GitHub Copilot in 2026: A Practical Learning Guide for Developers

Features, Plans, Assisted & Agentic Workflows, CLI, Best Practices. Grounded in the GitHub Copilot ecosystem as of April 2026, built for collective learning.

How to read this guide

This is a shared knowledge base put together to help every member of the team build a fast, working mental model of the GitHub Copilot ecosystem, without burning weekends piecing it together from blog posts, changelogs, and docs.

Some of you are already deep in one feature (CLI, agent mode, code review, MCP). Others are setting up the basics. The goal here is breadth-with-depth: you can read it cover to cover, or jump to the section that matters today.

How it is organized

Foundations: what Copilot is, how it works under the hood, the data flow, and the responsibilities that come with using AI in production.
Plans, pricing & licensing: what each tier actually unlocks (and what’s about to change with the move to usage-based billing in June 2026).
Assisted development: completions, chat, slash commands, context, prompt engineering. The day-to-day stuff.
Agentic development: agent mode, cloud agent, custom agents, agent skills, MCP servers. Where Copilot stops being autocomplete and starts doing work.
Copilot CLI: terminal-native agentic development. Modes, commands, plan/autopilot/fleet.
Enterprise & governance: content exclusions, audit logs, policy hierarchy, IP indemnity, BYOK.
Best practices: drawn from official GitHub guidance, community write-ups, and what actually works.
Obsolete or replaced features: Knowledge Bases, gh-copilot, App-based Extensions, Copilot Workspace, IntelliCode. So nobody wastes time on them.
Quick reference: cheat sheet of decisions you’ll make most often.

How to use: Read the section that matches today’s problem. Bookmark the cheat sheets. Send corrections, this is a living document.

Part 1: Foundations

What GitHub Copilot actually is

GitHub Copilot started life in 2021 as an inline autocomplete that suggested the next few lines of code. In 2026 it is a full agentic development platform that spans the IDE, the terminal, github.com, GitHub Mobile, and a coding agent that can pick up a GitHub issue, push commits, and open a pull request, all on its own.

It is not one product. It is a family of surfaces that share an authentication, a billing model, and the same backing LLMs.

The surfaces

Inline completions and Next Edit Suggestions (NES): ghost text in your IDE.
Copilot Chat: Q&A and conversation in VS Code, Visual Studio, JetBrains, Eclipse, Xcode, GitHub.com, and GitHub Mobile.
Agent Mode (in IDE): autonomous multi-file editing on your local machine.
Copilot Cloud Agent: runs on GitHub’s infrastructure, picks up issues, opens PRs.
Copilot CLI: terminal-native agentic assistant, GA since February 2026.
Copilot Code Review: agent-powered review on every pull request.
Copilot Spaces: curated context containers (replaced Knowledge Bases).
MCP servers: open standard for connecting Copilot to external tools and data.

Two ways of working: assisted vs agentic

This is the most useful mental split in 2026. Most of the rest of this document is organized around it.

Style	What it means	Examples
Assisted	You drive. Copilot suggests. You accept, edit, or reject. Synchronous, line-by-line, in your editor.	Inline completions, Next Edit Suggestions, Ask Mode in chat, slash commands like `/explain`, `/tests`, `/fix`, `/doc`.
Agentic	Copilot drives the loop. You give it a task, it plans, edits multiple files, runs commands, observes failures, fixes itself, and reports back. You review the diff.	Agent Mode in IDE, Copilot Cloud Agent (issue → PR), Copilot CLI in autopilot, custom agents, `/fleet` for parallel subagents.
Both at once	Many real tasks blend the two. Plan with chat, draft with completions, hand the messy multi-file work to an agent, review the PR.	Plan Mode → Agent Mode workflow; CLI plan mode then autopilot; cloud agent draft handed off to local IDE for finishing.

The rule of thumb: Use assisted when you know what you want and just need it typed faster. Use agentic when the task is well-defined enough to delegate but tedious enough to not want to do yourself. Stay assisted when the task requires deep judgment you cannot describe in a prompt.

Microsoft’s six Responsible AI principles

These are the principles Microsoft applies across its AI products, including Copilot. Worth knowing because they explain why certain behaviors exist (filters, duplication detector) and where the responsibility lies when AI generates code that later breaks.

Principle	What it means for Copilot	What it implies for you
1. Fairness	AI should treat people equitably. Copilot suggestions can carry racial, gender, or cultural assumptions inherited from public training code.	Bias is not intentional design, it leaks from training data. Review especially in healthcare, hiring, finance, accessibility code.
2. Reliability & Safety	AI should perform consistently and safely. Copilot can produce insecure code (SQL injection, weak crypto, hardcoded secrets).	Compilation is not safety. SAST/DAST scanning belongs in CI.
3. Privacy & Security	User data must be protected. Copilot may regenerate code resembling training data; the duplication detector flags it.	Copilot does not validate API keys against providers. Security awareness comes from LLM training, not external checks.
4. Inclusiveness	Benefits of AI must reach all people regardless of background, ability, or geography.	Watch for inaccessible defaults (no ARIA, color-only signaling) in generated UI code.
5. Transparency	Users must understand how AI decisions are made. Copilot does not explain why it picked a particular suggestion.	Treat outputs as opaque. Use `/explain` afterwards if you need the reasoning.
6. Accountability	Humans remain responsible for AI outputs. The developer who accepts and ships the code owns it.	GitHub does not own ‘Suggestions’ (its term). You retain ownership and responsibility.

Who is responsible: The developer who accepted and deployed the code. Not GitHub. Not Microsoft. Not the model provider. This is consistent across Copilot’s terms of service, the Customer Agreement, and every responsible-AI training resource. It also explains why IP indemnity has conditions: GitHub will defend you, but only when you used the duplication detector and did not override its warnings.

Risks and limitations of generative AI for code

Knowing where the model breaks down is a productivity skill in itself. The categories below show up in real codebases.

Risk	What happens	Mitigation
Hallucination	Plausible-sounding code that calls APIs, libraries, or syntax that don’t exist (or no longer exist).	Run it. Test it. Cross-check the API name.
Training-data bias	Over-represented patterns and antipatterns from public repos surface as ‘best practice’.	Code review. Be aware of common pitfalls in your stack.
Language popularity bias	JavaScript and Python get great suggestions; less popular languages (e.g. COBOL, niche DSLs) get weaker, less accurate ones.	Write the complex parts yourself; use Copilot for verification and patterns.
Limited context window	Very large files or long conversations get truncated. Old context is dropped.	Break tasks down. Use `/clear` between unrelated tasks. CLI auto-compacts at ~95% token use.
IP / licensing risk	A suggestion may match open-source code under a license incompatible with your project.	Enable the duplication detector. Review flagged matches.
Security vulnerabilities	Generates patterns from OWASP Top 10. Successful compilation is not safety.	SAST/DAST in CI. Security review for sensitive code paths.
Non-determinism	Identical prompts can return different outputs across sessions.	Cannot be fully eliminated. Factor it into expectations.
Training cutoff	Libraries released after the cutoff have weak or no coverage. Old syntax may be suggested.	Verify against current docs. Don’t assume currency.
No real math	LLMs are pattern matchers, not calculators. Pure numerical computation is unreliable.	Validate every formula. Don’t trust intermediate arithmetic in agent traces.

Language popularity matters: If you’re working in a less-common language, the rule flips: Copilot is your reviewer, not your author. Develop the complex parts manually and ask Copilot to verify or suggest alternatives, not the other way round.

Part 2: Plans, Pricing & Licensing

The five tiers, at a glance

As of May 2026, Copilot has five plans. Pricing has held steady through 2025/2026, but the billing model is changing on June 1, 2026 (more on that below).

Plan	Price	Audience	What you get	Important caveat
Free	$0	Casual / evaluating	2,000 completions/month, 50 premium requests/month, basic chat	Limits hit quickly. No IP indemnity. Prompts may be used for training (opt-out available).
Pro	$10/mo	Individual developer	Unlimited code completions, premium models, agent/plan/edit modes, NES, CLI, IP indemnity	From April 2026: new sign-ups paused. Opus models removed from Pro (kept on Pro+). Free for verified students/teachers.
Pro+	$39/mo	Heavy individual user	Everything in Pro plus higher limits (~5x), Claude Opus 4.7, broader model access	From April 2026: new sign-ups paused. Opus 4.5/4.6 will be removed (Opus 4.7 stays).
Business	$19/user/mo	Teams (most teams)	Pro features plus org policy management, content exclusions, audit logs, REST seat-management API, SSO, default-on privacy.	Self-serve sign-up paused for orgs on Free/Team plans (April 2026). MCP server allowlist controls available without needing Enterprise.
Enterprise	$39/user/mo (+ $21 for GitHub Enterprise Cloud)	Regulated industries, very large orgs	Everything in Business plus Copilot Spaces with full org features, fine-tuned/custom models, BYOK, advanced audit, FedRAMP/data-residency options	True total per seat is $60/user/mo for new customers. Required for finance/healthcare/legal-style governance.

