[copilot-cli-research] Copilot CLI Deep Research - 2026-03-30

[github-actions[bot]]

📊 Executive Summary

Analysis Date: 2026-03-30 | Repository: github/gh-aw | Scope: 178 total workflows, 85 using Copilot engine (48%)

This is the first comprehensive analysis of Copilot CLI feature adoption in this repository. The findings reveal a significant gap between the feature-rich Copilot engine and actual usage patterns. Most workflows use a minimal subset of available capabilities — primarily github: tool + network: config — while powerful differentiators like max-continuations, custom agent files, and sandbox isolation are almost completely absent from the workflow library.

The most striking finding: max-continuations — the only feature exclusive to Copilot that enables autonomous multi-step operation — is used by exactly 1 workflow (1%), despite being the key mechanism that distinguishes Copilot from other engines for long-running tasks.

---

🔴 Critical Findings (High Priority)

1. max-continuations is nearly unused (1/85 = 1%)
This is Copilot's unique superpower — enabling autopilot mode for complex, multi-step work. Only smoke-copilot.md uses it. Workflows like hourly-ci-cleaner, dead-code-remover, code-simplifier, and daily-workflow-updater would benefit enormously.

2. Sandbox adoption is too low (12/85 = 14%) for code-modifying workflows
79 workflows use the edit: tool to modify files, but only 14 workflows total have sandbox configuration. Code-modifying workflows running without AWF isolation are a security gap — especially for scheduled jobs that run autonomously.

🟡 Medium Priority Opportunities

3. Custom agent files barely used (3/85 = 4%)
9 agent files exist in .github/agents/ but only 3 workflows (glossary-maintainer, hourly-ci-cleaner, technical-doc-writer) use engine.agent. Workflows with specialized roles (security-review, code-scanning-fixer, etc.) could benefit from domain-specific agent personas.

4. mcp-scripts adoption is minimal (3 total)
mcp-scripts enable structured tool outputs with strong typing. Only 3 workflows use this capability despite it being available across the codebase.

5. Overly broad GitHub toolsets — [default] used 46 times
46 workflows use toolsets: [default] which grants broad permissions (context, repos, issues, pull_requests). Workflows that only read could use [repos] or [issues] — reducing attack surface.

---

1️⃣ Copilot CLI Capabilities Inventory

View Full Capabilities Inventory

CLI Flags (Auto-configured by gh-aw)

Flag	Description	When Applied
--add-dir	Allows read/write to a directory	Always (workspace + /tmp/gh-aw/)
--disable-builtin-mcps	Disables built-in MCP servers	Always
--allow-all-tools	Grants all tool permissions	When bash: ["*"] or ["*"]
--allow-all-paths	Allows write on all paths	When edit: tool enabled
--allow-tool shell(cmd)	Grants specific shell command	Per bash: tool list
--allow-tool github(fn)	Grants specific GitHub function	Per github.allowed: list
--allow-tool web_fetch	Enables web fetching	When web-fetch: enabled
--autopilot	Enables autopilot mode	When max-continuations > 1
--max-autopilot-continues N	Sets max autopilot iterations	When max-continuations > 1
--agent agent-id	Uses custom agent file	When engine.agent: set
--log-level all	Full logging	Always
--log-dir	Log directory	Always

Extended Engine Configuration Options

Option	Description	Used In Production
engine.id: copilot	Extended engine config mode	8 workflows
engine.version	Pin specific CLI version	0 production workflows
engine.model	Override model (sets COPILOT_MODEL)	1 workflow (poem-bot)
engine.args	Custom CLI arguments	0 workflows
engine.env	Custom environment variables	0 workflows
engine.agent	Custom agent file identifier	3 workflows
engine.api-target	Custom API endpoint hostname	0 workflows

Sandbox Options

Option	Description
sandbox.agent: awf	Full AWF sandbox isolation (default when sandbox: set)
sandbox.agent: srt	SRT sandbox (lightweight)
sandbox.agent.mounts	Custom directory mounts into sandbox
sandbox.agent: false	Explicitly disable sandbox

