You can auto-approve tool calls and terminal commands in Copilot’s Agent mode.
With ❤️ from Eleanor
< @intellectronica >( OKIGU Consulting | Elite AI-assisted Coding )
Add an allow/deny list in your VS Code settings.json:
{
// Auto-approve only these terminal commands in Agent mode
"chat.tools.terminal.autoApprove": {
"/^git\\s+(status|diff|log|show)\\b/": true,
"/^npm\\s+(test|run\\s+lint)\\b/": true,
"/^pnpm\\s+(test|lint)\\b/": true,
"/^mvn\\s+test\\b/": true,
// Keep risky commands explicitly gated
"rm": false,
"rmdir": false,
"del": false,
"kill": false,
"chmod": false,
"chown": false,
"/^git\\s+(push|reset|revert|clean)\\b/": false
}
}This uses regex keys for patterns (wrap them in /…/). Anything not matched falls back to the normal confirmation dialog. (code.visualstudio.com)
Flip this experimental switch:
{
"chat.tools.autoApprove": true
}That removes confirmations for every tool invocation, which is handy for sandboxes but risky on real projects. (code.visualstudio.com)
- Settings → “Agent mode”: look for Auto-approve tools and Auto-approve terminal commands toggles, or search for
chat.tools.autoApproveandchat.tools.terminal.autoApprove. (code.visualstudio.com)
- These features are marked Experimental in current VS Code docs; make sure you’re on a recent VS Code + Copilot extension. (code.visualstudio.com)
"chat.tools.terminal.autoApprove": {
// Allow everything by default
"*": true,
// Block destructive file operations (cross-platform)
"rm": false,
"rmdir": false,
"del": false,
"erase": false,
"rd": false,
"/^rm\s+-rf/": false,
// Block PowerShell destructive commands
"Remove-Item": false,
"Remove-ItemProperty": false,
"/^Remove-/": false,
"Clear-Content": false,
"Clear-Item": false,
"/^Format-/": false,
// Block dangerous git operations
"/^git\s+(clean|reset\s+--hard|push\s+--force)/": false,
// Block system modifications (Linux/Mac)
"sudo": false,
"chmod": false,
"chown": false,
"kill": false,
"killall": false,
// Block system modifications (Windows)
"Stop-Process": false,
"Stop-Computer": false,
"Restart-Computer": false,
"Set-ExecutionPolicy": false,
"takeown": false,
"icacls": false,
"cacls": false,
"attrib": false,
// Block package uninstalls/removals
"/^npm\s+(uninstall|un\b)/": false,
"/^pip\s+uninstall/": false,
"/^cargo\s+clean/": false,
"/^brew\s+uninstall/": false,
"Uninstall-Package": false,
"Uninstall-Module": false,
"/^choco\s+uninstall/": false,
"/^winget\s+uninstall/": false,
// Block network downloads (prompt injection risk)
"curl": false,
"wget": false,
"Invoke-WebRequest": false,
"Invoke-RestMethod": false,
"iwr": false,
"irm": false,
// Block code execution risks (PowerShell)
"Invoke-Expression": false,
"iex": false,
"/^&\s+/": false,
// Block registry modifications (Windows)
"/^reg\s+(delete|add)/": false,
"Remove-ItemProperty": false,
// Block network configuration (Windows)
"/^netsh\s/": false,
// Block WMI operations (Windows)
"/^wmic\s/": false,
// Block Docker destructive operations
"/^docker\s+(rm|rmi|system\s+prune)/": false,
"/^docker-compose\s+down/": false,
// Block format/partition operations
"mkfs": false,
"fdisk": false,
"parted": false,
"diskpart": false,
"Format-Volume": false,
"Clear-Disk": false
}