Renames the skill so its name makes the source-code-review scope explicit and
distinct from the existing config-focused `mcp-security-audit` skill (the
duplicate-detection check flagged the shared `mcp-security-` prefix; it is
advisory only). Also sharpens the description's first line to lead with
"implementation source code of MCP servers, clients, and tool handlers".
- Rename folder skills/mcp-security-baseline -> skills/mcp-implementation-security-review
- Update name field and H1 heading to match
- Regenerate docs/README.skills.md
Co-authored-by: Swetha Kumar <16600902+Swethakumar1@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add foundry-hosted-agent-copilotkit skill (development-focused)
Reworked from PR #2090 feedback: drops all scaffolding/sample-template
content and focuses on ongoing development with CopilotKit + AG-UI +
Azure AI Foundry hosted agents — adding/gating tools, human-in-the-loop
approvals, generative UI and shared state, event-stream debugging,
pre-1.0 dependency upgrades, and the hosted-agent deploy loop.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* Add HITL code examples to foundry-hosted-agent-copilotkit skill
Address review feedback: the .NET approval paragraph was prose-only.
Add a .NET snippet from the official Step04_HumanInLoop sample and
correct the type/behavior (ToolApprovalRequestContent; convert—not
remove—the request_approval call/result). Also add live-verified
Python snippets for hosted-agent approval-forwarding (#6652) and the
previous_response_id #6851 guard.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Add mcp-security-baseline skill
An Agent Skill that reviews MCP server and client source code against a security
baseline (5 controls, 7 RCE vectors, OWASP MCP Top 10) and produces a compliance
report with file/line evidence. Complements mcp-security-audit, which checks
.mcp.json configuration.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: remove ignored keywords field, link MCP spec
- Remove the top-level `keywords` field: it is not a recognized skill
front-matter field and is ignored (skills are indexed for search by
name + description only). The keyword terms are already present in the
description, so discovery is unaffected.
- Link the MCP 2025-03-26 specification at the protocol-version check so
the agent has it for quick reference.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: fix unsafe-deserialization example, link current MCP spec
- Change the unsafe-deserialization example from `yaml.load(..., Loader=yaml.FullLoader)`
to `Loader=yaml.UnsafeLoader` to reflect genuinely unsafe usage.
- Add a link to the current MCP spec revision (2025-11-25) alongside the 2025-03-26
baseline on the protocol-version check.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Swetha Kumar <16600902+Swethakumar1@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* Add pester-should-migration skill (experimental)
Companion to the pester-migration skill. Focuses on the optional move from
the classic v5 `Should -Be` assertion syntax to the new v6 `Should-*`
assertions (e.g. `Should -Be` -> `Should-Be`). Includes a full
operator-by-operator mapping and the behavioral gotchas (negation as a
separate command, BeExactly -> Should-BeString -CaseSensitive, truthy/falsy
vs strict bool, BeNullOrEmpty split, collections, pipeline unwrapping).
Marked experimental/preview: verified against Pester 6.0.0-rc2; the new
Should-* assertions may still change before the 6.0 release.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Trim experimental status callout in pester-should-migration
Address review feedback: drop the time-based, human-oriented preview guidance (release-candidate timing, "as of mid-2026", release-notes link) from the status callout, keeping a lean experimental marker. The agent has no concept of time, so that prose is just extra tokens.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Awesome Copilot Community <awesome-copilot-community@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* Add pester-migration skill
A self-contained, experimental skill that helps upgrade PowerShell Pester
test suites across major versions (v3->v4, v4->v5, v5->v6). One router
SKILL.md plus per-jump references. The v5->v6 guidance tracks Pester 6,
which is still a release candidate.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Regenerate skills index for pester-migration
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback on pester-migration skill
- Pin the stable-v5 install to -MaximumVersion 5.99.99 so it keeps
installing v5 after Pester 6 goes GA (SKILL.md).
- Make the baseline run command version-agnostic (bare Invoke-Pester)
and note that parameters differ across majors (SKILL.md).
- Replace the '->' mapping arrows inside powershell fences with
comment + valid replacement lines so snippets are copy/paste-safe
(SKILL.md v5->v6 cheat sheet, v5-to-v6.md, and v3-to-v4.md).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review: scope -SkipPublisherCheck, trim status callout, order references
- Drop -SkipPublisherCheck from the default install commands; scope it to
Windows PowerShell 5.1 (installing over the OS's Microsoft-signed built-in
Pester 3) per pester.dev install docs, instead of an unconditional default.
