You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/copilot/how-tos/use-copilot-agents/use-copilot-cli.md
+34Lines changed: 34 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -74,6 +74,40 @@ Install {% data variables.copilot.copilot_cli_short %}. See [AUTOTITLE](/copilot
74
74
75
75
For example, if you ask {% data variables.product.prodname_copilot_short %} to create a bash script but you do not want to use the script {% data variables.product.prodname_copilot_short %} suggests, you can stop the current operation and enter a new prompt, such as: `Continue the previous task but include usage instructions in the script`.
76
76
77
+
## Permissions
78
+
79
+
{% data variables.copilot.copilot_cli_short %} uses a permissions system to control access to paths and URLs. At times, path and URL permission checks utilize heuristic-based detection, which has limitations to be aware of.
80
+
81
+
### Path permissions
82
+
83
+
Path permissions control which directories and files {% data variables.product.prodname_copilot_short %} can access. By default, {% data variables.copilot.copilot_cli_short %} can access the current working directory, its subdirectories, and the system temp directory.
84
+
85
+
Path permissions apply to shell commands, file operations (create, edit, view), and search tools (such as `grep` and glob patterns). For shell commands, paths are heuristically extracted by tokenizing command text and identifying tokens that look like paths.
86
+
87
+
> [!WARNING]
88
+
> Path detection for shell commands has limitations:
89
+
>
90
+
> * Paths embedded in complex shell constructs may not be detected.
91
+
> * Only a specific set of environment variables are expanded (`HOME`, `TMPDIR`, `PWD`, and similar). Custom variables like `$MY_PROJECT_DIR` are not expanded and may not be validated correctly.
92
+
> * Symlinks are resolved for existing files, but not for files being created.
93
+
94
+
To disable path verification, use the `--allow-all-paths` flag when starting {% data variables.copilot.copilot_cli_short %}.
95
+
96
+
### URL permissions
97
+
98
+
URL permissions control which external URLs {% data variables.product.prodname_copilot_short %} can access. By default, all URLs require approval before access is granted.
99
+
100
+
URL permissions apply to the `web_fetch` tool and a curated list of shell commands that access the network (such as `curl`, `wget`, and `fetch`). For shell commands, URLs are extracted using regex patterns.
101
+
102
+
> [!WARNING]
103
+
> URL detection for shell commands has limitations:
104
+
>
105
+
> * URLs in file contents, config files, or environment variables read by commands are not detected.
106
+
> * Obfuscated URLs (such as split strings or escape sequences) may not be detected.
107
+
> * HTTP and HTTPS are treated as different protocols and require separate approval.
108
+
109
+
To disable URL verification, use the `--allow-all-urls` flag. To pre-approve specific domains, use `--allow-url <domain>` (for example, `--allow-url github.com`).
110
+
77
111
## Tips
78
112
79
113
Optimize your experience with {% data variables.copilot.copilot_cli_short %} with the following tips.
0 commit comments