| title | About GitHub Copilot coding agent | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| shortTitle | About coding agent | ||||||||
| intro | You can ask {% data variables.product.prodname_copilot_short %} to open a new pull request or make changes to an existing pull request. {% data variables.product.prodname_copilot_short %} works in the background, then requests a review from you. | ||||||||
| product | {% data reusables.gated-features.copilot-coding-agent %}<br><a href="https://github.com/features/copilot/plans?ref_product=copilot&ref_type=engagement&ref_style=button" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Sign up for {% data variables.product.prodname_copilot_short %}</span> {% octicon "link-external" height:16 %}</a> | ||||||||
| versions |
|
||||||||
| redirect_from |
|
||||||||
| contentType | concepts | ||||||||
| category |
|
With {% data variables.copilot.copilot_coding_agent %}, {% data variables.product.prodname_copilot %} can work independently in the background to complete tasks, just like a human developer.
{% data variables.copilot.copilot_coding_agent %} can:
- Fix bugs
- Implement incremental new features
- Improve test coverage
- Update documentation
- Address technical debt
To delegate tasks to {% data variables.copilot.copilot_coding_agent %}, you can:
- Ask Copilot to open a new pull request from many places, including {% data variables.product.prodname_github_issues %}, {% data variables.product.prodname_vscode %} and the agents panel available on every page on {% data variables.product.github %}. See AUTOTITLE.
- Mention
@copilotin a comment on an existing pull request to ask it to make changes. See AUTOTITLE. {% ifversion security-campaigns-assign-to-cca %}* Assign security alerts to {% data variables.product.prodname_copilot_short %} from security campaigns. See AUTOTITLE.{% endif %}
{% data variables.copilot.copilot_coding_agent %} will evaluate the task it has been assigned based on the prompt you give it—whether that's from the issue description or a chat message. Then {% data variables.copilot.copilot_coding_agent %} will make the required changes and open a pull request. When {% data variables.copilot.copilot_coding_agent %} finishes, it will request a review from you, and you can leave pull request comments to ask {% data variables.copilot.copilot_coding_agent %} to iterate.
While working on a coding task, {% data variables.copilot.copilot_coding_agent %} has access to its own ephemeral development environment, powered by {% data variables.product.prodname_actions %}, where it can explore your code, make changes, execute automated tests and linters and more.
When used effectively, {% data variables.copilot.copilot_coding_agent %} offers productivity benefits over traditional AI assistants in IDEs:
-
With AI assistants in IDEs, coding happens locally. Individual developers pair in synchronous sessions with the AI assistant. Decisions made during the session are untracked and lost to time unless committed. Although the assistant helps write code, the developer still has a lot of manual steps to do: create the branch, write commit messages, push the changes, open the PR, write the PR description, get a review, iterate in the IDE, and repeat. These steps take time and effort that may be hard to justify for simple or routine issues.
-
With {% data variables.copilot.copilot_coding_agent %}, all coding and iterating happens on {% data variables.product.github %} as part of the pull request workflow. You can create multiple {% data variables.copilot.custom_agents_short %} that specialize in different types of tasks. {% data variables.product.prodname_copilot_short %} automates branch creation, commit message writing and pushing, PR opening, and PR description writing. Developers let the agents work in the background and then steer {% data variables.product.prodname_copilot_short %} to a final solution using PR reviews. Working on {% data variables.product.github %} adds transparency, with every step happening in a commit and being viewable in logs, and opens up collaboration opportunities for the entire team.
{% data variables.copilot.copilot_coding_agent %} is distinct from the "agent mode" feature available in your IDE. {% data variables.copilot.copilot_coding_agent %} works autonomously in a {% data variables.product.prodname_actions %}-powered environment to complete development tasks assigned through {% data variables.product.github %} issues or {% data variables.copilot.copilot_chat %} prompts, and creates pull requests with the results. In contrast, agent mode in your IDE makes autonomous edits directly in your local development environment. For more information about agent mode, see AUTOTITLE.
Assigning tasks to {% data variables.copilot.copilot_coding_agent %} can enhance your software development workflow.
For example, you can assign {% data variables.copilot.copilot_coding_agent %} to straightforward issues on your backlog by selecting "{% data variables.product.prodname_copilot_short %}" as the assignee. This allows you to spend less time on these issues and more time on more complex or interesting work, or work that requires a high degree of creative thinking. {% data variables.copilot.copilot_coding_agent %} can work on "nice to have" issues that improve the quality of your codebase or product, but often remain on the backlog while you focus on more urgent work.
