Menú
Recipe reference for installing tools in the container environment. Used by bootstrap and specialist reviewer agents to look up the correct install command for any tool.
Load before planning or routing any task. Required by mission-control — maps task archetypes to ordered sequences of specialist agents, with handoff context and success criteria for each step.
Load before reviewing any phase. Required by all internal reviewer agents — covers adversarial review philosophy, the approve/reject verdict contract, and escalation policy.
Load when operating as a sub-agent invoked via the agent tool — covers handoff mode detection, autonomous execution, clarification protocol, and the minimum completion report contract.
Load before running a comprehensive review. Covers scope resolution, pre-flight tool checks, parallel specialist dispatch, synthesis, and output format.
Load before any API or CLI interface review. Required by the api-reviewer agent — covers REST naming, HTTP semantics, error consistency, breaking changes, CLI conventions, pagination, auth, and a three-tier severity model.
Load before any code review. Required by the reviewer agent — covers what to examine, smell categories, complexity thresholds, dead code signals, and a three-tier severity model.
| name | tool-install |
| description | Recipe reference for installing tools in the container environment. Used by bootstrap and specialist reviewer agents to look up the correct install command for any tool. |
| license | AGPL-3.0-or-later |
| allowed-tools | execute |
Copilot environment only. These instructions apply to the Copilot container environment. They are not guidance for configuring developer machines or CI pipelines — use the
devexagent for toolchain design and configuration, or thebootstrapagent for tool installation.No root access.
sudo,apt,dnf, and all system package managers are unavailable. Usenixanduvto install language runtimes, compilers, and core development tools. Once a runtime is available, use its own toolchain for ecosystem-specific packages (e.g.go install,cargo install,npm install -g).
Use Nix to bootstrap ecosystems — language runtimes, compilers, and tools not available on PyPI. Use uv for tools distributed via PyPI — Python or otherwise (e.g. pre-commit). Once a language runtime is installed, use its own toolchain for the rest of that ecosystem.
| Use when | Tool |
|---|---|
| Installing a language runtime, compiler, or tool not available on PyPI | nix |
| Installing a tool distributed via PyPI (Python or otherwise) | uv |
| Node.js is installed (via nix) — installing a JS/TS package globally | npm install -g |
| Python runtime is installed — installing a tool | uv tool install |
| Java runtime is installed — installing project tools | mvn, gradle, or nix profile add |
| C# runtime is installed — installing a tool | dotnet tool install --global |
| C++ toolchain is installed — installing or resolving packages | cmake, conan, or vcpkg |
| Go runtime is installed — installing a Go tool | go install |
| Rust and Cargo are installed — installing a Rust tool | cargo install |
JavaScript and TypeScript — Install Node.js with Nix (nixpkgs#nodejs_22 or the pinned version). npm is included with Node.js and used for ecosystem tools.
Python — A Python version is pre-installed in the container image. Use nix profile add nixpkgs#python312 (or similar versioned attribute) to add specific or additional versions the project requires. Use uv tool install for tools distributed via PyPI.
Java — Install a JDK with Nix, then use Maven or Gradle according to the project.
C# — Install the matching dotnet-sdk with Nix, then use dotnet CLI tooling and global tools.
C++ — Install a compiler and CMake with Nix, then follow the project's conan, vcpkg, or plain CMake workflow.
Go — Install the Go toolchain with Nix, then use go install for Go-native tools.
Rust — Install rustup with Nix, select the required toolchain, then use cargo install for Cargo-native tools.
Nix is the primary bootstrap tool. Use it for language runtimes, compilers, and any tool not available on PyPI. The nixpkgs flake is pinned to a fixed revision, so package versions are reproducible and served from the binary cache without compiling from source.
nix search nixpkgs <name>
The name attribute in the results is what you pass to other nix commands.
nix profile add nixpkgs#<package>
The tool is on PATH immediately and persists across sessions.
nix profile add nixpkgs#delta nixpkgs#fd nixpkgs#bat
nix run nixpkgs#<package> -- [args]
nix profile list
nix profile list --json | jq -r '.elements[] | .originalUrl'
The --json form lists the original flake URLs for installed packages.
nix search nixpkgs <name>
nixpkgs is allowed — do not use other flake URLs.cache.nixos.org) is used automatically./nix/store is persistent across session restarts.Many tools have versioned nixpkgs attributes for installing a specific release:
nix profile add nixpkgs#go_1_22 # Go 1.22
nix profile add nixpkgs#jdk21 # OpenJDK 21
nix profile add nixpkgs#jdk17 # OpenJDK 17
nix profile add nixpkgs#nodejs_22 # Node.js 22
nix profile add nixpkgs#nodejs_20 # Node.js 20
nix profile add nixpkgs#python312 # Python 3.12
nix profile add nixpkgs#python313 # Python 3.13
Use nix search nixpkgs <name> to discover available versioned attributes.
