@mastra/agent-builder 0.0.0-experimental-agent-builder-20250815195917 → 0.0.1-alpha.1

package/src/defaults.ts

@@ -2,9 +2,9 @@ import { spawn as nodeSpawn } from 'child_process';
 import { readFile, writeFile, mkdir, stat, readdir } from 'fs/promises';
 import { join, dirname, relative, isAbsolute, resolve } from 'path';
 import { createTool } from '@mastra/core/tools';
-import { MCPClient } from '@mastra/mcp';
+import ignore from 'ignore';
 import { z } from 'zod';
-import { exec, spawnSWPM } from './utils';
+import { exec, execFile, spawnSWPM, spawnWithOutput } from './utils';
 
 export class AgentBuilderDefaults {
   static DEFAULT_INSTRUCTIONS = (
@@ -394,26 +394,6 @@ export const mastra = new Mastra({
 });
 \`\`\`
 
-### MCPClient
-\`\`\`
-// ./src/mcp/client.ts
-
-import { MCPClient } from '@mastra/mcp-client';
-
-// leverage existing MCP servers, or create your own
-export const mcpClient = new MCPClient({
-  id: 'example-mcp-client',
-  servers: {
-    some-mcp-server: {
-      command: 'npx',
-      args: ["some-mcp-server"],
-    },
-  },
-});
-
-export const tools = await mcpClient.getTools();
-\`\`\`
-
 </examples>`;
 
   static DEFAULT_MEMORY_CONFIG = {
@@ -428,33 +408,8 @@ export const tools = await mcpClient.getTools();
     network: 'src/mastra/networks',
   };
 
-  static DEFAULT_TOOLS = async (projectPath?: string, mode: 'template' | 'code-editor' = 'code-editor') => {
-    const mcpClient = new MCPClient({
-      id: 'agent-builder-mcp-client',
-      servers: {
-        // web: {
-        // 	command: 'node',
-        // 	args: ['/Users/daniellew/Documents/Mastra/web-search/build/index.js'],
-        // },
-        docs: {
-          command: 'npx',
-          args: ['-y', '@mastra/mcp-docs-server'],
-        },
-      },
-    });
-
-    const tools = await mcpClient.getTools();
-    const filteredTools: Record<string, any> = {};
-
-    Object.keys(tools).forEach(key => {
-      if (!key.includes('MastraCourse')) {
-        filteredTools[key] = tools[key];
-      }
-    });
-
+  static DEFAULT_TOOLS = async (projectPath: string, mode: 'template' | 'code-editor' = 'code-editor') => {
     const agentBuilderTools = {
-      ...filteredTools,
-
       readFile: createTool({
         id: 'read-file',
         description: 'Read contents of a file with optional line range selection.',
@@ -648,6 +603,29 @@ export const tools = await mcpClient.getTools();
         },
       }),
 
+      replaceLines: createTool({
+        id: 'replace-lines',
+        description:
+          'Replace specific line ranges in files with new content. Perfect for fixing multiline imports, function signatures, or other structured code.',
+        inputSchema: z.object({
+          filePath: z.string().describe('Path to the file to edit'),
+          startLine: z.number().describe('Starting line number to replace (1-indexed)'),
+          endLine: z.number().describe('Ending line number to replace (1-indexed, inclusive)'),
+          newContent: z.string().describe('New content to replace the lines with'),
+          createBackup: z.boolean().default(false).describe('Create backup file before editing'),
+        }),
+        outputSchema: z.object({
+          success: z.boolean(),
+          message: z.string(),
+          linesReplaced: z.number().optional(),
+          backup: z.string().optional(),
+          error: z.string().optional(),
+        }),
+        execute: async ({ context }) => {
+          return await AgentBuilderDefaults.replaceLines({ ...context, projectPath });
+        },
+      }),
+
       // Interactive Communication
       askClarification: createTool({
         id: 'ask-clarification',
@@ -730,7 +708,7 @@ export const tools = await mcpClient.getTools();
           }),
         }),
         execute: async ({ context }) => {
-          return await AgentBuilderDefaults.performSmartSearch(context);
+          return await AgentBuilderDefaults.performSmartSearch(context, projectPath);
         },
       }),
 
