`.cprofignore`

A .cprofignore file tells cprof which paths it must never read. Ignored paths are skipped before their contents are ever opened — it's a safety boundary, not just an output filter — and they're reported by pattern, without cprof looking inside them.

Syntax

Same as .gitignore, parsed with the standard ignore library:

# Comments start with #
secrets/
*.pem
config/local.*

Place .cprofignore at the root cprof scans. Blank lines and # comments are ignored; an absent file means no extra rules.

Built-in never-read paths

Even without a .cprofignore, cprof always skips these — they hold credentials or volatile local state:

.claude/.credentials.json
.claude/statsig/
.claude/cache/
.claude/backups/
.claude/file-history/
.claude/paste-cache/
.claude/shell-snapshots/
.claude/clipboard/
.claude/sessions/
.claude/transcripts/
.claude/history.jsonl

Add your own patterns for anything project-specific you never want captured — local .env files, private keys, scratch data — as a second line of defense alongside redaction.

cprof init also writes a project .gitignore that keeps these same credential paths (plus .env, node_modules/, logs, and .DS_Store) out of version control. That's a separate artifact from .cprofignore.

Syntax​

Built-in never-read paths​

Syntax

Built-in never-read paths