{"slug": "gh-600-public-study-guide", "title": "GH-600 Public Study Guide", "summary": "A developer has published a free, markdown-only study workbook for the GH-600 certification exam, \"Developing in Agentic AI Systems.\" The guide is organized around the exam's six official domains, covering agent architecture, tool use, memory management, evaluation, multi-agent coordination, and guardrails, with practical examples in YAML, Markdown, CLI output, and audit logs. The workbook is built entirely from official Microsoft and GitHub documentation and is explicitly not an exam dump, containing no real exam questions or answer choices.", "body_md": "Markdown-only workbook for Exam GH-600: Developing in Agentic AI Systems.\n\nLast updated: May 24, 2026.\n\nThis version is organized around the official GH-600 domains. Each domain explains the concepts, shows the GitHub implementation artifacts, and includes examples you should be able to read in YAML, Markdown, CLI output, PR timelines, and audit logs.\n\nPublic sharing note: this guide is not an exam dump and does not contain real exam questions or answer choices. It is a structured study workbook built from official Microsoft and GitHub documentation, with practical examples written for learning and review.\n\nPrimary source of truth:\n\n- GH-600 Microsoft Learn study guide:\n[https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/gh-600](https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/gh-600) - GitHub Copilot cloud agent docs:\n[https://docs.github.com/en/copilot/concepts/agents/cloud-agent/about-cloud-agent](https://docs.github.com/en/copilot/concepts/agents/cloud-agent/about-cloud-agent) - GitHub Copilot CLI docs:\n[https://docs.github.com/en/copilot/reference/copilot-cli-reference/cli-command-reference](https://docs.github.com/en/copilot/reference/copilot-cli-reference/cli-command-reference) - GitHub Copilot CLI config directory:\n[https://docs.github.com/en/copilot/reference/copilot-cli-reference/cli-config-dir-reference](https://docs.github.com/en/copilot/reference/copilot-cli-reference/cli-config-dir-reference) - GitHub custom agents configuration:\n[https://docs.github.com/en/copilot/reference/custom-agents-configuration](https://docs.github.com/en/copilot/reference/custom-agents-configuration) - GitHub customization cheat sheet:\n[https://docs.github.com/en/copilot/reference/customization-cheat-sheet](https://docs.github.com/en/copilot/reference/customization-cheat-sheet) - GitHub Actions workflow syntax:\n[https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax) - GitHub Actions contexts:\n[https://docs.github.com/en/actions/reference/workflows-and-actions/contexts](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts) - GitHub audit log events:\n[https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)\n\nUse the official GH-600 skills outline as the map, then use the linked GitHub Docs pages for exact syntax and product behavior.\n\nThe exam domains:\n\n| Domain | Weight | What it means in practice |\n|---|---|---|\n| Prepare agent architecture and SDLC processes | 15-20% | Choose good agent tasks, define outputs, manage autonomy, use PR/check/review flow |\n| Implement tool use and environment interaction | 20-25% | Custom agents, tools, MCP, CLI, cloud-agent setup, CI workflows, branches, PRs |\n| Manage memory, state, and execution | 10-15% | Sessions, resume/continue, Copilot Memory, durable artifacts, context drift |\n| Perform evaluation, error analysis, and tuning | 15-20% | Logs, scans, workflow artifacts, root cause, instructions/tools/environment tuning |\n| Orchestrate multi-agent coordination | 15-20% | `/fleet` , `agent` tool, matrix jobs, `needs` , artifacts, conflict prevention |\n| Implement guardrails and accountability | 10-15% | Least privilege, hooks, branch protection, workflow approvals, audit logs |\n\nThe key is not just knowing definitions. GH-600 expects you to recognize implementation evidence:\n\n| Concept | Artifact examples |\n|---|---|\n| Agent profile | `.github/agents/*.agent.md` |\n| Instructions | `.github/copilot-instructions.md` , `.github/instructions/*.instructions.md` , `AGENTS.md` |\n| Prompt/skill reuse | `.github/prompts/*.prompt.md` , `.github/skills//SKILL.md` |\n| Tools | `tools: [read, search, edit, execute, agent]` |\n| MCP | `mcp-servers` in agent YAML, `mcpServers` in JSON |\n| Cloud setup | `.github/workflows/copilot-setup-steps.yml` |\n| CI invocation | `copilot -p` , `--agent` , `COPILOT_GITHUB_TOKEN` , `--no-ask-user` |\n| Workflow orchestration | `needs` , `strategy.matrix` , artifacts, `$GITHUB_OUTPUT` |\n| Overlap control | top-level or job-level `concurrency` |\n| Evaluation | tests, scans, session logs, workflow artifacts |\n| Accountability | PR timeline, session logs, audit log events |\n\nThis domain asks whether you can decide where an agent belongs in a software delivery workflow. The right answer usually preserves GitHub-native accountability: issue, branch, PR, checks, review, merge.\n\nUse an agent when:\n\n- Inputs and outputs are clear.\n- Work can be scoped to a repository, branch, issue, PR, or workflow.\n- The result can be reviewed through a diff, artifact, log, or check.\n- Tests/scans/reviews can validate the output.\n- The agent can operate with least-privilege tools and permissions.\n\nDo not rely only on an agent when:\n\n- The task has unclear success criteria.\n- The task is irreversible or production-sensitive.\n- The agent would need broad secrets or broad external write access.\n- The agent would approve its own output.\n- Human judgment is required for policy, compliance, legal, security, or product decisions.\n\nPlanning is reviewable intent. Execution changes state.\n\nUse planning first for:\n\n- Large refactors.\n- Security-sensitive work.\n- Workflow/deployment changes.\n- Cross-repository work.\n- Multi-agent coordination.\n- Any task where a human should approve scope before edits.\n\nExample plan artifact:\n\n```\n# Agent plan\n\nGoal: Update dependency review workflow.\n\nSteps:\n1. Inspect current workflow permissions.\n2. Add dependency review gate.\n3. Validate workflow syntax.\n4. Open PR with risk notes.\n\nValidation:\n- Existing required checks still run.\n- Dependency review runs on pull requests.\n- PR requires human review.\n```\n\nWhat to notice:\n\n- A plan is not validation.\n- The plan becomes useful when it is stored in an issue, PR, comment, file, or workflow artifact.\n\nSafe GitHub-native agent work:\n\n- Task is defined in a prompt, issue, or PR comment.\n- Agent works on a branch.\n- Agent commits changes.\n- Agent opens or updates a PR.\n- Workflow checks run.\n- CodeQL, secret scanning, dependency review, and tests provide evidence.\n- Humans inspect diff, session logs, and artifacts.\n- Branch protection/rulesets gate merge.\n- Audit logs and PR history preserve accountability.\n\n| Level | Agent can do | Typical tools | Controls |\n|---|---|---|---|\n| Low | Read, search, summarize, plan | `read` , `search` |\nno write, no shell |\n| Medium | Edit files, run tests, open PR | `read` , `search` , `edit` , `execute` |\nPR checks, required review |\n| High | Use MCP, modify workflows, coordinate agents | `agent` , MCP tools, shell |\nnarrow tools, hooks, approvals, audit |\n\nExamples:\n\n```\n# Low-autonomy reviewer\ntools:\n - read\n - search\n# Medium-autonomy implementer\ntools:\n - read\n - search\n - edit\n - execute\n# Coordinator\ntools:\n - read\n - search\n - agent\n```\n\n- \"Tell the agent to be careful\" is not a control.