Technical Preview · v0.2.0 · March 2026

GitHub Copilot SDK

Agents for Every App

Embed Copilot's agentic workflows in your application

TypeScript Python Go .NET Java

Examples & slides

github.com/jeffreygroneberg/ghcp_sdk

📖 github.com/github/copilot-sdk

What is the GitHub Copilot SDK?

A programmable SDK that brings Copilot's agent runtime into your application — no orchestration to build.

🏗️ Production-Tested

Same runtime behind Copilot CLI, battle-tested at scale

🌐 Multi-Language

TypeScript, Python, Go, .NET, and Java SDKs available

🔧 Extensible

Custom tools, agents, MCP servers, hooks, and skills

📖 README.md

Architecture

Your Application

→

SDK Client
TS / Python / Go / .NET / Java

→

Copilot CLI
JSON-RPC (stdio / TCP)

→

Model Provider
GitHub · OpenAI · Azure · Anthropic · Local

⚡ Auto-managed or external CLI

💾 Session persistence

👥 Multi-client support (v3)

📡 40+ streaming event types

📈 Horizontal scaling

🔍 OpenTelemetry tracing

📖 README.md — Architecture

Available SDKs

Language	Install Command
Node.js / TypeScript	`npm install @github/copilot-sdk`
Python	`pip install github-copilot-sdk`
Go	`go get github.com/github/copilot-sdk/go`
.NET	`dotnet add package GitHub.Copilot.SDK`
Java	`com.github:copilot-sdk-java` (Maven/Gradle)

Community SDKs also available: Rust, Clojure, C++

📖 README.md — Available SDKs

Key Features

🔧 Custom Tools

Define functions Copilot can invoke

🤖 Custom Agents

Specialized AI personas with scoped tools

🔌 MCP Servers

External tool integration via standard protocol

📚 Skills

Reusable prompt modules from directories

🪝 Hooks

Intercept sessions for security and auditing

📡 Streaming

40+ real-time event types

🔑 BYOK

Bring your own model provider API keys

📊 Observability

Built-in OpenTelemetry instrumentation

📖 docs/features/index.md

What Can You Build?

Real problems your teams face today — solved with the SDK

🔍 Automated Code Review

Problem: Manual reviews miss security issues and take days

→ Deploy a security auditor agent that reviews every PR in seconds using OWASP-focused prompts and read-only tools

🚀 CI/CD Pipeline Intelligence

Problem: Pipelines fail silently; debugging takes hours

→ Run agents in your pipeline that analyze failures, suggest fixes, and auto-generate test coverage

🗄️ Database Query Assistants

Problem: Non-technical teams can't self-serve data queries

→ Connect MCP servers to your database — users ask in natural language, agent writes and explains SQL

📝 Documentation Generation

Problem: Docs are always outdated, nobody wants to write them

→ Agents analyze your codebase and produce up-to-date, comprehensive documentation on every release

📖 docs/features/index.md

More Use Cases

💡 AI-Powered SaaS Products

Problem: Building AI features requires custom orchestration and model plumbing

→ Embed Copilot's agent runtime in your product with per-user OAuth, session isolation, and streaming — ship AI features in days, not months

🤝 Multi-Agent Workflows

Problem: Complex tasks need multiple specialized AI roles working together

→ Use Microsoft Agent Framework to orchestrate Copilot alongside Azure OpenAI and Anthropic in sequential or parallel pipelines

⚙️ DevOps Automation

Problem: Incident response and infrastructure changes require deep expertise

→ Agents that diagnose production issues, manage infrastructure, and automate deployments with guardrailed shell access

🏗️ Internal Developer Platforms

Problem: Internal tools lack intelligence and require constant maintenance

→ Embed Copilot in your developer portal, CLI tools, and dashboards — let third-party teams build on your AI-powered platform

📖 docs/features/index.md

Built-in Tools

First-party tools available to every session — all enabled by default

📖 File System — Reading

read_file — Read file contents
view — View file or directory
glob — Find files by name pattern
grep — Search contents (ripgrep)
list_dir — List directory contents

