A way to exclude sensitive files issue still open for OpenAI Codex

📝 Discussion Summary (Click to expand)

Theme	Supporting Quote
1. Proper isolation is required to prevent secret leakage	“You can do this now: change the file permissions such that the user you run codex as can't read them, or run codex in a container without those files mounted.” – TheDong
2. .agentignore is only a hint, not a security boundary	“.agentsignore is NOT a security tool.” – kstenerud
3. Expectations about agent behavior often ignore the need for sandboxing	“The whole point of using an agent is that I don’t want to learn everything. I fully expected the harness to read the .agentignore file and hide it from the LLM.” – wodenokoto

Key takeaways

Sandboxing matters – Use containers, restrictive permissions (chmod 600), or separate users to stop agents from accidentally exposing sensitive files.
Ignore files aren’t a shield – They can guide agents but cannot guarantee secrecy; the real protection must be at the runtime layer.
Misaligned expectations fuel the problem – Many users assume agents will automatically respect ignore rules, overlooking the necessity of explicit isolation.

🚀 Project Ideas

Generating project ideas…

Enforces .agentignore‑style rules at runtime, automatically blocking sensitive files (e.g., .env, .secret) from LLM agents.
Provides a neutral standard for ignoring data that LLMs should not ingest.

Key	Value
Target Audience	AI agent developers and CI pipelines that expose code‑assistant APIs
Core Feature	Runtime interception of file reads and writes to enforce ignore patterns
Tech Stack	Python (FastAPI), SQLite for ignore DB, in‑process hook library
Difficulty	Medium
Monetization	Revenue-ready: subscription $5/mo per user

HN commenters repeatedly ask for an “open standard” like .agentignore; this fills that gap.
Solves the exact problem highlighted by pikseladam and pohl about hidden .env exposure.
Easy integration with existing agent harnesses (e.g., Code, LangChain) and can be packaged as a lightweight library.

Provides a ready‑to‑use Docker/CI container wrapper that isolates AI agents from host file‑system.
Automatically mounts workspace read‑only, stripping or redacting secrets before any LLM interaction.

Key	Value
Target Audience	Developers shipping AI‑assisted code generation in Docker/CI environments
Core Feature	Container‑based sandbox with automatic secret redaction and read‑only mounts
Tech Stack	Docker, Bash wrapper, Go for CLI, environment variable scrubbing
Difficulty	High
Monetization	Revenue-ready: pay‑per‑use $0.01 per agent‑hour

Directly addresses TheDong’s suggestion to run agents in containers without mounted secrets.
Aligns with cowsandmilk and lelandfe concerns about needing isolation to prevent accidental data leakage.
Offers a practical, enforceable security boundary rather than a soft ignore list.

Simple CLI/GUI tool that rewrites .env and similar config files, replacing secret values with placeholders (** redacted **) before feeding them to any LLM.
Guarantees that no raw secret content ever reaches the language model, regardless of agent tools.

Key	Value
Target Audience	Small teams and open‑source projects that rely on local LLM assistants
Core Feature	Automatic placeholder injection for sensitive config files
Tech Stack	Go (CLI), Vue.js (GUI), regex‑based scrubbing
Difficulty	Low
Monetization	Hobby

Mirrors the desire expressed by londons_explore for a “redacted” marker in files seen by agents.
Provides a low‑friction solution that doesn’t require deep container or permission changes, matching petcat’s call for practical tooling over security theater.