Execution Environment Variables Set

• GH_AW_PROMPT — the compiled prompt
• GH_AW_WORKFLOW_NAME — workflow name
• GH_AW_ENGINE — engine identifier
• GH_AW_VERSION — compiler version
• GH_AW_PHASE — "agent" or "detection"
• COPILOT_MODEL — model override (when engine.model set)

---

2️⃣ Feature Usage Matrix

Feature	Available	Used	Not Used	Usage Rate
network: config	✅	87/178	91	49%
safe-outputs:	✅	171/178	7	96%
strict: mode	✅	120/178	58	67%
github: tool	✅	127/178	51	71%
bash: tool	✅	109/178	69	61%
edit: tool	✅	79/178	99	44%
cache-memory:	✅	73/178	105	41%
features.copilot-requests	✅	41/178	137	23%
web-fetch: tool	✅	20/178	158	11%
playwright: tool	✅	20/178	158	11%
sandbox:	✅	14/178	164	8%
engine.agent	✅ (Copilot-only)	3/178	175	2%
mcp-scripts:	✅	3/178	175	2%
max-continuations:	✅ (Copilot-only)	1/178	177	0.6%
engine.version (copilot)	✅	0/85	85	0%
engine.env	✅	0/178	178	0%
engine.args	✅	0/178	178	0%
engine.api-target	✅	0/178	178	0%

---

3️⃣ Missed Opportunities

View High Priority Opportunities (🔴)

🔴 Opportunity 1: Enable max-continuations for Complex Workflows

What: max-continuations enables Copilot's autopilot mode, allowing it to complete work across multiple consecutive runs without human intervention. This is the only Copilot-exclusive feature not available in Claude/Codex.

Why It Matters: Long-running tasks like CI fixing, doc updates, and code refactoring often can't complete in a single run. max-continuations is the mechanism that enables true autonomous completion.

Where: These workflows would benefit most:

• hourly-ci-cleaner.md — Already uses extended engine config but doesn't set max-continuations
• dead-code-remover.md — Code removal requires multiple iterations
• code-simplifier.md — Simplification across large codebases
• daily-workflow-updater.md — Updating many workflows in sequence
• daily-testify-uber-super-expert.md — Test refactoring

How to Implement:

engine:
  id: copilot
  agent: ci-cleaner
max-continuations: 5  # Allow up to 5 autopilot continuation runs

Note: The comment in hourly-ci-cleaner.md even acknowledges this gap: # Note: max-turns not available for Copilot engine (Claude only) — but misses that max-continuations IS available for Copilot!

---

🔴 Opportunity 2: Add Sandbox to Code-Modifying Workflows

What: The AWF sandbox (Agent Workspace Firewall) isolates the agent from the host environment, preventing unintended side effects and enforcing network restrictions.

Why It Matters: Workflows that modify code (edit: enabled) running without sandbox isolation have unrestricted access to the GitHub Actions runner. For scheduled workflows running autonomously, this is a security risk.

Where: The following copilot workflows have edit: but no sandbox: (sample):

• code-simplifier.md
• dead-code-remover.md
• daily-file-diet.md
• daily-compiler-quality.md
• daily-testify-uber-super-expert.md
• breaking-change-checker.md
• jsweep.md

How to Implement:

sandbox:
  agent:
    mounts:
      - "/usr/local/go:/usr/local/go:ro"
      - "/usr/bin/make:/usr/bin/make:ro"

View Medium Priority Opportunities (🟡)

🟡 Opportunity 3: Leverage Custom Agent Files for Specialized Workflows

What: .github/agents/ contains 9 agent files with domain-specific personas and instructions. Only 3 workflows use engine.agent.

