Fix Copilot CLI invocation patterns and sandbox handling

[namos2502]

This pull request focuses on fixing sandboxing and invocation issues for both Copilot CLI and Claude CLI agents, ensuring reliable programmatic use and accurate documentation. The main improvements are the removal of unsupported flags, enforcing correct working directory usage, updating invocation patterns, and clarifying documentation for reproducible agent behavior.

Copilot CLI fixes and documentation updates:

• Removed the unsupported -s flag from all Copilot CLI invocation examples and documentation, as it causes exit code 1 and is not valid for programmatic use.
• Clarified that Copilot CLI is sandboxed to its working directory and that there is no --cwd flag; all invocations now require cd to the repository root to ensure proper file access, with updated documentation and code examples.

Claude CLI fixes and documentation updates:

• Added --cwd $(git rev-parse --show-toplevel) to all Claude CLI invocation patterns and documentation to address the same sandboxing restriction as Copilot CLI.
• Updated invocation patterns and documentation to reflect correct usage of allowed tool flags (e.g., --allowedTools "Read" "Edit") and clarified model usage.

General improvements:

• Updated the plugin version to 0.5.6 and added a detailed changelog entry summarizing all fixes and improvements.
• Ensured consistency in orchestration and agent invocation documentation, including availability checks and error handling.

These changes ensure that both Copilot CLI and Claude CLI agents can be reliably invoked from any directory, with correct flags and model selection, and that all documentation accurately reflects these best practices.

Summary by CodeRabbit

• Documentation

  • Enhanced CLI documentation with clarified working directory sandbox constraints and improved invocation patterns for better reliability.
  • Updated flag recommendations and best practices for both Claude CLI and Copilot CLI integration.
  • Refined model selection guidelines to optimize performance based on task complexity and requirements.

• Chores

  • Updated plugin version to 0.5.6.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated plugin version from 0.5.5 to 0.5.6 and revised CLI documentation for Claude and Copilot invocations. Changes include removing the -s flag, adding working directory constraints via --cwd and repository root cd commands, normalizing tool-allow formatting, and updating model selection from haiku to sonnet for complex tasks.

Changes

Cohort / File(s)	Summary
Manifest & Changelog .claude-plugin/plugin.json, CHANGELOG.md	Version bump to 0.5.6 with documented fixes for CLI invocation patterns, model selection updates, and working directory handling.
Claude CLI Documentation skills/agents/claude-cli/SKILL.md	Added "Working Directory" section; updated all example invocations with --cwd $(git rev-parse --show-toplevel) constraint; added working-directory row to Key Differences table.
Copilot CLI Documentation skills/agents/copilot-cli/SKILL.md	Removed -s flag from guidance (marked as causing exit code 1); added "Sandbox Limitation" section; normalized --allow-tool formatting (removed spaces); shifted model selection to claude-sonnet-4-5 for complex tasks and added cd to repo root in invocation examples.
Orchestration Detection skills/orchestration/SKILL.md	Updated Copilot CLI agent detection command to include cd $(git rev-parse --show-toplevel) and removed -s flag while preserving output piping.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• v0.5.4 - Fix workflow issues and enhance task complexity handling #4 — Modifies the same manifest version and overlapping CLI documentation files for consistent orchestration/invocation patterns.

Poem

🐰 A carrot of versioning, from five-five to six,
CLI flags now disciplined—no more -s mix!
Working directories wrapped in --cwd's embrace,
Sonnet shines brightly for complex-task grace,
From warren to root, our invocations race! 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title directly and concisely describes the main changes: fixing Copilot CLI invocation patterns and sandbox handling, which aligns with the primary objectives of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@skills/agents/claude-cli/SKILL.md`:
- Around line 97-103: The "Write delegation + shell (runs commands)" example's
--allowedTools list currently grants "Read" "Edit" and "Bash(git *)" only, which
omits the Write permission needed for file creation flows; update the example
command (the block titled "Write delegation + shell (runs commands)") to include
"Write" in the --allowedTools list (e.g., --allowedTools "Read" "Write" "Edit"
"Bash(git *)") so the delegation actually allows creating new files.
- Line 147: The "Working directory" table row in SKILL.md incorrectly states
Copilot CLI supports `--cwd PATH`; update that row so the Copilot column
indicates it has no `--cwd` flag and show the proper usage: change directory
before invoking (e.g., `cd /path/to/repo && copilot -p "prompt"`). Locate the
table row containing the "Working directory" label and replace the Copilot cell
content (`--cwd PATH`) with a short note like "no --cwd; cd to repo then run
copilot (e.g., cd /path && copilot -p 'prompt')", leaving the other tool's
(`--cwd PATH`) cell unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 48957b55-f961-4124-a2f9-b0f334cbec5f

📥 Commits

Reviewing files that changed from the base of the PR and between 619af8b and ad02feb.

