Over excessive permissions Request

[d1820]

Describe the feature or problem you'd like to solve

Be able to control what repos and areas of GitHub the AI has access to

Proposed solution

When authenticating it asks for Read/Write to every single thing in your account. That seems a little extreme if i am trying to only work in 1 repository. Users should be able to control what it needs access to. Letting it have access to all private repos and gists is crazy.

Example prompts or workflows

No response

Additional context

No response

[williammartin]

Hey, unfortunately we're under some limitations needing to use an OAuth app which doesn't allow scoping to a repository. If this is really important to you, you can create a Fine Grained PAT and use it by setting COPILOT_GITHUB_TOKEN in your environment.

[HMC-Christof]

Would setting this PAT also work for Github Copilot in VS Code?

[williammartin]

I'm not familiar with what scopes VS Code needs, but generally, I would expect it to work the same. There may be some features that don't work because OAuth app can mint tokens with special privileges beyond the scopes in order to hit non-public API endpoints.

[Zoxc]

It's utterly ridiculous to give an LLM write access to GitHub accounts. Do this properly like opencode does by requesting read access only.

[Zeds112]

COPILOT_GITHUB_TOKEN system works well thanks.

Only thing is copilot requests wasn't showing in the token permissions list so I logged in through oauth with /login, then logged out, then went back to create a fine grained PAT and it showed up.

[Box-Of-Hats]

I'm having the same issue. I want to use the copilot CLI locally for work but it's requesting read/write access to every public and private repo on my personal GH account which I am definitely not going to allow.