@@ -1136,14 +1114,13 @@ export const tools = await mcpClient.getTools();
    */
   static async createMastraProject({ features, projectName }: { features?: string[]; projectName?: string }) {
     try {
-      const args = ['pnpx', 'create', 'mastra@latest', projectName ?? '', '-l', 'openai', '-k', 'skip'];
-
+      const args = ['pnpx', 'create-mastra@latest', projectName?.replace(/[;&|`$(){}\[\]]/g, '') ?? '', '-l', 'openai'];
       if (features && features.length > 0) {
         args.push('--components', features.join(','));
       }
       args.push('--example');
 
-      const { stdout, stderr } = await exec(args.join(' '));
+      const { stdout, stderr } = await spawnWithOutput(args[0]!, args.slice(1), {});
 
       return {
         success: true,
@@ -1153,6 +1130,7 @@ export const tools = await mcpClient.getTools();
         error: stderr,
       };
     } catch (error) {
+      console.log(error);
       return {
         success: false,
         message: `Failed to create project: ${error instanceof Error ? error.message : String(error)}`,
@@ -1363,10 +1341,21 @@ export const tools = await mcpClient.getTools();
    * Stop the Mastra server
    */
   static async stopMastraServer({ port = 4200, projectPath: _projectPath }: { port?: number; projectPath?: string }) {
+    // Validate port to ensure it is a safe integer
+    if (typeof port !== 'number' || !Number.isInteger(port) || port < 1 || port > 65535) {
+      return {
+        success: false,
+        status: 'error' as const,
+        error: `Invalid port value: ${String(port)}`,
+      };
+    }
     try {
-      const { stdout } = await exec(`lsof -ti:${port} || echo "No process found"`);
+      // Run lsof safely without shell interpretation
+      const { stdout } = await execFile('lsof', ['-ti', String(port)]);
+      // If no output, treat as "No process found"
+      const effectiveStdout = stdout.trim() ? stdout : 'No process found';
 
-      if (!stdout.trim() || stdout.trim() === 'No process found') {
+      if (!effectiveStdout || effectiveStdout === 'No process found') {
         return {
           success: true,
           status: 'stopped' as const,
@@ -1388,11 +1377,15 @@ export const tools = await mcpClient.getTools();
         try {
           process.kill(pid, 'SIGTERM');
           killedPids.push(pid);
-        } catch {
+        } catch (e) {
           failedPids.push(pid);
+          console.warn(`Failed to kill process ${pid}:`, e);
         }
       }
 
+      // If some processes failed to be killed, still report partial success
+      // but include warning about failed processes
+
       if (killedPids.length === 0) {
         return {
           success: false,
@@ -1402,12 +1395,20 @@ export const tools = await mcpClient.getTools();
         };
       }
 
+      // Report partial success if some processes were killed but others failed
+      if (failedPids.length > 0) {
+        console.warn(
+          `Killed ${killedPids.length} processes but failed to kill ${failedPids.length} processes: ${failedPids.join(', ')}`,
+        );
+      }
+
       // Wait a bit and check if processes are still running
       await new Promise(resolve => setTimeout(resolve, 2000));
 
       try {
-        const { stdout: checkStdout } = await exec(`lsof -ti:${port} || echo "No process found"`);
-        if (checkStdout.trim() && checkStdout.trim() !== 'No process found') {
+        const { stdout: checkStdoutRaw } = await execFile('lsof', ['-ti', String(port)]);
+        const checkStdout = checkStdoutRaw.trim() ? checkStdoutRaw : 'No process found';
+        if (checkStdout && checkStdout !== 'No process found') {
           // Force kill remaining processes
           const remainingPids = checkStdout
             .trim()
@@ -1426,8 +1427,9 @@ export const tools = await mcpClient.getTools();
 
           // Final check
           await new Promise(resolve => setTimeout(resolve, 1000));
-          const { stdout: finalCheck } = await exec(`lsof -ti:${port} || echo "No process found"`);
-          if (finalCheck.trim() && finalCheck.trim() !== 'No process found') {
+          const { stdout: finalCheckRaw } = await execFile('lsof', ['-ti', String(port)]);
+          const finalCheck = finalCheckRaw.trim() ? finalCheckRaw : 'No process found';
+          if (finalCheck && finalCheck !== 'No process found') {
             return {
               success: false,
               status: 'unknown' as const,
@@ -1494,8 +1496,9 @@ export const tools = await mcpClient.getTools();
     } catch {
       // Check if process exists on port
       try {
-        const { stdout } = await exec(`lsof -ti:${port} || echo "No process found"`);
-        const hasProcess = stdout.trim() && stdout.trim() !== 'No process found';
+        const { stdout } = await execFile('lsof', ['-ti', String(port)]);
+        const effectiveStdout = stdout.trim() ? stdout : 'No process found';
+        const hasProcess = effectiveStdout && effectiveStdout !== 'No process found';
 
