Copilot

Table of contents

This guide covers authentication, configuration, and usage of GitHub Copilot in a sandboxed environment.

Official documentation: GitHub Copilot CLI

Quick start

Create a sandbox and run Copilot for a project directory:

$ sbx run copilot ~/my-project

The workspace parameter is optional and defaults to the current directory:

$ cd ~/my-project
$ sbx run copilot

Authentication

Copilot requires a GitHub token with Copilot access. Store your token using stored secrets:

$ echo "$(gh auth token)" | sbx secret set -g github

Alternatively, export the GH_TOKEN or GITHUB_TOKEN environment variable in your shell before running the sandbox. See Credentials for details on both methods.

Sandboxes don't pick up user-level configuration from your host. Only project-level configuration in the working directory is available inside the sandbox. See Why doesn't the sandbox use my user-level agent configuration? for workarounds.

Copilot is configured to trust the workspace directory by default, so it operates without repeated confirmations for workspace files.

Default startup command

Without extra args, the sandbox runs:

copilot --yolo

Arguments after -- are added after the default flags when the first one is itself a flag (begins with -), so --yolo is preserved:

$ sbx run copilot -- -p "review this PR"   # runs copilot --yolo -p "review this PR"

When the first argument is a bare word — a subcommand or prompt — it replaces the defaults instead.

Base image

Template: docker/sandbox-templates:copilot

Preconfigured to trust the workspace directory.

See Customize to pre-install tools or customize this environment.

What can I help you with?

Copilot

Quick start

Authentication

Configuration

Default startup command

Base image