🧩

The Ecosystem

AI engines, tools, and integrations

Ecosystem Overview

Six composable primitives — from always-on behavioral standards to deterministic policy enforcement.

6HooksPolicy LayerDeterministic gates that enforce rules on everything below🔒 Security checkpoint

5MCP ServersConnectivityLive access to external systems, APIs, and data🔌 API gateway

4Agent SkillsWorkflow LayerReusable runbooks with scripts, templates, and references📋 Training manual

3Custom AgentsPersona LayerSpecialist roles with tool boundaries and collaboration patterns👤 Team member

2Prompt FilesTask LayerNamed slash commands for repeatable one-shot tasks📄 Playbook page

1Custom InstructionsBehavior LayerAlways-on standards and conventions — the foundation everything inherits📘 Employee handbook

Composable by design: A custom agent can inherit instructions, invoke skills, call MCP-provided tools, and be governed by hooks — all simultaneously. The primitives layer together; they don’t replace each other.

🤖 Copilot Coding Agent

The autonomous runtime engine that executes agentic workflows in ephemeral GitHub Actions environments.

What It Does

The Copilot coding agent is an autonomous AI developer that works independently in the background. It operates in ephemeral GitHub Actions environments where it can explore code, make changes, run tests, iterate on failures, and open pull requests.

Fix bugs identified in issues or code review
Implement incremental features from scoped descriptions
Improve test coverage by writing missing tests
Address technical debt (refactoring, dependency updates)
Update documentation to match code changes
Accelerate secret scanning remediation

Key Insight

CCA ≠ Agent Mode. The Copilot coding agent works autonomously in a GitHub Actions environment and creates PRs. Agent mode in the IDE works interactively in your local environment with human-in-the-loop control.

Session Management

Steering — Provide mid-session guidance without stopping the run
Resume locally — Open in VS Code or paste a CLI command to continue
Archiving — Stopped sessions can be archived
Tracking — Monitor from CLI, Mobile, VS Code, Raycast, JetBrains

Entry Points

Entry Point	How
GitHub Issues	Assign an issue to Copilot via the assignees dropdown or `@copilot` mention
Pull Requests	Comment `@copilot` on an existing PR to request changes
Agents Tab	Repository-level dashboard to launch and manage sessions, select agents, pick models
Agents Panel	Click the ✦ button at the top of any GitHub page
Copilot Chat	Start a coding agent session from Copilot Chat on GitHub.com
VS Code / JetBrains	Initiate coding agent sessions from IDE Copilot Chat
Copilot CLI	Prefix any prompt with `&` to delegate to the cloud coding agent
GitHub CLI / API	Use `gh issue edit` or the REST API to assign issues programmatically

Workflow Lifecycle

📝 Issue / Prompt→🤖 Agent picks up task→🌿 Creates branch→🔍 Reads code→📋 Plans changes→⚙️ Implements→🧪 Runs tests→🔄 Iterates→✅ Opens PR

📘 Custom Instructions

The foundational behavioral layer — always-on rules that shape every interaction across an entire repository, organization, or workspace.

Six Instruction Types

Type	File Location	Loading	Platforms	Purpose
Repository-wide	`.github/copilot-instructions.md`	Always-on (every request)	VS Code, JetBrains, Eclipse, Xcode, GitHub.com	Global coding standards
Path-specific	`.github/instructions/*.instructions.md`	File-matched via `applyTo` glob	VS Code, GitHub.com	Language/framework-specific rules
Agent instructions	`AGENTS.md` (any directory)	When coding agent operates	VS Code, GitHub.com, CLI	Autonomous agent procedures
Model-specific	`CLAUDE.md` / `GEMINI.md`	When corresponding model is active	GitHub.com	Model-specific tuning
Personal	VS Code User Settings	Always-on (across workspaces)	VS Code	Individual preferences
Organization	GitHub Org settings	Always-on (org-wide)	All platforms	Organization-level standards

Path-Specific Instructions

Use YAML frontmatter with an applyTo glob pattern to scope instructions to specific file types:

AGENTS.md

Added to the coding agent in August 2025. Key characteristics:

Placed anywhere in the repository
Nearest AGENTS.md in directory tree takes precedence
Subdirectory files scope to that directory and children
Root AGENTS.md applies globally
Follows the open agentsmd spec
CLAUDE.md and GEMINI.md are read in addition

Path-specific instructions example:

---
applyTo: "**/*.bicep"
---
When writing Bicep files, always use parameter
decorators, follow naming conventions, and include
resource descriptions for documentation.