\n- An agent-generated plan does not prove the implementation is safe.\n- High autonomy requires enforceable controls: permissions, reviews, scans, rulesets, hooks, and logs.\n- Do not let agents make unreviewed changes to protected or production-sensitive paths.\n\nDefine success criteria before giving the agent tools.\n\nWeak task:\n\n```\nImprove the payment service.\n```\n\nBetter task:\n\n```\nUpdate payment retry logic so transient gateway failures retry three times with exponential backoff. Add unit tests for success, permanent failure, and transient retry. Do not modify public API contracts. Open a draft PR and include validation output.\n```\n\nWhy it is better:\n\n- Scope is bounded.\n- Output is testable.\n- API compatibility is explicit.\n- The PR is reviewable.\n- Validation is required.\n\nInputs, outputs, and controls:\n\n| Element | Example |\n|---|---|\n| Input | issue, failing test, PR comment, workflow log, Sentry issue |\n| Output | branch, commit, PR, test artifact, summary file |\n| Success criteria | tests pass, scan clean, reviewer approves |\n| Control | required checks, rulesets, limited tools, human review |\n| Evidence | session log, PR diff, workflow logs, audit log |\n\nAutonomy selection:\n\n| Scenario | Better autonomy |\n|---|---|\n| Summarize repo conventions | low |\n| Add tests for existing code | medium |\n| Modify deployment workflow | high control, low initial autonomy |\n| Use Jira/Sentry for diagnosis | medium/high with narrow MCP |\n| Change production rollout behavior | human approval required |\n\n- What makes a task suitable for an agent?\n- What artifact proves the plan was reviewed?\n- What GitHub control blocks unreviewed merge?\n- What is the difference between agent guidance and enforceable policy?\n\nThis is the largest technical area. It covers custom agents, tools, MCP, Copilot CLI, cloud setup, workflow invocation, branches, PRs, and environment constraints.\n\nKnow these paths cold:\n\n| File or directory | Purpose |\n|---|---|\n`.github/copilot-instructions.md` |\nRepository-wide instructions |\n`.github/instructions/*.instructions.md` |\nPath-specific instructions |\n`AGENTS.md` |\nAgent-oriented instructions; nearest file can take precedence |\n`.github/prompts/*.prompt.md` |\nReusable prompt templates |\n`.github/agents/*.md` or `.github/agents/*.agent.md` |\nCustom agent profiles |\n`.github/skills//SKILL.md` |\nAgent skills |\n`.github/hooks/*.json` |\nCLI/cloud-agent hooks |\n`.github/workflows/copilot-setup-steps.yml` |\nCloud-agent environment setup |\n`.mcp.json` , `.github/mcp.json` , `.vscode/mcp.json` |\nMCP config, depending on surface |\n\nRepository instructions:\n\n```\n# Repository instructions\n\nUse npm for package management.\nRun `npm test` before proposing a PR.\nDo not edit files under `legacy/` unless explicitly asked.\n```\n\nPath-specific instructions:\n\n```\n---\napplyTo: \"src/payments/**\"\n---\n\nPayment changes must include tests for refunds, retries, and idempotency.\n```\n\nPrompt file:\n\n```\n# Security review\n\nReview selected changes for authentication, authorization, secret exposure, dependency risk, and workflow permission risk.\nReturn findings with severity, file path, and recommended fix.\n```\n\nSkill:\n\n```\n---\nname: actions-failure-debugging\ndescription: Debug failing GitHub Actions workflows.\n---\n\n1. Inspect the failing job.\n2. Identify the first failing command.\n3. Check runner, permissions, secrets, and artifact paths.\n4. Propose the smallest fix.\n```\n\nRepository agent path:\n\n```\n.github/agents/reviewer.agent.md\n```\n\nOrganization or enterprise custom agents can live under `/agents/`\n\nin a `.github-private`\n\nrepository.\n\nMinimal read-only reviewer:\n\n```\n---\nname: reviewer\ndescription: Reviews changes and writes concise findings.\ntools:\n - read\n - search\n---\n\nReview repository changes. Do not edit files. Report findings with file paths and rationale.\n```\n\nImportant frontmatter:\n\n| Key | Meaning |\n|---|---|\n`description` |\nRequired purpose/capability description |\n`name` |\nOptional display name |\n`tools` |\nTool list available to the agent |\n`mcp-servers` |\nMCP config in YAML form |\n`target` |\nSurface such as `github-copilot` or `vscode` |\n`model` |\nModel choice where supported |\n`disable-model-invocation` |\nPrevent inferred invocation |\n`user-invocable` |\nWhether users can invoke directly |\n`metadata` |\nExtra metadata |\n\nTraps:\n\n`description`\n\nis required;`name`\n\nis not the required field.- If\n`tools`\n\nis omitted, all available tools may be enabled. `tools: []`\n\ndisables tools.`handoffs`\n\nmay appear in other formats, but is ignored by Copilot cloud agent.\n\n| Tool | Meaning | Use when |\n|---|---|---|\n`read` |\nRead file contents | Agent must inspect files |\n`search` |\nSearch files/text in repository | Agent must find code/files |\n`edit` |\nEdit/write files | Agent must modify files |\n`execute` |\nRun shell commands | Agent must run tests/scripts |\n`agent` |\nInvoke another custom agent | Agent coordinates subagents |\n`web` |\nFetch URLs/web search | Not applicable for cloud agent today |\n`todo` |\nTask list | Not supported in cloud agent today |\n\nLeast-privilege choices:\n\n```\n# Inspect but do not edit\ntools:\n - read\n - search\n# Modify files and run tests\ntools:\n - read\n - search\n - edit\n - execute\n# Orchestrate another specialist\ntools:\n - read\n - search\n - agent\n```\n\nWhat to notice:\n\n`search`\n\nis repository search, not internet search.- Add\n`edit`\n\nonly when changes are required. - Add\n`execute`\n\nonly when shell execution is required. - Add\n`agent`\n\nwhen invoking another custom agent.\n\nCustom-agent tool aliases for invoking another custom agent:\n\n```\nagent\ncustom-agent\nTask\n```\n\nExample orchestrator:\n\n```\n---\nname: orchestrator\ndescription: Coordinates review, audit, and consolidation.\ntools:\n - read\n - search\n - agent\n---\n\nUse the reviewer agent for code review.\nUse the auditor agent for compliance and traceability.\nThen consolidate both outputs into one recommendation.\n```\n\nMCP exposes external tools and data sources.\n\nKnow this distinction:\n\n| Surface | Key |\n|---|---|\n| Custom agent YAML | `mcp-servers` |\n| MCP JSON config | `mcpServers` |\n\nMCP inside custom agent:\n\n```\n---\nname: jira-triage\ndescription: Reads Jira issue context and proposes repository changes.\ntools:\n - read\n - search\n - jira/get_issue\nmcp-servers:\n jira:\n type: local\n command: npx\n args:\n - -y\n - jira-mcp\n tools:\n - get_issue\n env:\n JIRA_TOKEN: ${{ secrets.COPILOT_MCP_JIRA_TOKEN }}\n---\n\nUse Jira only for issue context. Never print secrets.\n```\n\nMCP JSON:\n\n```\n{\n \"mcpServers\": {\n \"jira\": {\n \"type\": \"local\",\n \"command\": \"npx\",\n \"args\": [\"-y\", \"jira-mcp\"],\n \"tools\": [\"get_issue\"],\n \"env\": {\n \"JIRA_TOKEN\": \"$COPILOT_MCP_JIRA_TOKEN\"\n }\n }\n }\n}\n```\n\nThis is a likely fill-in-the-blank area. Choose the MCP `type`\n\nfrom the shape of the server configuration.