A demonstration repository showcasing how to use GitHub Copilot in VS Code with a DevContainer environment to run coding agents in a safe and secure sandbox.
This repository provides a production-ready Dev Container setup that demonstrates best practices for:
- Running GitHub Copilot CLI agents safely and securely
- Isolating development workloads in a sandboxed container environment
- Leveraging VS Code with Copilot for AI-assisted coding tasks
- Executing automated coding operations with permission controls
The entire development environment is containerized, ensuring that any Copilot agent operations run in an isolated sandbox without affecting your host machine.
- Docker (for running containers)
- VS Code with the Dev Containers extension (VS Code DevContainers Guide)
- Clone or open this repository in VS Code
- Open in Dev Container: VS Code will detect the
.devcontainerconfiguration and prompt you to "Reopen in Container" - Wait for initialization: The container will build and install the GitHub Copilot CLI automatically
- Start using Copilot: Once ready, the
copilotandyolocommands are available in the terminal
- Sandboxed Execution: All Copilot operations run inside a containerized environment
- Pre-configured: GitHub Copilot CLI comes pre-installed and ready to use
- Permission Controls: Use
--allow-allflag for full permissions or default restricted mode - Reproducible Environment: Same setup works across Windows, macOS, and Linux
| Command | Description |
|---|---|
copilot |
Run the GitHub Copilot CLI (default restricted mode) |
yolo |
Alias for copilot --allow-all (full permissions mode - use cautiously) |
copilot --help |
View all available Copilot commands |
- Base Image:
mcr.microsoft.com/devcontainers/base:noble(Ubuntu 24.04 LTS) - Copilot CLI: Latest prerelease version from
ghcr.io/devcontainers/features/copilot-cli:1 - Isolation: Complete filesystem and process isolation from the host
- ✅ Changes made by Copilot are contained within the container
- ✅ Host machine remains unaffected by container operations
- ✅ Easy to reset: Simply rebuild the container to start fresh
- ✅ Permission scoping: Control Copilot's access level with command flags
# Inside the container terminal:
# Run Copilot in default restricted mode
copilot explain "your question here"
# Or use full permissions when needed
yolo "create a new function for..."
# View available skills and features
copilot --helpAll configuration lives in .devcontainer/scripts/setup-copilot.sh. The orchestrator .devcontainer/onCreateCommand.sh calls setup scripts on container creation.
Edit the MARKETPLACE_REPOS array in .devcontainer/scripts/setup-copilot.sh:
declare -A MARKETPLACE_REPOS=(
[my-marketplace]="owner/repo"
[microsoft-docs-marketplace]="microsoftdocs/mcp"
)Edit the PLUGINS array in .devcontainer/scripts/setup-copilot.sh:
declare -A PLUGINS=(
[my-marketplace]="plugin1 plugin2 plugin3"
[microsoft-docs-marketplace]="microsoft-docs"
)Plugins are listed by name, separated by spaces, under their corresponding marketplace.
Skills are reusable AI instruction sets installed via skills.sh. Edit the SKILLS_TO_INSTALL array in .devcontainer/scripts/setup-copilot.sh:
declare -A SKILLS_TO_INSTALL=(
["anthropics/skills"]="skill-creator"
["my-org/my-skills"]="skill-a skill-b"
)- Key: the
owner/repohosting the skills - Value: space-separated list of skill names to install from that repo
After editing setup-copilot.sh, rebuild the Dev Container:
- Open the VS Code Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
- Run Dev Containers: Rebuild Container
- Wait for the container to rebuild and install