Precedence Model

Layer 0: Personal Instructions (VS Code Settings)          ← Highest priority
Layer 1: copilot-instructions.md (repo-wide)                ← Always-on
Layer 2: *.instructions.md (matched by applyTo glob)        ← Conditionally loaded
Layer 3: AGENTS.md (when coding agent is operating)         ← Agent-scoped
Layer 4: Skill (if the task matches a skill description)    ← On-demand
Layer 5: Custom Agent prompt (if a specific agent selected) ← Explicitly selected

All applicable instructions are provided simultaneously — contradictions between layers should be avoided.

Best practice: Keep copilot-instructions.md concise (5–15 core rules, 200–500 tokens). Use path-specific instructions for language-specific conventions. Reserve AGENTS.md for autonomous agent operational procedures.

📄 Prompt Files

Reusable, named tasks invoked on demand as slash commands — bridging always-on instructions and full custom agents.

Format & Configuration

Markdown files in .github/prompts/*.prompt.md
Invoked with / in Copilot Chat (e.g., /security-review)
Support YAML frontmatter: agent, tools, model, description, mode
Built-in variables: ${selection}, ${file}, ${input:variableName}
Can reference a custom agent via the agent field

Example

---
mode: agent
tools: ['search/codebase', 'edit/editFiles',
        'read/problems']
description: Create a structured implementation
             plan for a new feature
---
# Feature Planning

You are a senior software architect.
Create an implementation plan for the
following feature: ${input:featureDescription}

## Requirements
- Break down into discrete tasks
- Identify affected files using codebase search
- Estimate complexity per task

When to use Prompt Files: Repeatable tasks you type the same prompt for, tasks benefiting from dynamic variables, and named slash commands the whole team can share via source control.

👤 Custom Agents

Specialized AI personas with defined roles, tool boundaries, and collaboration patterns. Defined as .agent.md files with YAML frontmatter.

Configuration Fields

Field	Purpose
`name`	Display name (defaults to filename)
`description`	Role description (influences discovery)
`tools`	Allowed-tool whitelist
`model`	Model selection (supports fallback lists)
`handoffs`	Inter-agent transition configuration
`agents`	Invocable sub-agent whitelist
`mcp-servers`	MCP server configs embedded in frontmatter
`metadata`	Key-value annotation pairs

Configuration Scope

Level	Location	Scope
Repository	`.github/agents/*.agent.md`	Current project
User	`~/.copilot/agents/*.agent.md`	All projects
Organization	`.github-private` repo	All org repos
Enterprise	Enterprise agent registry	All enterprise repos

Runs On

GitHub.com (Agents tab, issues, PRs, panel) · VS Code (GA) · JetBrains, Eclipse, Xcode (preview) · Copilot CLI (—agent= flag)

Collaboration Patterns

🤝 Handoffs User-Guided

Relay-race style transitions where the user explicitly confirms each switch. Shared conversation history across the chain.

🔄 Sub-agents Programmatic

Manager-delegate style where the parent agent autonomously invokes child agents without user intervention.

Handoffs example:

---
name: Planner
description: Generate implementation plans
tools: ['search', 'fetch']
handoffs:
  - label: Start Implementation
    agent: Implementer
    prompt: "Implement the plan above."
    send: false  # User must click
---

Handoff flow: Planner → [User clicks] → Implementer → [User clicks] → Reviewer

Human-in-the-loop control
Shared conversation history
Unlimited depth

Sub-agents example:

---
name: Feature Builder
description: Build features by researching
             first, then implementing
tools: ['agent']
agents: ['Researcher', 'Implementer']
---

Sub-agent flow: Feature Builder autonomously delegates → Researcher → Implementer

Agent-autonomous (no user clicks)
Isolated context (clean session)
Single level depth only

Dimension	Handoffs	Sub-agents
Trigger	User clicks a button	Parent agent invokes programmatically
Control	User-driven (human-in-the-loop)	Agent-autonomous
Context	Shared conversation history	Isolated context (clean session)
Visibility	User sees the agent switch	Transparent — user sees only the result
Depth	Unlimited	Single level only
Best for	Multi-stage pipelines needing human review	Automated divide-and-conquer tasks

MCP Servers in Agent Profiles

Custom agents can embed MCP server configurations directly in their frontmatter:

---
name: my-custom-agent-with-mcp
description: Custom agent description
tools: ['tool-a', 'tool-b', 'custom-mcp/tool-1']
mcp-servers:
  custom-mcp:
    type: 'local'
    command: 'some-command'
    args: ['--arg1', '--arg2']
    tools: ["*"]
    env:
      ENV_VAR_NAME: ${{ secrets.COPILOT_MCP_ENV_VAR_VALUE }}
---

Secret syntax supports: $COPILOT_MCP_*, ${COPILOT_MCP_*}, and ${{ secrets.COPILOT_MCP_* }}.