Having {% data variables.copilot.copilot_coding_agent %} as an additional coding resource also allows you to start tasks that you might not have otherwise started due to lack of resources. For example, you might create issues to refactor code or add more logging, and then immediately assign these to {% data variables.product.prodname_copilot_short %}.
{% data variables.copilot.copilot_coding_agent %} can start a task, which you then pick up and continue working on yourself. By assigning the initial work to {% data variables.product.prodname_copilot_short %}, you free up time that you would otherwise have spent doing repetitive tasks, such as setting up the scaffolding for a new project.
You can create specialized {% data variables.copilot.custom_agents_short %} for different tasks. For example, you might create a {% data variables.copilot.copilot_custom_agent_short %} specialized for frontend development that focuses on React components and styling, a documentation agent that excels at writing and updating technical documentation, or a testing agent that specializes in generating comprehensive unit tests. Each {% data variables.copilot.copilot_custom_agent_short %} can be tailored with specific prompts and tools suited to its particular task.
Enterprise administrators and organization owners can use {% data variables.product.prodname_copilot_short %} usage metrics to analyze pull request outcomes for pull requests created by {% data variables.copilot.copilot_coding_agent %}.
The {% data variables.product.prodname_copilot_short %} usage metrics APIs include pull request lifecycle metrics such as:
- The total number of pull requests created and merged
- The number of pull requests created by {% data variables.copilot.copilot_coding_agent %} that have been merged
- Median time to merge for merged pull requests, including pull requests created by {% data variables.copilot.copilot_coding_agent %}
These metrics can help you track adoption of {% data variables.copilot.copilot_coding_agent %} and monitor changes in pull request throughput and time to merge over time. See AUTOTITLE.
You can also invoke {% data variables.copilot.copilot_coding_agent %} from external tools, allowing you to assign tasks to {% data variables.product.prodname_copilot_short %}, provide context, and open pull requests without leaving your workflow. See AUTOTITLE
Before you can assign tasks to {% data variables.copilot.copilot_coding_agent %}, it must be enabled.
{% data variables.copilot.copilot_coding_agent %} is available with the {% data variables.copilot.copilot_pro %}, {% data variables.copilot.copilot_pro_plus %}, {% data variables.copilot.copilot_for_business %} and {% data variables.copilot.copilot_enterprise %} plans.
If you are a {% data variables.copilot.copilot_for_business %} or {% data variables.copilot.copilot_enterprise %} subscriber, an administrator must enable the relevant policy before you can use the agent.
Repository owners can choose to opt out some or all repositories from {% data variables.copilot.copilot_coding_agent %}.
For more information, see AUTOTITLE.
Depending on how you start your {% data variables.copilot.copilot_coding_agent %} task, you may be able to select the model used by {% data variables.copilot.copilot_coding_agent %}. You may find that different models perform better, or provide more useful responses, depending on the type of tasks you give {% data variables.product.prodname_copilot_short %}.
For more information, see AUTOTITLE.
The more {% data variables.copilot.copilot_coding_agent %} knows about the code in your repository, the tools you use, and your coding standards and practices, the more effective it will become. There are two ways you can enhance {% data variables.copilot.copilot_coding_agent %}'s knowledge of a repository.
-
Custom instructions
These are short, natural‑language statements that you write and store as one or more files in a repository. If you are the owner of an organization on {% data variables.product.github %} you can also define custom instructions in the settings for your organization. For more information, see AUTOTITLE.
-
{% data variables.copilot.copilot_memory %} ({% data variables.release-phases.public_preview %})
If you have a {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} plan, you can enable {% data variables.copilot.copilot_memory %}. This allows {% data variables.product.prodname_copilot_short %} to store useful details it has worked out for itself about a repository. {% data variables.copilot.copilot_coding_agent %} can then use this information when it is working in that repository. For more information, see AUTOTITLE.
{% data variables.copilot.copilot_coding_agent %} uses {% data variables.product.prodname_actions %} minutes and {% data variables.product.prodname_copilot_short %} premium requests.
Within your monthly usage allowance for {% data variables.product.prodname_actions %} and premium requests, you can ask {% data variables.copilot.copilot_coding_agent %} to work on coding tasks without incurring any additional costs.
For more information, see AUTOTITLE.
You can customize {% data variables.copilot.copilot_coding_agent %} in a number of ways:
- Custom instructions: Custom instructions allow you to give {% data variables.product.prodname_copilot_short %} additional context on your project and how to build, test and validate its changes. For more information, see AUTOTITLE.
