Can .gitignore-ed files “still be included in AI requests, such as if you recently viewed a file and then ask a question in the chat”? (I can add a .gitignore-d file I view, or have recently viewed, to context.)
Is new “Agent” Composer feature designed to respect .gitignore? I believe it does not respect it. (If chosen, “Agent” Composer can implicitly access an entire project as context. When asked whether it can access a .gitinore-d directory, it answered yes, and listed the files in that directory. When asked whether it could read the contents of those files, it answered yes and showed the contents of one file and one child directory file. See attached screenshots.)
Can a warning occur before use of a “recently used file” if it is .gitignore-d or .cursorignor-d.
My goal is to avoid sensitive data being accidentally transmitted to Cursor (e.g. if Privacy mode is off).
I feel the .cursorban the Cursor team is considering would be a band-aid. Instead, I propose access to .gitignore-d or .cursorignore-d files be strictly respected. Implementing UI to explicitly override inaccessibility of those files could be acceptable. Allowing “recently viewed” files seems vague and implicit.
I definitely hear this… the counter-argument is that it does harm performance by restricting access to auto-generated code files (like TS headers generated from protobuf) which are really useful for getting things right. It takes a lot of the magic out of it. Additionally the case of the agent, setting up and modifying an .env file is a pretty standard agent workflow.
However, risking the leak of an env file is an extremely big deal.
How would you feel about us auto-banning .env* and a set of other sensitive files (.pem, etc) while we figure out a better solution?
I love the magic. Composer “agent” mode is exciting. I just really don’t want new devs accidentally sending credentials to various third-party servers whether those servers store those cred’s or not (“Privacy mode”).
Such a setting sounds good!
Where could this new setting live? Maybe a new section “Privacy & Security” (to which “Privacy mode” might move). Just having such a section might further highlight Cursor’s dedication to this aspect of the software.[1]
Where would “sensitive files” be defined? I guess a webpage, because I assume neither help text nor tooltip would be adequate to list all entries.
Is “recently viewed” defined anywhere? [Is it whatever VS Code’s logic is for recently opened?]
“Privacy mode”, and the choice of it in onboarding, is what made me feel good about trying Cursor. ↩︎
We sometimes have files under a .secrets folder in our repositories.
We similarly would like to prevent any of those files from being looked at by Cursor AI.
We also have folders where we have the data of our users.
In addition to automatically not touching some common default set of files, we would like to also be able to ban particular folders that contain sensitive data.
.cursorignore Use Case & Caveat
One can commit .cursorignore to a repository, to manage that repository, which allows repository-level control like .gitignore could. Drawback: this is an IDE-specific config. It is preferable to commit config files that all IDE’s can respect i.e. a standard; but AI-IDE–integration is probably not there yet.
whether those servers store those cred’s or not (“Privacy mode”).