DEV Community: dani.wam 🏴‍☠️ ⓦ

Every AI coding agent you use has already read your production secrets.

dani.wam 🏴‍☠️ ⓦ — Wed, 18 Mar 2026 13:40:54 +0000

Not might have. Has.

If you've given any AI coding tool access to your filesystem — Cursor, Claude Code, Copilot, Codex, Windsurf — it has read your .env file. The one with your real Stripe live key. Your production database URL with actual credentials. Your AWS secret key. Your JWT signing secret.

It read them because that's what it does. AI agents scan your project directory to understand your codebase. Every file is context. .env is just another file.

This isn't a bug. It's the feature.

The agent didn't exploit a vulnerability. You gave it file access because without it, the agent is useless. It can't understand your code without reading your project. And your project includes .env.
So your STRIPE_SECRET_KEY=sk_live_4eC39HqLyjWDarjtT1zdp7dc got scooped up as context, packaged into an API request, and sent over the wire to the AI provider's servers. It's in their logs now. Maybe in their caches. You have no idea how long it persists or who has access to it on their end.

And this happens on every prompt. Every time you ask the agent a question, every time it re-indexes your project, every time it builds context for a response — your secrets go over the wire again.
The damage is real and permanent

A leaked sk_live_ Stripe key can process charges on your account. A leaked database URL gives direct access to user data — names, emails, payment info. A leaked AWS key can spin up resources on your bill or access S3 buckets with customer files.

And if you're in crypto — if your .env has private keys, wallet mnemonics, or RPC endpoints with auth tokens — a leak means irreversible loss of funds. No chargebacks. No customer support.
Gone.

By the time you notice and rotate the key, the window has been open for weeks. Maybe months. You don't even know when the first read happened.

Everything you think protects you doesn't
".gitignore protects my .env" — .gitignore prevents git commits. AI agents don't read through git. They read from your filesystem. cat .env works regardless of .gitignore.
"I use a secret manager" — Vault, Infisical, Doppler protect production infrastructure. Locally, your app still needs process.env.STRIPE_KEY to run. The secret manager pulls the real value down to your machine. Now it's in a .env file on disk. Agent reads it.

"I run the agent in a sandbox" — If the agent can't read your files, it can't help you code. The sandbox kills the productivity gain that's the entire reason you're using AI.

"The AI provider says they don't use my data for training" — Maybe. But your secrets still sit in context windows, in API logs, in cache layers, on infrastructure you don't control. "We don't train on it" doesn't mean "it doesn't exist on our servers."

Nothing in the current toolchain addresses this. Your production servers have layers of security. Your laptop — where you actually write code every day — has none.

Cloak: make the .env file itself the defense
I kept looking for a tool that solves this. Nothing existed. So I built one.

Cloak does something simple: your .env file on disk always contains fake credentials. Not REDACTED — that breaks your code. Structurally valid fakes that look right and work with your linters and parsers:

What agents read from disk:

STRIPE_SECRET_KEY=sk_test_cloak_sandbox_000000000000
DATABASE_URL=postgres://dev:dev@localhost:5432/devdb
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE

The agent reads these, understands your code structure, writes perfectly valid code against them. It doesn't know they're fake. It doesn't need to know.

When YOU open .env in VS Code or Cursor, the Cloak extension decrypts your vault and shows the real values. You edit normally. You save — the extension encrypts to the vault and writes fakes back to disk.
When your app needs to run, cloak run npm start injects real environment variables — gated behind Touch ID on Mac or a password on Linux/Windows. An AI agent can't provide a fingerprint. An AI agent can't type a password into an interactive prompt. That's the boundary.

The recovery question
"What if I lose access to my vault?"
During setup, Cloak shows you a recovery key — CLOAK-8f2a-b9c1-d4e5-f6a7-b8c9-d0e1. You save it in your password manager or write it on paper. If your system keychain gets wiped, this key restores everything.
No plaintext backup files sitting on disk for agents to find. The recovery key exists in your brain or your 1Password. An AI agent can't read either.
What this means for you right now
Your .env file is exposed. Today. Right now. Every AI agent you've used has already read it.
You can fix this in 10 seconds:
bash

Install

curl -fsSL https://getcloak.dev/install.sh | sh

Protect

cloak init
Or install the VS Code / Cursor extension — it detects unprotected .env files automatically and walks you through protection with one click.
Open source. MIT licensed. Zero cloud. Zero AI inside the tool. Your secrets never leave your machine.
getcloak.dev

I'm Dani — I've been building gaming and blockchain companies since 2007, focused on agentic first gaming with crypto rails. I built Cloak because my own .env files had wallet keys and payment credentials that AI agents were reading every day. Find me on X as @dani_wam.