Obsolete / replaced: Older guides talk about ‘Copilot Individual’ as the entry-level paid plan. That was renamed Copilot Pro, and Pro+ was added later. If you see ‘Individual’ anywhere, treat it as Pro.

Feature matrix: who gets what

Feature	Free	Pro	Business	Enterprise
Code completions in IDE	2,000/mo	Unlimited	Unlimited	Unlimited
Copilot Chat in IDE	Limited	✓	✓	✓
Chat on GitHub.com	✗	✓	✓	✓
Agent / Plan / Edit modes	✗	✓	✓	✓
Next Edit Suggestions (NES)	✗	✓	✓	✓
Premium AI models (Opus, Sonnet, GPT-5.x, Gemini)	Limited	✓	✓	✓
Copilot CLI	✓	✓	✓	✓
Copilot Spaces	✓ (own only)	✓	✓ (org-shared)	✓ (org-shared)
Custom Agents	✗	✓	✓	✓
Agent Skills	✓	✓	✓	✓
MCP servers	Limited	✓	✓ (admin allowlist)	✓ (admin allowlist)
IP Indemnity	✗	✓	✓	✓
Org Policy Management	✗	✗	✓	✓
Content Exclusions	✗	✗	✓	✓
Audit logs	✗	✗	✓	✓
REST API for seat management	✗	✗	✓	✓
Prompts NOT used for training	Opt-out	Opt-out	Default	Default
PR summaries on GitHub.com	✗	✓	✓	✓
Custom / fine-tuned models	✗	✗	✗	✓
BYOK (bring your own LLM key)	✗	✗	✗	✓ (preview)
Data residency / FedRAMP options	✗	✗	✗	✓

Updated 2026: PR summaries on github.com are no longer Enterprise-only, they were extended to Pro and Business plans (GitHub docs confirm this). Earlier study guides saying ‘Enterprise only’ are stale.

Obsolete: Copilot Knowledge Bases were Enterprise-only. They were sunset on November 1, 2025 and fully replaced by Copilot Spaces, which any Copilot license can use (with org-sharing on Business / Enterprise). If you’re reading older Copilot material, mentally replace ‘Knowledge Base’ with ‘Space’.

Premium requests today, AI Credits tomorrow

How it works through May 2026. Each plan today comes with a monthly allowance of premium requests. You burn one premium request per submitted prompt (chat message, CLI prompt, agent task, etc.). Tool calls inside an agent loop and autonomous iteration steps do not count individually, only the prompts you type.

Plan	Premium requests / month	Notes
Free	50	Enough to evaluate, not enough to rely on.
Pro	300	Sufficient for most individual workflows. Pro+ has roughly 5x more.
Business	300 / user	Pooled at billing-entity level. Buy more at $0.04/request overflow.
Enterprise	1,000 / user	Pooled at enterprise level. Higher allowance for agentic workflows.

What changes on June 1, 2026. GitHub is moving Copilot from premium-request counting to true usage-based billing using GitHub AI Credits:

Every plan continues to include a monthly allotment, but it is denominated in AI Credits (1 credit = $0.01).
Token consumption (input, output, and cached tokens) is priced per model, then converted to AI Credits.
Code completions and Next Edit Suggestions remain unlimited and do not consume AI Credits.
Plan prices do not change: Pro $10, Pro+ $39, Business $19/user, Enterprise $39/user.
Copilot code review will additionally consume GitHub Actions minutes (Actions standard rates apply).
Monthly Pro/Pro+ subscribers migrate automatically. Annual subscribers stay on premium-request billing until expiry, but with new model multipliers.
Fallback experiences (auto-switch to a cheaper model when out of premium requests) go away.

Why this matters for teams: Long-running agentic workflows, autopilot, /fleet, parallel subagents, consume disproportionately more tokens than a single chat turn. Under request-based billing one user’s heavy agent session looked the same as a small Q&A. Under credit-based billing, those sessions will show up in cost reports. Plan ahead: budget controls become more important than tracking ‘how many premium requests’.

Engagement metrics retention. All plans (Free, Pro, Pro+, Business, Enterprise) store engagement metrics for 2 years, encrypted at rest and in transit. This is separate from prompt/completion data, which is ephemeral by default on Business/Enterprise.

Picking the right plan for a team

Scenario	Plan that fits
A solo developer or hobbyist	Free for evaluation, Pro for daily work.
A heavy individual user running agents constantly	Pro+, the higher limits and Opus 4.7 access pay for themselves once you exceed ~325 premium requests/month.
Small / medium engineering team (5 to 50 developers)	Business, SSO, content exclusions, audit logs, default-on privacy. Most teams should default here.
Regulated industry (finance, healthcare, legal, government)	Enterprise, required for custom/fine-tuned models, BYOK, data residency, FedRAMP, full audit, and Spaces-with-permissions.
Large org wanting to roll out gradually	Enterprise with selective per-organization enablement (now configurable via custom properties on Cloud Agent).

Licensing gotcha: If a user receives a Copilot seat from multiple organizations in the same enterprise, the enterprise is billed only once and one organization is selected as the billed owner. Useful when consolidating costs in a large parent org.

Part 3: How Copilot works under the hood

You don’t need to know the internals to be productive, but knowing the data flow makes it much easier to debug ‘why is Copilot suggesting nonsense’ and to answer privacy/security questions from compliance teams.

The code suggestion lifecycle

Step	What happens
1. Context gathering	Copilot reads: the current file (above and below cursor, the ‘Fill-In-the-Middle’ technique), open tabs, recently opened files, cursor position, selected code, chat history, instruction files, repo structure.
2. Prompt construction	Context is assembled into a structured prompt: GitHub’s system prompt + your code context + your request.
3. Tokenization & send	The extension tokenizes, builds a JSON payload, encrypts it via TLS/HTTPS, and sends to GitHub. (Not Base64. Not YAML.)
4. Inbound proxy filtering	The proxy applies: (a) toxicity / hate-speech filter, (b) relevance filter that blocks requests unrelated to code, (c) prompt injection guard, (d) PII detection, (e) content policy checks.
5. LLM inference	The filtered prompt goes to the chosen model, hosted in GitHub-owned Azure tenants. The model generates by probabilistic next-token prediction. Returns up to 10 candidates per query.
6. Outbound post-processing	Same proxy applies on the way back: deduplication, safety scan, PII / unique-identifier truncation (emails, IPs, secrets), public-code matching check, ranking.
7. Delivery	The final suggestion streams back to the IDE as ghost text or a chat response. Prompts and completions are ephemeral, not retained after the request completes.

Infrastructure: Copilot’s LLMs, proxy, and API are all hosted in GitHub-owned Azure tenants. It is not on AWS, not on-prem, and not multi-cloud. It requires an active internet connection, there is no air-gapped Copilot.

How Copilot gathers context

Source	Notes
Current file	Both above and below the cursor (Fill-In-the-Middle / FIM). The cursor is in the middle of the prompt.
Neighboring open tabs	All open files in the IDE are processed. Closing unrelated tabs improves suggestion quality.
Recently opened / visible editor tabs	Passive context from what you have been working on.
Explicitly attached files	Files dragged into chat or referenced with `#file`.
Selected / highlighted code	Always prioritized when something is selected.
Chat conversation history	Current session only, not all past conversations. Delete irrelevant prompts to keep context clean.
Instruction files	`.github/copilot-instructions.md` and `.github/instructions/*.instructions.md`.
Comments before the cursor	Heavily influence inline suggestions. The classic ‘comment-first’ workflow.
Variable and function names	Descriptive names are context. Copilot reads them semantically.
Workspace files	Relevant functions and snippets from the current workspace.

What Copilot does NOT do: Copilot does not search the internet, fetch URLs (except via the explicit web_fetch tool in CLI agentic mode), use code from all repos in your org as context, or copy from a static snippet database. Suggestions are probabilistic, every output is generated, not retrieved.

Code referencing: the duplication detector

This is the feature that catches accidental copying from public repos.

Compares the suggestion plus ~150 characters of surrounding code against an index of public GitHub repositories.
Whitespace is stripped before comparison.
When a suggestion closely matches public code, it is flagged with a reference to the source.
Configure under: GitHub Settings → Copilot → Suggestions matching public code.
Options: Show matching code (default) or Block matching suggestions entirely.
Important: if you set the policy to ‘block’ and all possible completions match public code, you get zero completions, not an error.

