From a86aafc7c0f96df38df321ed90163368e767d246 Mon Sep 17 00:00:00 2001
From: Sviataslau Svirydau <sviataslau_svirydau@epam.com>
Date: Thu, 12 Mar 2026 20:23:04 +0700
Subject: [PATCH 1/2] fix(agents): warn when settings.json env vars override
 CodeMie profile settings

Detect env vars in ~/.claude/settings.json that conflict with CodeMie's
envMapping (ANTHROPIC_BASE_URL, ANTHROPIC_AUTH_TOKEN, ANTHROPIC_MODEL, etc.)
and emit a clear warning before launching claude, so users know why their
CodeMie profile settings are being silently overridden.

Generated with AI

Co-Authored-By: codemie-ai <codemie.ai@gmail.com>
---
 src/agents/plugins/claude/claude.plugin.ts | 35 ++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/src/agents/plugins/claude/claude.plugin.ts b/src/agents/plugins/claude/claude.plugin.ts
index 1808cb9d..d8337824 100644
--- a/src/agents/plugins/claude/claude.plugin.ts
+++ b/src/agents/plugins/claude/claude.plugin.ts
@@ -227,6 +227,41 @@ export const ClaudePluginMetadata: AgentMetadata = {
         }
       }
 
+      // Warn if settings.json contains env vars that will override CodeMie's profile settings
+      {
+        const { readFile } = await import('fs/promises');
+        const { existsSync } = await import('fs');
+        const { join } = await import('path');
+
+        const settingsPath = join(resolveHomeDir('.claude'), 'settings.json');
+
+        if (existsSync(settingsPath)) {
+          try {
+            const raw = await readFile(settingsPath, 'utf-8');
+            const settings = JSON.parse(raw) as Record<string, unknown>;
+            const settingsEnv = settings.env as Record<string, string> | undefined;
+
+            if (settingsEnv && typeof settingsEnv === 'object') {
+              // Collect all env var names from envMapping
+              const mappedVars = Object.values(ClaudePluginMetadata.envMapping ?? {}).flat();
+              const conflicts = Object.keys(settingsEnv).filter(k => mappedVars.includes(k));
+
+              if (conflicts.length > 0) {
+                console.warn(chalk.yellow('\n⚠️  Warning: ~/.claude/settings.json contains env vars that will override CodeMie profile settings:'));
+                for (const key of conflicts) {
+                  console.warn(chalk.yellow(`   - ${key}: "${settingsEnv[key]}"`));
+                }
+                console.warn(chalk.yellow('   These settings.json values take precedence over your CodeMie profile.'));
+                console.warn(chalk.yellow('   Remove them from ~/.claude/settings.json to allow CodeMie to control these settings.\n'));
+                logger.warn('[Claude] settings.json env conflict detected', ...sanitizeLogArgs({ conflicts }));
+              }
+            }
+          } catch {
+            // Silently ignore parse errors - already handled in statusLine block if applicable
+          }
+        }
+      }
+
       return env;
     },
 

From b06d2254d1aac61ce561c60eccb0c7608deb3522 Mon Sep 17 00:00:00 2001
From: Sviataslau Svirydau <sviataslau_svirydau@epam.com>
Date: Thu, 12 Mar 2026 20:35:11 +0700
Subject: [PATCH 2/2] fix(agents): mask sensitive env var values in
 settings.json conflict warning

Prevent credential leakage by masking values for env vars containing:
TOKEN, KEY, SECRET, PASSWORD, AUTH (case-insensitive).

These display as ***REDACTED*** instead of showing the actual value.

Generated with AI

Co-Authored-By: codemie-ai <codemie.ai@gmail.com>
---
 src/agents/plugins/claude/claude.plugin.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/agents/plugins/claude/claude.plugin.ts b/src/agents/plugins/claude/claude.plugin.ts
index d8337824..a65ec062 100644
--- a/src/agents/plugins/claude/claude.plugin.ts
+++ b/src/agents/plugins/claude/claude.plugin.ts
@@ -247,9 +247,17 @@ export const ClaudePluginMetadata: AgentMetadata = {
               const conflicts = Object.keys(settingsEnv).filter(k => mappedVars.includes(k));
 
               if (conflicts.length > 0) {
+                // Detect sensitive keys that should have their values masked
+                const sensitiveKeyPatterns = ['TOKEN', 'KEY', 'SECRET', 'PASSWORD', 'AUTH'];
+                const isSensitive = (key: string) =>
+                  sensitiveKeyPatterns.some(pattern => key.toUpperCase().includes(pattern));
+
                 console.warn(chalk.yellow('\n⚠️  Warning: ~/.claude/settings.json contains env vars that will override CodeMie profile settings:'));
                 for (const key of conflicts) {
-                  console.warn(chalk.yellow(`   - ${key}: "${settingsEnv[key]}"`));
+                  const value = settingsEnv[key];
+                  // Mask sensitive values to prevent credential leakage
+                  const displayValue = isSensitive(key) ? '***REDACTED***' : `"${value}"`;
+                  console.warn(chalk.yellow(`   - ${key}: ${displayValue}`));
                 }
                 console.warn(chalk.yellow('   These settings.json values take precedence over your CodeMie profile.'));
                 console.warn(chalk.yellow('   Remove them from ~/.claude/settings.json to allow CodeMie to control these settings.\n'));