GitHub Engineering

GitHub EngineeringJan 26, 2026

Power agentic workflows in your terminal with GitHub Copilot CLI

Why it matters: GitHub Copilot CLI brings agentic AI to the terminal, bridging the gap between IDEs and system-level tasks. By automating environment setup, debugging, and GitHub interactions via MCP, it significantly boosts developer velocity and reduces the cognitive load of manual CLI operations.

GitHub Copilot CLI enables agentic AI workflows directly within the terminal, reducing context switching between IDEs and command-line environments.
The tool automates complex terminal tasks such as repository cloning, dependency management, and process troubleshooting like identifying and killing PIDs.
It supports multimodal capabilities, allowing users to upload screenshots of UI bugs for automated analysis and suggested code fixes.
Integration with the Model Context Protocol (MCP) allows the CLI to interact with custom agents for specialized tasks like accessibility reviews or security audits.
Developers can query GitHub-specific data, such as open issues or PRs, and delegate multi-step tasks to coding agents without leaving the command line.

#mlp #culture

Read original

GitHub EngineeringJan 22, 2026

Build an agent into any app with the GitHub Copilot SDK

Why it matters: Building agentic workflows is difficult due to the complexity of context management and tool orchestration. This SDK abstracts those infrastructure hurdles, allowing engineers to focus on product logic while leveraging a production-tested agentic loop.

GitHub released the Copilot SDK in technical preview, enabling developers to embed the Copilot agentic core into custom applications.
The SDK provides programmatic access to the same execution loop used by Copilot CLI, including planning, tool orchestration, and multi-turn context management.
It supports major programming environments including Node.js, Python, Go, and .NET, with built-in support for GitHub authentication.
Key features include Model Context Protocol (MCP) server integration, custom tool definitions, and real-time streaming capabilities.
Developers can leverage existing Copilot subscriptions or provide their own API keys to power the agentic workflows.

#mlp #frontend

Read original

GitHub EngineeringJan 21, 2026

A cheat sheet to slash commands in GitHub Copilot CLI

Why it matters: Slash commands transform the Copilot CLI from a chat interface into a precise developer tool. By providing predictable, keyboard-driven shortcuts for context management and model selection, they minimize context switching and improve the reliability of AI-assisted terminal workflows.

Slash commands provide explicit, repeatable instructions in the GitHub Copilot CLI, reducing the need for complex natural language prompting.
Commands like /clear and /cwd allow developers to manage conversation history and directory scoping to prevent context bleed.
The /model command enables switching between different AI models to optimize for speed or reasoning depth based on the task.
Security and compliance are enhanced through commands like /add-dir and /list-dirs, which define clear boundaries for file access.
Advanced features include /mcp for connecting Model Context Protocol servers and /delegate for offloading tasks to specialized agents.
The CLI supports session management and usage tracking via /session and /usage commands to monitor resource consumption.

#mlp #security #culture

Read original

GitHub EngineeringJan 20, 2026

AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent

Why it matters: Triaging security alerts is often manual and repetitive. This framework allows engineers to automate human-like reasoning to filter false positives at scale, combining the precision of CodeQL with the pattern-matching flexibility of LLMs to find real vulnerabilities faster.

GitHub Security Lab introduced the Taskflow Agent, an open-source framework for automating security research and vulnerability triage using LLMs.
Taskflows are defined in YAML files, breaking complex audits into smaller, sequential tasks to overcome LLM context window limitations and improve accuracy.
The framework utilizes Model Context Protocol (MCP) servers to perform conventional programming tasks like file fetching and searching alongside AI reasoning.
It supports asynchronous batch processing, allowing engineers to apply templated audit logic across numerous CodeQL alerts simultaneously.
Real-world application of the tool successfully identified approximately 30 vulnerabilities by filtering out false positives that traditional static analysis tools struggle to detect.

#security #mlp

Read original

GitHub EngineeringJan 20, 2026

Context windows, Plan agent, and TDD: What I learned building a countdown app with GitHub Copilot

Why it matters: This article demonstrates how to move beyond simple code completion to sophisticated AI-assisted engineering. By using spec-driven development, Plan agents, and context management, developers can build complex, tested features faster while maintaining high code quality and architectural clarity.

Adopted spec-driven development by defining requirements in a contract before coding to reduce ambiguity and improve AI-generated output.
Utilized the GitHub Copilot Plan agent to break down complex, multi-step tasks like integrating a D3.js world map with time zone logic.
Managed AI context windows by starting fresh chat sessions for new features, preventing hallucinations caused by irrelevant historical context.
Implemented Test-Driven Development (TDD) with Copilot to identify and fix edge cases, such as leap year calculations in the countdown logic.
Leveraged the 'generate new workspace' feature to automatically create project structures and custom instruction files for Vite and Tailwind CSS v4.