Duplication detector vs content exclusion: These solve different problems and are often confused. Duplication detector = IP/copyright filtering on Copilot’s output. Content exclusion = preventing sensitive files in your repo from being used as input context. You probably want both enabled.

Data handling by plan

Plan	Prompts used to train models?	Notes
Free / Pro / Pro+	Yes by default, opt out in GitHub Settings	From April 24, 2026, Free/Pro/Pro+ interaction data also used for training unless opted out.
Business	No, never stored or used for training	No telemetry beyond billing/security. Default-on privacy.
Enterprise	No, never stored or used for training	No telemetry beyond billing/security. Default-on privacy.

Ephemeral data: Prompts and completions are processed in memory and not retained by GitHub after the request completes. Engagement metrics (how many suggestions were accepted, which features used, which IDE) are stored for 2 years on every plan.

Key LLM limitations to internalize

Limitation	Description	Practical implication
Context window	Bounded input. Long files / conversations get truncated.	Break tasks down. Use `/clear`. CLI auto-compacts at ~95% of token limit.
Training cutoff	Newer libraries / APIs have weak coverage. Old syntax may surface.	Check current docs for fresh frameworks.
Language popularity	Less common languages = weaker suggestions.	Drive complex parts manually; use Copilot to verify.
Pattern, not calculation	LLMs infer patterns. They do not calculate.	Validate maths and edge-case logic.
No project awareness without context	Without instruction files / open tabs, Copilot lacks awareness of architecture, naming, business rules.	Use `copilot-instructions.md`, `AGENTS.md`, comments, `#file`.
Non-determinism	Same prompt → potentially different output across sessions.	Cannot guarantee reproducibility.

Part 4: Assisted development (the day-to-day)

This section is everything that happens with you in the driver’s seat: completions, chat, slash commands, prompt engineering, instruction files. The boring-but-most-frequent stuff.

Inline completions and shortcuts

Action	Shortcut
Accept full suggestion	`Tab`
Accept word-by-word (macOS)	`Cmd + Right Arrow`
Accept word-by-word (Windows)	`Ctrl + Right Arrow`
Cycle through suggestions	`Alt + [` or `Alt + ]`
Dismiss suggestion	`Escape`
Open all suggestions panel (VS Code)	`Ctrl + Enter`
Open inline chat (VS Code)	`Ctrl + I` (`Cmd + I` on Mac)
Switch model (VS Code)	Command palette → ‘GitHub Copilot: Change Model’

F5 is not Copilot: F5 starts the debugger. Copilot is triggered by typing (inline ghost text), Ctrl+I (inline chat), or via the chat panel. If a teammate says ‘F5 brings up Copilot’, they are wrong.

Inline chat tip: To target a specific code block, say, optimize a for-loop, highlight the code first and then press Ctrl+I. This focuses Copilot precisely on that block. More effective than trying to describe the block in the panel.

Next Edit Suggestions (NES)

Proactively scans the open file and predicts your next logical edit based on recent changes.
Affected lines are highlighted in blue on the left gutter.
Enable separately from inline suggestions in the VS Code Copilot icon menu.
Accept with Tab.
Particularly useful during refactoring: extracting a function prompts NES to suggest updating all call sites.

Copilot Chat: modes

Chat in the IDE has multiple operating modes. They are not interchangeable, picking the right one is the single biggest productivity lever in assisted use.

Mode	What it does	Best for	Constraint
Ask Mode	Q&A about your code. Explains, answers questions.	Understanding code. Read-only exploration.	Does not create or modify files.
Edit Mode	Targeted edits to specified files.	Single-file or small-scope refactoring.	Narrower scope than Agent Mode.
Plan Mode	Creates a multi-step plan without executing it.	Reviewing approach before committing to changes.	Must click ‘Start Implementation’ to proceed.
Agent Mode	Autonomous multi-step coding. Edits files, runs commands, self-heals errors.	Complete features. Multi-file changes.	Content exclusion does not apply in Agent Mode.

Plan vs Agent, the difference: Plan Mode only creates a plan. No code execution. You explicitly click ‘Start Implementation’ to switch into Agent Mode. The two are sequential, not interchangeable. For larger or risky tasks, always plan first.

Slash commands reference

Command	Purpose	Key detail
`/explain`	Explain selected code or active file in plain language	Pair with Ask Mode for safe exploration.
`/fix`	Suggest a fix for a problem in selected code
`/tests`	Generate unit tests for selected function or block	Requires an already-configured test environment. Does not set up the environment.
`/setup-tests`	Configure entire testing environment: runner, config, initial tests	Different from `/tests`. Sets up project infrastructure.
`/doc`	Add documentation comments (JSDoc, docstrings)
`/optimize`	Suggest performance improvements
`/clear`	Clear current chat history and context	Use between unrelated tasks to avoid stale context.
`/new`	Scaffold a new project, file, or component
`/generate`	Generate code based on prompt or context
`/help`	List available slash commands and Copilot features

/tests vs /setup-tests: /tests generates tests for selected code only. /setup-tests configures the entire test environment (runner + config + initial tests). They sound similar but solve very different problems.

Chat context variables

Variable	What it references
`@workspace`	The entire workspace / project.
`@vscode`	VS Code settings and features.
`@terminal`	Terminal commands and shell scripting.
`@github`	GitHub context, repos, issues, PRs. Pulls from code stored on GitHub.com.
`#file`	Attach a specific file as context.
`#selection`	The currently selected code.
`#codebase`	Broader codebase reference across open files.

Prompt engineering: the 4 Ss

GitHub’s official prompt-engineering framework. It is concise enough to remember and broad enough to actually apply.

S	What it means	Example
Single	One task per prompt. Don’t combine multiple requests.	Instead of ‘write tests AND refactor’, use two prompts.
Specific	Be explicit about language, framework, constraints, output format.	‘Rewrite in Python using a list comprehension’ beats ‘make this better’.
Short	Keep prompts concise. Long, rambling prompts dilute the signal.	Start with a verb. Drop the apologies and meta-commentary.
Surround	Provide surrounding context, open relevant files, attach with `#file`, highlight code.	Before asking for an integration, open the API client and the consumer file.

Surround is the most actionable: Of the four Ss, Surround is the one with the biggest practical lift. Open the relevant files in tabs. Attach specific files with #file. Highlight code before invoking Ctrl+I. The model is reading what you have open, give it the right things to read.

Prompting strategies

Technique	Description	When to use
Zero-Shot	Just an instruction, no examples.	Common, well-understood tasks.
One-Shot	One example before the request.	When you need a specific output pattern.
Few-Shot	2 to 5 example pairs before the request.	Style/format consistency. Dramatically improves output.
Role Prompting	’You are a senior TypeScript dev with Next.js expertise…’	When you want output filtered through a specific expertise lens.
Chain-of-Thought	Ask Copilot to reason step-by-step before producing code.	Complex algorithmic logic. Edge case identification.
Negative Instructions	’Do not use external libraries.‘	Enforcing project constraints.
Iterative Refinement	Start basic, add constraints progressively.	Building complex features incrementally.
Plan Mode First	Plan, review, then execute.	Large, multi-file or risky changes.

Language for prompts: English is the preferred language for prompting Copilot. Copilot supports many natural languages, but English yields the most reliable results because the model was trained extensively on English code and documentation. Bilingual teams should prompt primarily in English. Valid input formats: natural language, comments inside code, code fragments. Copilot does not require YAML, Markdown, or any specific format.

Customization files: the cheat sheet

There are several types of customization files, all Markdown-based. They overlap, and people confuse them. Here is the clean version:

Asset	Location	What it does
`.github/copilot-instructions.md`	Repo root → `.github/`	Project-level persistent instructions. Loaded into every Copilot session for that repo. Code review reads only the first 4,000 characters and uses the base-branch version.
`.instructions.md` files	`.github/instructions/`	Auto-loaded coding standards with frontmatter, `description:` and `applyTo:` control when each loads.
`.prompt.md` files	`.github/prompts/`	Reusable prompt templates invokable as slash commands. Public preview, currently VS Code only.
`AGENTS.md`	Project root	Project-level agent instructions. Keeps all agents (Copilot, Claude, others) aligned with team conventions.
Custom agent files (`.agent.md`)	`.github/agents/`, `~/.copilot/agents/`, or `%USERPROFILE%/.github/agents/`	Define specialized agents for specific tasks (security review, test specialist, documentation).
Agent skills (`SKILL.md`)	`.github/skills/`, `.claude/skills/`, `.agents/skills/`, or `~/.copilot/skills/`	Folders of detailed instructions, scripts, and resources Copilot loads only when relevant.

