📣 Please do not share this URL publicly. This page contains content about a private preview feature.

Using Copilot coding agent

Learn how to assign issues to GitHub Copilot, get back a pull request and then iterate with GitHub Copilot through pull request reviews.

Who can use this feature?

Repositories onboarded to the GitHub Copilot coding agent private preview and enabled by an administrator.

In this article

Note

GitHub Copilot coding agent is in private preview and subject to change.

About Copilot coding agent

With Copilot coding agent, GitHub Copilot can solve GitHub issues, just like a human developer.

Copilot can:

  • Fix bugs
  • Implement incremental new features
  • Improve test coverage
  • Update documentation
  • Address technical debt

Simply assign an issue to Copilot and it will pick up the issue, make the required changes and create a pull request. When Copilot finishes, it will request a review from you, and then you can leave pull request comments to ask Copilot to iterate.

While working on an issue, Copilot has access to its own ephemeral development environment, powered by GitHub Actions, where it can explore your code, make changes, execute automated tests and linters and more.

You can customize Copilot's prompts and development environment and tailor its security controls. For more information, see Customizing Copilot coding agent's development environment.

You can give Copilot access to additional tools and context by configuring Model Context Protocol (MCP) servers. For more information, see Extending Copilot coding agent with the Model Context Protocol (MCP).

Note

Each GitHub account receives a certain amount of free minutes for use with GitHub-hosted runners. Once the account's free minutes have been used, you will be charged at the normal rates. For more information, see About billing for GitHub Actions.

Copilot coding agent risks and mitigations

With Copilot coding agent, an autonomous Copilot agent has access to your code and can push changes to your repository. This entails certain risks. Where possible, we have applied appropriate mitigations:

  • Copilot can push code changes to your repository
    • Mitigation: Only users with write access to the repository can trigger Copilot to work by assigning an issue or leaving a comment. Comments from users without write access are never presented to the agent.
    • Mitigation: The access tokens used by Copilot are strictly limited, and only allow pushes to branches beginning with copilot/. Copilot cannot push to the main or master branches.
    • Mitigation: Copilot does not have credentials available to allow it to directly run git push or other Git commands interacting with GitHub. This means that it is only able to perform simple push operations, and cannot force push to rewrite history.
    • Mitigation: GitHub Actions workflows are not run in response to Copilot's pushes until Copilot's code is reviewed and a user with write access to the repo has clicked the Approve and run workflow button. For more information, see "Allowing GitHub Actions workflows to run when Copilot pushes changes" below.
    • Mitigation: The person who assigned an issue to Copilot is prevented from approving a pull request that Copilot created based on their instructions, maintaining the expected controls provided by the "Required reviews" rule and branch protection. For more information, see Available rules for rulesets.
  • Copilot has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input
  • Users can hide hidden messages in issues assigned to Copilot or comments left for Copilot as a form of prompt injection
    • Mitigation: Known hidden characters are filtered out before user input is passed to Copilot.

Enabling Copilot coding agent in a repository

During private preview, GitHub Copilot coding agent is only available in non-public repositories owned by organizations and users allowlisted by GitHub.

Once your organization or user has been allowlisted, you will need to select what repositories are enabled for GitHub Copilot coding agent from your user or organization settings.

Enable GitHub Copilot coding agent for organization-owned repositories

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Next to the organization, click Settings.

  3. In the sidebar, select Copilot, then Coding agent.

  4. Under "Repository access", select an option.

  5. If you selected Only selected repositories in the previous step, use the repository picker to select the repositories to enable, then click Select.

Enable GitHub Copilot coding agent for user-owned repositories

  1. In the upper-right corner of any page on GitHub, click your profile photo, then click Settings.
  2. In the sidebar, select Copilot, then Coding agent.
  3. Under "Repository access", select an option.
  4. If you selected Only selected repositories in the previous step, use the repository picker to select the repositories to enable, then click Select.

Assigning an issue to Copilot

You can ask Copilot to start working on an issue by assigning the issue to Copilot.

Assigning an issue to Copilot on GitHub.com

You can assign an issue to Copilot on GitHub.com in exactly the same way as you assign another user.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Issues.

    Screenshot of the main page of a repository. In the horizontal navigation bar, a tab, labeled "Issues," is outlined in dark orange.

  3. Open the issue that you want to assign to Copilot.

  4. In the right side menu, click Assignees.

    Screenshot of the right sidebar of an issue. A header, labeled "Assignees", is outlined in dark orange.

  5. Click Copilot from assignees list.

    Screenshot of "Assignees" window on an issue. Copilot is available in the list.

You can also assign issues to Copilot from other places across GitHub, for example from the list of issues on a repository's Issues page, or when viewing an issue in GitHub Projects.

Assigning an issue to Copilot via the GitHub API

You can assign an issue to Copilot through the GitHub API.

  1. Make sure you're authenticating with the API using a user token, for example a personal access token or a GitHub App user-to-server token.

  2. Verify that Copilot coding agent is enabled in the repository by checking if the repository's suggestedActors in the GraphQL API includes Copilot. Replace monalisa with the repository owner, and octocat with the name.

    query {
  repository(owner: "monalisa", name: "octocat") {
    suggestedActors(capabilities: [CAN_BE_ASSIGNED], first: 100) {
      nodes {
        login
        __typename
        
        ... on Bot {
          id
        }
        
        ... on User {
          id
        }
      }
    }
  }
}

    If Copilot coding agent is enabled for the user and in the repository, the first node returned from the query will have the login copilot-swe-agent.