✏️ File System — Writing

edit — Targeted edits to existing files
create — Create new files
write_file — Write / overwrite files

⚡ Shell, Web & Agent

bash / shell — Execute commands
web_fetch — Fetch content from URLs
task — Delegate to sub-agents
ask_user — Ask the user a question
store_memory — Persist facts

Plus: MCP server tools (e.g. GitHub MCP) and your custom tools via @define_tool

📖 README.md — Default tools · docs/features/hooks.md

Controlling Tool Access

Three ways to restrict what the agent can do

1. Session Config

Whitelist or blacklist at creation

session = await client.create_session(
  available_tools=[
    "grep", "glob", "view"
  ],
  # OR
  excluded_tools=[
    "bash", "shell"
  ],
)

2. onPreToolUse Hook

Dynamic per-call decisions

ALLOWED = [
  "read_file", "glob",
  "grep", "view"
]

async def on_pre_tool_use(inp, inv):
  if inp["toolName"] not in ALLOWED:
    return {
      "permissionDecision": "deny"
    }
  return {
    "permissionDecision": "allow"
  }

3. Override Built-ins

Replace with your own (v0.1.30+)

@define_tool(
  description="Custom grep",
  overrides_built_in_tool=True,
)
async def grep(params):
  # Your custom implementation
  return custom_search(
    params.query
  )

📖 docs/features/hooks.md · CHANGELOG v0.1.30

Custom Tools

Define custom functions that Copilot can invoke during conversations

You define a tool with a name, description, JSON Schema parameters, and a handler function. The agent automatically decides when to call it based on the user's prompt.

🔧 Define

Name, description, and typed parameters via JSON Schema

⚡ Handle

Your async function runs when the agent calls the tool

🔗 Register

Pass tools array to createSession()

📖 docs/getting-started.md — Custom Tools

Custom Tools — Code

const getWeather = defineTool("get_weather", {
  description: "Get the current weather for a city",
  parameters: {
    type: "object",
    properties: {
      city: { type: "string", description: "The city name" },
    },
    required: ["city"],
  },
  handler: async (args) => {
    const data = await fetchWeatherAPI(args.city);
    return { city: args.city, temp: data.temp, condition: data.condition };
  },
});

const session = await client.createSession({
  model: "gpt-4.1",
  tools: [getWeather],
});

📖 docs/getting-started.md — Custom Tools

Custom Agents & Sub-Agent Orchestration

Define specialized AI personas with their own prompts, tool restrictions, and MCP servers

🔍 Research Agent

Tools: grep, glob, view

Analyze code, answer questions. Read-only.

✏️ Editor Agent

Tools: view, edit, bash

Make minimal, surgical code changes.

🛡️ Security Auditor

Tools: grep, glob, view

Focus on OWASP Top 10 vulnerabilities.

Automatic Delegation — The runtime auto-selects the right agent based on user intent when infer: true is set.

📖 docs/features/custom-agents.md

MCP Server Integration

Model Context Protocol — open standard for connecting AI to external tools

Local / Stdio

Runs as a subprocess, communicates via stdin/stdout

Local tools, file access, scripts

Remote / HTTP

Accessed via HTTP endpoint, supports SSE

Shared services, cloud tools

Connect to any MCP server from the community directory — GitHub, SQLite, Puppeteer, filesystem, and more. The tools array controls which tools are exposed.

📖 docs/features/mcp.md

MCP Server Integration — Code

const session = await client.createSession({
  mcpServers: {
    github: {
      type: "http",
      url: "https://api.githubcopilot.com/mcp/",
    },
    filesystem: {
      type: "local",
      command: "npx",
      args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"],
      tools: ["*"],
    },
  },
});

📖 docs/features/mcp.md

Hooks — Session Lifecycle Control

onSessionStart

Add context, audit logging

onUserPromptSubmitted

Modify or filter user input

onPreToolUse

Approve, deny, or modify tool calls

onPostToolUse

Transform results, redact secrets

onErrorOccurred

Custom error handling, retry logic

onSessionEnd

Cleanup, finalize audit trail

Use for: permissions, auditing, prompt enrichment, secret redaction, error recovery