\n\n| Server shape | `type` |\nRequired fields | Meaning |\n|---|---|---|---|\n| local process | `local` or `stdio` |\n`command` , `args` |\nstarts a subprocess and talks over stdin/stdout |\n| remote Streamable HTTP server | `http` |\n`url` |\nconnects to a remote MCP endpoint over HTTP |\n| remote Server-Sent Events server | `sse` |\n`url` |\nlegacy SSE transport, still supported |\n\nDecision rule:\n\n- If the config has top-level\n`command`\n\nand`args`\n\n, it is local process transport:`local`\n\nor`stdio`\n\n. - If the config has top-level\n`url`\n\n, it is remote transport: usually`http`\n\n, or`sse`\n\nif the endpoint/documentation says SSE or the URL clearly uses an SSE endpoint. - If the config has top-level\n`url`\n\nand the available choices do not include`http`\n\n, choose`sse`\n\nover`stdio`\n\n/`local`\n\n. - Do not choose\n`stdio`\n\nfor a top-level`url`\n\n-based server.`stdio`\n\ndoes not connect to a URL; it starts a local process. - Modern remote MCP usually means\n`http`\n\n.`sse`\n\nexists for older Server-Sent Events MCP servers. - Some UI labels say\n`HTTP/SSE`\n\n, but GitHub/Copilot JSON values are still`http`\n\nor`sse`\n\n.\n\nRemote MCP JSON:\n\n```\n{\n \"mcpServers\": {\n \"context7\": {\n \"type\": \"http\",\n \"url\": \"https://mcp.context7.com/mcp\",\n \"headers\": {\n \"CONTEXT7_API_KEY\": \"$COPILOT_MCP_CONTEXT7_API_KEY\"\n },\n \"tools\": [\"*\"]\n }\n }\n}\n```\n\nRemote MCP in custom-agent YAML:\n\n```\n---\nname: docs-researcher\ndescription: Reads approved external documentation through a remote MCP server.\ntools:\n - read\n - search\n - context7/*\nmcp-servers:\n context7:\n type: http\n url: https://mcp.context7.com/mcp\n headers:\n CONTEXT7_API_KEY: ${{ secrets.COPILOT_MCP_CONTEXT7_API_KEY }}\n tools:\n - \"*\"\n---\n\nUse Context7 only for library documentation.\n```\n\nSSE example:\n\n```\n{\n \"mcpServers\": {\n \"cloudflare\": {\n \"type\": \"sse\",\n \"url\": \"https://docs.mcp.cloudflare.com/sse\",\n \"tools\": [\"*\"]\n }\n }\n}\n```\n\nImportant nuance: a URL can appear inside `args`\n\nfor a local bridge command. In that case the MCP client is still launching a local process, so the top-level `type`\n\nremains `local`\n\nor `stdio`\n\n.\n\n```\n{\n \"mcpServers\": {\n \"atlassian-rovo-mcp\": {\n \"type\": \"local\",\n \"command\": \"npx\",\n \"args\": [\n \"mcp-remote@latest\",\n \"https://mcp.atlassian.com/v1/mcp\",\n \"--header\",\n \"Authorization: Basic $ATLASSIAN_API_KEY\"\n ],\n \"env\": {\n \"ATLASSIAN_API_KEY\": \"$COPILOT_MCP_ATLASSIAN_API_KEY\"\n },\n \"tools\": [\"*\"]\n }\n }\n}\n```\n\nHow to read the artifact:\n\n- Top-level\n`url`\n\n: remote MCP, choose`http`\n\nor`sse`\n\n. - Top-level\n`url`\n\nand no`http`\n\noption: choose`sse`\n\n. - URL inside\n`args`\n\nwith`command: npx`\n\nor another executable: local bridge, choose`local`\n\nor`stdio`\n\n. `headers`\n\n: remote HTTP/SSE authentication.`env`\n\n: environment variables for local server process.- For Copilot cloud agent, referenced secret/variable names must start with\n`COPILOT_MCP_`\n\n. - Copilot cloud agent does not currently support remote MCP servers that rely on OAuth authorization.\n\nTool naming:\n\n```\ntools:\n - jira/get_issue\n - github/*\n```\n\nFacts:\n\n`server/tool`\n\nexposes one tool.`server/*`\n\nexposes all tools from that server.- GitHub MCP server is read-only by default and scoped to source repository.\n- Playwright MCP is constrained to localhost by default.\n`.vscode/mcp.json`\n\ncan be reused/adapted for cloud agent.\n\nAdapting `.vscode/mcp.json`\n\n:\n\n- Add\n`tools`\n\n. - Replace\n`inputs`\n\nwith`env`\n\n. - Replace\n`envFile`\n\nwith`env`\n\n. - Store credentials as Agents secrets/variables.\n\nMCP governance:\n\n- MCP registry URL controls approved registry.\n`Registry only`\n\nis stricter than`Allow all`\n\n.- Enterprise policy can override organization policy.\n- MCP allowlist is different from firewall allowlist.\n- Firewall governs network egress; MCP allowlist governs MCP server usage.\n\n| Command/flag | Meaning |\n|---|---|\n`copilot` |\nStart interactive CLI |\n`copilot login` |\nAuthenticate |\n`copilot init` |\nGenerate/update repository instructions |\n`copilot -p \"...\"` |\nProgrammatic prompt |\n`--agent=NAME` |\nUse a custom agent |\n`--allow-tool` |\nAllow tool pattern |\n`--deny-tool` |\nDeny tool pattern |\n`--available-tools` |\nLimit visible tools |\n`--no-ask-user` |\nPrevent interactive questions |\n`--autopilot` |\nLocal autonomous continuation |\n`--resume` |\nResume named session |\n`--continue` |\nContinue latest session |\n`--output-format=json` |\nMachine-readable output |\n\nSlash commands:\n\n| Slash command | Meaning |\n|---|---|\n`/plan` |\nPlan first |\n`/review` |\nReview changes |\n`/pr` |\nPull request workflow |\n`/mcp` |\nInspect/configure MCP |\n`/agent` |\nSelect/manage custom agents |\n`/session` |\nInspect session |\n`/ide` |\nInspect/switch IDE connection |\n`/delegate` |\nHand off to cloud agent |\n`/fleet` |\nParallel subagent decomposition |\n\nCI example:\n\n```\nname: Copilot report\n\non:\n workflow_dispatch:\n\npermissions:\n contents: read\n\njobs:\n report:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v4\n - run: npm install -g @github/copilot\n - name: Run Copilot CLI\n env:\n COPILOT_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}\n run: |\n copilot -p \"Summarize the current branch in summary.md\" \\\n --allow-tool='read,search,edit,shell(git:*)' \\\n --no-ask-user\n cat summary.md >> \"$GITHUB_STEP_SUMMARY\"\n```\n\nWhat to notice:\n\n`COPILOT_GITHUB_TOKEN`\n\nauthenticates the CLI in GitHub's examples.`--no-ask-user`\n\navoids CI hangs.`permissions`\n\nshould be least privilege.\n\n| Feature | Where work happens | Purpose |\n|---|---|---|\n`--autopilot` |\nlocal CLI/runner | continue locally |\n`/delegate` or `& prompt` |\nCopilot cloud agent | background cloud task/PR |\n`/fleet` |\nCLI orchestration | split into parallel subagents |\n\nExamples:\n\n```\n/delegate fix failing tests and open a draft PR\n& investigate why deployment fails\n/fleet Review frontend, backend, and workflow tests. Split by area and summarize findings.\n```\n\nCloud-agent setup file:\n\n```\n.github/workflows/copilot-setup-steps.yml\n```\n\nRequired job name:\n\n```\njobs:\n copilot-setup-steps:\n```\n\nExample:\n\n```\nname: Copilot Setup Steps\n\non:\n workflow_dispatch:\n\njobs:\n copilot-setup-steps:\n runs-on: ubuntu-latest\n permissions:\n contents: read\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v4\n with:\n node-version: \"22\"\n cache: npm\n - run: npm ci\n```\n\nRemember:\n\n- Setup steps prepare the cloud-agent environment.\n- They are not the same as an Actions workflow that runs\n`copilot -p`\n\n. - File must be on the default branch.\n- If setup fails, remaining setup steps are skipped and Copilot starts with current environment.\n\n- What is the required field in custom-agent YAML?\n- What does\n`search`\n\nmean? - Which tool allows sub-agent invocation?\n- Where does\n`mcp-servers`\n\ngo? - What is the difference between\n`mcp-servers`\n\nand`mcpServers`\n\n? - What file configures cloud-agent setup?\n- Why use\n`--no-ask-user`\n\nin CI? - What is the difference between\n`/delegate`\n\nand`/fleet`\n\n?\n\nTool traps:\n\n`search`\n\nmeans repository/file search, not web.`web`\n\nis not a replacement for`search`\n\n.`agent`\n\nis needed for custom-agent-to-custom-agent invocation.`edit`\n\nshould be omitted for pure review.`execute`\n\nshould be omitted if shell execution is not needed.`tools: [\"*\"]`\n\nis usually too broad unless the scenario explicitly says trusted or sandboxed.\n\nMCP traps:\n\n`mcp-servers`\n\nis YAML inside agent frontmatter.`mcpServers`\n\nis JSON MCP config.`server/tool`\n\nexposes one tool.`server/*`\n\nexposes all tools on one server.- Agents secrets/variables are not the same as Actions secrets.