GitHub Copilot Sends Your Code to Microsoft.
Pretense Mutates It First.
Every Copilot suggestion is built on code Microsoft receives from your editor. Pretense intercepts that code and replaces real identifiers with synthetic ones before it leaves your machine. Microsoft only sees tokens. You still get full AI quality.
What GitHub Copilot Sees
This is a realistic example of a payment processing module. Without Pretense, every identifier, every business-logic hint, and every secret in scope goes to Microsoft.
import Stripe from 'stripe';
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
export async function chargeCustomer(
customerId: string,
amount: number,
currency: string = 'usd'
) {
const paymentIntent =
await stripe.paymentIntents.create({
amount,
currency,
customer: customerId,
confirm: true,
});
return paymentIntent.id;
}Microsoft sees: STRIPE_SECRET_KEY, chargeCustomer, customerId, your payment logic.
import _lib9k from '_pkg3m';
const _obj2a = new _lib9k(process.env._ENV8x);
export async function _fn5b1(
_p7c: string,
_p4d: number,
_p1e: string = 'usd'
) {
const _var6f =
await _obj2a._method3g.create({
amount: _p4d,
currency: _p1e,
customer: _p7c,
confirm: true,
});
return _var6f.id;
}Microsoft sees: synthetic tokens. Structure fully preserved. Copilot suggestions remain accurate. Your IP stays yours.
The Risk
Three documented categories of exposure when using GitHub Copilot without a mutation layer.
Intellectual property exposure
highCopilot telemetry includes file content, function names, and variable identifiers sent to GitHub servers. Internal APIs, proprietary algorithms, and competitive business logic all leave your network.
Training data concerns
mediumGitHub's terms allow code snippets sent via Copilot to improve future model versions. Your internal architecture decisions may influence suggestions shown to competitors using the same product.
Accidental secret leakage
highDevelopers frequently have secrets in open editor buffers -- API keys, database URLs, auth tokens. Copilot context windows capture surrounding file content, not just the function being completed.
How Pretense Fixes It
Pretense sits between your editor and the Copilot API as a local proxy. The mutation happens in milliseconds on your machine, before any network call is made.
Your editor
Real code with real identifiers
Pretense proxy
Mutations applied locally in 2ms
GitHub Copilot API
Receives synthetic tokens only
AI suggestion
Maps back to your real identifiers
Copilot vs Copilot + Pretense
Use Pretense with GitHub Copilot
Pretense works alongside your existing Copilot license. No need to cancel or change your GitHub subscription.
Install the Pretense proxy
Runs locally on port 9339. Zero external dependencies.
npm install -g @pretense/cli && pretense initInstall the VS Code extension
Automatically routes Copilot context through the local mutation proxy.
code --install-extension pretense.pretense-vscodeVerify mutation is active
The status bar shows a green shield when Pretense is intercepting Copilot requests.
pretense statusScan your codebase
See which identifiers Pretense will protect before going live.
pretense scan ./src --reportKeep Using Copilot. Stop Exposing Your Code.
Pretense integrates with your existing Copilot workflow in under 5 minutes. Same AI quality. Zero IP exposure.
Start Free -- No Credit Card RequiredWorks with your existing Copilot license • Local-first • SOC2 aligned