Attention Is Not What You Need (RooCodeInc#1680)

* initialize class

* wip

* wip

* cleaning up

* update comment

* fire n forget error handling

* files added

* changeset

* duplicate path function

* cleanup

* Use special error type for when cline tries to access clineignore'd file

* Rename LLMFileAccessController to ClineIgnoreController

* Use better changeset

* Remove unnecessary file parsing

* Allow access to files outside cwd

* Use more efficient clineIgnoreExists

* Modify clineignore prompt

* Use LOCK_TEXT_SYMBOL

* Block commands attempting to access clineignored files

* Fix prompt responses

* fix tests; make sure .clineignore is ignored

* Fix clineignore prompt

* Fixes

---------

Co-authored-by: Saoud Rizwan <[email protected]>

Author: celestial-vault

.changeset/loud-countries-draw.md

@@ -0,0 +1,5 @@
+---
+"claude-dev": minor
+---
+
+Add .clineignore file to block Cline from accessing specified file patterns

src/core/Cline.ts

@@ -9,6 +9,9 @@ import * as path from "path"
 import { serializeError } from "serialize-error"
 import * as vscode from "vscode"
 import { ApiHandler, buildApiHandler } from "../api"
+import { OpenAiHandler } from "../api/providers/openai"
+import { OpenRouterHandler } from "../api/providers/openrouter"
+import { ApiStream } from "../api/transform/stream"
 import CheckpointTracker from "../integrations/checkpoints/CheckpointTracker"
 import { DIFF_VIEW_URI_SCHEME, DiffViewProvider } from "../integrations/editor/DiffViewProvider"
 import { findToolName, formatContentBlockToMarkdown } from "../integrations/misc/export-markdown"
@@ -46,20 +49,16 @@ import { HistoryItem } from "../shared/HistoryItem"
 import { ClineAskResponse, ClineCheckpointRestore } from "../shared/WebviewMessage"
 import { calculateApiCost } from "../utils/cost"
 import { fileExistsAtPath } from "../utils/fs"
-import { LLMFileAccessController } from "../services/llm-access-control/LLMFileAccessController"
 import { arePathsEqual, getReadablePath } from "../utils/path"
 import { fixModelHtmlEscaping, removeInvalidChars } from "../utils/string"
 import { AssistantMessageContent, parseAssistantMessage, ToolParamName, ToolUseName } from "./assistant-message"
 import { constructNewFileContent } from "./assistant-message/diff"
+import { ClineIgnoreController, LOCK_TEXT_SYMBOL } from "./ignore/ClineIgnoreController"
 import { parseMentions } from "./mentions"
 import { formatResponse } from "./prompts/responses"
-import { ClineProvider, GlobalFileNames } from "./webview/ClineProvider"
-import { OpenRouterHandler } from "../api/providers/openrouter"
+import { addUserInstructions, SYSTEM_PROMPT } from "./prompts/system"
 import { getNextTruncationRange, getTruncatedMessages } from "./sliding-window"
-import { SYSTEM_PROMPT } from "./prompts/system"
-import { addUserInstructions } from "./prompts/system"
-import { OpenAiHandler } from "../api/providers/openai"
-import { ApiStream } from "../api/transform/stream"
+import { ClineProvider, GlobalFileNames } from "./webview/ClineProvider"
 
 const cwd = vscode.workspace.workspaceFolders?.map((folder) => folder.uri.fsPath).at(0) ?? path.join(os.homedir(), "Desktop") // may or may not exist but fs checking existence would immediately ask for permission which would be bad UX, need to come up with a better solution
 
