.claudeignore bypass: IDE selection sends ignored file contents as context

Resolved 💬 3 comments Opened Mar 31, 2026 by vsrinadh Closed Mar 31, 2026

Summary

Files listed in .claudeignore are correctly blocked from Claude Code tool access (Read, Grep, etc.), but when a user selects text in VS Code from an ignored file, the selected content is still sent to Claude as <ide_selection> context. This bypasses the ignore rules.

Steps to reproduce

  1. Add a file with secrets to .claudeignore (e.g., credentials.json)
  2. Open that file in VS Code
  3. Select/highlight text containing a secret (e.g., an API key)
  4. Send a message to Claude Code — the selected text is included in the conversation as <ide_selection> context

Expected behavior

If a file is in .claudeignore, its contents should never be sent to Claude — whether via tool access or IDE selection context.

Actual behavior

The content from the ignored file was visible to Claude via the IDE selection tag:

<ide_selection>The user selected the lines X to X from /path/to/ignored/file.json:
[SECRET_VALUE_WAS_VISIBLE_HERE]
</ide_selection>

Environment

  • Claude Code VS Code Extension
  • macOS (Darwin 25.3.0)
  • .claudeignore located in project subdirectory

Impact

Secrets (API keys, credentials, tokens) in .claudeignore-listed files can be unintentionally leaked to the LLM context through normal IDE usage (selecting text).

🤖 Generated with Claude Code

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