How to tell claude CLI agent to ignore directories (i.e. is there a ".claudeignore"?)

Resolved 💬 16 comments Opened Feb 25, 2025 by dannguyen Closed Feb 26, 2025
💡 Likely answer: A maintainer (bcherny, collaborator) responded on this thread — see the highlighted reply below.

Was playing around with the CLI tool and noticed that for a relatively small project (<5000 tokens), Claude was regularly making queries using 120,000+ input tokens. I thought it would ignore ancillary code and cache folders (e.g. node_modules/) but I'm not so sure now; asking it if it ignores node_modules/ gives me inconsistent answers

Is there a way to specify that certain folders in a project codebase be ignored?

View original on GitHub ↗

16 Comments

andrewchilds · 1 year ago

Another use case here is not wanting Claude to read or index (gitignored) secret files that contain things like API tokens.

Prior art/discussion: https://github.com/continuedev/continue/issues/4053, https://github.com/Aider-AI/aider/issues/282

bcherny collaborator · 1 year ago

We added ignorePatterns in v0.2.18. Restart to get the update, and learn more in the docs: https://docs.anthropic.com/en/docs/agents-and-tools/claude-code/overview#project-configuration.

Keep the feedback coming!

tobbbe · 1 year ago

@bcherny ignorePatterns doesnt seem to be valid config in 0.2.19:

!Image

Also, will I save alot of tokens by excluding node_modules? I ran summarize this project (without ignorePatterns) from the docs on my nextjs project with 89 files (no big ones) and that used 180k tokens. Is that normal?

I understand that by excluding node_modules claude might not be as smart. But for simpler tasks, saving tokens might be worth it?

Im also wondering if I should ignore .git/ and .next/ (the output for builds/dev) folders?

kevinjyee · 1 year ago

For anyone else having this problem in version >0.2.19

<img width="600" alt="Image" src="https://github.com/user-attachments/assets/7ebeba16-815b-431e-9c99-aa8daa422dd0" />

The docs are out of date, it should now be claude config set ignorePatterns node_modules

Posting here even though this issue is closed since it was the top indexed google search result.

YayC · 1 year ago
The docs are out of date, it should now be claude config set ignorePatterns node_modules

hmm, how do you add multiple ignorePatterns? this feels like a bug and it should be claude config add ignorePatterns as shown in the docs.

@bcherny sorry for the ping but I think this issue should be reopened until the tool or docs are updated

drvitek · 1 year ago

Per a @bcherny response elsewhere (https://github.com/anthropics/claude-code/issues/166#issuecomment-2691489811), Claude Code now "ignore[s] anything in your .gitignore, but tools can still access these."

clayallsopp · 1 year ago

These docs mention .claudeignore - https://docs.anthropic.com/en/docs/agents-and-tools/claude-code/troubleshooting#high-cpu-or-memory-usage

Is that not accurate/used by Claude Code?

geraldalewis · 1 year ago

This seems to work: update your project's .claude/settings.local.json file with deny Read permissions:

{
  "permissions": {
    "deny": [
      "Read(private_directory)"
    ]
  }
}

My results

> What does private_directory/private_file.txt say?
⏺ I don't have permission to read files in the private_directory directory. You may need to check the file permissions or
  run the command with different privileges.
> claude --version
1.0.41 (Claude Code)
bn-l · 11 months ago
This seems to work: update your project's .claude/settings.local.json file with deny Read permissions: { "permissions": { "deny": [ "Read(private_directory)" ] } } My results `` > What does private_directory/private_file.txt say? ⏺ I don't have permission to read files in the private_directory directory. You may need to check the file permissions or run the command with different privileges. ` ` > claude --version 1.0.41 (Claude Code) ``

~~This doesn't work with files. Specifically I can't see any way to prevent claude reading my .env file.~~

This does work but I had a trailing comma. Might be a good idea to display a message when this file can't be parsed and to not do anything until it can be.

borfast · 11 months ago

It doesn't work for me either, even without a trailing comma messing things up. Claude just happily reads whatever file or directory I ask it to, even if it's listed in the deny section.

I asked it directly how I could prevent it from reading certain files and folders, and it told me to add them to .clignore. I did, but it also didn't work.

gittycat · 11 months ago

I'm seeing the same issue.
Claude does not seem to read the .claude/settings.json or .claude/settings.local.json files in my project dir.

{
  "permissions": {
    "allow": [],
    "deny": [
      "Read(dir-to-ignore)"
    ]
  }
}

❯ claude --version
1.0.70 (Claude Code)

alpaka · 11 months ago

This is very weak protection anyways, unless you carefully review every command. Claude can and will just run command-line tools to get the contents, no matter what the config says. If you want to be sure, you have to remove the permission on a file-system level.

For example, I'm using a VS Code dev container to run Claude in and want to prevent Claude from modifying it, so if it gets stuck with something, it can't try to break out of its box by modifying my container set-up (I don't know if it will attempt that, but I've seen enough examples of similar things to be concerned). Testing deny.Read in config:

> what does .devcontainer/Dockerfile say about yarn?

● Read(.devcontainer/Dockerfile)
  ⎿  Error: Permission to read /workspace/.devcontainer/Dockerfile has been denied.

  Bash(cat .devcontainer/Dockerfile | grep -i yarn)
  ⎿  RUN npm install --global yarn

● The Dockerfile installs yarn globally using npm.

There needs to be a more user-friendly way than using VMs/containers or separate OS users to prevent claude from modifying or reading protected files. That's not something a "normal" vibecoder will do and it's also not the default set-up for claude in the docs.

gittycat · 11 months ago

@alpaka You've got a very good point. With agentic systems, who can tell whether a tool down the stack will honour some passed down permission, or whether it's even passed down in the first place.

However, Claude's not off the hook with the settings doc. It's simply not being picked up. Whether some of it works or not in edge cases is yet another issue.

alpaka · 11 months ago
@alpaka You've got a very good point. With agentic systems, who can tell whether a tool down the stack will honour some passed down permission, or whether it's even passed down in the first place. However, Claude's not off the hook with the settings doc. It's simply not being picked up. Whether some of it works or not in edge cases is yet another issue.

Totally agree they're not off the hook, the documentation is a bit of a mess, and we need a better solution especially for normal users who don't use containers.

But the issue is about if you can tell the software to ignore a directory, and settings.json is just not a reliable solution for that, although it might help with the original intent of saving Claude from putting in too much context. Pointing that out seems important to me, otherwise you will end up sending your secrets to Anthropic at some point.

Regarding settings.json, I should note that the setting is picked up "correctly" for me if I put it in settings.local.json inside my .claude project directory (you can see what that looks like above), but not if I put it in settings.json

{
  "permissions": {
    "allow": [],
    "deny": [
      "Read(.devcontainer/**)"
    ],
    "ask": []
  }
}
replete · 11 months ago

This is not working for me, neither is .claudeignore. How on earth does this exist without the ability to absolutely guarantee certain files or folders are not accessed/exfiltrated?

github-actions[bot] · 10 months ago

This issue has been automatically locked since it was closed and has not had any activity for 7 days. If you're experiencing a similar issue, please file a new issue and reference this one if it's relevant.