  3. Fetch the GraphQL global ID of the issue you want to assign to Copilot, replacing monalisa with the repository owner, octocat with the name and 9000 with the issue number.

    query {
  repository(owner: "monalisa", name: "octocat") {
    issue(number: 9000) {
      id
      title
    }
  }
}

  4. Assign the issue to Copilot using the replaceActorsForAssignable GraphQL mutation. Replace ISSUE_ID with the ID returned from the previous step, and BOT_ID with the ID returned from the step before that.

    mutation {
  replaceActorsForAssignable(input: {assignableId: "ISSUE_ID", assigneeIds: ["BOT_ID"]}) {
    assignable {
      ... on Issue {
        id
        title
        assignees(first: 10) {
          nodes {
            login
          }
        }
      }
    }
  }
}

Tracking Copilot's progress on your issue

Shortly after you assign an issue to Copilot, Copilot will leave an 👀 reaction on the issue.

Screenshot of a GitHub issue assigned to Copilot. Copilot has left an 👀 reaction.

A few seconds later, Copilot will open a draft pull request, linked to your original issue. An event will appear in the issue's timeline, pointing to the pull request.

Screenshot of a GitHub issue with a timeline event showing that a linked pull request has been opened.

Copilot will start an agent session to work on your issue. A "Copilot started work" event will appear in the pull request timeline, and as Copilot works, it will update the pull request body with regular status updates, and push commits to the branch.

Screenshot of a GitHub pull request with a partially completed plan in the body and a series of timeline events, including "Copilot started work".

Note

The pull request timeline will include events related to GitHub Actions deployments, for example "Copilot requested a deployment". Copilot is not deploying, and you can safely ignore these events.

Once Copilot has finished, the agent session will end, and Copilot will request a review from you, triggering a notification. In addition, a "Copilot finished work" event will appear in the pull request timeline.

Screenshot of a GitHub pull request timeline with "Copilot finished work" and "Copilot requested review" events.

Reviewing Copilot's changes

Once Copilot has finished work and has requested a review from you, you should review Copilot's work before merging the pull request.

You can ask Copilot to make changes using pull request comments, or you can check out Copilot's branch and make changes yourself.

When you leave a comment on Copilot's pull request, Copilot will consider your comment, and decide whether to start a new agent session to respond.

If Copilot starts a new agent session in response to your comment, Copilot will react with 👀, and a "Copilot has started work" event will appear in the pull request timeline.

Screenshot of a GitHub pull request timeline with a review comment with 👀 reaction and a "Copilot started work" timeline event.

If you are sure that you want Copilot to respond to your comment, you can @mention Copilot in your comment with @copilot.

Allowing GitHub Actions workflows to run when Copilot pushes changes

GitHub Actions workflows will not run automatically when Copilot pushes changes to a pull request.

GitHub Actions workflows can be privileged and have access to sensitive secrets, so you should review code written by Copilot before allowing workflows to run.

To allow GitHub Actions workflows to run, click the Approve and run workflows button in the pull request's merge box.

Screenshot of the merge box on a pull request from Copilot with the "Approve and run workflows" button.

Understanding Copilot's approach using the session logs

During or after an agent session, you can inspect the session logs to understand Copilot's approach to your problem.

To view the session logs, click on the Copilot started work event in the pull request timeline.

In the session logs, you can see Copilot's internal monologue and the tools it used to understand your repository, make changes and validate its work.

Copilot has its own development environment, including the ability to run automated tests and linters, to validate its changes before it pushes.

Giving feedback on Copilot's work

You can provide feedback on Copilot's work using the feedback buttons on Copilot's pull requests and comments. We use your feedback to improve the product and the quality of Copilot's solutions.

  1. On a pull request or comment from Copilot, click the thumbs up (👍) or thumbs down (👎) button.

    Screenshot showing a Copilot code review comment with the thumbs up and thumbs down buttons.

  2. If you click the thumbs down button, you're asked to provide additional information. You can, optionally, pick the reason for your negative feedback and leave a comment before clicking Submit feedback.

    Screenshot of the modal for providing negative feedback on Copilot coding agent.

Limitations of Copilot coding agent

  • Copilot can only make changes in the same repository as the assigned issue: Copilot isn't able to take an issue and open a pull request in a different repository.
  • Copilot can only access context in the same repository as the assigned issue: Thanks to a built-in integration with the GitHub MCP server, Copilot can access other issues linked from the issue you assigned, explore past pull requests and more - but only within the current repository.
  • Copilot can only open one pull request at a time: When you assign an issue to Copilot, Copilot will open exactly one pull request to address the issue.
  • Copilot doesn't have access to a vision model to allow it to see the impact of its changes: This means that it is unlikely to be successful at fixing visual bugs.
  • Copilot cannot work in existing pull request: Copilot can only start from an issue, create a pull request, and then iterate on that pull request. It can't be assigned or tagged to work on existing pull request created by a human.
  • Copilot will always start its work from the repository's default branch: Copilot cannot branch off from any other branch, for example a feature branch, release branch or an existing pull request's branch.
  • Copilot does not sign its commits: If you have the "Require signed commits" rule or branch protection enabled, you will not be able to merge Copilot's pull requests without first rewriting the commit history. For more information, see Available rules for rulesets.
  • Copilot does not work with self-hosted GitHub Actions runners: Copilot has access to its own development environment, running in GitHub Actions. You can set the runs-on property in a copilot-setup-steps.yml file to use larger runners, but self-hosted runners are not supported.
  • Copilot doesn't take into account content exclusions: Content exclusions allow administrators to configure Copilot to ignore certain files. When using Copilot coding agent, Copilot will not ignore these files, and will be able to see and update them. For more information, see Excluding content from GitHub Copilot.