aicoolies logo

Copilot CLI Review: GitHub's Terminal Agent Adds Tabs, Rubber Duck, and Security Review

GitHub Copilot CLI's June 2026 refresh adds a GA tabbed terminal UI, a GA rubber duck critic agent, and an experimental /security-review command. It is included across Copilot plans, but heavy CLI usage draws from the same AI Credits pool as other Copilot agent features.

Reviewed by Raşit Akyol on July 4, 2026

Share
Overall
80
Speed
82
Privacy
65
Dev Experience
78

What Copilot CLI Is and Who It Is For

Copilot CLI brings GitHub's Copilot coding agent into the terminal for developers who want a synchronous AI collaborator inside a local project instead of only inside an IDE or browser. The open-source github/copilot-cli repository describes a terminal coding agent that can inspect code, plan work, edit files, run commands, and authenticate with an existing GitHub account, and the live aicoolies tool record already treats it as an AI coding assistant and CLI agent. The most natural audience is a team that already works in GitHub issues and pull requests, because the CLI can operate where the code lives while still keeping the shell as the control surface. It is less compelling for teams that want model-provider independence, fully local execution, or a mature standalone agent separated from GitHub's product and billing model.

The New Tabbed Terminal Interface

The June 23, 2026 GitHub changelog makes the tabbed terminal interface the clearest reason this review deserves to exist separately from the broader GitHub Copilot review. An interactive session now has tabs at the top of the screen: a default Session tab, a Gists tab for personal gists, and, when the CLI runs inside a GitHub repository, Issues and Pull Requests tabs for that repository. The practical benefit is not just navigation. Highlighting an issue or pull request and pressing c references it in the prompt, pressing o opens it on GitHub, and a slash search inside the Issues or Pull Requests tab searches GitHub from the terminal. That gives Copilot CLI a GitHub-native workflow shape that Claude Code, Aider, and OpenCode can approximate through commands or MCP servers but do not provide as a first-party terminal surface.

GitHub also paired the redesign with usability controls instead of forcing a single terminal layout. The changelog says tabs can be hidden, reordered, or turned off, and the interface includes color modes such as GitHub, dim, high-contrast, and colorblind-friendly palettes plus automatic screen-reader support. Those details matter because terminal agents often become difficult to use in narrow panes, remote shells, or accessibility-heavy environments. Copilot CLI's redesign still does not make it the deepest autonomous coding system, but it does make the day-to-day shell experience more legible for developers who need to move between local code and GitHub collaboration objects all day.

Configuring Tools Without Leaving the Terminal

The same release wave improves configuration, which has historically been a rough edge for coding agents that depend on tools, MCP servers, plugins, and model choices. GitHub's changelog says /mcp add now opens an interactive form, /mcp search can browse the GitHub MCP Registry, /skills can manage enabled skills, /plugin can install plugins from a marketplace, repository, or local path, and /settings exposes configuration from inside the session. For a buyer comparing terminal agents, this is a real advantage: fewer hand-edited JSON files, fewer restarts after adding a tool, and less context switching when a session needs a new integration. It does not remove the need to understand what each tool can do, but it lowers the setup cost for teams that want a guided path to extending the agent.

Rubber Duck Adds a Built-In Second Opinion

GitHub's June 2, 2026 changelog describes rubber duck as a generally available built-in CLI agent that acts as a constructive critic. The main agent can pass its current plan, design, implementation, or tests to the rubber duck agent, and developers can invoke it directly with /rubber-duck. That is a useful design pattern because coding-agent failures often come from confident plans with missing constraints rather than from simple syntax errors. A second-opinion agent can ask whether the plan ignores tests, over-edits unrelated files, misses an edge case, or accepts a weak design. GitHub has not published outcome data proving how often rubber duck catches real defects, so it should be treated as an additional review loop rather than an independent quality guarantee, but the feature is real, shipped, and differentiated enough to matter.

Security Review Is Useful, But Still Experimental

The /security-review command is worth mentioning precisely because it should not be oversold. GitHub's June 10, 2026 changelog says the command is shipping as an experimental feature in public preview and requires experimental mode. It analyzes local code changes and returns findings with severity, confidence, and suggested fixes for vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal, and weak cryptography. GitHub also says this Copilot-driven scan does not rely on code scanning, Dependabot, or secret scanning. That makes it a lightweight pre-commit review layer, not a replacement for GitHub Advanced Security, SAST, dependency review, secret scanning, threat modeling, or human application-security review.

For a solo developer or a small team without a full security program, /security-review can still be valuable because it places a security-oriented pass inside the same CLI session that produced the change. For a regulated engineering organization, it should be evaluated as one more signal in a defense-in-depth workflow. The preview label matters: detection quality, supported vulnerability classes, command behavior, and false-positive patterns can change before general availability. The right buyer expectation is that Copilot CLI now includes an early security-assist feature, not that GitHub has turned the terminal agent into a production security scanner.

Voice Input and Prompt Scheduling

Two smaller June features round out the product direction. Voice input reached general availability on June 2, 2026, with GitHub describing local audio processing so dictated prompts do not leave the machine as audio. That is a useful accessibility and ergonomics feature for long prompts, demo sessions, and hands-busy debugging. Prompt scheduling remains experimental through /every and /after commands, letting a session repeat a prompt on an interval or run one after a delay. The scheduling commands are not a substitute for a real CI system or durable cron workflow, but they can make local agent sessions more convenient for periodic test runs, recurring status checks, or timed follow-up prompts during a refactor.

