From 655eea2db88e3da31bb7655ffefe291b7abcc24b Mon Sep 17 00:00:00 2001
From: maymuneth <utangacmymn@email.com>
Date: Tue, 31 Mar 2026 21:08:06 +0300
Subject: [PATCH] fix(security): protect .docker, .azure, and .config/gh from
 read and write

---
 agent/context_references.py | 2 +-
 tools/file_operations.py    | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/agent/context_references.py b/agent/context_references.py
index 09ba982df..d0985605d 100644
--- a/agent/context_references.py
+++ b/agent/context_references.py
@@ -17,7 +17,7 @@ REFERENCE_PATTERN = re.compile(
     r"(?<![\w/])@(?:(?P<simple>diff|staged)\b|(?P<kind>file|folder|git|url):(?P<value>\S+))"
 )
 TRAILING_PUNCTUATION = ",.;!?"
-_SENSITIVE_HOME_DIRS = (".ssh", ".aws", ".gnupg", ".kube")
+_SENSITIVE_HOME_DIRS = (".ssh", ".aws", ".gnupg", ".kube", ".docker", ".azure")
 _SENSITIVE_HERMES_DIRS = (Path("skills") / ".hub",)
 _SENSITIVE_HOME_FILES = (
     Path(".ssh") / "authorized_keys",
diff --git a/tools/file_operations.py b/tools/file_operations.py
index 96bdc2d53..d0e3ad3c8 100644
--- a/tools/file_operations.py
+++ b/tools/file_operations.py
@@ -71,6 +71,9 @@ WRITE_DENIED_PREFIXES = [
         os.path.join(_HOME, ".kube"),
         "/etc/sudoers.d",
         "/etc/systemd",
+        os.path.join(_HOME, ".docker"),
+        os.path.join(_HOME, ".azure"),
+        os.path.join(_HOME, ".config", "gh"),
     ]
 ]