Domain (07): (QRP) Privacy fundamentals & context exclusions

[MohamedRadwan-DevOps]

Domain (07): (QRP) Privacy fundamentals & context exclusions (15%)

Document Type: QRP (Quick Revision Pack)
Scope: This document provides a high signal, minimal noise revision pack for this domain, optimized for last mile review. It focuses on crisp bullet points, micro examples, and checklists that cover the most important concepts and exam relevant angles.

Enhance code quality through testing

Testing/Improve effectiveness of existing tests

• Ask Copilot to propose missing cases (null/empty, boundary values, error paths) and to suggest refactors that make tests less brittle (clear Arrange/Act/Assert, deterministic setup, isolate external dependencies).
• Prompt pattern: include function signature, expected behavior, and test framework, then iterate “start general → add constraints → add examples.”

Testing/Generate boilerplate code for various test types

• Generate unit test scaffolding by specifying: test framework, target function/class, and 3–6 scenarios (happy path + edge + failure).
• For integration/E2E scaffolding, specify: system boundary, required fixtures, setup/teardown, and which external services must be mocked vs real.

Testing/Write assertions for different testing scenarios

• Force precision in prompts: “Assert return value, exception type + message, and side effects (state change / emitted events / DB writes).”
• If assertions are vague, ask: “Rewrite assertions to be minimal, deterministic, and framework-idiomatic.”

Testing/Quick check

• Micro example: “Generate 5 tests for validateUser(input) covering empty input, invalid email, valid user, duplicate user, and unexpected exception; then tighten assertions to verify exact exception messages.”

Source:
Writing tests with GitHub Copilot (GitHub Docs)
Generate unit tests (Copilot Chat cookbook) (GitHub Docs)
Prompt engineering for GitHub Copilot Chat (GitHub Docs)

Leverage GitHub Copilot for security and performance

Security/Use existing tests to suggest improvements and spot issues

• Ask: “Given these tests, what risks are untested (authz, input validation, concurrency, error handling) and what is the smallest set of new tests to cover them?”
• Treat outputs as suggestions; you remain responsible for test intent, coverage, and correctness.

Code review/Enterprise collaborative reviews with security best practices

• Use Copilot code review on PRs for feedback and suggested changes; apply suggestions only after validation.
• Steer quality by adding instructions like: “Focus on security checks, dangerous defaults, secrets, and authorization boundaries.”

Security/Identify potential security vulnerabilities in your code

• Use Copilot Chat to highlight likely insecure patterns (e.g., injection, unsafe deserialization, weak auth checks) and propose mitigations, then verify with security tooling and code review.

Performance/Suggest code optimizations for improved performance

• Ask Copilot to identify likely hotspots and propose refactors (better data structures, fewer redundant computations, algorithmic improvements, caching) and explain expected tradeoffs.

Security & performance/Quick check

• Micro example: “Review this handler for injection risks and propose fixes; then propose 2 performance optimizations and explain time/space tradeoffs.”

Source:
Analyze security (Copilot Chat cookbook) (GitHub Docs)
Using GitHub Copilot code review (GitHub Docs)
Refactor for performance optimization (Copilot Chat cookbook) (GitHub Docs)
Responsible use of GitHub Copilot (GitHub Docs)

Content exclusions

Content exclusions/Configuration

• Configure exclusions at the repository, organization, or enterprise level (not per individual developer account).
• Use repository settings (Settings → Copilot → Content exclusion) to enter excluded paths as YAML list items, one per line.
• Patterns support fnmatch-style matching (for example *.cfg, secret*, /scripts/**) and can include comments with #.
• Organization-level exclusions can cover files inside Git repos and files on disk that aren’t under Git control.
• After exclusions change, your IDE may need a reload/restart to fetch/apply the updated policy.

Content exclusions/Effects

• Inline suggestions are not available inside excluded files.
• Excluded-file content won’t be used as input context to shape suggestions in other files.
• Excluded-file content won’t be used as input context for Copilot Chat responses.
• Excluded files won’t be included in Copilot code review on GitHub.
• Content exclusions limit what Copilot can see as input context by preventing it from accessing the excluded files.

