[FEATURE] deniedPaths setting to prevent reading sensitive repos

Resolved 💬 5 comments Opened Feb 13, 2026 by KenAdamson Closed Mar 15, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Claude Code can read any file accessible on the local filesystem. Organizations may have sensitive repositories (proprietary engineering data, trade secrets, classified information) that developers need cloned locally but should never be read or analyzed by AI tools. There's currently no way to globally exclude paths from Claude Code's access.

Proposed Solution

Add a deniedPaths array to ~/.claude/settings.json:

{
"deniedPaths": [
"/path/to/sensitive-repo",
"/proprietary-data/",
"~/work/classified/*"
]
}

Claude Code would refuse to read, glob, grep, or otherwise access files matching these patterns, returning an error like "Path is in denied list per user settings."

Alternative Solutions

  • .claudeignore in repo: Only works when working inside that repo
  • CLAUDE.md instructions: Claude still reads the file to see the instructions
  • Not cloning locally: Impractical for developers who need the files for their work

Priority

High - Significant impact on productivity

Feature Category

CLI commands and flags

Use Case Example

A developer works on multiple projects, some containing sensitive IP (e.g., rocket propulsion designs, trade secrets). They need these files locally for their IDE, builds, and testing. When using Claude Code on adjacent projects, they want assurance that Claude cannot access the sensitive repos even accidentally via glob patterns or broad searches.

Additional Context

This would provide defense-in-depth for sensitive IP, complementing existing access controls. Similar to how .gitignore prevents accidental commits, deniedPaths would prevent accidental AI access.

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