OpenAI Codex 请求增加显式文件排除机制防止敏感文件泄漏
阅读原文· github.comGitHub Issue #2847 请求为 OpenAI Codex 增加显式文件排除机制,允许用户通过仓库级 .codexignore 和全局忽略文件标记模型不得读取或发送的敏感路径(如 .env、.pem、.aws/、.ssh/),同时保持 node_modules/ 等目录仍可用于实现检查。配置要求确定性、可团队共享并支持用户默认值。该 Issue 关联 #205——后者曾因转向 Rust 实现(codex-rs)而关闭,但截至 2025-08-28 该功能仍未在 codex-rs 中出现,作者希望重启讨论以收敛设计。
A way to exclude sensitive files #2847
Description
What feature would you like to see?
- A mechanism to explicitly mark files/paths that the agent must not read or send to the model, at both repository and global levels (e.g., a repo-local .codexignore plus a global ignore file).
- Example: keep node_modules/ searchable for implementation checks, but never read or send .env, .env.*, .pem, id_, .aws/, .ssh/.
- The configuration should be deterministic and shareable across the team/repo, and also support user defaults, rather than relying on project documentation or conventions.
Are you interested in implementing this feature?
- Yes — I can contribute and tests.
Additional information
Related: #205. That issue surfaced two primary use cases: preventing sensitive data from being sent to the model and excluding large/irrelevant files. The issue was closed in favor of a Rust (codex-rs) implementation, but as of 2025-08-28 a comparable feature does not appear to exist in codex-rs. I’d like to restart the discussion and converge on a design.