[copilot-cli-research] Copilot CLI Deep Research - February 2026

[github-actions[bot]]

🔍 Copilot CLI Deep Research Report

Analysis Date: February 2, 2026
Repository: githubnext/gh-aw
Workflow Run: §21597477191
Scope: 149 total workflows, 73 using Copilot engine (49%)

---

📊 Executive Summary

Research Topic: Copilot CLI Optimization Opportunities
Key Findings:

1. Strong Adoption - 49% of workflows use Copilot, showing excellent uptake
2. Feature Gaps - 13% sandbox adoption represents significant security opportunity
3. Underutilized Tools - web-fetch (7%), repo-memory (19%) have growth potential
4. Configuration Opportunities - Limited use of engine.agent, custom models, advanced CLI flags

Primary Recommendation: Increase sandbox/firewall adoption from 13% to at least 50% to improve security posture and prevent unauthorized network access.

The repository demonstrates strong Copilot CLI adoption with 73 workflows actively using the engine. However, significant opportunities exist to leverage advanced features like sandboxing (87% of workflows lack it), repo-memory for state management (81% don't use it), and web-fetch for research tasks (93% miss this capability). Security should be the top priority given low firewall adoption.

---

Critical Findings

🔴 High Priority Issues

1. Low Sandbox Adoption (Security Risk)

• Current State: Only 19/149 workflows (13%) use sandbox/firewall
• Risk: 87% of workflows have unrestricted network access
• Impact: Potential for data exfiltration, supply chain attacks, unauthorized API calls
• Action Required: Enable sandbox: awf or sandbox: srt by default for all workflows

2. Repo-Memory Underutilization (State Management Gap)

• Current State: Only 29/149 workflows (19%) use repo-memory
• Impact: Workflows can't track state across runs, duplicate work, miss trends
• Opportunity: Persistent storage enables smarter agents that learn from history

🟡 Medium Priority Opportunities

3. Web-Fetch Tool Severely Underutilized

• Current State: Only 11/149 workflows (7%) use web-fetch
• Impact: Agents can't research external documentation, check URLs, validate links
• Use Cases: Documentation validation, external API research, competitive analysis

4. Limited Engine Configuration Customization

• Current State: Minimal usage of engine.agent, engine.model, engine.args
• Impact: All workflows use same model/configuration, missing optimization opportunities
• Opportunity: Task-specific models (e.g., gpt-5.1-codex-mini for detection) could reduce costs

---

1️⃣ Current State Analysis

View Copilot CLI Capabilities Inventory

Copilot CLI Capabilities Inventory

Available CLI Flags (from copilot_engine_execution.go):

• --add-dir - Add directories to agent's accessible paths
• --agent - Specify custom agent file
• --agent-image - Select container image for AWF
• --allow-all-paths - Allow write access to all paths (for edit tool)
• --allow-domains - Network allowlist for firewall
• --block-domains - Network blocklist for firewall
• --container-workdir - Set container working directory
• --disable-builtin-mcps - Disable built-in MCP servers
• --enable-host-access - Allow host.docker.internal access (for MCP gateway)
• --env-all - Pass all environment variables
• --image-tag - Pin AWF Docker image version
• --log-dir - Log output directory
• --log-level - Logging verbosity
• --model - Override AI model
• --mount - Mount host paths in container
• --prompt - Agent prompt/instruction
• --proxy-logs-dir - Proxy logs directory
• --share - Generate conversation markdown file

Engine Configuration Options:

engine:
  id: copilot
  model: gpt-5.1-codex  # Custom model selection
  agent: agent-name     # Custom agent file (controls --agent flag)
  command: copilot      # Custom command override
  args: [--custom]      # Additional CLI arguments
  env:
    KEY: value          # Custom environment variables

Available Tools:

• bash - Shell command execution with wildcards or specific commands
• edit - File editing capabilities
• github - GitHub API access with granular toolsets (default, repos, issues, pull_requests, actions, code_security, etc.)
• web-fetch - Web content fetching (built-in)
• repo-memory - Persistent git-backed storage
• cache-memory - Session-scoped file caching
• agentic-workflows - MCP server for workflow management
• serena - Code generation and Mermaid diagram tools
• playwright - Browser automation (containerized)

