diff --git a/atuin-client/config.toml b/atuin-client/config.toml index 1208586..d8d0ddb 100644 --- a/atuin-client/config.toml +++ b/atuin-client/config.toml @@ -73,3 +73,12 @@ # "^secret-cmd", # "^innocuous-cmd .*--secret=.+" # ] + +## prevent commands run with cwd matching any of these regexes from being written +## to history. Note that these regular expressions are unanchored, i.e. if they don't +## start with ^ or end with $, they'll match anyware in CWD. +## For details on the supported regular expression syntax, see +## https://docs.rs/regex/latest/regex/#syntax +# cwd_filter = [ +# "^/very/secret/area" +# ] diff --git a/atuin-client/src/settings.rs b/atuin-client/src/settings.rs index 0a723fb..7da8391 100644 --- a/atuin-client/src/settings.rs +++ b/atuin-client/src/settings.rs @@ -154,6 +154,8 @@ pub struct Settings { pub scroll_context_lines: usize, #[serde(with = "serde_regex", default = "RegexSet::empty")] pub history_filter: RegexSet, + #[serde(with = "serde_regex", default = "RegexSet::empty")] + pub cwd_filter: RegexSet, // This is automatically loaded when settings is created. Do not set in // config! Keep secrets and settings apart. diff --git a/atuin/src/command/client/history.rs b/atuin/src/command/client/history.rs index 4670e8c..ea68001 100644 --- a/atuin/src/command/client/history.rs +++ b/atuin/src/command/client/history.rs @@ -198,6 +198,9 @@ impl Cmd { // It's better for atuin to silently fail here and attempt to // store whatever is ran, than to throw an error to the terminal let cwd = utils::get_current_dir(); + if !cwd.is_empty() && settings.cwd_filter.is_match(&cwd) { + return Ok(()); + } let h = History::new(chrono::Utc::now(), command, cwd, -1, -1, None, None, None);