I spent 17 years building gaming platforms. Every morning I still fought my local dev environment

dani.wam 🏴‍☠️ ⓦ — Mon, 16 Mar 2026 21:52:13 +0000

I've been building gaming startups since 2007. Shipped over 8000 games across four companies. Built infrastructure that handled millions of users.

And every single morning, I opened 6 terminal tabs (when lucky), typed the same start commands, forgot which port was which, got "address already in use" because yesterday's processes didn't die, and spent 10 minutes unfucking my setup before writing a single line of code.

The breaking point

Last month I needed to work on three projects simultaneously. WAM's API and frontend, the backend, ai endpoints and testing tools. That's 7 services across 3 projects.

My setup: MAMP Pro ($100/year) for some of it, manually edited nginx configs for the rest, mkcert for SSL because one project needed HTTPS callbacks, and a sticky note on my monitor with port numbers.

MAMP crashed. Again. nginx was hanging. Again. I killed it, restarted, realized it was still holding port 443, ran lsof -i :443, found a zombie process from three days ago, killed that too.

I looked at the clock. 25 minutes gone. Haven't written a single line of code.

That was the last time. Nail to the coffin moment.

What I built

run.dev — a terminal tool that does one thing: makes your local dev environment not suck.

You point it at a folder. It scans for package.json, Cargo.toml, go.mod, whatever's there. It figures out your services, suggests start commands, assigns ports. You get local domains with HTTPS. Everything shows up in one dashboard.

That's it. No Docker. No config files. No YAML. No accounts. No cloud. One binary.

curl -fsSL https://getrun.dev/install.sh | bash

The part that makes people screenshot their terminal

When something crashes, instead of a stack trace, you get:

💀 bro, api is ded. port 4000 is already taken.
   i know what's wrong. press [f] to fix it

Or:

🤒 got the flu — backend can't reach localhost:6379.
   is redis running? press [s] on it to start it

The dashboard shows moods based on your stack's health:

😎 vibing — everything green
🤒 got the flu — something's down
💀 flatlined — everything is down
😮‍💨 close call — just auto-recovered

I didn't plan for this to be the feature that people care about most. But it turns out developers really like it when their tools talk to them like a human instead of vomiting error codes.

How it actually works (the interesting parts)

The reverse proxy uses SNI-based routing. When a TLS connection comes in, the tool reads the hostname from the ClientHello before the HTTP request arrives, picks the right certificate, and routes to the right port. All in Rust, using rustls. No nginx, no Caddy, no config files.

SSL certificates are generated in pure Rust with rcgen. On first run, it creates a local CA, adds it to your system trust store, and signs certs for each local domain on the fly. Zero external dependencies. You get green padlock in the browser without installing anything.

Process management handles the thing that drives everyone insane: zombie processes. When you stop a service, it doesn't just kill the parent PID — it kills the entire process group. npm run dev spawns node, which spawns webpack, which spawns watchers. You need to kill the whole tree. Then it verifies the port is actually free before reporting "stopped." Because TIME_WAIT is real.

Crash detection parses stderr against common patterns:

EADDRINUSE → find and kill the PID holding the port
Cannot find module → suggest npm install
ECONNREFUSED → cross-reference against your other services
Unknown errors → optionally send to Claude Code for deeper diagnosis

The AI part (and why it's optional)

I integrated Claude Code as the diagnostic brain. When the template-based error matching can't figure out what happened, Claude reads the stderr and explains it in plain English.

But here's the thing — it's optional. Disabled by default. Works perfectly without it. I use AI tools daily (I'm literally building AI-native companies), but I hate when tools force an AI dependency that isn't needed.

90% of crashes are the same 5 problems. A regex handles those fine. Claude is there for the 10% that are actually weird.

Why I open sourced it

I've been in the startup game long enough to know the difference between a product and a tool. This is a tool. It solves a problem that every developer has. The value isn't in keeping it proprietary — it's in getting it into as many hands as possible.

MIT licensed. Single Rust binary. Source on GitHub.

If you've ever wasted 20 minutes fighting your local dev environment before your first coffee, give it a try. Takes 30 seconds to install, and you'll know immediately if it's for you.

curl -fsSL https://getrun.dev/install.sh | bash

I'm Dani — I build gaming and blockchain companies (WAM. I'm on X as @dani_wam if you want to talk about dev tools, gaming, or AI agents.