Summary
Allow custom agent profiles (in plugins and project-level .github/agents/) to declare their tool restrictions using Claude Code's scalar form in addition to the existing Copilot JSON-array form, and translate Claude tool names to Copilot equivalents via a fixed alias table.
Motivation
Custom agent profiles are commonly cross-ported between Claude Code and Copilot CLI. Plugin authors who maintain a single source of truth hit two problems:
-
Frontmatter shape mismatch. Claude accepts a comma-separated scalar (tools: Read, Write, Bash); Copilot accepts a JSON array (tools: ["view", "edit", "bash"]). When a Claude-authored agent installs into Copilot, the parser tolerates the unknown scalar but the restriction is not applied — the agent silently runs with unrestricted tool access. This is a quiet downgrade of the structural sandboxing the author intended.
-
Tool name divergence. Claude uses PascalCase names (Read, Write, Edit, Bash, Grep, Glob, WebFetch, Task). Copilot uses snake_case (view, edit, create, bash, grep, glob, web_fetch, task). The semantic mapping is unambiguous in practice but unknown to a generic parser.
A small upstream change would let one set of source files preserve restriction semantics in both CLIs without per-plugin build tooling.
Proposal
Extend the agent-profile parser:
- Accept
tools: as either a YAML sequence (current behavior) or a comma-separated scalar (Claude form).
- When parsing names, apply a fixed alias map and translate to the Copilot canonical name:
| Claude name |
Copilot name(s) |
Read |
view |
Write |
create, edit |
Edit |
edit |
Bash |
bash |
Grep |
grep |
Glob |
glob |
WebFetch |
web_fetch |
Task |
task |
- Unknown names continue to warn (or fail in strict mode); they are not silently dropped.
Design notes
- Additive and backwards compatible. Existing Copilot-native agents are unaffected.
- The alias map is data, not policy. New tools can be added to the table without code changes.
Write maps to two tools because Claude's Write covers both "create new" and "overwrite existing," whereas Copilot splits these into create and edit. Mapping to both preserves Claude semantics; authors who want narrower scope can switch to Copilot-canonical names.
Out of scope
- No changes to how
tools: restrictions are enforced at runtime. The gain is purely from getting the restriction applied at all when the source is Claude-form.
Acceptance
- An agent file declaring
tools: Read, Grep, Glob is restricted at runtime to view, grep, glob.
- An agent file declaring
tools: ["view", "grep", "glob"] behaves identically to today.
- An unknown name (e.g.,
tools: Frobnicate) produces a clear warning (or strict-mode failure).
Summary
Allow custom agent profiles (in plugins and project-level
.github/agents/) to declare their tool restrictions using Claude Code's scalar form in addition to the existing Copilot JSON-array form, and translate Claude tool names to Copilot equivalents via a fixed alias table.Motivation
Custom agent profiles are commonly cross-ported between Claude Code and Copilot CLI. Plugin authors who maintain a single source of truth hit two problems:
Frontmatter shape mismatch. Claude accepts a comma-separated scalar (
tools: Read, Write, Bash); Copilot accepts a JSON array (tools: ["view", "edit", "bash"]). When a Claude-authored agent installs into Copilot, the parser tolerates the unknown scalar but the restriction is not applied — the agent silently runs with unrestricted tool access. This is a quiet downgrade of the structural sandboxing the author intended.Tool name divergence. Claude uses PascalCase names (
Read,Write,Edit,Bash,Grep,Glob,WebFetch,Task). Copilot uses snake_case (view,edit,create,bash,grep,glob,web_fetch,task). The semantic mapping is unambiguous in practice but unknown to a generic parser.A small upstream change would let one set of source files preserve restriction semantics in both CLIs without per-plugin build tooling.
Proposal
Extend the agent-profile parser:
tools:as either a YAML sequence (current behavior) or a comma-separated scalar (Claude form).ReadviewWritecreate,editEditeditBashbashGrepgrepGlobglobWebFetchweb_fetchTasktaskDesign notes
Writemaps to two tools because Claude'sWritecovers both "create new" and "overwrite existing," whereas Copilot splits these intocreateandedit. Mapping to both preserves Claude semantics; authors who want narrower scope can switch to Copilot-canonical names.Out of scope
tools:restrictions are enforced at runtime. The gain is purely from getting the restriction applied at all when the source is Claude-form.Acceptance
tools: Read, Grep, Globis restricted at runtime toview,grep,glob.tools: ["view", "grep", "glob"]behaves identically to today.tools: Frobnicate) produces a clear warning (or strict-mode failure).