Code review instruction limit: When Copilot reviews a PR, it reads only the first 4,000 characters of any custom instruction file. It also uses the version from the base branch, not your feature branch. Put your most important rules at the top of the file and merge instruction changes before depending on them in PR reviews.

How Copilot Chat processes your input

Pre-processes user input.
Combines it with contextual information (open files, repo name, cursor location).
Sends to the LLM.
Does not send raw user input directly to the LLM (the proxy filters first).
Does not automatically execute code snippets before responding.
Accepts both natural-language queries and code snippets.
Multi-turn: uses the current session’s chat history. Start a new chat (or use /clear) to drop context.

Best practices for prompting (compiled)

Be specific. Vague prompts → vague results.
Break complex tasks into smaller iterative steps.
Use Plan Mode first for large or risky tasks.
Reference existing code patterns to enforce consistency.
Specify language, framework, and version when it matters.
Use negative instructions: ‘Do not use external libraries’, ‘never use class components’.
Specify output format: ‘return as TypeScript interface’, ‘include JSDoc’.
Use /clear or start a new chat when switching tasks, prevents stale context.
Write descriptive comments before functions, they heavily guide autocomplete.
Name functions and variables descriptively, the name is implicit context.
Different LLMs respond differently, adjust style if you switch models.
If a file gets long with stale context, refactor or close it. Stale context degrades suggestion quality.

Provide detailed context: GitHub explicitly identifies ‘providing detailed context’ as the single most effective lever for improving Copilot Chat performance. NOT more RAM. NOT fewer extensions. Context.

Part 5: Agentic development

Agentic Copilot is where things get interesting. The agent is given a goal, plans the work, edits files, runs commands, observes failures, fixes itself, and reports back. Your job changes from typing code to reviewing diffs and steering.

The two flavors of agent

Feature	IDE Agent Mode	Copilot Cloud Agent
Where it runs	Your local machine / IDE	GitHub’s cloud (an ephemeral GitHub Actions environment)
Output	Local file edits in your workspace	A pull request on a branch in your repo
Best for	Local autonomous multi-file coding while you watch	Delegating issues, getting a draft PR without local work
Trigger	Agent picker in the IDE chat	Assign a Copilot user to an issue, mention `@copilot` in a PR, `/task` in chat, or via the agents tab
Steering during work	You approve commands as it goes	Steerable in real-time via Mission Control on github.com
Content exclusion applies?	Not in Agent Mode	Not in Cloud Agent

These are different features: IDE Agent Mode and Copilot Cloud Agent are often confused. Cloud Agent creates a PR on GitHub, useful when you want to delegate. IDE Agent edits local files, useful when you want to keep editing alongside it. Both bypass content exclusion.

Mission Control: managing cloud agent tasks

Launched October 2025 and now the default UI for cloud-agent management on GitHub.com. It is a single page where every task lives, assign, steer, review.

Single centralized view at github.com/copilot/agents, see every cloud agent session at a glance.
Real-time steering: provide input via the chat box or drop a comment in Files Changed, and Copilot adapts as soon as its current tool call finishes. No more @copilot comment chains in PR threads.
Session logs sit next to Overview and Files Changed, see Copilot’s reasoning behind each commit, live, in context.
Create tasks from anywhere: Issues, Azure Boards, Jira, Linear, Raycast, Slack, Teams, github.com/copilot (/task), Mobile, your IDE, or the CLI.
Pick a custom agent at task creation.
Hand off to Codespaces, VS Code Insiders, or the GitHub CLI when you want to take over.
As of April 2026, cloud agent starts up over 20% faster thanks to optimized GitHub Actions custom images.

Billing note: Cloud agent tasks consume both premium requests and GitHub Actions minutes. Business and Enterprise plans include billing tools to visualize spending, set thresholds, and optimize seat usage. Plan for this when projecting costs.

Sub-agents and parallel work

Agents can spawn sub-agents, temporary child agents with their own fresh context window, to work on isolated sub-tasks. This prevents context pollution between unrelated parts of a job.

Triggered automatically when the main agent decides a task is well-isolated.
In CLI: /fleet runs the same task across multiple sub-agents in parallel and converges on a single decision-ready result.
Best use: fixing multiple independent issues in different files (e.g., 3 security findings in unrelated services) without bloating the main agent’s context.

Custom Agents

Custom agents let you define a specialized version of Copilot, its own tools, MCP servers, instructions, and persona, that you can target for specific work. Available across IDE, CLI, and cloud agent.

How they work:

A custom agent is a Markdown file (with .agent.md extension or stored in a custom-agents directory) defining the agent’s name, description, and instructions.
Repository-level agents live in .github/agents/, visible across the team.
User-level agents (added April 2026) live in %USERPROFILE%/.github/agents/ on Windows or ~/.copilot/agents/ on macOS/Linux, they travel across projects.
Organization and enterprise-level agents go in a .github-private repo and are available across all repos in the org/enterprise.
Invoked automatically when Copilot decides one fits the task, or explicitly by name (in CLI: copilot --agent <name>; in IDE: pick from the dropdown).

Built-in specialized agents in the CLI. The CLI ships with several specialized agents that Copilot delegates to automatically when relevant:

Built-in agent	What it does
Explore	Fast codebase analysis. Ask questions about your code without cluttering the main context.
Task	Runs commands like tests and builds. Multiple Task agents can run in parallel.
Code Review	High-signal review of changes.
Plan	Creates an implementation plan before writing any code.
Debugger (VS 2026)	Validates fixes against live runtime behavior.

Example custom agents (from awesome-copilot). The github/awesome-copilot repository is the community catalog. Examples of agents people build:

Senior .NET architect: designs .NET 6+ systems, decides between parallel sub-agents and orchestrated team execution, captures durable project memory.
Security expert / seccheck: scans code files thoroughly for security issues; triggered by ‘security review/check/audit’ or the keyword ‘seccheck’.
Test specialist: focuses on test coverage and quality without modifying production code.
Accessibility specialist: runtime checks for keyboard flows, focus management, dialog behavior, WCAG validation.
Documentation generator: creates Word docs with draw.io diagrams, auto-discovers tech stack.
Pure orchestrator: decomposes requests, delegates everything to sub-agents, validates outcomes.

Agent Skills

Agent Skills are folders of instructions, scripts, and resources that Copilot loads on demand when relevant. They are an open standard, used across multiple AI agents (GitHub Copilot, Claude, others).

Skills vs custom instructions vs custom agents:

Asset	Loaded	Use for
Custom instructions (`copilot-instructions.md`)	Always, every session.	Simple things relevant to almost every task: coding standards, project tone.
Agent Skills (`SKILL.md`)	Progressive, only when Copilot decides one matches the task.	Detailed, specialized procedures: how to run a particular test suite, internal API patterns, repeatable workflows.
Custom Agents (`.agent.md`)	When invoked or auto-selected.	Narrow expertise that needs its own tool access and persona.

Why skills matter: Skills load progressively, only the description is read at discovery, then the SKILL.md body when chosen, then any referenced resources only when needed. This keeps the context window lean. MCP, by contrast, front-loads all its tool metadata at session start. For an org with many internal procedures, skills scale better than instructions or MCP.

Where skills live:

Project skills (specific to a single repo): .github/skills/, .claude/skills/, or .agents/skills/.
Personal skills (across projects): ~/.copilot/skills/ or ~/.agents/skills/.
Org/enterprise-level skills: support coming soon (per GitHub Docs).

Discovering and installing community skills:

github/awesome-copilot: community-curated agents, instructions, skills, prompts.
anthropics/skills: additional reference skills.
In GitHub CLI: gh skill (public preview), search, preview, install skills from any GitHub repo.
In Copilot CLI: copilot plugin marketplace add <repo>, then copilot plugin install <name>@<source>.

Always inspect before installing: Skills can contain prompt injections, hidden instructions, or malicious scripts. They are not verified by GitHub. Use gh skill preview (or visually inspect SKILL.md) before running them. The risk is highest with skills that include scripts or have terminal-tool access.

Model Context Protocol (MCP)

MCP is the open standard for connecting AI agents to external tools and data. Build an MCP server once; it works with Copilot, Claude, and any MCP-compatible host. It is the replacement for the old GitHub-App-based Copilot Extensions.

What MCP enables:

Query a database from inside agent mode.
Call your internal APIs (Jira, Linear, your own backend).
Access GitHub via the built-in github MCP server (issues, branches, PRs).
Connect to Copilot Spaces tools.
Configure in VS Code settings or .vscode/mcp.json. The CLI ships with the GitHub MCP server built in.

Governance and policy:

Copilot Business: org owners can disable or allowlist MCP servers via Organization Settings → Copilot → Policies. No upgrade to Enterprise required.
Copilot Enterprise: MCP server usage subject to administrator allowlist policies.
Per-server allowlist controls rolled out to IDEs starting October 2025; now in JetBrains, Eclipse, and Xcode in public preview.
MCP servers can be configured at user, repo, org, or enterprise scope.

