search

microsoft / vscode-copilot-release

Feedback on GitHub Copilot Chat UX in Visual Studio Code.
https://marketplace.visualstudio.com/items?itemName=GitHub.copilot-chat
Creative Commons Attribution 4.0 International
295 stars 28 forks source link

Support Scoped permissions to Singular Organization or Repo #982

Open aaronclong opened 4 months ago

aaronclong commented 4 months ago

Currently Github Chat is requesting access to all repositories and organizations. This is difficult for people who use Github outside and inside of work settings. It doesn't allow them to scope Co-Pilot to their particular needs. Likewise, it creates host of legal questions on whether employers can force this product and the impact on private personal repositories/out of work activities.

https://github.com/microsoft/vscode-copilot-release/issues/813#issuecomment-1971105304

Steps to Reproduce:

  1. Open VsCode with latest copilot
  2. Click allow on model prompt
  3. See it request access to all repos and organizations
notpeter commented 4 months ago

Specifically, the extension is requesting 'repo' scope which includes read/access to all public, private repos and many associated settings. Obviously for lots of folks this a non-starter.

image

The reasoning provided by @TylerLeonhardt (link)

We need the extra permissions (repo) in order to use a GitHub Search API because without it, it says the repo doesn't exist. GitHub doesn't split up repo permissions into read and write for this, unfortunately so we ask for the scope required to do the job.

Hopefully alternate permission scope(s) or access methods can be identified.

TylerLeonhardt commented 4 months ago

Unfortunately, we cannot do this at this time. We use a GitHub OAuth App and it doesn't and won't support the granularity of access per-repo.

After numerous discussions with GitHub, they have recommended that we continue being a GitHub OAuth app and that GitHub Apps, which support this granularity, are not viable for us to switch to at this time.

Our hands are tied with what GitHub offers.

I have continued asking for a a scope that doesn't have write permission, but it's non-trivial for them so I'm working with them to come up with a good plan

aaronclong commented 4 months ago

@TylerLeonhardt is there a ticket or issue that can tracked with Github OAuth? I understand that this might not being achieved quickly. However, this is something that should be pushed for

I am trying to phrase this in a constructive manner, but this ultimately limits the viability of CoPilot for many. If copilot ever stops working and I can't use it without giving it total access, I fully plan to stop using CoPilot. I know there a performance improvement doing it server-side, but can there a continued fallback to just use the local system for CoPilot?

sullerandras commented 4 months ago

Could this permission be asked for at the time when the Github Copilot Chat extension needs to use the github search api? The extension seems to work fine without granting this permission.

akshaal commented 4 months ago

Unfortunately, we cannot do this at this time. We use a GitHub OAuth App and it doesn't and won't support the granularity of access per-repo.

You don't strictly need these permissions unless you really plan to make github copilot only to be usable within a github repostory. with no way to use it in non github repositories (or non repo files in general).

aaronclong commented 3 months ago

@TylerLeonhardt could a good fallback if permission is denied to use the local filesystem/plane git and/or the Github Search API? I'm interested in your thoughts here. I know the Github OAuth is lacking some Least Privilege Access, but I think these would be reasonable solutions to that.

Likewise, could a config be add to disable this in the vscode editor via the settings.json.

Could this permission be asked for at the time when the Github Copilot Chat extension needs to use the github search api? The extension seems to work fine without granting this permission.

aaronclong commented 2 months ago

Any updates?

bntzio commented 1 month ago

Unfortunately, we cannot do this at this time. We use a GitHub OAuth App and it doesn't and won't support the granularity of access per-repo.

After numerous discussions with GitHub, they have recommended that we continue being a GitHub OAuth app and that GitHub Apps, which support this granularity, are not viable for us to switch to at this time.

Our hands are tied with what GitHub offers.

I have continued asking for a a scope that doesn't have write permission, but it's non-trivial for them so I'm working with them to come up with a good plan

If the scopes to read private repositories are necessary for the Search API with Copilot to work, and it will only be used when users with a GitHub Copilot Enterprise plan do a search via the Copilot Chat, isn't it better to ask for the extra permissions at that point?

There are two ways this can be solved:

  1. Allowing users to install GitHub Copilot OR GitHub Copilot Chat (or both) and only ask for these extra permissions if they install the chat extension (and leave the basic permissions for the other extension).
  2. Only require the extra permissions when triggering a Search API query with Copilot (only Enterprise users will need it, at least for now).

In my opinion, integrating those two solutions together is the way to go, but one is sufficient for now.

The easiest one to implement would be the first one, why both extensions needs to be installed?

It shouldn't be that complicated to at least give that choice to the users, while you wait for GitHub to implement more granular scopes to OAuth Apps or while users wait for improvements as the second solution I mention above or the plan you're referring to.