Sandbox Options:

• sandbox: awf - AWF firewall with network restrictions
• sandbox: srt - Sandbox Runtime with process isolation
• Custom agent configs: mounts, args, env, command overrides

Network Permissions:

network:
  allowed: [defaults, github, node, python]  # Domain allowlists
  blocked: [evil.com]                        # Domain blocklists (rarely used)

Safe Outputs - 20+ types for GitHub resource creation:

• create-issue, create-pull-request, create-discussion
• add-comment, add-labels, assign-to-user
• Many more (see safe-outputs documentation)

View Usage Statistics

Usage Statistics

Overall Adoption:

• Total Workflows: 149
• Copilot Workflows: 73 (49%)
• Other Engines: 76 (51% - Claude, Codex, Custom)

Feature Adoption (across all 149 workflows):

Feature	Count	Percentage	Adoption Level
GitHub toolsets	113	76%	✅ Excellent
Imports	103	69%	✅ Excellent
Network config	66	44%	🟡 Moderate
Cache-memory	52	35%	🟡 Moderate
Repo-memory	29	19%	🔴 Low
Sandbox	19	13%	🔴 Very Low
Web-fetch	11	7%	🔴 Very Low

Tool Configuration Patterns:

• Most workflows use default GitHub toolsets without granular permissions
• Bash tool commonly used with wildcards (*) or specific command lists
• Edit tool frequently enabled for file modifications
• Limited use of advanced MCP servers (Serena, Playwright, custom servers)

Timeout Configuration:

• Default: 30 minutes (constant in code)
• Common overrides: 10-15 minutes for simple tasks, 30-60 minutes for complex analysis
• Opportunity: Task-specific timeout tuning based on workflow complexity

---

2️⃣ Feature Usage Matrix

Feature Category	Available	Used	Not Used	Usage Rate
CLI Flags
--share	✅ (auto)	73	0	100%*
--add-dir	✅ (auto)	73	0	100%*
--disable-builtin-mcps	✅ (auto)	73	0	100%*
--agent	✅	0	73	0%
--allow-all-paths	✅ (auto with edit)	~50	~23	~68%
Engine Config
engine.id	✅	~5	~68	~7%
engine.model	✅	~3	~70	~4%
engine.agent	✅	0	73	0%
engine.args	✅	~1	~72	~1%
engine.env	✅	~2	~71	~3%
Tools
github	✅	~70	~3	~96%
bash	✅	~60	~13	~82%
edit	✅	~45	~28	~62%
repo-memory	✅	29	44	40%**
cache-memory	✅	52	21	71%**
web-fetch	✅	11	62	15%**
Sandbox
sandbox: awf	✅	~15	~58	~21%
sandbox: srt	✅	~4	~69	~5%
Network
allowed	✅	66	7	90%**
blocked	✅	0	73	0%

*Auto-enabled by compiler
**Percentage of workflows using that feature category

---

3️⃣ Missed Opportunities

View High Priority Opportunities

🔴 High Priority

Opportunity 1: Enable Sandbox/Firewall by Default

What: Only 13% of workflows use sandbox: awf or sandbox: srt for network isolation

Why It Matters:

• Security Risk: 87% of workflows have unrestricted internet access
• Agents can exfiltrate secrets to arbitrary domains
• Supply chain attacks via compromised packages
• Unauthorized API calls and data leakage

Where: All Copilot workflows should enable sandbox unless they have a specific reason not to

How to Implement:

# Add to ALL workflows:
engine: copilot
network:
  allowed:
    - defaults      # GitHub APIs, npm, PyPI, etc.
    - github        # api.github.com
    - node          # npmjs.org, registry.npmjs.org
sandbox:
  agent: awf        # Enable AWF firewall

Example Workflows to Update:

• ai-moderator.md - Reads GitHub data only, should have strict network limits
• auto-triage-issues.md - Labels issues, no external network needed
• daily-assign-issue-to-user.md - Assigns issues, should be fully sandboxed
• Plus 50+ more workflows without sandbox configuration

Expected Benefits:

• Prevent accidental/malicious data exfiltration
• Comply with security best practices
• Improve audit trail (proxy logs show all network access)
• Enable safe deployment of untrusted code

