Top stories
OpenAI Codex still lacks a way to exclude sensitive files from the model
- Category: Agentic coding
- Status: discussion
- Sources: GitHub issue openai/codex#2847, discussion
- Summary: A feature request open since 2025-08-28 asks OpenAI Codex for a deterministic ignore mechanism, a proposed
.codexignoreat repository and global scope, so files such as.env,*.pem, and SSH or cloud credentials are never read or sent to the model while the rest of the tree stays searchable. The issue reached the front page (192 points) because the gap persists in the Rust rewrite (codex-rs); a related earlier request (#205) was closed in favor of that rewrite without the feature landing. - Why it matters: Without a path-based exclusion boundary, a coding agent can read secrets into its context and transmit them to the provider, a data-exfiltration risk for any team running Codex over a repository that holds credentials.
- Follow-up: Watch for a
.codexignoreor equivalent exclusion mechanism landing in codex-rs.