diff --git a/Using-GitHub-Copilot-CLI/1-Install-and-Modes.md b/Using-GitHub-Copilot-CLI/1-Install-and-Modes.md new file mode 100644 index 0000000..1033bb1 --- /dev/null +++ b/Using-GitHub-Copilot-CLI/1-Install-and-Modes.md @@ -0,0 +1,190 @@ +# Module 1: Install and Modes + +[← Back to overview](README.md) | [Next: Tool Approval and Context β†’](2-Tool-Approval-and-Context.md) + +--- + +### πŸ—’οΈ Section 1: Install and Verify the GitHub Copilot CLI + +🎯 **Learning Goals** +- Install the GitHub Copilot CLI + +The **GitHub Copilot CLI** (`copilot`) is a standalone terminal application β€” distinct from the old `gh copilot` extension β€” that opens a full interactive AI chat session in your terminal. It ships with the GitHub MCP server built in, supports plan mode and auto model selection, and can autonomously read files, run commands, and interact with GitHub.com on your behalf. + +> **Note**: The `gh extension install github/gh-copilot` extension was deprecated in September 2025 and archived at v1.2.0. This workshop uses the new standalone `copilot` CLI. + +#### Prerequisites + +This workshop uses two separate CLI tools: + +- **`copilot`** β€” the standalone GitHub Copilot CLI (installed below) +- **`gh`** β€” the GitHub CLI, required for `gh agent-task` commands in Sections 4 and 6 + +**NOTE:** To complete 4 and 6, the Copilot Free tier will need to be upgraded to allow for Agent Mode + +Install `gh` first if you don't already have it: + +**Windows:** +```powershell +winget install GitHub.CLI +``` +**macOS / Linux:** +```bash +brew install gh +``` +Then authenticate: `gh auth login` + +--- + +#### Installing the Copilot CLI + +1. Choose the installation method for your platform: + + **Windows** (WinGet): + ```powershell + winget install GitHub.Copilot + ``` + + **macOS / Linux** (Homebrew): + ```bash + brew install copilot-cli + ``` + + **Any platform** (pip): + ```bash + pip install github-copilot-cli + ``` + + **macOS / Linux** (install script): + ```bash + curl -fsSL https://gh.io/copilot-install | bash + ``` + +2. Verify the installation: + + ```bash + copilot --version + ``` + +3. Launch the CLI from the root of the sample project. On first launch you will see an animated welcome banner and be prompted to log in if you are not already authenticated: + + ```bash + copilot + ``` + + If prompted, use the `/login` slash command and follow the on-screen instructions to authenticate with your GitHub account. + + Alternatively, authenticate headlessly using a fine-grained Personal Access Token (PAT) with the **Copilot Requests** permission set in the `GH_TOKEN` or `GITHUB_TOKEN` environment variable: + + ```bash + export GH_TOKEN= + copilot + ``` + +4. Keep the CLI up to date using the same package manager you used to install it. For example: + + ```bash + brew upgrade copilot-cli # macOS/Linux via Homebrew + winget upgrade GitHub.Copilot # Windows via WinGet + pip install --upgrade github-copilot-cli # pip + ``` + +In the above exercises we achieved the following: +- βœ… Installed the standalone GitHub Copilot CLI +- βœ… Authenticated and launched an interactive session +- βœ… Understood the distinction from the deprecated `gh copilot` extension + +--- + +### πŸ—’οΈ Section 2: Interactive Modes β€” Default, Plan, and Autopilot + +🎯 **Learning Goals** +- Use the default ask/execute mode for general coding tasks +- Switch to plan mode to build a structured implementation plan before writing code +- Enable Auto model selection to reduce rate limiting and simplify model management +- Navigate the interactive interface using slash commands + +The GitHub Copilot CLI interactive session (launched with `copilot`) offers three modes. You cycle between them with `Shift+Tab`. + +#### Default (Ask/Execute) Mode + +In default mode Copilot responds to each prompt, asks clarifying questions when needed, and requests your approval before modifying files or running commands. + +1. Launch the CLI from the sample project root: + + ```bash + copilot + ``` + +2. Ask Copilot a question about the project to confirm it has context: + + ``` + Explain the overall structure of this Python project and what each file contains. + ``` + + Copilot reads the files in the current directory and responds with a summary. + +3. Ask it to make a small change β€” for example, add a `/ping` endpoint. Copilot will propose the change and ask for your approval before writing to disk: + + ``` + Add a GET /ping endpoint to the FastAPI app that returns {"status": "ok"} with HTTP 200. + ``` + + When Copilot requests permission to edit `main.py`, choose **Yes** to allow the change for this action only, or **Yes, and approve for the rest of this session** to skip future prompts for this file tool. + +#### Plan Mode + +Plan mode is ideal for larger or less well-defined tasks. Instead of immediately writing code, Copilot analyses your request, asks clarifying questions, and produces a structured step-by-step implementation plan. No code is written until you approve the plan. + +4. Press `Shift+Tab` to cycle to **Plan** mode. You will see the mode indicator change in the prompt. + +5. Give Copilot a multi-step task: + + ``` + Refactor the token generation endpoint to use a service class with dependency injection, add CRUD operations for a User entity with Pydantic models, and write pytest tests for both. + ``` + + Copilot will ask clarifying questions β€” for example, which test framework to use, whether to use in-memory or mocked repositories β€” before producing a numbered plan. + +6. Review the plan. You can ask Copilot to revise a specific step before it begins: + + ``` + Change step 3 to use pytest-mock instead of unittest.mock for mocking. + ``` + + Once you are satisfied, confirm the plan and Copilot will execute each step sequentially, requesting tool approval as needed. + +#### Auto Model Selection + +Instead of manually picking a model every session, you can let Copilot automatically choose the best available model on your behalf. This reduces rate limiting and removes the mental overhead of model selection. Auto model selection is available on all Copilot plans. + +7. Open the model picker and choose **Auto**: + + ``` + /model + ``` + + Select **Auto** from the list. With Auto enabled, Copilot picks from a pool of 1Γ— multiplier models β€” currently GPT-4.1, GPT-5 mini, GPT-5.2-Codex, GPT-5.3-Codex, Claude Haiku 4.5, and Claude Sonnet 4.5 β€” subject to your organization's policies and your subscription. The pool changes over time as new models become available. + + > **Note**: Auto will never select models excluded by administrator policy, models with a premium multiplier greater than 1Γ—, or models unavailable on your plan. + + > **Paid plan tip**: When using Auto on a paid plan (Pro, Pro+, Business, Enterprise), qualifying models receive a **10% multiplier discount** compared to selecting the same model manually. + + > **Coding agent note**: Auto model selection for `gh agent-task` (Copilot coding agent) is generally available for **Pro and Pro+ plans only**. + +8. To see which model handled a response, check the CLI output β€” the model used is reported alongside each reply. + +9. Override Auto at any time by picking a specific model from `/model`, or set one at launch: + + ```bash + copilot --model claude-sonnet-4.6 + ``` + +In the above exercises we achieved the following: +- βœ… Used default mode for interactive ask/execute tasks +- βœ… Used plan mode to design a multi-step implementation before writing code +- βœ… Enabled Auto model selection for automatic model choice + +--- + +[← Back to overview](README.md) | [Next: Tool Approval and Context β†’](2-Tool-Approval-and-Context.md) diff --git a/Using-GitHub-Copilot-CLI/2-Tool-Approval-and-Context.md b/Using-GitHub-Copilot-CLI/2-Tool-Approval-and-Context.md new file mode 100644 index 0000000..addcbdc --- /dev/null +++ b/Using-GitHub-Copilot-CLI/2-Tool-Approval-and-Context.md @@ -0,0 +1,102 @@ +# Module 2: Tool Approval and Context Management + +[← Previous: Install and Modes](1-Install-and-Modes.md) | [Next: GitHub Integration and Workflows β†’](3-GitHub-Integration-and-Workflows.md) + +--- + +### πŸ—’οΈ Section 3: Tool Approval and Context Management + +🎯 **Learning Goals** +- Understand how tool approval protects you from unintended changes +- Use `--allow-tool`, `--deny-tool`, and `--allow-all-tools` to configure automatic approval +- Use programmatic mode with `-p` for scripted and headless workflows +- Manage conversation context with `/compact`, `/context`, and auto-compaction + +#### Tool Approval + +Every time Copilot wants to modify a file or execute a shell command it asks for your approval. This keeps you in control β€” but for trusted, repetitive tasks you can pre-approve specific tools. + +1. Launch a new session and ask Copilot to run the project's tests: + + ```bash + copilot + ``` + + ``` + Run all the tests in the project and show me a summary of the results. + ``` + + When Copilot asks permission to run `pytest`, notice the three options presented: + + ``` + 1. Yes + 2. Yes, and approve pytest for the rest of this session + 3. No, and tell Copilot what to do differently (Esc) + ``` + + Choose **2** to approve `pytest` for the rest of the session. + +2. Use the `--allow-tool` flag to pre-approve specific commands at launch. This is useful for CI scripts or trusted tasks: + + ```bash + copilot --allow-tool 'shell(pytest)' --allow-tool 'write' + ``` + + - `shell(COMMAND)` β€” approves a specific shell command. Omit the command name to allow all shell commands. + - `write` β€” approves all file modifications without individual prompts. + +3. Use `--deny-tool` to block specific commands even when `--allow-all-tools` is set. For example, to allow everything except `rm` and `git push`: + + ```bash + copilot --allow-all-tools --deny-tool 'shell(rm)' --deny-tool 'shell(git push)' + ``` + + `--deny-tool` always takes precedence over `--allow-tool` and `--allow-all-tools`. + +#### Programmatic Mode + +For headless use in scripts and CI pipelines, pass a prompt directly with `-p` instead of opening an interactive session: + +4. Run a single task non-interactively: + + ```bash + copilot -p "Show me this week's commits and summarize them" --allow-tool 'shell(git)' + ``` + + Copilot completes the task and exits. You can also pipe options from a script: + + ```bash + echo "Run pytest and report any failures" | copilot --allow-tool 'shell(pytest)' + ``` + +#### Context Management + +For long sessions working on large codebases, the conversation history can approach the model's token limit. The CLI manages this automatically and gives you manual control. + +5. Check how much of your context window is in use at any time: + + ``` + /context + ``` + + This shows a token usage breakdown split by system prompt, conversation history, and available remaining tokens. + +6. When you want to free up context without ending the session, run: + + ``` + /compact + ``` + + Copilot compresses the conversation history while retaining key facts about the tasks completed so far. Press `Escape` to cancel if you change your mind. + +7. Auto-compaction kicks in automatically when the session approaches **95%** of the token limit, compressing history in the background without interrupting your workflow. This enables virtually unlimited session length β€” you can work on a feature from start to finish without restarting. + +In the above exercises we achieved the following: +- βœ… Understood per-action tool approval prompts +- βœ… Pre-approved tools with `--allow-tool` and blocked tools with `--deny-tool` +- βœ… Used programmatic mode for headless CLI invocations +- βœ… Monitored and managed conversation context with `/context` and `/compact` + +--- + +[← Previous: Install and Modes](1-Install-and-Modes.md) | [Next: GitHub Integration and Workflows β†’](3-GitHub-Integration-and-Workflows.md) diff --git a/Using-GitHub-Copilot-CLI/3-GitHub-Integration-and-Workflows.md b/Using-GitHub-Copilot-CLI/3-GitHub-Integration-and-Workflows.md new file mode 100644 index 0000000..71240c4 --- /dev/null +++ b/Using-GitHub-Copilot-CLI/3-GitHub-Integration-and-Workflows.md @@ -0,0 +1,249 @@ +# Module 3: GitHub Integration and Workflows + +[← Previous: Tool Approval and Context](2-Tool-Approval-and-Context.md) | [Next: Customization and Extensions β†’](4-Customization-and-Extensions.md) + +--- + +### πŸ—’οΈ Section 4: GitHub.com Integration and Model Selection + +🎯 **Learning Goals** +- Use Copilot CLI to interact with GitHub.com natively β€” list issues, open PRs, and manage workflows +- Work on a GitHub Issue directly from the terminal +- Select and switch AI models using `/model` +- Use `gh agent-task` to kick off and monitor remote Copilot coding agent tasks + +The standalone Copilot CLI ships with the GitHub MCP server built in and authenticates using your existing GitHub credentials, so GitHub.com interactions feel like a natural part of the conversation. + +#### Interacting with GitHub.com + +1. Launch a session in the sample project directory: + + ```bash + copilot + ``` + +2. List your open pull requests across all repositories: + + ``` + List my open PRs + ``` + + For repository-specific results: + + ``` + List all open issues assigned to me in / + ``` + +3. Ask Copilot to start working on an issue. Replace the URL with one from your fork of the sample repo: + + ``` + I've been assigned this issue: https://github.com///issues/. Start working on this for me in a suitably named branch. + ``` + + Copilot will read the issue, create a branch, implement the change, run tests, and report back. + +4. Create a pull request directly from the CLI: + + ``` + In the root of this repo, add a Python script called health_check.py that pings the /health endpoint and prints the result. Create a pull request to add this file to the repo on GitHub. + ``` + + You are marked as the PR author even though Copilot did the work. + +5. Ask Copilot to review a PR for problems: + + ``` + Check the changes made in PR https://github.com///pull/. Report any serious errors you find. + ``` + +6. Find good first issues for a new contributor using the built-in GitHub MCP server: + + ``` + Use the GitHub MCP server to find good first issues for a new team member in / + ``` + + Specifying the MCP server by name in your prompt helps Copilot route the request efficiently. + +#### Model Selection + +7. To see all available models and switch, use the `/model` slash command: + + ``` + /model + ``` + + A selection list appears. Available models include (as of February 2026): + + | Model | Request multiplier | Notes | + |---|---|---| + | Claude Sonnet 4.6 (default) | 1Γ— (tentative) | GA Feb 17 2026; excels at agentic coding & search | + | Claude Sonnet 4.5 | 1Γ— | | + | Claude Sonnet 4 | 1Γ— | | + | Claude Opus 4.6 | varies | GA Feb 5 2026; best for hard planning & tool-calling tasks | + | Claude Opus 4.6 Fast | 30Γ— | Preview, Pro+/Enterprise only; up to 2.5Γ— faster output | + | GPT-5.3-Codex | varies | GA Feb 9 2026; 25% faster than GPT-5.2-Codex on agentic tasks | + + > **Note**: Model availability depends on your Copilot plan (Pro, Pro+, Business, Enterprise). Enterprise/Business admins must enable each model in org Copilot settings. Check [supported models](https://docs.github.com/copilot/reference/ai-models/supported-models) for the latest multipliers. + + Each prompt reduces your monthly premium request quota by the multiplier shown. + +8. You can also set the model at launch time: + + ```bash + copilot --model claude-sonnet-4 + ``` + +#### Remote Agent Tasks with `gh agent-task` + +The `gh agent-task` command set lets you kick off a Copilot coding agent task on GitHub (running in the cloud on a remote Codespace) and monitor its progress from your local terminal β€” without the agent using your local files. + +9. Create a remote agent task linked to an issue: + + ```bash + gh agent-task create --repo / --issue + ``` + + The agent task is queued on GitHub. The Copilot coding agent will pick it up, implement the change, and open a pull request. + +10. List all agent tasks for a repository: + + ```bash + gh agent-task list --repo / + ``` + +11. Check the status of a specific task: + + ```bash + gh agent-task view --repo / + ``` + + When the task is complete, a pull request URL is shown. Review it with: + + ```bash + gh pr view --web + ``` + +In the above exercises we achieved the following: +- βœ… Listed issues and PRs from GitHub.com natively in the CLI +- βœ… Asked Copilot to work on a GitHub Issue and create a PR +- βœ… Selected and switched AI models with `/model` +- βœ… Created and monitored remote agent tasks with `gh agent-task` + +--- + +### πŸ—’οΈ Section 5: A Real-World End-to-End Python Workflow + +🎯 **Learning Goals** +- Combine interactive mode, plan mode, tool approval, context management, and GitHub.com integration into a single repeatable workflow +- Apply the full toolkit to a realistic Python feature-development scenario +- Use `gh agent-task` for async work that does not block your local session +- Understand when to use default mode, plan mode, autopilot, or remote agent tasks + +In this section you will bring everything together. You will use the GitHub Copilot CLI β€” including plan mode, tool approval, context management, GitHub.com integration, and `gh agent-task` β€” to take a feature from raw idea to merged pull request, touching every stage of a real development cycle. + +#### Scenario + +You have been asked to add **pagination support** to the `/token` endpoint. The endpoint currently returns all generated tokens at once; it needs to accept `page` and `page_size` query parameters, validate them, and return a paginated response with metadata. + +#### Step 1 β€” Understand the current state + +1. Launch a session in the project root and ask Copilot for an overview of the token feature: + + ```bash + copilot + ``` + + ``` + Show me all files that are involved in the /token endpoint, including models, handlers, and tests. + ``` + + Copilot reads the codebase and produces a file map β€” no shell scripting required. + +2. Ask Copilot to explain the current FastAPI route structure before modifying it: + + ``` + Explain how the token generation route is registered and what Pydantic models it uses. + ``` + +#### Step 2 β€” Plan the change using Plan Mode + +3. Press `Shift+Tab` to switch to **Plan** mode, then describe the full feature: + + ``` + Add pagination to the /token endpoint. It should accept page and page_size query parameters with validation using Pydantic, return a PaginatedResponse model with items and metadata (total, page, page_size, total_pages), update the OpenAPI spec, and include pytest tests for happy-path and edge cases. + ``` + + Review Copilot's structured plan. Confirm or revise individual steps before execution begins. + +4. Once you approve the plan, press `Shift+Tab` to switch back to default mode (or keep plan mode β€” Copilot will execute each step and check in after each one). + +#### Step 3 β€” Build and test + +5. Copilot creates `models/pagination.py`, updates the route handler in `main.py`, and scaffolds tests in `tests/`. When it requests permission to run `pytest`, approve it: + + ``` + 1. Yes, and approve pytest for the rest of this session + ``` + + Copilot runs the tests, observes any failures, and self-corrects until all tests pass. + +6. Check context usage mid-session if the conversation has been running for a while: + + ``` + /context + ``` + + If usage is above 70%, run `/compact` to free up space before the final steps. + +#### Step 4 β€” Commit and create a PR via GitHub.com integration + +7. In this next task we will work asynchronously with Copilot using the local CLI. Ask Copilot to commit the changes and open a pull request: + + ``` + Commit these changes with a conventional commit message and create a pull request against main with a description that summarises the pagination feature. + ``` + + Copilot uses the built-in GitHub MCP server to create the PR on GitHub.com, with you listed as the author. + +8. Every coding agent task runs on a fresh branch and opens a new pull request based on the current default branch. The agent does not reuse your local branch or modify existing pull requests. Instead, it starts from the latest state of the repository's default branch (for example, main), creates its own isolated branch in the cloud, applies the requested changes, and then opens a new PR for you to review and merge + +While the agent is working locally and in the background, we are going to kick off a remote agent task to ask the remote agent to add docstrings to the new code, so it runs asynchronously in the cloud while you move on to other work: + + ```bash + gh agent-task create --repo / --issue \ + --body "Add Google-style docstrings to PaginatedResponse and the updated token route handler." + ``` + +9. Monitor Copilot's progress and after review merge: + + ```bash + gh agent-task list --repo / + gh pr view --web + ``` + +#### Workflow Summary + +The complete workflow you just executed maps to a repeatable pattern for any Python feature: + +| Stage | Tool | Action | +|---|---|---| +| Explore | Copilot CLI (default mode) | Map affected files with natural language | +| Design | Copilot CLI (plan mode) | Build and review a structured implementation plan | +| Build & test | Copilot CLI (default/plan mode) | Implement, run pytest, self-correct | +| Context | `/context` + `/compact` | Monitor and manage token usage | +| Ship | GitHub.com integration | Commit and open PR from the terminal | +| Polish | `gh agent-task` | Async documentation via remote agent | +| Review | `gh pr view` | Inspect and merge | + +πŸš€ Congratulations! You have completed the full GitHub Copilot CLI workshop. You now have a practical, end-to-end workflow that covers every stage of Python feature development β€” from interactive planning to autonomous agent-driven pull requests. + +In the above exercises we achieved the following: +- βœ… Used plan mode to design a feature before writing a single line of code +- βœ… Built, tested, and self-corrected with the Copilot CLI +- βœ… Managed conversation context with `/context` and `/compact` +- βœ… Created a pull request via GitHub.com integration from the terminal +- βœ… Kicked off an async documentation task using `gh agent-task` + +--- + +[← Previous: Tool Approval and Context](2-Tool-Approval-and-Context.md) | [Next: Customization and Extensions β†’](4-Customization-and-Extensions.md) diff --git a/Using-GitHub-Copilot-CLI/4-Customization-and-Extensions.md b/Using-GitHub-Copilot-CLI/4-Customization-and-Extensions.md new file mode 100644 index 0000000..392fcf2 --- /dev/null +++ b/Using-GitHub-Copilot-CLI/4-Customization-and-Extensions.md @@ -0,0 +1,254 @@ +# Module 4: Customization and Extensions + +[← Previous: GitHub Integration and Workflows](3-GitHub-Integration-and-Workflows.md) | [Back to overview](README.md) + +--- + +### πŸ—’οΈ Section 6: Context Optimzation with Copilot: Custom Agents, Custom Instructions, and MCP Integrations + +🎯 **Learning Goals** +- Understand custom agents and how to configure them for specialised tasks +- Create custom instructions files for Python projects +- Discover and install community-contributed plugins and skills from Awesome Copilot +- Use Copilot Memory for persistent context across sessions +- Add additional MCP servers to extend CLI capabilities beyond GitHub + +#### Custom Instructions for Python + +GitHub Copilot instructions files are markdown documents that provide essential context to guide Copilot's behavior within a specific codebase. These files help tailor AI-generated suggestions to match your team's coding standards, architectural patterns, naming conventions, testing strategies, and deployment practices. + +1. Create a `copilot-instructions.md` file in the `.github` directory of your project: + + ```markdown + # Project Guidelines + + ## Project Overview + + This repository contains a FastAPI application that provides various endpoints for token generation, text echo, and checksum calculation. + + ## Technology Stack + - **Framework**: FastAPI + - **Testing**: pytest with pytest-mock + - **Validation**: Pydantic models + + ### ✨ Coding Style + - Follow **PEP 8** standards for formatting and naming. + - Use **type hints** consistently across all functions. + - Prefer **f-strings** for string interpolation. + - Include **Google-style docstrings** for all public functions and classes. + + ### πŸ§ͺ Testing Guidance + - Use **pytest** for writing unit tests. + - Mock external dependencies using `pytest-mock`. + - Name tests descriptively, e.g., `test_generate_token_valid_input`. + + ### πŸ—οΈ Architecture Preferences + - Use **FastAPI** conventions for routing and dependency injection. + - Define **Pydantic models** for request and response schemas. + - Keep logic modularβ€”separate API routes, models, and utility functions. + + ### πŸ“š Documentation & Comments + - Generate concise inline comments for non-obvious logic. + - Include endpoint descriptions in FastAPI route docstrings. + - Avoid redundant comments that restate code behavior. + ``` + +2. Create scoped instructions for specific directories. In `.github/instructions/`, create `api.instructions.md`: + + ```markdown + --- + applyTo: "webapp/**/*.py" + --- + + ## API Coding Conventions + + - Follow PEP 8 for variables and functions + - PascalCase for class names + - Use type hints for clarity and tooling support + - Add detailed docstrings to endpoint functions + - Include examples in Pydantic model Config + - Use descriptive parameter names and Field descriptions + - Consider async handlers for I/O bound operations + - Configure CORS with specific origins in production + - Use middleware for rate limiting + + ## Error Handling + + - Return appropriate HTTP status codes + - Provide human-readable error messages with actionable information + - Use FastAPI's HTTPException for error responses + ``` + +#### Custom Agents + +Custom agents are specialized versions of Copilot configured for specific tasks or roles β€” for example, a data science agent that follows your team's pandas conventions, or a security agent that checks for common vulnerabilities. + +3. Create a custom agent configuration file at `.github/agents/fastapi-expert.md` in the sample project: + + ```markdown + --- + name: fastapi-expert + description: A FastAPI specialist that follows best practices for async Python web development. + --- + + ## Role + You are a Python backend engineer specialising in FastAPI and async Python. + + ## Conventions + - Use async/await for all I/O operations + - Define Pydantic models for all request/response bodies + - Use dependency injection for shared resources (database, config) + - Follow RESTful naming conventions for endpoints + - Include OpenAPI documentation via docstrings + - Use proper HTTP status codes (201 for creation, 204 for delete, etc.) + - Implement proper error handling with HTTPException + ``` + +4. Invoke the custom agent in a session by mentioning it in your prompt: + + ``` + @fastapi-expert Add rate limiting middleware to the API and implement proper error handling for all endpoints. + ``` + + The `@fastapi-expert` agent uses your conventions file as additional system context, producing output that matches your team's standards without you having to explain them each time. + +#### Community Extensions with Awesome Copilot + +So far you have created custom instructions and agents from scratch. The [Awesome Copilot](https://github.com/github/awesome-copilot) repository is a community-curated collection of ready-made agents, prompts, instructions, skills, and plugins that you can install directly into your workflow β€” saving you the effort of writing everything yourself. + +The Awesome Copilot plugin system lets you browse and install curated bundles of related resources. Each plugin groups together agents, slash commands, and skills organised around a specific theme or workflow. + +5. Add the Awesome Copilot plugin marketplace to your CLI: + + ```bash + copilot plugin marketplace add github/awesome-copilot + ``` + +6. Install the `awesome-copilot` plugin, which provides meta-commands for discovering and installing other community resources: + + ```bash + copilot plugin install awesome-copilot@awesome-copilot + ``` + +7. Launch a session and use the plugin's slash command to find skills relevant to your Python project: + + ```bash + copilot + ``` + + ``` + /awesome-copilot:suggest-awesome-github-copilot-skills + ``` + + The plugin analyses your repository context and suggests matching skills from the community collection. You can also search for instructions and agents: + + ``` + /awesome-copilot:suggest-awesome-github-copilot-instructions + ``` + + ``` + /awesome-copilot:suggest-awesome-github-copilot-agents + ``` + +8. Browse the full collection at [github.com/github/awesome-copilot](https://github.com/github/awesome-copilot) to explore available plugins, skills, and instructions. Notable resources for Python projects include plugins for Python MCP development, testing automation, and security best practices. + +#### Copilot Memory + +Copilot Memory allows the CLI to build a persistent understanding of your repository across sessions. It stores "memories" β€” coding conventions, patterns, and preferences deduced from your work β€” so you don't need to re-explain context in every new session. + +9. After completing a significant task in a session, ask Copilot to summarise what it learned: + + ``` + /memory + ``` + + Review the stored memories. You can add, edit, or delete entries to correct any misunderstandings. + +10. Start a new session and observe that Copilot already knows project-specific context β€” for example, that you prefer pytest over unittest or that you use Pydantic v2 syntax β€” without you having to repeat it. + +#### Adding MCP Servers + +The CLI ships with the GitHub MCP server pre-configured and authenticated. You can add additional MCP servers (for databases, monitoring tools, cloud providers, etc.) via a config file. + +11. Open or create `~/.copilot/mcp-config.json` (user-level, applies to all projects) or `.github/mcp.json` (repository-level): + + ```json + { + "servers": { + "postgres": { + "command": "docker", + "args": [ + "run", "-i", "--rm", + "-e", "DATABASE_URL", + "mcp/postgres" + ], + "env": { + "DATABASE_URL": "postgresql://localhost:5432/mydb" + } + } + } + } + ``` + +12. List configured MCP servers from within an active session: + + ``` + /mcp + ``` + + Select a server from the list to see which tools it exposes. You can then use those tools in natural language: + + ``` + Use the postgres MCP server to show me the schema of the users table. + ``` + +13. When pre-approving MCP server tools at launch, use the server name as the `--allow-tool` argument: + + ```bash + copilot --allow-tool 'postgres' + ``` + + To allow only a specific tool from the server: + + ```bash + copilot --allow-tool 'postgres(query)' --deny-tool 'postgres(execute)' + ``` + +#### Hooks + +Hooks let you execute custom shell commands at key points during agent execution β€” for example, running a linter after every file write, or logging actions for an audit trail. + +14. Create a hook file at `.github/hooks/post-write.sh`: + + ```bash + #!/bin/bash + # Run the linter and formatter on any Python file that was just written + if [[ "$COPILOT_HOOK_FILE" == *.py ]]; then + ruff check --fix "$COPILOT_HOOK_FILE" + ruff format "$COPILOT_HOOK_FILE" + fi + ``` + + Register the hook in `.github/hooks/config.json`: + + ```json + { + "hooks": [ + { "event": "post-write", "command": ".github/hooks/post-write.sh" } + ] + } + ``` + + Now every time Copilot writes a `.py` file, it will be automatically linted and formatted before the next step runs. + +In the above exercises we achieved the following: +- βœ… Created custom instructions for Python projects +- βœ… Created a custom agent with project-specific conventions +- βœ… Discovered and installed community plugins and skills from Awesome Copilot +- βœ… Used Copilot Memory for persistent cross-session context +- βœ… Added and queried additional MCP servers +- βœ… Configured hooks to automate linting after file writes + +--- + +[← Previous: GitHub Integration and Workflows](3-GitHub-Integration-and-Workflows.md) | [Back to overview](README.md) diff --git a/Using-GitHub-Copilot-CLI/README.md b/Using-GitHub-Copilot-CLI/README.md index cc98c64..f4021c3 100644 --- a/Using-GitHub-Copilot-CLI/README.md +++ b/Using-GitHub-Copilot-CLI/README.md @@ -4,13 +4,13 @@ Welcome to a hands-on, multi-module course that takes GitHub Copilot beyond the editor and directly into your terminal as a fully autonomous coding agent. The GitHub Copilot CLI is a standalone AI-powered tool β€” separate from the `gh` extension β€” that opens an interactive chat session in your terminal, understands your local codebase, and can plan and execute complex multi-step coding tasks on your behalf. -Prepare for a practical, end-to-end experience! You will install the `copilot` CLI, master its interactive and programmatic interfaces (including plan mode and auto model selection), control tool permissions, manage conversation context, integrate with GitHub.com, select models, configure custom agents, and combine everything into a real-world Python development workflow. +Prepare for a practical, end-to-end experience! You will install the `copilot` CLI, master its interactive and programmatic interfaces (including plan mode and auto model selection), control tool permissions, manage conversation context, integrate with GitHub.com, select models, configure custom agents, discover community extensions from [Awesome Copilot](https://github.com/github/awesome-copilot), and combine everything into a real-world Python development workflow. - **Who this is for**: Python Developers, DevOps Engineers, Platform Engineers, Software Development Managers, Testers. -- **What you'll learn**: How to install and use the standalone GitHub Copilot CLI, leverage its interactive and plan modes, use Auto model selection, control tool approval, manage context, interact with GitHub.com, select AI models, configure custom agents, and use `gh agent-task` for remote agent tasks. +- **What you'll learn**: How to install and use the standalone GitHub Copilot CLI, leverage its interactive and plan modes, use Auto model selection, control tool approval, manage context, interact with GitHub.com, select AI models, configure custom agents, install community-contributed plugins and skills from [Awesome Copilot](https://github.com/github/awesome-copilot), and use `gh agent-task` for remote agent tasks. - **What you'll build**: A real-world CLI-driven workflow for Python projects covering project analysis, debugging, refactoring, test generation, and agent-assisted automation using MCP integrations. - **Prerequisites**: GitHub Copilot is available to use for free, sign up for [GitHub Copilot](https://gh.io/copilot). Basic familiarity with a terminal, Git, and Python is recommended. - **Timing**: This module can be completed in under 90 minutes. @@ -25,6 +25,7 @@ By the end of this module, you'll acquire the skills to be able to: - Select and switch AI models using `/model`. - Configure custom agents and use `gh agent-task` to kick off and monitor remote agent tasks. - Leverage MCP servers to extend CLI capabilities for Python projects. +- Discover and install community-contributed plugins and skills from [Awesome Copilot](https://github.com/github/awesome-copilot). ## Prerequisite reading: - [Introduction to prompt engineering with GitHub Copilot](https://learn.microsoft.com/training/modules/introduction-prompt-engineering-with-github-copilot/?WT.mc_id=academic-113596-abartolo) @@ -44,730 +45,16 @@ By the end of this module, you'll acquire the skills to be able to: This workshop uses a Python FastAPI sample project. Throughout the exercises you will use the GitHub Copilot CLI and Coding Agent to understand, improve, and extend this project β€” entirely from the terminal and through agent-driven automation. ---- - -### πŸ—’οΈ Section 1: Install and Verify the GitHub Copilot CLI - -🎯 **Learning Goals** -- Install the GitHub Copilot CLI - -The **GitHub Copilot CLI** (`copilot`) is a standalone terminal application β€” distinct from the old `gh copilot` extension β€” that opens a full interactive AI chat session in your terminal. It ships with the GitHub MCP server built in, supports plan mode and auto model selection, and can autonomously read files, run commands, and interact with GitHub.com on your behalf. - -> **Note**: The `gh extension install github/gh-copilot` extension was deprecated in September 2025 and archived at v1.2.0. This workshop uses the new standalone `copilot` CLI. - -#### Prerequisites - -This workshop uses two separate CLI tools: - -- **`copilot`** β€” the standalone GitHub Copilot CLI (installed below) -- **`gh`** β€” the GitHub CLI, required for `gh agent-task` commands in Sections 4 and 6 - -**NOTE:** To complete 4 and 6, the Copilot Free tier will need to be upgraded to allow for Agent Mode - -Install `gh` first if you don't already have it: - -**Windows:** -```powershell -winget install GitHub.CLI -``` -**macOS / Linux:** -```bash -brew install gh -``` -Then authenticate: `gh auth login` - ---- - -#### Installing the Copilot CLI - -1. Choose the installation method for your platform: - - **Windows** (WinGet): - ```powershell - winget install GitHub.Copilot - ``` - - **macOS / Linux** (Homebrew): - ```bash - brew install copilot-cli - ``` - - **Any platform** (pip): - ```bash - pip install github-copilot-cli - ``` - - **macOS / Linux** (install script): - ```bash - curl -fsSL https://gh.io/copilot-install | bash - ``` - -2. Verify the installation: - - ```bash - copilot --version - ``` - -3. Launch the CLI from the root of the sample project. On first launch you will see an animated welcome banner and be prompted to log in if you are not already authenticated: - - ```bash - copilot - ``` - - If prompted, use the `/login` slash command and follow the on-screen instructions to authenticate with your GitHub account. - - Alternatively, authenticate headlessly using a fine-grained Personal Access Token (PAT) with the **Copilot Requests** permission set in the `GH_TOKEN` or `GITHUB_TOKEN` environment variable: - - ```bash - export GH_TOKEN= - copilot - ``` - -4. Keep the CLI up to date using the same package manager you used to install it. For example: - - ```bash - brew upgrade copilot-cli # macOS/Linux via Homebrew - winget upgrade GitHub.Copilot # Windows via WinGet - pip install --upgrade github-copilot-cli # pip - ``` - -In the above exercises we achieved the following: -- βœ… Installed the standalone GitHub Copilot CLI -- βœ… Authenticated and launched an interactive session -- βœ… Understood the distinction from the deprecated `gh copilot` extension - ---- - -### πŸ—’οΈ Section 2: Interactive Modes β€” Default, Plan, and Autopilot - -🎯 **Learning Goals** -- Use the default ask/execute mode for general coding tasks -- Switch to plan mode to build a structured implementation plan before writing code -- Enable Auto model selection to reduce rate limiting and simplify model management -- Navigate the interactive interface using slash commands - -The GitHub Copilot CLI interactive session (launched with `copilot`) offers three modes. You cycle between them with `Shift+Tab`. - -#### Default (Ask/Execute) Mode - -In default mode Copilot responds to each prompt, asks clarifying questions when needed, and requests your approval before modifying files or running commands. - -1. Launch the CLI from the sample project root: - - ```bash - copilot - ``` - -2. Ask Copilot a question about the project to confirm it has context: - - ``` - Explain the overall structure of this Python project and what each file contains. - ``` - - Copilot reads the files in the current directory and responds with a summary. - -3. Ask it to make a small change β€” for example, add a `/ping` endpoint. Copilot will propose the change and ask for your approval before writing to disk: - - ``` - Add a GET /ping endpoint to the FastAPI app that returns {"status": "ok"} with HTTP 200. - ``` - - When Copilot requests permission to edit `main.py`, choose **Yes** to allow the change for this action only, or **Yes, and approve for the rest of this session** to skip future prompts for this file tool. - -#### Plan Mode - -Plan mode is ideal for larger or less well-defined tasks. Instead of immediately writing code, Copilot analyses your request, asks clarifying questions, and produces a structured step-by-step implementation plan. No code is written until you approve the plan. - -4. Press `Shift+Tab` to cycle to **Plan** mode. You will see the mode indicator change in the prompt. - -5. Give Copilot a multi-step task: - - ``` - Refactor the token generation endpoint to use a service class with dependency injection, add CRUD operations for a User entity with Pydantic models, and write pytest tests for both. - ``` - - Copilot will ask clarifying questions β€” for example, which test framework to use, whether to use in-memory or mocked repositories β€” before producing a numbered plan. - -6. Review the plan. You can ask Copilot to revise a specific step before it begins: - - ``` - Change step 3 to use pytest-mock instead of unittest.mock for mocking. - ``` - - Once you are satisfied, confirm the plan and Copilot will execute each step sequentially, requesting tool approval as needed. - -#### Auto Model Selection - -Instead of manually picking a model every session, you can let Copilot automatically choose the best available model on your behalf. This reduces rate limiting and removes the mental overhead of model selection. Auto model selection is available on all Copilot plans. - -7. Open the model picker and choose **Auto**: - - ``` - /model - ``` - - Select **Auto** from the list. With Auto enabled, Copilot picks from a pool of 1Γ— multiplier models β€” currently GPT-4.1, GPT-5 mini, GPT-5.2-Codex, GPT-5.3-Codex, Claude Haiku 4.5, and Claude Sonnet 4.5 β€” subject to your organization's policies and your subscription. The pool changes over time as new models become available. - - > **Note**: Auto will never select models excluded by administrator policy, models with a premium multiplier greater than 1Γ—, or models unavailable on your plan. - - > **Paid plan tip**: When using Auto on a paid plan (Pro, Pro+, Business, Enterprise), qualifying models receive a **10% multiplier discount** compared to selecting the same model manually. - - > **Coding agent note**: Auto model selection for `gh agent-task` (Copilot coding agent) is generally available for **Pro and Pro+ plans only**. - -8. To see which model handled a response, check the CLI output β€” the model used is reported alongside each reply. - -9. Override Auto at any time by picking a specific model from `/model`, or set one at launch: - - ```bash - copilot --model claude-sonnet-4.6 - ``` - -In the above exercises we achieved the following: -- βœ… Used default mode for interactive ask/execute tasks -- βœ… Used plan mode to design a multi-step implementation before writing code -- βœ… Enabled Auto model selection for automatic model choice - ---- - -### πŸ—’οΈ Section 3: Tool Approval and Context Management - -🎯 **Learning Goals** -- Understand how tool approval protects you from unintended changes -- Use `--allow-tool`, `--deny-tool`, and `--allow-all-tools` to configure automatic approval -- Use programmatic mode with `-p` for scripted and headless workflows -- Manage conversation context with `/compact`, `/context`, and auto-compaction - -#### Tool Approval - -Every time Copilot wants to modify a file or execute a shell command it asks for your approval. This keeps you in control β€” but for trusted, repetitive tasks you can pre-approve specific tools. - -1. Launch a new session and ask Copilot to run the project's tests: - - ```bash - copilot - ``` - - ``` - Run all the tests in the project and show me a summary of the results. - ``` - - When Copilot asks permission to run `pytest`, notice the three options presented: - - ``` - 1. Yes - 2. Yes, and approve pytest for the rest of this session - 3. No, and tell Copilot what to do differently (Esc) - ``` - - Choose **2** to approve `pytest` for the rest of the session. - -2. Use the `--allow-tool` flag to pre-approve specific commands at launch. This is useful for CI scripts or trusted tasks: - - ```bash - copilot --allow-tool 'shell(pytest)' --allow-tool 'write' - ``` - - - `shell(COMMAND)` β€” approves a specific shell command. Omit the command name to allow all shell commands. - - `write` β€” approves all file modifications without individual prompts. - -3. Use `--deny-tool` to block specific commands even when `--allow-all-tools` is set. For example, to allow everything except `rm` and `git push`: - - ```bash - copilot --allow-all-tools --deny-tool 'shell(rm)' --deny-tool 'shell(git push)' - ``` - - `--deny-tool` always takes precedence over `--allow-tool` and `--allow-all-tools`. - -#### Programmatic Mode - -For headless use in scripts and CI pipelines, pass a prompt directly with `-p` instead of opening an interactive session: - -4. Run a single task non-interactively: - - ```bash - copilot -p "Show me this week's commits and summarize them" --allow-tool 'shell(git)' - ``` - - Copilot completes the task and exits. You can also pipe options from a script: - - ```bash - echo "Run pytest and report any failures" | copilot --allow-tool 'shell(pytest)' - ``` - -#### Context Management - -For long sessions working on large codebases, the conversation history can approach the model's token limit. The CLI manages this automatically and gives you manual control. - -5. Check how much of your context window is in use at any time: - - ``` - /context - ``` - - This shows a token usage breakdown split by system prompt, conversation history, and available remaining tokens. - -6. When you want to free up context without ending the session, run: - - ``` - /compact - ``` - - Copilot compresses the conversation history while retaining key facts about the tasks completed so far. Press `Escape` to cancel if you change your mind. - -7. Auto-compaction kicks in automatically when the session approaches **95%** of the token limit, compressing history in the background without interrupting your workflow. This enables virtually unlimited session length β€” you can work on a feature from start to finish without restarting. - -In the above exercises we achieved the following: -- βœ… Understood per-action tool approval prompts -- βœ… Pre-approved tools with `--allow-tool` and blocked tools with `--deny-tool` -- βœ… Used programmatic mode for headless CLI invocations -- βœ… Monitored and managed conversation context with `/context` and `/compact` - ---- - -### πŸ—’οΈ Section 4: GitHub.com Integration and Model Selection - -🎯 **Learning Goals** -- Use Copilot CLI to interact with GitHub.com natively β€” list issues, open PRs, and manage workflows -- Work on a GitHub Issue directly from the terminal -- Select and switch AI models using `/model` -- Use `gh agent-task` to kick off and monitor remote Copilot coding agent tasks - -The standalone Copilot CLI ships with the GitHub MCP server built in and authenticates using your existing GitHub credentials, so GitHub.com interactions feel like a natural part of the conversation. - -#### Interacting with GitHub.com - -1. Launch a session in the sample project directory: - - ```bash - copilot - ``` - -2. List your open pull requests across all repositories: - - ``` - List my open PRs - ``` - - For repository-specific results: - - ``` - List all open issues assigned to me in / - ``` - -3. Ask Copilot to start working on an issue. Replace the URL with one from your fork of the sample repo: - - ``` - I've been assigned this issue: https://github.com///issues/. Start working on this for me in a suitably named branch. - ``` - - Copilot will read the issue, create a branch, implement the change, run tests, and report back. - -4. Create a pull request directly from the CLI: - - ``` - In the root of this repo, add a Python script called health_check.py that pings the /health endpoint and prints the result. Create a pull request to add this file to the repo on GitHub. - ``` - - You are marked as the PR author even though Copilot did the work. - -5. Ask Copilot to review a PR for problems: - - ``` - Check the changes made in PR https://github.com///pull/. Report any serious errors you find. - ``` +> ### πŸ‘‰ [Start here β€” Module 1: Install and Modes](1-Install-and-Modes.md) -6. Find good first issues for a new contributor using the built-in GitHub MCP server: +The workshop is split across four modules. Work through them in order: - ``` - Use the GitHub MCP server to find good first issues for a new team member in / - ``` - - Specifying the MCP server by name in your prompt helps Copilot route the request efficiently. - -#### Model Selection - -7. To see all available models and switch, use the `/model` slash command: - - ``` - /model - ``` - - A selection list appears. Available models include (as of February 2026): - - | Model | Request multiplier | Notes | - |---|---|---| - | Claude Sonnet 4.6 (default) | 1Γ— (tentative) | GA Feb 17 2026; excels at agentic coding & search | - | Claude Sonnet 4.5 | 1Γ— | | - | Claude Sonnet 4 | 1Γ— | | - | Claude Opus 4.6 | varies | GA Feb 5 2026; best for hard planning & tool-calling tasks | - | Claude Opus 4.6 Fast | 30Γ— | Preview, Pro+/Enterprise only; up to 2.5Γ— faster output | - | GPT-5.3-Codex | varies | GA Feb 9 2026; 25% faster than GPT-5.2-Codex on agentic tasks | - - > **Note**: Model availability depends on your Copilot plan (Pro, Pro+, Business, Enterprise). Enterprise/Business admins must enable each model in org Copilot settings. Check [supported models](https://docs.github.com/copilot/reference/ai-models/supported-models) for the latest multipliers. - - Each prompt reduces your monthly premium request quota by the multiplier shown. - -8. You can also set the model at launch time: - - ```bash - copilot --model claude-sonnet-4 - ``` - -#### Remote Agent Tasks with `gh agent-task` - -The `gh agent-task` command set lets you kick off a Copilot coding agent task on GitHub (running in the cloud on a remote Codespace) and monitor its progress from your local terminal β€” without the agent using your local files. - -9. Create a remote agent task linked to an issue: - - ```bash - gh agent-task create --repo / --issue - ``` - - The agent task is queued on GitHub. The Copilot coding agent will pick it up, implement the change, and open a pull request. - -10. List all agent tasks for a repository: - - ```bash - gh agent-task list --repo / - ``` - -11. Check the status of a specific task: - - ```bash - gh agent-task view --repo / - ``` - - When the task is complete, a pull request URL is shown. Review it with: - - ```bash - gh pr view --web - ``` - -In the above exercises we achieved the following: -- βœ… Listed issues and PRs from GitHub.com natively in the CLI -- βœ… Asked Copilot to work on a GitHub Issue and create a PR -- βœ… Selected and switched AI models with `/model` -- βœ… Created and monitored remote agent tasks with `gh agent-task` - ---- - -### πŸ—’οΈ Section 5: A Real-World End-to-End Python Workflow - -🎯 **Learning Goals** -- Combine interactive mode, plan mode, tool approval, context management, and GitHub.com integration into a single repeatable workflow -- Apply the full toolkit to a realistic Python feature-development scenario -- Use `gh agent-task` for async work that does not block your local session -- Understand when to use default mode, plan mode, autopilot, or remote agent tasks - -In this section you will bring everything together. You will use the GitHub Copilot CLI β€” including plan mode, tool approval, context management, GitHub.com integration, and `gh agent-task` β€” to take a feature from raw idea to merged pull request, touching every stage of a real development cycle. - -#### Scenario - -You have been asked to add **pagination support** to the `/token` endpoint. The endpoint currently returns all generated tokens at once; it needs to accept `page` and `page_size` query parameters, validate them, and return a paginated response with metadata. - -#### Step 1 β€” Understand the current state - -1. Launch a session in the project root and ask Copilot for an overview of the token feature: - - ```bash - copilot - ``` - - ``` - Show me all files that are involved in the /token endpoint, including models, handlers, and tests. - ``` - - Copilot reads the codebase and produces a file map β€” no shell scripting required. - -2. Ask Copilot to explain the current FastAPI route structure before modifying it: - - ``` - Explain how the token generation route is registered and what Pydantic models it uses. - ``` - -#### Step 2 β€” Plan the change using Plan Mode - -3. Press `Shift+Tab` to switch to **Plan** mode, then describe the full feature: - - ``` - Add pagination to the /token endpoint. It should accept page and page_size query parameters with validation using Pydantic, return a PaginatedResponse model with items and metadata (total, page, page_size, total_pages), update the OpenAPI spec, and include pytest tests for happy-path and edge cases. - ``` - - Review Copilot's structured plan. Confirm or revise individual steps before execution begins. - -4. Once you approve the plan, press `Shift+Tab` to switch back to default mode (or keep plan mode β€” Copilot will execute each step and check in after each one). - -#### Step 3 β€” Build and test - -5. Copilot creates `models/pagination.py`, updates the route handler in `main.py`, and scaffolds tests in `tests/`. When it requests permission to run `pytest`, approve it: - - ``` - 1. Yes, and approve pytest for the rest of this session - ``` - - Copilot runs the tests, observes any failures, and self-corrects until all tests pass. - -6. Check context usage mid-session if the conversation has been running for a while: - - ``` - /context - ``` - - If usage is above 70%, run `/compact` to free up space before the final steps. - -#### Step 4 β€” Commit and create a PR via GitHub.com integration - -7. In this next task we will work asynchronously with Copilot using the local CLI. Ask Copilot to commit the changes and open a pull request: - - ``` - Commit these changes with a conventional commit message and create a pull request against main with a description that summarises the pagination feature. - ``` - - Copilot uses the built-in GitHub MCP server to create the PR on GitHub.com, with you listed as the author. - -8. Every coding agent task runs on a fresh branch and opens a new pull request based on the current default branch. The agent does not reuse your local branch or modify existing pull requests. Instead, it starts from the latest state of the repository’s default branch (for example, main), creates its own isolated branch in the cloud, applies the requested changes, and then opens a new PR for you to review and merge - -While the agent is working locally and in the background, we are going to kick off a remote agent task to ask the remote agent to add docstrings to the new code, so it runs asynchronously in the cloud while you move on to other work: - - ```bash - gh agent-task create --repo / --issue \ - --body "Add Google-style docstrings to PaginatedResponse and the updated token route handler." - ``` - -9. Monitor Copilot's progress and after review merge: - - ```bash - gh agent-task list --repo / - gh pr view --web - ``` - -#### Workflow Summary - -The complete workflow you just executed maps to a repeatable pattern for any Python feature: - -| Stage | Tool | Action | +| Module | Sections | What you'll learn | |---|---|---| -| Explore | Copilot CLI (default mode) | Map affected files with natural language | -| Design | Copilot CLI (plan mode) | Build and review a structured implementation plan | -| Build & test | Copilot CLI (default/plan mode) | Implement, run pytest, self-correct | -| Context | `/context` + `/compact` | Monitor and