- Model Context Protocol (MCP) servers: MCP servers allow you to give {% data variables.product.prodname_copilot_short %} access to different data sources and tools. For more information, see AUTOTITLE.
- {% data variables.copilot.custom_agents_caps_short %}: {% data variables.copilot.custom_agents_caps_short %} allow you to create different specialized versions of {% data variables.product.prodname_copilot_short %} for different tasks. For example, you could customize {% data variables.product.prodname_copilot_short %} to be an expert frontend engineer following your team's guidelines. For more information, see AUTOTITLE.
- Hooks: Hooks allow you to execute custom shell commands at key points during agent execution, enabling you to add validation, logging, security scanning, or workflow automation. For more information, see AUTOTITLE.
- Skills: Skills allow you to enhance the ability of {% data variables.product.prodname_copilot_short %} to perform specialized tasks with instructions, scripts, and resources. For more information, see AUTOTITLE.
Security is a fundamental consideration when you enable {% data variables.copilot.copilot_coding_agent %}, as with any other AI agent. {% data variables.copilot.copilot_coding_agent %} has a strong base of built-in security protections that you can supplement by following best practice guidance.
- Validated for code quality and security issues: {% data reusables.copilot.coding-agent-validation-tools-intro %}
- {% data variables.product.prodname_codeql %} is used to identify code security issues.
- Newly introduced dependencies are checked against the {% data variables.product.prodname_advisory_database %} for malware advisories, and for any CVSS-rated High or Critical vulnerabilities.
- {% data variables.product.prodname_secret_scanning_caps %} is used to detect sensitive information such as API keys, tokens, and other secrets.
- Details about the analysis performed and the actions taken by {% data variables.copilot.copilot_coding_agent %} can be reviewed in the session log. See AUTOTITLE.
- Optionally, you can disable one or more of the code quality and security validation tools used by {% data variables.copilot.copilot_coding_agent %}. See AUTOTITLE.
- {% data variables.copilot.copilot_coding_agent %}'s security validation does not require a {% data variables.product.prodname_GHAS_cs_or_sp %} license.
- Subject to existing governance: Organization settings and enterprise policies control availability. Any security policies and practices set up for the organization also apply to {% data variables.copilot.copilot_coding_agent %}.
- Restricted development environment: {% data variables.copilot.copilot_coding_agent %} works in a sandbox development environment with internet access controlled by a firewall. It has read-only access to the repository it's assigned to work in.
- Limited access to branches
- {% data variables.copilot.copilot_coding_agent %} only has the ability to push to a single branch. When the agent is triggered by mentioning
@copiloton an existing pull request, {% data variables.product.prodname_copilot_short %} has write access to the pull request's branch. In other cases, a newcopilot/branch is created for {% data variables.product.prodname_copilot_short %}, and the agent can only push to that branch. - {% data variables.copilot.copilot_coding_agent %} is subject to any branch protections and required checks for the working repository.
- {% data variables.copilot.copilot_coding_agent %} only has the ability to push to a single branch. When the agent is triggered by mentioning
- Responds only to users with write permissions: {% data variables.copilot.copilot_coding_agent %} will not respond to feedback from users with lower levels of access.
- Treated as an outside collaborator
- Draft pull requests created by {% data variables.copilot.copilot_coding_agent %} must be reviewed and merged by a human. {% data variables.copilot.copilot_coding_agent %} cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request.
- By default, {% data variables.product.prodname_actions %} workflows are not triggered for {% data variables.copilot.copilot_coding_agent %}'s pull requests until a user with write access to the repository clicks the Approve and run workflows button. Optionally, you can configure {% data variables.product.prodname_copilot_short %} to allow workflows to run automatically. See AUTOTITLE.
- Tracked for compliance
- {% data variables.copilot.copilot_coding_agent %}'s commits are authored by {% data variables.product.prodname_copilot_short %}, with the developer who assigned the issue or requested the change to the pull request marked as the co-author. This makes it easier to identify code generated by {% data variables.copilot.copilot_coding_agent %} and who started the task.
- The commit message for each agent-authored commit includes a link to the agent session logs, for code review and auditing. See AUTOTITLE.
- The developer who asked {% data variables.product.prodname_copilot_short %} to create a pull request cannot approve that pull request. In repositories where an approving review is required, this ensures that at least one independent developer reviews {% data variables.copilot.copilot_coding_agent %}'s work.