- Trim the experimental status callout: keep the preview marker, drop the
date-based, human-oriented wording.
- Reorder the References table into version progression order (v3->v4, v4->v5,
v5->v6).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: nohwnd <jakub@jares.cz>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* Add copilot-pr-autopilot skill
Skill that drives any GitHub pull request through repeated rounds of
Copilot Code Review until the agent has either resolved every thread
or explicitly escalated it to the human. Triggered via GraphQL (no
@copilot mention needed), triages every open thread with a fix /
decline / escalate rubric, replies and resolves each thread citing
the pushed SHA, then re-triggers until HEAD is reviewed with zero
threads awaiting the agent's reply.
Includes step scripts (01 request-review, 02 check-review-status,
03 list-open-threads, 08 reply-and-resolve, 10 cleanup-outdated),
shared library (_lib.ps1) with gh-CLI wrappers (Invoke-Gh,
Invoke-GhGraphQL, ConvertFrom-GhJson, Assert-GhReady), reply
templates, and reference docs for each step.
Repo-agnostic. Requires gh CLI on PATH and repo Triage/Write for
full autopilot; external PR authors get single-iteration mode with
manual re-trigger via the UI re-request button or a substantive
push.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review: split per-step references + add recap-gate circuit breaker
- Fix#1: give steps 1/7/10 their own reference files
(01-request-review.md, 07-commit-push.md, 10-cleanup.md); trim the
inline bodies out of orchestration.md so it stays cross-cutting only.
- Fix#3: add a recurring round-cap & recap gate to 09-convergence.md —
default STOP every 10th round, recap all prior rounds, detect drift
(out-of-scope / over-engineering / wrong-direction / belongs-in-separate-PR)
with CONTINUE / REVERT-AND-SHIP / HAND-OFF verdicts. Agent reasoning,
no new script.
- Surface the gate from SKILL.md and orchestration.md; regenerate
docs/README.skills.md. Markdown-only change; scripts unchanged.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(copilot-pr-autopilot): surface recap gate in decision pseudo-code; clarify Copilot+human convergence and round definition
- Inject the round-cap recap gate into the '## Decision: loop back or exit'
pseudo-code else-branch so an agent following the code block (not just the
prose) runs the STOP-every-10th-round check before looping.
- Broaden the 'never terminal' paragraph: non-convergence is driven by a
Copilot finding OR a human review comment (this skill handles both); the
loop ends only when there are no new comments from either source AND every
open thread (Copilot or human) has an agent reply/escalation.
- Define a 'round' explicitly as one execution of step 1 (01-request-review),
i.e. one Copilot-review trigger — the cap counts review rounds, not tool
calls or fix edits.
Markdown-only; no script changes.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* copilot-pr-autopilot: make recap-gate round count deterministic
Add 09-review-round.ps1: counts Copilot Code Review submissions straight
from the PR's API history (full GraphQL pagination), so the recap-gate
trigger is a derived number, not a fallible agent mental tally. This
removes the exact failure mode the skill exists to survive — a count
drifting across a long run (the real 156-round case).
The script reports Round + RecapDue (Round % RecapInterval == 0) only;
it never stops the loop or picks the verdict. CONTINUE / REVERT-AND-SHIP
/ HAND-OFF stays agent reasoning. 09-convergence.md updated to reference
the deterministic count while preserving 'no script stops the loop' and
'non-convergence = Copilot finding OR human comment'.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Regenerate docs/README.skills.md for copilot-pr-autopilot (add 09-review-round.ps1)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* azure-devops-cli: handle long comments on Windows (#2061)
On Windows 'az' is a cmd.exe batch wrapper capped at ~8191 characters,
so a long --discussion / --description value silently truncates or
fails. Document three verified ways out so the coding agent doesn't
waste 3-5 turns falling back to raw token retrieval and REST:
1. azps.ps1 in PowerShell on Windows. Same Azure CLI, invoked through
the Python entry point with no cmd.exe length cap. Pair with
'Get-Content -Raw' so the body lives in a variable, not on the
command line.