\n- Firewall allowlist and MCP allowlist solve different problems.\n\nCLI traps:\n\n`copilot -p`\n\nis noninteractive prompt mode.`--no-ask-user`\n\nmatters in CI.`/delegate`\n\nhands work to cloud agent.`/fleet`\n\nsplits work into subagents.`--autopilot`\n\ncontinues locally.\n\nCloud setup traps:\n\n`copilot-setup-steps.yml`\n\nmust have job name`copilot-setup-steps`\n\n.- Setup steps prepare the cloud-agent environment.\n- A workflow that installs Copilot CLI and runs\n`copilot -p`\n\nis separate CI automation.\n\nThis domain is about continuity: what the agent knows now, what persists, what can be resumed, and how stale context is detected.\n\n| Type | Use |\n|---|---|\n| Short-term context | Current prompt/session |\n| Copilot Memory | Reusable facts/preferences |\n| Session state | Resumable agent execution |\n| External durable state | PRs, issues, artifacts, logs, files, databases |\n\nUse durable GitHub artifacts when state must be auditable:\n\n- PR description.\n- Issue comment.\n- Workflow artifact.\n- Session log.\n- Commit.\n- Check run.\n- Audit log.\n\nDo not store secrets in memory, prompts, instructions, or comments.\n\nCopilot Memory can store repository-level facts and user-level preferences.\n\nRemember:\n\n- Repository facts are scoped to repository.\n- User preferences differ from repository facts.\n- Repository facts should be checked against the current branch.\n- Stale memory can cause wrong conventions.\n\nDefault root:\n\n```\n~/.copilot/\n```\n\nImportant paths:\n\n| Path | Meaning |\n|---|---|\n`~/.copilot/agents/` |\nuser custom agents |\n`~/.copilot/config.json` |\naccount/auth metadata |\n`~/.copilot/ide/` |\nIDE connection state |\n`~/.copilot/logs/` |\nprocess logs |\n`~/.copilot/logs/process-{timestamp}-{pid}.log` |\none process log |\n`~/.copilot/mcp-config.json` |\nuser MCP config |\n`~/.copilot/session-state/` |\nper-session state |\n`~/.copilot/session-state//events.jsonl` |\nsession events |\n`~/.copilot/session-store.db` |\nindexed session database |\n`~/.copilot/settings.json` |\nuser settings |\n\nEnvironment overrides:\n\n```\nCOPILOT_HOME\nCOPILOT_CACHE_HOME\n```\n\n`COPILOT_HOME`\n\nchanges config/state root. `COPILOT_CACHE_HOME`\n\nchanges cache location.\n\nChecklist:\n\n- Count unique session IDs.\n- Check whether the same session ID is reused.\n- Look for\n`--resume`\n\n,`--continue`\n\n,`/resume`\n\n, or`resume=true`\n\n. - Look for\n`session-state//events.jsonl`\n\n. - Look for\n`Visual Studio Code connected`\n\nor`/ide`\n\n. - Look for MCP config load lines.\n- Look for disabling flags:\n`--disable-builtin-mcps`\n\n,`--disable-mcp-server`\n\n. - Look for tool calls:\n`read`\n\n,`search`\n\n,`edit`\n\n,`execute`\n\n,`jira/get_issue`\n\n.\n\nMock log:\n\n```\n2026-05-24T08:31:03Z session.id=run-101 cwd=/work/repo\n2026-05-24T08:31:04Z ide=Visual Studio Code connected\n2026-05-24T08:31:05Z mcp loaded ~/.copilot/mcp-config.json servers=[github,jira]\n2026-05-24T08:31:15Z tool=search args=\"refund\"\n2026-05-24T08:31:20Z tool=jira/get_issue args=\"PAY-144\"\n```\n\nInterpretation:\n\n- One session ID:\n`run-101`\n\n. - VS Code/editor is connected.\n- MCP is enabled with GitHub and Jira.\n- Agent used repository search and an MCP tool.\n\nMock resume:\n\n```\nsession.id=run-101 resume=true\nloaded ~/.copilot/session-state/run-101/events.jsonl\n```\n\nInterpretation:\n\n- Existing session was resumed.\n\nTypeScript:\n\n``` js\nconst client = new CopilotClient();\nawait client.start();\n\nconst session = await client.createSession({\n sessionId: \"review-pr-42\",\n model: \"gpt-4.1\",\n});\n\nawait session.sendAndWait({ prompt: \"Review this branch.\" });\nawait session.disconnect();\n\nconst resumed = await client.resumeSession(\"review-pr-42\");\n```\n\nPython:\n\n``` python\nfrom copilot import CopilotClient, PermissionHandler\n\nclient = CopilotClient()\nawait client.start()\n\nsession = await client.create_session(\n on_permission_request=PermissionHandler.approve_all,\n model=\"gpt-4.1\",\n)\n\nresponse = await session.send_and_wait({\"prompt\": \"Summarize this repo.\"})\nprint(response.data.content)\n\nawait client.stop()\n```\n\nRemember:\n\n- A stable\n`sessionId`\n\nenables resume. - Provider/API keys are not persisted.\n- In-memory tool state is not persisted.\n`disconnect()`\n\nkeeps session data.`deleteSession()`\n\npermanently deletes session data.\n\nDrift happens when the agent's assumptions diverge from reality.\n\nCauses:\n\n- Stale memory.\n- Old instructions.\n- Repository changed after task start.\n- Multiple agents edited same files.\n- Handoff artifact missing.\n- Wrong session resumed.\n\nFixes:\n\n- Re-read files.\n- Check current branch/ref.\n- Store handoff notes in PR/artifact.\n- Update instructions or memory.\n- Re-run tests/scans.\n- Use branch isolation and concurrency.\n\nNew session:\n\n```\nsession.id=abc123\nresume=false\n```\n\nResumed session:\n\n```\nsession.id=abc123\nloaded ~/.copilot/session-state/abc123/events.jsonl\nresume=true\n```\n\nIDE attached:\n\n```\nide=Visual Studio Code connected\n```\n\nMCP enabled:\n\n```\nmcp loaded ~/.copilot/mcp-config.json servers=[github,jira]\n```\n\nMCP disabled:\n\n```\nargv=[\"copilot\",\"--disable-builtin-mcps\",\"-p\",\"review\"]\n```\n\nState storage choices:\n\n| Need | Store in |\n|---|---|\n| Continue same SDK/CLI session | session ID/session-state |\n| Share plan between workflow jobs | artifact or job output |\n| Preserve review decision | PR comment/review |\n| Preserve long-term repo convention | instructions or repository memory |\n| Preserve audit trail | PR/session/workflow/audit logs |\n\nDomain 3 traps:\n\n- Memory is not secret storage.\n- Session persistence is not the same as Copilot Memory.\n- PR comments/artifacts are better than hidden session context when humans or other agents need the handoff.\n- Stale memory should be verified against the current branch.\n\nEvaluation is evidence-based. The answer is usually in logs, scans, checks, artifacts, or review comments.\n\n| Signal | What it proves |\n|---|---|\n| Tests | behavior still works |\n| Lint/typecheck | code quality/compile correctness |\n| CodeQL/code scanning | vulnerability detection |\n| Secret scanning | leaked secret detection |\n| Dependency review | dependency risk |\n| Workflow logs | command and environment failures |\n| Workflow artifacts | files/results produced by workflow |\n| Session logs | what the agent did and why |\n| PR comments | human/agent review trail |\n| Audit logs | administrative/security events |\n\n| Symptom | Likely root cause | Fix |\n|---|---|---|\n| Agent edits wrong files | scope/tools too broad | narrow tools, path instructions |\n| Agent cannot install dependencies | setup/environment missing | setup steps, package auth, runner fix |\n| Agent cannot reach external service | MCP/secret/firewall issue | check MCP config, secret, firewall |\n| Agent repeats work | missing durable state | session persistence or artifacts |\n| Agent asks questions in CI | interactive prompt | add `--no-ask-user` |\n| Agent uses stale style | stale instructions/memory | update instructions/memory |\n| Agents conflict | shared branch/files | branch ownership, concurrency |\n| Workflow blocked after Copilot push | approval needed | Approve and run workflows |\n| Artifact missing | wrong path/retention/deletion | inspect artifact inputs/logs/audit |\n\nTune instructions when:\n\n- The style or convention is wrong.\n- Agent repeatedly ignores local patterns.