Skip to content
/
Tier A A8 Cross-runtime harness

aiignore-cli

aiignore-cli · yjcho9317/aiignore-cli · ★ 8 · last commit 2026-04-03

Primitive shape 4 total
Commands 4
00

Summary

aiignore-cli — Summary

aiignore-cli is a TypeScript/Node.js CLI tool (binary: aiignore, npm package: aiignore-cli) that auto-detects which AI coding tools are active in a project and generates the correct ignore-file configuration for each one — .cursorignore, .geminiignore, .aiignore, .codeiumignore, .aiderignore, .clineignore, .rooignore, and Claude Code's settings.json deny rules — all from a single command. The tool's real value is the embedded security research: documented CVEs, bypass vectors, and per-tool reliability ratings for each AI tool's ignore mechanism, so developers don't need to research tool-specific quirks individually. It supports a verify command that produces a protection-status table with CI-mode exit codes, enabling ignore-coverage checks in pre-commit hooks or CI pipelines. This is a developer-facing security scaffolding tool that works across 9 AI coding tools.

Differs from seeds: No seed is architecturally similar — aiignore-cli is a project-scaffolding CLI for secrets protection, not a development workflow framework. The closest distribution type is agent-os (bash-bundle, project configuration generator), but aiignore-cli is a compiled TypeScript npm package with a real binary. Unlike all seeds which configure AI agent behavior, aiignore-cli configures AI agent access restrictions.

01

Overview

aiignore-cli — Origin, Philosophy, and Manifesto

Origin

Built by yjcho9317. TypeScript/Node.js, Apache-2.0 license. Single contributor. Version 1.2.0.

Philosophy

The core insight: each AI coding tool has a different, incompatible ignore mechanism with different reliability characteristics and known security vulnerabilities. Developers who rely on a single .gitignore-style file are unknowingly exposing secrets to most AI tools they use.

From README:

"Do you know that Cursor also needs .cursorignore, Claude Code needs settings.json deny rules, Gemini CLI needs .geminiignore, JetBrains needs .aiignore, and Windsurf still uses .codeiumignore? Do you know that Cursor's ignore is 'best-effort' with 2 known CVEs, that Gemini's negation patterns are broken, or that Copilot has no ignore file at all? aiignore does the research for you. The security data behind each tool is the real value — the CLI just applies it."

Security-first positioning

aiignore treats AI tool ignore mechanisms as a security surface, not just a UX convenience. It documents known bypass vulnerabilities explicitly:

  • Cursor: "best-effort", agent bypass, @ reference bypass
  • Gemini CLI: negation patterns broken, self-blocks .env/.pem
  • Copilot: no ignore file exists for individual developers at all

Limitation acknowledgment

From README: "No AI tool guarantees 100% file exclusion. All tools share a common weakness: agent/terminal modes can bypass ignore files by running shell commands directly. Copilot has no ignore mechanism at all for individual developers. This tool is one layer of defense."

This honest limitation statement positions aiignore as one defense layer, recommending complementary tools (gitleaks, trufflehog, secrets managers).

02

Architecture

aiignore-cli — Architecture, Distribution, and Installation

Distribution

npm package: aiignore-cli. Binary: aiignore (and alias aiignore-cli).

npx aiignore-cli init
npm install -g aiignore-cli

Version analyzed: 1.2.0

Directory Tree

aiignore-cli/
├── src/
│   ├── index.ts            # entry point
│   ├── commands/           # init, verify, list, config commands
│   ├── generators/         # per-tool config file generators
│   ├── scanners/           # tool detection scanners
│   ├── data/               # security research data per tool
│   └── utils/
├── test/                   # vitest test suite
├── docs/
│   └── test-report.md      # per-tool CVEs, bypass bugs, tested behavior
├── assets/                 # screenshots for README
├── package.json            # bin: { aiignore, aiignore-cli }
├── tsconfig.json
└── tsup.config.ts          # build config

Tool Support (9 AI tools)

Tool File Generated Reliability
Cursor .cursorignore Low (CVEs exist)
Claude Code .claude/settings.json deny rules Medium
Copilot guide only (no file mechanism) None
Gemini CLI .geminiignore Low (negation broken)
JetBrains AI .aiignore High
Windsurf .codeiumignore Medium
Aider .aiderignore Medium
Cline .clineignore Medium
Roo Code .rooignore Medium

Required Runtime

  • Node.js >= 18

Config Files

  • .aiignorerc — per-project configuration (tools list, extraPatterns)
  • ~/.config/aiignore/config.json — global configuration (personal patterns)

Patterns Source

Built-in defaults + security-related entries from .gitignore. Categories: env files, credentials, keys, SSH, cloud provider configs, infrastructure secrets, app secrets, database files, certificates.

03

Components

aiignore-cli — Components

CLI Commands

aiignore init (default)

Auto-detect AI tools in the project and generate appropriate ignore files.

