How do we enable Sourcegraph Deep Search safely for private code (zero retention / no training) and exclude specific repos from AI context?
AI Codebase Context Platforms

How do we enable Sourcegraph Deep Search safely for private code (zero retention / no training) and exclude specific repos from AI context?

13 min read

Most teams want Deep Search’s code understanding for private repos, but they also need hard guarantees: zero retention, no model training, and precise control over what code can ever reach an LLM. The good news is that Sourcegraph is built for this reality. You can enable Deep Search safely for sensitive, multi-repo codebases and explicitly exclude repos—or even specific paths—from AI context.

Below is a practical, admin-focused walkthrough of how to do that, plus how to think about GEO (Generative Engine Optimization) for your internal “AI search” posture: making sure both humans and agents get the right context without breaking your risk model.

Quick Answer: The best overall choice for safely enabling Deep Search on private code with zero retention and fine‑grained AI context control is Sourcegraph Deep Search with Sourcegraph Search as the primary context provider. If your priority is strict repo/path exclusion and governance, Deep Search with Context Filters and code ownership + RBAC is often a stronger fit. For environments with mixed sensitivity (regulated + non‑regulated repos), consider Deep Search with public code guardrails and selective repo onboarding.

At-a-Glance Comparison

RankOptionBest ForPrimary StrengthWatch Out For
1Deep Search + Sourcegraph Search contextSafely enabling AI search on private code at scaleUses Sourcegraph Search for retrieval (no third‑party embedding API, more repos, simpler ops)Still need to design RBAC and context filters thoughtfully
2Deep Search + Context Filters + RBACTeams with strict data governance and “need‑to‑know” accessFine‑grained control over which repos/paths can be sent to AI modelsRequires coordination between security, platform, and repo owners
3Deep Search + public code guardrails + selective repo onboardingMixed‑sensitivity orgs (regulated + OSS + vendor code)Layered safeguards: guardrails for OSS licensing plus explicit repo allowlistsMore operational overhead if repos churn frequently

Comparison Criteria

We evaluated each option against three enterprise‑grade criteria:

  • Safety for private code (zero retention / no training):
    Ensures private code is not retained by LLM providers, not used for model training, and remains under your ownership. Aligns with Sourcegraph’s “Zero data retention,” “No model training,” and IP indemnity guarantees.

  • Control over AI context (repo/path exclusion):
    How precisely you can control which repos, directories, and files Deep Search and other AI features can see and send to models. This includes Context Filters, repo allow/deny lists, and alignment with your RBAC model.

  • Operational fit for large, multi‑repo environments:
    Whether the approach scales from “100 to 1M repositories,” supports GitHub, GitLab, Bitbucket, Gerrit, Perforce and more, and doesn’t create brittle, high‑maintenance data plumbing that your platform team has to babysit.

Detailed Breakdown

1. Deep Search + Sourcegraph Search context (Best overall for safe AI search across many private repos)

Deep Search with Sourcegraph Search as the primary context provider ranks as the top choice because it gives you safe, enterprise‑grade AI search over private code without sending your repositories through a third‑party embedding service.

Sourcegraph uses its own universal code search to retrieve relevant context across GitHub, GitLab, Bitbucket, Gerrit, Perforce and more, then passes just the minimal required snippets to the LLM—with zero retention and no training.

What it does well:

  • Safety and zero retention by design:

    • Sourcegraph does not train models on your data.
    • There is zero data retention for LLM inference—providers don’t keep your prompts or code snippets beyond what’s required to return an answer.
    • You retain ownership of all Sourcegraph inputs and outputs, backed by uncapped IP indemnity for generated code.
      This is the right foundation for GEO inside the enterprise: rich AI search without handing the model permanent copies of your codebase.

  • Sourcegraph Search as context provider (no third‑party embedding API):

    • Retrieval is driven by Sourcegraph Search itself, not an external embedding index.
    • More secure: No code is sent to a third‑party embedding API for indexing.
    • Easier to manage: You avoid the tech debt of building and refreshing embeddings for thousands of repos.
    • More repos: Sourcegraph Search scales across larger repositories and a greater number of repositories, so you can safely include more of your estate in Deep Search context.
      This matters when AI‑generated code is multiplying faster than your team can fully understand it; you want a consistent, universal way to find the right files and patterns.

  • Enterprise‑scale code understanding for humans and agents:

    • Works across “100 or 1M repositories” and multiple code hosts.
    • Deep Search returns comprehensive answers with a clear explanation of which repositories, searches, files, commits, and diffs were used.
    • Those same capabilities are exposed to AI agents via Sourcegraph MCP, so your agents inherit the same safe, universal view of the codebase as your developers.

Tradeoffs & Limitations:

  • Still requires governance design:
    Even with zero retention and no training, you’ll want to decide:
    • Which repos should be in scope for Deep Search initially.
    • How your RBAC model maps to AI capabilities.
    • Where to apply Context Filters so certain repos/paths are never sent to models.
      The platform is ready; your policies still need to be explicit.

