From a1173b9f081fe655663ec47a37c5888a81fa5105 Mon Sep 17 00:00:00 2001
From: Roo Code <roomote@roocode.com>
Date: Tue, 19 Aug 2025 14:03:24 +0000
Subject: [PATCH] fix: prevent bypassing .rooignore restrictions via terminal
 commands

- Updated error message when files are blocked by .rooignore to explicitly warn against using terminal commands to bypass restrictions
- Added clear instructions in .rooignore system prompt to not attempt bypassing restrictions
- Updated tests to verify the new warning messages are included

Fixes #7204
---
 src/core/ignore/RooIgnoreController.ts                 | 2 +-
 src/core/ignore/__tests__/RooIgnoreController.spec.ts  | 1 +
 src/core/prompts/__tests__/responses-rooignore.spec.ts | 2 ++
 src/core/prompts/responses.ts                          | 2 +-
 src/core/tools/__tests__/readFileTool.spec.ts          | 4 ++--
 5 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/core/ignore/RooIgnoreController.ts b/src/core/ignore/RooIgnoreController.ts
index fda6c37175..00f02c4fa1 100644
--- a/src/core/ignore/RooIgnoreController.ts
+++ b/src/core/ignore/RooIgnoreController.ts
@@ -196,6 +196,6 @@ export class RooIgnoreController {
 			return undefined
 		}
 
-		return `# .rooignore\n\n(The following is provided by a root-level .rooignore file where the user has specified files and directories that should not be accessed. When using list_files, you'll notice a ${LOCK_TEXT_SYMBOL} next to files that are blocked. Attempting to access the file's contents e.g. through read_file will result in an error.)\n\n${this.rooIgnoreContent}\n.rooignore`
+		return `# .rooignore\n\n(The following is provided by a root-level .rooignore file where the user has specified files and directories that should not be accessed. When using list_files, you'll notice a ${LOCK_TEXT_SYMBOL} next to files that are blocked. Attempting to access the file's contents e.g. through read_file will result in an error. IMPORTANT: Do NOT attempt to bypass these restrictions by using terminal commands to read the file contents - this violates the user's explicit access restrictions.)\n\n${this.rooIgnoreContent}\n.rooignore`
 	}
 }
diff --git a/src/core/ignore/__tests__/RooIgnoreController.spec.ts b/src/core/ignore/__tests__/RooIgnoreController.spec.ts
index 3fa7914ee3..695c596c84 100644
--- a/src/core/ignore/__tests__/RooIgnoreController.spec.ts
+++ b/src/core/ignore/__tests__/RooIgnoreController.spec.ts
@@ -368,6 +368,7 @@ describe("RooIgnoreController", () => {
 			// Verify instruction format
 			expect(instructions).toContain("# .rooignore")
 			expect(instructions).toContain(LOCK_TEXT_SYMBOL)
+			expect(instructions).toContain("Do NOT attempt to bypass these restrictions by using terminal commands")
 			expect(instructions).toContain("node_modules")
 			expect(instructions).toContain(".git")
 			expect(instructions).toContain("secrets/**")
diff --git a/src/core/prompts/__tests__/responses-rooignore.spec.ts b/src/core/prompts/__tests__/responses-rooignore.spec.ts
index ca0dcfbad5..bc07fff57b 100644
--- a/src/core/prompts/__tests__/responses-rooignore.spec.ts
+++ b/src/core/prompts/__tests__/responses-rooignore.spec.ts
@@ -55,6 +55,7 @@ describe("RooIgnore Response Formatting", () => {
 			expect(errorMessage).toContain("Access to secrets/api-keys.json is blocked by the .rooignore file settings")
 			expect(errorMessage).toContain("continue in the task without using this file")
 			expect(errorMessage).toContain("ask the user to update the .rooignore file")
+			expect(errorMessage).toContain("Do NOT attempt to bypass this restriction by using terminal commands")
 		})
 
 		/**
@@ -220,6 +221,7 @@ describe("RooIgnore Response Formatting", () => {
 			// Verify format and content
 			expect(instructions).toContain("# .rooignore")
 			expect(instructions).toContain(LOCK_TEXT_SYMBOL)
+			expect(instructions).toContain("Do NOT attempt to bypass these restrictions by using terminal commands")
 			expect(instructions).toContain("node_modules")
 			expect(instructions).toContain(".git")
 			expect(instructions).toContain("secrets/**")
diff --git a/src/core/prompts/responses.ts b/src/core/prompts/responses.ts
index 3f38789fdc..d118f84dae 100644
--- a/src/core/prompts/responses.ts
+++ b/src/core/prompts/responses.ts
@@ -16,7 +16,7 @@ export const formatResponse = {
 	toolError: (error?: string) => `The tool execution failed with the following error:\n<error>\n${error}\n</error>`,
 
 	rooIgnoreError: (path: string) =>
-		`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.`,
+		`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.`,
 
 	noToolsUsed: () =>
 		`[ERROR] You did not use a tool in your previous response! Please retry with a tool use.
diff --git a/src/core/tools/__tests__/readFileTool.spec.ts b/src/core/tools/__tests__/readFileTool.spec.ts
index 7ba822dce0..20be33cf5c 100644
--- a/src/core/tools/__tests__/readFileTool.spec.ts
+++ b/src/core/tools/__tests__/readFileTool.spec.ts
@@ -96,7 +96,7 @@ vi.mock("../../prompts/responses", () => ({
 		),
 		rooIgnoreError: vi.fn(
 			(path: string) =>
-				`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.`,
+				`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.`,
 		),
 		toolResult: toolResultMock,
 		imageBlocks: imageBlocksMock,
@@ -1322,7 +1322,7 @@ describe("read_file tool XML output structure", () => {
 
 			// Verify
 			expect(result).toBe(
-				`<files>\n<file><path>${testFilePath}</path><error>Access to ${testFilePath} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.</error></file>\n</files>`,
+				`<files>\n<file><path>${testFilePath}</path><error>Access to ${testFilePath} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.</error></file>\n</files>`,
 			)
 		})
 	})