.aiignore file restrictions not being enforced - sensitive files still accessible [Claude Code]

Resolved 💬 3 comments Opened Jul 17, 2025 by utsav91092 Closed Aug 20, 2025

Description:
The .aiignore file is not properly restricting access to sensitive files.

Steps to reproduce:

  1. Create .aiignore file with pattern: **/application*.properties
  2. Use Read tool to access application.properties files
  3. Files are readable despite being in .aiignore

Expected behavior:
Files matching .aiignore patterns should be blocked from Read tool access

Actual behavior:
Read tool can access files that should be restricted, exposing sensitive configuration data like API keys etc

Security impact:
High - allows access to sensitive configuration files containing API keys etc

This is a security issue that should be prioritized since it defeats the purpose of the .aiignore file.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