Trade-offs:

• Slightly more complex configuration
• Need to maintain network allowlists
• Debugging network issues requires checking proxy logs

---

Opportunity 2: Increase Repo-Memory Adoption

What: Only 19% of workflows use repo-memory for persistent state tracking

Why It Matters:

• Agents can't remember findings from previous runs
• Duplicate analysis work across executions
• Can't track trends or changes over time
• Miss patterns that emerge across multiple runs

Where: Workflows that benefit from historical context:

• Daily/weekly scheduled workflows (trend analysis)
• Campaign managers (track progress)
• Performance monitors (compare metrics)
• Quality checkers (identify regressions)

How to Implement:

tools:
  repo-memory:
    branch-name: memory/workflow-name  # Unique branch per workflow
    file-glob: "**"                    # Or specific patterns
    max-file-size: 102400              # 100KB per file

Example Workflows to Update:

1. ai-moderator.md - Track moderation patterns and false positives

   tools:
     repo-memory:
       branch-name: memory/moderation-history
       file-glob: ["memory/moderation-history/*.json"]

2. cli-consistency-checker.md - Track known issues to avoid re-reporting

   tools:
     repo-memory:
       branch-name: memory/cli-consistency
       file-glob: ["memory/cli-consistency/*.json"]

3. daily-copilot-token-report.md - Already using repo-memory ✅ (good example!)

Expected Benefits:

• Smarter agents that learn from history
• Avoid duplicate work and reports
• Identify trends and regressions
• Reduce token consumption (skip re-analysis)

---

Opportunity 3: Document --share Flag Benefits

What: The --share flag is auto-enabled but its benefits aren't documented

Why It Matters:

• Generates markdown conversation transcript
• Useful for debugging agent behavior
• Can be shared for collaboration
• Currently hidden implementation detail

Action Required:

• Document in workflow instructions
• Show users how to access shared conversations
• Explain benefits for debugging and transparency

View Medium Priority Opportunities

🟡 Medium Priority

Opportunity 4: Promote Web-Fetch Tool Usage

What: Only 7% of workflows use the built-in web-fetch tool

Why It Matters:

• Agents can't validate external URLs
• Can't research external documentation
• Can't check API specifications
• Can't verify links in documentation

Where: Workflows that could benefit:

• Documentation reviewers (check external links)
• API integration workflows (fetch OpenAPI specs)
• Research agents (gather information from web)
• Link validators (verify references)

How to Implement:

tools:
  web-fetch:       # Enable built-in web-fetch tool
network:
  allowed:
    - defaults
    - "*"          # Or specific domains for web-fetch

Example Workflows to Update:

1. claude-code-user-docs-review.md - Could fetch external documentation
2. cli-consistency-checker.md - Could verify help URLs
3. brave.md - Already uses Brave search, could add web-fetch for follow-up

Expected Benefits:

• Richer research capabilities
• Validate external references
• Fetch up-to-date documentation
• Cross-reference multiple sources

---

Opportunity 5: Enable engine.agent Configuration

What: Zero workflows use engine.agent to specify custom agent files

Why It Matters:

• Can't use custom agent personas
• Can't override default agent instructions
• Miss opportunity for specialized agent files

Where: Workflows with unique agent personas or specialized instructions

How to Implement:

engine:
  id: copilot
  agent: archie     # Use .github/agents/archie.md

Note: The agent: field in engine configuration controls the --agent CLI flag. This is distinct from agent imports (.github/imports/*.md) which only import markdown content into the prompt but don't set the flag.

