Summary
Checkpoint tree objects may include files that should be gitignored. While the first checkpoint in a session is safe (it uses git status which respects .gitignore), subsequent checkpoints get file lists from agent transcript extraction and pass them to tree building without gitignore filtering. If an agent touches a gitignored file like .env, it could be persisted in checkpoint data.
Solution
Add a git check-ignore filter step in the checkpoint storage layer before writing tree objects. Filter ModifiedFiles/NewFiles from session data through git check-ignore and exclude any matched paths.
Why
Prevents accidental leakage of sensitive gitignored files (secrets, credentials, build artifacts) into checkpoint branches, which could be pushed to a remote via git push --all.
Source
Inspired by entireio/cli#890
Summary
Checkpoint tree objects may include files that should be gitignored. While the first checkpoint in a session is safe (it uses
git statuswhich respects.gitignore), subsequent checkpoints get file lists from agent transcript extraction and pass them to tree building without gitignore filtering. If an agent touches a gitignored file like.env, it could be persisted in checkpoint data.Solution
Add a
git check-ignorefilter step in the checkpoint storage layer before writing tree objects. Filter ModifiedFiles/NewFiles from session data throughgit check-ignoreand exclude any matched paths.Why
Prevents accidental leakage of sensitive gitignored files (secrets, credentials, build artifacts) into checkpoint branches, which could be pushed to a remote via
git push --all.Source
Inspired by entireio/cli#890