Explain how Cody context respects code-host permissions

[cbart]

Explain exactly the path of respecting code-host permissions regarding to getting snippets into Cody context.

### Tasks
- [ ] Add testing to ensure Cody repo permissions handled properly

[cbart]

Slack: https://sourcegraph.slack.com/archives/C05405NC49H/p1697843731794539?thread_ts=1697843051.984089&cid=C05405NC49H

[andreeleuterio]

@cbart can we add a task to properly test cody repo permissions (including sub-repo permissions)?

[cbart]

Added a task here. I need to learn more about what's already present, and prioritize this.

[cbart]

Relevant thead: https://sourcegraph.slack.com/archives/C05FY86PHLM/p1697758876123089

[dominiccooney]

We can think about this in terms of context sources:

• Editor context (VScode, JetBrains, neovim) across autocomplete, chat and commands
• Embeddings (local/App, dotcom, enterprise)
• Code Graph
• symf
• Legacy context sources in VScode, there's a bunch of experiments there

We could also do some mitigation in depth at the context sinks:

• Embeddings
• LLM completions for chat/commands
• LLM completions for autocomplete
• Audit other LLM use

And we want to have these controls work at each of these sources and sinks: (Would love product input on whether these requirements are right:)

• If there is a "codyignore" file in the repo, filter context sources by the contents of the file.
• Don't walk the filesystem outside of the project/workspace someone opened/opted into indexing for discovering repo roots.
• Do not include files outside the project/workspace, even if they are open in the editor, unless someone explicitly tagged those files to include as context.

Context, threads on "codyignore": RFC 852, Slack.

[slimsag]

FYI, it is my understanding (based on what @chwarwick told me) that Repository permissions, including sub-repository permissions, are respected and the implementation was reviewed by Security. I had a peek at the code and this seems to be correct.

We could always use more tests, though. Should the issue title be changed to just reflect that aspect?

I also want to mention https://github.com/sourcegraph/sourcegraph/issues/58375 which is work Cody strat team is doing in Q4 to give more fine-grained control to admins.

[github-actions[bot]]

This issue is marked as stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed automatically in 5 days.