beta
agex-communityagex-community/env-guard-hook

Env Guard — Protect Sensitive Files

Hooks

Prevents agents from reading or editing .env files and other sensitive configuration.

2103/26/2026
Config CardFiles1IssuesVersionsv1
Env Guard — Protect Sensitive Files/Versions/v1

Version 1

Published

Initial version

Created 3/26/2026

Initial version — no previous version to compare

Hook Script
{
  "PreToolUse": [
    {
      "matcher": "Read|Write|Edit",
      "hooks": [
        {
          "type": "command",
          "command": "FILE=$(jq -r '.tool_input.file_path // .tool_input.path // empty'); if echo "$FILE" | grep -qE '(\.env$|\.env\.|credentials|secrets|private.*key)'; then echo 'BLOCKED: Attempted to access sensitive file: '$FILE; exit 1; fi; exit 0"
        }
      ]
    }
  ]
}