MCP vs Agent Skills:

Aspect	MCP	Agent Skills
Loading strategy	Front-loads all tool metadata into the context window at session start.	Progressive disclosure, loaded only when relevant.
Use case	External tool integration (databases, APIs, third-party services).	Reusable instruction sets / workflows for agent behavior.
Context impact	Higher initial context usage, especially with many tools.	Leaner, only the description is read until a skill is chosen.
Standard	Open protocol, works with multiple AI agents.	Open spec, works with multiple AI agents.

Copilot Spaces: curated context

Spaces let you bundle the exact context Copilot should read, code, docs, transcripts, sample queries, free-text snippets, into a reusable container. Once a space is created on github.com, Copilot Chat answers are grounded in that curated knowledge.

What you can put in a space:

Repositories (Copilot searches and retrieves the most relevant content per query, best for large repos).
Individual files (full contents loaded for every query, best when you want Copilot to consistently prioritize specific docs).
Pull requests, issues.
Free-text content (transcripts, ADRs, runbooks, decisions).
Images and file uploads.
Custom instructions specific to the space (‘You are a SQL generator. Use the attached schema…’).

Sharing:

Personal spaces: visible only to you unless explicitly shared (publicly or with specific users).
Organization-owned spaces: use org/team permissions (admin / editor / viewer / no access).
From December 2025 onwards: public sharing and individual-user sharing supported.
Permissions are checked at query time, viewers only see the parts of files they’re authorized to see.

How to use a space:

On github.com: go to Copilot Chat, prompt with the space’s name (or let Copilot find it via the list_copilot_spaces tool).
In your IDE: use the GitHub MCP server with the X-MCP-Toolsets: default,copilot_spaces header (or the dedicated copilot_spaces toolset URL). Spaces work in agent mode in the IDE.
In IDE mode, repository context and uploaded files are not yet supported, you have access to text content, GitHub files, issues, PRs, and instructions.
Each query in a space counts as a Copilot Chat request. Premium-model queries count against premium-request quota.

Real-world examples (from GitHub’s own usage):

SQL/KQL query helper: sample queries + telemetry schemas, Copilot autocompletes valid queries with correct joins so PMs and support can self-serve.
Accessibility canon: accessibility docs + custom instruction ‘cite the doc section, provide a code diff if needed’, so anyone filing a review gets instant guidance.
New-hire onboarding: ADRs, system diagrams, custom instructions; new joiners ask ‘how does our auth flow handle SAML’ and get structured answers.
Custom code style: pin specific files representing ‘how we do X’, so Copilot answers in your team’s voice.

Obsolete, Knowledge Bases: Spaces fully replaced Knowledge Bases on November 1, 2025. Anything older talking about Knowledge Bases (which were Enterprise-only) should be read as Spaces (now available to anyone with a Copilot license, including Free). If you have legacy Knowledge Bases, GitHub provided a ‘Convert to Space’ migration tool through October 2025.

Agentic memory

Newer feature (under active rollout in 2026). Copilot can deduce and store useful information about a repository, conventions, patterns, preferences, that the cloud agent and code review use to improve future work in that same repo.

In Copilot CLI: cross-session memory lets you ask about past work, files, and PRs across sessions.
Repository memory persists conventions Copilot has learned across sessions.
Available in Copilot Cloud Agent and Copilot Code Review.

Part 6: Copilot CLI (terminal-native agentic development)

Copilot CLI went GA on February 25, 2026. It brings the same agentic harness as Copilot Cloud Agent into your terminal, you can plan, build, review, and remember across sessions without leaving the shell. Included with all paid Copilot plans (and the Free plan, with limited usage).

Obsolete, gh-copilot extension: The old gh-copilot extension (gh copilot suggest, gh copilot explain) was deprecated October 25, 2025 and is now archived. Since gh v2.86.0, running gh copilot will install/run the new Copilot CLI instead. Migrate your workflows.

Installation

Method	Command
npm (cross-platform)	`npm install -g @github/copilot`
Homebrew (macOS)	`brew install github/tap/copilot`
winget (Windows)	`winget install GitHub.Copilot.CLI`
Shell install script (macOS / Linux)	Use the `install.sh` from `github/copilot-cli` releases
GitHub CLI	`gh copilot`, auto-installs the new CLI on first run (gh v2.86.0+)
Codespaces	Pre-installed in the default Codespaces image
Dev Containers	Available as a Dev Container Feature
Standalone	Pre-built binaries from `github.com/github/copilot-cli/releases`

Authentication: After installing, run copilot to start a session and use /login when prompted. Browser-based authentication will use your existing GitHub credentials and Copilot subscription. Setting GITHUB_TOKEN alone is not sufficient. For CI/CD, set GITHUB_ASKPASS to point to an executable that returns your token.

Modes: Shift+Tab cycles through them

Mode	What it does	When to use
Normal mode	Default. Copilot proposes actions; you approve each one.	Day-to-day work where you want to see what runs.
Plan mode	Creates a structured plan with checkboxes. Saves to `plan.md`. Waits for your approval before any code is written.	Larger or risky tasks. Models succeed more often when given a concrete plan to follow.
Autopilot mode	Encourages the agent to keep working until the task is done, no per-step approvals. Configurable max continuations (`--max-autopilot-continues`).	Tasks you trust end-to-end. Long-running refactors. After you’ve validated the plan.

Plan first, autopilot second: GitHub’s official best-practice guidance: Shift+Tab into plan mode to outline the work, use /model to compare approaches if needed, then Shift+Tab into autopilot mode when you want Copilot to carry the task forward. Plan mode dramatically improves task success rates.

Key CLI commands

Command	Purpose
`/help`	List available commands. Always up to date, start here.
`/model`	Switch the active AI model mid-session. `/models` lists everything available.
`/plan`	Create a structured implementation plan (same as plan mode).
`/explain`	Explain a file or command.
`/tests`	Generate tests for a file.
`/diff`	Review differences between branches/commits.
`/review`	Run a code review on the current changes.
`/clear`	Clear current context. Like starting a fresh conversation.
`/new`	Start a new session, dropping context.
`/resume`	Resume an earlier session, including a delegated cloud-agent session.
`/context`	Visualize current context window usage, token breakdown by source.
`/usage`	Shows premium-request usage with a contribution-graph-style visualization.
`/add-dir`	Add a directory to the active context.
`/cwd`	Change working directory mid-session.
`/skills`	List, info, reload available agent skills.
`/changelog`	See the latest CLI updates.
`/experimental`	Show or toggle access to preview features.
`/fleet`	Run the same task across multiple subagents in parallel; converge on a single decision-ready result. High token consumption, use sparingly.
`/ask`	Open a non-modifying ask prompt for quick questions.
`/keep-alive`	Prevent the system from sleeping while CLI is active.
`/remote`	Toggle remote control; show current status.
`&` prefix on a prompt	Delegate the prompt to the Copilot Cloud Agent, Copilot opens a PR while you keep working locally.
`Ctrl+T`	Toggle reasoning visibility for extended-thinking models.
`Shift+Tab`	Cycle Normal → Plan → Autopilot mode.

Built-in tools

web_fetch: retrieves content from URLs as Markdown. Allowed/denied URL patterns configured in ~/.copilot/config. Same rules apply to shell commands like curl and wget.
Built-in GitHub MCP server: work with issues, branches, PRs out of the box.
LSP support: go-to-definition, hover info, diagnostics.
Auto-compaction: when approaching 95% of token limit, Copilot compresses conversation history automatically.
File-path exclusions configurable in CLI to exclude sensitive/irrelevant files.

Plugins, agents, and skills in the CLI

Plugins: install community/custom plugins directly from GitHub repos with copilot plugin install owner/repo. Plugins can bundle MCP servers, agents, skills, and hooks.
Custom agents: create through interactive wizard or write .agent.md files. Agents can specify their own tools, MCP servers, and instructions.
Agent skills: load automatically when relevant; portable across CLI, IDE, and cloud agent.
Plugin marketplace: copilot plugin marketplace add github/awesome-copilot.

CLI configurable settings

--config-dir / COPILOT_HOME: config location. (--config-dir is being deprecated in favor of COPILOT_HOME.)
--experimental flag persists once set, opts you into preview features.
Command type: configure as generic, git, or gh to narrow the suggestion context.
continueOnAutoMode option: automatically switch to auto model on rate limit instead of pausing.

