Feature Request: Tool whitelist for Interactive Mode

[Dicer-J]

Describe the feature or problem you'd like to solve

Currently Interactive mode requires manual approval for every tool call, including safe read-only operations (grep, cat, find, git log, git status, etc.). The only alternative is /allow-all which also approves destructive operations.

Proposed solution

Add a persistent allowed_tools whitelist in ~/.copilot/config.json, similar to how antigravity handles tool permissions. Users can pre-approve safe, non-modifying
commands and only be prompted for dangerous operations (file writes, deletes, shell commands that modify state).

Example prompts or workflows

{
"allowed_tools": ["bash:grep", "bash:find", "bash:cat", "bash:git log", "bash:git status", "view", "glob"]
}

Additional context

No response

[DanteDeRuwe]

Right now I have set a command alias to be able to whitelist tools like so:

alias ghc="copilot \
	--allow-tool='write' \
	--allow-tool='shell(git log)' \
	--allow-tool='shell(git status)' \
	--allow-tool='shell(echo)' \
	--allow-tool='shell(grep)' \
	--allow-tool='shell(find)' \
	--allow-tool='shell(ls)' \
	--allow-tool='shell(cat)' \
	--allow-tool='shell(head)' \
	--allow-tool='shell(tail)' \
	--allow-tool='shell(sed)' \
	--allow-tool='shell(awk)' \
	--allow-tool='shell(sort)' \
	--allow-tool='shell(uniq)' \
	--allow-tool='shell(wc)' \
	--allow-tool='shell(jq)' \
        ...

Would indeed be great if this can be configured with a config file, just like this is done in vscode by using chat.tools.terminal.autoApprove setup (vscode even supports regex patterns)

In general, configuring --allow-tool, --deny-tool, --available-tools, etc via either global or per-repo config would be great.

[ssbarnea]

I had to google a lot to find-out that was never implemented, back to Claude.

[DanteDeRuwe]

Any updates on this?

[DanteDeRuwe]

v1.0.12 just arrived and the release notes say:

Read .claude/settings.json and .claude/settings.local.json as additional repo config sources

So I was full of hope that we could define our permissions there (until copilot adds their own settings/config file).

Too bad it does not work properly. I logged bug #2338. Maybe soon...

[jovere]

Please add this! The incessant nagging for simple things like grep is dangerous, as it's making me want to just /yolo. Claude has had this feature for half a year!