Skip to content

fix(agent-core): prevent glob searches from surfacing ignored files#1280

Open
morluto wants to merge 4 commits into
MoonshotAI:mainfrom
morluto:fix/glob-ignore-files-clean
Open

fix(agent-core): prevent glob searches from surfacing ignored files#1280
morluto wants to merge 4 commits into
MoonshotAI:mainfrom
morluto:fix/glob-ignore-files-clean

Conversation

@morluto

@morluto morluto commented Jul 1, 2026

Copy link
Copy Markdown

Related Issue

Resolves #1244

Problem

Glob documents that it respects .gitignore, .ignore, and .rgignore by default, but two ripgrep behaviors made that false in common cases.

First, passing the user's pattern as a positive --glob filter can re-include files that ignore rules would otherwise exclude. That means a search like Glob({ pattern: "*.ts" }) could return ignored files even when .gitignore excludes *.ts.

Second, ripgrep only applies .gitignore files outside git repositories when --no-require-git is set. Since Glob did not pass that flag, plain project directories without .git did not honor .gitignore.

What changed

  • Let rg --files enumerate non-ignored files first instead of passing user patterns as positive --glob filters.
  • Filter user glob patterns in-process after ripgrep has applied ignore files.
  • Detect whether the search root is inside a git repo.
  • Pass --no-require-git for non-git search roots.
  • Align the in-process matcher with ripgrep/gitignore glob behavior for rooted patterns, exclusions, braces, escaped characters, comments, trailing spaces, and streamed UTF-8 output.
  • Add real-ripgrep regression tests for .gitignore behavior in both git and non-git directories.
  • Add focused matcher parity tests for the in-process filter.
  • Add a patch changeset.

Reference Patterns

This follows two useful reference patterns:

  • opencode's find path avoids a positive glob for broad discovery, which keeps ignore rules in control instead of re-including ignored files.
  • pi's find path walks upward for .git and uses --no-require-git outside repos, which makes .gitignore work in normal non-git folders.

Kimi Code's implementation combines those patterns while preserving existing sensitive-file exclusions and specific glob matching.

Validation

  • pnpm --filter @moonshot-ai/agent-core exec vitest run test/tools/glob.test.ts
  • pnpm exec oxlint packages/agent-core/src/tools/builtin/file/glob.ts packages/agent-core/src/tools/support/run-rg.ts packages/agent-core/test/tools/glob.test.ts

Checklist

  • I have read the CONTRIBUTING document.
  • I have linked a related issue, or explained the problem above.
  • I have added tests that prove my feature works.
  • Ran gen-changesets skill, or this PR needs no changeset.
  • Ran gen-docs skill, or this PR needs no doc update. Existing docs already describe the intended ignore-file behavior; this PR restores that behavior.

@changeset-bot

changeset-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 47b17e8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@moonshot-ai/kimi-code Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@morluto morluto force-pushed the fix/glob-ignore-files-clean branch from abbbc65 to da812a8 Compare July 1, 2026 13:50

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: abbbc6532a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +428 to +429
if (normalizedPattern.startsWith('./')) {
normalizedPattern = normalizedPattern.slice(2);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve leading ./ in glob patterns

When callers pass a pattern such as ./src/*.ts, this strips the ./ and returns src/a.ts; however rg --help says --glob uses .gitignore glob rules, and verified rg --files --glob './src/*.ts' . returns no matches for src/a.ts while src/*.ts does. Because this tool is otherwise trying to preserve ripgrep-style glob semantics while moving filtering in-process, normalizing away ./ broadens these patterns and can surface files the user did not actually match.

Useful? React with 👍 / 👎.

Comment on lines +439 to +443
const fn = picomatch(escapedPattern, opts);
matcher = (relPath: string) => fn(relPath.split('/').pop()!);
} else {
const fn = picomatch(escapedPattern, opts);
matcher = (relPath: string) => fn(relPath);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Prevent picomatch from accepting literal brace patterns

When a directory contains a file literally named like a brace glob, e.g. {a,b}.ts, this matcher includes it for pattern: "{a,b}.ts" because picomatch treats an exact input equal to the glob string as a match in addition to the expanded alternatives. I checked the CLI behavior (rg --help says --glob uses .gitignore globs, and rg --files --glob '{a,b}.ts' . returns only a.ts/b.ts), so this in-process filtering can now surface false positives for brace-expansion searches.

Useful? React with 👍 / 👎.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 47b17e8769

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread packages/agent-core/src/tools/builtin/file/glob.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Glob searches can surface ignored files

1 participant