📒 Files selected for processing (5)

• .claude-plugin/plugin.json
• CHANGELOG.md
• skills/agents/claude-cli/SKILL.md
• skills/agents/copilot-cli/SKILL.md
• skills/orchestration/SKILL.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

“Write delegation + shell” example is missing Write permission.
The command title says write delegation, but the flags only grant "Read" "Edit" "Bash(git *)". This can block file creation flows.

Suggested patch

 claude -p "[delegation prompt]" --output-format text \
   --cwd $(git rev-parse --show-toplevel) \
-  --allowedTools "Read" "Edit" "Bash(git *)" \
+  --allowedTools "Read" "Edit" "Write" "Bash(git *)" \
   --no-session-persistence

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/agents/claude-cli/SKILL.md` around lines 97 - 103, The "Write
delegation + shell (runs commands)" example's --allowedTools list currently
grants "Read" "Edit" and "Bash(git *)" only, which omits the Write permission
needed for file creation flows; update the example command (the block titled
"Write delegation + shell (runs commands)") to include "Write" in the
--allowedTools list (e.g., --allowedTools "Read" "Write" "Edit" "Bash(git *)")
so the delegation actually allows creating new files.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Does GitHub Copilot CLI currently provide a --cwdflag forcopilot -p? If not, what is the recommended way to ensure repo-root file access in scripted invocations?

💡 Result:

No, GitHub Copilot CLI does not currently provide a --cwd flag for copilot -p. An open feature request exists for this (Issue #457, opened Nov 2025). The CLI uses the current working directory where it is invoked for initial context and file access. Recommended way for scripted invocations to ensure repo-root file access: Change to the repo root directory before running copilot -p, using shell constructs like: (cd /path/to/repo && copilot -p "your prompt") or pushd /path/to/repo && copilot -p "your prompt" && popd Official docs emphasize navigating to the folder containing code first. For additional directories, use --add-dir (mentioned in French docs), but primary access is from the invocation directory. In interactive mode, /cwd or /add-dir can expand access, but for non-interactive -p, pre-change directory.

Citations:

• 1: Allow users to set the current working directory via command line flag github/copilot-cli#457
• 2: https://docs.github.com/copilot/how-tos/use-copilot-agents/use-copilot-cli
• 3: https://docs.github.com/en/copilot/concepts/agents/about-copilot-cli
• 4: https://docs.github.com/fr/copilot/reference/copilot-cli-reference/cli-programmatic-reference

---

🏁 Script executed:

# First, let's look at the file structure
find . -name "SKILL.md" -path "*/claude-cli/*" | head -5

Repository: namos2502/CortexLink

Length of output: 99

---

🏁 Script executed:

# Read the SKILL.md file with context around line 147
if [ -f "skills/agents/claude-cli/SKILL.md" ]; then
  wc -l "skills/agents/claude-cli/SKILL.md"
fi

Repository: namos2502/CortexLink

Length of output: 101

---

🏁 Script executed:

# Get content around line 147 with broader context
if [ -f "skills/agents/claude-cli/SKILL.md" ]; then
  sed -n '130,165p' "skills/agents/claude-cli/SKILL.md"
fi

Repository: namos2502/CortexLink

Length of output: 1258

---

🏁 Script executed:

# Search for mentions of Copilot and working directory or cwd in the SKILL.md file
rg -i "copilot|working directory|--cwd" "skills/agents/claude-cli/SKILL.md" -n

Repository: namos2502/CortexLink

Length of output: 819

---

🏁 Script executed:

# Read the entire file to check for other context about Copilot's approach
cat -n "skills/agents/claude-cli/SKILL.md"

Repository: namos2502/CortexLink

Length of output: 7009

---

The comparison table incorrectly documents Copilot CLI's working directory handling.

Copilot CLI does not provide a --cwd flag. According to GitHub's documentation and an open feature request (Issue #457), the correct approach for Copilot is to change directory before invoking: cd /path/to/repo && copilot -p "prompt". This contradicts line 147, which claims both tools use --cwd PATH.

Update the "Working directory" row:

Suggested patch

-| Working directory | `--cwd PATH` | `--cwd PATH` |
+| Working directory | `cd "$(git rev-parse --show-toplevel)" && ...` | `--cwd PATH` |

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	| Working directory | `--cwd PATH` | `--cwd PATH` |
	| Working directory | `cd "$(git rev-parse --show-toplevel)" && ...` | `--cwd PATH` |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/agents/claude-cli/SKILL.md` at line 147, The "Working directory" table
row in SKILL.md incorrectly states Copilot CLI supports `--cwd PATH`; update
that row so the Copilot column indicates it has no `--cwd` flag and show the
proper usage: change directory before invoking (e.g., `cd /path/to/repo &&
copilot -p "prompt"`). Locate the table row containing the "Working directory"
label and replace the Copilot cell content (`--cwd PATH`) with a short note like
"no --cwd; cd to repo then run copilot (e.g., cd /path && copilot -p 'prompt')",
leaving the other tool's (`--cwd PATH`) cell unchanged.