Endpoint args like /user/... for gh api appear to be misclassified as filesystem absolute paths #1486
Description
Describe the bug
Bug summary: endpoint args like /user/... for gh api appear to be misclassified as filesystem absolute paths (triggering directory-allow behavior) even though they are API routes; expected behavior is to treat them as plain CLI arguments (or provide a temporary command-scoped allow override).
Workaround for report: use gh api user/codespaces/secrets (no leading slash) to avoid path-like interpretation.
Affected version
GitHub Copilot CLI 0.0.410.
Steps to reproduce the behavior
At some point the command tried to run was (with GPT 5.3 Codex):
GH_PAGER=cat gh api /user/codespaces/secrets --jq '.secrets[].name' | while read -r name; do
vis=$(GH_PAGER=cat gh api "/user/codespaces/secrets/${name}" --jq '.visibility')
cnt=$(GH_PAGER=cat gh api "/user/codespaces/secrets/${name}" --jq '.selected_repositories_count // 0')
doneThis asked for allowing access to the path /user/codespaces/secrets
Expected behavior
Should not ask for this as it is not a path. OR: should have an option to just allow the command for now, as it is maybe hard to catch this foolproof.
Additional context
No response