You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Introduce `obsidianVFS.vault.mode` (`"rw" | "ro" | "partial"`) to
control write access through the obs:// FileSystemProvider. Read-only
mode registers the provider with `isReadonly: true`; partial mode
restricts writes to autoMount paths via mount tree validation.
Guards all five write methods (writeFile, createDirectory, delete,
rename, copy) with a `checkVaultMode` check before path validation.
Provider re-registers dynamically on mode change to update the
isReadonly flag. Status bar shows lock icon with mode suffix for
non-rw modes.
Protection covers obs:// tree view operations, drag-and-drop into the
tree, and obs:// editor saves. The file:// workspace folder (Explorer,
Quick Open, Search) bypasses the provider — documented as a known
limitation pending FileSearchProvider/TextSearchProvider stabilization.
Assisted-by: Claude
-**Vault-side exclusion toggles** — `vault.excludeDotfiles` + `vault.excludeDotfilePattern` control dotfile hiding; `vault.excludeBlocked` controls blocked-path hiding; `vault.gitIgnore` controls `git.ignoredRepositories` management. Each is independently toggleable at runtime.
36
36
-**Sub-path exclusion** — when `autoMount` contains nested paths (e.g., `["20-areas/idea"]`), `files.exclude` patterns hide sibling directories (`20-areas/career`, `20-areas/otaviof`) to match tree view visibility. Computed via mount tree (`packages/core/src/mount-tree.ts`). Controlled by `workspace.excludeUnmountedFolders`.
37
37
-**File-level exclusion** — `obsidianVFS.workspace.excludeUnmountedFilePattern` provides a regex tested against file basenames at partially-mounted levels. Matching files generate `{prefix}/*{ext}` glob patterns in the folder-scoped `files.exclude` tier, hiding Obsidian files (`.md`, `.base`, `.canvas`) from Explorer and Quick Open without affecting same-named files in other workspace folders. Gated by `workspace.excludeUnmountedFiles` toggle. Default: `\\.(md|base|canvas)$`.
38
+
-**Vault write protection** — `obsidianVFS.vault.mode` controls write access through the `obs://` FileSystemProvider. `"ro"` registers the provider with `isReadonly: true`; `"partial"` enforces autoMount-scoped writes at the provider level. Protection covers tree view operations, drag-and-drop into the tree, and `obs://` editor saves. The `file://` workspace folder (Explorer panel, Quick Open, Search) bypasses the provider entirely — drag-and-drop, rename, delete, and editor saves via `file://` remain writable regardless of vault mode. This gap closes when `FileSearchProvider`/`TextSearchProvider` stabilize.
38
39
-**`obs://` FileSystemProvider** remains registered for the Explorer tree view sidebar, wikilinks, drag-and-drop, and watch events — it does not back a workspace folder.
39
40
-**`FileSearchProvider`/`TextSearchProvider` are proposed (unstable) APIs** as of `@types/vscode@1.118.0`. When stabilized, the extension can switch to a single `obs://` workspace folder with native search, eliminating the `files.exclude` workaround. Check `@types/vscode` for stable availability — do not use while proposed.
Copy file name to clipboardExpand all lines: packages/vscode/README.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -54,6 +54,7 @@ Controls vault-side `files.exclude` policy written to `<vault>/.vscode/settings.
54
54
55
55
| Setting | Type | Default | Description |
56
56
|---------|------|---------|-------------|
57
+
|`obsidianVFS.vault.mode`|`"rw" \| "ro" \| "partial"`|`"rw"`| Write access mode: `"rw"` (read-write, all writes allowed), `"ro"` (read-only, no writes through `obs://`), `"partial"` (writes only to `autoMount` paths) |
57
58
|`obsidianVFS.vault.gitIgnore`|`boolean`|`true`| Add the vault to `git.ignoredRepositories` so VS Code's Git extension skips it |
58
59
|`obsidianVFS.vault.excludeBlocked`|`boolean`|`true`| Hide `blocked` folders (from `.obsidian/obsidian-vfs.json`) via `files.exclude`|
59
60
|`obsidianVFS.vault.excludeDotfiles`|`boolean`|`true`| Hide dotfiles and dotdirs at the vault root (`.obsidian`, `.trash`, etc.) |
@@ -122,6 +123,7 @@ This matches the tree view — only mounted paths appear in both views.
122
123
123
124
-**Vault `.vscode/` directory:** The extension creates `.vscode/settings.json` inside the vault for vault-global `files.exclude` patterns (dotfiles and `blocked` paths). These patterns are independent of `autoMount` and apply to any workspace that includes the vault. The `.vscode/` directory itself is never managed by the extension — if you want to hide it, add `.vscode` to your own `files.exclude`. When `obsidianVFS.workspace.enabled` is disabled, all managed patterns are removed from both folder and workspace settings. If your vault is git-tracked, consider adding `.vscode/` to the vault's `.gitignore`.
124
125
-**Not a security boundary:**`files.exclude` hides content from Explorer and Quick Open but does not enforce access restrictions. The `obs://``FileSystemProvider`'s path security (`allowed`/`blocked` lists in `.obsidian-vfs.json`) applies to tree view, wikilink, and drag-and-drop operations.
126
+
-**Write protection covers `obs://` only:**`vault.mode` (`"ro"` / `"partial"`) guards write operations through the `obs://``FileSystemProvider` — tree view sidebar, drag-and-drop into the tree, and `obs://` editor saves. The `file://` workspace folder (Explorer panel, Quick Open, Search) bypasses the provider and remains writable regardless of vault mode. This gap closes when VS Code stabilizes `FileSearchProvider`/`TextSearchProvider`, allowing a single `obs://` workspace folder.
125
127
-**Temporary workaround:**`files.exclude` is used because VS Code's [`FileSearchProvider`/`TextSearchProvider`](https://github.com/microsoft/vscode/issues/73524) APIs are still proposed (unstable). When stabilized, the extension can switch to a single `obs://` workspace folder with native search, eliminating the `files.exclude` patterns entirely.
126
128
-**Title bar:** Adding the vault as a workspace folder creates a multi-root workspace. VS Code may show "UNTITLED (WORKSPACE)" in the title bar.
Copy file name to clipboardExpand all lines: packages/vscode/package.json
+10Lines changed: 10 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -136,6 +136,16 @@
136
136
"default": "^\\.",
137
137
"markdownDescription": "Regex tested against entry names at the vault root. Only dotfiles matching this pattern are hidden when `vault.excludeDotfiles` is enabled. Default `^\\\\.` matches all dotfiles. Example: `^\\\\.(obsidian|trash)` to hide only `.obsidian` and `.trash`."
138
138
},
139
+
"obsidianVFS.vault.mode": {
140
+
"type": "string",
141
+
"enum": [
142
+
"rw",
143
+
"ro",
144
+
"partial"
145
+
],
146
+
"default": "rw",
147
+
"markdownDescription": "Vault access mode controlling write operations through the `obs://` file system.\n- `rw`: Read-write — all writes permitted (default).\n- `ro`: Read-only — no writes allowed.\n- `partial`: Only writes to `autoMount` paths are allowed; everything else is read-only.\n\nThis setting protects tree view operations, drag-and-drop, and `obs://` editor saves. The `file://` workspace folder (used for Quick Open and Search) is not affected."
0 commit comments