@@ -81,7 +80,7 @@ export class Cline {
 	private chatSettings: ChatSettings
 	apiConversationHistory: Anthropic.MessageParam[] = []
 	clineMessages: ClineMessage[] = []
-	private llmAccessController: LLMFileAccessController
+	private clineIgnoreController: ClineIgnoreController
 	private askResponse?: ClineAskResponse
 	private askResponseText?: string
 	private askResponseImages?: string[]
@@ -125,9 +124,9 @@ export class Cline {
 		images?: string[],
 		historyItem?: HistoryItem,
 	) {
-		this.llmAccessController = new LLMFileAccessController(cwd)
-		this.llmAccessController.initialize().catch((error) => {
-			console.error("Failed to initialize LLMFileAccessController:", error)
+		this.clineIgnoreController = new ClineIgnoreController(cwd)
+		this.clineIgnoreController.initialize().catch((error) => {
+			console.error("Failed to initialize ClineIgnoreController:", error)
 		})
 		this.providerRef = new WeakRef(provider)
 		this.api = buildApiHandler(apiConfiguration)
@@ -1057,7 +1056,7 @@ export class Cline {
 		this.terminalManager.disposeAll()
 		this.urlContentFetcher.closeBrowser()
 		this.browserSession.closeBrowser()
-		this.llmAccessController.dispose()
+		this.clineIgnoreController.dispose()
 		await this.diffViewProvider.revertChanges() // need to await for when we want to make sure directories/files are reverted before re-starting the task from a checkpoint
 	}
 
@@ -1242,9 +1241,15 @@ export class Cline {
 			}
 		}
 
+		const clineIgnoreContent = this.clineIgnoreController.clineIgnoreContent
+		let clineIgnoreInstructions: string | undefined
+		if (clineIgnoreContent) {
+			clineIgnoreInstructions = `# .clineignore\n\n(The following is provided by a root-level .clineignore file where the user has specified files and directories that should not be accessed. When using list_files, you'll notice a ${LOCK_TEXT_SYMBOL} next to files that are blocked. Attempting to access the file's contents e.g. through read_file will result in an error.)\n\n${clineIgnoreContent}\n.clineignore`
+		}
+
 		if (settingsCustomInstructions || clineRulesFileInstructions) {
 			// altering the system prompt mid-task will break the prompt cache, but in the grand scheme this will not change often so it's better to not pollute user messages with it the way we have to with <potentially relevant details>
-			systemPrompt += addUserInstructions(settingsCustomInstructions, clineRulesFileInstructions)
+			systemPrompt += addUserInstructions(settingsCustomInstructions, clineRulesFileInstructions, clineIgnoreInstructions)
 		}
 
 		// If the previous API request's total token usage is close to the context window, truncate the conversation history to free up space for the new request
@@ -1591,6 +1596,15 @@ export class Cline {
 							// wait so we can determine if it's a new file or editing an existing file
 							break
 						}
+
+						const accessAllowed = this.clineIgnoreController.validateAccess(relPath)
+						if (!accessAllowed) {
+							await this.say("clineignore_error", relPath)
+							pushToolResult(formatResponse.toolError(formatResponse.clineIgnoreError(relPath)))
+							await this.saveCheckpoint()
+							break
+						}
+
 						// Check if file exists using cached map or fs.access
 						let fileExists: boolean
 						if (this.diffViewProvider.editType !== undefined) {
@@ -1708,6 +1722,7 @@ export class Cline {
 									await this.saveCheckpoint()
 									break
 								}
+
 								this.consecutiveMistakeCount = 0
 
 								// if isEditingFile false, that means we have the full contents of the file already.
@@ -1859,6 +1874,15 @@ export class Cline {
 									await this.saveCheckpoint()
 									break
 								}
+
+								const accessAllowed = this.clineIgnoreController.validateAccess(relPath)
+								if (!accessAllowed) {
+									await this.say("clineignore_error", relPath)
+									pushToolResult(formatResponse.toolError(formatResponse.clineIgnoreError(relPath)))
+									await this.saveCheckpoint()
+									break
+								}
+
 								this.consecutiveMistakeCount = 0
 								const absolutePath = path.resolve(cwd, relPath)
 								const completeMessage = JSON.stringify({
@@ -1922,9 +1946,17 @@ export class Cline {
 									break
 								}
 								this.consecutiveMistakeCount = 0
+
 								const absolutePath = path.resolve(cwd, relDirPath)
+
 								const [files, didHitLimit] = await listFiles(absolutePath, recursive, 200)
-								const result = formatResponse.formatFilesList(absolutePath, files, didHitLimit)
+
+								const result = formatResponse.formatFilesList(
+									absolutePath,
+									files,
+									didHitLimit,
+									this.clineIgnoreController,
+								)
 								const completeMessage = JSON.stringify({
 									...sharedMessageProps,
 									content: result,
@@ -1981,9 +2013,15 @@ export class Cline {
 									await this.saveCheckpoint()
 									break
 								}
+
 								this.consecutiveMistakeCount = 0
+
 								const absolutePath = path.resolve(cwd, relDirPath)
-								const result = await parseSourceCodeForDefinitionsTopLevel(absolutePath)
+								const result = await parseSourceCodeForDefinitionsTopLevel(
+									absolutePath,
+									this.clineIgnoreController,
+								)
+
 								const completeMessage = JSON.stringify({
 									...sharedMessageProps,
 									content: result,
@@ -2051,8 +2089,16 @@ export class Cline {
 									break
 								}
 								this.consecutiveMistakeCount = 0
+
 								const absolutePath = path.resolve(cwd, relDirPath)
-								const results = await regexSearchFiles(cwd, absolutePath, regex, filePattern)
+								const results = await regexSearchFiles(
+									cwd,
+									absolutePath,
+									regex,
+									filePattern,
+									this.clineIgnoreController,
+								)
+
 								const completeMessage = JSON.stringify({
 									...sharedMessageProps,
 									content: results,
@@ -2289,6 +2335,16 @@ export class Cline {
 								}
 								this.consecutiveMistakeCount = 0
 
