Checks
Operating system
macOS 26.1.0 (25B78)
Expected behaviour
Environment variable in .env files shouldn't be loaded by the agent's shell uses to run commands.
The agent's shell should instead inherit the user's shell environment only (what's in .zshrc/.zprofile), not auto-load .env files. If .env loading is intentional, it should be opt-in or documented.
Actual behaviour
Environment variable are sourced into the terminal kiro-cli uses to run commands.
This gives the agent access to secret is doesn't need and should have access to. Also this can also effects the result of some automated test, for example if the log level is set in the .env file. This causes confusion with the agent getting different test results to the user.
Steps to reproduce
- Create an .env file
- Add an environment variable to the file. eg:
SECRET_NOT_MEANT_FOR_AGENTS="Oh No, I leaked!"
- From the the directory the
.env file was created, open kiro-cli
- Inside the kiro-cli
echo one of the environment variables from the .env file. eg !echo $SECRET_NOT_MEANT_FOR_AGENTS
- The value of the environment variable is displayed on the screen
Environment
<This will be visible to anyone. Do not include personal or sensitive information>
[q-details]
version = "2.4.0"
hash = "da457ad7e4bc0693d1f094f7571fb87091a0e406"
date = "2026-05-20T19:18:35.988733Z (18h ago)"
variant = "full"
[system-info]
os = "macOS 26.1.0 (25B78)"
chip = "Apple M4 Pro"
total-cores = 14
memory = "48.00 GB"
[environment]
os = "Mac"
shell-path = "/bin/zsh"
shell-version = "5.9"
terminal = "iTerm 2"
install-method = "unknown"
[env-vars]
QTERM_SESSION_ID = "d3ee10ca255b4e9eabaf7148839cd630"
Q_SET_PARENT_CHECK = "1"
Q_TERM = "2.4.0"
SHELL = "/bin/zsh"
TERM = "xterm-256color"
__CFBundleIdentifier = "com.googlecode.iterm2"
Checks
q doctorin the affected terminal sessionq restartand replicated the issue againOperating system
macOS 26.1.0 (25B78)
Expected behaviour
Environment variable in .env files shouldn't be loaded by the agent's shell uses to run commands.
The agent's shell should instead inherit the user's shell environment only (what's in .zshrc/.zprofile), not auto-load .env files. If .env loading is intentional, it should be opt-in or documented.
Actual behaviour
Environment variable are sourced into the terminal kiro-cli uses to run commands.
This gives the agent access to secret is doesn't need and should have access to. Also this can also effects the result of some automated test, for example if the log level is set in the .env file. This causes confusion with the agent getting different test results to the user.
Steps to reproduce
SECRET_NOT_MEANT_FOR_AGENTS="Oh No, I leaked!".envfile was created, openkiro-cliechoone of the environment variables from the.envfile. eg!echo $SECRET_NOT_MEANT_FOR_AGENTSEnvironment