#frontend #culture

Read original

GitHub EngineeringJan 15, 2026

Building an agentic memory system for GitHub Copilot

Why it matters: Cross-agent memory allows AI tools to learn codebase conventions autonomously, reducing manual context-setting. Its just-in-time verification ensures agents don't act on stale data, significantly improving the reliability of AI-generated code and reviews in complex, evolving repositories.

GitHub Copilot is evolving into a multi-agent ecosystem where agents share a cumulative knowledge base across the development lifecycle.
The system uses cross-agent memory to learn codebase conventions and patterns without requiring explicit user instructions for every session.
To solve the problem of stale data, GitHub implemented 'just-in-time verification' rather than expensive offline curation services.
Memories are stored with specific code citations, which agents verify via real-time read operations to ensure relevance to the current branch.
Memory creation is handled as a tool call, allowing agents to autonomously document facts like API synchronization requirements or logging patterns.
The feature is currently in public preview and is fully opt-in for Copilot coding agent, CLI, and code review users.

#mlp #data

Read original

GitHub EngineeringJan 15, 2026

When protections outlive their purpose: A lesson on managing defense systems at scale

Why it matters: Security mitigations added during incidents can become technical debt that degrades user experience. This case study emphasizes the need for lifecycle management and observability in defense systems to ensure temporary protections don't inadvertently block legitimate traffic as patterns evolve.

GitHub identified that emergency defense mechanisms, such as rate limits and traffic controls, were inadvertently blocking legitimate users after outliving their original purpose.
The issue stemmed from composite signals that combined industry-standard fingerprinting with platform-specific business logic, leading to false positives during normal browsing.
While the false-positive rate was low (0.003-0.004% of total traffic), it caused consistent disruption for logged-out users following external links.
The investigation involved tracing requests across a multi-layered infrastructure built on HAProxy to pinpoint which specific defense layer was triggering the blocks.
The incident reinforces that observability and lifecycle management are as critical for security mitigations as they are for core product features.

#sre #security

Read original

GitHub EngineeringJan 14, 2026

GitHub Availability Report: December 2025

Why it matters: This report highlights the operational challenges of scaling AI-integrated services and global infrastructure. It provides insights into managing model-backed dependencies, handling cross-cloud network issues, and mitigating traffic spikes to maintain high availability for developer tools.

A Kafka misconfiguration prevented agent session data from reaching the AI Controls page, leading to improved pre-deployment validation.
Copilot Code Review experienced degradation due to model-backed dependency latency, mitigated by bypassing fix suggestions and increasing worker capacity.
Network packet loss between West US runners and an edge site caused GitHub Actions timeouts, resolved by rerouting traffic away from the affected site.
A database migration caused schema drift that blocked Copilot policy updates, resulting in hardened service synchronization and deployment pipelines.
Unauthenticated traffic spikes to search endpoints caused page load failures, addressed through improved limiters and proactive traffic monitoring.

#sre #dist #mlp

Read original

GitHub EngineeringJan 14, 2026

Community-powered security with AI: an open source framework for security research

Why it matters: This framework lowers the barrier for security research by using AI to automate complex workflows like variant analysis. By integrating with CodeQL via MCP, it allows engineers to scale vulnerability detection using natural language, fostering a collaborative, community-driven security model.

GitHub Security Lab released the Taskflow Agent, an open-source agentic framework designed for security research and automation.
The framework leverages the Model Context Protocol (MCP) to interface with existing security tools such as CodeQL.
It allows researchers to encode and scale security knowledge using natural language to perform complex tasks like variant analysis.
The agent is experimental but ready for community use, supporting various AI backends including GitHub Models API.
A provided demo illustrates how to set up the environment in GitHub Codespaces to automate vulnerability detection workflows.

#security #mlp

Read original

GitHub EngineeringJan 13, 2026

What AI is actually good for, according to developers

Why it matters: Understanding how to integrate AI without disrupting 'flow' is crucial for productivity. Effective AI tools should focus on removing toil and providing contextual assistance rather than replacing human judgment or forcing unnatural interaction patterns like constant chat-switching.

AI tools should prioritize maintaining developer flow by integrating directly into editors, terminals, and code review processes.
Natural language chat interfaces can cause cognitive burden due to context-switching; contextual, inline suggestions are often more effective.
Developers prefer AI for automating repetitive tasks like scaffolding and boilerplate while retaining control over logic and architecture.
AI serves different roles based on experience: accelerating senior developers and helping junior developers learn syntax and fundamentals.
Customization of AI tool behavior is essential to prevent AI fatigue and intrusive interruptions during the coding process.

#mlp #culture

Read original

Page 7 of 11

Prev 1...5 6 7 8 9...11 Next