Available Unused Agents:

• agentic-workflows.agent.md — Expert in writing gh-aw workflows
• contribution-checker.agent.md — PR review specialist
• grumpy-reviewer.agent.md — Critical code reviewer
• create-safe-output-type.agent.md — Safe output specialist
• interactive-agent-designer.agent.md — UX-focused agent designer
• w3c-specification-writer.agent.md — Spec writing
• custom-engine-implementation.agent.md — Engine implementation expert

Where: Workflows that would benefit:

• contribution-check.md → use contribution-checker agent
• code-scanning-fixer.md → use grumpy-reviewer for careful analysis
• craft.md / workflow-generator.md → use agentic-workflows agent

How to Implement:

engine:
  id: copilot
  agent: contribution-checker  # References .github/agents/contribution-checker.agent.md

---

🟡 Opportunity 4: Narrow GitHub Toolsets for Least-Privilege Access

What: 46 workflows use toolsets: [default] which grants access to context, repos, issues, and pull_requests APIs. Many workflows only need a subset.

Example: A workflow that only creates discussions could use:

tools:
  github:
    toolsets: [discussions]  # Instead of [default]

Mapping:

Workflow Type	Current	Recommended
Report-only workflows	[default]	[repos, issues] or [discussions]
PR analysis	[default]	[pull_requests, repos]
Issue triage	[default]	[issues, labels]
CI monitoring	[default, actions]	[actions]

---

🟡 Opportunity 5: Use engine.model for Cost Optimization

What: The Copilot engine passes the model via COPILOT_MODEL. Only 1 workflow (poem-bot.md) explicitly sets a model. Lightweight workflows (reports, summaries) could use faster, cheaper models.

How to Implement:

engine:
  id: copilot
  model: gpt-5.1-codex-mini  # Faster/cheaper for simple tasks

Candidates for lighter models:

• daily-fact.md — Simple daily fact generation
• daily-community-attribution.md — Structured data processing
• Report-only workflows that summarize structured data

View Low Priority Opportunities (🟢)

🟢 Opportunity 6: Pin engine.version for Production-Critical Workflows

What: No copilot workflows pin a specific CLI version. latest installs whatever is current, which can cause unexpected behavior when new versions ship.

How to Implement:

engine:
  id: copilot
  version: "0.0.422"  # Pin to known-good version

Best candidates: Workflows with complex tool configurations or that have historically been sensitive to CLI behavior changes.

---

🟢 Opportunity 7: Use engine.env for Workflow-Specific Configuration

What: engine.env can inject custom environment variables into the agent execution. No workflow currently uses this.

Use cases:

• Passing API keys for custom services
• Enabling debug modes for specific workflows
• Configuring tool behavior with environment variables

How to Implement:

engine:
  id: copilot
  env:
    CUSTOM_API_ENDPOINT: "(internal.api.example.com/redacted)"
    TOOL_DEBUG: "true"

---

🟢 Opportunity 8: Expand mcp-scripts Adoption

What: Only 3 workflows use mcp-scripts. This feature enables custom MCP server scripts for specialized tool outputs with structured data.

Where: Workflows that need structured outputs beyond what safe-outputs provides could benefit.

---

4️⃣ Specific Workflow Recommendations

View Workflow-Specific Recommendations

hourly-ci-cleaner.md

• Current State: Uses extended engine config with engine.agent: ci-cleaner, but the comment explicitly notes max-turns isn't available for Copilot — missing that max-continuations IS available
• Recommended: Add max-continuations: 5 to allow the CI cleaner to complete complex fixes across multiple rounds
• Expected Benefit: Can handle more complex CI failures that require multiple fix → test → fix cycles

contribution-check.md

• Current State: Uses engine: copilot without agent customization
• Recommended: Add engine.agent: contribution-checker to leverage the dedicated agent file
• Expected Benefit: More consistent, specialized PR review behavior

code-simplifier.md / dead-code-remover.md

• Current State: Uses edit: tool without sandbox isolation
• Recommended: Add sandbox: with appropriate mounts for the build tools used
• Expected Benefit: Security isolation for autonomous code modification

daily-malicious-code-scan.md

• Current State: Good example of precise toolset usage ([repos, code_security])
• Note: This is a best practice model — uses minimal toolsets for its task

research.md

• Current State: Uses sandbox + tavily MCP for web research
• Note: This is the best practice model for research workflows — proper sandbox + external MCP

---

5️⃣ Trends & Insights

View Trend Analysis

This is the first run of this research workflow — baseline established for future comparisons.