Flags:

  • --all — generate for all supported tools, skip detection
  • --only cursor,gemini — specific tools (comma-separated)
  • --append — add missing patterns to existing files
  • --dry-run — preview without writing
  • --force — overwrite existing files
  • -q — quiet mode

aiignore verify

Produce a protection-status table showing which tools are protected.

Flags:

  • --ci — exit 1 if any unprotected tool detected
  • --strict — exit 1 if any tool isn't best-effort or better
  • --json — machine-readable output

aiignore list

Show all supported tools and their aliases.

aiignore config

Show effective configuration (merged global + project).

Flags:

  • path — print global config file path

Generators (per tool)

One generator module per supported AI tool in src/generators/. Each generator knows:

  • Which file to write
  • Which pattern format the tool uses
  • Known quirks (e.g., Gemini negation broken, Cursor best-effort caveat)

Scanners

src/scanners/ — auto-detect which AI tools are present in the project (checks for tool-specific config files, lock files, etc.)

Security Data

src/data/ + docs/test-report.md — per-tool security research: CVEs, known bypass vulnerabilities, tested behavior. This is the embedded knowledge base that differentiates aiignore from a manual script.

Project Config: .aiignorerc

{
  "tools": ["cursor", "claude", "jetbrains"],
  "extraPatterns": ["internal/", "*.staging.env"]
}

Global Config: ~/.config/aiignore/config.json

{
  "extraPatterns": ["company-internal/", "*.corp-secret"]
}
05

Prompts

aiignore-cli — Prompt Files and Techniques

This is a CLI tool — it contains no LLM prompt files. The "prompts" here are the README content describing the security knowledge that drives the tool's decisions.

Knowledge Artifact 1: Tool Reliability Matrix (Structured security research)

| Tool | File Generated | Reliability | Key Issue |
|------|---------------|-------------|-----------|
| Cursor | `.cursorignore` | Low | "best-effort", agent bypass, `@` reference bypass |
| Claude Code | `.claude/settings.json` | Medium | `Read()` deny covers Bash too (tested) |
| Copilot | guide only | None | no ignore file exists for individual devs |
| Gemini CLI | `.geminiignore` | Low | negation patterns broken, self-blocks `.env`/`.pem` |
| JetBrains AI | `.aiignore` | High | most reliable; AI redacts sensitive filenames |
| Windsurf | `.codeiumignore` | Medium | negation can't override `.gitignore` |
| Aider | `.aiderignore` | Medium | `--aiderignore` flag or `/add` can bypass |
| Cline | `.clineignore` | Medium | controls context loading, not terminal execution |
| Roo Code | `.rooignore` | Medium | terminal commands may bypass restrictions |

This is the core value of the tool — embedded per-tool security research that most developers lack. The "Key Issue" column documents bypass vulnerabilities (CVEs, behavioral quirks) that are not obvious from the tools' own documentation.

Knowledge Artifact 2: Protection Pattern Categories

| Category | Patterns |
|----------|----------|
| Environment | `.env`, `.env.*`, `.env.local` |
| Credentials | `credentials.json`, `service-account*.json`, `*secret*`, `token.json` |
| Keys | `*.pem`, `*.key`, `*.p12`, `*.pfx`, `*.jks`, `*.gpg`, `*.asc` |
| SSH | `.ssh/`, `id_rsa*`, `id_ed25519*`, `id_ecdsa*` |
| Cloud | `.aws/`, `.gcp/`, `.azure/`, `gcloud/` |
| Infrastructure | `terraform.tfstate`, `terraform.tfvars`, `.docker/config.json`, `.kube/config` |
| Registry & Auth | `.npmrc`, `.pypirc`, `.netrc`, `*.htpasswd` |

The pattern taxonomy is the tool's own knowledge base — used to populate generated ignore files.

09

Uniqueness

aiignore-cli — Uniqueness and Positioning

Differs from Seeds

No seed is architecturally similar — aiignore-cli is a developer-facing security configuration scaffolding tool, not a development workflow framework. It operates on the meta-level: configuring what AI tools are allowed to see, not how AI agents behave. The closest seed by distribution type is agent-os (generates project configuration files from a CLI), but agent-os generates CLAUDE.md context files while aiignore-cli generates security restriction files. No seed mentions cross-tool ignore file management. Unique in corpus for being the only tool that treats different AI tools' file-access restrictions as a security surface to be systematically protected.

Positioning

aiignore-cli sits at the intersection of developer security hygiene and AI tool adoption. It solves a real practical problem: the proliferation of AI coding tools has created a parallel proliferation of incompatible ignore-file mechanisms, each with different reliability characteristics and undocumented bypass vulnerabilities. A developer using three AI tools (e.g., Claude Code, Cursor, Cline) needs three different configuration files in three different formats with different quirk knowledge.

The tool's competitive moat is the embedded security research in docs/test-report.md — the reliability ratings and documented bypass vectors are based on actual testing, not vendor documentation.