Example Usage:

• Archie workflow could use custom agent file
• Specialized domain agents (security, performance, quality)

---

Opportunity 6: Model Selection Guidance

What: Only ~4% of workflows customize the AI model via engine.model

Why It Matters:

• Different tasks need different models
• Cost optimization (use cheaper models for simple tasks)
• Quality optimization (use better models for complex analysis)

Where: Task-specific model selection opportunities:

• Detection/Triage → gpt-5.1-codex-mini (fast, cheap)
• Complex Analysis → gpt-5.1-codex or gpt-5.2 (quality)
• Code Review → gpt-5.1-codex (code-specialized)

How to Implement:

engine:
  id: copilot
  model: gpt-5.1-codex-mini  # For simple/fast tasks

Example:

• ai-moderator.md already uses gpt-5.1-codex-mini ✅
• Other moderation/triage workflows should follow this pattern

---

Opportunity 7: Network Blocklist Usage

What: Zero workflows use network.blocked for domain blocklists

Why It Matters:

• Can't explicitly block known bad domains
• Can't prevent specific integrations
• Allowlist-only approach may miss edge cases

How to Implement:

network:
  allowed: [defaults, github]
  blocked: [analytics.example.com, ads.example.com]

Use Cases:

• Block analytics/tracking domains
• Block known malicious domains
• Prevent specific third-party services

View Low Priority Opportunities

🟢 Low Priority

Opportunity 8: Custom Args Patterns

What: Only ~1% of workflows use engine.args for custom CLI arguments

Why It Matters:

• Can't pass experimental flags
• Can't customize CLI behavior
• Limited flexibility for power users

Example:

engine:
  id: copilot
  args: ["--experimental-feature"]

---

Opportunity 9: Environment Variable Customization

What: Only ~3% of workflows use engine.env for custom environment variables

Why It Matters:

• Can't configure agent behavior via env vars
• Can't pass secrets to custom tools
• Limited runtime configuration

Example:

engine:
  id: copilot
  env:
    CUSTOM_CONFIG: "value"
    DEBUG_MODE: "true"

---

Opportunity 10: Timeout Optimization

What: Most workflows use default 30-minute timeout without tuning

Why It Matters:

• Simple tasks waste runner time
• Complex tasks may hit timeout prematurely
• Cost optimization opportunity

Recommendation:

• Simple tasks (labels, moderation): 5-10 minutes
• Medium tasks (analysis, reports): 15-20 minutes
• Complex tasks (campaigns, multi-step): 30-60 minutes

---

Opportunity 11: GitHub Toolsets Granularity

What: Most workflows use toolsets: [default] without fine-grained permissions

Why It Matters:

• Overly broad permissions (security)
• Agents have access to more than they need
• Harder to audit what agents can do

Recommendation:

• Use specific toolsets: [issues], [pull_requests], [repos]
• Avoid [default] unless you need multiple toolsets
• Document why each toolset is needed

Example:

tools:
  github:
    toolsets: [issues, repos]  # Only what's needed

---

Opportunity 12: Custom MCP Server Integration

What: Very limited use of custom MCP servers beyond built-ins

Why It Matters:

• Can't integrate domain-specific tools
• Miss opportunities for specialized integrations
• Limited by built-in capabilities

Example:

• Database query MCP servers
• Internal API MCP servers
• Custom workflow automation MCPs

---

4️⃣ Specific Workflow Recommendations

View Workflow-Specific Recommendations

High-Value Quick Wins

1. ai-moderator.md

• Current State: No sandbox, minimal network config
• Recommended Changes:

  network:
    allowed: [defaults, github]
  sandbox:
    agent: awf
  tools:
    repo-memory:
      branch-name: memory/moderation-patterns

• Expected Benefits: Security hardening, pattern tracking, better moderation over time

---

2. auto-triage-issues.md

• Current State: No sandbox, no state tracking
• Recommended Changes:

  sandbox:
    agent: awf
  tools:
    repo-memory:
      branch-name: memory/triage-history

• Expected Benefits: Security, avoid re-triaging same issues

---

3. daily-assign-issue-to-user.md

• Current State: No sandbox, no optimization
• Recommended Changes:

  engine:
    id: copilot
    model: gpt-5.1-codex-mini  # Cheaper for simple task
  sandbox:
    agent: awf

• Expected Benefits: Cost reduction, security hardening

---

4. cli-consistency-checker.md

• Current State: No repo-memory for tracking known issues
• Recommended Changes:

  tools:
    repo-memory:
      branch-name: memory/cli-consistency
    web-fetch:  # Verify help URLs

• Expected Benefits: Avoid duplicate reports, richer validation

---

5. claude-code-user-docs-review.md

• Current State: Uses Claude engine, could add web-fetch
• Note: This workflow uses Claude, not Copilot - skip Copilot-specific recommendations
• Opportunity: Could add web-fetch to validate external docs references

---

6. copilot-cli-deep-research.md (This workflow!)

