Add simplified guide for testing PRs with Copilot Chat and Skills

[Copilot]

Changes proposed in this request

Adds docs/testing-prs-with-copilot.md - a developer-focused guide for testing GitHub PRs locally with Copilot Chat and Skills integration in VS Code.

Key sections:

• PR Checkout: Generic and example commands with tips for updating already-checked-out branches (merge vs reset)
• VS Code Setup: Quick launch command
• Copilot Chat: Keyboard shortcuts and workspace context setup
• 10 Skill Test Prompts: Copy-paste ready validation tests for vanilla flows (SAMI, UAMI by ClientId/ResourceId/ObjectId, Confidential Client) and FIC two-leg flows (MSI→ConfApp, ConfApp→ConfApp with Bearer/PoP tokens)
• Verification Checklist: Expected behaviors (helper classes, namespaces, async/await patterns) and red flags (invented helpers, missing attestation, MSI in Leg 2)
• Troubleshooting: Solutions for Copilot not using local repo and git fetch conflicts
• Quick Commands: End-to-end copy/paste example using PR Add GitHub Agent Skills for MSAL.NET mTLS PoP with complete MSI & Confidential Client coverage #5733

Target users: Developers testing skill-related PRs and code reviewers validating Copilot skill implementations.

Testing

Documentation change only. Manual review of content structure, command accuracy, and markdown formatting completed.

Performance impact

N/A - documentation only.

Documentation

• All relevant documentation is updated.

Original prompt

Summary

Create a comprehensive guide document for testing GitHub PRs locally with Copilot Chat and Skills integration in VS Code.

Goals

1. Document the complete workflow for:

   • Cloning the MSAL .NET repository
   • Checking out a PR locally (both GitHub CLI and plain git methods)
   • Opening the repo in VS Code
   • Configuring Copilot Chat to use local repo context
   • Testing skills-related PRs with validation checklists

2. Provide clear, copy-paste ready commands for Windows environments

3. Include practical testing templates for skill validation

4. Offer troubleshooting guidance for common issues

Content to Include

• Prerequisites (Git, GitHub CLI installation)
• Step-by-step checkout instructions (multiple methods)
• Copilot Chat workspace grounding verification
• Skills testing checklist with example prompts
• Quality validation checks (what "good" looks like)
• Common error solutions
• Copy-paste quick reference commands

Target Users

• Contributors testing skill-related PRs
• Code reviewers validating Copilot skill implementations
• Developers new to the local PR testing workflow

Format

Create as a markdown documentation file suitable for inclusion in the repository's docs or contributing guidelines. The guide should reference the sample PR #5733 and provide step-by-step instructions that developers can follow.

This pull request was created from Copilot chat.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[gladjohn]

@copilot that's a lot of instructions. I like the VS code and git cmd instructions but most folks who refer this are developers. can we keep it simple like

# ✅ Testing Skills in VS Code (Copilot Chat)
Use this guide to validate a PR that adds or updates GitHub Copilot “skills” in the repo.

