should NOT be blocked)
+    ['package.json', false],
+    ['README.md', false],
+    ['src/index.ts', false],
+    ['.envrc', false],
+    ['credentials.ts', false],
+    ['terraform.tf', false],
+    ['kube-config.ts', false],
+  ])('%s → %s', (file, expected) => {
+    expect(isSensitiveFile(file)).toBe(expected)
+  })
+})
+
+describe('isEnvTemplateFile', () => {
+  test.each([
+    ['.env.example', true],
+    ['.env.sample', true],
+    ['.env.template', true],
+    ['config/.env.example', true],
+    ['.env', false],
+    ['.env.local', false],
+    ['package.json', false],
+  ])('%s → %s', (file, expected) => {
+    expect(isEnvTemplateFile(file)).toBe(expected)
+  })
+})

cli/src/components/tools/read-files.tsx

@@ -1,12 +1,60 @@
+import { TextAttributes } from '@opentui/core'
+
+import { useTheme } from '../../hooks/use-theme'
+import {
+  isEnvTemplateFile,
+  isSensitiveFile,
+} from '../../utils/create-run-config'
 import { SimpleToolCallItem } from './tool-call-item'
 import { defineToolComponent } from './types'
 
 import type { ToolRenderConfig } from './types'
 
+function FilePathsDescription({ filePaths }: { filePaths: string[] }) {
+  const theme = useTheme()
+
+  return (
+    <>
+      {filePaths.map((fp, idx) => {
+        const isLast = idx === filePaths.length - 1
+        const separator = isLast ? '' : ', '
+
+        if (isSensitiveFile(fp)) {
+          return (
+            <span key={fp}>
+              <span fg={theme.muted} attributes={TextAttributes.STRIKETHROUGH}>
+                {fp}
+              </span>
+              <span fg={theme.muted}> (blocked)</span>
+              <span fg={theme.foreground}>{separator}</span>
+            </span>
+          )
+        }
+
+        if (isEnvTemplateFile(fp)) {
+          return (
+            <span key={fp}>
+              <span fg={theme.foreground}>{fp}</span>
+              <span fg={theme.muted}> (allowed - example only)</span>
+              <span fg={theme.foreground}>{separator}</span>
+            </span>
+          )
+        }
+
+        return (
+          <span key={fp} fg={theme.foreground}>
+            {fp}
+            {separator}
+          </span>
+        )
+      })}
+    </>
+  )
+}
+
 /**
  * UI component for read_files tool.
- * Displays all file paths as comma-separated list.
- * Does not support expand/collapse - always shows as a simple list.
+ * Displays file paths with labels for blocked/template files.
  */
 export const ReadFilesComponent = defineToolComponent({
   toolName: 'read_files',
@@ -26,9 +74,23 @@ export const ReadFilesComponent = defineToolComponent({
       return { content: null }
     }
 
+    // Check if any files need special labels
+    const hasSpecialFiles = filePaths.some(
+      (fp) => isSensitiveFile(fp) || isEnvTemplateFile(fp),
+    )
+
     return {
       content: (
-        <SimpleToolCallItem name="Read" description={filePaths.join(', ')} />
+        <SimpleToolCallItem
+          name="Read"
+          description={
+            hasSpecialFiles ? (
+              <FilePathsDescription filePaths={filePaths} />
+            ) : (
+              filePaths.join(', ')
+            )
+          }
+        />
       ),
     }
   },

cli/src/components/tools/tool-call-item.tsx

@@ -123,7 +123,8 @@ const renderExpandedContent = (
 
 interface SimpleToolCallItemProps {
   name: string
-  description: string
+  /** Description - can be a string or ReactNode for rich formatting */
+  description: string | ReactNode
   descriptionColor?: string
 }
 