2. Native --file-path flags where Azure CLI offers them. Applies to
'az devops wiki page create' and 'az devops wiki page update', both
documented with --encoding.
3. 'az devops invoke --in-file' as the universal escape hatch for
commands with no --file-path (work-item --discussion, PR
--description). Documented example posts to the work item
comments REST endpoint with api-version 7.0-preview.3.
The earlier draft suggested the Azure CLI '@<file>' convention as a
generic substitute for inline string args. The official docs only
document it for JSON parameters and the CLI source uses
'get_file_json' specifically, so the claim is removed and replaced
with an explicit warning not to rely on it for plain string args.
Files touched:
- skills/azure-devops-cli/SKILL.md: new 'Posting long comments on
Windows' section with shell-detection table and three verified
options.
- skills/azure-devops-cli/references/boards-and-iterations.md: short
pointer at each --discussion example back to SKILL.md, plus an
inline PowerShell snippet.
Closes#2061.
* azure-devops-cli: move long-comments guidance to reference file (#2061 review)
aaronpowell asked for the Windows long-comments section to live as a
reference file rather than inline in SKILL.md, so the token weight
isn't always loaded into the agent's context.
- Move the "Posting long comments on Windows" section to a new
references/long-comments-on-windows.md verbatim.
- Strip the section from SKILL.md (56 fewer lines in the always-loaded
surface).
- Add the new file to the Reference Files table in SKILL.md with a
one-line "when to read" hint covering --discussion, --description,
and --content failures on Windows.
- Update the two pointer comments in references/boards-and-iterations.md
to point at the new reference file instead of the SKILL.md section.
docs/README.skills.md regenerated by 'npm run build' to pick up the
new reference file in the skill's bundled assets column.
* Refresh 6 stale instruction files flagged in #2133
Targeted refresh:
- blazor: C# 13 to C# 14. Drop the Visual Studio Enterprise mandate so contributors on VS Code or Rider aren't blocked by a paid SKU. Swap VS-only profiling for dotnet-trace and dotnet-counters.
- copilot-thought-logging: narrow applyTo from '**' to '**/Copilot-Processing.md'. Replace 9 Windows backslash paths with POSIX './Copilot-Processing.md' so the workflow works on macOS and Linux.
- genaiscript: drop the "avoid exception handlers or error checking" line. Replace it with: handle errors at I/O and external API boundaries, let unexpected exceptions surface.
- memory-bank: add the required 'description' frontmatter field (was a validation failure). Narrow applyTo from '**' to 'memory-bank/**'. Add an opt-in note so contributors know auxiliary files land in the workspace root.
Minor modernization:
- azure-functions-typescript: Node.js v20 to v22 LTS.
- localization: relative '../../issues' disclaimer link to absolute https://github.com/github/awesome-copilot/issues so it resolves regardless of the localized doc's path.
docs/README.instructions.md regenerated by 'npm run build' to pick up the new memory-bank description.
* revert applyTo narrow on copilot-thought-logging (#2133 review)
aaronpowell flagged that narrowing applyTo from '**' to
'**/Copilot-Processing.md' inverts the instruction. The instruction
tells Copilot to CREATE Copilot-Processing.md when handling any user
request, so it must apply globally, not only when that file is
already open.
Restore applyTo to '**'. Keep the POSIX path fixes (backslash to
'./Copilot-Processing.md') and the other 5 file fixes in this PR
unchanged.
---------
Co-authored-by: Aaron Powell <me@aaron-powell.com>
Retarget instructions/astro.instructions.md to Astro 7 and
instructions/svelte.instructions.md to Svelte 5 / SvelteKit 2, fix
outdated APIs, add current stable feature guidance, and trim non-code
(setup, deployment, testing-workflow, recap) content so each file
focuses solely on code structure and best practices.
Regenerated docs/README.instructions.md via npm start.
