GitHub Copilot CLI is incredibly powerful, but giving AI deep access to your terminal and file system can be concerning. When you use features like --allow-all-tools - which approves all actions - Copilot can execute commands on your behalf, which means one wrong suggestion could have serious consequences.
Running Copilot CLI in a secure Docker container provides the best of both worlds: powerful AI assistance with strict security boundaries that limit the "blast radius" of any potential mistakes.
When running Copilot CLI directly on your host machine:
Copilot has access to:
~/.ssh/❌ Figure: Bad example - Copilot running with full system access creates unnecessary risk - a single mistake like `rm -rf ~` could be catastrophic
By running Copilot CLI inside a Docker container, you create a secure sandbox where:
--allow-all-tools with confidence (automatic approval)If Copilot runs a dangerous command like rm -rf .:
❌ Without Docker:
✅ With Docker:
Note: The container shares your host's network, so it can access local resources and services. This is intentional for development workflows but means it's not a fully firewalled environment.
Before diving into the setup, it's important to understand the two approaches available. You can install both side-by-side with different command names to give yourself options.
Safe Mode (Recommended) - Always asks for confirmation before executing commands. Use this for general development work where you want control over what gets executed.
YOLO Mode (Auto-Approve) - Automatically approves all tool usage without confirmation. Convenient for trusted workflows but use with caution as it can execute commands without prompting.
Both modes include security checks for proper GitHub token scopes and warn about overly privileged tokens. The YOLO mode adds the --allow-all-tools flag which bypasses execution confirmation.
The complete solution is available at https://github.com/GordonBeeming/copilot_here.
Note: The setup below provides cross-platform support for Linux/macOS and Windows. For the latest version and additional features, always check the GitHub repository.
For Linux/macOS (Bash/Zsh):
# Download the scriptcurl -fsSL https://raw.githubusercontent.com/GordonBeeming/copilot_here/main/copilot_here.sh -o ~/.copilot_here.sh# Add to your shell profile (~/.zshrc or ~/.bashrc) - only if not already thereif ! grep -q "source ~/.copilot_here.sh" ~/.zshrc 2>/dev/null; thenecho '' >> ~/.zshrcecho 'source ~/.copilot_here.sh' >> ~/.zshrcfi# Reload your shellsource ~/.zshrc # or source ~/.bashrc
For Windows (PowerShell):
# Download the script$scriptPath = "$env:USERPROFILE\Documents\PowerShell\copilot_here.ps1"Invoke-WebRequest -Uri "https://raw.githubusercontent.com/GordonBeeming/copilot_here/main/copilot_here.ps1" -OutFile $scriptPath# Add to your PowerShell profile - only if not already thereif (-not (Select-String -Path $PROFILE -Pattern "copilot_here.ps1" -Quiet -ErrorAction SilentlyContinue)) {Add-Content $PROFILE "`n. $scriptPath"}# Reload your profile. $PROFILE
The scripts include automatic update functionality:
# Linux/macOS or Windows PowerShellcopilot_here --update
This will:
Interactive Mode:
# Start interactive session (asks for confirmation)copilot_here# Start interactive session (auto-approves)copilot_yolo
Non-Interactive Mode with Prompts:
# Safe mode - asks for confirmationcopilot_here --prompt "clean and reinstall dependencies"copilot_here -p "explain the code in ./my-script.js"# YOLO mode - auto-approvescopilot_yolo --prompt "clean and reinstall dependencies"copilot_yolo -p "generate README for this project"
> Copilot suggests: rm -rf node_modules package-lock.json && npm installExecute this command? [y/N]: y✅ Executed safely in current directory only
✅ Good example - Use -p or --prompt flag to pass prompts directly to Copilot CLI
With Image Variants:
# Use .NET imagecopilot_here --dotnet --prompt "build and test this .NET project"copilot_here -d -p "explain this C# code"# Use .NET + Playwright imagecopilot_here --dotnet-playwright --prompt "run playwright tests"copilot_here -dp -p "write browser automation tests"
Tip: Install both functions so you can choose based on the situation. Use copilot_here by default and copilot_yolo only in trusted projects.
~/.config/copilot-cli-dockercopilot scopePUID and PGID to match your user ID inside the containerDifferent development scenarios call for different tools. The setup supports multiple image variants:
Available variants:
--dotnet (-d) - .NET 8, 9 & 10 SDKs--dotnet8 (-d8) - .NET 8 SDK only--dotnet9 (-d9) - .NET 9 SDK only--dotnet10 (-d10) - .NET 10 SDK only--playwright (-pw) - Browser automation with Playwright--dotnet-playwright (-dp) - .NET + Playwright combined--rust (-rs) - Rust toolchain--dotnet-rust (-dr) - .NET + Rust combinedUsage:
# Use .NET imagecopilot_here --dotnet -p "build and test this .NET project"copilot_here -d -p "explain this C# code"# Use .NET + Playwright imagecopilot_here --dotnet-playwright -p "run playwright tests for this app"copilot_here -dp -p "write browser automation tests"# YOLO mode with .NET imagecopilot_yolo --dotnet -p "create a new ASP.NET Core API project"copilot_yolo -d -p "scaffold a new web API"
-h or --help - Show usage help and examples (Bash/Zsh) or -Help (PowerShell)--no-cleanup - Skip cleanup of unused Docker images (Bash/Zsh) or -NoCleanup (PowerShell)--no-pull - Skip pulling the latest image (Bash/Zsh) or -NoPull (PowerShell)The functions automatically clean up unused Docker images tagged with the project label, keeping your system tidy.
This approach provides:
--allow-all-tools safelygh loginFor detailed implementation, troubleshooting, and the complete source code:
Security and convenience don't have to be mutually exclusive. By running Copilot CLI in a Docker sandbox, you get powerful AI assistance with strict boundaries that protect your broader system. This setup works identically across Linux, macOS, and Windows, allowing you to embrace features like --allow-all-tools with confidence, knowing the worst-case scenario is limited to your current project.