📖 docs/features/hooks.md

Authentication Deep Dive

Four methods — choose based on your deployment scenario

Auth Flow

            👤 CLI Login
            🔑 OAuth App
            ⚙️ Env Var
            🗝️ BYOK
          
▼

            SDK Client → Copilot CLI
          
▼

            ☁️ Copilot API (subscription)
            or
            ☁️ BYOK Provider (no sub)
          

Method	Use Case	Subscription
👤 Signed-in User	Desktop, local dev	Required
🔑 OAuth App	Web apps, SaaS	Required
⚙️ Env Variables	CI/CD, automation	Required
🗝️ BYOK	Own API keys	Not Required

Token support: gho_ ✅ · ghu_ ✅ · github_pat_ ✅ · ghp_ ❌
OAuth Apps + GitHub Apps both supported for multi-user scenarios

📖 docs/auth/index.md

OAuth GitHub App Integration

Build multi-user apps — each user authenticates with their GitHub account

OAuth Flow

        1. User clicks "Sign in with GitHub"

        2. Redirect → GitHub OAuth → user approves

        3. Exchange code → gho_xxx token

        4. Pass token → SDK via githubToken

        5. Requests made as that user (their subscription)

Enterprise: Works with org memberships, EMU, and SAML SSO automatically.

Code Example

const client = new CopilotClient({
  githubToken: userAccessToken,
  useLoggedInUser: false,
});

const session = await client.createSession({
  sessionId: `user-${userId}`,
  model: "gpt-4.1",
  onPermissionRequest: approveAll,
});

📖 docs/setup/github-oauth.md · docs/auth/index.md

BYOK — Bring Your Own Key

Use your own model provider API keys — no Copilot subscription required

OpenAI

Direct API access

Azure AI Foundry

Enterprise deployments

Anthropic

Claude models

Ollama

Local models

Foundry Local

On-device AI

Other

vLLM, LiteLLM, etc.

📖 docs/auth/byok.md

BYOK — Code

const session = await client.createSession({
  model: "gpt-5.2-codex",
  provider: {
    type: "openai",
    baseUrl: "https://your-resource.openai.azure.com/openai/v1/",
    wireApi: "responses",
    apiKey: process.env.FOUNDRY_API_KEY,
  },
});

The wireApi setting controls the API format — use "responses" for newer GPT-5 series models and "completions" for older ones.

📖 docs/auth/byok.md

How the SDK Talks to the CLI

All SDKs communicate via JSON-RPC — the SDK manages the CLI process lifecycle automatically

Mode 1: stdio (Auto-Managed)

SDK spawns CLI as a child process

Zero config — just new CopilotClient()
CLI dies with your app
Best for: local dev, desktop apps

Mode 2: TCP (External Server)

CLI runs as a headless server on a port

copilot --headless --port 4321
Independent lifecycle, multi-client
Best for: APIs, backends, scaling

📖 docs/setup/local-cli.md · backend-services.md

Ship It — Bundled Deployment

Package the Copilot CLI binary alongside your application — users don't need to install anything separately.

Supported Platforms

Desktop apps (Electron, Tauri)
Docker containers
Distributable CLI tools

Multi-Platform Binaries

copilot-darwin-arm64
copilot-linux-x64
copilot-win-x64.exe

📖 docs/setup/bundled-cli.md

Deployment Patterns

💻 Local CLI

Hobbyist

SDK spawns CLI as child process. Simplest path for personal projects and development.

📦 Bundled CLI

Desktop App

Ship the CLI binary with your app. Standalone apps with zero external dependencies.

🖥️ Backend Services

Enterprise

CLI as headless server over TCP. Web backends, APIs, and microservices.

📈 Scaling

Platform

Horizontal scaling with session isolation. Serve thousands of users reliably.

