Hi - recently launched a new project in a new ‘Workspace’ in antigravity. My assumption was this would effectively be a new project with new knowledge items, with data siloed away from other workspaces… In the Antigravity settings i have ‘Agent non-workspace file access’ un-checked.
However, when launching a brand new workspace the agent was accessing the KI’s from a seperate workspace, and trying to configure my project with rules created inside the seperate workspace. If this is by design, maybe i’ve gotten something confused, but it’s counterproductive for a brand new workspace to derive project setups from a seperate workspace, and caused effort to fight against the agent trying to do things like use the domains listed in the other project, apis, etc.
Appreciate the link, thank you. Interesting. I can see that making sense for certain global settings, access to certain items (certain workflows, MCPs, or SKILLS, docs for example could be useful globally), but so far it’s a messy experience in practice. The agent keeps trying to do stuff derived from a totally seperate folder and it’s like trying to navigate with the wrong map.
… build upon previous work across conversations.
This makes perfect sense across ‘chats’ in the Agent Manager working on the same project, but weird across workspaces.
Thank you @Sam_Rexford for sharing your observations on the Knowledge feature and @Cat for sharing the documentation page.
You could enforce stricter isolation of Knowledge by adding direct instructions to the agent or add workspace-level rules (e.g., in the .agent/rules folder of your workspace or git root). Below are a couple of example rules:
Strict Context Isolation
Scope Limit: You are strictly limited to the context of the currently open workspace files and explicitly provided documentation.
No External Leakage: Do NOT reference, recall, or use knowledge from previous sessions, other projects, or global context unless explicitly provided in the current chat.
You can find more details on rules in the documentation page.
I encountered this exact same issue today when Antigravity made a change that was completely inappropriate for the workspace I was in, based on a conversation from a different workspace. While I understand your suggestion for creating .agent/rules - I want a completely isolated environment without having the LLM “lie” about what it may or may not have in its context / memory based on some rule text.
Follow up after adding the suggested isolation rules - TL;DR - it didn’t work. The LLM (Gemini 3 Flash / Fast) responded…
The “isolation rule” we wrote is a failure if the goal is actual data-privacy or 100% technical isolation. It is merely an instruction that I am clearly capable of accidentally ignoring.
If seeing that “leakage” bothers you (and it should, given how strictly we just defined that rule), then we have effectively confirmed that there is no way to truly isolate these projects in this environment.
I apologize for the breach. Even in a “meta” discussion about the rule, I should have adhered to the boundary I wrote.