About Copilot coding agent

Overview of Copilot-Programmier-Agent

With Copilot-Programmier-Agent, GitHub Copilot can work independently in the background to complete tasks, just like a human developer.

Copilot can:

• Fix bugs
• Implement incremental new features
• Improve test coverage
• Update documentation
• Address technical debt

To delegate tasks to Copilot, you can:

• Assign an issue to Copilot. See Verwenden von Copilot zum Arbeiten an einem Issue.
• Ask Copilot to create a pull request from the Agents page on GitHub, GitHub Copilot Chat or your favorite IDE or agentic coding tool with MCP support. See Auffordern von Copilot zum Erstellen eines Pull Requests.

Copilot will evaluate the task it has been assigned based on the prompt you give it—whether that's from the issue description or a chat message. Then Copilot will make the required changes and open a pull request. When Copilot finishes, it will request a review from you, and you can leave pull request comments to ask Copilot to iterate.

While working on a coding task, Copilot has access to its own ephemeral development environment, powered by GitHub Actions, where it can explore your code, make changes, execute automated tests and linters and more.

Benefits over traditional AI workflows

When used effectively, Copilot-Programmier-Agent offers productivity benefits over traditional AI assistants in IDEs:

• With AI assistants in IDEs, coding happens locally. Individual developers pair in synchronous sessions with the AI assistant. Decisions made during the session are untracked and lost to time unless committed. Although the assistant helps write code, the developer still has a lot of manual steps to do: create the branch, write commit messages, push the changes, open the PR, write the PR description, get a review, iterate in the IDE, and repeat. These steps take time and effort that may be hard to justify for simple or routine issues.

• With Copilot-Programmier-Agent, all coding and iterating happens on GitHub as part of the pull request workflow. Copilot automates branch creation, commit message writing and pushing, PR opening, and PR description writing. Developers let the agent work in the background and then steer Copilot to a final solution using PR reviews. Working on GitHub adds transparency, where every step happens in a commit and is viewable in logs. Working on GitHub also opens up collaboration opportunities for the entire team.

Copilot-Programmier-Agent versus agent mode

Copilot-Programmier-Agent is distinct from the "agent mode" feature available in Visual Studio and Visual Studio Code. Copilot-Programmier-Agent works autonomously in a GitHub Actions-powered environment to complete development tasks assigned through GitHub issues or GitHub Copilot Chat prompts, and creates pull requests with the results. In contrast, agent mode in Visual Studio and Visual Studio Code is part of the GitHub Copilot Edits feature that allows Copilot to make autonomous edits directly in your local development environment. For more information about agent mode, see Stellen von GitHub Copilot-Fragen in Ihrer IDE.

Streamlining software development with Copilot-Programmier-Agent

Assigning tasks to Copilot can enhance your software development workflow.

For example, you can assign Copilot to straightforward issues on your backlog. This allows you to spend less time on these and more time on more complex or interesting work, or work that requires a high degree of creative thinking. Copilot can work on "nice to have" issues that improve the quality of your codebase or product, but often remain on the backlog while you focus on more urgent work.

Having Copilot as an additional coding resource also allows you to start tasks that you might not have otherwise due to lack of resources. For example, you might delegate Copilot tasks to refactor code or add more logging, then immediately assign these to Copilot.

Copilot can start a task, which you then pick up and continue working on yourself. By assigning the initial work to Copilot, you free up time that you would otherwise have spent doing repetitive tasks, such as setting up the scaffolding for a new project.

Making Copilot-Programmier-Agent available

Before you can assign tasks to Copilot, it must be enabled. See Enabling Copilot coding agent.

Copilot-Programmier-Agent usage costs

Copilot-Programmier-Agent uses GitHub Actions minutes and Copilot premium requests.

Within your monthly usage allowance for GitHub Actions and premium requests, you can ask Copilot to work on coding tasks without incurring any additional costs.

For more information, see Informationen zur Abrechnung für GitHub Copilot.

Built-in security protections

Security is a fundamental consideration when you enable Copilot-Programmier-Agent, as with any other AI agent. Copilot has a strong base of built-in security protections that you can supplement by following best practice guidance.

• Subject to existing governance: Organization settings and enterprise policies control availability. Any security policies and practices set up for the organization also apply to Copilot-Programmier-Agent.
• Restricted development environment: Copilot works in a sandbox development environment with internet access controlled by a firewall. It has read-only access to the repository it's assigned to work in.
• Limited access to branches: Copilot can only create and push to branches beginning with copilot/. It is subject to any branch protections and required checks for the working repository.
• Responds only to users with write permissions: Copilot will not respond to feedback from users with lower levels of access.
• Treated as an outside collaborator: Draft pull requests proposed by Copilot require approval by a user with write permissions before Actions workflows can run. Copilot cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request.
• Tracked for compliance: Copilot's commits are co-authored by the developer who assigned the issue or requested the change to the pull request, allowing attribution of proposed changes. The developer who asked Copilot to create a pull request cannot approve that pull request. In repositories where an approving review is required, this ensures that at least one independent developer reviews Copilot's work.