📋 Agent Skills

The workflow packaging layer — reusable runbooks that bundle instructions, scripts, templates, and reference materials into self-contained capability packages.

Open Standard: Agent Skills follow the agentskills.io specification (originally developed by Anthropic). A skill defined once works in GitHub Copilot, Claude Code, and any other skills-compatible agent.

Progressive Loading Model (Three-Tier)

Tier	Content	Token Budget	When Loaded
Tier 1 Metadata	`name` + `description` (YAML frontmatter)	~50–100 tokens/skill	Always in context
Tier 2 Body	SKILL.md body content	Recommended < 500 tokens	When Copilot determines relevance
Tier 3 References	Files under `references/`, `scripts/`, etc.	Recommended < 1,000 tokens/file	When explicitly referenced

At startup, agents load only the name and description of each available skill — just enough to know when it might be relevant. Full content is loaded progressively.

Directory Structure

SKILL.md Format

Directory structure:

.github/skills/incident-triage/
├── SKILL.md              # Required: primary instructions
├── LICENSE.txt            # Recommended: license terms
├── scripts/               # Optional: executable scripts
│   ├── collect-metrics.sh
│   └── notify-oncall.ps1
├── references/            # Optional: on-demand docs
│   ├── runbook.md
│   └── escalation-matrix.md
├── assets/                # Optional: static resources
│   └── triage-template.md
└── templates/             # Optional: scaffolds
    └── incident-report.md

SKILL.md format:

---
name: github-actions-failure-debugging
description: >
  Guide for debugging failing GitHub Actions
  workflows. Use this when asked to debug
  failing GitHub Actions workflows.
---

To debug failing GitHub Actions workflows:

1. Use `list_workflow_runs` to look up
   recent runs and their status
2. Use `summarize_job_log_failures` for
   an AI summary of failed jobs
3. Use `get_job_logs` for full failure
   logs if needed
4. Reproduce locally, then fix and verify

Critical: The description field is the sole criterion Copilot uses to determine whether to load a skill. Include both what-it-does and when-to-use-it.

Storage Locations

Type	Location	Scope
Project skills	`.github/skills/<name>/`	Current repository
Claude-compatible	`.claude/skills/<name>/`	Current repository (cross-agent)
Personal skills	`~/.copilot/skills/<name>/`	All projects for this user
Personal (Claude)	`~/.claude/skills/<name>/`	All projects for this user

Real-World Skill Examples

🔒 api-security-review

Reviews APIM configs against OWASP Top 10

🏗️ architecture-design

Designs Azure architectures with WAF alignment

💰 azure-pricing

Real-time Azure retail pricing lookups via MCP

⚡ gh-aw-operations

Creating, compiling, debugging GitHub Agentic Workflows

🔧 terraform-provider-upgrade

Safe Terraform provider upgrades

📊 waf-assessment

Well-Architected Framework assessment across all five pillars

Skills vs Instructions

Concern	Instructions	Skills
Loading	Always-on or pattern-matched	On-demand (description-matched)
Assets	Text only	Scripts, templates, references
Token cost	Always in context	Progressive — loaded when relevant
Portability	Copilot-specific	Open standard (multi-agent)
Best for	Simple rules for every interaction	Detailed workflows for specific tasks

🔌 MCP Integration

Model Context Protocol — an open standard defining how applications share context with large language models, connecting AI agents to live external systems.

Four Capability Categories

🔧 Tools

Actions the agent can invoke — create issues, query databases, deploy services, call APIs.

📦 Resources

Data the agent can pull into context — files, API responses, database rows.

💬 Prompts

Pre-configured prompt templates contributed by the MCP server.

🖥️ MCP Apps

Interactive UI components — forms and visualizations rendered in chat.

Important: The Copilot coding agent on GitHub.com currently only supports tools from MCP servers. Resources, prompts, and apps are available in IDE agent mode.

GitHub MCP Server

GitHub provides a built-in MCP server giving agents native access to GitHub platform capabilities:

Issues — List, create, update, search

Pull Requests — Create, diff, files, status

Workflow Runs — List runs, job logs, failure summaries

Repositories — Search code, file contents, branches

Code Search — Symbols, patterns across repos

Code Scanning — Security analysis (GHAS)

Remote Config (Recommended)

Coding Agent Config (Cloud)

Remote MCP config:

{
  "servers": {
    "github": {
      "url": "https://api.githubcopilot.com/mcp/"
    }
  }
}

Uses one-click OAuth — no PAT or additional software required.

