Merged
Conversation
- Introduced a comprehensive guide for setting up GitHub OAuth authentication, detailing the flow, architecture, and implementation steps. - Created a new setup guide for using the Copilot SDK with a locally signed-in CLI, emphasizing ease of use for personal projects and development. - Added a scaling and multi-tenancy guide to help developers design deployments that support multiple users and concurrent sessions. - Included configuration options, session management strategies, and production best practices across the new guides.
) * fix: set executable permission on CLI binary in Python wheel The repack step in build-wheels.mjs was producing wheels where copilot/bin/copilot had 0o644 (-rw-r--r--) permissions because setuptools strips the executable bit when building package data. After extracting the wheel for repack, restore chmod 0o755 on the CLI binary so that zf.write() captures the correct permissions. This ensures pip/uv install the binary as executable on Unix. * Update python/scripts/build-wheels.mjs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…hub#414) * support bundling and auto installing the GitHub Copilot CLI * fix lint * catch missing errors * copilot feedback * Potential fix for pull request finding 'Writable file handle closed without error handling' Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com> * Potential fix for pull request finding 'Writable file handle closed without error handling' Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com> * add --check-only --------- Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
…hub#427) * Expose session context in listSessions and add filtering Adds SessionContext to SessionMetadata so SDK consumers can see the working directory and repository information for each session. Also adds optional filter parameter to listSessions() for filtering by context fields (cwd, gitRoot, repository, branch). Implemented in all SDK clients: - Node.js - Python - Go - .NET Fixes github#413 Fixes github#200 * Skip context test until runtime PR merges * Add session.context_changed event to SDK types Adds the session.context_changed event to generated session event types in all SDK clients (Node.js, Python, Go, .NET). The event fires when the working directory context changes between turns and contains the updated context (cwd, gitRoot, repository, branch). * Address PR review comments - Export SessionContext from index.ts - Use SessionContext type instead of inline redeclaration in client.ts - Update listSessions JSDoc with filter param docs and examples - Update README with filter signature - Update session-persistence docs to mention context field * Add context tests across all SDK clients - Node.js: Unskip context field test (runtime PR now merged) - Python: Add context assertions to existing list_sessions test - Go: Add context assertions to existing ListSessions test - .NET: Add new test for listing sessions with context * Bump @github/copilot CLI to ^0.0.409 Ensures all SDK tests run against a CLI version that includes the session context and context_changed event changes. * Regenerate session event types from CLI 0.0.409 schema Includes session.context_changed event and updated event schemas across all SDK clients (Node.js, Python, Go, .NET). * Fix context tests: persist session before listing - Node.js: Send message and add delay before listing sessions - .NET: Increase delay, check context only on our session * Make context tests more resilient - Increase delay to 500ms for session flush - Make context assertions conditional (may not be written yet) - Simplify Node.js test to focus on session listing * Fix Node.js context test: avoid sendAndWait timeout The E2E test proxy doesn't have a cached response for the new test. Use createSession + getMessages instead of sendAndWait to avoid needing a CAPI proxy response. * Fix .NET context test: avoid SendAndWait with uncached prompt Same issue as Node.js - the test harness proxy doesn't have a cached CAPI response for 'Say hello'. Just create the session and check listSessions without sending a message. * Increase timeout for context test to 60s The createSession call can take longer on CI due to CLI startup time. * Skip context E2E tests that need CAPI proxy updates The E2E test harness uses a replaying CAPI proxy that doesn't have cached responses for sessions created by our new tests. These tests need the proxy to be updated to support the new session lifecycle. The Python and Go tests pass because they don't share the same proxy or have pre-existing cached responses. * Regenerate session event types after merge