CLI best practices (from official GitHub guidance)

Use /clear or /new between unrelated tasks, prevents stale context. Like starting a fresh conversation with a colleague.
Visualize context with /context, shows breakdown by source (current files, history, instructions, tools).
Offload long work to the cloud, prefix with & to delegate, use /resume to switch sessions.
Use plan mode for tasks complex enough to benefit from a checklist.
Reduce parallel workflows when nearing usage limits, /fleet results in higher token consumption.
Use Auto model selection, Copilot picks based on real-time system health and model performance, reducing rate limiting and latency.
Use /model mid-session as task complexity changes (Opus for deep reasoning, Sonnet for routine tasks, Codex for high-volume code generation).
Use Copilot CLI as your pair programming partner when joining a new project, let the Explore agent map the codebase first.

MCP in CLI, headless auth: Recent CLI updates (April 2026) added support for the client_credentials OAuth grant type for MCP servers, fully headless authentication without a browser. Useful for CI pipelines.

Part 7: Enterprise & governance

Once you move beyond individual use, governance becomes the conversation. This section covers the controls organizations need to deploy Copilot responsibly: content exclusions, audit logs, policy hierarchy, IP indemnity, BYOK.

Data protection by plan

Business and Enterprise customers have a contractual guarantee that their code, prompts, and suggestions are never used to train GitHub’s public AI models.
All SKUs (including Free, Pro, Pro+) store engagement metrics for 2 years, encrypted at rest and in transit. Engagement metrics are not the same as prompt content.
GitHub does not claim ownership of suggestions, you retain ownership of code you write, including suggestions you accept.

Content exclusions

Available on Business and Enterprise plans only. Content exclusions prevent Copilot from using the contents of specified files as context when generating suggestions, protects proprietary algorithms, secrets, sensitive business logic.

What it DOES block	What it does NOT block
Inline code suggestions in excluded files	Manual copy-paste by the user into chat
Using excluded files as context for completions	Copilot CLI
Chat using excluded file content	Copilot Cloud Agent
Code review of excluded files	Agent Mode in IDEs
	Hiding the file’s existence
	Semantic / type inference (the IDE’s own language intelligence still uses excluded files)

This is the biggest gap to understand: Content exclusion does not apply to: Copilot CLI, Copilot Cloud Agent, or Agent Mode in IDEs. Even with exclusions configured, Copilot may still use semantic details (type info, function signatures) from excluded files via the IDE’s own language intelligence, exclusion blocks content as context, not type inference. If you need stronger guarantees for very sensitive files, the file simply should not be in the workspace.

Configuring content exclusions:

Repository level: Repository Settings → Copilot → Content exclusion. Add glob patterns.
Glob pattern syntax, * is a wildcard followed by file path (e.g., **/*.env, src/private/**, secrets.json).
Organization level: Organization Settings → Copilot → Content exclusion. Applies across all repos. Requires org owner / admin.
Repository-level rules apply on top of org-level rules.
Enterprise-level exclusion settings cascade to all org repos, individual repo settings cannot override enterprise settings.
Propagation delay: up to 30 minutes to reach IDEs. Restart the IDE immediately to apply faster.

IP indemnity

GitHub provides IP indemnification for Pro, Business, and Enterprise subscribers (not Free).
GitHub defends subscribers against third-party IP claims arising from Copilot-generated code.
Indemnity condition: only applies when the duplication detector was enabled and the user did not override a flagged match.
The GitHub Copilot Customer Agreement (CCA) defines a shared-responsibility model, what GitHub covers (IP indemnity) and what the customer covers (usage compliance, data privacy).

Policy hierarchy

Level	Who sets it	Examples
Individual subscriber	The user (if not managed by an org)	Block public-code matches, disable cloud agent for own repos, opt out of training data.
Organization policy	Org owners (Business/Enterprise)	Disable specific models, require content exclusion, configure audit logs, allowlist MCP servers, disable Cloud Agent.
Enterprise policy	Enterprise owners	Restrict org choices; can delegate. Can selectively enable Cloud Agent per organization (via custom properties, April 2026).

Enablement order: The Enterprise owner must first set the enterprise-level policy to allow Copilot before organization owners can enable it. If the enterprise policy is ‘disabled’, no org within that enterprise can use Copilot, regardless of org settings. From November 4, 2025, Enterprise ‘Unconfigured’ defaults to ‘Disabled’ at org level unless explicitly enabled or delegated.

Why users can’t change a setting: If a user receives a Copilot seat via an org/enterprise, org and enterprise policies override individual settings. This is the answer to most ‘why can’t I change this’ tickets.

Secret scanning and security safeguards

Copilot respects repository secret-scanning settings and actively avoids suggesting secret keys in completions, reduces accidental credential exposure.
Generic category in secret scanning: detects unstructured secrets (passwords). Not structured tokens, deprecated API tokens, or public-repo-only material.
Copilot’s LLM training on global open-source code enables it to flag common vulnerabilities like key exposure inline.
Copilot does not: continuously monitor commits, block pushes, use CodeQL static analysis rules, or validate keys against issuing providers, those are GitHub Advanced Security features, separate from Copilot.

Audit logs and REST API (Business / Enterprise)

Audit log filter: action:copilot, finds Copilot-related events.
What is logged: seat additions/removals, policy configuration changes, agentic session events (actor_is_agent, agent_session_id).
What is not logged: acceptance or rejection of inline Copilot suggestions by individual users.
Audit logs track events, not raw chat prompts. Compliance teams asking ‘show me what every developer typed’ should know this is not available by design.
Only Organization Owners can view Copilot audit logs. Not regular members. Not billing managers.

REST API for Copilot administration:

GET /orgs/{org}/copilot/usage: usage metrics (last 28 days, by org or team), suggestion acceptance rate, lines of code accepted, active users, chat interactions, breakdowns by language and IDE.
POST /orgs/{org}/copilot/billing/selected_users: programmatically assign seats.
April 2026 update: Copilot usage metrics API now includes a used_copilot_cloud_agent boolean field in user-level reports.

Obsolete, metrics endpoints: Legacy ‘metrics’ endpoints were retired April 2, 2026. Migrate to the usage metrics endpoints (/copilot/usage). If your CI scripts still hit /copilot/metrics, they are broken now.

BYOK: Bring Your Own Key (Enterprise)

Available in preview for Enterprise. Lets your organization supply its own API keys from Anthropic, OpenAI, xAI, or Azure AI Foundry.

Why it matters: billing under your existing enterprise agreement; staying within data residency boundaries; using a model your org has already vetted.
Compliance angle: useful when your AI governance committee has approved one specific provider.
Data-resident and FedRAMP-compliant Copilot requests include a 10% model multiplier increase under request-based billing.

Custom / fine-tuned models (Enterprise only)

Fine-tuned on your org’s own repositories and coding style.
Key benefit: responses tailored to your organization’s coding style and guidelines.
Training process, hosting, and inference are secure and private to your organization.
Important caveat: there is no guaranteed correlation between specific codebase behaviors and model quality, results depend on training-data quality.

Part 8: Best practices

Compiled from GitHub’s official guidance, the official best-practices docs for CLI and prompting, the Wipro engineering write-up on responsible enterprise use, the CodeRabbit community guide, and patterns we’ve seen actually work.

Knowing when to use Copilot, and when not to

Copilot earns its keep on specific categories of work. Forcing it into the wrong category wastes time.

Tasks Copilot is great at:

Boilerplate code, controllers, DTOs, mappers.
Repetitive patterns, CRUD, similar test cases, glue code.
Well-defined algorithms with lots of public examples.
Unit test scaffolding, explain behavior, generate tests, iterate.
Documentation comments (JSDoc, docstrings, XML doc).
Refactoring with clear before/after intent.
Translating code between similar languages (Python ↔ JavaScript, C# ↔ Java).
Understanding unfamiliar code (/explain).
Shell command suggestions and infra-as-code explanation.

Tasks Copilot is bad at (or unsafe for):

Database schema design or business logic Copilot can’t see.
Anything requiring deep system architecture awareness Copilot was never given.
Pure mathematical computation or numerical correctness.
Less common languages where you cannot easily verify the output.
Code in domains with strict regulatory requirements you haven’t told it about.
Replacing senior judgment on architecture, ethics, or trade-offs.

Treat Copilot as a junior pair programmer

This framing is the single most useful one we’ve seen, it shapes the right behaviors:

Fast and often right on routine tasks. Slower, sometimes wrong on novel ones.
You stay in charge of decisions. Copilot does the typing.
You review every suggestion before accepting. Always.
Treat ‘Explain before you code’ as a guardrail in chat, when Copilot explains its approach, incorrect assumptions surface early.
Run the code. Run the tests. Don’t trust output that hasn’t been validated.

Provide good context, the multiplier

Open all relevant files for the task you’re working on. Copilot reads neighboring tabs.
Set up imports and dependencies before asking for code that uses them, otherwise Copilot may default to outdated libraries or omit imports.
Use #file in chat to attach specific files. Use #selection or highlight code before Ctrl+I.
Close unrelated files. They contribute noise.
For new/empty files: write descriptive comments outlining what the file should do. Copilot uses comments as context to begin suggesting before any code exists.
For test files: descriptive comments + function stubs that outline test goals give Copilot enough semantic context to generate meaningful tests.

Break complex tasks down

Asking Copilot to generate entire controllers, services, or workflows in one request is a common (and expensive) anti-pattern. Instead:

Decompose: ‘first generate the data model’, then ‘now the validation’, then ‘now the controller’.
Each prompt has a single, clear focus.
Reduces both hallucinations and token waste.
Plan Mode in chat / CLI does this for you when you can’t decompose mentally.

Validate every suggestion

Understand suggested code before you implement it. If you don’t understand it, ask Copilot to explain.
Review for: functionality, security, readability, maintainability.
Apply automated tests, linting, code scanning, IP scanning.
Use the duplication detector, review flagged matches, especially for code over ~150 characters.
In sensitive/regulated apps, validate that generated code complies with regulatory requirements, Copilot may not know your industry’s standards.
Provide thumbs up/down feedback on suggestions, official guidance says this helps improve future suggestions.

Steer with custom instructions

Set up .github/copilot-instructions.md early, it loads into every Copilot session for the repo.
Put your most critical rules at the top (code review reads first 4,000 chars only).
Include: coding standards, naming conventions, preferred libraries, architectural patterns to follow, and anti-patterns to avoid.
For broader knowledge, onboarding, internal APIs, design decisions, use a Copilot Space rather than cramming into instructions.
For repeatable specialized workflows, security audit, accessibility check, write an Agent Skill so it loads only when relevant.
AGENTS.md at project root keeps every agent (Copilot, Claude, others) aligned with the same conventions.

Be efficient with tokens

Important always, critical once usage-based billing arrives June 1, 2026.

Use Chat for explanations and multi-file reasoning. Use inline completions for typing speed. Don’t use Chat for everything, it’s an expensive anti-pattern.
Visualize context with /context (CLI). Identify what’s loaded that doesn’t need to be.
Use /clear when switching tasks. Don’t accumulate stale context.
Use lighter models for routine work (Sonnet, GPT-4.1, GPT-5 mini). Reserve heavy models (Opus 4.7, GPT-5.5) for hard tasks.
In CLI, use Auto model selection, it picks based on real-time system health to reduce rate limiting.
Reduce parallel workflows when nearing limits. Tools like /fleet result in higher token consumption.

Suggestions may reflect non-inclusive language, outdated terminology, or accessibility blind spots inherited from training data.
Especially review code involving sensitive decisions, healthcare triage, hiring, finance, accessibility.
Embed an inclusivity checklist into code review. Copilot reflects what’s common in training data, not what’s appropriate for your team.

Test-driven development with Copilot

Use code completion for writing tests, fast, inline, iterative.
Use Copilot Chat for code review and iteration during refactoring.
Always select the specific function(s) to test and attach as context before /tests.
Review all generated tests, Copilot may miss edge cases specific to your business logic.
Run generated tests immediately. Fix failures using Copilot Chat with terminal output as context.
Provide explicit comments describing edge case scenarios before asking Copilot to generate tests.
Use a combination of property-based testing and manually crafted assertions alongside Copilot’s suggestions.
Copilot can generate tests before the target functions are fully written. It uses available context (function stubs, comments) to anticipate the implementation.
When a test exposes a real bug (e.g., null check missing), ask Copilot Chat to rewrite the function to handle the case.

Debugging with Copilot

Paste the full stack trace and relevant code into Copilot Chat, let it walk through the error, identify the cause, and suggest a fix.
On github.com, Copilot Chat now recognizes stack traces more reliably and helps you get to the root cause faster (April 2026 update).
In the IDE, attach the failing test file with #file before asking ‘why is this test failing?’.
If Copilot isn’t suggesting in a particular file type, check VS Code settings.json, github.copilot.enabled per language is the most common cause.

Migrating between languages

Ensure you have a strong understanding of both source and target languages.
Copilot proposes translations, you must validate the choices.
Do not blindly copy without understanding.
Ask Copilot Chat to explain differences from the language you know, and request translated code with explanations.

Working in Microsoft Fabric / notebooks

Copilot is available inside Microsoft Fabric notebooks, ask it to recommend ML model types, generate code for dataframes, create visualizations.
Workflow: connect a Lakehouse, load a table as a Spark DataFrame, then ask Copilot in the chat panel to recommend model types or generate the next code cell.
Copilot can analyze the loaded dataframe structure and suggest relevant algorithms (e.g., k-means, decision trees) based on the data context.

Onboarding new joiners with Copilot

Build a Copilot Space for the team’s domain, pin ADRs, system diagrams, design docs, naming conventions, code style examples.
Add an instruction: ‘cite the doc section, provide a code diff if needed’ so answers are actionable.
Pin the space URL in your team README.
Suggest new joiners explore the codebase with Copilot CLI’s Explore agent before reading hundreds of files manually.
New joiners ask ‘how does our auth flow handle SAML?’ and get structured answers without leaving GitHub.

Part 9: Obsolete and replaced features

If your team is reading older Copilot guides, blog posts, or video tutorials, this is the cheat sheet of what’s been removed, replaced, or deprecated. Don’t waste time on these.

Old / removed	Status	What replaced it
Copilot Knowledge Bases	Sunset Nov 1, 2025	Copilot Spaces, now available to all plans (was Enterprise-only). Migration tool (‘Convert to Space’) provided through October 2025.
Docsets	Renamed	Renamed to Knowledge Bases (in 2024), then replaced by Spaces.
gh-copilot extension (`gh copilot suggest`, `gh copilot explain`)	Deprecated Oct 25, 2025, archived since gh v2.86.0	Copilot CLI, full agentic, terminal-native. `gh copilot` now installs/runs the new CLI.
GitHub App-based Copilot Extensions	Sunset Nov 10, 2025	MCP servers, open standard, work across Copilot/Claude/others, build once.
Copilot Workspace (technical preview)	Sunset May 30, 2025	Copilot Cloud Agent, same issue → PR concept, now production-grade.
IntelliCode (VS Code extensions)	Deprecated December 2025; archived	GitHub Copilot. Microsoft’s recommendation: ‘Use GitHub Copilot.’ IntelliCode extensions removed gray-text suggestions and starred completions.
Separate VS Code ‘GitHub Copilot’ extension (for ghost text)	Being deprecated early 2026	Unified into the ‘GitHub Copilot Chat’ extension. All inline suggestions now served from the chat extension.
Copilot Individual plan	Renamed	Renamed to Copilot Pro. Pro+ tier added later.
Legacy ‘metrics’ REST API endpoints	Retired Apr 2, 2026	Use `/copilot/usage` endpoints.
Older Anthropic, OpenAI, Google models in Copilot	Various deprecations through 2025/2026	Newer model families. Selected Claude/OpenAI/Gemini models deprecated October 2025; further deprecations announced for June 1, 2026 (except GPT-5.2-Codex in Copilot Code Review).
Opus 4.5 / Opus 4.6	Being removed from Pro+	Opus 4.7 remains available in Pro+. (Opus removed entirely from Pro plan.)
GPT-5.3-Codex in Copilot Student model picker	Removed	Remains available through Auto model selection.
`@github` knowledge-base referencing in Visual Studio chat	Replaced	Spaces tools via the GitHub MCP server, works across all skills-compatible IDEs.
‘Copilot coding agent’ name	Renamed	Now called ‘Copilot Cloud Agent’ (CCA). Used in usage metrics fields like `used_copilot_cloud_agent`.
Free interactive ghost-text in deprecated IntelliCode VS Code extensions	Removed	Move to GitHub Copilot Free (subject to its 2,000 completions / 50 premium requests per month caps).

The pattern: Most of these deprecations follow one of two arcs: (1) a feature was a Copilot-only proprietary thing and got replaced by an open standard (MCP for Extensions, Skills for ad-hoc instructions); or (2) a feature was a preview/limited capability that got rebuilt as production infrastructure (Workspace → Cloud Agent, Knowledge Bases → Spaces). When in doubt, prefer the newer name.