Key baseline metrics (2026-03-30):

• Copilot adoption: 48% of workflows
• Sandbox adoption: 14% of copilot workflows
• max-continuations adoption: 1%
• engine.agent adoption: 4%

Notable Patterns:

1. Claude for analysis, Copilot for execution: Claude workflows tend to be analytical/read-only. Copilot workflows tend to be the ones that create PRs and modify code.
2. Good adoption of strict: mode (67%) — security posture is generally good
3. Excellent safe-outputs: adoption (96%) — almost all workflows properly gate writes through safe-outputs
4. cache-memory well adopted (41%) — good state persistence practices exist

Future tracking targets:

• Monitor max-continuations adoption after this report
• Track sandbox adoption in new code-modifying workflows
• Watch for engine.agent usage growth as new agent personas are developed

---

6️⃣ Best Practice Guidelines

Based on this analysis, here are the recommended best practices for Copilot workflows:

1. Code-modifying workflows → Always add sandbox:
   Any workflow with edit: should include sandbox isolation. hourly-ci-cleaner.md is the gold standard.

2. Long-running autonomous tasks → Use max-continuations:
   When a task genuinely requires multiple rounds of iteration (fix → test → fix), set max-continuations instead of hoping one pass is enough.

3. Use least-privilege toolsets
   Instead of [default] for every workflow, map the actual GitHub APIs needed. daily-malicious-code-scan.md is the model: [repos, code_security].

4. Match agent files to workflow specialization
   The .github/agents/ directory has 9 specialized personas. Use engine.agent for specialized workflows.

5. Pin versions for stability-sensitive workflows
   Workflows with complex tool configurations should pin engine.version to avoid surprises on CLI updates.

---

7️⃣ Action Items

Immediate (high-impact, low-effort):

• Add max-continuations: 3-5 to hourly-ci-cleaner.md (the comment literally says it's missing!)
• Add engine.agent: contribution-checker to contribution-check.md
• Add engine.agent: agentic-workflows to craft.md and workflow-generator.md

Short-term (this month):

• Audit all workflows with edit: and no sandbox: — add sandbox to top 10 highest-risk
• Replace toolsets: [default] with precise toolsets in read-only reporting workflows
• Evaluate max-continuations for dead-code-remover.md and code-simplifier.md

Long-term (this quarter):

• Evaluate engine.model optimization for lightweight reporting workflows
• Expand mcp-scripts usage for workflows needing structured tool outputs
• Establish a "workflow quality checklist" based on these findings

---

View Research Methodology

Research Methodology

Data Sources:

• Codebase analysis: pkg/workflow/copilot_engine*.go, copilot_mcp.go, copilot_engine_tools.go
• Documentation: docs/src/content/docs/reference/engines.md
• Workflow files: All 178 *.md files in .github/workflows/
• Agent files: .github/agents/*.agent.md

Analysis Approach:

• Pattern matching on workflow frontmatter for feature detection
• Cross-reference of code capabilities vs. workflow configurations
• Manual review of representative workflows for quality assessment

Limitations:

• Frontmatter analysis only (doesn't capture runtime behavior)
• Static analysis — doesn't reflect actual execution patterns
• First run — no trend data available

Tooling

• grep for pattern matching
• Manual inspection of key files
• Go source code analysis

Previous Research

• No previous analysis found (this is run rejig docs #1)
• Future analyses will show trend data

---

References:

• §23767726241
• Engines Documentation
• copilot_engine_execution.go

AI generated by Copilot CLI Deep Research Agent · history

• expires on Mar 31, 2026, 9:17 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Copilot CLI Deep Research Agent.

A newer discussion is available at Discussion #23780.