docs/content/copilot/concepts/agents/coding-agent/about-coding-agent.md at ee363a1764332db85ee6ca671097d655566fce34

mirror of synced 2025-12-19 09:57:42 -05:00

Files

Ben Ahmady ee363a1764 Fix CTAs with script (#57843 )

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

2025-10-10 07:32:37 +00:00

19 KiB

Raw Blame History

title, shortTitle, intro, product, versions, topics, redirect_from, contentType

title

shortTitle

intro

product

versions

topics

redirect_from

contentType

About GitHub Copilot coding agent

About coding agent

You can assign {% data variables.product.github %} issues to {% data variables.product.prodname_copilot_short %}, or ask {% data variables.product.prodname_copilot_short %} to create a pull request.

{% data reusables.gated-features.copilot-coding-agent %}<br><a href="https://github.com/features/copilot/plans?ref_product=copilot&ref_type=engagement&ref_style=button" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Sign up for {% data variables.product.prodname_copilot_short %}</span> {% octicon "link-external" height:16 %}</a>

feature
copilot

Copilot

/copilot/concepts/about-assigning-tasks-to-copilot

/copilot/using-github-copilot/using-copilot-coding-agent-to-work-on-tasks/about-assigning-tasks-to-copilot

/copilot/using-github-copilot/using-copilot-coding-agent-to-work-on-issues/about-assigning-issues-to-copilot

/copilot/using-github-copilot/using-copilot-coding-agent-to-work-on-issues/about-assigning-tasks-to-copilot

/copilot/using-github-copilot/coding-agent/about-assigning-tasks-to-copilot

/copilot/concepts/about-copilot-coding-agent

/copilot/concepts/coding-agent/about-copilot-coding-agent

/copilot/concepts/coding-agent/coding-agent

concepts

Overview of {% data variables.copilot.copilot_coding_agent %}

With {% data variables.copilot.copilot_coding_agent %}, {% data variables.product.prodname_copilot %} can work independently in the background to complete tasks, just like a human developer.

{% data variables.product.prodname_copilot_short %} can:

Fix bugs
Implement incremental new features
Improve test coverage
Update documentation
Address technical debt

To delegate tasks to {% data variables.product.prodname_copilot_short %}, you can:

Assign an issue to {% data variables.product.prodname_copilot_short %}. See AUTOTITLE.
Ask {% data variables.product.prodname_copilot_short %} to create a pull request from the agents panel or page on {% data variables.product.github %}, {% data variables.copilot.copilot_chat %}, your favorite IDE or agentic coding tool with MCP support, or Raycast on macOS. See AUTOTITLE.

{% data variables.product.prodname_copilot_short %} will evaluate the task it has been assigned based on the prompt you give it—whether that's from the issue description or a chat message. Then {% data variables.product.prodname_copilot_short %} will make the required changes and open a pull request. When {% data variables.product.prodname_copilot_short %} finishes, it will request a review from you, and you can leave pull request comments to ask {% data variables.product.prodname_copilot_short %} to iterate.

While working on a coding task, {% data variables.product.prodname_copilot_short %} has access to its own ephemeral development environment, powered by {% data variables.product.prodname_actions %}, where it can explore your code, make changes, execute automated tests and linters and more.

Benefits over traditional AI workflows

When used effectively, {% data variables.copilot.copilot_coding_agent %} offers productivity benefits over traditional AI assistants in IDEs:

With AI assistants in IDEs, coding happens locally. Individual developers pair in synchronous sessions with the AI assistant. Decisions made during the session are untracked and lost to time unless committed. Although the assistant helps write code, the developer still has a lot of manual steps to do: create the branch, write commit messages, push the changes, open the PR, write the PR description, get a review, iterate in the IDE, and repeat. These steps take time and effort that may be hard to justify for simple or routine issues.
With {% data variables.copilot.copilot_coding_agent %}, all coding and iterating happens on {% data variables.product.github %} as part of the pull request workflow. {% data variables.product.prodname_copilot_short %} automates branch creation, commit message writing and pushing, PR opening, and PR description writing. Developers let the agent work in the background and then steer {% data variables.product.prodname_copilot_short %} to a final solution using PR reviews. Working on {% data variables.product.github %} adds transparency, where every step happens in a commit and is viewable in logs. Working on {% data variables.product.github %} also opens up collaboration opportunities for the entire team.

{% data variables.copilot.copilot_coding_agent %} versus agent mode

{% data variables.copilot.copilot_coding_agent %} is distinct from the "agent mode" feature available in your IDE. {% data variables.copilot.copilot_coding_agent %} works autonomously in a {% data variables.product.prodname_actions %}-powered environment to complete development tasks assigned through {% data variables.product.github %} issues or {% data variables.copilot.copilot_chat %} prompts, and creates pull requests with the results. In contrast, agent mode in your IDE makes autonomous edits directly in your local development environment. For more information about agent mode, see AUTOTITLE.