Part 10: Quick reference

Mode selection cheat sheet

Scenario	Best choice	Why
Refactoring one function in a single file	Edit Mode	Targeted, narrow scope.
Building a complete feature with multiple files	Agent Mode (IDE) or Cloud Agent	Autonomous multi-step execution with self-healing.
Understanding existing/legacy code	Ask Mode + `/explain`	Safe, does not modify files.
Planning a complex change before executing	Plan Mode first	Review plan; click ‘Start Implementation’ to proceed.
Generating tests for a specific function	`/tests`	Targeted test generation for selected code.
Setting up a test environment from scratch	`/setup-tests`	Configures runner + config + initial tests.
Optimizing a specific code block	Highlight + `Ctrl+I`	Targets the exact block.
Delegating an issue; want a PR on GitHub	Cloud Agent (Mission Control)	Runs on GitHub, opens PR, no local work needed.
Working from terminal	Copilot CLI	Terminal-native agentic workflows.
Grounding chat on curated team context	Copilot Spaces	Repos, PRs, notes, uploads as grounded context.
Repeatable specialized workflow (e.g., security review)	Custom Agent or Agent Skill	Loads only when relevant; portable across surfaces.
External tool integration (DB, API)	MCP server	Open standard, build once.
TDD writing	Code completion for writing, Chat for review	Completions for speed, Chat for feedback.

Quick decision guide for common questions

Question pattern	Answer
Which plan supports X?	Audit logs / org policies → Business+. Custom models, BYOK, data residency → Enterprise. IP indemnity → all paid plans (not Free). MCP allowlist → Business+ (no Enterprise needed).
Who is responsible for generated code?	Always the developer. Never GitHub. Never Microsoft.
Can prompts train the model?	No for Business/Enterprise. Yes by default (opt-out) for Free/Pro/Pro+.
Which mode for this task?	Q&A → Ask. One-file refactor → Edit. Multi-file feature → Agent. Plan first for risky → Plan. Tests for selected → `/tests`. Full test setup → `/setup-tests`. Specific block → Highlight + `Ctrl+I`.
Does content exclusion apply here?	Not in CLI. Not in Cloud Agent. Not in Agent Mode. Not for semantic IDE inference. Yes in IDE inline completions and standard chat.
What context does Copilot use?	Current file (FIM), neighboring open tabs, comments, selected code, instruction files, chat history (current session only), workspace files.
How to improve Chat performance?	Provide detailed context. Use `copilot-instructions.md`. Not more RAM, not fewer extensions.
Measuring Copilot ROI / usage?	REST API: `GET /orgs/{org}/copilot/usage`. Includes `used_copilot_cloud_agent` flag.
Learning a new programming language?	Ask Copilot Chat to explain differences from a language you know; request translated code with explanations.
Assigning seats programmatically?	`POST /orgs/{org}/copilot/billing/selected_users`.
Copilot isn’t suggesting in a file type?	Check `settings.json` for `github.copilot.enabled` for that file type.
How to enforce team coding standards?	`copilot-instructions.md` for simple rules. Copilot Space (with org sharing) for broader knowledge. Agent Skills for specialized procedures.
How to install Copilot CLI?	`npm install -g @github/copilot`, or `gh copilot` (auto-installs the new CLI on first run since gh v2.86.0).
How to delegate to Cloud Agent from CLI?	Prefix any prompt with `&`, Copilot opens a PR while you keep working.
How to switch model in CLI?	`/model`, `/models`, or `--model` flag. Use Auto for automatic selection.
What replaced Knowledge Bases?	Copilot Spaces. Available to all Copilot licenses including Free.
What replaced gh-copilot?	Copilot CLI. Old extension archived since gh v2.86.0.
What replaced GitHub App-based Copilot Extensions?	MCP servers. Sunset Nov 10, 2025.

Common misconceptions to retire

Misconception	Correction
Copilot can run offline / on-prem	False. Requires active internet. No air-gapped Copilot. LLMs and proxy hosted in GitHub-owned Azure tenants.
Successful compilation = safe code	False. Always review, test, and scan even if it compiles.
Plan Mode and Agent Mode are the same	False. Plan = plans only, no execution. Agent = autonomous. Click ‘Start Implementation’ to switch.
IDE Agent Mode = Cloud Agent	False. Cloud Agent creates a PR on GitHub; IDE Agent edits local files.
‘Block public code matches’ = content exclusion	False. Different problems. Public code matching = IP filtering on output. Content exclusion = context gating on input.
Disabling public code matching stops all suggestions	False. It filters matching suggestions. If all possible suggestions match, you get zero, not an error.
Audit logs record inline suggestion acceptance	False. They track admin/policy events only. Individual suggestion accept/reject is not recorded.
Need to upgrade to Enterprise to disable MCP	False. Business org owners can disable/allowlist MCP via Organization Settings → Copilot → Policies.
`GITHUB_TOKEN` is enough for CLI auth	False. Run `/login` (browser-based OAuth) first. For CI: set `GITHUB_ASKPASS`.
Knowledge Bases available in Business plan	Not anymore, Knowledge Bases sunset. Replaced by Spaces, available to all plans.
Engagement metrics not stored	False. All SKUs store engagement metrics for 2 years, encrypted.
Copilot validates keys against issuing providers	False. Security awareness comes from LLM training, not external validation or CodeQL, those are GHAS features.
Non-English prompts work just as well	False. English yields the most reliable results. Bilingual teams: prompt in English.
Renaming a file changes the AI model	False. Switch model explicitly via command palette or `/model` in CLI.
Premium requests cover agent tool calls	False. Only your submitted prompts count. Tool calls during agent loops are free.
F5 triggers Copilot	False. F5 starts the debugger. Copilot is triggered by typing, `Ctrl+I`, or the chat panel.

Cardinal rules

Always review suggestions before accepting. AI-generated code is your responsibility, not the model’s.
Provide context generously. Open relevant files, attach #file, write descriptive names and comments.
Plan before you let it run. Plan Mode (or /plan in CLI) catches bad approaches early.
Validate. Always. SAST/DAST in CI, code review, manual testing for critical paths.
Use the right surface for the task. Inline for typing, chat for explaining, agent for delegating, CLI for terminal work, Spaces for grounding.
Keep context clean. /clear between tasks. Close unrelated tabs. Refactor long stale files.
Stay current. This space evolves monthly, read the GitHub changelog occasionally.

Happy building, and please send corrections.

Sources and further reading

This document is grounded in official GitHub documentation, the GitHub changelog, the Copilot CLI release notes, the official best-practices pages, and several community write-ups, all current as of May 2026.

Primary sources

GitHub Copilot documentation: docs.github.com/en/copilot
Plans for GitHub Copilot: docs.github.com/en/copilot/get-started/plans
Models and pricing for GitHub Copilot: docs.github.com/en/copilot/reference/copilot-billing/models-and-pricing
Best practices for GitHub Copilot: docs.github.com/en/copilot/get-started/best-practices
Best practices for GitHub Copilot CLI: docs.github.com/en/copilot/how-tos/copilot-cli/cli-best-practices
About agent skills: docs.github.com/en/copilot/concepts/agents/about-agent-skills
Creating custom agents for Copilot Cloud Agent: docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/create-custom-agents
About GitHub Copilot Spaces: docs.github.com/en/copilot/concepts/context/spaces

Announcements and changelog

GitHub Copilot is moving to usage-based billing: github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/ (April 2026)
Changes to GitHub Copilot Individual plans: github.blog/news-insights/company-news/changes-to-github-copilot-individual-plans/ (April 2026)
GitHub Copilot CLI is now generally available: github.blog/changelog/2026-02-25-github-copilot-cli-is-now-generally-available/ (Feb 2026)
Sunset notice: Copilot knowledge bases: github.blog/changelog/2025-08-20-sunset-notice-copilot-knowledge-bases/ (Aug 2025)
Mission Control to assign, steer, and track Copilot coding agent tasks: github.blog/changelog/2025-10-28-a-mission-control.. (Oct 2025)
Sunset notice: GitHub App-based Copilot Extensions: github.blog/changelog/2025-09-24-deprecate-github-copilot-extensions-github-apps/ (Sept 2025)
Upcoming deprecation of gh-copilot CLI extension: github.blog/changelog/2025-09-25-upcoming-deprecation-of-gh-copilot-cli-extension/ (Sept 2025)

Community

github/awesome-copilot: community catalog of agents, instructions, skills, prompts.
Mastering GitHub Copilot best practices (Wipro Tech Blogs, March 2026): guidance for senior developers and architects on hallucinations, bias, token efficiency.
10 Advanced GitHub Copilot tips & tricks (CodeRabbit): practical productivity tips.
GitHub Copilot Workspace & The Agentic Era (Java Code Geeks, Feb 2026): historical context on Workspace → Coding Agent.

This is a working document, not a fixed reference, please flag anything stale or wrong.

Originally published on LinkedIn on May 15, 2026: GitHub Copilot 2026: A Practical Learning Guide for Developers.

End · 57 min read ← All posts