Skip to content
HN On Hacker News ↗

A way to exclude sensitive files

▲ 227 points 143 comments by pikseladam 1w ago HN discussion ↗

Pangram verdict · v3.3

We believe that this document is fully human-written

16 %

AI likelihood · overall

Human
100% human-written 0% AI-generated
SEGMENTS · HUMAN 1 of 1
SEGMENTS · AI 0 of 1
WORD COUNT 154
PEAK AI % 16% · §1
Analyzed
Jun 28
backend: pangram/v3.3
Segments scanned
1 windows
avg 154 words each
Distribution
100 / 0%
human / AI fraction
Verdict
Human
Pangram v3.3

Article text · 154 words · 1 segments analyzed

Human AI-generated
§1 Human · 16%

What feature would you like to see?

A mechanism to explicitly mark files/paths that the agent must not read or send to the model, at both repository and global levels (e.g., a repo-local .codexignore plus a global ignore file). Example: keep node_modules/ searchable for implementation checks, but never read or send .env, .env.*, .pem, id_, .aws/, .ssh/. The configuration should be deterministic and shareable across the team/repo, and also support user defaults, rather than relying on project documentation or conventions.

Are you interested in implementing this feature?

Yes — I can contribute and tests.

Additional information Related: #205. That issue surfaced two primary use cases: preventing sensitive data from being sent to the model and excluding large/irrelevant files. The issue was closed in favor of a Rust (codex-rs) implementation, but as of 2025-08-28 a comparable feature does not appear to exist in codex-rs. I’d like to restart the discussion and converge on a design.