Use uv for tools distributed via PyPI — Python or otherwise (e.g. pre-commit, ruff, mypy). Installed tools are placed in $XDG_DATA_HOME/uv/bin and are available on PATH immediately.
uv tool install <package>
uv tool install <package>==<version>
uv tool install <package>[extra]
uv tool upgrade <package>
uv tool list
uv tool uninstall <package>
uvx downloads and runs the tool in a temporary environment without permanently
installing it.
uvx <package> [args]
A Python version is pre-installed in the container image. Use nix to add specific or additional versions the project requires:
nix profile add nixpkgs#python312 # Python 3.12
nix profile add nixpkgs#python313 # Python 3.13
nix search nixpkgs python3 # find available versions
Installed Pythons are used automatically by uv run, uv venv, and similar commands.
npm is not pre-installed in the container. Install Node.js with Nix first — npm is bundled with it:
nix profile add nixpkgs#nodejs_22
The npm global prefix is configured to $XDG_DATA_HOME/npm, so npm install -g works without root once Node.js is installed.
npm install -g <package> # install latest
npm install -g <package>@1.2.3 # install specific version
npm list -g --depth=0 # check what is installed
npm update -g <package> # upgrade
Use nix for Python interpreters and uv for Python-based tools:
nix profile add nixpkgs#python312 # install a specific Python version
uv tool install <package> # install a Python-based tool
uv tool upgrade <package> # upgrade a tool
Install the required JDK and the project's preferred build tool with Nix, then use the build tool for project-scoped work:
nix profile add nixpkgs#jdk21 nixpkgs#maven
nix profile add nixpkgs#jdk21 nixpkgs#gradle
Use Maven or Gradle according to the project's existing build files and wrapper scripts.
Install the matching SDK first, then use the dotnet CLI for project work or global tools:
nix profile add nixpkgs#dotnet-sdk
dotnet --info
dotnet tool install --global <tool-name>
dotnet tool list --global
Prefer the SDK version pinned by global.json when that file exists.
Install the compiler, CMake, and any package manager the project already uses:
nix profile add nixpkgs#clang nixpkgs#cmake
nix profile add nixpkgs#gcc nixpkgs#cmake
nix profile add nixpkgs#conan
If the project uses vcpkg, follow the repository's documented bootstrap and manifest workflow rather than inventing a parallel package path.
Once go is installed, use it to install Go ecosystem tools:
go install <module-path>@vX.Y.Z # install specific version (preferred — reproducible)
go install <module-path>@latest # exploratory or one-off installs only; not reproducible
Installed binaries land in $GOPATH/bin ($XDG_DATA_HOME/go/bin), which is on PATH.
rustup must be installed first via Nix, then a toolchain selected:
nix profile add nixpkgs#rustup
rustup toolchain install stable # or a specific version, e.g. 1.78
rustup default stable
Once cargo is available, use it for Rust ecosystem tools:
cargo install <crate> # install latest
cargo install <crate> --version 1.2.3 # install specific version
cargo install --list # check what is installed
Installed binaries land in $CARGO_HOME/bin ($XDG_DATA_HOME/cargo/bin), which is on PATH.
When a review agent needs an analysis tool that is not yet installed, apply these checks before installing.
A tool is safe to install directly if it meets most of these signals:
postinstall/preinstall hooksIf a tool clearly meets these signals, install it. If any signal raises doubt — unusual origin, very low adoption, recent maintainer change, install scripts that access the network — report the concern and ask the user to confirm before proceeding.
If the tool requires a language runtime that is not installed (for example, Java is absent but SpotBugs is needed):
The caller is responsible for deciding whether to install the runtime (using the package manager guidance above) or to defer the work.
Never write tool caches inside the repository working directory. If a cache or data environment variable is unset or points inside the workspace, redirect it to a directory under $HOME. Always check .github/copilot-instructions.md for project-specific overrides.