gitignore the whole .claude + .ai dirs

[gauron99]

ignore whole .claude and new .ai directories

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gauron99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [gauron99]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.91%. Comparing base (081d663) to head (6236f80).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3888      +/-   ##
==========================================
+ Coverage   53.78%   53.91%   +0.13%     
==========================================
  Files         200      200              
  Lines       23652    23652              
==========================================
+ Hits        12721    12752      +31     
+ Misses       9707     9667      -40     
- Partials     1224     1233       +9     

Flag	Coverage Δ
e2e	33.46% <ø> (+<0.01%)	⬆️
e2e go	29.40% <ø> (ø)
e2e node	25.72% <ø> (ø)
e2e python	29.73% <ø> (?)
e2e quarkus	25.84% <ø> (?)
e2e rust	25.32% <ø> (+0.05%)	⬆️
e2e springboot	24.00% <ø> (ø)
e2e typescript	25.83% <ø> (ø)
e2e-config-ci	26.96% <ø> (ø)
integration	15.65% <ø> (ø)
unit macos-14	42.84% <ø> (ø)
unit macos-latest	42.84% <ø> (ø)
unit ubuntu-24.04-arm	43.16% <ø> (ø)
unit ubuntu-latest	43.69% <ø> (ø)
unit windows-latest	42.91% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gauron99]

actually we have skills in the .claude repo i just noticed/remember 🤦

[gauron99]

/hold

[matejvasek]

We also could check presents of these in PR in the pre-checks.

[gauron99]

yes i was thinking the same, atleast as a warning

[gauron99]

but then again, the real problem would also be someone fetching the PR via claude or other ai and it reading those files. So for example just commenting "hey careful theres changes to these files" isnt really sufficient.

I thought you can git add --force <file> so this is no way a "defense" against someone with malicious intent. Its just a good practice for us to not commit our personal files really - which makes me think that the .gitignore is fine and we should probably try a bit more "drastic measures".

This could be a vouch system where only certain people can edit the .claude etc. -> meaning we run a workflow which will check 1. files being changed 2. some text file -> anyone who is on this special list (vouched.txt) will have permission to edit these "ai" related files. -> check PR author against list, if not there, auto-close PR.

This way we dont go the full vouch (think ghostty repo/Hashicorp) system for the whole repo but we select handful of files we deem are critical and only allow some people to touch those. whereever some kind of injection like this would most likely occur.

[lkingland]

For the time being just cease using AI to injest any data (PRs, issues, etc) from GitHub. We have an open Slack chat about how we can harden our sytems.