fix(agents): gitignore .env and correct env-handling docs

[meetp06]

Summary

The agent setup checklist (docs/agents/ROCKETRIDE_README.md) has coding agents write ROCKETRIDE_APIKEY into .env, but the extension's gitignore scaffolding only added .rocketride/ (apps/vscode/src/agents/agent-manager.ts). So a fresh project can end up holding a real API key in .env that the auto-generated .gitignore doesn't cover. This closes that gap.

Changes

Code — apps/vscode/src/agents/agent-manager.ts

• ensureGitignore now ensures both .rocketride/ and .env are present, appending only the entries that are missing (still an exact-line, idempotent match — re-runs add nothing).
• .env.example carries no secrets and is not matched by the .env rule, so it stays committable.

Docs

• ROCKETRIDE_README.md / ROCKETRIDE_COMPONENT_REFERENCE.md: rename env.example → .env.example.
• Add a checklist step: ensure .env is gitignored and commit only .env.example.
• Replace "Open the .env file in the workspace editor (as a tab)" with verifying the variable names/values, so secrets aren't surfaced in a visible editor tab.

Scope notes

• packages/agents-core (the verbatim copy mentioned in feat/RR-1024-cli-rocketride-init #1034 / refactor(vscode): consume @rocketride/agents-core (RR-1024 P3) — stacked on #1034 #1110) isn't on develop yet, so it's out of scope here; the same one-liner should land there when those merge.
• The false "the extension automatically creates/updates .env" claim on the adjacent line is tracked separately in docs(agents): README claims the VS Code extension auto-writes .env (removed in #803) #1200 and intentionally left untouched.

Verification

• ensureGitignore reduces to the same behavior for the existing .rocketride/ entry and additionally appends .env; missing-only logic keeps it idempotent.
• No remaining env.example (without the leading dot) in tracked docs; no dangling references to the old GITIGNORE_ENTRY constant.
• TypeScript compilation is covered by CI (the repo wasn't installed locally).

Closes #1201

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Improved .gitignore handling to properly manage multiple configuration files including environment variables.

• Documentation

  • Updated setup instructions to clarify environment variable configuration and file management best practices.
  • Corrected documentation references for environment file naming conventions.

[github-actions]

🤖 Internal: Discord sync marker

Auto-managed by the Discord notification workflow. Stores the linked Discord message ID. Do not edit or delete.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 41d95673-d638-442b-bfc7-a621f3b08b24

📥 Commits

Reviewing files that changed from the base of the PR and between 1995c64 and 71a0a19.

📒 Files selected for processing (3)

• apps/vscode/src/agents/agent-manager.ts
• docs/agents/ROCKETRIDE_COMPONENT_REFERENCE.md
• docs/agents/ROCKETRIDE_README.md

---

📝 Walkthrough

Walkthrough

The PR hardens environment file security by ensuring .env is added to .gitignore during workspace scaffolding. The code now manages multiple .gitignore entries, documentation was corrected to use consistent .env.example naming, and the setup checklist was updated to mandate .env be gitignored and variable values be verified.

Changes

Environment file security hardening

Layer / File(s)	Summary
Multi-entry .gitignore scaffolding apps/vscode/src/agents/agent-manager.ts	Introduced GITIGNORE_ENTRIES constant array with .rocketride/ and .env. Reworked ensureGitignore to compute missing entries using trimmed line matching and append only missing ones. Updated module comment and JSDoc to document multi-entry behavior.
Documentation alignment docs/agents/ROCKETRIDE_COMPONENT_REFERENCE.md, docs/agents/ROCKETRIDE_README.md	Corrected field reference from env.example to .env.example. Updated mandatory setup checklist to require .env.example creation, mandate .env in .gitignore (preventing secret commits), and add an explicit environment variable verification step.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• Directly addresses issue #1201: Adds .env to .gitignore scaffolding, updates the checklist to mandate .env is gitignored and document .env.example naming consistently, and adds explicit variable verification step instead of opening .env as an editor tab.

Suggested reviewers

• jmaionchi
• stepmikhaylov
• Rod-Christensen

Poem

🐰 A rabbit hops through dotfiles with care,
Secrets in .env—we must declare!
To .gitignore they go, safe and sound,
.env.example spreads knowledge around.
No keys left wandering—hooray! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: fixing gitignore to include .env and correcting environment variable handling documentation.
Linked Issues check	✅ Passed	All coding requirements from #1201 are met: .env added to gitignore entries, docs updated to use .env.example, checklist step added for gitignore verification, and variable verification guidance replaces editor tab instruction.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to #1201 requirements: agent-manager gitignore handling, README and COMPONENT_REFERENCE documentation updates, with agents-core copy and #1200 appropriately deferred.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}