copilot_here is a shell tool designed to run GitHub Copilot CLI commands inside a sandboxed Docker container, ensuring your host machine remains clean and secure. The tool provides shell function wrappers for Bash, Zsh, and PowerShell, seamlessly proxying Copilot CLI commands through a containerized environment.
Key Features:
Sandboxed Environment: Isolates GitHub Copilot CLI in a Docker container to enhance security.
Shell Wrappers: Provides functions for Bash, Zsh, and PowerShell to simplify command execution.
Automatic Authentication: Uses existing gh CLI credentials for seamless authentication.
Mounting Control: Grants file system access only to specified directories, improving security.
Execution Modes: Offers Safe Mode (requires confirmation) and YOLO Mode (auto-approves), catering to different usage needs.
Image Variants: Supports multiple container images with various toolsets (e.g., .NET, Playwright, Rust).
Audience & Benefit:
Ideal for developers seeking a secure, isolated environment for GitHub Copilot CLI. Benefits include enhanced security by isolating tools, avoiding global Node.js installations, and maintaining a clean host machine. Persistent configuration ensures trusted folders and preferences are remembered across sessions.
Installable via winget.
README
copilot_here: A Secure, Portable Copilot CLI Environment
Run the GitHub Copilot CLI from any directory on your machine, inside a sandboxed Docker container that automatically uses your existing gh authentication.
π What is this?
This project solves a simple problem: you want to use the awesome GitHub Copilot CLI, but you also want a clean, portable, and secure environment for it.
The copilot_here shell function is a lightweight wrapper around a Docker container. When you run it in a terminal, it:
Enhances security by isolating the tool in a container, granting it file system access only to the directory you're currently in. π‘οΈ
Keeps your machine clean by avoiding a global Node.js installation.
Authenticates automatically by using your host machine's existing gh CLI credentials.
Validates token permissions by checking for required scopes and warning you about overly permissive tokens.
Persists its configuration, so it remembers which folders you've trusted across sessions.
Stays up-to-date by automatically pulling the latest image version on every run.
β Prerequisites
Before you start, make sure you have the following installed and configured on your machine:
You must be logged in to the GitHub CLI. You can check by running gh auth status. Your token must have the copilot and read:packages scopes. If it doesn't, run gh auth refresh -h github.com -s copilot,read:packages to add them.
π οΈ Setup Instructions
Choose your platform below. The scripts include both Safe Mode (asks for confirmation) and YOLO Mode (auto-approves) functions. You can use either or both depending on your needs.
Safe Mode (copilot_here) - Always asks for confirmation before executing commands. Recommended for general development work where you want control over what gets executed.
YOLO Mode (copilot_yolo) - Automatically approves all tool usage without confirmation. Convenient for trusted workflows but use with caution as it can execute commands without prompting.
Image Variants
All images support both AMD64 (x86_64) and ARM64 (Apple Silicon, etc.) architectures.
All functions support switching between Docker image variants using flags:
Format:path/to/dir:ro or path/to/dir:rw (one per line)
Management Commands:
Use --save-mount, --save-mount-global, --remove-mount, and --list-mounts to manage persistent mounts.
Image Management
You can configure the default image tag to use (e.g., dotnet, dotnet-playwright, or a specific SHA) so you don't have to pass flags every time.
Management Commands:
--list-images - List all available Docker images
--show-image - Show current default image configuration
--set-image - Set default image in local config
--set-image-global - Set default image in global config
--clear-image - Clear default image from local config
--clear-image-global - Clear default image from global config
Configuration Files:
Global: ~/.config/copilot_here/image.conf
Local: .copilot_here/image.conf
Model Management
You can configure the default AI model to use so you don't have to pass --model every time.
Management Commands:
--list-models - List available AI models (queries Copilot CLI error message)
--show-model - Show current default model configuration
--set-model - Set default model in local config
--set-model-global - Set default model in global config
--clear-model - Clear default model from local config
--clear-model-global - Clear default model from global config
Special value: Use default as the model ID to explicitly use Copilot CLI's default model. This is useful for overriding a global setting at the local level.
