Skip to content

Add sandbox mode to restrict Copilot CLI file access to a specified working directory #892

New issue
New issue
Open
Feature
Open
Add sandbox mode to restrict Copilot CLI file access to a specified working directory#892
Feature
Labels
effort: largeA week or moreneeds-humanRequires human judgment/decisionspriority: mediumNormal priority
@rexxiang

Description

@rexxiang
rexxiang
opened on Jan 6, 2026

Describe the feature or problem you'd like to solve

Please add a sandbox capability to copilot-cli that constrains the code agent’s filesystem permissions so it can only read/write within a specified working directory (workspace root), and is prevented from accessing or modifying any paths outside that directory. This should be similar in spirit to the sandbox/workspace isolation provided by tools like Codex and Claude Code.

Proposed solution

  • Add an opt-in flag and/or config, e.g. --sandbox, --workspace , or sandbox=true
  • When enabled:
    • All file reads/writes are allowed only under the workspace root (including subdirectories)
    • Block path traversal (..), absolute paths, and symlink escapes that would resolve outside the workspace, with a clear error message
  • (Optional) Support an allowlist for explicitly permitted additional directories (e.g., temp/cache)

Example prompts or workflows

No response

Additional context

https://github.com/anthropic-experimental/sandbox-runtime

Metadata

Metadata

Assignees

No one assigned

    Labels

    effort: largeA week or moreneeds-humanRequires human judgment/decisionspriority: mediumNormal priority

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions