Skip to content

feat(policy): Add exclude patterns to unmanaged files and content scanning checks #376

New issue
New issue
Closed as not planned
Closed as not planned
feat(policy): Add exclude patterns to unmanaged files and content scanning checks#376
Labels
enhancementNew feature or requestpolicy
@danielmeppiel

Description

@danielmeppiel
danielmeppiel
opened on Mar 19, 2026

Context

Follow-up from PR #365 review (EPAM Phase C recommendation).

Problem

The _check_unmanaged_files and content-integrity CI checks have no exclusion mechanism. Large orgs with vendored configs, generated instruction files, or documentation alongside agent configs have no way to control scanning scope.

Proposed Solution

1. Policy-level exclusion for unmanaged files

unmanaged_files:
  action: warn
  directories:
    - .github/agents
  exclude:
    - .github/agents/generated/**
    - .cursor/rules/vendor/**

Reuse the existing matches_pattern() glob engine from policy/matcher.py.

2. .apmignore at project level

Applies to content-integrity and deployed-files-present checks. Analogous to .gitignore — familiar pattern for developers. Can share the same glob engine as the policy exclude patterns.

Acceptance Criteria

  • unmanaged_files.exclude patterns in apm-policy.yml are respected
  • .apmignore file at project root controls content scanning scope
  • Both use the existing matches_pattern() glob engine
  • Tests cover exclusion patterns

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestpolicy

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions