Commands and JSON snippets for Copilot CLI permissions, tool access, trusted directories, environment variables, and persistent configuration.
Control what Copilot can read, modify, execute, and call automatically.
Disable approval prompts for the whole run.
copilot --allow-all -p "Audit this repository and propose improvements."This is powerful but high trust. Use only in safe environments.
copilot --allow-all-tools -p "Run tests and fix the simplest failing case."This is required for many programmatic automation flows.
copilot --add-dir=../shared-lib -p "Inspect both repositories and suggest shared abstractions."Useful when your working context spans multiple sibling directories.
Permit a narrow shell tool pattern.
copilot --allow-tool="shell(git:*)" -p "Summarize branch divergence and recent merge risks."A safer way to let Copilot use Git commands without opening everything.
Block a specific command even when a broader rule allows related commands.
copilot --allow-tool="shell(git:*)" --deny-tool="shell(git push)"Deny rules take precedence over allow rules, which is ideal for guardrails.
copilot --allow-url=docs.github.com -p "Read the docs and summarize the CLI auth flow."Useful when you want the agent to consult a fixed documentation source.
Prevent access to sites you do not want queried.
copilot --deny-url=example.com -p "Do the task without consulting blocked domains."Deny URL rules override allow URL rules.
Set models, editors, tokens, and session-level behavior.
export COPILOT_MODEL="MODEL_NAME"Model identifiers evolve, so use the names accepted by your installed CLI version.
Enable fully automatic permissions in scripts.
export COPILOT_ALLOW_ALL=trueEquivalent to `--allow-all`, often used in automation contexts.
export COPILOT_EDITOR="code --wait"Checked after `$VISUAL` and `$EDITOR`, with `vi` as the fallback.
Set a token for non-interactive environments.
export COPILOT_GITHUB_TOKEN=YOUR_FINE_GRAINED_TOKENThis takes precedence over `GH_TOKEN` and `GITHUB_TOKEN`.
Change where config and state files are stored.
export COPILOT_HOME="$HOME/.copilot-work"Useful when you want separate config profiles or sandboxed environments.
export COPILOT_AUTO_UPDATE=falseHelpful for deterministic CI and reproducible support debugging.
export PLAIN_DIFF=trueCan be easier to parse in scripts or limited terminal environments.
Persist defaults globally, per repository, or locally.
~/.copilot/config.jsonThis stores user-level defaults for all repositories unless `COPILOT_HOME` overrides it.
.github/copilot/settings.jsonUse this for shared team defaults that belong in version control.
.github/copilot/settings.local.jsonAdd this file to `.gitignore` to keep personal overrides out of the repo.
Persist trusted directories in the user config.
{
"trusted_folders": [
"/Users/you/src/project-a",
"/Users/you/src/project-b"
]
}Trusted folders control where Copilot can read, modify, and execute files without re-prompting each time.
{
"banner": "never"
}`banner` supports `always`, `once`, or `never`.
{
"auto_update": false
}Use config instead of an environment variable when you want a stable default on a machine.