Bug: Copilot CLI Prompts to Read a File It Just Created in %TEMP%

[Alan-Jowett]

Summary
When Copilot CLI downloads a file into %TEMP%, it immediately attempts to read that file—but then prompts the user for permission to read it. This is redundant and interrupts workflows that rely on GHCP repeatedly generating temporary artifacts.

Steps to Reproduce

1. Run a Copilot CLI command that triggers a file download (e.g., analysis or transformation workflows).
2. GHCP writes a file into a randomized subdirectory under %TEMP%.
3. GHCP immediately tries to read the file it created.
4. GHCP prompts: “Copilot CLI needs permission to read this file…”
5. User must manually approve the read, even though GHCP itself wrote the file moments earlier.

Expected Behavior
If Copilot CLI writes a file, it should automatically trust that file for subsequent reads within the same session. At minimum, a “same‑origin” rule should allow reads of files GHCP created itself.

Actual Behavior
Copilot CLI treats the file as untrusted because %TEMP% is outside the current workspace trust boundary.
Since GHCP generates a new random directory on every run, the user is repeatedly prompted with no way to persist trust.

Why This Matters

• This breaks multi‑step workflows that involve downloading → parsing → generating.
• Adds unnecessary friction and slows down CLI‑based agentic workflows.
• There is no documented way to allowlist %TEMP% or set a persistent trust rule.
• The prompt is nonsensical: GHCP is asking permission to read its own output.

Suggested Fixes
Any of the following would resolve the issue:

1. Same‑origin auto‑trust rule
   Auto‑approve read access for files GHCP itself created in the current session.

2. Persistent trust rules / allowlist configuration
   Allow users to define trusted paths (e.g., %TEMP% or a custom scratch directory).

3. Stable scratch directory support
   Let users override the temp directory via config (not just environment variables) and persist trust to that directory.

4. Workspace‑scoped temp behavior
   If GHCP is running inside a workspace, use a scratch directory inside that workspace.

Environment

• GitHub Copilot CLI version: (fill in your version)
• OS: Windows 11 Selfhost
• Shell: PowerShell / CMD / Git Bash (reproduces in all)

Additional Notes
This impacts any workflow where Copilot CLI retrieves intermediate artifacts (MCP responses, codegen outputs, analysis files). Improving this would meaningfully improve DevEx for CLI workflows.

[x6qqk9jk7x-sketch]

Hi

[kinglau66]

having this issue as well. requesting for the temp file is created