Coding agent MCP config:

{
  "mcpServers": {
    "sentry": {
      "command": "npx",
      "args": ["-y", "@sentry/mcp-server"],
      "env": {
        "SENTRY_AUTH_TOKEN":
          "$COPILOT_MCP_SENTRY_TOKEN"
      }
    }
  }
}

Secrets must be prefixed with COPILOT_MCP_ and stored in the copilot environment.

Configuration Locations

Surface	Configuration Location	Notes
VS Code (workspace)	`.vscode/mcp.json`	Shared via source control
VS Code (user)	User-level `mcp.json`	Personal MCP servers
GitHub.com (repo)	Repo settings → Copilot → Coding agent	JSON config for cloud agent
Custom Agent frontmatter	`mcp-servers` property in `.agent.md`	MCP embedded in agent def
Organization policy	GitHub org/enterprise settings	Centrally managed access
JetBrains / Eclipse / Xcode	IDE-specific `mcp.json`	Agent mode in IDEs

Toolsets

The GitHub MCP server supports toolsets — groups of related tools that can be enabled or disabled. Fewer tools means better performance and security.

https://api.githubcopilot.com/mcp/readonly

Read-only tools

https://api.githubcopilot.com/mcp/

Full access (use X-MCP-Toolsets header to filter)

🔒 Hooks System

The policy enforcement layer — deterministic shell commands that run at strategic points in an agent’s workflow. Unlike instructions (advisory), hooks are deterministic: a deny is a deny.

Eight Hook Types

Hook Type	When It Fires	Key Capability
`sessionStart`	New session begins or resumes	Initialize environments, validate project state, show banners
`sessionEnd`	Session completes or terminates	Cleanup resources, generate reports, session summaries
`userPromptSubmitted`	User submits a prompt	Log requests for auditing, scan for threat signals
`preToolUse`	Before any tool execution	Approve or deny tool executions (most powerful hook)
`postToolUse`	After tool completes	Log results, track metrics, send alerts
`agentStop`	Main agent finishes responding	Post-processing, notifications
`subagentStop`	Sub-agent completes	Validate sub-agent results
`errorOccurred`	Error during agent execution	Error logging, notifications

Configuration Format

Hooks are JSON files in .github/hooks/*.json:

Input / Output Format

Hooks receive detailed JSON via stdin:

Hook configuration example:

{
  "version": 1,
  "hooks": {
    "sessionStart": [
      {
        "type": "command",
        "bash": "./scripts/session-banner.sh",
        "powershell": "./scripts/session-banner.ps1",
        "cwd": ".github/hooks",
        "timeoutSec": 10
      }
    ],
    "preToolUse": [
      {
        "type": "command",
        "bash": "./scripts/security-check.sh",
        "powershell": "./scripts/security-check.ps1",
        "cwd": "scripts",
        "env": {
          "LOG_LEVEL": "INFO"
        }
      }
    ]
  }
}

preToolUse input:

{
  "timestamp": 1704614600000,
  "cwd": "/path/to/project",
  "toolName": "bash",
  "toolArgs": "{\"command\":\"rm -rf /\"}"
}

preToolUse output (to deny):

{
  "decision": "deny",
  "reason": "Destructive command blocked"
}

postToolUse input includes results:

{
  "toolResult": {
    "resultType": "success",
    "result": "..."
  }
}

Where Hooks Run

Platform	Status	Config Location
Copilot coding agent (GitHub.com)	GA	`.github/hooks/*.json` (default branch)
GitHub Copilot CLI	GA	`.github/hooks/*.json` (current working directory)
VS Code	Preview	`.github/hooks/*.json`

Governance Example: Comprehensive Audit Trail

{
  "version": 1,
  "hooks": {
    "sessionStart":          [{ "type": "command", "bash": "./audit/log-session-start.sh" }],
    "userPromptSubmitted":   [{ "type": "command", "bash": "./audit/log-prompt.sh" }],
    "preToolUse":            [{ "type": "command", "bash": "./audit/log-tool-use.sh" }],
    "postToolUse":           [{ "type": "command", "bash": "./audit/log-tool-result.sh" }],
    "sessionEnd":            [{ "type": "command", "bash": "./audit/log-session-end.sh" }]
  }
}

Governance Audit Hook (Community)

The governance-audit hook from awesome-copilot provides:

Threat detection — Scans for data exfiltration, privilege escalation, prompt injection

Governance levels — Open, Standard, Strict, Locked (allowlist-only)

Audit trail — Append-only JSON log; full prompts are never logged

Configure governance level in hooks.json env:

{
  "env": {
    "GOVERNANCE_LEVEL": "strict",
    "BLOCK_ON_THREAT": "true"
  }
}

Performance: Hooks run synchronously and block agent execution — keep them under 5 seconds. Default timeout is 30s. Always validate/sanitize JSON input and never log sensitive data.