         return {
           success: Boolean(hasProcess),
@@ -1545,9 +1548,10 @@ export const tools = await mcpClient.getTools();
     // TypeScript validation
     if (validationType.includes('types')) {
       try {
-        const filePattern = files?.length ? files.join(' ') : '';
-        const tscCommand = files?.length ? `npx tsc --noEmit ${filePattern}` : 'npx tsc --noEmit';
-        await exec(tscCommand, execOptions);
+        const fileArgs = files?.length ? files : [];
+        // Use execFile for safe argument passing to avoid shell interpretation
+        const args = ['tsc', '--noEmit', ...fileArgs];
+        await execFile('npx', args, execOptions);
         validationsPassed.push('types');
       } catch (error: any) {
         let tsOutput = '';
@@ -1571,9 +1575,9 @@ export const tools = await mcpClient.getTools();
     // ESLint validation
     if (validationType.includes('lint')) {
       try {
-        const filePattern = files?.length ? files.join(' ') : '.';
-        const eslintCommand = `npx eslint ${filePattern} --format json`;
-        const { stdout } = await exec(eslintCommand, execOptions);
+        const fileArgs = files?.length ? files : ['.'];
+        const eslintArgs = ['eslint', ...fileArgs, '--format', 'json'];
+        const { stdout } = await execFile('npx', eslintArgs, execOptions);
 
         if (stdout) {
           const eslintResults = JSON.parse(stdout);
@@ -1788,11 +1792,19 @@ export const tools = await mcpClient.getTools();
     }>;
     taskId?: string;
   }) {
-    // In-memory task storage (could be enhanced with persistent storage)
+    // In-memory task storage with cleanup (could be enhanced with persistent storage)
     if (!AgentBuilderDefaults.taskStorage) {
       AgentBuilderDefaults.taskStorage = new Map();
     }
 
+    // Cleanup old sessions to prevent memory leaks
+    // Keep only the last 10 sessions
+    const sessions = Array.from(AgentBuilderDefaults.taskStorage.keys());
+    if (sessions.length > 10) {
+      const sessionsToRemove = sessions.slice(0, sessions.length - 10);
+      sessionsToRemove.forEach(session => AgentBuilderDefaults.taskStorage.delete(session));
+    }
+
     const sessionId = 'current'; // Could be enhanced with proper session management
     const existingTasks = AgentBuilderDefaults.taskStorage.get(sessionId) || [];
 
@@ -1917,7 +1929,37 @@ export const tools = await mcpClient.getTools();
 
       // Use ripgrep for fast searching
       // const excludePatterns = includeTests ? [] : ['*test*', '*spec*', '__tests__'];
-      const languagePattern = language ? `*.${language}` : '*';
+
+      // Only allow a list of known extensions/language types to prevent shell injection
+      const ALLOWED_LANGUAGES = [
+        'js',
+        'ts',
+        'jsx',
+        'tsx',
+        'py',
+        'java',
+        'go',
+        'cpp',
+        'c',
+        'cs',
+        'rb',
+        'php',
+        'rs',
+        'kt',
+        'swift',
+        'm',
+        'scala',
+        'sh',
+        'json',
+        'yaml',
+        'yml',
+        'toml',
+        'ini',
+      ];
+      let languagePattern = '*';
+      if (language && ALLOWED_LANGUAGES.includes(language)) {
+        languagePattern = `*.${language}`;
+      }
 
       switch (action) {
         case 'definitions':
@@ -1934,9 +1976,15 @@ export const tools = await mcpClient.getTools();
 
           for (const pattern of definitionPatterns) {
             try {
-              const { stdout } = await exec(
-                `rg -n "${pattern}" "${path}" --type ${languagePattern} --max-depth ${depth}`,
-              );
+              const { stdout } = await execFile('rg', [
+                '-n',
+                pattern,
+                path,
+                '--type',
+                languagePattern,
+                '--max-depth',
+                String(depth),
+              ]);
               const matches = stdout.split('\n').filter(line => line.trim());
 