…b#424) (github#482) On Linux distros that install .NET from distribution packages (Ubuntu, Fedora, RHEL, etc.), RuntimeInformation.RuntimeIdentifier returns distro-specific RIDs like ubuntu.24.04-x64 instead of the portable linux-x64. The bundled CLI is placed under runtimes/linux-x64/native/, so the lookup fails and throws. Fix both the runtime lookup and build-time RID resolution: - Client.cs: GetBundledCliPath now falls back to the portable RID (e.g., linux-x64) when the distro-specific RID path doesn't exist. - GitHub.Copilot.SDK.targets: Always use portable RIDs derived from OS/architecture detection instead of the project's RuntimeIdentifier, which may be distro-specific. Fixes github#424 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…tion bags (github#422) * Add copy constructors and Clone methods to the various .NET config option bags Consuming libraries like Agent Framework sometimes have a need to clone the various options bags, e.g. their caller passes in options and that middle library needs to tweak the settings before passing them along (e.g. set Streaming to true or false) but it doesn't want to mutate the caller's object. Without clone methods, such libraries need to manually copy every property, which then means when new properties are added, they get ignored and options are lost. This PR adds such public Clone methods, and accomodates the non-sealed nature of the types by adding protected copy constructors that the virtual Clone methods use. (If instead we want to seal these types, that'd be viable as well.) * Address copilot feedback
…github#463) * Allow custom npm registry URL for .NET SDK Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * Update dotnet/src/build/GitHub.Copilot.SDK.targets Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update dotnet/src/build/GitHub.Copilot.SDK.targets Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Initial plan * Add hide_cli_window option to suppress console window on Windows Co-authored-by: patniko <26906478+patniko@users.noreply.github.com> * Address code review feedback: use conditional kwargs and idiomatic assertions Co-authored-by: patniko <26906478+patniko@users.noreply.github.com> * Make hiding CLI window default behavior across all SDKs - Python: Always hide window on Windows (removed hide_cli_window option) - Node.js: Add windowsHide: true to spawn options - Go: Add SysProcAttr with HideWindow on Windows via platform-specific files - .NET: Already had CreateNoWindow = true This ensures consistent behavior across all SDKs where the CLI subprocess console window is hidden on Windows to avoid distracting users in GUI apps. Co-authored-by: SteveSandersonMS <1101362+SteveSandersonMS@users.noreply.github.com> * Fix Go build --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: patniko <26906478+patniko@users.noreply.github.com> Co-authored-by: SteveSandersonMS <1101362+SteveSandersonMS@users.noreply.github.com> Co-authored-by: Steve Sanderson <SteveSandersonMS@users.noreply.github.com>
…ithub#486) The Location column was linking to external cookbook READMEs in github/awesome-copilot instead of the SDK subfolders in this repo. - Changed Location links to point to SDK subfolders (nodejs/, python/, go/, dotnet/) - Added separate Cookbook column for external cookbook links Fixes github#474 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Increase the default timeout for downloading the Copilot CLI tarball from 100s (the HttpClient default) to 600s (10 minutes) to handle slow or unreliable network conditions. The timeout is configurable via the CopilotCliDownloadTimeout MSBuild property. Fixes github#451 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add MSBuild property CopilotSkipCliDownload that when set to true skips automatic download and bundling of the Copilot CLI binary. This is useful for users who install the CLI separately (e.g., via npm or a package manager) and want to avoid the build-time download. When skipped, users must ensure COPILOT_CLI_PATH or the CliPath option points to a valid CLI installation at runtime. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Use MCP direct env var mode in Node SDK * Equivalent fixes for other languages * Update @github/copilot to 0.0.411-1 and regenerate SDKs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix Python lint errors (line too long) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add normalizer to strip <reminder> tags from user messages The CLI now injects dynamic <reminder> tags with SQL table state into user messages. These tags vary based on runtime state and should not affect snapshot matching. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs: Add Azure Managed Identity guide for BYOK Add a guide showing how to use DefaultAzureCredential with the Copilot SDK's BYOK mode to authenticate against Azure AI Foundry using Managed Identity instead of static API keys. The pattern obtains a short-lived bearer token from Entra ID and injects it as the api_key in the ProviderConfig. Includes examples for Python, Node.js/TypeScript, and .NET, plus a token-refresh pattern for long-running applications. Also updates the BYOK limitations table to reference this workaround and adds the guide to the setup index decision matrix. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: use bearer_token, fix relative links - Use dedicated bearer_token/bearerToken/BearerToken provider config field instead of api_key for Entra ID tokens (all 3 language examples) - Fix relative links: ../guides/setup/ → ./ (same directory) - Add docs-validate: skip for TypeScript and C# blocks that depend on @azure/identity and Azure.Identity packages not in the validation project - Update prose to reference bearer_token instead of api_key Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add clientName to SessionConfig across all SDKs Add clientName as an optional field to SessionConfig and ResumeSessionConfig in all four SDK languages (Node.js, Python, Go, .NET). This allows SDK consumers to identify their application, which is included in the User-Agent header for API requests. The CLI server protocol already supports clientName on both session.create and session.resume requests, but the SDK types were not exposing it. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: align ResumeSessionConfig.client_name comment with SessionConfig Add the User-Agent header note to the ResumeSessionConfig.client_name comment to be consistent with SessionConfig.client_name. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test: add clientName forwarding tests across all SDKs Add tests verifying clientName is included in session.create and session.resume RPC payloads when set: - Node.js: spy on connection.sendRequest to verify payload - Python: mock _client.request to capture and assert payload - Go: JSON serialization tests for internal request structs - .NET: clone test for ClientName on SessionConfig Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…default The test_should_abort_a_session test relies on the shell tool actually starting execution before the abort is sent. With deny-by-default permissions (github#509), a race exists: if the permission denial response arrives before the abort, the tool result becomes 'Permission denied' instead of the snapshotted 'interrupted' message, causing the replay proxy to fail matching subsequent requests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Commit base e2e across SDKs
* Add C# samples to 8 representative scenarios
Add csharp/ subdirectories with Program.cs and csproj for:
- transport/stdio, transport/tcp
- bundling/fully-bundled
- tools/no-tools, tools/custom-agents
- sessions/streaming
- callbacks/permissions
- prompts/system-message
All samples reference the local .NET SDK via ProjectReference.
Each verify.sh updated with dotnet build/run steps.
Added C# build artifacts to .gitignore.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix go.mod replace paths for test scenarios
All 30 go.mod files had incorrect relative paths to the SDK Go
module. Scenarios live at test/scenarios/<cat>/<scenario>/go/
(5 levels deep), so the replace directive needs ../../../../../go
instead of ../../../../go.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Replace copilot-core with Copilot CLI across all test scenarios
copilot-core is not a product name. Updated 63 files to use the
correct terminology:
- Prose/comments: "Copilot CLI"
- Binary name in code/commands: copilot
- COPILOT_CLI_PATH env var: unchanged (already correct)
- Dockerfile ENTRYPOINT/COPY: copilot
- docker-compose service name: copilot-cli
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add scenario build verification workflow for PR checks
Runs build verification for all test/scenarios across 4 languages
(TypeScript, Python, Go, C#) as parallel jobs. Triggered on PRs
that touch scenarios or SDK source, and on push to main.
Build-only — no E2E execution (no API keys or Copilot CLI needed).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add full language parity: all 34 scenarios × 4 languages
Every scenario now has TypeScript, Python, Go, and C# implementations.
New additions:
- C# for 26 scenarios (auth, bundling, callbacks, modes, prompts,
sessions, tools, transport)
- Python + Go + C# for 3 BYOK scenarios (anthropic, azure, ollama)
- Python + Go + C# stubs for multi-user scenarios (SKIP pattern)
All 136 scenario builds verified: 34 TS, 34 PY, 34 GO, 34 CS.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add CI caching and justfile targets for scenario builds
- Add npm, Go module, and NuGet caching to scenario-builds.yml
- Add just scenario-build, scenario-verify, scenario-build-lang targets
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Quality fixes: C# in all verify.sh, fix stubs, consistent patterns
- Add C# build/run steps to all 26 verify.sh scripts that were missing them
- Replace infinite-sessions TS stub with real implementation
- Rework modes: remove filesystem-preset, rename cli-preset→default and
minimal-preset→minimal with real implementations in all 4 languages
- Fix C# patterns across all 33 scenarios: consistent await using,
StartAsync/StopAsync, proper disposal
33 scenarios × 4 languages = 132 builds, all passing.
2 multi-user scenarios remain as stubs (require memory FS features).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Strengthen Python CI: py_compile + import check instead of AST-only
Install the Python SDK and use py_compile for proper compilation
checking, plus verify the copilot module is importable.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Update scenario model references to claude-sonnet-4.6
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: remove soft-pass fallbacks in verify.sh scenario scripts
Replace else/elif fallback branches that always passed with proper
failure reporting. Previously, when the expected grep pattern wasn't
found, the test would emit a warning but still count as passed. Now
these cases correctly report failure and increment the FAIL counter.
