Problem
block-env-files and protect-env-vars incorrectly block legitimate commands that mention .env or export inside quoted argument values:
gh pr create --body "don't commit .env files" → incorrectly blockedgit commit -m "export PATH changes" → incorrectly blockedecho "copy .env.example to .env" → incorrectly blocked- Read
.env.example (committed template) → incorrectly blocked
The regexes matched the full command string including quoted content.
Root cause
No quote stripping before regex matching. Policy sees the full string including argument values.
Affected policies
block-env-filesprotect-env-vars
Problem
block-env-filesandprotect-env-varsincorrectly block legitimate commands that mention.envorexportinside quoted argument values:gh pr create --body "don't commit .env files"→ incorrectly blockedgit commit -m "export PATH changes"→ incorrectly blockedecho "copy .env.example to .env"→ incorrectly blocked.env.example(committed template) → incorrectly blockedThe regexes matched the full command string including quoted content.
Root cause
No quote stripping before regex matching. Policy sees the full string including argument values.
Affected policies
block-env-filesprotect-env-vars