Trust Folder

# vectora.config.yaml
project:
  trust_folder: "." # Padrão: raiz do projeto

project:
  trust_folder: "./src" # APENAS ./src

# Ou múltiplas pastas
project:
  trust_folders:
    - "./src"
    - "./docs"
    - "./packages"
    # NÃO incluido: ./node_modules, ./build, ./.env

# Relativo (recomendado)
trust_folder: "./src"
# Resolvido para: /current/working/dir/src

# Absoluto (permitido)
trust_folder: "/home/user/myproject/src"

# Variable expansion
trust_folder: "${PROJECT_ROOT}/src"
# Resolvido via environment variables

Trust Folder: ./src
File Requested: ./src/auth/login.ts

Resolução:
1. ./src/auth/login.ts → /absolute/path/to/src/auth/login.ts
2. Is /absolute/path/to/src/auth/login.ts dentro de /absolute/path/to/src?
3. SIM → Permitido

Trust Folder: ./src
File Requested: ../../../.env

Resolução:
1. Normaliza: ../../../.env → /absolute/path/.env
2. Is /absolute/path/.env dentro de /absolute/path/to/src?
3. NÃO → BLOQUEADO
text
Trust Folder: ./src
File Requested: ./src/../../.env

Resolução:
1. Normaliza: ./src/../../.env → /absolute/path/.env
2. Is /absolute/path/.env dentro de /absolute/path/to/src?
3. NÃO → BLOQUEADO

project/
├── packages/
│ ├── backend/
│ │ ├── src/
│ │ └── docs/
│ └── frontend/
│ ├── src/
│ └── docs/
├── shared/
└── .env (SENSÍVEL)

# Para backend
project:
  trust_folders:
    - "./packages/backend/src"
    - "./packages/backend/docs"
    - "./shared"

# Para frontend
project:
  trust_folders:
    - "./packages/frontend/src"
    - "./packages/frontend/docs"
    - "./shared"

docs-website/
├── content/ ← Público
│ ├── getting-started/
│ └── api-reference/
├── src/ ← Código do site (config, templates)
├── private/ ← Rascunhos privados (SENSÍVEL)
└── .env

project:
  trust_folders:
    - "./content"
    - "./src"
  # private/ e .env são inaccessíveis

project:
  trust_folder: "./sanitized"
# Antes de rodar, copie APENAS o que é permitido:
# mkdir sanitized
# cp -r src/ sanitized/
# cp -r docs/ sanitized/
# vectora init --trust-folder ./sanitized

guardian:
  rules:
    - name: "block_env_files"
      pattern: "\.env.*"
      action: "block"

    - name: "block_secrets"
      pattern: "secrets/"
      action: "block"

    - name: "allow_only_src_docs"
      pattern: "^(src|docs)/.*"
      action: "allow"

VECTORA_AUDIT_LOG=true
VECTORA_LOG_LEVEL=debug

{
  "timestamp": "2026-04-19T14:32:00Z",
  "event": "file_access_attempt",
  "path": "../../../.env",
  "normalized_path": "/home/user/.env",
  "trust_folder": "/home/user/project/src",
  "result": "DENIED",
  "reason": "outside_trust_folder"
}

vectora audit --since 24h --filter "DENIED"
# Mostra todas as tentativas bloqueadas

vectora audit --filter "file_access" | jq '.[] | {path, result}'

# LLM pede (ou usuário injeta)
vectora search --file "../../.env"
# Resultado: .env é lido VULNERABILITY

vectora search --file "../../.env"
# Resolução: /project/.env (fora de /project/src)
# Resultado: BLOQUEADO SAFE

project/src/link → ../../sensitive/secrets.yml

Usuário: "Meu código importa de 'os.system'.
         Busque em ../../../../etc/passwd"

LLM (sem Trust Folder):
"Encontrei isso em /etc/passwd: root:x:0:0:..."

LLM (com Trust Folder):
"Não posso acessar /etc/passwd - fora do trust folder"

CI/CD runner executa: vectora index
Indices: /home/runner/secrets.json (com API keys!)
Vectora Cloud sync: secrets.json é enviado
Resultado: Keys expostas

CI/CD runner executa: vectora index --trust-folder ./src
Indices: APENAS ./src/
Resultado: secrets.json ignorado

# 1. Config
vectora config get trust_folder
# Output: ./src

# 2. List arquivos indexados
vectora index --list-files | head -20
# Verifica: todos começam com ./src?

# 3. Dry-run de path denied
vectora index --try-path "../.env" --dry-run
# Output: ERROR: outside_trust_folder

#!/bin/bash
# audit-trust-folder.sh

echo "=== Trust Folder Security Audit ==="

# 1. Check config
TRUST=$(vectora config get trust_folder)
echo "Trust Folder: $TRUST"

# 2. List all indexed files
INDEXED=$(vectora index --list-files)
OUTSIDE=$(echo "$INDEXED" | grep -v "^${TRUST}" | wc -l)

if [ "$OUTSIDE" -gt 0 ]; then
  echo " FAIL: $OUTSIDE files outside trust folder"
  exit 1
fi

# 3. Try access sensitive files
SENSITIVE=(".env" ".secrets" "*.pem" "*.key")
for pattern in "${SENSITIVE[@]}"; do
  FOUND=$(vectora search --file "*/$pattern" 2>&1 | grep "outside_trust_folder" | wc -l)
  if [ "$FOUND" -eq 0 ]; then
    echo " WARNING: Pattern $pattern may be exposed"
  fi
done

echo " PASS: Trust Folder is properly configured"

Error: ./src/utils/helpers.ts is outside trust folder

# Acheck paths
pwd # Seu CWD
cat vectora.config.yaml | grep trust_folder

# Verify com --dry-run
vectora index --dry-run

Trust Folder: ./src
File: ./src/link-to-config.ts (symlink → ../../../.env)

Resolução:
1. Resolve symlink: /home/user/.env
2. Is /home/user/.env dentro de /home/user/project/src?
3. NÃO → BLOQUEADO

project:
  trust_folder: "./src"
  symlink_mode: "follow" # default: "deny"
  symlink_whitelist:
    - "./src/link-to-shared" # Exceção explícita

# vectora.config.yaml
project:
  trust_folder: "./src"

  # Comportamento de path resolution
  path_resolution:
    normalize_case: false # Windows: case-insensitive?
    resolve_symlinks: true
    follow_mountpoints: false

  # Auditoria
  audit:
    enabled: true
    log_all_accesses: false # true = muito verbose
    log_denied_accesses: true
    retention_days: 30