               matches.forEach(match => {
@@ -1993,7 +2041,7 @@ export const tools = await mcpClient.getTools();
 
           for (const pattern of depPatterns) {
             try {
-              const { stdout } = await exec(`rg -n "${pattern}" "${path}" --type ${languagePattern}`);
+              const { stdout } = await execFile('rg', ['-n', pattern, path, '--type', languagePattern]);
               const matches = stdout.split('\n').filter(line => line.trim());
 
               matches.forEach(match => {
@@ -2025,11 +2073,13 @@ export const tools = await mcpClient.getTools();
           };
 
         case 'structure':
-          const { stdout: lsOutput } = await exec(`find "${path}" -type f -name "${languagePattern}" | head -1000`);
-          const files = lsOutput.split('\n').filter(line => line.trim());
+          // Use execFile for find commands to avoid shell injection
+          const { stdout: lsOutput } = await execFile('find', [path, '-type', 'f', '-name', languagePattern]);
+          const allFiles = lsOutput.split('\n').filter(line => line.trim());
+          const files = allFiles.slice(0, 1000); // Limit to 1000 files like head -1000
 
-          const { stdout: dirOutput } = await exec(`find "${path}" -type d | wc -l`);
-          const directories = parseInt(dirOutput.trim());
+          const { stdout: dirOutput } = await execFile('find', [path, '-type', 'd']);
+          const directories = dirOutput.split('\n').filter(line => line.trim()).length;
 
           // Count languages by file extension
           const languages: Record<string, number> = {};
@@ -2086,6 +2136,7 @@ export const tools = await mcpClient.getTools();
     createBackup?: boolean;
     projectPath?: string;
   }) {
+    const { operations, createBackup = false, projectPath = process.cwd() } = context;
     const results: Array<{
       filePath: string;
       editsApplied: number;
@@ -2094,62 +2145,57 @@ export const tools = await mcpClient.getTools();
     }> = [];
 
     try {
-      const { projectPath } = context;
-
-      for (const operation of context.operations) {
-        // Resolve path relative to project directory if it's not absolute
-        const resolvedPath = isAbsolute(operation.filePath)
-          ? operation.filePath
-          : resolve(projectPath || process.cwd(), operation.filePath);
-
-        const result = {
-          filePath: resolvedPath,
-          editsApplied: 0,
-          errors: [] as string[],
-          backup: undefined as string | undefined,
-        };
+      for (const operation of operations) {
+        const filePath = isAbsolute(operation.filePath) ? operation.filePath : join(projectPath, operation.filePath);
+        let editsApplied = 0;
+        const errors: string[] = [];
+        let backup: string | undefined;
 
         try {
-          // Read file content
-          const originalContent = await readFile(resolvedPath, 'utf-8');
-
           // Create backup if requested
-          if (context.createBackup) {
-            const backupPath = `${resolvedPath}.backup.${Date.now()}`;
-            await writeFile(backupPath, originalContent);
-            result.backup = backupPath;
+          if (createBackup) {
+            const backupPath = `${filePath}.backup.${Date.now()}`;
+            const originalContent = await readFile(filePath, 'utf-8');
+            await writeFile(backupPath, originalContent, 'utf-8');
+            backup = backupPath;
           }
 
-          let modifiedContent = originalContent;
+          // Read current file content
+          let content = await readFile(filePath, 'utf-8');
 
-          // Apply edits sequentially
+          // Apply each edit
           for (const edit of operation.edits) {
-            if (edit.replaceAll) {
-              const regex = new RegExp(edit.oldString.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g');
-              const matches = modifiedContent.match(regex);
+            const { oldString, newString, replaceAll = false } = edit;
+
+            if (replaceAll) {
+              const regex = new RegExp(oldString.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g');
+              const matches = content.match(regex);
               if (matches) {
-                modifiedContent = modifiedContent.replace(regex, edit.newString);
-                result.editsApplied += matches.length;
+                content = content.replace(regex, newString);
+                editsApplied += matches.length;
               }
             } else {
-              if (modifiedContent.includes(edit.oldString)) {
-                modifiedContent = modifiedContent.replace(edit.oldString, edit.newString);
-                result.editsApplied++;
+              if (content.includes(oldString)) {
+                content = content.replace(oldString, newString);
+                editsApplied++;
               } else {
-                result.errors.push(`String not found: "${edit.oldString.substring(0, 50)}..."`);
+                errors.push(`String not found: "${oldString.substring(0, 50)}${oldString.length > 50 ? '...' : ''}"`);
               }
             }
           }
 