\n\nTune tools when:\n\n- The agent lacks required capability.\n- The agent has too much access.\n- Wrong external tool is used.\n\nTune setup/environment when:\n\n- Dependency install fails.\n- Runner OS/toolchain is wrong.\n- Firewall blocks needed access.\n\nTune workflow when:\n\n- Validation is missing.\n- Artifact output is missing.\n- Runs overlap or cancel incorrectly.\n- Human approval should happen earlier.\n\nTune memory/state when:\n\n- Agent repeats work.\n- Agent uses stale facts.\n- Work must resume across sessions.\n\nArtifacts:\n\n```\n- uses: actions/upload-artifact@v4\n with:\n name: review-output\n path: review.md\n retention-days: 7\n if-no-files-found: error\n```\n\nDownload:\n\n```\n- uses: actions/download-artifact@v4\n with:\n name: review-output\n```\n\nInputs to remember:\n\n| Input | Meaning |\n|---|---|\n`name` |\nartifact name |\n`path` |\nfiles/directories/globs |\n`retention-days` |\nretention period |\n`if-no-files-found` |\n`warn` , `error` , `ignore` |\n`overwrite` |\nreplace same-name artifact |\n`include-hidden-files` |\ninclude hidden files |\n\nManual artifact deletion is logged as:\n\n```\nartifact.destroy\n```\n\nWhere to find who deleted an artifact:\n\n- Organization audit log or enterprise audit log.\n- Filter/search event\n`artifact.destroy`\n\n. - Use\n`actor`\n\n,`user`\n\n,`repo`\n\n,`created_at`\n\n,`@timestamp`\n\n,`operation_type`\n\n,`user_agent`\n\n.\n\nExample:\n\n```\naction=artifact.destroy actor=octocat repo=org/app created_at=2026-05-24T09:14:22Z\n```\n\nWorkflow failure:\n\n```\nnpm ci\nERR! code E401\n```\n\nLikely issue:\n\n- package registry authentication or missing secret.\n\nBest tuning:\n\n- fix setup steps, package auth, or secrets.\n- do not grant broad shell access as the first fix.\n\nSecurity scan failure:\n\n```\nCodeQL detected: path traversal in upload handler\n```\n\nBest response:\n\n- fix code.\n- keep CodeQL/check as required.\n- do not suppress the alert unless validated as a false positive.\n\nAgent tool misuse:\n\n```\ntool=execute command=\"git push origin main\"\n```\n\nBest response:\n\n- deny direct push with tool policy or hook.\n- enforce branch protection/rulesets.\n- instruct agent to open a PR instead.\n\nArtifact missing:\n\n```\nWarning: No files were found with the provided path: review.md\n```\n\nBest response:\n\n- inspect artifact\n`path`\n\n. - use\n`if-no-files-found: error`\n\nif missing artifact should fail. - confirm the agent wrote the file before upload.\n\nTuning order:\n\n- Check prompt/task clarity.\n- Check instructions.\n- Check tool scope.\n- Check setup/environment.\n- Check current repo state.\n- Check memory/session state.\n- Check model choice last, unless docs explicitly point there.\n\nThis domain asks whether multiple agents can work safely without stepping on each other.\n\nUse multi-agent coordination when:\n\n- Work splits cleanly by area.\n- Agents have different expertise.\n- Outputs can be merged/reviewed.\n- Coordination cost is lower than doing it serially.\n\nAvoid multi-agent coordination when:\n\n- The task is inherently sequential.\n- Agents must edit the same files.\n- State handoff is unclear.\n- Review/integration cost is high.\n\n| Pattern | Use |\n|---|---|\n| Coordinator/worker | one agent plans/integrates, others do bounded tasks |\n| Reviewer/verifier | one implements, another checks |\n| Pipeline | plan -> implement -> review -> consolidate |\n| Matrix | same job runs for multiple areas/agents |\n`/fleet` |\nCLI decomposes work into subagents |\n\nGive an orchestrator the `agent`\n\ntool:\n\n```\ntools:\n - read\n - search\n - agent\n```\n\nThen describe how to use specialists:\n\n```\nUse reviewer for code quality.\nUse auditor for compliance and traceability.\nConsolidate both outputs.\nname: Agent review pipeline\n\non:\n workflow_dispatch:\n inputs:\n task:\n required: true\n type: string\n\npermissions:\n contents: read\n\njobs:\n review:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v4\n - run: npm install -g @github/copilot\n - env:\n COPILOT_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}\n run: |\n copilot --agent=reviewer -p \"Review: ${{ inputs.task }}\" --no-ask-user > review.md\n - uses: actions/upload-artifact@v4\n with:\n name: review-output\n path: review.md\n\n audit:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v4\n - run: npm install -g @github/copilot\n - env:\n COPILOT_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}\n run: |\n copilot --agent=auditor -p \"Audit: ${{ inputs.task }}\" --no-ask-user > audit.md\n - uses: actions/upload-artifact@v4\n with:\n name: audit-output\n path: audit.md\n\n consolidate:\n needs: [review, audit]\n runs-on: ubuntu-latest\n steps:\n - uses: actions/download-artifact@v4\n with:\n name: review-output\n - uses: actions/download-artifact@v4\n with:\n name: audit-output\n - run: |\n {\n echo \"# Consolidated result\"\n cat review.md\n cat audit.md\n } >> \"$GITHUB_STEP_SUMMARY\"\n```\n\nWhat to notice:\n\n`needs`\n\norders jobs.- Artifacts pass files.\n`$GITHUB_STEP_SUMMARY`\n\ncreates readable output.\n\n```\njobs:\n agent-check:\n runs-on: ubuntu-latest\n strategy:\n fail-fast: false\n matrix:\n agent: [reviewer, auditor]\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v4\n - run: npm install -g @github/copilot\n - env:\n COPILOT_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}\n run: |\n copilot --agent=${{ matrix.agent }} \\\n -p \"Analyze as ${{ matrix.agent }}\" \\\n --no-ask-user > \"${{ matrix.agent }}.md\"\n - uses: actions/upload-artifact@v4\n with:\n name: ${{ matrix.agent }}-output\n path: ${{ matrix.agent }}.md\n```\n\nFacts:\n\n`matrix.agent`\n\nis an array/list of agent names.`fail-fast: false`\n\nprevents one failed matrix job from canceling others.- Matrix can generate up to 256 jobs per workflow run.\n\nScenario: multiple agents commit to the same PR branch. Each commit triggers validation. Only the latest run matters.\n\nUse workflow-level concurrency:\n\n```\nname: Validate agent PR\n\non:\n pull_request:\n\nconcurrency:\n group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}\n cancel-in-progress: true\n\njobs:\n validate:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n - run: npm test\n```\n\nWhy:\n\n- Top-level\n`concurrency`\n\napplies to the whole workflow. `github.workflow`\n\navoids canceling other workflows.`github.head_ref`\n\ngroups by PR source branch.`github.run_id`\n\nis fallback if`head_ref`\n\nis unset.`cancel-in-progress: true`\n\ncancels stale runs.\n\nIf every run must happen in order:\n\n```\nconcurrency:\n group: production-agent-work\n queue: max\n```\n\nDo not combine `queue: max`\n\nwith `cancel-in-progress: true`\n\n.\n\nUse:\n\n- Separate branches.\n- Disjoint file ownership.\n`needs`\n\nfor ordered work.- Artifacts for handoff.\n- Concurrency for overlap control.\n- Required checks/reviews before merge.\n\nAvoid:\n\n- Agents editing same files at same time.\n- Hidden handoffs only in chat memory.\n- Shared mutable state without locking.\n- Agents reverting each other's changes.\n\nGood handoff artifacts:\n\n`plan.md`\n\n`review.md`\n\n`audit.md`\n\n- PR comment\n- workflow artifact\n`$GITHUB_STEP_SUMMARY`\n\n- issue checklist\n- session link\n\nWeak handoff:\n\n```\nThe first agent told the second agent in chat.\n```\n\nBetter handoff:\n\n```\n- uses: actions/upload-artifact@v4\n with:\n name: review-output\n path: review.md\n```\n\nthen:\n\n```\n- uses: actions/download-artifact@v4\n with:\n name: review-output\n```\n\nSame-branch risk:\n\n- Multiple agents commit to the same PR branch.