Streamlining software development with {% data variables.copilot.copilot_coding_agent %}

Assigning tasks to {% data variables.product.prodname_copilot_short %} can enhance your software development workflow.

For example, you can assign {% data variables.product.prodname_copilot_short %} to straightforward issues on your backlog. This allows you to spend less time on these and more time on more complex or interesting work, or work that requires a high degree of creative thinking. {% data variables.product.prodname_copilot_short %} can work on "nice to have" issues that improve the quality of your codebase or product, but often remain on the backlog while you focus on more urgent work.

Having {% data variables.product.prodname_copilot_short %} as an additional coding resource also allows you to start tasks that you might not have otherwise due to lack of resources. For example, you might delegate {% data variables.product.prodname_copilot_short %} tasks to refactor code or add more logging, then immediately assign these to {% data variables.product.prodname_copilot_short %}.

{% data variables.product.prodname_copilot_short %} can start a task, which you then pick up and continue working on yourself. By assigning the initial work to {% data variables.product.prodname_copilot_short %}, you free up time that you would otherwise have spent doing repetitive tasks, such as setting up the scaffolding for a new project.

Making {% data variables.copilot.copilot_coding_agent %} available

Before you can assign tasks to {% data variables.copilot.copilot_coding_agent %}, it must be enabled.

{% data variables.copilot.copilot_coding_agent %} is available with the {% data variables.copilot.copilot_pro %}, {% data variables.copilot.copilot_pro_plus %}, {% data variables.copilot.copilot_for_business %} and {% data variables.copilot.copilot_enterprise %} plans.

If you are a {% data variables.copilot.copilot_for_business %} or {% data variables.copilot.copilot_enterprise %} subscriber, an administrator must enable the relevant policy before you can use the agent.

Repository owners can choose to opt out some or all repositories from {% data variables.copilot.copilot_coding_agent %}.

For more information, see AUTOTITLE.

{% data variables.copilot.copilot_coding_agent %} usage costs

{% data variables.copilot.copilot_coding_agent %} uses {% data variables.product.prodname_actions %} minutes and {% data variables.product.prodname_copilot_short %} premium requests.

Within your monthly usage allowance for {% data variables.product.prodname_actions %} and premium requests, you can ask {% data variables.product.prodname_copilot_short %} to work on coding tasks without incurring any additional costs.

For more information, see AUTOTITLE.

Built-in security protections

Security is a fundamental consideration when you enable {% data variables.copilot.copilot_coding_agent %}, as with any other AI agent. {% data variables.product.prodname_copilot_short %} has a strong base of built-in security protections that you can supplement by following best practice guidance.

Subject to existing governance: Organization settings and enterprise policies control availability. Any security policies and practices set up for the organization also apply to {% data variables.copilot.copilot_coding_agent %}.
Restricted development environment: {% data variables.product.prodname_copilot_short %} works in a sandbox development environment with internet access controlled by a firewall. It has read-only access to the repository it's assigned to work in.
Limited access to branches: {% data variables.product.prodname_copilot_short %} can only create and push to branches beginning with copilot/. It is subject to any branch protections and required checks for the working repository.
Responds only to users with write permissions: {% data variables.product.prodname_copilot_short %} will not respond to feedback from users with lower levels of access.
Treated as an outside collaborator: Draft pull requests proposed by {% data variables.product.prodname_copilot_short %} require approval by a user with write permissions before Actions workflows can run. {% data variables.product.prodname_copilot_short %} cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request.
Tracked for compliance: {% data variables.product.prodname_copilot_short %}'s commits are co-authored by the developer who assigned the issue or requested the change to the pull request, allowing attribution of proposed changes. The developer who asked {% data variables.product.prodname_copilot_short %} to create a pull request cannot approve that pull request. In repositories where an approving review is required, this ensures that at least one independent developer reviews {% data variables.product.prodname_copilot_short %}'s work.

For more information, see:

AUTOTITLE (information on how organization owners can further enhance security)
AUTOTITLE
{% data variables.product.prodname_copilot %} Trust Center

Risks and mitigations

{% data variables.copilot.copilot_coding_agent %} is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks. Where possible, {% data variables.product.github %} has applied appropriate mitigations.

Risk: {% data variables.product.prodname_copilot_short %} can push code changes to your repository

To mitigate this risk, {% data variables.product.github %}:

Limits who can assign tasks to {% data variables.product.prodname_copilot_short %}. Only users with write access to the repository can trigger {% data variables.product.prodname_copilot_short %} to work. Comments from users without write access are never presented to the agent.
Limits the permissions in access tokens used by Copilot. Pushes are only allowed to branches beginning with copilot/. {% data variables.product.prodname_copilot_short %} cannot push to the main or master branches.
Limits {% data variables.product.prodname_copilot_short %}'s credentials. {% data variables.product.prodname_copilot_short %} can only perform simple push operations. It cannot directly run git push or other Git commands.
Restricts {% data variables.product.prodname_actions %} workflow runs. Workflows are not triggered until {% data variables.product.prodname_copilot_short %}'s code is reviewed and a user with write access to the repo clicks the Approve and run workflows button. See AUTOTITLE.
Prevents the user who asked {% data variables.product.prodname_copilot_short %} to create a pull request from approving it. This maintains the expected controls in the "Required approvals" rule and branch protection. See AUTOTITLE.

