Enhance privacy and security by adding permission checks and improvin… #167
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…g your awareness.
This commit introduces several changes to improve data privacy and security:
1. **Sourcegraph Tool Permission:** I added a permission check to the Sourcegraph tool.
You will now be prompted before any search query is sent to the
Sourcegraph API, preventing inadvertent leakage of sensitive data that
might be included in an LLM-generated query.
2. **File View/Search Permissions:** I added permission checks when viewing or searching
file contents. You will be prompted before I read or search
file contents, providing an explicit layer of consent.
3. **README Updates for Your Awareness:**
* I added a section on "Local Data Storage and Privacy" to inform you
that conversation history and file contents are stored locally in an
unencrypted SQLite database, explaining the location and risks.
* I added a note on "Automatic Context Files" to make you aware that
certain files in your project root might be automatically sent to LLMs.
* I added a "Tool Usage and Permissions" security note emphasizing the
importance of reviewing permission prompts for powerful actions like
running commands and fetching web content, and the risks of auto-approving sessions.
These changes aim to give you more control over your data and make you more aware of the application's interactions with your file system and external services.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…g your awareness.
This commit introduces several changes to improve data privacy and security:
Sourcegraph Tool Permission: I added a permission check to the Sourcegraph tool. You will now be prompted before any search query is sent to the Sourcegraph API, preventing inadvertent leakage of sensitive data that might be included in an LLM-generated query.
File View/Search Permissions: I added permission checks when viewing or searching file contents. You will be prompted before I read or search file contents, providing an explicit layer of consent.
README Updates for Your Awareness:
that conversation history and file contents are stored locally in an
unencrypted SQLite database, explaining the location and risks.
certain files in your project root might be automatically sent to LLMs.
importance of reviewing permission prompts for powerful actions like
running commands and fetching web content, and the risks of auto-approving sessions.
These changes aim to give you more control over your data and make you more aware of the application's interactions with your file system and external services.