Note: The --list-models command uses a workaround by triggering an invalid model error, which causes the Copilot CLI to list valid models. This is a temporary approach until a proper API is available.
Configuration Files:
Global: ~/.config/copilot_here/model.conf
Local: .copilot_here/model.conf
Configuration Priority:
CLI argument (--model )
Local config (.copilot_here/model.conf)
Container Runtime Management
copilot_here supports multiple container runtimes: Docker, OrbStack, and Podman. The system automatically detects the available runtime, but you can also configure a preferred runtime.
Management Commands:
--show-runtime - Show current container runtime configuration
--list-runtimes - List all available container runtimes on your system
--set-runtime - Set runtime in local config (values: docker, podman, or auto)
--set-runtime-global - Set runtime in global config
Configuration Files:
Global: ~/.config/copilot_here/runtime.conf
Local: .copilot_here/runtime.conf
Configuration Priority:
Local config (.copilot_here/runtime.conf)
Global config (~/.config/copilot_here/runtime.conf)
Auto-detection (tries Docker first, then Podman)
Supported Runtimes:
Docker - Standard Docker Engine or Docker Desktop
OrbStack - Automatically detected when Docker context is set to OrbStack
# Set model for current project
copilot_here --set-model gpt-5
# Set model globally for all projects
copilot_here --set-model-global claude-sonnet-4.5
# Override saved model for one session
copilot_here --model gpt-5-mini
# View current configuration
copilot_here --show-model
Custom Docker Flags (SANDBOX_FLAGS)
Pass additional Docker flags using the SANDBOX_FLAGS environment variable (compatible with Gemini CLI):
Airlock Mode:
When using --enable-airlock, the --network flag changes the proxy's external network while maintaining app container isolation. The app container remains on the internal airlock network and can only access the proxy, which then routes to your specified network.
# Example: Proxy connects to custom network while app stays isolated
docker network create my-services
SANDBOX_FLAGS="--network my-services" copilot_here --enable-airlock
π‘οΈ Airlock (Network Isolation)
Airlock provides an additional layer of security by routing all network traffic from the Copilot CLI through a proxy that enforces an allowlist of permitted hosts and paths. This ensures that the AI can only communicate with approved endpoints.
Key Features:
Enforce Mode: Blocks all network requests not matching the allowlist
Monitor Mode: Logs all network activity without blocking (useful for auditing)
Configurable Rules: Define allowed hosts and paths per-project or globally
enforce (e): Blocks requests not matching the allowlist
monitor (m): Allows all requests but logs them for review
When enabling Airlock for the first time, you'll be prompted to choose between enforce and monitor mode.
Logging:
When enable_logging is true (or in monitor mode), request logs are saved to .copilot_here/logs/ (excluded from git by default).
Network Topology View
graph LR
subgraph Docker_Host [π³ Docker Host]
style Docker_Host fill:#F8F9FA,stroke:#1A1A1A,color:#1A1A1A
subgraph Airlock_Net [π Network: airlock_net]
style Airlock_Net fill:#E9ECEF,stroke:#1A1A1A,stroke-width:2px,stroke-dasharray: 5 5,color:#1A1A1A
App[("π€ Copilot Container(Single Homed)")]
style App fill:#FFFFFF,stroke:#0063B2,stroke-width:2px,color:#1A1A1A
ProxyInt["Proxy Interface(eth0)"]
style ProxyInt fill:none,stroke:none,color:#1A1A1A
end
subgraph Proxy_Container [π‘οΈ Secure Proxy Container]
style Proxy_Container fill:#46CBFF,stroke:#0063B2,stroke-width:3px,color:#1A1A1A
ProxyApp["Proxy Process"]
style ProxyApp fill:#F8F9FA,stroke:#0063B2,color:#1A1A1A
end
App == "1. Traffic via Airlock" ==> ProxyApp
end
Internet((βοΈ Internet / GitHub))
style Internet fill:#F8F9FA,stroke:#1A1A1A,stroke-width:2px,color:#1A1A1A
ProxyApp == "2. Traffic via Bridge" ==> Internet
linkStyle 0 stroke:#0063B2,stroke-width:3px,color:#0063B2
linkStyle 1 stroke:#0063B2,stroke-width:3px,color:#0063B2
π The Sealed Chamber (Airlock Network):
The copilot_here container is launched into a private, internal-only network. It has zero direct access to the internet. If an application tries to bypass the proxy, the connection simply fails because there is no route out.
