[Notifications](/login?return_to=%2Fopenai%2Fcodex)You must be signed in to change notification settings -
[Fork 14k](/login?return_to=%2Fopenai%2Fcodex)
Copy link
Copy link
Open
Labels
enhancementNew feature or requestNew feature or request
sandboxIssues related to permissions or sandboxingIssues related to permissions or sandboxing
Description #
What feature would you like to see?
- A mechanism to explicitly mark files/paths that the agent must not read or send to the model, at both repository and global levels (e.g., a repo-local .codexignore plus a global ignore file).
- Example: keep node_modules/ searchable for implementation checks, but never read or send .env, .env.*, .pem, id_, .aws/, .ssh/. - The configuration should be deterministic and shareable across the team/repo, and also support user defaults, rather than relying on project documentation or conventions.
Are you interested in implementing this feature?
- Yes — I can contribute and tests.
Additional information
Related: #205. That issue surfaced two primary use cases: preventing sensitive data from being sent to the model and excluding large/irrelevant files. The issue was closed in favor of a Rust (codex-rs) implementation, but as of 2025-08-28 a comparable feature does not appear to exist in codex-rs. I’d like to restart the discussion and converge on a design. Reactions are currently unavailable
Metadata #
Metadata #
Assignees
Labels
enhancementNew feature or requestNew feature or request
sandboxIssues related to permissions or sandboxingIssues related to permissions or sandboxing
Type
Fields
Give feedback No fields configured for issues without a type.