+								const ignoredFileAttemptedToAccess = this.clineIgnoreController.validateCommand(command)
+								if (ignoredFileAttemptedToAccess) {
+									await this.say("clineignore_error", ignoredFileAttemptedToAccess)
+									pushToolResult(
+										formatResponse.toolError(formatResponse.clineIgnoreError(ignoredFileAttemptedToAccess)),
+									)
+									await this.saveCheckpoint()
+									break
+								}
+
 								let didAutoApprove = false
 
 								if (!requiresApproval && this.shouldAutoApproveTool(block.name)) {
@@ -3192,26 +3248,38 @@ export class Cline {
 
 		// It could be useful for cline to know if the user went from one or no file to another between messages, so we always include this context
 		details += "\n\n# VSCode Visible Files"
-		const visibleFiles = vscode.window.visibleTextEditors
+		const visibleFilePaths = vscode.window.visibleTextEditors
 			?.map((editor) => editor.document?.uri?.fsPath)
 			.filter(Boolean)
-			.map((absolutePath) => path.relative(cwd, absolutePath).toPosix())
+			.map((absolutePath) => path.relative(cwd, absolutePath))
+
+		// Filter paths through clineIgnoreController
+		const allowedVisibleFiles = this.clineIgnoreController
+			.filterPaths(visibleFilePaths)
+			.map((p) => p.toPosix())
 			.join("\n")
-		if (visibleFiles) {
-			details += `\n${visibleFiles}`
+
+		if (allowedVisibleFiles) {
+			details += `\n${allowedVisibleFiles}`
 		} else {
 			details += "\n(No visible files)"
 		}
 
 		details += "\n\n# VSCode Open Tabs"
-		const openTabs = vscode.window.tabGroups.all
+		const openTabPaths = vscode.window.tabGroups.all
 			.flatMap((group) => group.tabs)
 			.map((tab) => (tab.input as vscode.TabInputText)?.uri?.fsPath)
 			.filter(Boolean)
-			.map((absolutePath) => path.relative(cwd, absolutePath).toPosix())
+			.map((absolutePath) => path.relative(cwd, absolutePath))
+
+		// Filter paths through clineIgnoreController
+		const allowedOpenTabs = this.clineIgnoreController
+			.filterPaths(openTabPaths)
+			.map((p) => p.toPosix())
 			.join("\n")
-		if (openTabs) {
-			details += `\n${openTabs}`
+
+		if (allowedOpenTabs) {
+			details += `\n${allowedOpenTabs}`
 		} else {
 			details += "\n(No open tabs)"
 		}
@@ -3325,7 +3393,7 @@ export class Cline {
 				details += "(Desktop files not shown automatically. Use list_files to explore if needed.)"
 			} else {
 				const [files, didHitLimit] = await listFiles(cwd, true, 200)
-				const result = formatResponse.formatFilesList(cwd, files, didHitLimit)
+				const result = formatResponse.formatFilesList(cwd, files, didHitLimit, this.clineIgnoreController)
 				details += result
 			}
 		}

src/services/llm-access-control/LLMFileAccessController.test.ts renamed to src/core/ignore/ClineIgnoreController.test.ts