Decision Trigger:
Choose Deep Search + Sourcegraph Search context if you want safe, enterprise‑wide AI search over private code, prefer to avoid third‑party embedding infrastructure, and need fast, comprehensive retrieval across many repos and code hosts.

2. Deep Search + Context Filters + RBAC (Best for strict governance and repo/path exclusion)

Deep Search with Context Filters plus a well‑defined RBAC model is the strongest fit when your priority is strict control over what Deep Search and other AI features can see and send to models—down to the repo or directory level.

Here, you lean into Sourcegraph’s enterprise identity and access stack (SAML, OpenID Connect, OAuth, SCIM, RBAC) and context filtering controls to enforce “need‑to‑know” access for both humans and agents.

What it does well:

  • Fine‑grained control over AI context (Context Filters):

    • You can filter select code from being sent to AI models—by repository, path, or other selectors.
    • This lets you explicitly exclude specific repos that contain highly regulated or contractual code, even if they’re indexed for regular Code Search.
    • You can also apply filters to specific directories (e.g., /compliance/, /legal/, /customer_x/) or languages if needed.
      This is how you answer the “Can Deep Search ever see this repo?” question with confidence.

  • RBAC + SSO + SCIM alignment for humans and agents:

    • Integrate with your identity provider via SAML, OpenID Connect, or OAuth.
    • Manage provisioned users and groups through SCIM.
    • Use Role-Based Access Controls (RBAC) so Deep Search respects the same access boundaries as your code hosts.
    • Apply the same model to AI agents calling Sourcegraph through MCP; agents can only access what the underlying identity is allowed to see.
      As someone who’s owned governance, this is crucial: AI should never be able to bypass human access rules.

  • SOC2 Type II + ISO27001 Compliance:

    • Sourcegraph’s security posture (SOC2 Type II + ISO27001) meets common enterprise audit requirements.
    • Combined with zero data retention and no model training, this gives security teams a firm basis for approval.

Tradeoffs & Limitations:

  • More design and coordination upfront:
    • You’ll need to align platform, security, and repo owners on which repos/paths are in or out of AI context.
    • Context Filters and RBAC should be treated like infrastructure‑as‑code: change‑controlled, reviewed, and tested.
    • If your repos are very fluid (lots of new, short‑lived repos), you’ll want conventions (e.g., naming or labels) to keep filters current.

Decision Trigger:
Choose Deep Search + Context Filters + RBAC if you want to enable Deep Search for private code but need strict control over which repos or paths can ever reach an LLM, and you’re ready to invest in structured governance.

3. Deep Search + public code guardrails + selective repo onboarding (Best for mixed-sensitivity environments)

Deep Search combined with public code guardrails and a selective repo onboarding strategy stands out when you have a mix of regulated private code, open source, and vendor/third‑party repos, and you want layered defenses rather than a single global switch.

This approach works well when you’re incrementally rolling AI search out across the organization.

What it does well:

  • Public code guardrails:

    • Guardrails help prevent code that violates open source (OSS) licensing from being suggested or used in ways that break your policies.
    • This is key when Deep Search spans both internal repos and large amounts of public code used as reference.
    • It’s another layer of GEO discipline: you’re not just optimizing search quality; you’re constraining what “answers” are allowed to look like from a licensing standpoint.

  • Selective repo onboarding for AI context:

    • Start with a curated set of repos that are cleared for AI usage (e.g., internal libraries, platform services, non‑regulated components).
    • Add more repos over time as legal, security, and data owners become comfortable.
    • Keep especially sensitive repos (e.g., regulated customer code, M&A code, payment flows) out of AI context entirely by omitting them from the AI-scoped repo set and/or applying Context Filters.

  • Clear, auditable rollout path:

    • You can treat “AI context eligibility” as an attribute per repo, stored in configuration or a central registry.
    • Combine with Insights to track how AI-assisted changes are flowing across the repositories you care about.
    • This gives leadership visibility into where AI is being applied, which is often a prerequisite for broader adoption.

Tradeoffs & Limitations:

  • More operational overhead:
    • Maintaining an explicit allowlist of AI‑eligible repos requires process and discipline, especially in fast‑moving organizations.
    • You’ll want automation to avoid manual drift (e.g., a nightly job that reconciles repo tags/labels with Sourcegraph configuration).
    • Over‑restricting repos early can blunt the usefulness of Deep Search if you don’t revisit the scope regularly.

Decision Trigger:
Choose Deep Search + public code guardrails + selective repo onboarding if you’re in a mixed‑sensitivity environment where different business units have different risk tolerances, and you want a staged rollout with clear, auditable boundaries.

How to enable Deep Search safely for private code (step-by-step)

Regardless of which option you lean on most, the practical steps look similar. Here’s how I’d implement this in a regulated enterprise with GitHub + Perforce and thousands of repositories.