For more information, see:

• Piloting Copilot-Programmier-Agent in your organization (information on how organization owners can further enhance security)
• Verantwortungsvolle Nutzung des Copilot-Programmier-Agents auf GitHub.com
• GitHub Copilot Trust Center

Risks and mitigations

Copilot-Programmier-Agent is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks. Where possible, GitHub has applied appropriate mitigations.

Risk: Copilot can push code changes to your repository

To mitigate this risk, GitHub:

• Limits who can assign tasks to Copilot. Only users with write access to the repository can trigger Copilot to work. Comments from users without write access are never presented to the agent.
• Limits the permissions in access tokens used by Copilot. Pushes are only allowed to branches beginning with copilot/. Copilot cannot push to the main or master branches.
• Limits Copilot's credentials. Copilot can only perform simple push operations. It cannot directly run git push or other Git commands.
• Restricts GitHub Actions workflow runs. Workflows are not triggered until Copilot's code is reviewed and a user with write access to the repo clicks the Approve and run workflows button. See Überprüfen eines von Copilot erstellten Pull Requests.
• Prevents the user who asked Copilot to create a pull request from approving it. This maintains the expected controls in the "Required approvals" rule and branch protection. See Verfügbare Regeln für Regelsätze.

Risk: Copilot has access to sensitive information

Copilot has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input. To mitigate this risk, GitHub:

• Restricts Copilot's access to the internet. See Anpassen oder Deaktivieren der Firewall für den Copilot-Programmier-Agent.

Risk: Prompt injection vulnerabilities

Users can include hidden messages in issues assigned to Copilot or comments left for Copilot as a form of prompt injection. To mitigate this risk, GitHub:

• Filters hidden characters before passing user input to Copilot: For example, text entered as an HTML comment in an issue or pull request comment is not passed to Copilot.

Limitations of Copilot-Programmier-Agent

Copilot-Programmier-Agent has certain limitations in its software development workflow and compatibility with other features.

Limitations in Copilot's software development workflow

• Copilot can only make changes in the same repository where it is creating its pull request. When Copilot is assigned an issue, it can only make changes in the repository where that issue is located. In addition, Copilot cannot make changes across multiple repositories in one run.
• Copilot can only access context in the same repository as the assigned issue. By default, an integration with the Copilot MCP server provides Copilot access to one repository at a time. You can, however, configure broader access. See Extending Copilot coding agent with the Model Context Protocol (MCP).
• Copilot can only open one pull request at a time. Copilot will open exactly one pull request to address each task it is assigned.
• Copilot cannot work on an existing pull request that it didn't create. If you would like Copilot to provide feedback on an existing pull request, you can add it as a reviewer. See Verwenden des GitHub Copilot-Code-Reviews.

Limitations in Copilot's compatibility with other features

• Copilot does not sign its commits. If you have the "Require signed commits" rule or branch protection enabled, you must rewrite the commit history in order to merge Copilot's pull requests. See Verfügbare Regeln für Regelsätze.
• Copilot does not work with self-hosted GitHub Actions runners. Copilot has access to its own development environment, running in GitHub Actions, and must use GitHub-hosted runners. See Customizing the development environment for Copilot coding agent.
• Copilot-Programmier-Agent does not work in personal repositories owned by verwaltete Benutzerkonten. This is because Copilot-Programmier-Agent requires GitHub-hosted runners, which are not available to repositories owned by verwaltete Benutzerkonten. See About GitHub-hosted runners.
• Copilot doesn't account for content exclusions. Content exclusions allow administrators to configure Copilot to ignore certain files. When using Copilot-Programmier-Agent, Copilot will not ignore these files, and will be able to see and update them. See Ausschließen von Inhalten von GitHub Copilot.
• Copilot-Programmier-Agent does not apply the "Suggestions matching public code" policy. Copilot may still produce suggestions matching public code, even if the "Suggestions matching public code" policy is set to "Block." If this happens, Copilot will not provide code references pointing to the original source of the code. See Verwalten von Copilot-Richtlinien als Einzelabonnent*in.
• Copilot-Programmier-Agent is not available in GitHub Enterprise-Cloud mit Datenresidenz. The agent is only available in GitHub.com.

Hands-on practice

Try the Expand your team with Copilot-Programmier-Agent Skills exercise for practical experience with Copilot-Programmier-Agent.

Further reading

• Programmier-Agent how-to articles
• Verantwortungsvolle Nutzung des Copilot-Programmier-Agents auf GitHub.com