microsoft
🔧 Feature Request: “Always allow Copilot Agent to run commands without asking”
Add a user setting (e.g. copilot.agent.autoApproveCommands) in VS Code’s Copilot extension that lets users skip the confirmation prompt when Copilot’s Agent mode wants to execute terminal commands. This would function similarly to Cursor’s approach—where AI helpers can dispatch commands seamlessly once permission is granted—so that repetitive confirmation dialogs are no longer needed during a workflow.
🧠Motivation
Streamlined Workflow
When running multi-step tasks (e.g. scaffolding, migrations, build/test sequences), Copilot Agent often requests confirmation before executing each command. Chaining many steps becomes tedious. Allowing users to "approve once" would mimic Cursor’s smoother experience and reduce interruption.Consistency with Other IDE Agents
Tools like Cursor already offer a toggle for pre-approval, preventing repetitive prompts. Enabling a similar mode for Copilot would align user workflows and expectationsforum.cursor.com+5forum.cursor.com+5docs.github.com+5.User-Controlled Trust
This optional setting lets users decide their own risk level—some prefer security controls, others prefer a frictionless DevOps-style workflow. Either way, Copilot Agent can meet both needs.
🎯 Proposed Implementation
New Setting:
true: Copilot Agent skips confirmation dialogs and executes commands directly.false (default): retains current behavior—prompt before running terminal commands.
Scope:
Applies only to commands executed by Copilot Agent from its VS Code session, not to user-initiated shell commands.
âś… Expected Benefits
⚠️ Security Considerations
Clear labeling in settings UI about the risk of auto-approving commands.
Evoke attention the first time users enable the setting ("enabling this may allow Copilot to run commands without prompting").
Only terminal commands initiated via Copilot Agent should be affected—not generic shell access.
I would second this. The agent mode for Claude is especially eager to run 10s of commands to check it hasn't made mistakes (simple compilation steps or linting steps). These get boring to approve every time. I feel like agent mode UI should not be chat driven if agents are actually going to be more independent. But that's a different story.
As a middle ground, a whitelist can allow pre-approved command without risking injection attacks or other hallucinations
Requesting this as well. Cursor Editor has this feature however it is a fork of VSCode's open source, meaning it lacks critical features I need such as remote-ssh to access my development environment
This should be implemented with the same kind of whitelist as claude code (settings.json with permissions "allow" and "dissalow")
bump.
workaround is using using a macro automate python script with opencv that check the position of the screen for the continue here button, and scroll to bottom of the panel. if the button is present then click it.
In the meantime, I found this older issue https://github.com/microsoft/vscode-copilot-release/issues/8106 , the "Auto Approve" experimental setting works for me.
Currently it's missing the whitelist feature, but Github > Copilot > Chat > Agent > Terminal: Deny List is experimental and is already populated with sensible defaults (e.g. rm, rmdir, kill, ....)
There's this: https://github.com/microsoft/vscode-copilot-release/issues/8106 It allows everything tho
You can auto-approve commands from a list under chat.tools.terminal.autoApprove in the settings.json as follows:
{
...
"chat.tools.autoApprove": false,
"chat.tools.terminal.autoApprove": {
"rm": false,
"rmdir": false,
"del": false,
"kill": false,
"curl": false,
"wget": false,
"eval": false,
"chmod": false,
"chown": false,
"/^Remove-Item\\b/i": false,
"/^dotnet build .*/": true,
"/^npm .*/": true
}
}
The last two commands will be run without requiring an approval. Please note that this is not 100% safe as the .* might contain some nefarious command.
You can auto-approve commands from a list under
chat.tools.terminal.autoApprovein thesettings.jsonas follows:{ ... "chat.tools.autoApprove": false, "chat.tools.terminal.autoApprove": { "rm": false, "rmdir": false, "del": false, "kill": false, "curl": false, "wget": false, "eval": false, "chmod": false, "chown": false, "/^Remove-Item\\b/i": false, "/^dotnet build .*/": true, "/^npm .*/": true } }The last two commands will be run without requiring an approval. Please note that this is not 100% safe as the
.*might contain some nefarious command.
I followed and the auto approve suggestion and it worked.. but the whitelist is not been follow strictly.. I just saw an rm command.. which scares me a little! :D
Why not letting the agent list all next commands it will use and validate at once so it never asks again for a whole set of actions ? This way the user knows the steps it will follow and approve or not some of the tasks in the list/reorder and so on.
Auto approve has been working well for me on the WSL Ubuntu for the last few weeks, however not so much on native Windows 11. VS Code always messes up the command structure and arguments with PowerShell, so to avoid these issues, I've migrated most of my current workflows entirely to Linux. You can easily switch between WSL and Windows mode in your vs code via the command palette. I like the current auto approve workflow and settings file that is currently implemented.
Why is this changing so often? Every week I have an agent checking for how to get the auto approve working. Some days good, but constantly breaks. I now have a whole list of settings, most greyed out. Right now my windows repo works as I want but WSL not at all.... I am also seeing the agent constantly scroll back to the top of its window whn an approval is required. I am starting to regret going with VSCode Copilot rather than something else. Its a second job to maintain right now.
Why is this changing so often? Every week I have an agent checking for how to get the auto approve working. Some days good, but constantly breaks. I now have a whole list of settings, most greyed out. Right now my windows repo works as I want but WSL not at all.... I am also seeing the agent constantly scroll back to the top of its window whn an approval is required. I am starting to regret going with VSCode Copilot rather than something else. Its a second job to maintain right now.
I’ve noticed this too. I don’t like having all my auto-approve commands stored in plaintext for my settings either. It’s a security risk, and developers could easily and inadvertently commit very sensitive commands, which might include sensitive export values like API keys.
I would prefer a toggle switch to turn it off more easily in the chat title bar or something.
If I am monitoring the process, I need auto-approve, but if it's silent (i am not in office), then I would like it to ask if something required sensitive data or a task that requires me to unlock something with my dongle. etc..