Content exclusions/Limitations

• Copilot might still receive semantic info indirectly from the IDE (types, hover definitions, build configuration), even if the file is excluded.
• Exclusions don’t apply to symlinks or repositories on remote filesystems.
• Some Copilot surfaces don’t support content exclusion (for example Copilot CLI, Copilot coding agent, and Agent mode in Copilot Chat in IDEs).

Content exclusions/Ownership of outputs

• GitHub does not own Copilot “Suggestions”; you retain ownership of your code (including suggestions you choose to use).
• You remain responsible for how you use suggestions, and should have practices to prevent rights violations (including using filtering features).

Content exclusions/Quick check

• Common trap: Excluding paths in one place but forgetting that moved/renamed files may fall outside the pattern and become in-scope again.
• Micro example: “Exclude /config/** and *.env* at the org level, then reload the IDE and verify Copilot shows no inline suggestions in those files.”

Source:
Content exclusion for GitHub Copilot (GitHub Docs)
Configure and audit content exclusion (GitHub Docs)
Copilot in GitHub.com now supports Content Exclusions (Preview) (GitHub Changelog)
Content Exclusion beta now supports non-Git files (GitHub Changelog)
Configure GitHub Copilot Access via Content Exclusion (Microsoft DevBlog)

Safeguards

Safeguards/Duplication detector filter

• The “Suggestions matching public code” setting controls whether matches are blocked or allowed with code references (including licensing info when available).
• If set to Block, matching or near-matching suggestions to public code are not shown; if set to Allow, code references can help you assess reuse and attribution risk.

Safeguards/Contractual protection

• Contractual protection (indemnity) is tied to plan/terms; practical exam takeaway: enable protective settings (like duplicate detection) and keep review controls, because you remain responsible for what you ship.

Safeguards/Configure GitHub Copilot settings on GitHub.com

• Copilot policies are configured via GitHub settings (personal) and via org/repo policies (admin).
• Key toggles include: public code matching and prompt/suggestion collection.

Safeguards/Security checks and warnings

• Pair Copilot with GitHub security tooling (code scanning, secret scanning, Dependabot) and treat Copilot findings as assistive, not authoritative.
• If Copilot proposes a fix, validate it with tests and security checks before merging.

Safeguards/Quick check

• Micro example: “Set public code matching to Block, run Copilot review on a PR, and ensure code scanning is enabled; verify any suggested fix passes tests and doesn’t introduce unsafe defaults.”

Source:
Managing GitHub Copilot policies as an individual subscriber (GitHub Docs)
Finding public code that matches GitHub Copilot suggestions (GitHub Docs)
Establishing trust in using GitHub Copilot (GitHub Resources)
Analyze security (Copilot Chat cookbook) (GitHub Docs)

Troubleshooting

Troubleshooting/Solve issues when suggestions are not showing for some files

• Check whether the file is excluded by content exclusions; excluded files should not receive inline suggestions.
• Reload/restart the IDE/extension after changing exclusions to ensure the latest policy is applied.

Troubleshooting/Why context exclusions may not be applied

• Propagation/refresh: IDE sessions may need time or a reload to pick up updated exclusions.
• Coverage limits: exclusions don’t apply to symlinks/remote filesystems and aren’t supported in some Copilot surfaces/modes.

Troubleshooting/Trigger Copilot when suggestions are absent or not ideal

• Add a short “intent comment” above the code and restate constraints (framework, expected behavior, edge cases).
• Iterate prompts: start general → add constraints → add an example input/output.

Troubleshooting/Steps for context exclusions in code editors

• Confirm exclusions by opening an excluded file and checking Copilot status/tooltip indicators in the IDE.
• If behavior differs across repos, verify whether exclusions are set at repo vs org vs enterprise scope.

Troubleshooting/Quick check

• Micro example: “Exclude /secrets/**, reload IDE, verify no suggestions in excluded files, then confirm non-excluded files still receive suggestions.”

Source:
Troubleshooting common issues with GitHub Copilot (GitHub Docs)
Configure content exclusion (GitHub Docs)
Prompt engineering for GitHub Copilot Chat (GitHub Docs)