• Current State: Good use of repo-memory ✅
• Recommended Additions:

  tools:
    web-fetch:  # Research external Copilot docs

• Expected Benefits: Validate GitHub Copilot CLI docs URLs

---

5️⃣ Best Practice Guidelines

Based on this research, here are recommended best practices for Copilot workflows:

Security First

1. Always enable sandbox - Use sandbox: awf unless you have a specific reason not to
2. Use network allowlists - Explicitly list required domains, don't allow *
3. Granular GitHub permissions - Use specific toolsets instead of [default]

State Management

4. Use repo-memory for scheduled workflows - Track trends and avoid duplicate work
5. Use cache-memory for sessions - Share data between workflow steps

Performance & Cost

6. Tune timeouts - 5-10min for simple tasks, 30-60min for complex analysis
7. Select appropriate models - Use gpt-5.1-codex-mini for detection/triage
8. Leverage --share output - Review conversation transcripts for debugging

Configuration

9. Use imports for reusable instructions - Don't duplicate common patterns
10. Document tool choices - Comment why each tool/permission is needed
11. Version pin when stability matters - Use engine.model to lock versions

Integration

12. Enable web-fetch for research tasks - Validate external docs and APIs
13. Consider custom MCP servers - For domain-specific integrations
14. Use safe-outputs - Structured GitHub resource creation

---

6️⃣ Action Items

Immediate Actions (this week):

• Create template workflows with sandbox enabled by default
• Document sandbox benefits and configuration in workflow instructions
• Audit top 10 most-used workflows and add sandbox configuration

Short-term (this month):

• Create repo-memory adoption guide with examples
• Document web-fetch use cases and benefits
• Add model selection guide (when to use which model)
• Create workflow security checklist

Long-term (this quarter):

• Migrate all workflows to sandbox by default (85% improvement needed)
• Increase repo-memory adoption to 50%+ (31% improvement needed)
• Create custom MCP server examples for common integrations
• Develop workflow performance optimization playbook

---

View Supporting Evidence & Methodology

📚 References

• Copilot Engine Code: pkg/workflow/copilot_engine.go, copilot_engine_execution.go, copilot_engine_tools.go
• MCP Configuration: pkg/workflow/copilot_mcp.go
• Workflow Instructions: .github/aw/github-agentic-workflows.md
• Sample Workflows: .github/workflows/*.md (149 workflows analyzed)
• Previous Research: None (this is the first comprehensive analysis)

Research Methodology

Data Collection

1. Code Analysis: Examined 25+ Copilot engine Go files to identify available features
2. Workflow Scanning: Analyzed all 149 workflows to identify usage patterns
3. Feature Extraction: Used grep to count feature adoption across workflows
4. Pattern Recognition: Reviewed sample workflows to understand configuration patterns

Analysis Techniques

• Quantitative Analysis: Counted feature usage with grep/find commands
• Qualitative Analysis: Reviewed workflow frontmatter to understand patterns
• Gap Analysis: Compared available features vs. actual usage
• Risk Assessment: Evaluated security implications of missing features

Tools Used

• grep, find, wc for counting and pattern matching
• Code review of pkg/workflow/copilot_*.go files
• Sample workflow examination (agent-performance-analyzer, archie, ai-moderator, etc.)

Limitations

• Based on static analysis of workflow files (no runtime behavior)
• Some features may be dynamically configured outside frontmatter
• Usage percentages are approximations based on pattern matching
• Can't measure actual feature effectiveness without runtime data

Validation

• Cross-referenced code capabilities with workflow usage
• Verified CLI flags against copilot_engine_execution.go
• Checked engine configuration options against BaseEngine struct
• Sampled 20 workflows for detailed configuration review

---

References:

• Current workflow run §21597477191
• Research data saved to repo-memory: memory/copilot-cli-research/latest.json
• Research notes: memory/copilot-cli-research/notes.md

AI generated by Copilot CLI Deep Research Agent

• expires on Feb 9, 2026, 4:10 PM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-02-09T16:10:41.887Z.

Closed by Workflow