Observable Failure Modes

  1. Single maintainer, low star count (8): This is a niche tool with minimal community validation. Security claims may be outdated.
  2. No bypass guarantee: README explicitly states terminal commands can always bypass ignore files by running shell commands directly. This is an inherent limitation of the approach.
  3. Copilot blind spot: GitHub Copilot has no ignore mechanism for individual developers — aiignore can only generate a "guide only" for Copilot users, not a functional protection file.
  4. Static pattern list: Patterns are static (baked into the package). Project-specific sensitive files not in the default list require manual configuration via .aiignorerc.
  5. Gemini CLI negation bug: The README documents that Gemini's negation patterns are broken. aiignore works around this by not generating negation patterns for Gemini, but the underlying tool limitation persists.

Explicit Antipatterns

  • Treating aiignore as the sole layer of secrets protection (README explicitly recommends gitleaks, trufflehog, and secrets managers as complementary layers)
  • Assuming 100% file exclusion from any AI tool
04

Workflow

aiignore-cli — Workflow

Init Workflow

Phase What happens Artifact
1. Tool detection Scanners check project for AI tool indicators list of detected tools
2. Config merge Project .aiignorerc + global ~/.config/aiignore/config.json merged effective config
3. Pattern collection Built-in defaults + .gitignore security entries + extraPatterns pattern list
4. Generator dispatch One generator per detected tool per-tool config file
5. File write Writes tool-specific ignore files .cursorignore, settings.json, etc.

Verify Workflow

Phase What happens Artifact
1. Scan existing files Check which tool-specific ignore files exist and their contents scan result
2. Coverage analysis Map tools to protection status status table
3. Output Text table or JSON protection report
4. Exit code 0 = all protected, 1 = gaps found (--ci) CI signal

Approval Gates

None. This is a scaffolding tool — it generates files, user reviews and commits them.

CI Integration Pattern

aiignore verify --ci   # exit 1 if unprotected
aiignore verify --strict  # exit 1 if any tool isn't best-effort

Intended for pre-commit hooks or CI pipeline checks.

06

Memory Context

aiignore-cli — Memory and Context

State

No LLM calls, no memory. The tool reads:

  • .aiignorerc (project config)
  • ~/.config/aiignore/config.json (global config)
  • .gitignore (pattern extraction)

And writes:

  • Tool-specific ignore files

Cross-session

Not applicable — each CLI invocation is independent. The generated files persist in the filesystem as the only artifact.

Memory Type

None. Purely file-based I/O with embedded static knowledge (security research data baked into the npm package).

07

Orchestration

aiignore-cli — Orchestration

Multi-agent

No. This is a deterministic CLI tool with no LLM calls or agent spawning.

Orchestration Pattern

None.

Isolation Mechanism

Not applicable.

Execution Mode

One-shot CLI invocation.

Multi-model

Not applicable — no LLM.

08

Ui Cli Surface

aiignore-cli — UI and CLI Surface

Dedicated CLI Binary

Yes. Binary name: aiignore (alias: aiignore-cli). Compiled TypeScript, distributed via npm.

Commands

  • aiignore / aiignore init — main generation command
  • aiignore verify — protection audit with CI exit codes
  • aiignore list — show supported tools
  • aiignore config / aiignore config path — show configuration

Local UI

None. Terminal-only. README shows screenshots of aiignore init and aiignore verify output tables (styled with a table renderer).

IDE Integration

None. Generates files that IDE-embedded AI tools then read. Side-effects are in the IDE; aiignore itself has no IDE integration.

CI/CD Integration

aiignore verify --ci — exits 1 if any unprotected tools detected. Suitable for pre-commit hooks or CI pipeline steps.

Observability

Table output showing protection status per tool. --json flag for machine-readable output from verify. No logging.

Related frameworks

same archetype · same primary tool · same memory type

claude-mem (thedotmack) ★ 78k
A8 Cross-runtime harness

Background worker service captures every tool call as an observation, AI-compresses sessions, and auto-injects relevant past…

pi (badlogic/earendil) ★ 55k
A8 Cross-runtime harness

A minimal, hackable, multi-provider terminal coding agent that adapts to your workflows via npm-installable TypeScript Extensions…

Agent Skills (Addy Osmani) ★ 46k
A8 Cross-runtime harness

Encodes senior-engineer software development lifecycle as 23 auto-routed skills and 7 slash commands for any AI coding agent.

wshobson/agents Plugin Marketplace ★ 36k
A8 Cross-runtime harness

Single Markdown source for 83 domain-specialized plugins that auto-generates idiomatic artifacts for five AI coding harnesses.

TabbyML/Tabby ★ 34k
A8 Cross-runtime harness

Self-hosted AI coding assistant server (alternative to GitHub Copilot) with admin dashboard, RAG-based completions, and multi-IDE…

Compound Engineering ★ 17k
A8 Cross-runtime harness

Make each unit of engineering work compound into easier future work via brainstorm→plan→execute→review→learn cycles.