---

## 1) Checkout the PR branch

### Generic
```bash
git fetch origin pull/[PR_NUMBER]/head:[BRANCH_NAME]
git checkout [BRANCH_NAME]

Example (PR 5733)

git fetch origin pull/5733/head:pr/5733
git checkout pr/5733

Tip (getting latest PR commits):
If you are already checked out on [BRANCH_NAME], Git may refuse to fetch into the same branch name.
Use one of these instead:

Safe update (merge latest PR head):

git fetch origin pull/[PR_NUMBER]/head
git merge FETCH_HEAD

Force exact PR state (overwrites local changes/commits on your branch):

git fetch origin pull/[PR_NUMBER]/head
git reset --hard FETCH_HEAD

---

2) Open VS Code

From the repo folder:

code .

---

3) Open GitHub Copilot Chat

• Windows/Linux: Ctrl + Shift + I
• Mac: Cmd + Shift + I

Strongly recommended: force Copilot to use your local repo

In Copilot Chat:

1. Click Add Context…
2. Select Workspace

If your PR adds “skills” under a specific folder (e.g., .github/...), you can also add that folder explicitly.

---

4) Skill test prompts (copy/paste)

Test 1 — Vanilla SAMI PoP

Using the msal-mtls-pop-vanilla skill, show me how to acquire an mTLS PoP token with system-assigned managed identity (SAMI) for Microsoft Graph.

Test 2 — Vanilla UAMI by ClientId

Using the msal-mtls-pop-vanilla skill, show me how to acquire an mTLS PoP token with user-assigned managed identity using client ID 6325cd32-9911-41f3-819c-416cdf9104e7.

Test 3 — Vanilla UAMI by ResourceId

Using the msal-mtls-pop-vanilla skill, show me how to acquire an mTLS PoP token with user-assigned managed identity using resource ID /subscriptions/c1686c51-b717-4fe0-9af3-24a20a41fb0c/resourcegroups/MSIV2-Testing-MSALNET/providers/Microsoft.ManagedIdentity/userAssignedIdentities/msiv2uami.

Test 4 — Vanilla UAMI by ObjectId

Using the msal-mtls-pop-vanilla skill, show me how to acquire an mTLS PoP token with user-assigned managed identity using object ID ecb2ad92-3e30-4505-b79f-ac640d069f24.

Test 5 — Vanilla Confidential Client PoP

Using the msal-mtls-pop-vanilla skill, show me how to acquire an mTLS PoP token with a confidential client app using certificate-based authentication.

Test 6 — FIC (MSI → ConfApp → Bearer)

Using the msal-mtls-pop-fic-two-leg skill, show me a two-leg token exchange where Leg 1 uses MSI to get a PoP token for api://AzureADTokenExchange, and Leg 2 uses a confidential client app to exchange that token for a Bearer token to Microsoft Graph.

Test 7 — FIC (MSI → ConfApp → mTLS PoP)

Using the msal-mtls-pop-fic-two-leg skill, show me a two-leg token exchange where Leg 1 uses MSI to get a PoP token for api://AzureADTokenExchange, and Leg 2 uses a confidential client app to exchange that token for an mTLS PoP token to Microsoft Graph.

Test 8 — FIC (ConfApp → ConfApp → Bearer)

Using the msal-mtls-pop-fic-two-leg skill, show me a two-leg token exchange where both Leg 1 and Leg 2 use confidential client apps, with the final token being a Bearer token.

Test 9 — FIC (ConfApp → ConfApp → mTLS PoP)

Using the msal-mtls-pop-fic-two-leg skill, show me a two-leg token exchange where both legs use confidential client apps, with the final token being an mTLS PoP token.

Test 10 — Shared Guidance

Using the msal-mtls-pop-guidance skill, what's the difference between vanilla and FIC flows? When should I use each?

---

5) Verify responses (expected behavior)

Copilot should:

• ✅ Reference correct helper classes (e.g., ResourceCaller.cs, FicLeg1Acquirer.cs, etc.)
• ✅ Include complete code examples with proper async/await
• ✅ Show .WithMtlsProofOfPossession() and .WithAttestationSupport()
• ✅ Include required namespaces:
  • using Microsoft.Identity.Client.AppConfig;
  • using Microsoft.Identity.Client.KeyAttestation;
• ✅ Show token types and certificate binding
• ✅ Avoid MSI Leg 2 scenarios (Leg 2 must be ConfApp only)
• ✅ Reference real UAMI IDs (client ID / resource ID / object ID)

Red flags

• ❌ Invented helper classes or file paths
• ❌ Generic MSAL examples that ignore repo helpers
• ❌ MSI shown in Leg 2 for FIC
• ❌ Missing required namespaces or missing attestation/PoP configuration

---

6) Troubleshooting

Copilot is not using the local repo

1. In Copilot Chat → Add Context… → Workspace
2. Use an @workspace prompt to force repo search:

@workspace Search this repo for "msal-mtls-pop" and show the exact file paths where it appears.

3. Reload VS Code:

• Ctrl+Shift+P → Developer: Reload Window

Git error: “refusing to fetch into branch ... checked out”

Use:

git fetch origin pull/[PR_NUMBER]/head
git merge FETCH_HEAD

(or git reset --hard FETCH_HEAD if you want to overwrite)

---

7) Quick copy/paste (end-to-end)

Example using PR 5733:

cd C:\code
git clone https://github.com/AzureAD/microsoft-authentication-library-for-dotnet.git
cd microsoft-authentication-library-for-dotnet
git fetch origin pull/5733/head:pr/5733
git checkout pr/5733
code .
git branch --show-current
git log -1 --oneline

[Copilot]

@copilot that's a lot of instructions. I like the VS code and git cmd instructions but most folks who refer this are developers. can we keep it simple like

...

Simplified the guide as requested. Reduced from 760 to 170 lines, focusing on:

• Essential checkout steps (with merge vs reset options)
• 10 specific skill test prompts
• Expected behavior checklist
• Key troubleshooting scenarios
• Quick end-to-end commands

Changes in commit ccd1797.