From 193db039ba097a2b03298e09f05a1340ad297bf1 Mon Sep 17 00:00:00 2001
From: Avi Alpert <aalpert@amazon.com>
Date: Tue, 8 Apr 2025 12:31:20 -0400
Subject: [PATCH] fix(amazonq): Set owner-only permissions for chat history and
 saved prompt files

---
 .../Bug Fix-b6e474f1-b7ef-4016-8e1c-c9e7e6a45cc2.json         | 4 ++++
 .../core/src/codewhispererChat/controllers/chat/controller.ts | 2 +-
 packages/core/src/shared/db/chatDb/util.ts                    | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 packages/amazonq/.changes/next-release/Bug Fix-b6e474f1-b7ef-4016-8e1c-c9e7e6a45cc2.json

diff --git a/packages/amazonq/.changes/next-release/Bug Fix-b6e474f1-b7ef-4016-8e1c-c9e7e6a45cc2.json b/packages/amazonq/.changes/next-release/Bug Fix-b6e474f1-b7ef-4016-8e1c-c9e7e6a45cc2.json
new file mode 100644
index 00000000000..a6a20c5bdf2
--- /dev/null
+++ b/packages/amazonq/.changes/next-release/Bug Fix-b6e474f1-b7ef-4016-8e1c-c9e7e6a45cc2.json	
@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "Amazon Q Chat: Set owner-only permissions for chat history and saved prompt files"
+}
diff --git a/packages/core/src/codewhispererChat/controllers/chat/controller.ts b/packages/core/src/codewhispererChat/controllers/chat/controller.ts
index b9c7bac8ada..ce130ca1b2a 100644
--- a/packages/core/src/codewhispererChat/controllers/chat/controller.ts
+++ b/packages/core/src/codewhispererChat/controllers/chat/controller.ts
@@ -638,7 +638,7 @@ export class ChatController {
                 title ? `${title}${promptFileExtension}` : `default${promptFileExtension}`
             )
             const newFileContent = new Uint8Array(Buffer.from(''))
-            await fs.writeFile(newFilePath, newFileContent)
+            await fs.writeFile(newFilePath, newFileContent, { mode: 0o600 })
             const newFileDoc = await vscode.workspace.openTextDocument(newFilePath)
             await vscode.window.showTextDocument(newFileDoc)
             telemetry.ui_click.emit({ elementId: 'amazonq_createSavedPrompt' })
diff --git a/packages/core/src/shared/db/chatDb/util.ts b/packages/core/src/shared/db/chatDb/util.ts
index 09ba4090b9c..6b26ff5f89e 100644
--- a/packages/core/src/shared/db/chatDb/util.ts
+++ b/packages/core/src/shared/db/chatDb/util.ts
@@ -142,7 +142,7 @@ export class FileSystemAdapter implements LokiPersistenceAdapter {
             await this.ensureDirectory()
             const filename = path.join(this.directory, dbname)
 
-            await fs.writeFile(filename, dbstring, 'utf8')
+            await fs.writeFile(filename, dbstring, { mode: 0o600, encoding: 'utf8' })
             callback(undefined)
         } catch (err: any) {
             callback(err)