Context
Mirrors upstream feature request from openai/codex: openai#1397
Add configurable file exclusion patterns so the AI cannot read or act on sensitive files. Support:
- Global ignore patterns (e.g., in
~/.codex/config.json)
- Project-level ignore patterns (e.g.,
.codex/config.json)
- A
.codexignore file with gitignore-like syntax
Why
Prevents accidental exposure of secrets and improves enterprise readiness. Applies to read/write/list/search operations with clear feedback on denied access. Non-breaking if not configured.
Scope & Notes
- Patterns use
.gitignore-style syntax
- Precedence: global → project → local
.codexignore
- Enforce across all file ops and context ingestion
- Efficient pattern matching; cache compiled patterns
Acceptance Criteria
- A spec doc outlining config locations, precedence, and syntax
- Implementation guarding all file access in the CLI/agent runtime
- Unit/integration tests covering allow/deny precedence and edge cases
- User-facing docs with examples and migration guidance
- Telemetry/log message when access is denied due to ignore rules (without leaking paths in responses)
Refs: #6, upstream: openai#1397
Context
Mirrors upstream feature request from openai/codex: openai#1397
Add configurable file exclusion patterns so the AI cannot read or act on sensitive files. Support:
~/.codex/config.json).codex/config.json).codexignorefile with gitignore-like syntaxWhy
Prevents accidental exposure of secrets and improves enterprise readiness. Applies to read/write/list/search operations with clear feedback on denied access. Non-breaking if not configured.
Scope & Notes
.gitignore-style syntax.codexignoreAcceptance Criteria
Refs: #6, upstream: openai#1397