@@ -142,7 +143,12 @@ export const SimpleToolCallItem = ({
         <span fg={theme.foreground} attributes={TextAttributes.BOLD}>
           {name}
         </span>
-        <span fg={descriptionColor ?? theme.foreground}> {description}</span>
+        <span fg={theme.foreground}> </span>
+        {typeof description === 'string' ? (
+          <span fg={descriptionColor ?? theme.foreground}>{description}</span>
+        ) : (
+          description
+        )}
       </text>
     </box>
   )

cli/src/utils/create-run-config.ts

@@ -1,11 +1,18 @@
+import path from 'path'
+
 import {
   createEventHandler,
   createStreamChunkHandler,
 } from './sdk-event-handlers'
 
 import type { EventHandlerState } from './sdk-event-handlers'
-import type { AgentDefinition, MessageContent, RunState } from '@codebuff/sdk'
 import type { Logger } from '@codebuff/common/types/contracts/logger'
+import type {
+  AgentDefinition,
+  FileFilter,
+  MessageContent,
+  RunState,
+} from '@codebuff/sdk'
 
 export type CreateRunConfigParams = {
   logger: Logger
@@ -18,6 +25,70 @@ export type CreateRunConfigParams = {
   signal: AbortSignal
 }
 
+const SENSITIVE_EXTENSIONS = new Set([
+  '.pem',
+  '.key',
+  '.p12',
+  '.pfx',
+  '.jks',
+  '.keystore',
+  '.crt',
+  '.cer',
+])
+const SENSITIVE_BASENAMES = new Set([
+  '.htpasswd',
+  '.netrc',
+  'credentials',
+  '.npmrc',
+  '.yarnrc',
+  '.yarnrc.yml',
+  'auth.json',
+  '.pypirc',
+  'terraform.tfvars',
+  '.terraformrc',
+])
+
+// Pattern matches (grouped by match type)
+const SENSITIVE_PATTERNS = {
+  prefix: ['id_rsa', 'id_ed25519', 'id_dsa', 'id_ecdsa'], // SSH private keys
+  suffix: ['_credentials'],
+  substring: ['kubeconfig', '.tfstate'],
+}
+
+const isEnvFile = (basename: string) =>
+  (basename === '.env' || basename.startsWith('.env.')) &&
+  !isEnvTemplateFile(basename)
+
+const matchesPattern = (str: string) =>
+  SENSITIVE_PATTERNS.prefix.some(
+    (p) => str.startsWith(p) && !str.endsWith('.pub'),
+  ) ||
+  SENSITIVE_PATTERNS.suffix.some((s) => str.endsWith(s)) ||
+  SENSITIVE_PATTERNS.substring.some((sub) => str.includes(sub))
+
+const ENV_TEMPLATE_SUFFIXES = ['.env.example', '.env.sample', '.env.template']
+
+export const isEnvTemplateFile = (filePath: string) =>
+  ENV_TEMPLATE_SUFFIXES.some((suffix) =>
+    path.basename(filePath).endsWith(suffix),
+  )
+
+/**
+ * Check if a file is a sensitive file that should be blocked from reading.
+ */
+export function isSensitiveFile(filePath: string): boolean {
+  const basename = path.basename(filePath)
+  const basenameLower = basename.toLowerCase()
+  const ext = path.extname(filePath).toLowerCase()
+
+  return (
+    isEnvFile(basename) ||
+    SENSITIVE_EXTENSIONS.has(ext) ||
+    SENSITIVE_BASENAMES.has(basename) ||
+    matchesPattern(basenameLower)
+  )
+}
+
 export const createRunConfig = (params: CreateRunConfigParams) => {
   const {
     logger,
@@ -40,5 +111,10 @@ export const createRunConfig = (params: CreateRunConfigParams) => {
     handleStreamChunk: createStreamChunkHandler(eventHandlerState),
     handleEvent: createEventHandler(eventHandlerState),
     signal: params.signal,
+    fileFilter: ((filePath: string) => {
+      if (isSensitiveFile(filePath)) return { status: 'blocked' }
+      if (isEnvTemplateFile(filePath)) return { status: 'allow-example' }
+      return { status: 'allow' }
+    }) satisfies FileFilter,
   }
 }

common/src/old-constants.ts

@@ -57,7 +57,8 @@ export const ONE_TIME_LABELS = [
 
 export const FILE_READ_STATUS = {
   DOES_NOT_EXIST: '[FILE_DOES_NOT_EXIST]',
-  IGNORED: '[FILE_IGNORED_BY_GITIGNORE_OR_CODEBUFF_IGNORE]',
+  IGNORED: '[BLOCKED]',
+  TEMPLATE: '[TEMPLATE]',
   OUTSIDE_PROJECT: '[FILE_OUTSIDE_PROJECT]',
   TOO_LARGE: '[FILE_TOO_LARGE]',
   ERROR: '[FILE_READ_ERROR]',