Pricing: Included Everywhere, Billed by Usage

Copilot CLI's pricing story is stronger than many developers assume because GitHub's current Copilot plans page lists CLI access across the individual plan ladder, including the Free plan. The important change from older Copilot copy is the AI Credits model introduced across Copilot billing: Free is $0 per month, Pro is $10 per user per month with $15 in included credits, Pro+ is $39 with $70 in included credits, and Max is $100 with $200 in included credits. One AI Credit equals one cent of usage, and Copilot activity such as chat, agent mode, cloud agent, apps, and CLI can draw from that usage pool while code completions and next-edit suggestions are treated differently. In practical terms, there is no separate Copilot CLI subscription for an individual developer to buy, but heavy terminal-agent use is not the same as unlimited free compute.

Organizations should read that pricing through their own Copilot Business or Enterprise policy. Admins decide which Copilot features are enabled and how additional paid usage is handled, so a developer who receives Copilot through an employer may have CLI access controlled by organizational settings even if the product is available on all plan tiers. The buyer-guide takeaway is simple: Copilot CLI is low-friction to try if a team is already in the Copilot ecosystem, but high-volume usage should be monitored like any other agent workload that consumes shared credits.

How It Compares to Claude Code, Aider, and OpenCode

Copilot CLI's strongest comparison angle is GitHub-native workflow integration rather than raw model independence. Claude Code remains the stronger choice for many deep multi-file architecture tasks and mature standalone agent workflows. Aider still appeals to developers who want a git-centric, model-flexible pairing tool with clear patch review. OpenCode is attractive for teams that want a fully open-source, provider-agnostic terminal agent. Copilot CLI competes differently: it is best when issues, pull requests, gists, GitHub authentication, Copilot plans, and repository context are already the team's operating system. The existing aicoolies pages for /reviews/claude-code-review, /reviews/aider-review, /reviews/opencode-review, /reviews/gemini-cli-review, and /comparisons/copilot-cli-vs-claude-code are the right internal comparisons to consult before choosing a terminal agent.

The Bottom Line

Copilot CLI's June 2026 update is a substantive product wave: the tabbed terminal interface reached general availability, rubber duck became a generally available second-opinion agent, /security-review shipped as an experimental public-preview command, and configuration, voice input, and scheduling all improved the terminal workflow. That does not make it the universal best coding agent. The privacy posture remains tied to GitHub and Microsoft cloud processing, the security-review feature is explicitly preview-stage, and deeper independent agent workflows may still favor Claude Code or more provider-neutral tools. But for developers already living in GitHub, the combination of first-party issue and pull-request tabs, no separate CLI subscription, open-source repository visibility, and a fast-moving feature roadmap makes Copilot CLI a reasonable default terminal agent to try before paying for another tool.

Pros

  • Tabbed Session, Issues, Pull Requests, and Gists views make GitHub workflow context available inside the terminal.
  • Rubber duck is a shipped second-opinion agent for plans, designs, code, and tests.
  • CLI access is listed across Copilot plans, including Free, so existing Copilot users can try it without a separate subscription.
  • Open-source repository, in-session MCP/plugin/skill settings, local voice-input processing, and prompt scheduling all reduce terminal-agent friction.

Cons

  • /security-review is still experimental public preview and should not replace code scanning, Dependabot, secret scanning, or human security review.
  • Heavy CLI usage consumes the same AI Credits pool as other Copilot agent features, so active teams need usage governance.
  • Privacy posture remains tied to GitHub/Microsoft cloud processing and telemetry rather than local-only execution.
  • Deep architectural work and model-provider flexibility may still be better served by Claude Code, Aider, or OpenCode depending on the team.

Verdict

Choose Copilot CLI if your team already lives in GitHub and wants a first-party terminal agent with Issues/PR tabs, rubber duck review, and low-friction Copilot-plan access. Choose a different CLI agent if you need provider independence, local-only privacy, or the strongest deep architecture workflow.

View GitHub Copilot CLI on aicoolies

Pricing, platforms, and community stacks — explore the full tool page

Alternatives to GitHub Copilot CLI

Codex logo

Codex

Top Pick

OpenAI coding agent for app, editor, terminal, and cloud work

Codex is OpenAI's coding agent for software development across the Codex app, editor, terminal, and cloud tasks. It helps write, review, debug, refactor, and automate code, with ChatGPT plan access for managed surfaces and API-key usage for CLI, SDK, and IDE workflows. The open-source CLI and SDK support local repository work, while cloud features add GitHub review, Slack/Linear integrations, worktrees, skills, MCP, and automations.

freemiumOpen Source
Amp logo

Amp

Agentic coding tool by Sourcegraph (formerly Cody)

Frontier coding agent from Sourcegraph that runs in the terminal and as IDE extensions for VS Code, Cursor, Windsurf, and JetBrains. Amp wields the strongest available models — Claude, GPT, and Gemini frontier tiers — with no token caps or context window throttling. Built around full-fidelity tool use, multi-file edits, oracle-style planning subagents, and team-shared threads. Token-based pricing with no subscription tier; pay only for the model usage you trigger.

api-usage-based
OpenCode logo

OpenCode

Top Pick

Open-source AI coding agent for the terminal

Open-source terminal-based AI coding agent built in Go by the SST team, with a rich TUI (Bubble Tea) supporting 75+ model providers including OpenAI, Anthropic, Gemini, Bedrock, Groq, and OpenRouter. Features vim-like editing, persistent SQLite sessions, and LSP integration for 40+ languages. Fully free with no vendor lock-in, it has rapidly grown to 95k+ GitHub stars.

open-source