@@ -1,13 +1,13 @@
-import { LLMFileAccessController } from "./LLMFileAccessController"
+import { ClineIgnoreController } from "./ClineIgnoreController"
 import fs from "fs/promises"
 import path from "path"
 import os from "os"
 import { after, beforeEach, describe, it } from "mocha"
 import "should"
 
-describe("LLMFileAccessController", () => {
+describe("ClineIgnoreController", () => {
 	let tempDir: string
-	let controller: LLMFileAccessController
+	let controller: ClineIgnoreController
 
 	beforeEach(async () => {
 		// Create a temp directory for testing
@@ -22,7 +22,7 @@ describe("LLMFileAccessController", () => {
 			),
 		)
 
-		controller = new LLMFileAccessController(tempDir)
+		controller = new ClineIgnoreController(tempDir)
 		await controller.initialize()
 	})
 
@@ -49,6 +49,11 @@ describe("LLMFileAccessController", () => {
 			]
 			results.forEach((result) => result.should.be.true())
 		})
+
+		it("should block access to .clineignore file", async () => {
+			const result = controller.validateAccess(".clineignore")
+			result.should.be.false()
+		})
 	})
 
 	describe("Custom Patterns", () => {
@@ -80,7 +85,7 @@ describe("LLMFileAccessController", () => {
 				["*.secret", "private/", "*.tmp", "data-*.json", "temp/*"].join("\n"),
 			)
 
-			controller = new LLMFileAccessController(tempDir)
+			controller = new ClineIgnoreController(tempDir)
 			await controller.initialize()
 
 			const results = [
@@ -111,7 +116,7 @@ describe("LLMFileAccessController", () => {
 		// 		].join("\n"),
 		// 	)
 
-		// 	controller = new LLMFileAccessController(tempDir)
+		// 	controller = new ClineIgnoreController(tempDir)
 
 		// 	const results = [
 		// 		// Basic negation
@@ -150,7 +155,7 @@ describe("LLMFileAccessController", () => {
 				["# Comment line", "*.secret", "private/", "temp.*"].join("\n"),
 			)
 
-			controller = new LLMFileAccessController(tempDir)
+			controller = new ClineIgnoreController(tempDir)
 			await controller.initialize()
 
 			const result = controller.validateAccess("test.secret")
@@ -194,25 +199,6 @@ describe("LLMFileAccessController", () => {
 			const result = controller.validateAccess("src\\file.ts")
 			result.should.be.true()
 		})
-
-		it("should handle paths outside cwd", async () => {
-			// Create a path that points to parent directory of cwd
-			const outsidePath = path.join(path.dirname(tempDir), "outside.txt")
-			const result = controller.validateAccess(outsidePath)
-
-			// Should return false for security since path is outside cwd
-			result.should.be.false()
-
-			// Test with a deeply nested path outside cwd
-			const deepOutsidePath = path.join(path.dirname(tempDir), "deep", "nested", "outside.secret")
-			const deepResult = controller.validateAccess(deepOutsidePath)
-			deepResult.should.be.false()
-
-			// Test with a path that tries to escape using ../
-			const escapeAttemptPath = path.join(tempDir, "..", "escape-attempt.txt")
-			const escapeResult = controller.validateAccess(escapeAttemptPath)
-			escapeResult.should.be.false()
-		})
 	})
 
 	describe("Batch Filtering", () => {
@@ -237,7 +223,7 @@ describe("LLMFileAccessController", () => {
 			await fs.mkdir(emptyDir)
 
 			try {
-				const controller = new LLMFileAccessController(emptyDir)
+				const controller = new ClineIgnoreController(emptyDir)
 				await controller.initialize()
 				const result = controller.validateAccess("file.txt")
 				result.should.be.true()
@@ -249,7 +235,7 @@ describe("LLMFileAccessController", () => {
 		it("should handle empty .clineignore", async () => {
 			await fs.writeFile(path.join(tempDir, ".clineignore"), "")
 
-			controller = new LLMFileAccessController(tempDir)
+			controller = new ClineIgnoreController(tempDir)
 			await controller.initialize()
 
 			const result = controller.validateAccess("regular-file.txt")