Copilot cli isn’t as good as Claude but it’s not just fancy autocomplete either. Copilot cli seems to be converging with the rest and you can use mcp servers, skills, launch fleets of agents that use tools etc.
And yet none of these tools have sensible or working permission configs. Apart from prompt-and-pray or requiring explicit permission for every file operation and shell commands, the only genuine way to stop them from running destructive operations is OS-level sandboxing. From a security and error-safety perspective, all of these tools are like letting a bright and curious 8 year old have full access to your machine.