Skip to content

fix(copilot): use --yolo to grant all permissions in non-interactive mode#2298

Merged
mnriem merged 3 commits intogithub:mainfrom
mnriem:fix/copilot-yolo-permissions-2294
Apr 21, 2026
Merged

fix(copilot): use --yolo to grant all permissions in non-interactive mode#2298
mnriem merged 3 commits intogithub:mainfrom
mnriem:fix/copilot-yolo-permissions-2294

Conversation

@mnriem
Copy link
Copy Markdown
Collaborator

@mnriem mnriem commented Apr 21, 2026

Summary

Fixes #2294

The Copilot CLI's --allow-all-tools flag only covers tool execution permissions but does not grant path or URL access. When the Copilot agent autonomously runs shell commands (e.g. npm run build) during workflow execution, the CLI blocks path access and cannot prompt for approval in non-interactive mode, producing:

Permission denied and could not request permission from user

Changes

  • Replace --allow-all-tools with --yolo (equivalent to --allow-all-tools --allow-all-paths --allow-all-urls) in both build_exec_args() and dispatch_command() to grant all three permission types
  • Rename the opt-out env var from SPECKIT_ALLOW_ALL_TOOLS to SPECKIT_COPILOT_ALLOW_ALL_TOOLS and scope it to the Copilot integration
  • Deprecate the old SPECKIT_ALLOW_ALL_TOOLS env var with a UserWarning fallback so existing opt-outs are not silently ignored
  • New env var takes precedence when both are set
  • Use monkeypatch in tests to avoid flakiness from ambient env vars
  • Add tests for deprecation warning, precedence, and opt-out paths

Files changed

  • src/specify_cli/integrations/copilot/__init__.py — flag, env var, and deprecation logic
  • tests/test_workflows.py — test assertion updates and new env var tests

Testing

All 141 tests pass (workflow + copilot integration suites).

…mode

The Copilot CLI's --allow-all-tools flag only covers tool execution
permissions but does not grant path or URL access. When the Copilot
agent autonomously runs shell commands (e.g. npm run build) during
workflow execution, the CLI blocks path access and cannot prompt for
approval in non-interactive mode, producing:

  Permission denied and could not request permission from user

Replace --allow-all-tools with --yolo (equivalent to --allow-all-tools
--allow-all-paths --allow-all-urls) to grant all three permission types.

Rename the opt-out env var from SPECKIT_ALLOW_ALL_TOOLS to
SPECKIT_COPILOT_ALLOW_ALL to match the formal --allow-all alias and
scope it to the Copilot integration.

Fixes github#2294
Copilot AI review requested due to automatic review settings April 21, 2026 16:26
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the GitHub Copilot CLI integration so non-interactive workflow execution can proceed without permission prompts by granting broader Copilot CLI permissions.

Changes:

  • Switch Copilot CLI permission flag from --allow-all-tools to --yolo in exec/dispatch paths.
  • Rename the opt-out environment variable to SPECKIT_COPILOT_ALLOW_ALL.
  • Update workflow test assertion to expect the new flag.
Show a summary per file
File Description
src/specify_cli/integrations/copilot/init.py Uses --yolo and a new env var to control “allow all” behavior for Copilot CLI runs.
tests/test_workflows.py Updates Copilot exec-args assertion to match the new flag.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

src/specify_cli/integrations/copilot/init.py:101

  • Same env var backwards-compat concern here as in build_exec_args(): removing SPECKIT_ALLOW_ALL_TOOLS means existing opt-out configurations won’t be applied during workflow dispatch, potentially enabling broader permissions than expected. Recommend checking both env vars (with clear precedence) so prior configurations continue to work.
        cli_args = [
            "copilot", "-p", prompt,
            "--agent", agent_name,
        ]
        if os.environ.get("SPECKIT_COPILOT_ALLOW_ALL", "1") != "0":
            cli_args.append("--yolo")
  • Files reviewed: 2/2 changed files
  • Comments generated: 2

Comment thread src/specify_cli/integrations/copilot/__init__.py
Comment thread tests/test_workflows.py
…ALLOW_ALL_TOOLS

Address Copilot review feedback:

- Honour the old SPECKIT_ALLOW_ALL_TOOLS env var as a fallback with a
  DeprecationWarning so existing opt-outs are not silently ignored.
- Rename the new canonical env var to SPECKIT_COPILOT_ALLOW_ALL_TOOLS.
- New var takes precedence when both are set.
- Use monkeypatch in tests to avoid flakiness from ambient env vars.
- Add tests for deprecation warning, precedence, and opt-out paths.
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 2

Comment thread src/specify_cli/integrations/copilot/__init__.py
Comment thread src/specify_cli/integrations/copilot/__init__.py Outdated
DeprecationWarning is suppressed by default in Python, so users relying
on the old SPECKIT_ALLOW_ALL_TOOLS env var would never see the
deprecation notice during normal CLI runs. Switch to UserWarning which
is always shown. Update test to also assert the warning category.
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0 new

@mnriem mnriem merged commit 370b5b4 into github:main Apr 21, 2026
15 checks passed
@mnriem mnriem deleted the fix/copilot-yolo-permissions-2294 branch April 21, 2026 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: Running Workflow: Permission denied and could not request permission from user

2 participants