-          // Write modified content
-          if (result.editsApplied > 0) {
-            await writeFile(resolvedPath, modifiedContent);
-          }
+          // Write updated content back
+          await writeFile(filePath, content, 'utf-8');
         } catch (error) {
-          result.errors.push(error instanceof Error ? error.message : String(error));
+          errors.push(`File operation error: ${error instanceof Error ? error.message : String(error)}`);
         }
 
-        results.push(result);
+        results.push({
+          filePath: operation.filePath,
+          editsApplied,
+          errors,
+          backup,
+        });
       }
 
       const totalEdits = results.reduce((sum, r) => sum + r.editsApplied, 0);
@@ -2158,7 +2204,7 @@ export const tools = await mcpClient.getTools();
       return {
         success: totalErrors === 0,
         results,
-        message: `Applied ${totalEdits} edits across ${results.length} files${totalErrors > 0 ? ` with ${totalErrors} errors` : ''}`,
+        message: `Applied ${totalEdits} edits across ${operations.length} files${totalErrors > 0 ? ` with ${totalErrors} errors` : ''}`,
       };
     } catch (error) {
       return {
@@ -2169,6 +2215,79 @@ export const tools = await mcpClient.getTools();
     }
   }
 
+  /**
+   * Replace specific line ranges in a file with new content
+   */
+  static async replaceLines(context: {
+    filePath: string;
+    startLine: number;
+    endLine: number;
+    newContent: string;
+    createBackup?: boolean;
+    projectPath?: string;
+  }) {
+    const { filePath, startLine, endLine, newContent, createBackup = false, projectPath = process.cwd() } = context;
+
+    try {
+      const fullPath = isAbsolute(filePath) ? filePath : join(projectPath, filePath);
+
+      // Read current file content
+      const content = await readFile(fullPath, 'utf-8');
+      const lines = content.split('\n');
+
+      // Validate line numbers
+      if (startLine < 1 || endLine < 1 || startLine > lines.length || endLine > lines.length) {
+        return {
+          success: false,
+          message: `Invalid line range: ${startLine}-${endLine}. File has ${lines.length} lines.`,
+          error: 'Invalid line range',
+        };
+      }
+
+      if (startLine > endLine) {
+        return {
+          success: false,
+          message: `Start line (${startLine}) cannot be greater than end line (${endLine}).`,
+          error: 'Invalid line range',
+        };
+      }
+
+      // Create backup if requested
+      let backup: string | undefined;
+      if (createBackup) {
+        const backupPath = `${fullPath}.backup.${Date.now()}`;
+        await writeFile(backupPath, content, 'utf-8');
+        backup = backupPath;
+      }
+
+      // Replace the specified line range
+      const beforeLines = lines.slice(0, startLine - 1);
+      const afterLines = lines.slice(endLine);
+      const newLines = newContent ? newContent.split('\n') : [];
+
+      const updatedLines = [...beforeLines, ...newLines, ...afterLines];
+      const updatedContent = updatedLines.join('\n');
+
+      // Write updated content back
+      await writeFile(fullPath, updatedContent, 'utf-8');
+
+      const linesReplaced = endLine - startLine + 1;
+
+      return {
+        success: true,
+        message: `Successfully replaced ${linesReplaced} lines (${startLine}-${endLine}) in ${filePath}`,
+        linesReplaced,
+        backup,
+      };
+    } catch (error) {
+      return {
+        success: false,
+        message: `Failed to replace lines: ${error instanceof Error ? error.message : String(error)}`,
+        error: error instanceof Error ? error.message : String(error),
+      };
+    }
+  }
+
   /**
    * Ask user for clarification
    */
@@ -2244,21 +2363,24 @@ export const tools = await mcpClient.getTools();
   /**
    * Perform intelligent search with context
    */
-  static async performSmartSearch(context: {
-    query: string;
-    type?: 'text' | 'regex' | 'fuzzy' | 'semantic';
-    scope?: {
-      paths?: string[];
-      fileTypes?: string[];
-      excludePaths?: string[];
-      maxResults?: number;
-    };
-    context?: {
-      beforeLines?: number;
-      afterLines?: number;
-      includeDefinitions?: boolean;
-    };
-  }) {
+  static async performSmartSearch(
+    context: {
+      query: string;
+      type?: 'text' | 'regex' | 'fuzzy' | 'semantic';
+      scope?: {
+        paths?: string[];
+        fileTypes?: string[];
+        excludePaths?: string[];
+        maxResults?: number;
+      };
+      context?: {
+        beforeLines?: number;
+        afterLines?: number;
+        includeDefinitions?: boolean;
+      };
+    },
+    projectPath: string,
+  ) {
     try {
       const { query, type = 'text', scope = {}, context: searchContext = {} } = context;
 
