Add a global ignore list for read operations #4230
Conversation
🦋 Changeset detectedLatest commit: 5a7cbb0 The changes in this PR will be included in the next version bump. This PR includes changesets to release 9 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
I'm having a hard time testing this locally, but was hoping to get some input from you @RSO and @catrielmuller. The idea here is to protect users from accidentally having sensitive content read and sent to an LLM. With this feature, common secrets are excluded even if a user has not yet created a .kilocodeignore file. Also cc @LigiaZ for input as well. |
kevinvandijk
left a comment
kevinvandijk
left a comment
There was a problem hiding this comment.
@i’ll review more on actual content later but please make sure to add appropriate kilocode_change start and end markers on adjusted sections
| </div> | ||
| </Button> | ||
| ))} | ||
| </div> |
There was a problem hiding this comment.
Can you wrap this + the handler above into its own component to reduce the diff with merges but also to keep the AutoApproveSettings component smaller?
| export class RooIgnoreController { | ||
| private cwd: string | ||
| private ignoreInstance: Ignore | ||
| private globalIgnoreInstance: Ignore |
There was a problem hiding this comment.
All changes in this file need // kilocode_change comments
| MIN_CHECKPOINT_TIMEOUT_SECONDS, | ||
| TOOL_PROTOCOL, | ||
| ToolProtocol, | ||
| DEFAULT_GLOBALLY_IGNORED_FILES, |
There was a problem hiding this comment.
All changes in this file need // kilocode_change as well
| | "yoloMode" // kilocode_change | ||
| | "alwaysAllowReadOnly" | ||
| | "alwaysAllowReadOnlyOutsideWorkspace" | ||
| | "globallyIgnoredFiles" |
There was a problem hiding this comment.
| | "globallyIgnoredFiles" | |
| | "globallyIgnoredFiles" // kilocode_change |
| @@ -0,0 +1,6 @@ | |||
| --- | |||
| "kilo-code": minor | |||
| "@roo-code/types": patch | |||
There was a problem hiding this comment.
| "@roo-code/types": patch |
We don't update the version of roo inherited packages.
Add kilocode_change start and end tags Co-authored-by: Remon Oldenbeuving <r.s.oldenbeuving@gmail.com>
|
Thanks for the work on this update. Adding a global ignore list is a meaningful step toward safer defaults.
It may also be helpful to revisit how ignore logic interacts with Lastly, strengthening workspace boundary enforcement would further reduce potential for unintended access. Happy to provide additional context privately if helpful. |
Thanks for the feedback @vman00, I will review it in more detail a bit later but just quickly on this point there are two other open PR's that may help address this that change the default settings of auto-approve: Extension (#4228), CLI (#4186) Please let me know if you think this would address this concern, or if there are other protections you would be interested in seeing. |
Context
Kilo Code supports a .kilocodeignore file, to prevent secrets and other sensitive content from being read and exposed to an LLM. However this must be created specifically for each project, and in the event it doesn't exist, read operations are allowed for all file types.
.gitignore can help in these situations, but it is not comprehensive as it does not get applied (per our documentation) for read operations, only for certain directory list operations.
This introduces a new concept to add a global ignore list which works even without the presence of a .kilocodeignore file, so that common secrets and other sensitive file types are ignored by default.
Implementation
Adds a new option to the auto-approve list, which shows when read is enabled, and has supports a list of glob syntax similar to other settings. This is then checked to prevent auto-approved read or write operations.
Screenshots
How to Test
Get in Touch