\n- Each push triggers workflows.\n- Older validation runs may become stale.\n\nBest control when latest result is enough:\n\n```\nconcurrency:\n group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}\n cancel-in-progress: true\n```\n\nBest control when every run must happen:\n\n```\nconcurrency:\n group: production-agent-work\n queue: max\n```\n\nDo not combine `queue: max`\n\nwith `cancel-in-progress: true`\n\n.\n\nGuardrails keep agent autonomy safe.\n\n| Type | Examples |\n|---|---|\n| Preventive | least-privilege tools, branch protection, rulesets, MCP allowlists, firewall, required reviews |\n| Detective | session logs, workflow logs, artifacts, CodeQL, secret scanning, dependency review, audit logs |\n| Corrective | revert PR, stop session, unassign/reassign Copilot, rotate secrets, remove MCP, narrow tools |\n\nUse GitHub as the control plane:\n\n- Issues define work.\n- Branches isolate changes.\n- PRs review changes.\n- Checks validate changes.\n- Rulesets and branch protection gate merge.\n- Environments gate deployments.\n- Audit logs track administrative/security events.\n- Session logs explain agent behavior.\n\nIf Copilot pushes workflow changes to a PR, workflows may not automatically run. The reviewer may need to select:\n\n```\nApprove and run workflows\n```\n\nThis is an accountability gate, not a build error.\n\n| Situation | Action |\n|---|---|\n| PR exists but no progress | Click View session |\n| Copilot not responding to PR comment | Comment `@copilot` on open PR assigned to Copilot |\n| User cannot trigger response | Confirm write access |\n| Issue-assigned work stuck | Unassign issue, then reassign Copilot |\n| Stuck replying to comment | Repeat the comment |\n| Workflows not running after Copilot push | Approve and run workflows |\n\nTwo hook families:\n\n| Family | Shape | Names |\n|---|---|---|\n| SDK hooks | code callbacks | `onPreToolUse` , `onPostToolUse` |\n| CLI/cloud hooks | JSON files | `preToolUse` , `postToolUse` |\n\nSDK example:\n\n``` js\nconst session = await client.createSession({\n hooks: {\n onPreToolUse: async (input) => {\n if (input.toolName === \"execute\" && String(input.toolArgs?.command).includes(\"git push\")) {\n return {\n permissionDecision: \"deny\",\n permissionDecisionReason: \"Open a PR instead of pushing directly.\",\n };\n }\n return { permissionDecision: \"allow\" };\n },\n },\n});\n```\n\nCLI/cloud hook:\n\n```\n{\n \"version\": 1,\n \"hooks\": {\n \"preToolUse\": [\n {\n \"type\": \"command\",\n \"bash\": \"scripts/check-tool.sh\",\n \"timeoutSec\": 30\n }\n ]\n }\n}\n```\n\nRepository-level hook files live in `.github/hooks/*.json`\n\n. Copilot CLI can also load user hooks from `~/.copilot/hooks/`\n\non macOS/Linux or `%USERPROFILE%\\.copilot\\hooks\\`\n\non Windows. Copilot cloud agent only gets the repository hooks from the cloned repo.\n\nHook entries can be command hooks, HTTP hooks, or prompt hooks. For command hooks, the important fields are:\n\n| Field | Meaning |\n|---|---|\n`type` |\nusually `\"command\"` |\n`bash` |\nUnix/Linux/macOS command |\n`powershell` |\nWindows PowerShell command |\n`command` |\ncross-platform fallback |\n`cwd` |\nworking directory |\n`env` |\nenvironment variables for the hook |\n`timeoutSec` |\ntimeout, default is 30 seconds |\n`matcher` |\noptional full-match regex for the event-specific value |\n\nCloud-agent hook environment:\n\n- Cloud-agent hooks run in Linux.\n- Cloud-agent working directory is\n`/workspace`\n\nwhen a repo is cloned. - PowerShell-only hook entries are not enough for cloud agent.\n- Only\n`bash`\n\nor`command`\n\nis useful for cloud agent command hooks. - Cloud agent is non-interactive; an\n`\"ask\"`\n\ndecision is treated like denial. - Cloud agent does not load user-level hook files, local settings, or plugins.\n- Hooks do not replace branch protection or required reviews.\n\nHigh-yield hook events:\n\n| Event | Fires when | Study note |\n|---|---|---|\n`sessionStart` |\nnew or resumed session begins | payload has `source` , such as `new` or `resume` |\n`sessionEnd` |\nsession terminates | useful for cleanup/audit summaries |\n`userPromptSubmitted` |\nuser prompt is submitted | cloud agent sees only the initial job prompt |\n`preToolUse` |\nbefore a tool executes | can allow, deny, ask, or modify args |\n`postToolUse` |\nafter a successful tool | can add context or modify result |\n`postToolUseFailure` |\nafter a failed tool | can provide recovery context |\n`agentStop` |\nmain agent finishes a turn | can block and force another turn |\n`permissionRequest` |\nbefore CLI permission flow | CLI only; not for cloud-agent permissioning |\n`notification` |\nCLI notifications | CLI only; fire-and-forget |\n`subagentStart` |\nsubagent starts | `matcher` filters by agent name |\n`subagentStop` |\nsubagent completes | can block and force another turn |\n`errorOccurred` |\nagent/runtime error occurs | useful for diagnostics; does not approve/deny |\n\nThe hook input shape is important because it is what you must read when inspecting hook logs or configuration:\n\n```\n{\n \"sessionId\": \"s-123\",\n \"timestamp\": 1779500000000,\n \"cwd\": \"/workspace\",\n \"toolName\": \"bash\",\n \"toolArgs\": \"{\\\"command\\\":\\\"git push origin HEAD\\\"}\"\n}\n```\n\nIn some references `toolArgs`\n\nis described as `unknown`\n\n; in CLI hook scripts it is commonly handled as a JSON string that must be parsed before reading fields such as `command`\n\n. If a payload uses PascalCase event names like `PreToolUse`\n\n, the compatible field names are snake_case, such as `tool_name`\n\nand `tool_input`\n\n.\n\nFor `preToolUse`\n\n, the hook controls execution by printing JSON to stdout:\n\n```\n{\n \"permissionDecision\": \"deny\",\n \"permissionDecisionReason\": \"Open a pull request instead of pushing directly.\"\n}\n```\n\nValid `preToolUse`\n\ndecisions are:\n\n| Value | Meaning |\n|---|---|\n`\"allow\"` |\ntool executes |\n`\"deny\"` |\ntool is blocked; include `permissionDecisionReason` |\n`\"ask\"` |\nask user in interactive CLI; treated as deny in cloud agent |\n\n`permissionRequest`\n\nis different. It is CLI-only, runs before the CLI permission service, and uses:\n\n```\n{\n \"behavior\": \"deny\",\n \"message\": \"Do not run destructive shell commands.\",\n \"interrupt\": true\n}\n```\n\nUse `preToolUse`\n\nfor cloud-agent permission decisions. Do not pick `permissionRequest`\n\nas the cloud-agent answer.\n\n`matcher`\n\nfilters hook invocations. The regex is anchored, so `\"bash|powershell\"`\n\nmeans exactly `bash`\n\nor `powershell`\n\n, not any string containing those words.