Describe the feature or problem you'd like to solve
Please add a sandbox capability to copilot-cli that constrains the code agent’s filesystem permissions so it can only read/write within a specified working directory (workspace root), and is prevented from accessing or modifying any paths outside that directory. This should be similar in spirit to the sandbox/workspace isolation provided by tools like Codex and Claude Code.
Proposed solution
- Add an opt-in flag and/or config, e.g. --sandbox, --workspace , or sandbox=true
- When enabled:
- All file reads/writes are allowed only under the workspace root (including subdirectories)
- Block path traversal (..), absolute paths, and symlink escapes that would resolve outside the workspace, with a clear error message
- (Optional) Support an allowlist for explicitly permitted additional directories (e.g., temp/cache)
Example prompts or workflows
No response
Additional context
https://github.com/anthropic-experimental/sandbox-runtime
Describe the feature or problem you'd like to solve
Please add a sandbox capability to copilot-cli that constrains the code agent’s filesystem permissions so it can only read/write within a specified working directory (workspace root), and is prevented from accessing or modifying any paths outside that directory. This should be similar in spirit to the sandbox/workspace isolation provided by tools like Codex and Claude Code.
Proposed solution
Example prompts or workflows
No response
Additional context
https://github.com/anthropic-experimental/sandbox-runtime