Describe the feature or problem you'd like to solve
I typically run with /allow-all for maximum productivity, but sometimes I want to restrict the agent (e.g., no shell execution, read-only mode, or limited directory access) for sensitive tasks or specific repos. Currently there's no way to:
- Save a named permission configuration and switch to it quickly
- Define per-repo permission defaults so certain repos always start restricted
- Toggle between "full trust" and "restricted" without manually re-configuring each session
Related issues #3028 and #3050 cover parts of this (MCP tool trust and persistent directories), but neither addresses switchable named profiles.
Proposed solution
Introduce permission profiles — named sets of permission rules that can be defined at two levels:
Global profiles (~/.copilot/permission-profiles.json):
{
"profiles": {
"full-access": { "allowAll": true },
"read-only": {
"allowedTools": ["view", "grep", "glob", "github-mcp-server-*"],
"denyTools": ["powershell", "edit", "create"]
},
"no-shell": {
"allowAll": true,
"denyTools": ["powershell"]
}
},
"default": "full-access"
}Per-repo profiles (.github/copilot-permissions.json):
{
"default": "no-shell",
"trustedDirectories": ["."],
"profiles": {
"no-shell": {
"allowAll": true,
"denyTools": ["powershell"]
}
}
}Switching profiles in-session:
/profile list — show available profiles/profile use <name> — switch to a profile/profile show — show current active profile and its rules
Per-repo profiles would take precedence over global ones (team-enforced guardrails).
Example prompts or workflows
- Start session in infra repo → automatically applies "no-shell" profile (team policy)
- Working on a PR review →
/profile use read-only to ensure no accidental edits
- Ready to implement →
/profile use full-access to switch back
- New session in any repo → applies user's global default without needing
/allow-all each time
Additional context
GitHub Copilot CLI 1.0.43
This would complement #3028 (granular MCP tool trust) and #3050 (persistent directory allow lists) by providing the overarching framework for managing permission sets.
Describe the feature or problem you'd like to solve
I typically run with
/allow-allfor maximum productivity, but sometimes I want to restrict the agent (e.g., no shell execution, read-only mode, or limited directory access) for sensitive tasks or specific repos. Currently there's no way to:Related issues #3028 and #3050 cover parts of this (MCP tool trust and persistent directories), but neither addresses switchable named profiles.
Proposed solution
Introduce permission profiles — named sets of permission rules that can be defined at two levels:
Global profiles (
~/.copilot/permission-profiles.json):{ "profiles": { "full-access": { "allowAll": true }, "read-only": { "allowedTools": ["view", "grep", "glob", "github-mcp-server-*"], "denyTools": ["powershell", "edit", "create"] }, "no-shell": { "allowAll": true, "denyTools": ["powershell"] } }, "default": "full-access" }Per-repo profiles (
.github/copilot-permissions.json):{ "default": "no-shell", "trustedDirectories": ["."], "profiles": { "no-shell": { "allowAll": true, "denyTools": ["powershell"] } } }Switching profiles in-session:
/profile list— show available profiles/profile use <name>— switch to a profile/profile show— show current active profile and its rulesPer-repo profiles would take precedence over global ones (team-enforced guardrails).
Example prompts or workflows
/profile use read-onlyto ensure no accidental edits/profile use full-accessto switch back/allow-alleach timeAdditional context
GitHub Copilot CLI 1.0.43
This would complement #3028 (granular MCP tool trust) and #3050 (persistent directory allow lists) by providing the overarching framework for managing permission sets.