content/manuals/ai/sandboxes/agents/copilot.md
{{< summary-bar feature_name="Docker Sandboxes" >}}
This guide covers authentication, configuration, and usage of GitHub Copilot in a sandboxed environment.
Official documentation: GitHub Copilot CLI
Create a sandbox and run Copilot for a project directory:
$ docker sandbox run copilot ~/my-project
The workspace parameter is optional and defaults to the current directory:
$ cd ~/my-project
$ docker sandbox run copilot
Copilot requires a GitHub token with Copilot access. Credentials are scoped per sandbox and must be provided through environment variables on the host.
Set the GH_TOKEN or GITHUB_TOKEN environment variable in your shell
configuration file.
Docker Sandboxes use a daemon process that doesn't inherit environment variables from your current shell session. To make your token available to sandboxes, set it globally in your shell configuration file.
Add the token to your shell configuration file:
export GH_TOKEN=ghp_xxxxx
Or use GITHUB_TOKEN:
export GITHUB_TOKEN=ghp_xxxxx
Apply the changes:
source ~/.bashrc (or ~/.zshrc)$ docker sandbox create copilot ~/project
$ docker sandbox run <sandbox-name>
The sandbox detects the environment variable and uses it automatically.
Copilot can be configured to trust specific folders, disabling safety prompts
for those locations. Configure trusted folders in ~/.copilot/config.json:
{
"trusted_folders": ["/workspace", "/home/agent/projects"]
}
Workspaces are mounted at /workspace by default, so trusting this path
allows Copilot to operate without repeated confirmations.
Pass Copilot CLI options after the sandbox name and a -- separator:
$ docker sandbox run <sandbox-name> -- --yolo
The --yolo flag disables approval prompts for a single session without
modifying the configuration file.
Template: docker/sandbox-templates:copilot
Copilot launches with --yolo by default when trusted folders are configured.
See Custom templates to build your own agent images.