best-effort prevention of proprietary code indexing by coding agents

[jhaag-skylabs-ai]

Background

Many employees at SkyLabs utilize coding agents (Cursor, GH Copilot, etc...).
Coding agents provide some ways to limit what code is indexed/accessed by agents via configurations (cf. https://cursor.com/docs/context/ignore-files).
However, if we're not careful (or if companies like Anthropic accidentally/intentionally ignore these configurations) we risk leaking proprietary source code, e.g. the SkyLabs FM Automation.

Adopting a best-effort defense against these leaks is a high priority, especially now that we're using a centralized workspace and encouraging more people to build the FM toolchain from source.

Task

• Determine which coding agent(s) & modes of use provide acceptable mechanisms for shielding proprietary code from being indexed
• Set company guidelines for where/how/which coding agents may be employed
• Codify best-effort defense mechanisms within workspace and other proprietary repositories (e.g. by adding .cursorrules files)

[ehtesham-zahoor]

Thank you @jhaag-skylabs-ai for highlighting this.

However, if we're not careful (or if companies like Anthropic accidentally/intentionally ignore these configurations) we risk leaking proprietary source code, e.g. the SkyLabs FM Automation.

This is a concern but more problematic case to me is where we open a sub-directory in any editor and even if we have a ignore file at the root of the repo, it wont be applicable. The first step is to place these ignore files in all sub-projects and also instructing the team to be mindful. We can do some repo level settings as well for github copilot but we use cursor mostly.

Can you please identify the repos and folders where we need to place these ignore files?

[jhaag-skylabs-ai]

Thank you @jhaag-skylabs-ai for highlighting this.

However, if we're not careful (or if companies like Anthropic accidentally/intentionally ignore these configurations) we risk leaking proprietary source code, e.g. the SkyLabs FM Automation.

This is a concern but more problematic case to me is where we open a sub-directory in any editor and even if we have a ignore file at the root of the repo, it wont be applicable. The first step is to place these ignore files in all sub-projects and also instructing the team to be mindful. We can do some repo level settings as well for github copilot but we use cursor mostly.

Can you please identify the repos and folders where we need to place these ignore files?

(cc/ @gmalecha-at-skylabs) I think the main repository that we want to protect from being indexed is auto, but there might be others.

[jhaag-skylabs-ai]

Closing since we have tried our best to lock down proprietary repositories (by adding various "ignore" files in them). There will be some internal follow-up.