# OpenAI Codex 请求增加显式文件排除机制防止敏感文件泄漏

- 来源：Hacker News 热门（buzzing.cc 中文翻译）
- 作者：pikseladam
- 发布时间：2026-06-29 00:26
- AIHOT 分数：41
- AIHOT 链接：https://aihot.virxact.com/items/cmqy0cyep0335slwfk4492vhh
- 原文链接：https://github.com/openai/codex/issues/2847

## AI 摘要

GitHub Issue #2847 请求为 OpenAI Codex 增加显式文件排除机制，允许用户通过仓库级 .codexignore 和全局忽略文件标记模型不得读取或发送的敏感路径（如 .env、.pem、.aws/、.ssh/），同时保持 node_modules/ 等目录仍可用于实现检查。配置要求确定性、可团队共享并支持用户默认值。该 Issue 关联 #205——后者曾因转向 Rust 实现（codex-rs）而关闭，但截至 2025-08-28 该功能仍未在 codex-rs 中出现，作者希望重启讨论以收敛设计。

## 正文

A way to exclude sensitive files #2847

Open

Open

A way to exclude sensitive files#2847

Labels

enhancementNew feature or requestsandboxIssues related to permissions or sandboxing

Description

mkusaka

opened on Aug 28, 2025

What feature would you like to see?

A mechanism to explicitly mark files/paths that the agent must not read or send to the model, at both repository and global levels (e.g., a repo-local .codexignore plus a global ignore file).

Example: keep node_modules/ searchable for implementation checks, but never read or send .env, .env.*, .pem, id_, .aws/, .ssh/.

The configuration should be deterministic and shareable across the team/repo, and also support user defaults, rather than relying on project documentation or conventions.

Are you interested in implementing this feature?

Yes — I can contribute and tests.

Additional information

Related: #205. That issue surfaced two primary use cases: preventing sensitive data from being sent to the model and excluding large/irrelevant files. The issue was closed in favor of a Rust (codex-rs) implementation, but as of 2025-08-28 a comparable feature does not appear to exist in codex-rs. I’d like to restart the discussion and converge on a design.

Metadata

Metadata