For more information, see:
- AUTOTITLE (information on how organization owners can further enhance security)
- AUTOTITLE
- {% data variables.product.prodname_copilot %} Trust Center
{% data variables.copilot.copilot_coding_agent %} is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks. Where possible, {% data variables.product.github %} has applied appropriate mitigations.
To mitigate this risk, {% data variables.product.github %}:
- Limits who can assign tasks to {% data variables.copilot.copilot_coding_agent %}. Only users with write access to the repository can trigger {% data variables.copilot.copilot_coding_agent %} to work. Comments from users without write access are never presented to the agent.
- Limits the branch that {% data variables.copilot.copilot_coding_agent %} can push to. The agent only has the ability to push to a single branch. When the agent is triggered by mentioning
@copiloton an existing pull request, {% data variables.product.prodname_copilot_short %} has write access to the pull request's branch. In other cases, a newcopilot/branch is created for {% data variables.product.prodname_copilot_short %}, and the agent can only push to that branch. - Limits {% data variables.copilot.copilot_coding_agent %}'s credentials. {% data variables.copilot.copilot_coding_agent %} can only perform simple push operations. It cannot directly run
git pushor other Git commands. - Restricts {% data variables.product.prodname_actions %} workflow runs. By default, workflows are not triggered until {% data variables.copilot.copilot_coding_agent %}'s code is reviewed and a user with write access to the repository clicks the Approve and run workflows button. Optionally, you can configure {% data variables.product.prodname_copilot_short %} to allow workflows to run automatically. See AUTOTITLE.
- Prevents the user who asked {% data variables.copilot.copilot_coding_agent %} to create a pull request from approving it. This maintains the expected controls in the "Required approvals" rule and branch protection. See AUTOTITLE.
{% data variables.copilot.copilot_coding_agent %} has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input. To mitigate this risk, {% data variables.product.github %}:
- Restricts {% data variables.copilot.copilot_coding_agent %}'s access to the internet. See AUTOTITLE.
Users can include hidden messages in issues assigned to {% data variables.copilot.copilot_coding_agent %} or comments left for {% data variables.copilot.copilot_coding_agent %} as a form of prompt injection. To mitigate this risk, {% data variables.product.github %}:
- Filters hidden characters before passing user input to {% data variables.copilot.copilot_coding_agent %}: For example, text entered as an HTML comment in an issue or pull request comment is not passed to {% data variables.copilot.copilot_coding_agent %}.
{% data variables.copilot.copilot_coding_agent %} has certain limitations in its software development workflow and compatibility with other features.
- {% data variables.product.prodname_copilot_short %} can only make changes in the repository specified when you start a task. {% data variables.product.prodname_copilot_short %} cannot make changes across multiple repositories in one run.
- By default, {% data variables.product.prodname_copilot_short %} can only access context in the repository specified when you start a task. The {% data variables.product.prodname_copilot_short %} MCP server is configured by default to allow {% data variables.product.prodname_copilot_short %} to access context (for example issues and historic pull requests) in the repository where it is working. You can, however, configure broader access. See AUTOTITLE.
- {% data variables.product.prodname_copilot_short %} can only open one pull request at a time. {% data variables.product.prodname_copilot_short %} will open exactly one pull request to address each task it is assigned.
Limitations in {% data variables.copilot.copilot_coding_agent %}'s compatibility with other features
- {% data variables.product.prodname_copilot_short %} isn't able to comply with certain rules that may be configured for your repository. If you have configured a ruleset or branch protection rule that isn't compatible with {% data variables.copilot.copilot_coding_agent %} (for example the "Require signed commits" rule), access to the agent will be blocked. If the rule is configured using rulesets, you can add {% data variables.product.prodname_copilot_short %} as a bypass actor to enable access. See AUTOTITLE.
- {% data variables.copilot.copilot_coding_agent %} doesn't account for content exclusions. Content exclusions allow administrators to configure {% data variables.product.prodname_copilot_short %} to ignore certain files. When using {% data variables.copilot.copilot_coding_agent %}, {% data variables.product.prodname_copilot_short %} will not ignore these files, and will be able to see and update them. See AUTOTITLE.
- {% data variables.copilot.copilot_coding_agent %} only works with repositories hosted on {% data variables.product.github %}. If your repository is stored using a different code hosting platform, {% data variables.product.prodname_copilot_short %} won't be able to work on it.
Try the Expand your team with {% data variables.copilot.copilot_coding_agent %} Skills exercise for practical experience with {% data variables.copilot.copilot_coding_agent %}.