Copilot Content Exclude settings "whitelist" support.

[dpfeffer2n]

Select Topic Area

Product Feedback

Body

We successfully evaluated the Copilot in our organization, and we would like to rollout the Copilot now.
We just see one major hick-up in the Copilot Content Exclude feature which is blocking us to use it to its full extend:

As an GitHub Organization owner, I would like to define the Copilot Content Exclude settings as a "whitelist".
This is important for use cases when the team works on small number of repositories, but has still access to large number of repositories with sensitive licenses or potential IPR risks where the Copilot should not be used (e.g in embedded Linux based solutions).

Se below example/idea how the possible syntax might look like:

// exclude all gittools.xyz.com repositories from Copilot usage 
gittools.xyz.com*: 
- "**" 

// except the "whielisted" abc library, where Copilot should be enabled.
! gittools.xyz.com/libs/abc: 
- "**"

This would dramatically simplify the settings and will not lead to issues given to the settings size limitation (10kb).
Can you help us with this, please?

[rsr077]

okay It's nice things.

[zepeng811]

this is also an important feature to our org as we want to enable a whitelist based approach for regulatory and compliance reasons. But seems impossible at the moment as content exclusion uses fnmatch pattern which does not support negation.

[tomleicircle]

How is this nice to have? I'm sure a lot of organization will want this. Is anyone looking at these requests from the GitHub side?

[MatuzMark]

Is there any progression in this issue?
Is there any workaround?

I tried to resolve it in IDE (vscode) use files.exclude settings, because it supports negation. It worked, but it had a lot of downside like:

• disappeared the files/directories from explore tab
• ruines other extension stuffs that relies on this settings

I tried to use the .copilotignore file to exlude files/directories. It seems it works for the chat, so Copilot cannot "see" those files and its content. Unfortunately Coplilot wants to still index the excluded files... So it also does not work for me.

[johncrim]

We have a similar requirement: We would like to whitelist just a few internal repositories, so that those are the only repos that our organization's Copilot resources are used on. Eg:

// Ignore all repos
git@github.com:*/*: "**"

// .. except our repos
! git@github.com:mycompany/*: "**"

Right now there doesn't appear to be any way to do this using github org policy settings. The only option I see is to have each copilot integrated tool, eg VS Code have copilot off by default (user setting) but have it on for specific repositories (workspace setting).

[aarondavies72736-stack]

The whitelist-based approach makes sense for managing risk at scale and would greatly improve usability for teams with mixed-access repositories, much like how pearl's minuets, pet service, royalton requires precise boundaries to function smoothly without unintended exposure.