Skip to content

[Producer] Upstream – Configurable file exclusion patterns (.codexignore + global/project ignores) #52

Open
Open
[Producer] Upstream – Configurable file exclusion patterns (.codexignore + global/project ignores)#52
Labels
producerProducer-created planning/analysis taskproducer functionalityFunctional task generated by producer
@github-actions

Description

@github-actions
github-actions
bot
opened on Aug 30, 2025

Context

Mirrors upstream feature request from openai/codex: openai#1397

Add configurable file exclusion patterns so the AI cannot read or act on sensitive files. Support:

  • Global ignore patterns (e.g., in ~/.codex/config.json)
  • Project-level ignore patterns (e.g., .codex/config.json)
  • A .codexignore file with gitignore-like syntax

Why

Prevents accidental exposure of secrets and improves enterprise readiness. Applies to read/write/list/search operations with clear feedback on denied access. Non-breaking if not configured.

Scope & Notes

  • Patterns use .gitignore-style syntax
  • Precedence: global → project → local .codexignore
  • Enforce across all file ops and context ingestion
  • Efficient pattern matching; cache compiled patterns

Acceptance Criteria

  • A spec doc outlining config locations, precedence, and syntax
  • Implementation guarding all file access in the CLI/agent runtime
  • Unit/integration tests covering allow/deny precedence and edge cases
  • User-facing docs with examples and migration guidance
  • Telemetry/log message when access is denied due to ignore rules (without leaking paths in responses)

Refs: #6, upstream: openai#1397

Metadata

Metadata

Assignees

No one assigned

    Labels

    producerProducer-created planning/analysis taskproducer functionalityFunctional task generated by producer

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions