GitHub Copilot Workflow Cheatsheet

1

Copilot Architecture & Flow

What: How your prompt flows through Copilot — context is gathered, routed via a proxy to the AI model, filtered for safety, and returned as a response.

Key Stages

Context gathering — workspace files, open tabs, selections, instructions
Pre-model filters — responsible AI, content exclusion
Proxy service — routes to chosen model, applies policies
AI model — user picks model or auto-select (10% discount)
Post-model filters — duplicate code detection, safety checks

Installation

ext install GitHub.copilot
ext install GitHub.copilot-chat

💡 Your code is never stored or used for training (all plans). Prompts are not retained after the response is delivered.

Use Cases

Debug unexpected output — understand why Copilot gave a wrong answer (check if context was gathered correctly)

Explain to stakeholders — describe how code never leaves the proxy pipeline (security/compliance reviews)

📚 Sources: GitHub Docs — Copilot Features

2

Chat Experience

What: The conversational AI panel in VS Code. Use slash commands, context variables (#), and participants (@) to give Copilot precise context for better answers.

Slash Commands

Command	Action	Command	Action
`/explain`	Explain selected code	`/fix`	Fix problems in code
`/tests`	Generate unit tests	`/new`	Scaffold new project
`/clear`	New chat session	`/help`	Copilot quick reference
`/init`	Generate instructions	`/search`	Workspace search
`/delegate`	Send to coding agent CLI	`/compact`	Compress context CLI

Context Variables (#)

#fileInclude file content

#selectionSelected text

#codebaseFull workspace context

#problemsError/warning diagnostics

#changesGit changes (diff)

#fetchFetch a web page

#terminalLastCommandLast terminal output

#block #class #functionCode scope

Chat Participants (@)

@workspaceProject structure & code

@vscodeVS Code commands & features

@terminalTerminal shell context

@githubGitHub-specific skills

@azureAzure services help

Voice Chat VS Code

Install ms-vscode.vscode-speech
Dictate prompts hands-free

Use Cases

/explain + #file — "Explain the auth flow in #file:auth.ts" (onboard to unfamiliar code)

/fix + #problems — "Fix all errors in #problems" (resolve build failures in one prompt)

📚 Sources: VS Code Docs — Copilot Chat

3

Code Completions

What: Real-time ghost text suggestions as you type. Copilot predicts your next lines of code based on context — accept with Tab, dismiss with Esc.

Keyboard Shortcuts

TabAccept full suggestion

EscDismiss suggestion

Alt+] / Alt+[Cycle alternatives

Ctrl+→Accept word by word

Enable / Disable

Toggle from Copilot icon in status bar
Disable for specific languages in settings
Snooze — temporarily pause suggestions

Completions Model

Change model in settings for inline suggestions
Premium models consume premium requests
Free plan: 2,000 completions/month

💡 Write a descriptive comment first — Copilot uses it as a prompt to generate the function body below.

Use Cases

Write a function from a comment — type // fetch user by email, Copilot generates the implementation

Auto-complete test cases — write one it("should...") block and Tab through the rest

📚 Sources: VS Code Docs — AI Suggestions

4

Next Edit Suggestions (NES)

What: Predicts your next edit based on recent changes, not just cursor position. Jumps you to the right location and suggests the change — great for repetitive multi-location refactors.

How It Works

Monitors your editing patterns across files
Suggests edits at locations you haven't navigated to yet
Shows arrow indicator → jump to suggested edit
Tab to navigate to edit, Tab again to accept

Why Use It

Rename variables across multiple locations
Apply consistent pattern changes
Add missing imports after using a new API

Use Cases

Rename userId → accountId — change one occurrence, NES finds and fixes the rest across files

Add error handling — wrap one function in try/catch, NES suggests the same for similar functions

📚 Sources: VS Code Docs — Next Edit Suggestions

5

Inline Chat

What: Chat with Copilot directly inside your editor or terminal without switching to the sidebar. Get targeted code edits, command generation, and image-to-code conversion in context.

In Editor

⌘I (Mac) / Ctrl+I (Win) — open inline chat
Select code first for targeted edits
Supports context vars & model selection
Preview diff before accepting

In Terminal

⌘I in terminal — generate commands
Copilot understands shell context
Generates and explains terminal commands

Vision Input

Attach images to chat prompts
UI mockups → code generation

Use Cases

Refactor selected code — select a function, ⌘I → "Extract this into a custom hook" (targeted in-place edit)

Generate shell commands — ⌘I in terminal → "Find all .log files larger than 100MB and delete them"

📚 Sources: VS Code Docs — Inline Chat

6

Model Selection & Premium Requests

What: Choose from 20+ AI models. Each model has a premium request multiplier — included models (GPT-4.1, GPT-4o, GPT-5 mini) cost 0×, while advanced models cost 1×–30×. Manage your monthly budget accordingly.

Model Multipliers (Paid Plans)

Model	Rate
GPT-4.1 / GPT-4o / GPT-5 mini	0× included
Raptor mini	0× included
Grok Code Fast 1	0.25×
Claude Haiku 4.5 / Gemini 3 Flash	0.33×
GPT-5.1-Codex-Mini / GPT-5.4 mini	0.33×
Sonnet 4 / 4.5 / 4.6	1×
Gemini 2.5 Pro / 3 Pro / 3.1 Pro	1×
GPT-5.1 / 5.2 / 5.4 + Codex variants	1×
Claude Opus 4.5 / 4.6	3×
Opus 4.6 fast mode (preview)	30×

Plans & Allowances

Plan	Included
Free	2K completions + 50 premium/mo
Pro / Student	Unlimited + premium allowance
Pro+	Unlimited + higher premium
Business	Unlimited + org premium pool
Enterprise	Unlimited + enterprise premium

💡 Auto model selection gives 10% multiplier discount and excludes models with multipliers greater than 1×.

⚠️ Unused requests don't carry over. Counters reset on 1st of each month (UTC).

📌 Models are frequently added and deprecated. Multipliers may change. Check official docs for the latest model list.

Use Cases

Save budget on simple tasks — use GPT-4.1 (0×) for boilerplate, switch to Sonnet 4.6 (1×) for complex refactors

Architecture decisions — use Opus 4.6 (3×) for design reviews where quality matters more than cost

📚 Sources: GitHub Docs — Plans & Models · Model Availability by Plan

7

Custom Instructions

What: Markdown files that automatically inject your coding standards, conventions, and project context into every Copilot request — no need to repeat yourself in prompts.

Always-On Files

copilot-instructions.md.github/ folder

AGENTS.mdRoot or subfolders

CLAUDE.mdRoot, .claude/, ~/

For Specific Tasks

Code reviewreviewSelection.instructions

CommitscommitMessageGeneration

PR descriptionspullRequestDescription

Priority (High → Low)

1. Personal (user-level)
2. Path-specific (.github/instructions/*.instructions.md)
3. Repository-wide (.github/copilot-instructions.md)
4. Agent (AGENTS.md)
5. Organization

Generate Instructions

/init — auto-generate for workspace
Chat debug view → verify loaded files

Use Cases

Enforce coding style — add "Always use single quotes and 2-space indentation" to copilot-instructions.md

Standardize commit messages — set commitMessageGeneration instructions to follow Conventional Commits format

📚 Sources: VS Code Docs — Custom Instructions

8

Instructions.md Files

What: Targeted instruction files (.instructions.md) that apply conditionally based on file glob patterns or semantic matching — e.g., Python rules only for *.py files.

Format

---
name: 'Python Standards'
description: 'Python conventions'
applyTo: '**/*.py'
---
# Python coding standards
- Follow PEP 8 style guide
- Use type hints for all functions

Locations

Workspace.github/instructions/

Claude fmt.claude/rules/ Claude-specific

User~/.copilot/instructions/

💡 Type /instructions in chat to open Configure menu.

Use Cases

Python-only rules — create python.instructions.md with applyTo: '**/*.py' for PEP 8, type hints, docstrings

React testing patterns — create react-tests.instructions.md with applyTo: '**/*.test.tsx' for RTL best practices

📚 Sources: VS Code Docs — Instructions Files

9

Reusable Prompt Files

What: Saved prompt templates (.prompt.md) you invoke as slash commands. Encode frequent tasks like scaffolding components or running reviews — type /prompt-name instead of re-writing the prompt.

Encode common tasks as .prompt.md files
Invoke via /prompt-name in chat
Workspace: .github/prompts/
User: profile prompts/ folder

Format

---
description: 'Create React form'
agent: agent
tools: ['editFiles', 'search']
model: GPT-5.2
---
Generate a React form component
with validation for ${input:fields}

Quick Commands

/create-promptAI-generate a prompt file VS Code

/promptsConfigure prompt files

💡 Reference instructions via Markdown links. Use ${input:name} for user-provided values.

Use Cases

One-command API scaffold — /create-api generates REST endpoint with controller, service, tests, and OpenAPI spec

Standardized code review — /review-pr checks for security, performance, and accessibility issues every time

📚 Sources: VS Code Docs — Prompt Files

10

Chat Modes & Custom Agents

What: Agents are specialized AI personas with their own tools, instructions, and model. Create a security reviewer, planner, or any role — each with restricted tool access and handoffs to other agents.

Built-in Modes

Mode	Purpose
Ask	Read-only Q&A, no code changes
Edit	Direct code edits
Agent	Autonomous tool use + edits
Plan	Create plan before implementation

Custom Agent File (.agent.md)

---
description: 'Security reviewer'
tools: ['search', 'readFile']
model: Claude Sonnet 4.6
agents: ['*']
handoffs:
  - label: Fix issues
    agent: implementation
    prompt: Fix the issues above.
    send: false
---
Review code for OWASP Top 10...

Agent Frontmatter Fields

Field	Description
`description`	Shown as placeholder text (required on github.com)
`name`	Display name (defaults to filename)
`tools`	List of available tools; omit for all tools
`agents`	Allowed subagents (`*` = all, `[]` = none)
`model`	AI model (string or prioritized array)
`handoffs`	Sequential workflow transitions (label, agent, prompt, send, model)
`target`	`vscode` or `github-copilot` (omit for both)
`mcp-servers`	MCP server configs scoped to this agent
`hooks`	Agent-scoped hooks Preview
`user-invocable`	Show/hide in dropdown (default: true)
`disable-model-invocation`	Prevent subagent invocation (default: false)
`argument-hint`	Hint text in chat input field

File Locations

Workspace.github/agents/

Claude fmt.claude/agents/

User~/.copilot/agents/

Org/Enterprise.github-private repo → agents/

Where Custom Agents Work

VS Code JetBrains Eclipse Xcode GitHub.com Copilot CLI Coding Agent Background & Cloud agents

💡 Type /agents to configure or /create-agent to generate with AI. On github.com, use the Agents tab at github.com/copilot/agents to create and manage agents.

Use Cases

Security review agent — read-only tools (search, readFile), scans for OWASP Top 10, hands off to "fix" agent

Plan → Implement workflow — Plan agent creates a spec, handoff button (send: true) auto-submits to implementation agent

Org-wide agent — create agents in .github-private repo to share across all repos in your org/enterprise

📚 Sources: VS Code Docs — Custom Agents · GitHub Docs — Creating Custom Agents

11

Skills (Agent Superpowers)

What: Portable folders of instructions, scripts & resources that Copilot auto-loads when relevant. Unlike instructions (guidelines), skills teach capabilities — testing workflows, deployment recipes, etc. Open standard across VS Code, CLI & coding agent.

SKILL.md Format

---
name: webapp-testing
description: 'Run and debug
  web app integration tests'
---
# Testing Workflow
Use describe + it + AAA pattern
Use factory mocks for fixtures

Locations

Project.github/skills/<name>/

Personal~/.copilot/skills/<name>/

Key Features

Invoke via /skill-name in chat
/create-skill — AI-generate a skill
Works across VS Code, CLI & coding agent
Open standard: agentskills.io

Use Cases

Testing skill — SKILL.md + test templates + fixture scripts → Copilot auto-loads when you ask "help me test"

Deployment skill — SKILL.md + deploy scripts + Dockerfile → /deploy runs the full pipeline

📚 Sources: VS Code Docs — Skills · agentskills.io

12

MCP — Model Context Protocol

What: An open standard that connects Copilot to external tools & services (databases, APIs, browsers). MCP servers expose tools, data resources, and prompt templates that the AI can use during conversations.

mcp.json (.vscode/mcp.json or .github/mcp.json)

{
  "servers": {
    "github": {
      "type": "http",
      "url": "https://api.githubcopilot.com/mcp"
    },
    "playwright": {
      "command": "npx",
      "args": ["-y",
        "@microsoft/mcp-server-playwright"]
    }
  }
}

MCP Capabilities

Capability	Description
Tools	Execute operations (file, DB, API)
Resources	Read-only context (Add Context → MCP Resources)
Prompts	Templates via `/server.prompt`
MCP Apps	Interactive UI in chat
Sampling	Server-initiated model calls
Elicitation	Server asks user for input

Key Servers

github-mcp-serverGitHub APIs

PlaywrightBrowser automation

SandboxmacOS/Linux: sandboxEnabled

⚠️ Only use MCP servers from trusted sources. Review configs before starting.

Use Cases

Query a database — add a Postgres MCP server → ask Copilot "show me users who signed up this week"

Browser testing — add Playwright MCP server → "go to our staging site and screenshot the login page"

📚 Sources: VS Code Docs — MCP Servers · modelcontextprotocol.io

13

Hooks — Lifecycle Automation

What: Deterministic shell commands that run at specific agent lifecycle points. Unlike instructions (suggestions), hooks guarantee execution — block dangerous commands, auto-format after edits, log tool usage, enforce security policies.

Hook Events

Event	When
`SessionStart`	First prompt of new session
`UserPromptSubmit`	User submits a prompt
`PreToolUse`	Before tool invocation
`PostToolUse`	After tool completes
`PreCompact`	Before context compaction
`SubagentStart/Stop`	Subagent lifecycle
`Stop`	Agent session ends

Hook Config (.github/hooks/*.json)

{
  "hooks": {
    "PostToolUse": [{
      "type": "command",
      "command": "npx prettier --write \"$TOOL_INPUT_FILE_PATH\""
    }]
  }
}

Exit Codes

0Success → parse stdout JSON output

Non-zeroLogged & skipped — does not block agent

PreToolUse Output (JSON)

permissionDecision"deny" blocks the tool call (only deny is currently processed)

⚠️ Hook failures never block agent execution. Use permissionDecision: "deny" in JSON output to block specific tool calls.

Use Cases

Auto-format on save — PostToolUse hook runs prettier --write on every file the agent edits

Block destructive commands — PreToolUse hook outputs {"permissionDecision": "deny"} for rm -rf and DROP TABLE

📚 Sources: VS Code Docs — Agent Hooks

14

Copilot on GitHub.com

What: Copilot features on github.com — the cloud coding agent creates PRs autonomously, Copilot reviews code, generates PR summaries, helps with issues, and runs Autofix for security vulnerabilities.

Coding Agent

Delegate tasks from VS Code, CLI, or github.com
Use /delegate in chat or @cli in terminal
Creates PRs autonomously in cloud
Uses premium requests (1× per session × model)
Follow up with steering comments

PR & Issue Features

PR Summary — auto-generate descriptions
Code Review — assign Copilot as reviewer
Issue helper — create/update issues with Copilot
Autofix — code scanning security fixes

Customize Agent Environment

Use copilot-setup-steps.yml (GitHub Actions workflow)
MCP servers for coding agent
Pre/post scripts, dependencies

Use Cases

Delegate a feature — /delegate + link to GitHub issue → agent creates a branch, implements, and opens a PR

Auto-review PRs — assign Copilot as reviewer on every PR → catches bugs, style issues, and security flaws

📚 Sources: GitHub Docs — Coding Agent · Code Review

15

Copilot CLI — Terminal AI Agent

What: A full AI coding agent in your terminal — interactive conversations, autonomous task execution, plan mode, custom agents, MCP, hooks, skills, and memory. Default model: Claude Sonnet 4.5.

Slash Commands

Command	Action
`/model`	Switch AI model
`/compact`	Compress conversation context
`/context`	View token usage breakdown
`/usage`	Session stats (premium reqs, duration, LOC)
`/agent`	Select a custom agent
`/mcp`	List MCP servers; `/mcp add` to add
`/resume`	Resume a previous session
`/add-dir`	Trust an additional directory
`/cwd` / `/cd`	Change working directory
`/login`	Authenticate with GitHub
`/feedback`	Submit feedback, bugs, features
`/allow-all`	Auto-approve all tools this session

Keyboard & Syntax

Key / Syntax	Action
Shift+Tab	Toggle Ask / Plan mode
Ctrl+T	Show/hide model reasoning
Esc	Stop current operation
`@path/to/file`	Include file as context
`!git status`	Run shell command directly

Command-Line Flags

-p "prompt"Programmatic single-prompt mode

--continueResume most recent session

--resumePick a session to resume

--agent=nameUse a specific custom agent

--allow-all-toolsAuto-approve all tools

--allow-tool='shell(git)'Allow specific tool

--deny-tool='shell(rm)'Block specific tool

--model nameSet model from CLI

Built-in Subagents

ExploreQuick codebase analysis

TaskRun tests/builds, brief summaries

Code-reviewReview changes, surface real issues

General-purposeGeneral-purpose subagent

ResearchDeep research tasks

Use Cases

Headless automation — copilot -p "Run tests, fix failures, commit" --allow-all-tools in CI/CD

Resume cloud agent — /resume to pull a coding agent session from github.com into your terminal

📚 Sources: GitHub Docs — Copilot CLI

16

Spaces & Spark

What: Spaces — curated knowledge collections for project context. Spark — natural language to micro web apps.

Curate knowledge for project context
Attach docs, code, files to a space
Access at github.com/copilot/spaces
Uses premium requests (1× model rate)

Copilot Spark

Natural language → micro web apps
4 premium requests per prompt
Access at github.com/spark

Use Cases

CLI: bulk file ops — copilot -p "Rename all .jpeg files to .jpg recursively" with --allow-tool='shell'

Spark: quick prototype — "Build a dashboard showing my GitHub repo stats" → live web app in seconds

📚 Sources: GitHub Docs — Spaces · Copilot Spark

17

Toolsets

What: A collection of tools you reference as a single entity in prompts, prompt files, and custom agents. Organize related tools and enable/disable them as a group.

Define in .jsonc files via Chat: Configure Tool Sets
Reference in prompts: #toolset-name
Reference in agents: tools: ['my-toolset']
Built-in sets: #edit, #search

Tool Set File (.jsonc)

{
  "reader": {
    "tools": ["search/changes", "search/codebase",
              "read/problems", "search/usages"],
    "description": "Tools for reading context",
    "icon": "book"
  }
}

Properties

toolsArray of tool names (built-in, MCP, extension)

descriptionShown in tools picker

iconProduct icon (see Icon Reference)

Use Cases

Read-only toolset — group search, readFile, grep into a #reader set for safe auditing

Quick reference — type #reader in prompt to enable all read tools at once

📚 Sources: VS Code Docs — Tool Sets

18

Content Exclusion

What: Organization-level rules that prevent specific files, folders, or repositories from being sent to the AI model — enforcing compliance and protecting sensitive code.

Exclude files/repos from Copilot at org level
Prevents content from being sent to model
Configurable in GitHub org settings
Supports glob patterns for paths
Applies to completions and chat (Ask mode)
Requires Business or Enterprise plan

⚠️ Content exclusion is not supported in Edit mode, Agent mode, Copilot CLI, or Copilot coding agent. Block mode for code referencing is also not enforced for CLI/coding agent.

Common Exclusions

.env / .env.*Environment variables & secrets

**/secrets/**Secret files & credentials

**/keys/**API keys & certificates

internal-repoEntire private repositories

Use Cases

Exclude secrets — content exclusion rule blocks .env, **/secrets/** from being sent to AI

Compliance — exclude regulated codebases (HIPAA, PCI) from AI processing at the org level

📚 Sources: GitHub Docs — Content Exclusion

19

Spec-Driven Development Community

⚠️ Note: This section describes community frameworks, not official GitHub Copilot features. These methodologies work well with Copilot agents but are maintained by third parties.

What: Write a specification first, then let the AI agent implement it. Specs define requirements, acceptance criteria, and architecture — giving agents a clear blueprint instead of ad-hoc prompts.

Popular Frameworks

spec-kitGitHub's spec workflow for coding agent

OpenSpecFission AI spec framework

BMADBMAD methodology

GSDGet-shit-done framework

Workflow

Write Spec → Review & Refine → Agent Implements → Validate Output

Use Cases

Feature spec — write a spec with user stories + acceptance criteria → /delegate to coding agent for implementation

Migration spec — define the target state, constraints, and rollback plan → agent handles the migration systematically

📚 Sources: github/spec-kit · OpenSpec · BMAD Method · GSD

20

Customization File Structure

What: The recommended project layout for all Copilot customization files — instructions, prompts, agents, skills, hooks, toolsets, and MCP configs in one organized tree.

your-project/ ├── .github/ │ ├── copilot-instructions.md │ ├── instructions/ │ │ ├── python.instructions.md │ │ └── react.instructions.md │ ├── prompts/ │ │ └── create-api.prompt.md │ ├── agents/ │ │ ├── planner.agent.md │ │ └── reviewer.agent.md │ ├── skills/ │ │ └── testing/ │ │ └── SKILL.md │ ├── hooks/ │ │ └── format.json │ ├── toolsets/ │ └── mcp.json ├── .vscode/ │ └── mcp.json ├── copilot-setup-steps.yml ├── AGENTS.md └── CLAUDE.md

Use Cases

Monorepo setup — separate instructions/ for frontend (React) and backend (Python) with different applyTo globs

Team shared configs — commit .github/ folder to Git so all team members get the same Copilot behavior

📚 Sources: VS Code Docs — Customization Overview

21

Third-Party Coding Agents

What: Use Anthropic Claude and OpenAI Codex as autonomous coding agents alongside Copilot's built-in agent. Assign GitHub issues or prompts — they create branches, implement changes, and open PRs for review.

Supported Third-Party Agents

Agent	Provider	Status
Claude	Anthropic	Preview
Codex	OpenAI	Preview

📌 Copilot coding agent is the first-party (native) agent — see Section 14. Third-party agents work alongside it.

Where to Use

Agents tab — github.com/copilot/agents
Issues — assign the agent to an issue
PRs — mention @AGENT_NAME in a comment
VS Code — new session → select agent type
GitHub Mobile — start agent session from Home

How It Works

Assign Issue / Prompt → Agent Plans & Codes → Opens PR → You Review

Cost & Billing

Each prompt consumes 1 premium request
GitHub Actions minutes apply to the native Copilot coding agent, not third-party agents
Same repo access permissions as built-in agent

Enable for Your Org

Org Settings → Copilot → Coding agent → Partner agents
Available on Pro, Pro+, Business, and Enterprise plans
Org admins toggle each agent independently

⚠️ Third-party agents are in public preview. Policies apply to cloud agents only — local agents in VS Code cannot be disabled.

Use Cases

Compare agent output — assign the same issue to Claude and Codex → compare their PRs with Copilot coding agent's PR and merge the best one

Parallel workstreams — assign backend refactor to Codex while Claude handles frontend tests — both open PRs simultaneously

📚 Sources: GitHub Docs — Third-Party Agents · Anthropic Claude · OpenAI Codex

22

Browser Agent Tools VS Code Preview

What: Agents can open, interact with, and screenshot web pages in VS Code's integrated browser — enabling autonomous build → test → debug → fix loops for web apps without leaving the editor. This is a VS Code-specific experimental feature.

Available Tools

Tool	Action
`openBrowserPage`	Open a URL in integrated browser
`navigatePage`	Navigate to a different URL
`readPage`	Read page content & structure
`screenshotPage`	Take a screenshot for visual review
`clickElement`	Click a page element
`hoverElement`	Hover over an element
`dragElement`	Drag and drop elements
`typeInPage`	Type text into inputs
`handleDialog`	Accept/dismiss browser dialogs
`runPlaywrightCode`	Run custom Playwright automation

Enable Browser Tools

Set workbench.browser.enableChatTools to true
Open Chat → Agent mode → Tools picker
Enable all tools under Built-in > Browser

Autonomous Dev Loop

Build App → Open in Browser → Test & Interact → Fix Issues → Validate

Sharing Pages

Agent-opened pages use isolated ephemeral sessions (no shared cookies)
Share with Agent button — share your pages (uses your session/cookies)
Visual indicator shows when a page is shared

⚠️ Browser agent tools are experimental and may change in future releases.

Use Cases

Form validation testing — "Build a contact form, open it in the browser, test all validation rules and fix any issues" (full loop)

Responsive layout check — "Screenshot this page at 320px, 768px, and 1440px widths and verify the layout is correct"

Accessibility audit — "Check this page for missing alt text, heading hierarchy, keyboard nav, and color contrast issues"

📚 Sources: VS Code Docs — Browser Agent Testing · Integrated Browser

23

Checkpoints & Session Forking VS Code Preview

What: VS Code auto-snapshots your workspace before each agent action. Restore to any previous state, redo undone changes, edit & resend earlier prompts, or fork a conversation to explore an alternative approach — all without losing work.

Checkpoints

Enable: chat.checkpoints.enabled
Auto-created before each chat request
Hover chat request → Restore Checkpoint
Reverts all file changes made after that point
Redo button appears after restore — undo mistakes

View File Changes

Enable: chat.checkpoints.showFileChanges
Shows modified files + lines added/removed per request
Helps decide which checkpoint to restore to

💡 Checkpoints complement Git but don't replace it. They're for quick iteration within a session — use Git for permanent version control.

Edit Previous Requests

Click any previous chat request to edit it
Reverts changes from that request + all later ones
Resends as a new request with your edits
Configure: chat.editRequests

Fork from Checkpoint

Hover chat request → Fork Conversation
Creates new independent session from that point
Original conversation preserved
Explore alternative approaches side by side

Workflow

Agent Acts → Review Output → ✅ Keep / 🔄 Restore / 🍴 Fork

Use Cases

Safe experimentation — let the agent try a risky refactor, restore checkpoint if it breaks tests, fork to try an alternative

Prompt refinement — edit a vague prompt 3 requests back → agent re-runs with better instructions, previous bad output is undone

📚 Sources: VS Code Docs — Checkpoints · Chat Sessions

24

Agent Sessions, Handoffs & Orchestration

What: Run multiple agent sessions in parallel across local, background (CLI), and cloud environments. Hand off tasks between agent types with full context carry-over. Manage everything from a unified sessions view.

Agent Types

Type	Runs	Best For
Local	VS Code (interactive)	Brainstorm, debug, browse
Copilot CLI	Background on machine	Well-defined tasks, POCs
Cloud	Remote infra	PRs, team collaboration
Third-party	Claude / Codex	Provider-specific models

Handoff Flow

Plan (Local) → Implement (CLI) → PR (Cloud) → Review

Select different agent type from session dropdown
Full conversation history carries over
Original session archived after handoff
/delegate in CLI → sends to cloud agent

Sessions View

Unified list of all sessions (local, CLI, cloud)
Compact or Side-by-side layout modes
Shows status, type, and file change stats
Archive / unarchive completed sessions
Grouped by time (Today, Last Week, etc.)

Agent Status Indicator

Badge in command center title bar Experimental
Shows unread messages + in-progress count
Enable: chat.agentsControl.enabled

Parallel Sessions

Create multiple sessions via + button
Each session: independent context window
Run different tasks simultaneously
Assign TODOs: right-click code → assign to agent

Use Cases

Plan → Build → Ship — Plan agent designs architecture, hand off to CLI for implementation, then cloud agent opens the PR for team review

Parallel features — run 3 local sessions: one for API endpoints, one for UI components, one for tests — all working simultaneously

TODO delegation — add // TODO: add input validation in code → right-click → assign to Copilot coding agent → agent creates a PR

📚 Sources: VS Code Docs — Agents Overview · Chat Sessions

25

Prompt & Context Engineering

What: Proven techniques for writing effective prompts and providing the right context. The quality of Copilot's output depends directly on how well you communicate — be specific, break tasks down, include expected output, and choose the right interaction mode.

Writing Effective Prompts

Be specific — state language, framework, expected I/O
Break down complex tasks — smaller steps = better results
Include expected output — test cases, acceptance criteria
Avoid vague prompts — "make this better" → "reduce time complexity"
Iterate with follow-ups — refine, don't rewrite the whole prompt
Ask AI to ask questions — "ask me clarifying questions before starting"
Course-correct early — steer mid-request if heading wrong way

Prompt Example

Write a TypeScript function that validates
email addresses. Return true for valid,
false otherwise. Don't use regex.
Example: validateEmail("user@example.com")
  → true
Example: validateEmail("invalid") → false

Providing Context

Agent auto-searches workspace — usually no need for #codebase
Reference specific files: #file, #folder, #symbol
#fetch — pull info from web pages / docs
Attach images / screenshots for visual context
Use integrated browser to select page elements

Pick the Right Mode

Mode	When to Use
Inline suggestions	In-flow coding, boilerplate
Ask	Questions, brainstorm, explore
Inline chat	Targeted in-place edits
Agent	Multi-file autonomous changes
Plan	Architecture, migration strategy
Smart actions	One-click commit msg, fix, rename

Session Hygiene

New session for unrelated tasks — avoid context pollution
Use subagents for isolated research
Run parallel sessions for independent work

Use Cases

High-quality output — "Implement a rate limiter using token bucket. Write tests that verify: 10 req/s allowed, 11th rejected, refills after 1s. Run the tests."

Plan first — use Plan agent to design architecture → review → hand off to Agent mode for implementation with tests as verification

📚 Sources: VS Code Docs — Best Practices · Context Engineering Guide · Prompt Cookbook

26

Smart Actions

What: One-click AI-powered actions built into VS Code — no prompt needed. Generate commit messages, rename symbols intelligently, fix diagnostics, and search semantically. Available via right-click, lightbulb, or keyboard shortcuts.

Available Actions

Action	Where
Generate Commit Message	Source Control panel
Rename Symbol	F2 on any symbol
Fix with Copilot	Lightbulb on errors/warnings
Fix Test Failure	Test Explorer failed tests
Generate Docs	Right-click → Generate Code
Semantic Search	Search view (meaning, not keywords)
Generate PR Summary	PR description field

How to Access

Lightbulb (⌘.) — hover over error → AI fix suggestion
Right-click → Generate Code menu
Context menus in Source Control, Test Explorer
No prompt required — Copilot infers from context

Use Cases

Instant commit messages — click ✨ in Source Control → Copilot analyzes diff and generates a Conventional Commit message

Smart rename — F2 on processData → Copilot suggests transformUserPayload based on function body semantics

📚 Sources: VS Code Docs — Smart Actions

27

BYOK — Bring Your Own Key

What: Use your own API keys to access hundreds of models beyond the built-in ones. Two modes: Individual BYOK (Pro/Pro+ users add keys in VS Code) and Enterprise BYOK (admins connect keys at org/enterprise level, available since Nov 2025). Both let you bypass rate limits, use custom models, and leverage existing provider contracts.

Individual BYOK (Pro/Pro+)

Model picker → Manage Models → select provider → enter key
Or: Chat: Manage Language Models command

Built-in providersOpenAI, Anthropic, Google, etc.

ExtensionsAI Toolkit, Foundry Local

Local modelsOllama, custom OpenAI-compat

📌 Individual BYOK is for Pro/Pro+ only. Business/Enterprise users use Enterprise BYOK instead.

Enterprise BYOK (Business/Enterprise) Preview

Org/Enterprise settings → connect API key → manage model access
Enterprise admins control which orgs can use which models

ProvidersOpenAI, Anthropic, Google AI Studio, MS Foundry, AWS Bedrock, xAI, OpenAI-compat

BillingBilled by your provider, not GitHub quotas

Context windowAdmins can set max context window

StreamingStreaming responses supported

Responses APISupported (since Jan 2026 update)

💡 BYOK models need tool calling support to work in Agent mode. Enterprise BYOK usage does not count against GitHub Copilot request quotas.

Use Cases

Run local Ollama — deploy Phi-4 locally, add via Manage Models → use in chat with zero API cost and full privacy (Individual)

Enterprise model standardization — connect org's Azure OpenAI key → all devs use approved models, billed via existing contract (Enterprise)

Cutting-edge models — add your Anthropic key to try Claude's latest release before it appears in the built-in list

📚 Sources: VS Code Docs — Language Models · GitHub Blog — Enterprise BYOK · BYOK Enhancements (Jan 2026)

28

Privacy, Security & Trust

What: How GitHub protects your data — code is not used for training (Business/Enterprise), prompts are not retained, responsible AI filters run pre- and post-model, and IP indemnity covers Copilot-generated code.

Data Handling

What	Behavior
Prompts & suggestions	Not retained after response delivered
Training on your code	No (all plans — cannot be enabled)
Telemetry opt-out	Individual users can opt out
Code snippets	Encrypted in transit & at rest

Responsible AI Filters

Pre-model — content exclusion, harmful prompt detection
Post-model — duplicate/public code detection, safety checks
Configurable: enable/disable public code matching

IP & Compliance

IP indemnity — GitHub indemnifies Copilot output (Business/Enterprise)
SOC 2 Type II compliant
GDPR compliant — EU data processing
Subprocessor list published on Trust Center

Security Best Practices

Review AI output for vulnerabilities (OWASP Top 10)
Don't paste credentials into prompts
Use content exclusion for sensitive files
Only use MCP servers from trusted sources
BYOK: no responsible AI filtering on output

💡 Enable public code filter to block suggestions matching public repositories — reduces IP risk.

Use Cases

Compliance review — point stakeholders to the Trust Center FAQ for SOC 2, GDPR, and data handling evidence

Reduce IP risk — enable public code filter + content exclusion for proprietary algorithms → dual protection

📚 Sources: GitHub Copilot Trust Center · VS Code — Copilot Security · Responsible Use

29

Org & Enterprise Administration

What: Admin controls for managing Copilot across your organization — assign seats, set policies for features & models, review usage analytics, audit logs, and configure content exclusions at scale.

Policy Management

Policy	Controls
Features	Chat, completions, agents, MCP
Models	Enable/disable premium models
Coding agent	Enable cloud agent + 3rd-party
Editor preview	Opt in to preview features
Public code filter	Block public code matches
Content exclusion	Exclude files/repos from AI

Access Management

Assign Copilot seats per user or team
Enterprise owners → org-level access
Org owners → member-level access
Policies cascade: Enterprise → Org → User

Usage Analytics

Dashboard: acceptance rates, active users, languages
Premium request consumption by user/team
Breakdown by feature (chat, completions, agent)
Export data via API for custom reporting

Audit Logs

Track Copilot actions by user
Seat assignments, policy changes
Available for Business & Enterprise plans
180-day retention limit

Settings Path

OrgSettings → Copilot → Policies / Models

EnterpriseEnterprise Settings → Copilot → Policies

💡 Enterprise policies override org settings. If an explicit setting is chosen at enterprise level, orgs cannot change it.

Use Cases

Rollout strategy — enable Copilot for a pilot team, review usage analytics for 30 days, then expand to the full org

Model governance — disable Opus 4.6 (30× cost) org-wide, allow only 0×–1× models to control premium request spend

📚 Sources: GitHub Docs — Org Management · Usage & Audit Logs

30

Subagents

What: Isolated child agents that run research or execution tasks within a parent agent session. Context stays separate to avoid polluting the main conversation — results are summarized back to the parent.

Built-in Subagents

Subagent	Purpose
Explore	Quick codebase analysis & Q&A
Task	Run tests/builds, return brief summaries
Code-review	Review changes, surface real issues
General-purpose	General-purpose subagent
Research	Deep research tasks

How They Work

Parent agent spawns subagent for a focused task
Subagent runs in isolated context — no pollution
Returns a single summary message to parent
Can run in parallel for independent tasks
Available in VS Code agent mode & Copilot CLI

When to Use

Research a topic without cluttering main chat
Run tests and get a pass/fail summary
Explore multiple approaches in parallel

Use Cases

Parallel research — agent spawns 3 Explore subagents to investigate auth, caching, and logging patterns simultaneously

Test runner — Task subagent runs full test suite, returns "2 of 47 tests failed: test_auth, test_cache" — no noisy output in main chat

📚 Sources: VS Code Docs — Subagents

31

Copilot Metrics API

What: REST API endpoints that provide aggregated usage metrics for Copilot across your enterprise, organization, or team — acceptance rates, active users, language/editor breakdowns, chat usage, and PR summaries. Build custom dashboards and track ROI.

API Endpoints

Scope	Endpoint
Enterprise	`GET /enterprises/{ent}/copilot/metrics`
Organization	`GET /orgs/{org}/copilot/metrics`
Team	`GET /orgs/{org}/team/{slug}/copilot/metrics`

Query Parameters

sinceISO 8601 date (max 100 days ago)

untilISO 8601 end date

pagePage number (default: 1)

per_pageDays per page (max 100)

cURL Example

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer $TOKEN" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/my-org/copilot/metrics\
  ?since=2026-02-01&until=2026-03-01

Metrics Returned

Category	Key Metrics
IDE Completions	Suggestions, acceptances, lines suggested/accepted — by language, editor, model
IDE Chat	Total chats, insertion events, copy events — by editor, model
GitHub.com Chat	Total chats, engaged users — by model
PR Summaries	Total summaries created — by repo, model

Authentication

PAT (classic)manage_billing:copilot, read:org, or read:enterprise

Fine-grained"GitHub Copilot Business" or "Administration" org permissions (read)

GitHub AppUser or installation access tokens

Requirements

Min 5 members with active Copilot licenses for data to appear
Data processed once per day — yesterday is latest available
Up to 100 days of historical data
Users must have telemetry enabled in their IDE
Enable Copilot Metrics API access policy in org settings

⚠️ The legacy /copilot/metrics endpoints are being deprecated. Migrate to the newer Copilot usage metrics endpoints for more depth and flexibility.

Response Schema (Simplified)

[{
  "date": "2026-03-24",
  "total_active_users": 24,            // licensed users
  "total_engaged_users": 20,           // actually used Copilot
  "copilot_ide_code_completions": {
    "total_engaged_users": 20,
    "languages": [{ "name": "python", "total_engaged_users": 10 }, ...],
    "editors": [{
      "name": "vscode", "total_engaged_users": 13,
      "models": [{
        "name": "default", "languages": [{
          "name": "python",
          "total_code_suggestions": 249,  // suggested to user
          "total_code_acceptances": 123,  // user accepted
          "total_code_lines_suggested": 225,
          "total_code_lines_accepted": 135
        }]
      }]
    }]
  },
  "copilot_ide_chat": { ... },          // chats, insertions, copies
  "copilot_dotcom_chat": { ... },       // GitHub.com chat usage
  "copilot_dotcom_pull_requests": { ... } // PR summaries by repo
}]

Community Tools

copilot-metrics-viewerGitHub's official dashboard for visualizing Copilot metrics data

Custom dashboardsPipe API data to Grafana, Power BI, Looker, or Datadog

/usage in CLIQuick session stats in Copilot CLI

Use Cases

ROI dashboard — query org metrics daily → calculate acceptance rate per team → report to leadership on AI productivity gains

Identify low adoption — compare active vs engaged users per team → target training for teams with low engagement rates

Language coverage — break down completions by language → discover which stacks benefit most from Copilot

📚 Sources: GitHub REST API — Copilot Metrics · copilot-metrics-viewer · Usage Analysis Guide

32

Code Referencing & Attribution

What: When Copilot suggests code that matches publicly available code on GitHub, it can either block the suggestion or display references — showing the source repository, license type, and a link to the original code. Helps manage intellectual property risk.

Two Modes

Mode	Behavior
Block	Suggestions matching public code (~150 chars) are hidden — user never sees them. Eliminates IP risk.
Allow	Suggestions are shown with references — source repo URL, license type, and code snippet displayed.

Where References Appear

Inline completions — Output panel → "GitHub Copilot Log (Code References)"
Chat responses — banner at bottom: "Similar code found — View matches"
Click View matches → new tab with license, URL, and code snippet
Ctrl+click / Cmd+click URL → view full source file on GitHub

Reference Details

LicenseMIT, Apache-2.0, GPL, or "unknown"

URLDirect link to matching file on GitHub

Code snippetThe matching public code excerpt

LocationLine & column where suggestion was inserted

How to Configure

Individual: Profile → Copilot Settings → "Suggestions matching public code" → Allow or Block
Organization: Org Settings → Copilot → Policies → "Suggestions matching public code"
Enterprise: Enterprise Settings → Copilot → Policies (overrides org setting)

💡 Verify code referencing works by typing function fizzBuzz() — a common implementation will match and show references in the log.

⚠️ Org/enterprise members inherit the organization's policy and cannot override it in personal settings.

Use Cases

IP-safe development — enable Block mode enterprise-wide to prevent any public code matches from reaching developers

Attribution workflow — enable Allow mode + review references before committing → add license headers where required

Open-source compliance — check if matched code uses GPL → decide whether to accept or rewrite to avoid copyleft obligations

📚 Sources: GitHub Docs — Finding Matching Code · Code Referencing Concepts

33

Copilot Autofix & Advanced Security

What: AI-powered security remediation built into GitHub's code scanning pipeline. When CodeQL detects a vulnerability in a PR, Copilot Autofix generates a suggested fix with explanation. Requires GitHub Code Security license (free for public repos). Integrates with Advanced Security, Code Scanning, and Dependabot.

How It Works

CodeQL scans PR → detects security vulnerability (SARIF format)
Alert + code context sent to LLM via internal Copilot APIs
Fix generated — code patch + natural language explanation
Displayed on PR — click to view diff, edit, and commit
Also available for existing alerts on default branch

Where to Find Autofix

PR alertsCode scanning alert → "Generate fix" button

Security tabRepo → Security → Code scanning alerts

Security overviewOrg dashboard → autofix suggestion counts

Availability

Repo Type	Autofix Access
Public repos	Free
Org repos (GitHub Code Security)	Included
Enterprise (GHES + Code Security)	Code Security

Advanced Security Integration

Feature	Autofix Role
Code Scanning	Generates code patches for CodeQL alerts (SQL injection, XSS, etc.)
Secret Scanning	AI-assisted secret rotation guidance
Dependabot	Dependency review integration — verify fixes don't add insecure deps
Security Overview	Org-level dashboard of autofix suggestion counts & resolution rates

What Autofix Sends to the LLM

CodeQL alert data (SARIF format)
Code snippets around source, sink, & flow path
First ~10 lines of each involved file
CodeQL query help text

Configuration

Enable/disableRepo / Org / Enterprise settings

DefaultEnabled on all CodeQL repos

⚠️ Always verify fixes — Autofix may suggest partial fixes, incorrect locations, or dependency changes. Run CI tests before merging.

💡 Data is not used for LLM training. Governed by Advanced Security terms, not Copilot terms.

Use Cases

Fix SQL injection on PR — CodeQL detects unsanitized input → Autofix generates parameterized query patch → dev reviews diff and commits

Remediate backlog — navigate Security tab → existing alerts on default branch → click "Generate fix" → create a PR with the suggested patch

Org-wide metrics — Security overview dashboard shows total autofix suggestions, acceptance rates, and time-to-fix by team

📚 Sources: GitHub Docs — Copilot Autofix · Resolving Code Scanning Alerts · Triaging PR Alerts

34

Chat Debug View & Agent Debug Logs VS Code

What: Two complementary debugging tools built into VS Code that let you inspect exactly what Copilot sees — the full system prompt, loaded instructions/skills, context files, tool call I/O, token usage, and raw LLM responses. Essential for debugging why Copilot ignores files, skips tools, or produces unexpected output.

Chat Debug View (Raw Data)

Section	What It Shows
System Prompt	Full instructions, agent description, loaded skills — verify custom instructions appear
User Prompt	Exact text sent to model — confirm `#`-mentions resolved to real content
Context	Files, symbols, attachments — check if expected files are included or context window is full
Response	Raw model output including reasoning — understand how model interpreted your request
Tool Responses	Input/output for each tool call — debug MCP servers, verify correct payloads

How to Open

Chat Debug ViewChat ⋯ menu → Show Chat Debug View

Command PaletteDeveloper: Show Chat Debug View

Agent Debug Log Panel Preview

View	What It Shows
Logs	Chronological events — LLM requests, tool calls, discovery, errors. Filter by type.
Summary	Aggregate stats — total tool calls, token usage, error count, duration
Flow Chart	Visual agent ↔ subagent interaction graph — pan, zoom, click nodes

How to Open

Enable settinggithub.copilot.chat.agentDebugLog.enabled

Gear iconChat ⚙️ → Show Agent Debug Logs

Command PaletteDeveloper: Open Agent Debug Logs

Extra Features

Attach to chat — sparkle icon → ask AI about its own session
Export/Import — OTLP JSON format, share sessions offline
/troubleshoot — ask AI directly: /troubleshoot list loaded instructions

Common Troubleshooting Scenarios

Problem	Where to Look	What to Check
AI ignores workspace files	Agent Logs → Discovery events + Chat Debug → Context	Workspace indexed? Files in context window?
MCP tool not invoked	Agent Logs → Tool Calls filter + Chat Debug → System Prompt	Tool listed in available tools? Server running?
Response truncated	Agent Logs → LLM Requests → token usage	Context window full? Start a new session.
Prompt file not applied	Agent Logs → Discovery events	File loaded/skipped? `applyTo` glob match?
Custom instructions missing	Chat Debug → System Prompt section	Expand and search for your instruction text

💡 Set log level to Trace for maximum detail: Command Palette → Developer: Set Log Level → select Trace for GitHub Copilot and GitHub Copilot Chat extensions.

Use Cases

Debug missing instructions — open Chat Debug View → expand System Prompt → search for your copilot-instructions.md text → confirm it was loaded

Optimize token usage — open Agent Debug Logs → Summary view → check token consumption → identify if context window is being wasted on irrelevant files

Debug multi-agent flow — open Agent Flow Chart → visualize parent → subagent → tool call sequence → identify where the chain breaks

📚 Sources: VS Code Docs — Debug Chat Interactions · Troubleshoot AI in VS Code

★

Quick Reference & Resources

What: Essential keyboard shortcuts, AI-powered slash commands for creating customizations, and key links to documentation, changelogs, and community resources.

Chat Shortcuts

Shortcut	Action
⌃⌘I / Ctrl+Alt+I	Open Chat panel
⌘I / Ctrl+I	Inline chat
⌘⇧I	Toggle secondary sidebar
Tab	Accept suggestion
Esc	Dismiss suggestion
Alt+] / Alt+[	Next / prev suggestion
Ctrl+→	Accept word by word

Useful Extensions

Awesome CopilotCurated tips & resources · ↗ Link

Prompt BoostEnhance your prompts · ↗ Link

Token TrackerTrack Copilot usage · ↗ Link

SpecStorySave & search AI chat history · ↗ Link

HuggingFaceHF models in VS Code · ↗ Link

Quick Commands

Command	Action
`/init`	Generate workspace instructions
`/explain`	Explain selected code
`/fix`	Fix problems in code
`/tests`	Generate unit tests
`/new`	Scaffold a new project
`/clear`	Start a new chat session
`/help`	Copilot quick reference

Key Resources

Feature MatrixCopilot feature comparison · ↗ Link

MCP MarketplaceDiscover MCP servers · ↗ Link

Skills RepositoryBrowse agent skills · ↗ Link

ChangelogLatest Copilot updates · ↗ Link

awesome-copilotCommunity resources · ↗ Link

Use Cases

Fast navigation — memorize ⌃⌘I (open chat) + ⌘I (inline chat) + Tab (accept) for fluid keyboard-only workflow

Stay current — check github.blog/changelog/copilot weekly for new models, features, and API changes

📚 Sources: GitHub Copilot Docs · Changelog