π‘οΈ The Sentry (Secure Proxy):
The Proxy is the only component with a "key" to the outside world. It sits with one foot in the Airlock (to listen for requests) and one foot in the Bridge network (to reach GitHub).
β The Controlled Exit:
Traffic can only leave the Airlock if it explicitly asks the Proxy to carry it. The Proxy inspects the destination against your allow-list and decides whether to let the request pass or block it.
Package Managers
Homebrew (macOS):
brew tap gordonbeeming/tap
brew install --cask copilot-here
Homebrew (Linux):
brew tap gordonbeeming/tap
brew install copilot_here
WinGet (Windows):
winget install GordonBeeming.CopilotHere
.NET Global Tool:
dotnet tool install -g copilot_here
For Linux/macOS (Bash/Zsh)
Quick Install (Recommended):
If you already have the copilot_here binary on your PATH, you can install shell integrations for bash/zsh/fish (and on Windows: PowerShell + cmd) with:
copilot_here --install-shells
Otherwise, download and run the install script:
# Source the installer to load functions immediately
source <(curl -fsSL https://github.com/GordonBeeming/copilot_here/releases/download/cli-latest/install.sh)
To update later, just run: copilot_here --update
Manual Install (Alternative):
If you prefer not to use the quick install method, you can manually copy the script file:
Add to your shell profile (~/.zshrc or ~/.bashrc):
source ~/.copilot_here.sh
Reload your shell:
source ~/.zshrc # or source ~/.bashrc
Note: If you want to disable the auto-update functionality, you can remove the --update-scripts and --upgrade-scripts case blocks from the downloaded script file.
For Windows (PowerShell)
Quick Install (Recommended):
Download and source the script in your PowerShell profile:
# Create profile if it doesn't exist
if (-not (Test-Path $PROFILE)) { New-Item -ItemType File -Path $PROFILE -Force | Out-Null }
# Remove old entries and add new one
$profileContent = Get-Content $PROFILE -Raw
$profileContent = $profileContent -replace '(?m)^.*copilot_here\.ps1.*$', ''
$profileContent = $profileContent.TrimEnd() + "`n`n. `"$env:USERPROFILE\.copilot_here.ps1`""
Set-Content -Path $PROFILE -Value $profileContent
Or manually edit your profile:
notepad $PROFILE
# Remove any old copilot_here.ps1 entries and add:
# . "$env:USERPROFILE\.copilot_here.ps1"
Reload your PowerShell profile:
. $PROFILE
Note: The auto-update functionality can be removed by editing the downloaded script file.
Usage
Once set up, using it is simple on any platform. All commands work identically on Linux, macOS, and Windows.
Interactive Mode
Start a full chat session with the welcome banner:
# Base image (default)
copilot_here
# With .NET image
copilot_here --dotnet
# With .NET + Playwright image
copilot_here --dotnet-playwright
# With Rust image
copilot_here --rust
# Get help
copilot_here --help
copilot_yolo --help
Non-Interactive Mode
Pass a prompt directly to get a quick response.
