Note
This feature is in public preview and subject to change.
You can prevent users from enabling bypass mode (also known as "YOLO mode") in Copilot CLI and VS Code. Bypass mode lets an agent run commands, access files, and fetch URLs without asking for approval. By disabling it for your enterprise, you ensure that a person reviews each of these actions.
What disabling bypass mode prevents
The disableBypassPermissionsMode setting is defined in your enterprise's managed-settings.json file and applies to users on your enterprise's Copilot plan.
When you set disableBypassPermissionsMode to "disable", users cannot turn on YOLO mode in either client:
- In Copilot CLI, the
--yolo,--allow-all,--allow-all-tools,--allow-all-paths, and--allow-all-urlscommand-line options and the/yoloand/allow-allslash commands are blocked. - In VS Code, the global auto-approve setting (
chat.tools.global.autoApprove), also known as "YOLO mode," is turned off and cannot be re-enabled.
Disabling bypass mode for your enterprise
-
In your enterprise's
.github-privaterepository, create the managed settings file atcopilot/managed-settings.json. If you haven't set a.github-privaterepository as your enterprise's source of agent configuration, see Creating a .github-private repository.The legacy path (
.github/copilot/settings.json) is also supported. -
Add the following property.
JSON { "permissions": { "disableBypassPermissionsMode": "disable" } }{ "permissions": { "disableBypassPermissionsMode": "disable" } }