The Paranoid Guide to Running Copilot CLI in a Secure Docker Sandbox (gordonbeeming.com)

Gordon Beeming released "copilot_here," a lightweight Docker-based sandbox for running GitHub Copilot CLI so you can use its powerful command-execution features (including --allow-all-tools) without giving the agent unconstrained access to your machine. The project wraps Copilot CLI in a container that maps your current project into /work, enforces file-scope isolation (your home directory, SSH keys and other projects remain inaccessible), and preserves seamless gh login authentication. It provides two UX modes—Safe (prompts before executing) and YOLO (auto-approve)—so you can trade convenience for caution, plus built-in checks that warn about overly privileged GitHub tokens. Technically, the repo contains a Dockerfile and entrypoint script that handle permissions and environment setup; the base image ships Node.js 20, Git and common tooling. Image variants include dotnet (adds .NET 8/9 SDKs and ASP.NET runtimes) and dotnet-playwright (adds Playwright 1.56.0 and Chromium, ~500–600MB extra) selectable with simple flags (-d, -dp). Containers share the host network (not isolated by firewall), so local network access remains possible. Extras: automatic image cleanup (skips with --no-cleanup), optional no-pull (--no-pull), installer/update scripts, and cross-platform shell functions. The approach lowers the “blast radius” of dangerous commands while keeping Copilot CLI practical and portable for everyday dev workflows.