📖 docs/setup/index.md

Microsoft Agent Framework Integration

Compose Copilot alongside Azure OpenAI, Anthropic, and others in orchestrated workflows

Sequential Workflow

Copilot Agent
Code Review

→

Azure Agent
Documentation

→

Combined
Final Output

Concurrent Workflow

Security Reviewer

Perf Reviewer

→

Aggregated Result

Unified successor to Semantic Kernel & AutoGen .NET and Python A2A protocol support Full streaming

📖 docs/integrations/microsoft-agent-framework.md

Demo 1: Simple Chat — TypeScript

What this does: Create a client, open a session, send a prompt, and get a response — the "Hello World" of the SDK. Just 6 lines of meaningful code.

import { CopilotClient } from "@github/copilot-sdk";

const client = new CopilotClient();
const session = await client.createSession({
  model: "gpt-4.1",
  onPermissionRequest: async () =>
    ({ kind: "approved" }),
});

const response = await session.sendAndWait({
  prompt: "Explain how async/await works"
});

console.log(response?.data.content);
await client.stop();

📖 docs/getting-started.md

Demo 1: Simple Chat — Python

What this does: Same "Hello World" in Python — identical concept, idiomatic API. The v0.2.0 SDK uses keyword arguments and positional prompts.

from copilot import CopilotClient
from copilot import PermissionHandler

client = CopilotClient()
await client.start()

session = await client.create_session(
  on_permission_request=
    PermissionHandler.approve_all,
  model="gpt-4.1",
)

response = await session.send_and_wait(
  "Explain how async/await works"
)

print(response.data.content)
await client.stop()

📖 python/README.md

Demo 2: Custom Tool — Ticket Lookup

What this does: Define a tool that queries your internal ticket system. The agent automatically calls it when a user asks about a ticket — no routing code needed. This pattern works for any internal system: CRMs, dashboards, HR tools.

const lookupTicket = defineTool("lookup_ticket", {
  description: "Look up a support ticket by ID",
  parameters: {
    type: "object",
    properties: {
      ticketId: { type: "string", description: "Ticket ID (e.g. TICK-1234)" },
    },
    required: ["ticketId"],
  },
  handler: async (args) => {
    const ticket = await db.tickets.findById(args.ticketId);
    return {
      id: ticket.id, status: ticket.status,
      title: ticket.title, assignee: ticket.assignee,
    };
  },
});

📖 docs/getting-started.md — Custom Tools

Demo 2: Ticket Lookup — Usage

What this does: Register the tool, send a natural language question. The agent recognizes it needs the ticket tool, calls it automatically, and formulates a human-readable answer from the structured data.

const session = await client.createSession({
  model: "gpt-4.1",
  tools: [lookupTicket],
  onPermissionRequest: async () => ({ kind: "approved" }),
});

await session.sendAndWait({
  prompt: "What's the status of TICK-4521?"
});
// Copilot automatically calls lookup_ticket("TICK-4521")

This pattern works for any internal system: CRMs, monitoring dashboards, inventory systems, HR tools — anything with an API or database.

📖 docs/getting-started.md — Custom Tools

Demo 3: Backend API Service

What this does: Run Copilot as a production backend — the CLI runs as a headless server, your Express API connects over TCP, each user gets their own session with per-user OAuth. This is the pattern for SaaS products and internal tools at scale.

import express from "express";
import { CopilotClient } from "@github/copilot-sdk";

const app = express();
app.use(express.json());

// Connect to headless CLI server
const client = new CopilotClient({ cliUrl: "localhost:4321" });

app.post("/api/chat", async (req, res) => {
  const { sessionId, message, userToken } = req.body;

  const session = await client.createSession({
    sessionId: `user-${sessionId}`,
    model: "gpt-4.1",
    githubToken: userToken,  // Per-user OAuth token
  });

  const response = await session.sendAndWait({ prompt: message });
  res.json({ sessionId, content: response?.data.content });
});

app.listen(3000);

📖 docs/setup/backend-services.md

Get Started Today

1️⃣ Install Copilot CLI

Follow the Copilot CLI installation guide

2️⃣ Install Your SDK

npm, pip, go get, dotnet add, or Maven/Gradle

3️⃣ Create Your First Session

client.createSession({ model: "gpt-4.1" })

