[dabei]

This is awesome and has huge potential to improve developer productivity! The only thing that it gives me pause is that it requires a very broad Github authorization. Do you really need to "be able to read and write all public and private repository data"?

[x-complexity]

> This is awesome and has huge potential to improve developer productivity! The only thing that it gives me pause is that it requires a very broad Github authorization. Do you really need to "be able to read and write all public and private repository data"?

Compared to a regular search engine, the permissions required are pretty much the same. Both this & regular search engines need to go through a repo's codebase to be even able to give results in the first place.

Privacy-wise, they could probably make it better by requiring each repo to be approved before they can be searched, but that would make for a more friction-laden developer UX. The broad permissions are likely just a consequence of not wanting to ask the user every time a new repo is to be searched through.

[8n4vidtmkvmk]

Why does it need "write" permission?

[x-complexity]

Truthfully, it doesn't need to. Only read permissions are required.

It's possibly just a permission request mistake.

[louiskw]

For the desktop version we implemented GitHub OAuth using the device flow, so you can hold credentials on your local device. The tradeoff is there's no granular control of permissions, it has whatever access your account has.

On bloop cloud we use the GitHub App permission system which is more granular and only request read access.