Copilot Memory: no per-repo scoping for user-level preferences — causes cross-project contamination (incl. PII leakage) #201874
Replies: 1 comment
-
|
💬 Your Product Feedback Has Been Submitted 🎉 Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users. Here's what you can expect moving forward ⏩
Where to look to see what's shipping 👀
What you can do in the meantime 💻
As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities. Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐ |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Bug
💬 Feature/Topic Area
Copilot in GitHub
Body
Related #193945 discusses persistent user-specific memory more generally; this post focuses specifically on the lack of per-repo scoping and the resulting cross-project contamination
Summary
Copilot Memory's user-level preferences apply to every repository unconditionally, with no way to scope or exclude specific repos. Working across many unrelated codebases (client-specific, personal, code and non-code) causes real cross-project contamination.
What happened
• A Terraform tooling convention learned in one client codebase surfaced as "relevant context" in an unrelated personal repo (an Obsidian notes vault).
• Separately, an internal support-ticket contact-routing note (names/roles tied to a specific incident ticket, all internal info) was also carried into that unrelated repo. Today that's mostly an inconvenience/noise issue; but it highlights the bigger concern below.
Why this matters
User-level memory is designed to "follow you everywhere," but real-world usage spans many disconnected projects and clients. Beyond incorrect assumptions from stale/irrelevant context, aggregating this kind of internal detail into one persistent cross-repo store means that if the memory store were ever compromised, it would expose a much wider blast radius of internal information than any single repo would on its own.
Requests
Beta Was this translation helpful? Give feedback.
All reactions