Risk: {% data variables.product.prodname_copilot_short %} has access to sensitive information

{% data variables.product.prodname_copilot_short %} has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input. To mitigate this risk, {% data variables.product.github %}:

Restricts {% data variables.product.prodname_copilot_short %}'s access to the internet. See AUTOTITLE.

Risk: Prompt injection vulnerabilities

Users can include hidden messages in issues assigned to {% data variables.product.prodname_copilot_short %} or comments left for {% data variables.product.prodname_copilot_short %} as a form of prompt injection. To mitigate this risk, {% data variables.product.github %}:

Filters hidden characters before passing user input to {% data variables.product.prodname_copilot_short %}: For example, text entered as an HTML comment in an issue or pull request comment is not passed to {% data variables.product.prodname_copilot_short %}.

Limitations of {% data variables.copilot.copilot_coding_agent %}

{% data variables.copilot.copilot_coding_agent %} has certain limitations in its software development workflow and compatibility with other features.

Limitations in {% data variables.product.prodname_copilot_short %}'s software development workflow

{% data variables.product.prodname_copilot_short %} can only make changes in the same repository where it is creating its pull request. When {% data variables.product.prodname_copilot_short %} is assigned an issue, it can only make changes in the repository where that issue is located. In addition, {% data variables.product.prodname_copilot_short %} cannot make changes across multiple repositories in one run.
{% data variables.product.prodname_copilot_short %} can only access context in the same repository as the assigned issue. By default, an integration with the {% data variables.product.prodname_copilot_short %} MCP server provides {% data variables.product.prodname_copilot_short %} access to one repository at a time. You can, however, configure broader access. See AUTOTITLE.
{% data variables.product.prodname_copilot_short %} can only open one pull request at a time. {% data variables.product.prodname_copilot_short %} will open exactly one pull request to address each task it is assigned.
{% data variables.product.prodname_copilot_short %} cannot work on an existing pull request that it didn't create. If you would like {% data variables.product.prodname_copilot_short %} to provide feedback on an existing pull request, you can add it as a reviewer. See AUTOTITLE.

Limitations in Copilot's compatibility with other features

{% data variables.product.prodname_copilot_short %} does not sign its commits. If you have the "Require signed commits" rule or branch protection enabled, you must rewrite the commit history in order to merge {% data variables.product.prodname_copilot_short %}'s pull requests. See AUTOTITLE.
{% data variables.product.prodname_copilot_short %} does not work with self-hosted {% data variables.product.prodname_actions %} runners. {% data variables.product.prodname_copilot_short %} has access to its own development environment, running in {% data variables.product.prodname_actions %}, and must use {% data variables.product.prodname_dotcom %}-hosted runners. See AUTOTITLE.
{% data variables.copilot.copilot_coding_agent %} does not work in personal repositories owned by {% data variables.enterprise.prodname_managed_users %}. This is because {% data variables.copilot.copilot_coding_agent %} requires {% data variables.product.company_short %}-hosted runners, which are not available to repositories owned by {% data variables.enterprise.prodname_managed_users %}. See AUTOTITLE.
{% data variables.product.prodname_copilot_short %} doesn't account for content exclusions. Content exclusions allow administrators to configure {% data variables.product.prodname_copilot_short %} to ignore certain files. When using {% data variables.copilot.copilot_coding_agent %}, {% data variables.product.prodname_copilot_short %} will not ignore these files, and will be able to see and update them. See AUTOTITLE.
{% data variables.copilot.copilot_coding_agent %} only works with repositories hosted on {% data variables.product.github %}. If your repository is stored using a different code hosting platform, {% data variables.product.prodname_copilot_short %} won't be able to work on it.
You cannot select the AI model used by {% data variables.copilot.copilot_coding_agent %}. A model picker is not available to switch between models, and {% data variables.product.company_short %} reserves the right to change models at any time.

If you are a {% data variables.copilot.copilot_pro %} or {% data variables.copilot.copilot_pro_plus %} subscriber, {% data variables.copilot.copilot_coding_agent %} uses {% data variables.copilot.copilot_claude_sonnet_45 %}.

If you are a {% data variables.copilot.copilot_for_business %} or {% data variables.copilot.copilot_enterprise %} subscriber, {% data variables.copilot.copilot_coding_agent %} uses {% data variables.copilot.cca_current_model %} by default, or {% data variables.copilot.copilot_claude_sonnet_45 %} if the model has been enabled by an administrator. See AUTOTITLE.

Hands-on practice

Try the Expand your team with {% data variables.copilot.copilot_coding_agent %} Skills exercise for practical experience with {% data variables.copilot.copilot_coding_agent %}.

19 KiB Raw Blame History