Add GitHub Copilot CLI support to `docker sandbox run`

[henrybravo]

Description

Description

Docker Sandboxes currently supports Claude Code and Gemini CLI as agents via docker sandbox run. GitHub Copilot CLI is another popular AI coding agent that would benefit from the same sandboxed execution model.

Current Behavior

$ docker sandbox run --template ghcr.io/henrybravo/docker-sandbox-run-copilot copilot
invalid agent: copilot (must be one of: claude, gemini)

The agent name is validated against a hardcoded list before the --template flag is processed, preventing community templates from adding new agents.

Requested Feature

Add copilot as a supported agent for docker sandbox run, similar to claude and gemini.

Why GitHub Copilot CLI?

1. Popular demand: Copilot has millions of users, and the CLI is now in public preview
2. Same use case: Like Claude Code and Gemini CLI, Copilot CLI is an agentic coding assistant that modifies files and runs commands
3. Security benefits: Sandboxing Copilot CLI protects users from unintended system modifications
4. Consistent UX: Users expect the same docker sandbox run workflow for all AI coding agents

Technical Details

• Package: @github/copilot (npm)
• Installation: npm install -g @github/copilot
• Authentication: GitHub PAT with "Copilot Requests" permission, or interactive /login
• Environment variables: GITHUB_TOKEN, GH_TOKEN, or COPILOT_GITHUB_TOKEN

Community Template Ready

I've prepared a sandbox template that follows the same patterns as docker/sandbox-templates:claude-code:

• Repository: https://github.com/henrybravo/docker-sandbox-run-copilot
• Image: ghcr.io/henrybravo/docker-sandbox-run-copilot

The template includes:

• Ubuntu 24.04 base with Node.js 22 LTS
• GitHub CLI, Docker CLI, Python 3, Go
• Non-root agent user with sudo access
• Credential management for GitHub tokens
• Git configuration injection

Proposed Solution

Option A: Add copilot to supported agents (Preferred)

Add copilot to the hardcoded agent list with a default template similar to how claude and gemini work.

Option B: Allow custom agents via --template

Modify the validation logic to allow any agent name when --template is specified, enabling community-driven agent support.

Additional Context

• Docker blog mentions "Broad agent support" and "building for other agents developers use"
• Feedback email: coding-sandboxes-feedback@docker.com (also submitted there)
• Docker Desktop version tested: 4.50+

Related

• Docker Sandboxes docs: https://docs.docker.com/ai/sandboxes/
• GitHub Copilot CLI: https://github.com/github/copilot-cli
• Community template: https://github.com/henrybravo/docker-sandbox-run-copilot

[thaJeztah]

Thanks for reporting.

The sandbox command is implemented as a CLI plugin, and the code is not maintained in this repository; unfortunately, the repository for the plugin is closed-sources, so I cannot transfer this ticket, but let me see if I can find someone to look if this would be possible (and where to best report issues with the plugin).

cc @kiview @rcjsuen

[rcjsuen]

@henrybravo Thank you for your interest in this project and for raising this. I have shared this internally with the team.

[henrybravo]

@henrybravo Thank you for your interest in this project and for raising this. I have shared this internally with the team.

awesome! lmk if you have questions - thanks @thaJeztah @rcjsuen