🔗 How They Compose

The six primitives are designed to layer together. They compose — they don’t replace each other.

🔒 HOOKS — Policy enforcement wraps everything below

🔌 MCP SERVERS — External tools available to any layer

📋 SKILLS — On-demand workflows

👤 AGENTS — Specialist personas

📄 PROMPT FILES — Named slash commands

📘 INSTRUCTIONS — Always-on foundation everything inherits

Composition Rules

Layering

A custom agent can reference instruction files via Markdown links
A prompt file can set agent: to run inside a specific custom agent
A skill can bundle scripts that any agent or prompt file invokes
An MCP server provides tools any agent, prompt, or skill can call
Hooks enforce policy regardless of which primitive triggered the action

Decision Flow

Need a rule on every request? → Instructions
Need a named, repeatable task? → Prompt File
Need a specialist persona with limited tools? → Custom Agent
Need a reusable runbook with scripts? → Skill
Need live external data? → + MCP
Must be enforced deterministically? → + Hook

Questions 1–4 are “pick one” decisions. Questions 5–6 are additive layers stacked on top.

Comprehensive Comparison

Dimension	Instructions	Prompt Files	Custom Agents	Skills	MCP Servers	Hooks
Location	`.github/copilot-instructions.md`, `AGENTS.md`	`.github/prompts/`	`.github/agents/`	`.github/skills/`	`.vscode/mcp.json`, repo settings	`.github/hooks/`
Trigger	Always-on or pattern-matched	Manual slash command	User selects or agent delegates	Auto-discovered by description	Tool call from any surface	Agent lifecycle events
Loading	Injected every request	On invocation	When selected	Progressive (3 tiers)	When tools are called	On lifecycle event
Assets	Text only	Text + variables	Text + tool config + MCP	Text + scripts + templates + refs	External service integration	Shell scripts
Enforcement	Advisory	Advisory	Advisory (tools bounded)	Advisory	Deterministic (success/fail)	Deterministic (approve/deny)
Portability	Copilot-specific	Copilot-specific	Copilot-specific	Open standard	Open standard	Copilot CCA + CLI

A Mature gh-aw Repository

.github/
├── copilot-instructions.md              # Global standards
├── instructions/
│   ├── terraform.instructions.md        # applyTo: "**/*.tf"
│   ├── typescript.instructions.md       # applyTo: "**/*.ts"
│   └── pipeline.instructions.md         # applyTo: "**/*.yml"
├── prompts/
│   ├── security-review.prompt.md        # /security-review
│   ├── release-notes.prompt.md          # /release-notes
│   └── generate-module.prompt.md        # /generate-module
├── agents/
│   ├── planner.agent.md                 # Planning specialist
│   ├── implementer.agent.md             # Code implementation
│   ├── security-reviewer.agent.md       # Read-only security review
│   └── cost-optimizer.agent.md          # Cloud cost analysis
├── skills/
│   ├── incident-triage/
│   │   ├── SKILL.md
│   │   ├── scripts/collect-metrics.sh
│   │   └── templates/incident-report.md
│   ├── postmortem/
│   │   ├── SKILL.md
│   │   └── references/rca-template.md
│   └── ci-troubleshooting/
│       ├── SKILL.md
│       └── scripts/diagnose-pipeline.sh
├── hooks/
│   ├── security-gates.json              # preToolUse: block risky commands
│   └── audit-logging.json               # postToolUse: log all tool calls
AGENTS.md                                # Multi-agent operational procedures

📅 Ecosystem Evolution

Key milestones in the gh-aw ecosystem.

Date	Milestone
Nov 2024	MCP open standard published
Jul 2025	Copilot coding agent enters public preview
Aug 2025	Copilot coding agent adds `AGENTS.md` support
Sep 2025	Copilot CLI enters public preview
Nov 2025	Custom agents announced for GitHub Copilot
Dec 2025	Agent Skills support launched (open standard from Anthropic)
Jan 2026	Agents Tab introduced for repository-level session management
Feb 2026	Copilot CLI reaches GA · Hooks system launched
Mar 2026	Custom agents in JetBrains, Eclipse, Xcode · GitHub MCP Registry preview · VS Code hooks preview