microsoft
Feature Request: Add ability to exclude files for agent mode
As the title says, GitHub Copilot does not have the ability to prevent agent mode from using built-in VS Code tools to read certain prespecified files (sensitive, data, or other types). This is critical for a lot of developers, particularly those in the research community with data that is protected or private. The criticism of this that I've heard is that people should develop with test data and then move to real data after they have running code. I do agree with this. However, I've seen firsthand that most don't/won't do this, and this can create data security problems. I have watched a large number of people refuse to use GitHub Copilot purely because of the lack of this one feature (which I imagine shouldn't be too hard, as it just does the same disabling check that Copilot already does when we open files). Something simple but helpful here would go a long way.
Right now, GitHub Copilot's agent mode does not respect the file restrictions that the other modes do (ask and edit, although I've been concerned about ask mode choosing to attach codebase without my permission). My understanding is that when I say to exclude certain file extensions in my Copilot settings, I can see Copilot turn off when I open those files in my editor, and they aren't accessed unless I attach them to the chat or run a chat with the inline chat. If I'm wrong on that, please correct me, as that seems to be a bigger issue to me.
Agent mode doesn't behave this way. It already feels free to search everything, including file extensions that I've told it to ignore in my Copilot settings. I could understand it trying to run commands that read those files (like cat), since that's a tool use issue, but it will consistently use the built-in tools to add these files to its context. Clearly, prompting isn't perfect, but it also ignores requests to not read these files when I try to tell it not to. Fortunately, all of this has been in controlled settings for my own testing, and I haven't used it on anything larger/real that would cause security problems because of this possibility.
I'm posting this request not only on behalf of myself, but on behalf of a lot of my colleagues who work in fields where data is sensitive, but we still need to interact with it. I have a lot of colleagues, as I said, who legally can't or have chosen not to use Copilot because of the lack of this feature. Like it or not, this will be a missed market for the Copilot team if a feature isn't added, as a lot of academics will simply refuse to use it, putting aside the many, many possible future legal problems of people who didn't have this option and used the tool anyway (knowingly or unknowingly, now that Copilot is there by default).
Any information on plans or reasoning about this would be greatly appreciated by those of us working with private data but dealing with this throwing a wrench into our workflow. Love the product, but hoping this feature can help us use it more freely. Happy to provide more information on what specifically I'm envisioning if it is helpful.
This would definitely make agent mode more useful to avoid leaking sensitive data.
It seems odd that Content Exclusion exists as a setting, but does not apply to Agent Mode. This is a much-needed feature for our organization as well, especially when working with sensitive files like .env.
Having a way to enforce file-level exclusions across all Copilot modes would significantly improve trust and control in enterprise environments.
This is a critical security feature that must be implemented in order for Copilot to continue building trust and transparency
