Override for hardcoded "security concern" files - and automatic updates.

[Laransec]

There is nothing in documentation regarding an override for the "security concern" files specified in core/indexing/ignore.ts
I have many projects that use "config.json" for a real configuration file that the LLM needs access to.

Especially when the automatic update blows away my custom built CLI client.

Also a way to disable autoupdates on launch. I couldn't find anything on this in documentation.

I will attempt to build this in, but I'm not super familiar with node js so if there is someone that will take it on it would come out much better.

[darfaz]

Fair point — I was wrong about .continueignore working as an allowlist. The core issue stands: the hardcoded security blocklist should have a user-managed override. Flagging config.json makes sense as a default, but when it's part of a build pipeline, there needs to be an escape hatch. A continueallow or similar config option would solve this cleanly.

[Laransec]

Is this an AI reply? Because it entirely doesn't understand the problem and provided a solution that doesn't exist.

.continueignore only set files to be ignored. It doesn't work the other way. - All the LLMs came up with this as a valid option to parse config.json. It doesn't seem to work that way.

Not being able to manage the blacklist is a horrible design decision. Renaming the file is a horrible option, because its part of a build pipeline.