@@ -2266,42 +2388,50 @@ export const tools = await mcpClient.getTools();
 
       const { beforeLines = 2, afterLines = 2 } = searchContext;
 
-      let rgCommand = 'rg';
+      // Build command and arguments array safely
+      const rgArgs: string[] = [];
 
       // Add context lines
-      if (beforeLines > 0 || afterLines > 0) {
-        rgCommand += ` -A ${afterLines} -B ${beforeLines}`;
+      if (beforeLines > 0) {
+        rgArgs.push('-B', beforeLines.toString());
+      }
+      if (afterLines > 0) {
+        rgArgs.push('-A', afterLines.toString());
       }
 
       // Add line numbers
-      rgCommand += ' -n';
+      rgArgs.push('-n');
 
       // Handle search type
       if (type === 'regex') {
-        rgCommand += ' -e';
+        rgArgs.push('-e');
       } else if (type === 'fuzzy') {
-        rgCommand += ' --fixed-strings';
+        rgArgs.push('--fixed-strings');
       }
 
       // Add file type filters
       if (fileTypes.length > 0) {
         fileTypes.forEach(ft => {
-          rgCommand += ` --type-add 'custom:*.${ft}' -t custom`;
+          rgArgs.push('--type-add', `custom:*.${ft}`, '-t', 'custom');
         });
       }
 
       // Add exclude patterns
       excludePaths.forEach(path => {
-        rgCommand += ` --glob '!${path}'`;
+        rgArgs.push('--glob', `!${path}`);
       });
 
       // Add max count
-      rgCommand += ` -m ${maxResults}`;
+      rgArgs.push('-m', maxResults.toString());
 
-      // Add search paths
-      rgCommand += ` "${query}" ${paths.join(' ')}`;
+      // Add the search query and paths
+      rgArgs.push(query);
+      rgArgs.push(...paths);
 
-      const { stdout } = await exec(rgCommand);
+      // Execute safely using execFile
+      const { stdout } = await execFile('rg', rgArgs, {
+        cwd: projectPath,
+      });
       const lines = stdout.split('\n').filter(line => line.trim());
 
       const matches: Array<{
@@ -2491,6 +2621,19 @@ export const tools = await mcpClient.getTools();
         projectPath,
       } = context;
 
+      const gitignorePath = join(projectPath || process.cwd(), '.gitignore');
+      let gitignoreFilter: ignore.Ignore | undefined;
+
+      try {
+        const gitignoreContent = await readFile(gitignorePath, 'utf-8');
+        gitignoreFilter = ignore().add(gitignoreContent);
+      } catch (err: any) {
+        if (err.code !== 'ENOENT') {
+          console.error(`Error reading .gitignore file:`, err);
+        }
+        // If .gitignore doesn't exist, gitignoreFilter remains undefined, meaning no files are ignored by gitignore.
+      }
+
       // Resolve path relative to project directory if it's not absolute
       const resolvedPath = isAbsolute(path) ? path : resolve(projectPath || process.cwd(), path);
 
@@ -2504,14 +2647,19 @@ export const tools = await mcpClient.getTools();
       }> = [];
 
       async function processDirectory(dirPath: string, currentDepth: number = 0) {
+        const relativeToProject = relative(projectPath || process.cwd(), dirPath);
+        if (gitignoreFilter?.ignores(relativeToProject)) return;
         if (currentDepth > maxDepth) return;
 
         const entries = await readdir(dirPath);
 
         for (const entry of entries) {
+          const entryPath = join(dirPath, entry);
+          const relativeEntryPath = relative(projectPath || process.cwd(), entryPath);
+          if (gitignoreFilter?.ignores(relativeEntryPath)) continue;
           if (!includeHidden && entry.startsWith('.')) continue;
 
-          const fullPath = join(dirPath, entry);
+          const fullPath = entryPath;
           const relativePath = relative(resolvedPath, fullPath);
 
           if (pattern) {