Safe Mode (asks for confirmation before executing):
# Base image
copilot_here "suggest a git command to view the last 5 commits"
copilot_here "explain the code in ./my-script.js"
# .NET image
copilot_here --dotnet "build and test this .NET project"
copilot_here --dotnet "explain this C# code"
# .NET + Playwright image
copilot_here --dotnet-playwright "run playwright tests for this app"
# Skip cleanup and pull for faster startup
copilot_here --no-cleanup --no-pull "quick question about this code"
# Use specific model
copilot_here --model claude-sonnet-4.5 "explain this algorithm"
Accessing Session Information
Inside any copilot_here container, you can view detailed information about your session:
# View formatted session info (image, mounts, mode, etc.)
session-info
# Or manually format with Python (works in all images without rebuild)
echo $COPILOT_HERE_SESSION_INFO | python3 -m json.tool
# View raw JSON
echo $COPILOT_HERE_SESSION_INFO
# Query specific fields with jq
echo $COPILOT_HERE_SESSION_INFO | jq .image.tag
echo $COPILOT_HERE_SESSION_INFO | jq .mounts
echo $COPILOT_HERE_SESSION_INFO | jq .airlock.network_config # If airlock enabled
The COPILOT_HERE_SESSION_INFO environment variable contains:
Version: copilot_here build version
Image: Tag and full image name
Mode: "standard" or "yolo"
Working Directory: Container working directory path
Mounts: All mounted paths with their modes (ro/rw) and sources
Airlock: Network proxy status and configuration (if enabled)
This makes it easy for AI assistants to understand the environment without scrolling through startup logs.
> Note: The session-info command will be available in containers after the next image rebuild. Until then, use echo $COPILOT_HERE_SESSION_INFO | python3 -m json.tool for formatted output.
YOLO Mode (auto-approves execution):
# Base image
copilot_yolo "write a function that reverses a string"
copilot_yolo "run the tests and fix any failures"
# .NET image
copilot_yolo --dotnet "create a new ASP.NET Core API project"
copilot_yolo --dotnet "add unit tests for this controller"
# .NET + Playwright image
copilot_yolo --dotnet-playwright "write playwright tests for the login page"
# Skip cleanup for faster execution
copilot_yolo --no-cleanup "generate a README for this project"
π³ Docker Image Variants
This project provides multiple Docker image variants for different development scenarios. All images include the GitHub Copilot CLI and inherit the base security and authentication features.
Available Images
Tag
Flag
Description
latest
(default)
Base image with Node.js 20, Git, and essential tools
dotnet
--dotnet
.NET 8, 9 & 10 SDKs
dotnet-8
--dotnet8
.NET 8 SDK only
dotnet-9
--dotnet9
.NET 9 SDK only
dotnet-10
--dotnet10
.NET 10 SDK only
playwright
--playwright
Playwright with Chromium browser
dotnet-playwright
--dotnet-playwright
.NET + Playwright combined
rust
--rust
Rust toolchain
dotnet-rust
--dotnet-rust
.NET + Rust combined
golang
--golang
Go toolchain
java
--java
Java JDK 21 with Maven, Gradle & PlantUML
(custom)
--image
Any custom Docker image
Choosing the Right Image
Use latest for general development, scripting, and Node.js projects
Use dotnet when working with .NET projects without browser testing needs
Use playwright when working with Node.js projects that need browser automation
Use dotnet-playwright when you need both .NET and browser automation capabilities
Use rust for Rust development
Use dotnet-rust for projects combining .NET and Rust
Use golang for Go development
Use java for Java development with Maven or Gradle
Use --image to bring your own custom Docker image with additional tools
π» Supported Systems
Operating System
Shell
Supported
Tested
macOS
Zsh
β
β
macOS
Bash
β
β
Linux
Bash
β
β
Linux
Zsh
β
Windows 10/11
PowerShell 5.1
β
β
Windows 10/11
PowerShell 7+
β
β
> Note: "Tested" represents systems personally tested by the maintainer. The tool likely works on other compatible systems too, but hasn't been verified yet. If you successfully use it on an untested configuration, please let us know!