Resource	Link
SDK Repository	github.com/github/copilot-sdk
Documentation	docs/ in the repository
Cookbook & Recipes	github.com/github/awesome-copilot
Java SDK	github.com/github/copilot-sdk-java
GitHub MCP Server	github.com/github/github-mcp-server

📖 github.com/github/copilot-sdk

Demo 4: Real-Time Streaming

Stream AI responses token by token for interactive, real-time user experiences

const session = await client.createSession({
  model: "gpt-4.1",
  streaming: true,
  onPermissionRequest: async () => ({ kind: "approved" }),
});

// Subscribe to real-time streaming events
session.on("assistant.message_delta", (event) => {
  process.stdout.write(event.data.delta ?? "");
});

session.on("assistant.message", (event) => {
  console.log("\n--- Full response complete ---");
});

await session.sendAndWait({
  prompt: "Write a quicksort implementation in TypeScript"
});

📖 docs/features/streaming-events.md

Demo 5: Security Audit with Hooks

Combine custom agents with hooks for enterprise-grade auditing

const READ_ONLY_TOOLS = ["read_file", "glob", "grep", "view"];

const session = await client.createSession({
  model: "gpt-4.1",
  customAgents: [{
    name: "security-auditor",
    prompt: "You are a security expert. Focus on OWASP Top 10.",
    tools: READ_ONLY_TOOLS,
  }],
  agent: "security-auditor",
});

📖 docs/hooks/pre-tool-use.md

Demo 5: Security Hooks

hooks: {
  onPreToolUse: async (input) => {
    // Enforce read-only: deny any write operations
    if (!READ_ONLY_TOOLS.includes(input.toolName)) {
      return { permissionDecision: "deny",
        permissionDecisionReason: `"${input.toolName}" blocked` };
    }
    return { permissionDecision: "allow" };
  },
  onPostToolUse: async (input) => {
    // Redact any secrets found in tool output
    if (typeof input.toolResult === "string") {
      const redacted = input.toolResult.replace(
        /api[_-]?key\s*[:=]\s*["']?[\w\-\.]+["']?/gi, "[REDACTED]");
      if (redacted !== input.toolResult)
        return { modifiedResult: redacted };
    }
    return null;
  },
}

📖 docs/hooks/pre-tool-use.md

🚀 What's New in v0.2.0

A major release with new capabilities, API refinements, and breaking changes

✨ New Features

System prompt customization — surgically edit 10 prompt sections (identity, tone, safety, …) with replace/append/prepend/transform actions
Blob attachments — send images and binary data inline without writing to disk
skipPermission on tools — bypass confirmation for low-risk read-only tools
OpenTelemetry — full distributed tracing across all 4 SDKs
New RPC methods — skills, MCP, extensions, shell, and plugin management

⚠️ Breaking Changes

Python API overhaul — keyword args replace TypedDicts
autoRestart removed — deprecated across all SDKs
Go Start() context — cancelling context no longer kills CLI process; use Stop()
Go LogOptions.Ephemeral — changed from bool to *bool
Python internal modules — copilot.jsonrpc → copilot._jsonrpc

📖 releases/tag/v0.2.0

v0.2.0: System Prompt Customization

Surgically edit individual sections of the Copilot system prompt

identity → tone → tool_efficiency → environment_context → code_change_rules

guidelines → safety → tool_instructions → custom_instructions → last_instructions

Actions per section

`replace`	Replace entire section content
`append`	Add content after the section
`prepend`	Add content before the section
`remove`	Remove the section entirely
`transform`	Callback — receives text, returns modified

Example

await client.createSession({
  systemMessage: {
    mode: "customize",
    sections: {
      identity: {
        action: (current) =>
          current.replace("Copilot",
            "Acme Assistant"),
      },
      tone: {
        action: "replace",
        content: "Be concise.",
      },
    },
  },
});

📖 releases/tag/v0.2.0 · PR #816