Changed 18 files with 21 soft-pass fixes across:
- 10 standard else-branch fallbacks (modes, prompts, tools, sessions)
- 3 elif-branch fallbacks (callbacks, streaming, virtual-filesystem)
- 3 multi-branch fixes with both 'partial' and 'got response' fallbacks
(concurrent-sessions, multi-user-long-lived, multi-user-short-lived)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Strengthen tools scenario verifications
- tool-filtering: use word-boundary grep (-w) for blacklisted tools to
avoid false positives on substrings like 'bashing'
- no-tools: change question to directly request bash tool usage; update
verify grep to check for inability patterns (can't, cannot, unable)
- virtual-filesystem: require both 'Virtual filesystem contents' AND
'plan.md' in output; fix dead elif branch
- custom-agents: tighten grep to only match 'researcher' or 'Research'
instead of also matching generic tool names
- skills: add lowercase 'skill' to grep pattern for broader matching
- mcp-servers: replace soft-pass (non-empty output) with meaningful
content grep; add separate failure message for pattern mismatch
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Support latest .NET
* Move to haiku
* Fix scenario tests: paths, verifications, streaming, and parallel execution
- Fix relative paths in TS package.json (43 files) and Python requirements.txt (33 files)
- Add RollForward to C# csproj files for .NET 8/10 compat
- Remove soft-pass fallbacks in verify.sh — tests now hard-fail on missing patterns
- Fix Go permissions bug (req.Kind → req.ToolName) and add ToolName to SDK type
- Fix Python/Go availableTools: empty list was omitted instead of sent as []
- Fix streaming event names (assistant.message.chunk → assistant.message_delta)
- Fix TS streaming subscription (session.on('event') → typed subscription)
- Fix Python streaming enum comparison (event.type.value)
- Add permission handlers to Go skills scenario
- Switch scenarios to claude-haiku-4.5 for faster execution
- Parallelize verify.sh with live progress bar and per-SDK status icons
- Fix parallel pip install race with pre-install and import check
- Remove go.sum files from tracking
- Remove hardcoded OAuth client ID from C# gh-app scenario
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Restore go.sum files needed for CI builds
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Revert ToolName addition to Go PermissionRequest — use Extra map instead
The ToolName field doesn't exist on PermissionRequest in other SDKs.
The scenario test now reads toolName from the Extra map to stay
consistent without modifying SDK types.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: use o4-mini for reasoning-effort scenario tests
claude-haiku-4.5 does not support the reasoningEffort configuration,
causing all 4 SDK scenario tests to fail. Switch to o4-mini which
supports reasoning effort.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* python: migrate to PEP 639 license-files - Change license from deprecated table form to SPDX expression string - Remove deprecated License :: trove classifier - Update build-wheels.mjs to set license-files with both SDK LICENSE and CLI-LICENSE.md for bundled wheels - Update SPDX expression to 'MIT AND LicenseRef-Copilot-CLI' for bundled CLI wheels * python: collapse two-step license replacement into one Address review feedback: combine the SPDX expression and license-files replacements into a single atomic operation to avoid fragile coupling.
… lock files (github#449) * Rely on `pyproject.toml` Use of `setup.py` is redundant. This leads to more accurate metadata: ```diff 17c17 < Requires-Python: >=3.8 --- > Requires-Python: >=3.9 29d28 < Dynamic: requires-python ``` * Drop unnecessary/redundant lock files * Don't require a lock file
* Initial plan * Update manylinux tag from 2_17 to 2_28 for Node 24.11 glibc requirement Co-authored-by: brettcannon <54418+brettcannon@users.noreply.github.com> * Add comment explaining Node 24.11 dependency for platform tags Co-authored-by: brettcannon <54418+brettcannon@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
github/copilot-sdkmain branch (29 new commits)client.ts,types.ts,client.test.ts) merged cleanlyNotable upstream changes
Breaking Change
requestPermissionis now alwaystruein Copilot protocol. No impact on ACP: our ACP adapter already had deny-by-default behavior viaoutcome: "cancelled"inhandleAcpPermissionRequest()New Features
clientNamesupport across all SDKs (feat: add clientName to SessionConfig across all SDKs github/copilot-sdk#510)Fixes
envValueModedirect (Fix MCP env vars: send envValueMode direct across all SDKs github/copilot-sdk#484)nodefrom pathDocs
Test plan
git merge-treeconfirms no conflictstsc --noEmitpassesclientNametests)🤖 Generated with Claude Code