Skip to content

Claude: update denied paths to focus on secrets#108579

Open
p-jackson wants to merge 1 commit intotrunkfrom
update-claude-denied-folders
Open

Claude: update denied paths to focus on secrets#108579
p-jackson wants to merge 1 commit intotrunkfrom
update-claude-denied-folders

Conversation

@p-jackson
Copy link
Member

@p-jackson p-jackson commented Feb 8, 2026
edited
Loading

I posted about this at p4TIVU-b4L-p2

Proposed Changes

  • Remove unnecessary deny patterns for build artifacts, caches, and lock files
  • Add deny patterns for security-sensitive files: .env, certificates, SSH keys, secrets

Why are these changes being made?

The previous deny list blocked build artifacts and caches which Claude may legitimately need to read for debugging. The updated list focuses on actual secrets and credentials that should never be exposed.

I don't see an equivalent file for cursor/codex

Testing Instructions

  • Verify Claude can read files in node_modules/, build/, yarn.lock etc.
  • Verify Claude cannot read secrets: try a prompt like Read @packages/calypso-e2e/src/secrets/encrypted.enc

Pre-merge Checklist

  • Has the general commit checklist been followed? (PCYsg-hS-p2)
  • Have you written new tests for your changes?
  • Have you tested the feature in Simple (P9HQHe-k8-p2), Atomic (P9HQHe-jW-p2), and self-hosted Jetpack sites (PCYsg-g6b-p2)?
  • Have you checked for TypeScript, React or other console errors?
  • Have you tested accessibility for your changes? Ensure the feature remains usable with various user agents (e.g., browsers), interfaces (e.g., keyboard navigation), and assistive technologies (e.g., screen readers) (PCYsg-S3g-p2).
  • Have you used memoizing on expensive computations? More info in Memoizing with create-selector and Using memoizing selectors and Our Approach to Data
  • Have we added the "[Status] String Freeze" label as soon as any new strings were ready for translation (p4TIVU-5Jq-p2)?
    • For UI changes, have we tested the change in various languages (for example, ES, PT, FR, or DE)? The length of text and words vary significantly between languages.
  • For changes affecting Jetpack: Have we added the "[Status] Needs Privacy Updates" label if this pull request changes what data or activity we track or use (p4TIVU-aUh-p2)?

@p-jackson
Claude: update denied paths to focus on secrets
1874336 
Remove build artifacts/caches from deny list (unnecessary restrictions),
add security-sensitive paths: .env files, certificates, SSH keys, secrets.
@github-actions
Copy link

github-actions bot commented Feb 8, 2026

Calypso Live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:commit-1874336ea1370a770c21cd74165e767bd1bff76e
Jetpack Cloud live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:commit-1874336ea1370a770c21cd74165e767bd1bff76e&env=jetpack
Automattic for Agencies live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:commit-1874336ea1370a770c21cd74165e767bd1bff76e&env=a8c-for-agencies
Dashboard live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:commit-1874336ea1370a770c21cd74165e767bd1bff76e&env=dashboard

@p-jackson p-jackson self-assigned this Feb 8, 2026
@p-jackson p-jackson requested review from a team February 8, 2026 21:25
@matticbot matticbot added the [Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically. label Feb 8, 2026
@p-jackson p-jackson marked this pull request as ready for review February 8, 2026 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@p-jackson p-jackson

Labels

[Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@p-jackson @matticbot