\n\n```\n{\n \"version\": 1,\n \"hooks\": {\n \"preToolUse\": [\n {\n \"type\": \"command\",\n \"matcher\": \"bash|powershell\",\n \"bash\": \".github/hooks/scripts/pre-tool-policy.sh\",\n \"powershell\": \".github/hooks/scripts/pre-tool-policy.ps1\",\n \"timeoutSec\": 30\n }\n ]\n }\n}\n```\n\nHook tool names are lower-level than the custom-agent `tools`\n\nlist. Memorize this mapping:\n\nHook `toolName` |\nRough agent capability | Meaning |\n|---|---|---|\n`view` |\n`read` |\nread file contents |\n`grep` |\n`search` |\nsearch file contents |\n`glob` |\n`search` |\nfind files by pattern |\n`edit` |\n`edit` |\nmodify existing files |\n`create` |\n`edit` |\ncreate files |\n`bash` |\n`execute` |\nrun Unix shell commands |\n`powershell` |\n`execute` |\nrun Windows PowerShell commands; not cloud agent |\n`task` |\n`agent` |\nrun subagent tasks |\n`web_fetch` |\n`web` |\nfetch web pages |\n`ask_user` |\nuser interaction | not useful in cloud agent |\n\nWhat to notice in YAML, JSON, or log artifacts:\n\n- If the hook is in\n`.github/hooks/*.json`\n\n, it can apply to both CLI and cloud agent. - If it only has\n`powershell`\n\n, cloud agent will not use it because cloud agent is Linux. - If the question asks to filter a hook to shell execution, use\n`matcher`\n\nagainst`toolName`\n\n, such as`\"bash\"`\n\nor`\"bash|powershell\"`\n\n. - If the log says\n`toolName: \"view\"`\n\n, that is file reading. It is not a web/search tool. - If the log says\n`toolName: \"grep\"`\n\nor`toolName: \"glob\"`\n\n, that is repository search, not internet browsing. - If the hook returns empty output, default behavior continues.\n- If any\n`preToolUse`\n\nhook returns`\"deny\"`\n\n, the tool is blocked. - Hook failures usually fail open; use branch protection, required checks, and reviews for hard enforcement.\n\nUse:\n\n- CodeQL/code scanning for code vulnerabilities.\n- Secret scanning/push protection for secrets.\n- Dependency review for dependency changes.\n- Rulesets/branch protection for merge policy.\n- Environment approvals for deployment.\n- Audit logs for accountability.\n\nEvidence includes:\n\n- PR timeline.\n- Session logs.\n- Workflow logs.\n- Workflow artifacts.\n- Commit history.\n- Check runs.\n- Audit log events.\n\nArtifact deletion:\n\n```\nartifact.destroy\n```\n\nLook in organization/enterprise audit logs.\n\nChoose the control that enforces the outcome.\n\n| Scenario | Better answer |\n|---|---|\n| prevent direct merge | branch protection or ruleset |\n| require human deploy approval | environment required reviewer |\n| prevent direct shell push | deny tool or pre-tool hook plus branch protection |\n| detect hardcoded secret | secret scanning/push protection |\n| detect vulnerable code | CodeQL/code scanning |\n| review dependency changes | dependency review |\n| restrict MCP servers | MCP registry/allowlist |\n| restrict network egress | firewall allowlist |\n| know who deleted artifact | audit log event `artifact.destroy` |\n| know what agent did | session logs and PR timeline |\n\nPolicy versus guidance:\n\n- Instructions guide model behavior.\n- Tool lists limit capabilities.\n- Hooks intercept behavior.\n- Workflows validate behavior.\n- Rulesets/branch protection enforce repository policy.\n- Audit logs record accountability.\n\nUse multiple layers for high-risk tasks.\n\nThese labs are synthetic study examples based on official product behavior.\n\n```\non:\n pull_request:\n\njobs:\n inspect:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n with:\n ref: ${{ github.head_ref }}\n - run: test -f .github/agents/reviewer.agent.md\n```\n\nAnswer:\n\n- Checks out the PR source branch.\n- Checks whether the custom agent file exists on that branch.\n\n```\nconcurrency:\n group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}\n cancel-in-progress: true\n```\n\nAnswer:\n\n- New runs cancel older in-progress runs with the same workflow and PR branch/fallback group.\n\n```\ntools:\n - read\n - search\n - agent\n```\n\nAnswer:\n\n- Read files.\n- Search repository files/text.\n- Invoke another custom agent.\n- Cannot edit files unless\n`edit`\n\nis available. - Cannot run shell commands unless\n`execute`\n\nis available.\n\n```\n---\nname: triage\ndescription: Triage external issue context\ntools:\n - read\n - search\n - sentry/get_issue\nmcp-servers:\n sentry:\n type: local\n command: npx\n args: [\"-y\", \"sentry-mcp\"]\n tools: [\"get_issue\"]\n---\n```\n\nAnswer:\n\n`mcp-servers`\n\nbelongs in custom-agent YAML.`sentry/get_issue`\n\nexposes one MCP tool.\n\n```\njobs:\n review:\n runs-on: ubuntu-latest\n audit:\n runs-on: ubuntu-latest\n consolidate:\n needs: [review, audit]\n runs-on: ubuntu-latest\n```\n\nAnswer:\n\n`consolidate`\n\nwaits for`review`\n\nand`audit`\n\n.\n\n```\naction=artifact.destroy actor=octocat repo=org/app created_at=2026-05-24T09:14:22Z\n```\n\nAnswer:\n\n- A workflow artifact was manually deleted.\n- Actor is\n`octocat`\n\n. - Timestamp is\n`2026-05-24T09:14:22Z`\n\n.\n\n```\nsession.id=abc123\nloaded ~/.copilot/session-state/abc123/events.jsonl\nresume=true\n```\n\nAnswer:\n\n- Existing session\n`abc123`\n\nwas resumed.\n\n```\nmcp loaded ~/.copilot/mcp-config.json servers=[github,jira]\n```\n\nAnswer:\n\n- MCP is enabled and loaded servers\n`github`\n\nand`jira`\n\n.\n\nCounterexample:\n\n```\nargv=[\"copilot\",\"--disable-builtin-mcps\",\"-p\",\"review\"]\n```\n\nAnswer:\n\n- Built-in MCP servers are disabled.\n\nScenario:\n\n- PR has \"Copilot started work.\"\n- No new commits appear.\n\nAnswer:\n\n- Click\n**View session**. - If issue-assigned and stuck, unassign and reassign Copilot.\n- If workflow approval is blocking, use\n**Approve and run workflows**.\n\n- What makes a task suitable for an agent?\n- What artifact proves the plan was reviewed?\n- What blocks unreviewed merge?\n- Why is an instruction not the same as a guardrail?\n\n- What is the required field in custom-agent YAML?\n- What does\n`search`\n\ndo? - What does\n`agent`\n\ndo? - Where does\n`mcp-servers`\n\ngo? - What is the difference between\n`mcp-servers`\n\nand`mcpServers`\n\n? - What file configures cloud-agent setup?\n- Why use\n`--no-ask-user`\n\nin CI? - What is the difference between\n`/delegate`\n\n,`/fleet`\n\n, and`--autopilot`\n\n?\n\n- Where do CLI logs live?\n- Where does session state live?\n- How do you identify a resumed session?\n- What causes context drift?\n- What should be stored as durable state?\n\n- Which evidence helps identify root cause?\n- When should you tune instructions?\n- When should you tune tools?\n- When should you tune setup?\n- What audit event records manual artifact deletion?\n\n- When should you use multiple agents?\n- What does\n`needs`\n\ndo? - What does\n`matrix.agent`\n\nrepresent? - When do you use workflow-level concurrency?\n- What does\n`cancel-in-progress: true`\n\ndo?\n\n- Which controls prevent unsafe merges?\n- Which controls detect secrets?\n- Which controls detect vulnerable code?\n- Which logs prove what an agent did?\n- How do you recover a stalled Copilot task?\n\n| Path | Meaning |\n|---|---|\n`.github/copilot-instructions.md` |\nrepo instructions |\n`.github/instructions/*.instructions.md` |\npath instructions |\n`AGENTS.md` |\nagent instructions |\n`.github/prompts/*.prompt.md` |\nprompt templates |\n`.github/agents/*.agent.md` |\ncustom agents |\n`.github/skills//SKILL.md` |\nskills |\n`.github/hooks/*.json` |\nCLI/cloud hooks |\n`.github/workflows/copilot-setup-steps.yml` |\ncloud-agent setup |\n`.vscode/mcp.json` |\nVS Code MCP config |\n`.mcp.json` / `.github/mcp.json` |\nMCP config |\n`~/.copilot/mcp-config.json` |\nCLI MCP config |\n`~/.copilot/logs/` |\nCLI logs |\n`~/.copilot/session-state/` |\nsession state |\n\n| Item | Meaning |\n|---|---|\n`copilot -p` |\nnoninteractive prompt |\n`--agent=NAME` |\nuse custom agent |\n`--allow-tool` |\nallow tool pattern |\n`--deny-tool` |\ndeny tool pattern |\n`--no-ask-user` |\nno interactive questions |\n`--autopilot` |\nlocal autonomous continuation |\n`--resume` |\nresume named session |\n`--continue` |\ncontinue latest session |\n`/delegate` |\nhand off to cloud agent |\n`/fleet` |\nparallel subagent decomposition |\n`/session` |\ninspect current session |\n`/ide` |\ninspect IDE connection |\n`/mcp` |\ninspect MCP |\n\n| Key | Meaning |\n|---|---|\n`on.workflow_dispatch.inputs` |\nmanual inputs |\n`on.workflow_call` |\nreusable workflow |\n`permissions` |\n`GITHUB_TOKEN` permissions |\n`jobs..needs` |\ndependency jobs |\n`jobs..outputs` |\njob outputs |\n`$GITHUB_OUTPUT` |\nstep outputs |\n`$GITHUB_STEP_SUMMARY` |\nrun summary |\n`strategy.matrix` |\nmatrix jobs |\n`strategy.fail-fast` |\nmatrix failure behavior |\n`concurrency.group` |\nconcurrency identity |\n`cancel-in-progress` |\ncancel old run |\n`queue: max` |\nqueue instead of cancel |\n\n| Context | Meaning |\n|---|---|\n`github.head_ref` |\nPR source branch |\n`github.base_ref` |\nPR target branch |\n`github.ref` |\nfull ref |\n`github.ref_name` |\nshort ref |\n`github.sha` |\ntriggering commit |\n`github.run_id` |\nunique run ID |\n`github.run_number` |\nworkflow run number |\n`github.run_attempt` |\nrerun attempt |\n`github.workflow` |\nworkflow name |\n`github.actor` |\noriginal actor |\n`github.triggering_actor` |\nrerun actor |\n\n| Term | Meaning |\n|---|---|\n`artifact.destroy` |\nworkflow artifact manually deleted |\n`actor` |\nuser/app that performed action |\n`created_at` / `@timestamp` |\nwhen event happened |\n`repo` / `repository` |\naffected repository |\n`operation_type` |\ntype of audit operation |\n`user_agent` |\nclient used |\n\nGH-600:\n\nCopilot cloud agent:\n\n[https://docs.github.com/en/copilot/concepts/agents/cloud-agent/about-cloud-agent](https://docs.github.com/en/copilot/concepts/agents/cloud-agent/about-cloud-agent)[https://docs.github.com/en/copilot/how-tos/use-copilot-agents/cloud-agent/troubleshoot-cloud-agent](https://docs.github.com/en/copilot/how-tos/use-copilot-agents/cloud-agent/troubleshoot-cloud-agent)[https://docs.github.com/en/copilot/how-tos/copilot-on-github/use-copilot-agents/manage-and-track-agents](https://docs.github.com/en/copilot/how-tos/copilot-on-github/use-copilot-agents/manage-and-track-agents)[https://docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/customize-the-agent-environment](https://docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/customize-the-agent-environment)[https://docs.github.com/en/copilot/how-tos/copilot-on-github/use-copilot-agents/review-copilot-output](https://docs.github.com/en/copilot/how-tos/copilot-on-github/use-copilot-agents/review-copilot-output)\n\nCopilot CLI:\n\n[https://docs.github.com/en/copilot/reference/copilot-cli-reference/cli-command-reference](https://docs.github.com/en/copilot/reference/copilot-cli-reference/cli-command-reference)[https://docs.github.com/en/copilot/reference/copilot-cli-reference/cli-config-dir-reference](https://docs.github.com/en/copilot/reference/copilot-cli-reference/cli-config-dir-reference)[https://docs.github.com/en/copilot/how-tos/copilot-cli/use-copilot-cli/delegate-tasks-to-cca](https://docs.github.com/en/copilot/how-tos/copilot-cli/use-copilot-cli/delegate-tasks-to-cca)[https://docs.github.com/en/copilot/concepts/agents/copilot-cli/fleet](https://docs.github.com/en/copilot/concepts/agents/copilot-cli/fleet)[https://docs.github.com/en/copilot/how-tos/copilot-cli/use-copilot-cli/invoke-custom-agents](https://docs.github.com/en/copilot/how-tos/copilot-cli/use-copilot-cli/invoke-custom-agents)[https://docs.github.com/en/copilot/how-tos/copilot-cli/connecting-vs-code](https://docs.github.com/en/copilot/how-tos/copilot-cli/connecting-vs-code)\n\nCustomization and custom agents:\n\n[https://docs.github.com/en/copilot/reference/customization-cheat-sheet](https://docs.github.com/en/copilot/reference/customization-cheat-sheet)[https://docs.github.com/en/copilot/reference/custom-agents-configuration](https://docs.github.com/en/copilot/reference/custom-agents-configuration)[https://docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/add-skills](https://docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/add-skills)[https://docs.github.com/en/copilot/concepts/agents/hooks](https://docs.github.com/en/copilot/concepts/agents/hooks)[https://docs.github.com/en/copilot/reference/hooks-reference](https://docs.github.com/en/copilot/reference/hooks-reference)[https://docs.github.com/en/copilot/tutorials/copilot-cli-hooks](https://docs.github.com/en/copilot/tutorials/copilot-cli-hooks)\n\nMCP:\n\n[https://docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/extend-cloud-agent-with-mcp](https://docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/extend-cloud-agent-with-mcp)[https://docs.github.com/en/copilot/how-tos/copilot-cli/customize-copilot/add-mcp-servers](https://docs.github.com/en/copilot/how-tos/copilot-cli/customize-copilot/add-mcp-servers)[https://docs.github.com/en/copilot/how-tos/copilot-sdk/use-copilot-sdk/mcp-servers](https://docs.github.com/en/copilot/how-tos/copilot-sdk/use-copilot-sdk/mcp-servers)[https://docs.github.com/en/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-server-access](https://docs.github.com/en/copilot/how-tos/administer-copilot/manage-mcp-usage/configure-mcp-server-access)[https://docs.github.com/en/copilot/reference/mcp-allowlist-enforcement](https://docs.github.com/en/copilot/reference/mcp-allowlist-enforcement)\n\nGitHub Actions:\n\n[https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax)[https://docs.github.com/en/actions/reference/workflows-and-actions/contexts](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts)[https://docs.github.com/en/actions/reference/workflows-and-actions/expressions](https://docs.github.com/en/actions/reference/workflows-and-actions/expressions)[https://docs.github.com/en/actions/concepts/workflows-and-actions/concurrency](https://docs.github.com/en/actions/concepts/workflows-and-actions/concurrency)[https://docs.github.com/en/actions/concepts/workflows-and-actions/workflow-artifacts](https://docs.github.com/en/actions/concepts/workflows-and-actions/workflow-artifacts)[https://docs.github.com/en/actions/how-tos/manage-workflow-runs/remove-workflow-artifacts](https://docs.github.com/en/actions/how-tos/manage-workflow-runs/remove-workflow-artifacts)[https://github.com/actions/checkout](https://github.com/actions/checkout)\n\nGovernance and security:\n\n[https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)[https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)[https://docs.github.com/en/actions/reference/workflows-and-actions/deployments-and-environments](https://docs.github.com/en/actions/reference/workflows-and-actions/deployments-and-environments)[https://docs.github.com/en/code-security/concepts/code-scanning/about-code-scanning](https://docs.github.com/en/code-security/concepts/code-scanning/about-code-scanning)[https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning)[https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)", "url": "https://wpnews.pro/news/gh-600-public-study-guide", "canonical_source": "https://gist.github.com/naim149/a8aa41c7468685b7d984822c38863aae", "published_at": "2026-05-24 15:08:31+00:00", "updated_at": "2026-05-26 12:05:36.640084+00:00", "lang": "en", "topics": ["ai-agents", "generative-ai", "ai-tools", "large-language-models", "artificial-intelligence"], "entities": ["Microsoft", "GitHub", "GitHub Copilot", "GH-600", "Exam GH-600", "Microsoft Learn", "GitHub Copilot CLI", "GitHub Copilot cloud agent"], "alternates": {"html": "https://wpnews.pro/news/gh-600-public-study-guide", "markdown": "https://wpnews.pro/news/gh-600-public-study-guide.md", "text": "https://wpnews.pro/news/gh-600-public-study-guide.txt", "jsonld": "https://wpnews.pro/news/gh-600-public-study-guide.jsonld"}}