manage token usage | -| Ship | GitHub.com integration | Commit and open PR from the terminal | -| Polish | `gh agent-task` | Async documentation via remote agent | -| Review | `gh pr view` | Inspect and merge | - -πŸš€ Congratulations! You have completed the full GitHub Copilot CLI workshop. You now have a practical, end-to-end workflow that covers every stage of Python feature development β€” from interactive planning to autonomous agent-driven pull requests. - -In the above exercises we achieved the following: -- βœ… Used plan mode to design a feature before writing a single line of code -- βœ… Built, tested, and self-corrected with the Copilot CLI -- βœ… Managed conversation context with `/context` and `/compact` -- βœ… Created a pull request via GitHub.com integration from the terminal -- βœ… Kicked off an async documentation task using `gh agent-task` - ---- - -### πŸ—’οΈ Section 6: Context Optimzation with Copilot: Custom Agents, Custom Instructions, and MCP Integrations - -🎯 **Learning Goals** -- Understand custom agents and how to configure them for specialised tasks -- Create custom instructions files for Python projects -- Use Copilot Memory for persistent context across sessions -- Add additional MCP servers to extend CLI capabilities beyond GitHub - -#### Custom Instructions for Python - -GitHub Copilot instructions files are markdown documents that provide essential context to guide Copilot's behavior within a specific codebase. These files help tailor AI-generated suggestions to match your team's coding standards, architectural patterns, naming conventions, testing strategies, and deployment practices. - -1. Create a `copilot-instructions.md` file in the `.github` directory of your project: - - ```markdown - # Project Guidelines - - ## Project Overview - - This repository contains a FastAPI application that provides various endpoints for token generation, text echo, and checksum calculation. - - ## Technology Stack - - **Framework**: FastAPI - - **Testing**: pytest with pytest-mock - - **Validation**: Pydantic models - - ### ✨ Coding Style - - Follow **PEP 8** standards for formatting and naming. - - Use **type hints** consistently across all functions. - - Prefer **f-strings** for string interpolation. - - Include **Google-style docstrings** for all public functions and classes. - - ### πŸ§ͺ Testing Guidance - - Use **pytest** for writing unit tests. - - Mock external dependencies using `pytest-mock`. - - Name tests descriptively, e.g., `test_generate_token_valid_input`. - - ### πŸ—οΈ Architecture Preferences - - Use **FastAPI** conventions for routing and dependency injection. - - Define **Pydantic models** for request and response schemas. - - Keep logic modularβ€”separate API routes, models, and utility functions. - - ### πŸ“š Documentation & Comments - - Generate concise inline comments for non-obvious logic. - - Include endpoint descriptions in FastAPI route docstrings. - - Avoid redundant comments that restate code behavior. - ``` - -2. Create scoped instructions for specific directories. In `.github/instructions/`, create `api.instructions.md`: - - ```markdown - --- - applyTo: "webapp/**/*.py" - --- - - ## API Coding Conventions - - - Follow PEP 8 for variables and functions - - PascalCase for class names - - Use type hints for clarity and tooling support - - Add detailed docstrings to endpoint functions - - Include examples in Pydantic model Config - - Use descriptive parameter names and Field descriptions - - Consider async handlers for I/O bound operations - - Configure CORS with specific origins in production - - Use middleware for rate limiting - - ## Error Handling - - - Return appropriate HTTP status codes - - Provide human-readable error messages with actionable information - - Use FastAPI's HTTPException for error responses - ``` - -#### Custom Agents - -Custom agents are specialized versions of Copilot configured for specific tasks or roles β€” for example, a data science agent that follows your team's pandas conventions, or a security agent that checks for common vulnerabilities. - -3. Create a custom agent configuration file at `.github/agents/fastapi-expert.md` in the sample project: - - ```markdown - --- - name: fastapi-expert - description: A FastAPI specialist that follows best practices for async Python web development. - --- - - ## Role - You are a Python backend engineer specialising in FastAPI and async Python. - - ## Conventions - - Use async/await for all I/O operations - - Define Pydantic models for all request/response bodies - - Use dependency injection for shared resources (database, config) - - Follow RESTful naming conventions for endpoints - - Include OpenAPI documentation via docstrings - - Use proper HTTP status codes (201 for creation, 204 for delete, etc.) - - Implement proper error handling with HTTPException - ``` - -4. Invoke the custom agent in a session by mentioning it in your prompt: - - ``` - @fastapi-expert Add rate limiting middleware to the API and implement proper error handling for all endpoints. - ``` - - The `@fastapi-expert` agent uses your conventions file as additional system context, producing output that matches your team's standards without you having to explain them each time. - -#### Copilot Memory - -Copilot Memory allows the CLI to build a persistent understanding of your repository across sessions. It stores "memories" β€” coding conventions, patterns, and preferences deduced from your work β€” so you don't need to re-explain context in every new session. - -5. After completing a significant task in a session, ask Copilot to summarise what it learned: - - ``` - /memory - ``` - - Review the stored memories. You can add, edit, or delete entries to correct any misunderstandings. - -6. Start a new session and observe that Copilot already knows project-specific context β€” for example, that you prefer pytest over unittest or that you use Pydantic v2 syntax β€” without you having to repeat it. - -#### Adding MCP Servers - -The CLI ships with the GitHub MCP server pre-configured and authenticated. You can add additional MCP servers (for databases, monitoring tools, cloud providers, etc.) via a config file. - -7. Open or create `~/.copilot/mcp-config.json` (user-level, applies to all projects) or `.github/mcp.json` (repository-level): - - ```json - { - "servers": { - "postgres": { - "command": "docker", - "args": [ - "run", "-i", "--rm", - "-e", "DATABASE_URL", - "mcp/postgres" - ], - "env": { - "DATABASE_URL": "postgresql://localhost:5432/mydb" - } - } - } - } - ``` - -8. List configured MCP servers from within an active session: - - ``` - /mcp - ``` - - Select a server from the list to see which tools it exposes. You can then use those tools in natural language: - - ``` - Use the postgres MCP server to show me the schema of the users table. - ``` - -9. When pre-approving MCP server tools at launch, use the server name as the `--allow-tool` argument: - - ```bash - copilot --allow-tool 'postgres' - ``` - - To allow only a specific tool from the server: - - ```bash - copilot --allow-tool 'postgres(query)' --deny-tool 'postgres(execute)' - ``` - -#### Hooks - -Hooks let you execute custom shell commands at key points during agent execution β€” for example, running a linter after every file write, or logging actions for an audit trail. - -10. Create a hook file at `.github/hooks/post-write.sh`: - - ```bash - #!/bin/bash - # Run the linter and formatter on any Python file that was just written - if [[ "$COPILOT_HOOK_FILE" == *.py ]]; then - ruff check --fix "$COPILOT_HOOK_FILE" - ruff format "$COPILOT_HOOK_FILE" - fi - ``` - - Register the hook in `.github/hooks/config.json`: - - ```json - { - "hooks": [ - { "event": "post-write", "command": ".github/hooks/post-write.sh" } - ] - } - ``` - - Now every time Copilot writes a `.py` file, it will be automatically linted and formatted before the next step runs. - -In the above exercises we achieved the following: -- βœ… Created custom instructions for Python projects -- βœ… Created a custom agent with project-specific conventions -- βœ… Used Copilot Memory for persistent cross-session context -- βœ… Added and queried additional MCP servers -- βœ… Configured hooks to automate linting after file writes +| [1 β€” Install and Modes](1-Install-and-Modes.md) | Sections 1–2 | Install the CLI, learn interactive and plan modes, Auto model selection | +| [2 β€” Tool Approval and Context](2-Tool-Approval-and-Context.md) | Section 3 | Tool approval, programmatic mode, context management | +| [3 β€” GitHub Integration and Workflows](3-GitHub-Integration-and-Workflows.md) | Sections 4–5 | GitHub.com integration, model selection, end-to-end Python workflow | +| [4 β€” Customization and Extensions](4-Customization-and-Extensions.md) | Section 6 | Custom instructions, agents, community extensions from Awesome Copilot, MCP servers, hooks | --- @@ -780,6 +67,7 @@ In the above exercises we achieved the following: - [GitHub Copilot CLI changelog](https://github.com/github/copilot-cli/blob/main/changelog.md) - [Copilot CLI ACP server](https://docs.github.com/copilot/reference/acp-server) - [Integrate MCP with GitHub Copilot β€” GitHub Skills](https://github.com/skills/integrate-mcp-with-copilot) +- [Awesome Copilot β€” Community plugins, skills, and agents](https://github.com/github/awesome-copilot) ## Legal Notices diff --git a/Using-GitHub-Copilot-Coding-Agent/1-Assigning-and-Tracking.md b/Using-GitHub-Copilot-Coding-Agent/1-Assigning-and-Tracking.md new file mode 100644 index 0000000..34bc802 --- /dev/null +++ b/Using-GitHub-Copilot-Coding-Agent/1-Assigning-and-Tracking.md @@ -0,0 +1,149 @@ +[← Back to Module Overview](README.md) | [Next: Custom Instructions and Code Review β†’](2-Instructions-and-Review.md) + +# Assigning Tasks and Tracking Agent Sessions + +## πŸ—’οΈ Part 1: Assigning Tasks to GitHub Copilot Coding Agent + +### 🎯 Learning Goals + +- Understand how the coding agent differs from IDE agent mode. +- Assign a GitHub Issue to Copilot coding agent. +- Trigger Copilot coding agent from multiple surfaces: issues, pull request comments, and the agents panel. + +### What is the Copilot Coding Agent? + +The **GitHub Copilot coding agent** works autonomously in the background using a GitHub Actions-powered ephemeral development environment. When you give it a task, it: + +1. Reads your codebase and issue context. +2. Creates a `copilot/` branch. +3. Writes code, runs your tests and linters, and iterates on errors. +4. Opens a pull request and requests your review. + +This is distinct from **agent mode in your IDE**, which edits your local files interactively. The coding agent is fully asynchronous β€” you can close your laptop while it works. + +### Exercise 1A: Assign an Issue to Copilot + +1. Navigate to your repository's **Issues** tab on GitHub.com. +2. Create a new issue with a clear, well-scoped description. For example: + + ``` + Title: Add the ability to delete a recipe + + Description: + Users should be able to delete a recipe from the recipe list. + - Add a DELETE /recipes/:id endpoint in src/routes.js + - Remove the recipe row from the SQLite database + - Add a "Delete" button to the recipe detail view + - Write a test that confirms a deleted recipe returns 404 + ``` + +3. On the issue page, click **Assignees** and select **Copilot** from the assignee list. + + > Copilot will begin working immediately. You'll see the issue label update to indicate an agent session is in progress. + +4. Observe that Copilot creates a new branch named `copilot/-` and begins opening commits. + +### Exercise 1B: Trigger Copilot from a Pull Request Comment + +You can also invoke the coding agent on an *existing pull request* by mentioning `@copilot` in a PR comment. + +1. Open any open pull request in your repository. +2. In a comment, type a specific request, for example: + + ``` + @copilot Please add input validation to the recipe creation form + and return a 400 status code with an error message if the title field is empty. + ``` + +3. Copilot will respond in the PR thread, then push additional commits to address your request. + +### Exercise 1C: Trigger Copilot from the Agents Panel + +The **agents panel** is available on every page on GitHub.com. + +1. Click the agent icon (looks like a hexagon/robot) in the top navigation bar on any GitHub page. +2. Click **New task**. +3. Select your repository and describe the work you want done. +4. Submit the task. Copilot will open a new pull request with the changes. + +In the above exercises we achieved the following: +- βœ… Assigned a GitHub issue to the coding agent +- βœ… Invoked the agent via a PR comment using `@copilot` +- βœ… Started a new coding agent task from the agents panel + +--- + +## πŸ—’οΈ Part 2: Tracking and Steering Agent Sessions + +### 🎯 Learning Goals + +- Track the progress of Copilot's work across multiple surfaces. +- Read and interpret session logs. +- Steer Copilot mid-session when you want to redirect its approach. +- Stop a session that has gone off-track. + +### The Agents Tab + +1. Open the [agents tab](https://github.com/copilot/agents) by clicking the agent icon in the GitHub navigation bar, then selecting **View all**. +2. You'll see a list of all your running and past agent sessions. +3. Click on a session to open the **session log and overview**, which shows: + - Session status (running, completed, stopped) + - Token usage and session duration + - A step-by-step internal log showing how Copilot approached your task + +### Reading Session Logs + +Session logs show Copilot's internal reasoning and tool usage. You can see: + +- Which files Copilot read to understand the codebase. +- What commands it ran (e.g., test runners, linters). +- How it iterated to fix errors before pushing. +- Which security checks it performed (CodeQL, secret scanning, dependency vulnerability checks). + +> **Tip:** Session logs are also accessible from Visual Studio Code via the GitHub Pull Requests extension. Click on a pull request in the Copilot sessions list, then click **View Session**. + +### Exercise 2A: Steer a Running Session + +While Copilot is working, you can give it additional guidance from the agents tab: + +1. Open the [agents tab](https://github.com/copilot/agents) and select an **in-progress** session. +2. Type a steering message in the prompt box, for example: + + ``` + Use our existing ErrorHandler utility instead of writing custom + try-catch blocks for the new endpoints. + ``` + +3. Submit the message. Copilot will incorporate your guidance after finishing its current tool call. + +> **Note:** Steering consumes one premium request per message. + +### Exercise 2B: Stop a Session + +If Copilot is going in a wrong direction or you have changed your mind about a task: + +1. Open the session log viewer from the agents tab. +2. Click **Stop session**. + +The agent stops immediately. The branch and any commits made so far are preserved, so you can inspect them. + +### Tracking Across Other Surfaces + +| Surface | How to access | +|---|---| +| **GitHub CLI** | `gh agent-task list` / `gh agent-task view --repo owner/repo ` (requires CLI v2.80.0+) | +| **VS Code** | GitHub Pull Requests extension β†’ Copilot sessions list in the sidebar | +| **JetBrains IDEs** | GitHub Copilot Chat extension β†’ **GitHub Coding Agent Jobs** button (public preview) | +| **Eclipse** | GitHub Copilot Chat extension β†’ agent icon in chat window (public preview) | +| **GitHub Mobile** | Home page β†’ Agents section β†’ **Agent Tasks** | +| **Raycast** | GitHub Copilot extension for Raycast β†’ **View Tasks** command | + +In the above exercises we achieved the following: +- βœ… Navigated the agents tab to track sessions +- βœ… Read and interpreted a Copilot session log +- βœ… Steered a running session with additional guidance +- βœ… Stopped an off-track session + +--- + +[← Back to Module Overview](README.md) | [Next: Custom Instructions and Code Review β†’](2-Instructions-and-Review.md) diff --git a/Using-GitHub-Copilot-Coding-Agent/2-Instructions-and-Review.md b/Using-GitHub-Copilot-Coding-Agent/2-Instructions-and-Review.md new file mode 100644 index 0000000..131254e --- /dev/null +++ b/Using-GitHub-Copilot-Coding-Agent/2-Instructions-and-Review.md @@ -0,0 +1,99 @@ +[← Previous: Assigning and Tracking](1-Assigning-and-Tracking.md) | [Next: Advanced Customization β†’](3-Advanced-Customization.md) + +# Custom Instructions and Code Review + +## πŸ—’οΈ Part 1: Custom Instructions + +### 🎯 Learning Goals + +- Write custom repository instructions to guide Copilot's behavior. +- Understand how instructions improve both the coding agent and Copilot code review. + +### Writing Custom Instructions + +Custom instructions are Markdown files you store in your repository that tell Copilot about your preferences, conventions, and architecture β€” so you don't have to repeat yourself in every task. + +1. Create the file `.github/copilot-instructions.md` in your repository. +2. Add content like the following: + + ```markdown + # Project Guidelines + + ## Technology Stack + - Node.js with Express + - SQLite via better-sqlite3 + - EJS templates for server-rendered HTML + - xUnit-style tests with Jest + + ## Code Style + - Use async/await β€” never raw callbacks or `.then()` chains + - Follow the existing error handling pattern in `src/errorHandler.js` + - All new routes must be added to `src/routes.js` following the existing pattern + - Use 2-space indentation + + ## Testing + - Every new route must have a corresponding test in `tests/` + - Use supertest for HTTP integration tests + + ## Security + - Never log user-provided input directly + - Validate all request parameters before database access + ``` + +3. Commit the file. All subsequent Copilot coding agent sessions in this repository will now follow these instructions automatically. + +> **Tip:** You can also define custom instructions at the organization level from your organization's settings. + +In the above exercise we achieved the following: +- βœ… Created repository custom instructions that guide both the coding agent and Copilot code review + +--- + +## πŸ—’οΈ Part 2: Reviewing and Iterating on Copilot Pull Requests + +### 🎯 Learning Goals + +- Review a pull request opened by Copilot coding agent. +- Leave iterative feedback to refine Copilot's solution. +- Request a Copilot automated code review on your own pull requests. +- Understand the governance model around Copilot PRs. + +### Exercise 2A: Review a Copilot-Generated Pull Request + +When Copilot finishes a task, it opens a pull request and requests your review. + +1. Navigate to the **Pull Requests** tab in your repository. +2. Open the pull request created by Copilot (marked with the Copilot author badge). +3. Review the changes. The PR description will include: + - A summary of what was changed and why. + - References back to the original issue. + - Any security scan results from the automated validation. + +4. Leave a review comment requesting a change. For example: + + ``` + The delete confirmation modal is a good start, but please also add + an accessible aria-label to the confirmation button. + ``` + +5. Submit your review. Copilot will pick up your feedback, push new commits to the same branch, and re-request your review. + +> **Governance note:** The user who asked Copilot to create a pull request **cannot approve that same pull request**. This enforces independent review. Copilot also cannot mark its own PRs as "Ready for review" or merge them. + +### Exercise 2B: Request a Copilot Code Review on Your Own PR + +Copilot can also serve as a first-pass reviewer on *your* pull requests before a human review. The custom instructions you created in Part 1 will guide Copilot's review β€” it will check your code against the conventions and patterns you defined. + +1. Open a pull request you've authored. +2. In the **Reviewers** panel on the right side of the PR, click the gear icon. +3. Select **Copilot** from the reviewer list. +4. Within seconds, Copilot will leave inline comments on the diff, pointing out bugs, inefficiencies, and improvements. +5. Apply or dismiss each suggestion using the inline comment controls. + +In the above exercises we achieved the following: +- βœ… Reviewed and gave iterative feedback on a Copilot-authored PR +- βœ… Used Copilot as an automated code reviewer on a human-authored PR + +--- + +[← Previous: Assigning and Tracking](1-Assigning-and-Tracking.md) | [Next: Advanced Customization β†’](3-Advanced-Customization.md) diff --git a/Using-GitHub-Copilot-Coding-Agent/3-Advanced-Customization.md b/Using-GitHub-Copilot-Coding-Agent/3-Advanced-Customization.md new file mode 100644 index 0000000..86b7c5a --- /dev/null +++ b/Using-GitHub-Copilot-Coding-Agent/3-Advanced-Customization.md @@ -0,0 +1,132 @@ +[← Previous: Instructions and Review](2-Instructions-and-Review.md) | [Next: Security and SDLC β†’](4-Security-and-SDLC.md) + +# Advanced Customization + +## 🎯 Learning Goals + +- Create a custom agent profile for a specialized coding persona. +- Extend the agent with MCP servers for additional data sources and tools. +- Add hooks to execute custom shell commands during agent execution. +- Understand Copilot Memory (public preview). + +--- + +## πŸ—’οΈ Part 1: Custom Agents + +**Custom agents** are specialized versions of Copilot you define once using a Markdown file. Each profile encodes a specific persona, set of tools, and behavior. Custom agent profiles can also be defined at the [organization level](https://docs.github.com/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents) in a `.github-private` repository, making them available across all repositories in your organization. + +1. Create the file `.github/agents/documentation-agent.md`: + + ```markdown + --- + name: documentation-agent + description: Specialist for maintaining and improving project documentation + --- + + You are a technical documentation specialist. Your scope is limited to + documentation files only β€” README.md, docs/, and inline code comments. + Do not modify source code logic. + + Follow these guidelines: + - Structure READMEs with: Overview, Installation, Usage, API Reference, Contributing + - Use clear, concise language targeted at developers unfamiliar with the project + - Add code examples for every API endpoint documented + - Use relative links for internal files + - Add alt text to all images + - Ensure all headings are in sentence case + ``` + +2. Create a second agent profile `.github/agents/test-agent.md`: + + ```markdown + --- + name: test-agent + description: Specialist for writing comprehensive test coverage using Jest + --- + + You are a testing specialist focused exclusively on writing and improving tests. + Do not modify application source code β€” only test files. + + Guidelines: + - Use Jest with supertest for HTTP route tests + - Write both happy-path and error-path tests for every function + - Aim for 80%+ line coverage on any file you touch + - Use descriptive test names that explain the scenario being tested + - Mock external dependencies using jest.mock() + ``` + +3. Commit both files. When you assign a task from the agents panel or an issue, you can now select a specific custom agent to use. + +--- + +## πŸ—’οΈ Part 2: Model Context Protocol (MCP) Servers + +**MCP servers** give Copilot coding agent access to external data sources and tools β€” such as a project management system, internal documentation, or a database β€” that it wouldn't be able to reach otherwise. For organization-level or enterprise-level custom agents, the agent definition is managed centrally (not just in a repo under `.github/agents/`). + +In those centrally managed agent profiles, you can define MCP servers directly in the YAML frontmatter of the agent profile. This allows administrators to centrally define which external tools the agent can access, eliminating the need for developers to configure MCP servers locally. This gives the agent access to those tools, allowing them to be policy-controlled and centralizing governance. + +1. Create the file `.github/mcp.json` in your repository: + + ```json + { + "mcpServers": { + "github": { + "type": "github", + "tools": ["list_issues", "search_code", "get_pull_request"] + } + } + } + ``` + +2. The default GitHub MCP server is pre-configured and gives the agent access to your repository's issues, historic pull requests, and code search β€” grounding its responses in real project context. + +3. To add a third-party MCP server (for example: a Jira integration, an Azure DevOps integration, or other 3rd party service), follow the [MCP integration guide](https://docs.github.com/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp) and add the server configuration to `.github/mcp.json`. + +--- + +## πŸ—’οΈ Part 3: Hooks β€” Lifecycle Automation + +**Hooks** execute custom shell commands at specific points during an agent session. Use them to add validation, custom linting, security scanning, or notification workflows. + +Available hook points: +- `pre-run` β€” before Copilot begins working +- `post-run` β€” after Copilot finishes working + +Create `.github/copilot/hooks.yaml`: + +```yaml +hooks: + post-run: + - name: Run custom linter + run: npm run lint -- --max-warnings 0 + - name: Check for TODO comments + run: | + if grep -r "TODO" src/; then + echo "Warning: TODO comments found in src/" + fi +``` + +If a hook exits with a non-zero status, Copilot will see the output and attempt to address the issue before completing its session. + +--- + +## πŸ—’οΈ Part 4: Copilot Memory (Public Preview) + +**Copilot Memory** allows the coding agent to persist facts it learns about your repository across sessions β€” so it builds up knowledge over time without you having to repeat context. + +To enable Copilot Memory: +1. Navigate to your [GitHub Copilot settings](https://github.com/settings/copilot). +2. Enable **Copilot Memory** (available for Pro and Pro+ plans). +3. After a session completes, Copilot will write memory entries such as: "This project uses better-sqlite3, not the default sqlite3 package." + +--- + +In the above exercises we achieved the following: +- βœ… Built specialized custom agent profiles +- βœ… Configured MCP server access +- βœ… Set up lifecycle hooks for post-run validation +- βœ… Understood Copilot Memory for persistent context + +--- + +[← Previous: Instructions and Review](2-Instructions-and-Review.md) | [Next: Security and SDLC β†’](4-Security-and-SDLC.md) diff --git a/Using-GitHub-Copilot-Coding-Agent/4-Security-and-SDLC.md b/Using-GitHub-Copilot-Coding-Agent/4-Security-and-SDLC.md new file mode 100644 index 0000000..3bf9972 --- /dev/null +++ b/Using-GitHub-Copilot-Coding-Agent/4-Security-and-SDLC.md @@ -0,0 +1,140 @@ +[← Previous: Advanced Customization](3-Advanced-Customization.md) | [Back to Module Overview β†’](README.md) + +# Security, SDLC Integration, and AI Model Selection + +## πŸ—’οΈ Part 1: Security and Compliance with Copilot Coding Agent + +### 🎯 Learning Goals + +- Understand the built-in security protections of the coding agent. +- Use security campaigns to assign vulnerability fixes to Copilot at scale. +- Understand the governance and compliance model for Copilot-authored code. + +### Built-in Security Protections + +Every session Copilot runs includes automatic security validation before the pull request is opened: + +| Protection | What it does | +|---|---| +| **CodeQL analysis** | Scans generated code for security vulnerabilities | +| **Dependency vulnerability check** | Checks new dependencies against the GitHub Advisory Database for High/Critical CVEs | +| **Secret scanning** | Detects hardcoded API keys, tokens, and secrets | +| **Firewall-restricted environment** | Copilot's development environment has internet access limited to an allowlist | +| **Branch restrictions** | Copilot can only push to `copilot/` branches β€” never `main` or `master` | + +Details of all security checks are visible in the session log. + +> **Note:** These built-in checks require a GitHub Advanced Security (GHAS license) + +### Exercise 1A: Assign a Security Alert to Copilot via a Security Campaign + +[Security campaigns](https://docs.github.com/enterprise-cloud@latest/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns) let you fix groups of security alerts at scale by assigning them to the coding agent. + +1. Navigate to your repository's **Security** tab β†’ **Code scanning alerts**. +2. If there are open alerts, click **Campaigns** in the left nav (available for orgs with GitHub Advanced Security). +3. Create a new campaign, assign the relevant alerts, and set **Copilot** as the assignee. +4. Copilot will work through each alert, creating a pull request per fix. + +> **Tip:** For repositories without active alerts, you can trigger this flow manually by navigating to a specific code scanning alert and selecting "Assign to Copilot." + +### Governance Model Summary + +| Governance rule | Effect | +|---|---| +| Only write-access users can trigger the agent | Prevents unauthorized code changes | +| Copilot cannot approve its own PRs | Enforces independent human review | +| Commits are co-authored by the requester | Provides full attribution and compliance trail | +| PR workflows require approval before running | Actions don't run until a write-access user clicks "Approve and run workflows" | +| Content exclusions apply | Configure files Copilot should not have access to | + +In the above exercises we achieved the following: +- βœ… Reviewed the built-in security scan process +- βœ… Assigned security alerts to Copilot via a security campaign + +--- + +## πŸ—’οΈ Part 2: Integrating the Coding Agent Across the Software Delivery Lifecycle + +### 🎯 Learning Goals + +- Trigger and track coding agent tasks from the GitHub CLI. +- Use Raycast to start and monitor tasks without leaving your desktop. +- Understand how the coding agent fits into the full SDLC β€” from backlog to merge. + +> **Note:** You can also execute the coding agent into a full SDLC using Copilot Chat in VSCode + +### Exercise 2A: Using the GitHub CLI + +> Requires GitHub CLI v2.80.0 or later. Run `gh --version` to check. + +```bash +# List your recent agent sessions +gh agent-task list + +# View the session associated with PR #45 in your repo +gh agent-task view --repo YOUR-ORG/YOUR-REPO 45 + +# View the full session log +gh agent-task view --repo YOUR-ORG/YOUR-REPO 45 --log + +# Stream live logs as Copilot works +gh agent-task view --repo YOUR-ORG/YOUR-REPO 45 --log --follow +``` + +### Exercise 2B: Using Raycast (Windows and macOS) + +1. Install [Raycast](https://www.raycast.com/). +2. Install the [GitHub Copilot extension for Raycast](https://www.raycast.com/github/github-copilot). +3. Open Raycast and search for **Copilot β†’ View Tasks** to see all your sessions. +4. To view the session log for any task, open the log using the following command: + **Windows:** +`Ctrl + L` +**macOS:** +`Command+L` +5. Start a new session directly from Raycast without opening a browser. + +### The Coding Agent in the Full SDLC + +The table below shows where the coding agent fits in each phase of software delivery: + +| SDLC Phase | How the Coding Agent Helps | +|---|---| +| **Planning** | Assign backlog issues directly to Copilot as an assignee, freeing developers for complex work | +| **Development** | Copilot implements features, writes documentation, addresses tech debt in the background while you focus elsewhere | +| **Testing** | Copilot runs your existing test suite during its session and iterates until tests pass; can also improve test coverage on demand | +| **Code Review** | Request Copilot as a reviewer on your PRs for instant feedback; leave iterative comments on Copilot's PRs to steer its solution | +| **Security** | Security campaigns allow bulk assignment of vulnerability fixes to Copilot; built-in CodeQL, secret scanning, and dependency checks run automatically | +| **Documentation** | Assign a documentation-focused custom agent to update READMEs, API docs, and inline comments | +| **Merge & Deploy** | Human approval is always required before merge; Copilot cannot self-approve or merge its own changes | + +In the above exercises we achieved the following: +- βœ… Used the GitHub CLI to list, view, and stream agent session logs +- βœ… Configured Raycast for desktop-level task management +- βœ… Mapped the coding agent's capabilities to every phase of the SDLC + +--- + +## πŸ“„ Part 3: Choosing the Right AI Model + +### 🎯 Learning Goals + +- Understand that the coding agent supports multiple AI models. +- Learn how to change the model for a session. + +### AI Model Selection + +Depending on where you start a coding agent task, you may be able to select which AI model powers the session. Some models may perform better for specific task types: + +- Complex architectural tasks: Try Claude Sonnet or GPT-4o models. +- High-speed, routine tasks: Try models optimized for speed. + +To change the model: +1. From the **agents panel** or when assigning an issue, look for the **model selector** dropdown. +2. Select your preferred model. +3. The model selection applies to that session only. + +For more details, see [Changing the AI model for GitHub Copilot coding agent](https://docs.github.com/copilot/how-tos/use-copilot-agents/coding-agent/changing-the-ai-model). + +--- + +[← Previous: Advanced Customization](3-Advanced-Customization.md) | [Back to Module Overview β†’](README.md) diff --git a/Using-GitHub-Copilot-Coding-Agent/README.md b/Using-GitHub-Copilot-Coding-Agent/README.md index e703846..194b8f0 100644 --- a/Using-GitHub-Copilot-Coding-Agent/README.md +++ b/Using-GitHub-Copilot-Coding-Agent/README.md @@ -34,485 +34,16 @@ By the end of this module, you'll acquire the skills to: --- -## πŸ—’οΈ Section 1: Assigning Tasks to GitHub Copilot Coding Agent +> ### πŸš€ Ready to start? [Begin with Section 1: Assigning Tasks and Tracking Sessions β†’](1-Assigning-and-Tracking.md) -### 🎯 Learning Goals +## πŸ—‚οΈ Module Sections -- Understand how the coding agent differs from IDE agent mode. -- Assign a GitHub Issue to Copilot coding agent. -- Trigger Copilot coding agent from multiple surfaces: issues, pull request comments, and the agents panel. - -### What is the Copilot Coding Agent? - -The **GitHub Copilot coding agent** works autonomously in the background using a GitHub Actions-powered ephemeral development environment. When you give it a task, it: - -1. Reads your codebase and issue context. -2. Creates a `copilot/` branch. -3. Writes code, runs your tests and linters, and iterates on errors. -4. Opens a pull request and requests your review. - -This is distinct from **agent mode in your IDE**, which edits your local files interactively. The coding agent is fully asynchronous β€” you can close your laptop while it works. - -### Exercise 1A: Assign an Issue to Copilot - -1. Navigate to your repository's **Issues** tab on GitHub.com. -2. Create a new issue with a clear, well-scoped description. For example: - - ``` - Title: Add the ability to delete a recipe - - Description: - Users should be able to delete a recipe from the recipe list. - - Add a DELETE /recipes/:id endpoint in src/routes.js - - Remove the recipe row from the SQLite database - - Add a "Delete" button to the recipe detail view - - Write a test that confirms a deleted recipe returns 404 - ``` - -3. On the issue page, click **Assignees** and select **Copilot** from the assignee list. - - > Copilot will begin working immediately. You'll see the issue label update to indicate an agent session is in progress. - -4. Observe that Copilot creates a new branch named `copilot/-` and begins opening commits. - -### Exercise 1B: Trigger Copilot from a Pull Request Comment - -You can also invoke the coding agent on an *existing pull request* by mentioning `@copilot` in a PR comment. - -1. Open any open pull request in your repository. -2. In a comment, type a specific request, for example: - - ``` - @copilot Please add input validation to the recipe creation form - and return a 400 status code with an error message if the title field is empty. - ``` - -3. Copilot will respond in the PR thread, then push additional commits to address your request. - -### Exercise 1C: Trigger Copilot from the Agents Panel - -The **agents panel** is available on every page on GitHub.com. - -1. Click the agent icon (looks like a hexagon/robot) in the top navigation bar on any GitHub page. -2. Click **New task**. -3. Select your repository and describe the work you want done. -4. Submit the task. Copilot will open a new pull request with the changes. - -In the above exercises we achieved the following: -- βœ… Assigned a GitHub issue to the coding agent -- βœ… Invoked the agent via a PR comment using `@copilot` -- βœ… Started a new coding agent task from the agents panel - ---- - -## πŸ—’οΈ Section 2: Tracking and Steering Agent Sessions - -### 🎯 Learning Goals - -- Track the progress of Copilot's work across multiple surfaces. -- Read and interpret session logs. -- Steer Copilot mid-session when you want to redirect its approach. -- Stop a session that has gone off-track. - -### The Agents Tab - -1. Open the [agents tab](https://github.com/copilot/agents) by clicking the agent icon in the GitHub navigation bar, then selecting **View all**. -2. You'll see a list of all your running and past agent sessions. -3. Click on a session to open the **session log and overview**, which shows: - - Session status (running, completed, stopped) - - Token usage and session duration - - A step-by-step internal log showing how Copilot approached your task - -### Reading Session Logs - -Session logs show Copilot's internal reasoning and tool usage. You can see: - -- Which files Copilot read to understand the codebase. -- What commands it ran (e.g., test runners, linters). -- How it iterated to fix errors before pushing. -- Which security checks it performed (CodeQL, secret scanning, dependency vulnerability checks). - -> **Tip:** Session logs are also accessible from Visual Studio Code via the GitHub Pull Requests extension. Click on a pull request in the Copilot sessions list, then click **View Session**. - -### Exercise 2A: Steer a Running Session - -While Copilot is working, you can give it additional guidance from the agents tab: - -1. Open the [agents tab](https://github.com/copilot/agents) and select an **in-progress** session. -2. Type a steering message in the prompt box, for example: - - ``` - Use our existing ErrorHandler utility instead of writing custom - try-catch blocks for the new endpoints. - ``` - -3. Submit the message. Copilot will incorporate your guidance after finishing its current tool call. - -> **Note:** Steering consumes one premium request per message. - -### Exercise 2B: Stop a Session - -If Copilot is going in a wrong direction or you have changed your mind about a task: - -1. Open the session log viewer from the agents tab. -2. Click **Stop session**. - -The agent stops immediately. The branch and any commits made so far are preserved, so you can inspect them. - -### Tracking Across Other Surfaces - -| Surface | How to access | -|---|---| -| **GitHub CLI** | `gh agent-task list` / `gh agent-task view --repo owner/repo ` (requires CLI v2.80.0+) | -| **VS Code** | GitHub Pull Requests extension β†’ Copilot sessions list in the sidebar | -| **JetBrains IDEs** | GitHub Copilot Chat extension β†’ **GitHub Coding Agent Jobs** button (public preview) | -| **Eclipse** | GitHub Copilot Chat extension β†’ agent icon in chat window (public preview) | -| **GitHub Mobile** | Home page β†’ Agents section β†’ **Agent Tasks** | -| **Raycast** | GitHub Copilot extension for Raycast β†’ **View Tasks** command | - -In the above exercises we achieved the following: -- βœ… Navigated the agents tab to track sessions -- βœ… Read and interpreted a Copilot session log -- βœ… Steered a running session with additional guidance -- βœ… Stopped an off-track session - ---- - -## πŸ—’οΈ Section 3: Reviewing and Iterating on Copilot Pull Requests - -### 🎯 Learning Goals - -- Review a pull request opened by Copilot coding agent. -- Leave iterative feedback to refine Copilot's solution. -- Request a Copilot automated code review on your own pull requests. -- Understand the governance model around Copilot PRs. - -### Exercise 3A: Review a Copilot-Generated Pull Request - -When Copilot finishes a task, it opens a pull request and requests your review. - -1. Navigate to the **Pull Requests** tab in your repository. -2. Open the pull request created by Copilot (marked with the Copilot author badge). -3. Review the changes. The PR description will include: - - A summary of what was changed and why. - - References back to the original issue. - - Any security scan results from the automated validation. - -4. Leave a review comment requesting a change. For example: - - ``` - The delete confirmation modal is a good start, but please also add - an accessible aria-label to the confirmation button. - ``` - -5. Submit your review. Copilot will pick up your feedback, push new commits to the same branch, and re-request your review. - -> **Governance note:** The user who asked Copilot to create a pull request **cannot approve that same pull request**. This enforces independent review. Copilot also cannot mark its own PRs as "Ready for review" or merge them. - -### Exercise 3B: Request a Copilot Code Review on Your Own PR - -Copilot can also serve as a first-pass reviewer on *your* pull requests before a human review. - -1. Open a pull request you've authored. -2. In the **Reviewers** panel on the right side of the PR, click the gear icon. -3. Select **Copilot** from the reviewer list. -4. Within seconds, Copilot will leave inline comments on the diff, pointing out bugs, inefficiencies, and improvements. -5. Apply or dismiss each suggestion using the inline comment controls. - -In the above exercises we achieved the following: -- βœ… Reviewed and gave iterative feedback on a Copilot-authored PR -- βœ… Used Copilot as an automated code reviewer on a human-authored PR - ---- - -## πŸ—’οΈ Section 4: Customizing Copilot Coding Agent - -### 🎯 Learning Goals - -- Write custom repository instructions to guide Copilot's behavior. -- Create a custom agent profile for a specialized coding persona. -- Extend the agent with MCP servers for additional data sources and tools. -- Add hooks to execute custom shell commands during agent execution. -- Understand Copilot Memory (public preview). - -### Part 1: Custom Instructions - -Custom instructions are Markdown files you store in your repository that tell Copilot about your preferences, conventions, and architecture β€” so you don't have to repeat yourself in every task. - -1. Create the file `.github/copilot-instructions.md` in your repository. -2. Add content like the following: - - ```markdown - # Project Guidelines - - ## Technology Stack - - Node.js with Express - - SQLite via better-sqlite3 - - EJS templates for server-rendered HTML - - xUnit-style tests with Jest - - ## Code Style - - Use async/await β€” never raw callbacks or `.then()` chains - - Follow the existing error handling pattern in `src/errorHandler.js` - - All new routes must be added to `src/routes.js` following the existing pattern - - Use 2-space indentation - - ## Testing - - Every new route must have a corresponding test in `tests/` - - Use supertest for HTTP integration tests - - ## Security - - Never log user-provided input directly - - Validate all request parameters before database access - ``` - -3. Commit the file. All subsequent Copilot coding agent sessions in this repository will now follow these instructions automatically. - -> **Tip:** You can also define custom instructions at the organization level from your organization's settings. - -### Part 2: Custom Agents - -**Custom agents** are specialized versions of Copilot you define once using a Markdown file. Each profile encodes a specific persona, set of tools, and behavior. Custom agent profiles can also be defined at the [organization level](https://docs.github.com/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents) in a `.github-private` repository, making them available across all repositories in your organization. - -1. Create the file `.github/agents/documentation-agent.md`: - - ```markdown - --- - name: documentation-agent - description: Specialist for maintaining and improving project documentation - --- - - You are a technical documentation specialist. Your scope is limited to - documentation files only β€” README.md, docs/, and inline code comments. - Do not modify source code logic. - - Follow these guidelines: - - Structure READMEs with: Overview, Installation, Usage, API Reference, Contributing - - Use clear, concise language targeted at developers unfamiliar with the project - - Add code examples for every API endpoint documented - - Use relative links for internal files - - Add alt text to all images - - Ensure all headings are in sentence case - ``` - -2. Create a second agent profile `.github/agents/test-agent.md`: - - ```markdown - --- - name: test-agent - description: Specialist for writing comprehensive test coverage using Jest - --- - - You are a testing specialist focused exclusively on writing and improving tests. - Do not modify application source code β€” only test files. - - Guidelines: - - Use Jest with supertest for HTTP route tests - - Write both happy-path and error-path tests for every function - - Aim for 80%+ line coverage on any file you touch - - Use descriptive test names that explain the scenario being tested - - Mock external dependencies using jest.mock() - ``` - -3. Commit both files. When you assign a task from the agents panel or an issue, you can now select a specific custom agent to use. - -### Part 3: Model Context Protocol (MCP) Servers - -**MCP servers** give Copilot coding agent access to external data sources and tools β€” such as a project management system, internal documentation, or a database β€” that it wouldn't be able to reach otherwise. For organization-level or enterprise-level custom agents, the agent definition is managed centrally (not just in a repo under `.github/agents/`). - -In those centrally managed agent profiles, you can define MCP servers directly in the YAML frontmatter of the agent profile. This allows administrators to centrally define which external tools the agent can access, eliminating the need for developers to configure MCP servers locally. This gives the agent access to those tools, allowing them to be policy-controlled and centralizing governance. - -1. Create the file `.github/mcp.json` in your repository: - - ```json - { - "mcpServers": { - "github": { - "type": "github", - "tools": ["list_issues", "search_code", "get_pull_request"] - } - } - } - ``` - -2. The default GitHub MCP server is pre-configured and gives the agent access to your repository's issues, historic pull requests, and code search β€” grounding its responses in real project context. - -3. To add a third-party MCP server (for example: a Jira integration, an Azure DevOps integration, or other 3rd party service), follow the [MCP integration guide](https://docs.github.com/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp) and add the server configuration to `.github/mcp.json`. - -### Part 4: Hooks β€” Lifecycle Automation - -**Hooks** execute custom shell commands at specific points during an agent session. Use them to add validation, custom linting, security scanning, or notification workflows. - -Available hook points: -- `pre-run` β€” before Copilot begins working -- `post-run` β€” after Copilot finishes working - -Create `.github/copilot/hooks.yaml`: - -```yaml -hooks: - post-run: - - name: Run custom linter - run: npm run lint -- --max-warnings 0 - - name: Check for TODO comments - run: | - if grep -r "TODO" src/; then - echo "Warning: TODO comments found in src/" - fi -``` - -If a hook exits with a non-zero status, Copilot will see the output and attempt to address the issue before completing its session. - -### Part 5: Copilot Memory (Public Preview) - -**Copilot Memory** allows the coding agent to persist facts it learns about your repository across sessions β€” so it builds up knowledge over time without you having to repeat context. - -To enable Copilot Memory: -1. Navigate to your [GitHub Copilot settings](https://github.com/settings/copilot). -2. Enable **Copilot Memory** (available for Pro and Pro+ plans). -3. After a session completes, Copilot will write memory entries such as: "This project uses better-sqlite3, not the default sqlite3 package." - -In the above exercises we achieved the following: -- βœ… Created repository custom instructions -- βœ… Built specialized custom agent profiles -- βœ… Configured MCP server access -- βœ… Set up lifecycle hooks for post-run validation -- βœ… Understood Copilot Memory for persistent context - ---- - -## πŸ—’οΈ Section 5: Security and Compliance with Copilot Coding Agent - -### 🎯 Learning Goals - -- Understand the built-in security protections of the coding agent. -- Use security campaigns to assign vulnerability fixes to Copilot at scale. -- Understand the governance and compliance model for Copilot-authored code. - -### Built-in Security Protections - -Every session Copilot runs includes automatic security validation before the pull request is opened: - -| Protection | What it does | -|---|---| -| **CodeQL analysis** | Scans generated code for security vulnerabilities | -| **Dependency vulnerability check** | Checks new dependencies against the GitHub Advisory Database for High/Critical CVEs | -| **Secret scanning** | Detects hardcoded API keys, tokens, and secrets | -| **Firewall-restricted environment** | Copilot's development environment has internet access limited to an allowlist | -| **Branch restrictions** | Copilot can only push to `copilot/` branches β€” never `main` or `master` | - -Details of all security checks are visible in the session log. - -> **Note:** These built-in checks require a GitHub Advanced Security (GHAS license) - -### Exercise 5A: Assign a Security Alert to Copilot via a Security Campaign - -[Security campaigns](https://docs.github.com/enterprise-cloud@latest/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns) let you fix groups of security alerts at scale by assigning them to the coding agent. - -1. Navigate to your repository's **Security** tab β†’ **Code scanning alerts**. -2. If there are open alerts, click **Campaigns** in the left nav (available for orgs with GitHub Advanced Security). -3. Create a new campaign, assign the relevant alerts, and set **Copilot** as the assignee. -4. Copilot will work through each alert, creating a pull request per fix. - -> **Tip:** For repositories without active alerts, you can trigger this flow manually by navigating to a specific code scanning alert and selecting "Assign to Copilot." - -### Governance Model Summary - -| Governance rule | Effect | -|---|---| -| Only write-access users can trigger the agent | Prevents unauthorized code changes | -| Copilot cannot approve its own PRs | Enforces independent human review | -| Commits are co-authored by the requester | Provides full attribution and compliance trail | -| PR workflows require approval before running | Actions don't run until a write-access user clicks "Approve and run workflows" | -| Content exclusions apply | Configure files Copilot should not have access to | - -In the above exercises we achieved the following: -- βœ… Reviewed the built-in security scan process -- βœ… Assigned security alerts to Copilot via a security campaign - ---- - -## πŸ—’οΈ Section 6: Integrating the Coding Agent Across the Software Delivery Lifecycle - -### 🎯 Learning Goals - -- Trigger and track coding agent tasks from the GitHub CLI. -- Use Raycast to start and monitor tasks without leaving your desktop. -- Understand how the coding agent fits into the full SDLC β€” from backlog to merge. - -> **Note:** You can also execute the coding agent into a full SDLC using Copilot Chat in VSCode - -### Exercise 6A: Using the GitHub CLI - -> Requires GitHub CLI v2.80.0 or later. Run `gh --version` to check. - -```bash -# List your recent agent sessions -gh agent-task list - -# View the session associated with PR #45 in your repo -gh agent-task view --repo YOUR-ORG/YOUR-REPO 45 - -# View the full session log -gh agent-task view --repo YOUR-ORG/YOUR-REPO 45 --log - -# Stream live logs as Copilot works -gh agent-task view --repo YOUR-ORG/YOUR-REPO 45 --log --follow -``` - -### Exercise 6B: Using Raycast (Windows and macOS) - -1. Install [Raycast](https://www.raycast.com/). -2. Install the [GitHub Copilot extension for Raycast](https://www.raycast.com/github/github-copilot). -3. Open Raycast and search for **Copilot β†’ View Tasks** to see all your sessions. -4. To view the session log for any task, open the log using the following command: - **Windows:** -`Ctrl + L` -**macOS:** -`Command+L` -5. Start a new session directly from Raycast without opening a browser. - -### The Coding Agent in the Full SDLC - -The table below shows where the coding agent fits in each phase of software delivery: - -| SDLC Phase | How the Coding Agent Helps | -|---|---| -| **Planning** | Assign backlog issues directly to Copilot as an assignee, freeing developers for complex work | -| **Development** | Copilot implements features, writes documentation, addresses tech debt in the background while you focus elsewhere | -| **Testing** | Copilot runs your existing test suite during its session and iterates until tests pass; can also improve test coverage on demand | -| **Code Review** | Request Copilot as a reviewer on your PRs for instant feedback; leave iterative comments on Copilot's PRs to steer its solution | -| **Security** | Security campaigns allow bulk assignment of vulnerability fixes to Copilot; built-in CodeQL, secret scanning, and dependency checks run automatically | -| **Documentation** | Assign a documentation-focused custom agent to update READMEs, API docs, and inline comments | -| **Merge & Deploy** | Human approval is always required before merge; Copilot cannot self-approve or merge its own changes | - -In the above exercises we achieved the following: -- βœ… Used the GitHub CLI to list, view, and stream agent session logs -- βœ… Configured Raycast for desktop-level task management -- βœ… Mapped the coding agent's capabilities to every phase of the SDLC - ---- - -## πŸ“„ Section 7: Choosing the Right AI Model - -### 🎯 Learning Goals - -- Understand that the coding agent supports multiple AI models. -- Learn how to change the model for a session. - -### AI Model Selection - -Depending on where you start a coding agent task, you may be able to select which AI model powers the session. Some models may perform better for specific task types: - -- Complex architectural tasks: Try Claude Sonnet or GPT-4o models. -- High-speed, routine tasks: Try models optimized for speed. - -To change the model: -1. From the **agents panel** or when assigning an issue, look for the **model selector** dropdown. -2. Select your preferred model. -3. The model selection applies to that session only. - -For more details, see [Changing the AI model for GitHub Copilot coding agent](https://docs.github.com/copilot/how-tos/use-copilot-agents/coding-agent/changing-the-ai-model). +| # | Section | What you'll do | +|---|---------|----------------| +| 1 | [Assigning Tasks and Tracking Sessions](1-Assigning-and-Tracking.md) | Assign issues to Copilot, trigger the agent from PRs and the agents panel, track sessions, steer and stop the agent | +| 2 | [Custom Instructions and Code Review](2-Instructions-and-Review.md) | Write custom instructions to guide Copilot's behavior, review Copilot-authored PRs, request Copilot as a code reviewer | +| 3 | [Advanced Customization](3-Advanced-Customization.md) | Create custom agent profiles, configure MCP servers, set up hooks, and enable Copilot Memory | +| 4 | [Security, SDLC Integration, and AI Models](4-Security-and-SDLC.md) | Understand security protections, run security campaigns, use the GitHub CLI and Raycast, choose AI models | ---