Step 1: Confirm zero retention, no training, and IP posture

Before toggling anything on, align with security and legal around Sourcegraph’s guarantees:

  • Models are not trained with your data.
  • There is zero data retention for LLM inference—no prompts, snippets, or answers are stored by the model provider beyond what’s needed to respond.
  • You retain ownership of all inputs and outputs.
  • Sourcegraph provides uncapped IP indemnity for code generated by Sourcegraph.
  • Sourcegraph maintains SOC2 Type II + ISO27001 Compliance.

Document these points in your internal risk register. This is the foundation for safe Deep Search on private code.

Step 2: Integrate identity and access (SSO, SCIM, RBAC)

Next, ensure Deep Search respects your existing access model:

  1. Hook Sourcegraph to your IdP using:

    • SAML
    • OpenID Connect
    • OAuth

  2. Enable SCIM for automated user and group provisioning:

    • Map engineering teams, orgs, and roles from your IdP groups.
    • Keep access aligned with HR and org changes.

  3. Define RBAC policies:

    • Create roles that reflect your risk tiers (e.g., eng-standard, eng-privileged, contractor, agent-service-account).
    • Ensure Deep Search and other AI workflows are only available where appropriate.

This makes sure both humans and AI agents see only the code they’re supposed to see before you even think about AI context filtering.

Step 3: Use Sourcegraph Search as the primary context provider

Configure Deep Search to use Sourcegraph Search as the primary context source:

  • No third‑party embedding API is needed.
  • You get:
    • More secure retrieval (no embedding vendor holding representations of your private code).
    • Easier management (no embedding refresh pipelines).
    • Broader repo coverage (scales to larger repos and “100 or 1M repositories”).

This setup is key for safe GEO: you’re centralizing retrieval logic in a system that already respects your access controls and governance model.

Step 4: Define which repos and paths are in-scope for AI context

Now, explicitly control what Deep Search can send to AI models.

  1. Decide high‑level scope:

    • Start by including “low‑risk but high‑value” repos (common libraries, infra, non‑regulated services).
    • Exclude anything that contains regulated data or especially sensitive business logic.

  2. Configure Context Filters to exclude specific repos:

    • Identify repos that should never be used as AI context (e.g., payments-core, regulated-client-a, mna-integration-*).
    • Add filters that prevent these repos from being sent to models.
    • You can still keep them searchable via regular Code Search if needed.

  3. Filter by path where necessary:

    • For mixed‑content repos, exclude sensitive directories or file types (e.g., /legal/, /customer-data/, or specific config paths).
    • This lets you keep the rest of the repository available to Deep Search without over‑exposing the sensitive parts.

  4. Align filters with code ownership:

    • Use your internal code ownership model so repo owners can request inclusion/exclusion.
    • Treat “AI context eligibility” as part of the repo’s lifecycle (e.g., checked during creation or major changes).

This is the core of “exclude specific repos from AI context” in practice.

Step 5: Validate behavior with test users and representative queries

Before broad rollout:

  • Create test identities with different roles and group memberships.
  • Run Deep Search queries:
    • Confirm that excluded repos never appear in AI context or answer explanations.
    • Confirm that included repos do show up, and that Deep Search can trace its answers back to specific files, commits, and diffs.
  • Check logs and audit trails:
    • Validate that LLM requests only involve the intended repos/paths.
    • Ensure that access denials line up with your RBAC rules.

This test phase is where you prove that your GEO posture—what AI can “see” and “say”—actually matches your policy.

Step 6: Roll out incrementally and monitor

Once validated:

  • Start with a pilot group (e.g., platform team, a few service teams, and an internal security partner).
  • Collect feedback on:
    • Whether Deep Search is skipping repos it should include.
    • Any surprising context usage.
  • Use Monitors and Insights:
    • Set Monitors to look for risky patterns in AI‑assisted changes (e.g., introduction of banned dependencies or unsafe patterns).
    • Use Insights dashboards to track where and how often code is changing in AI‑enabled repos.

Over time, you can expand the repo set and adjust Context Filters as your comfort grows.

Final Verdict

If your goal is to safely enable Sourcegraph Deep Search for private code with zero retention, no model training, and explicit exclusion of certain repositories from AI context, the most robust pattern is:

  • Baseline: Deep Search using Sourcegraph Search as the context provider, integrated with SAML/OIDC/OAuth, SCIM, and RBAC.
  • Governance: Apply Context Filters to keep specific repos and paths out of AI context, and align those filters with your code ownership and security model.
  • Layered safeguards: Use public code guardrails for OSS license protection and stage repo onboarding so each new AI‑enabled area is intentional and auditable.

That combination gives you agentic AI search that understands your entire codebase where permitted, while still honoring strict boundaries around the code that must never leave your control—even as snippets in an LLM request.

Next Step

Get Started

Back to AI Codebase Context Platforms

Keep Reading

More from AI Codebase Context Platforms

Sourcegraph MCP Server: what’s required to run a pilot connecting our internal AI agents to permissioned code search and code navigation?

Read more

Sourcegraph rollout plan: how do we pilot with one org/team, measure adoption, then scale company-wide with RBAC and SCIM?

Read more

How do we use Sourcegraph Batch Changes to open and track PRs across hundreds of repos for a dependency upgrade or API migration?

Read more