Co-authored-by: GeekTrainer <GeekTrainer@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The `name` frontmatter was `AWS CloudWatch Investigation`, which violated the Agent Skills spec and failed `npm run skill:validate` on main: name must be lowercase letters, numbers, and hyphens and must match the folder name (`aws-cloudwatch-investigation`). Correct the name and regenerate docs/README.skills.md so the validator passes (365/365) and the skills table renders consistently with every other entry.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add technical job search instructions for CV tailoring, cover letters, and offer evaluation
* chore: regenerate README.instructions.md after adding job search instructions
* refactor: convert technical-job-search from instruction to skill
Per reviewer feedback, instructions load on every turn and waste tokens
for content that is only useful during active job search sessions. A skill
is opted into explicitly, making this a better fit.
- Remove instructions/technical-job-search.instructions.md
- Add skills/technical-job-search/SKILL.md with equivalent content
- Update docs/README.instructions.md and docs/README.skills.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: regenerate README.skills.md
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* new hook fix-broken-links
* codespell: add ans for variable short for answer
* update: scripts hand off alternative url to copilot cmd
* codespell: add ext. arcade-canvas/game/phaser.min.js
* Apply suggestions from code review
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* update: rm em-dash from hook scripts
---------
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Add setup-my-iq skill
* Use forward-slash separators in setup-my-iq context pointers for cross-platform portability
* Fix stale step references (9c->10c, 9d->10d) in setup-my-iq SKILL.md
* chore(deps, docs): bump marketplace version to 1.46.0
- Refine execution priority guidance in agent documentation
- Imrpvoe discovery guidance
- Improve context cache guidance
- Add script usage guidelines to agent documentation
- Simplify agent input references
* feat: bump marketplace version to 1.47.0 and enhance agent workflows
- Add Bug‑Fix Mode with validation gate for `debugger_diagnosis` tasks
- Expand allowed task types to include `research`
- Reduce subagent concurrency limit from 4 to 2
- Update design validation handling for flagged tasks
- Update marketplace plugin version reference to 1.47.0
* chore: bump marketplace version to 1.48.0 and refine agent context envelope workflow documentation
- Enhance the Init section in gem-browser-tester.agent.md, gem-code-simplifier.agent.md, and gem-critic.agent.md with detailed context envelope handling, active context treatment, and reuse_notes trust/verification logic.
- Add explicit steps for safe assumption, verification before use, and controlled re‑reading of context notes.
* chore: refine verification of symbol usages before modifying shared components
* chore(marketplace): bump version to 1.50.0; refactor(gem-browser-tester): simplify workflow steps
* chore(docs): simplify Phase 0 task classification and streamline initialization
* chore: Merges teps for batching
* feat: Enhcanc esuport for trivial/ low complex tasks
* chore: bump version to 1.56.0 and add config settings for visual regression, devops approvals, and orchestrator complexity
* chore: fix toc links
* chore: Remove emojis from headings
* chore: Update readme
* chore: Enforce orchestration
* chore: clarify orchestrator role and bump version to 1.59.0
* chore: bump version to 1.61.0 and refine agent documentation
* chore: bump version to 1.62.0 and refine agent documentation
* chore: bump version to 1.63.0 and add mandatory rules notice to all agent documentation files
* chore: Improve batching instructions
- bump version to 1.64.0
* chore: refactor gem-planner agent definition and JSON output to remove redundant fields and simplify structure
* chore: bump marketplace version to 1.66.0 and refactor gem-planner plan format, update agent documentation to clarify reuse_notes and simplify structures
* aws plugin and adding few more aws agents
* updating the agent def
* fixed around skill validator results.
---------
Co-authored-by: Preyas Prakasan <preyasprakasan@Preyass-MacBook-Pro.local>
Replace the Bash namecheap.sh with a stdlib-only Python CLI (namecheap.py)
that resolves all Copilot PR review feedback:
- Cache the public IP once per run instead of per request
- Build API requests in-process via urllib so the API key never appears
in process argv or shell history
- Broaden multi-part TLD detection (co.uk, com.au, etc.) and document the
limitation
- Allow setup to update existing stored credentials
- Stop soliciting the API key via chat; use terminal getpass or env vars
- Remove non-portable Bash constructs (inline local, grep -oP)
Also normalize domain casing, preserve MX priority 0, accept
case-insensitive record types, and handle mixed-case email-forwarding
attributes. Update SKILL.md and regenerate the skills README.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add conventional-branch skill
Add a new agent skill for creating Git branches following the
Conventional Branch specification. The skill covers branch naming
rules, valid/invalid examples, type prefixes (feature/, bugfix/,
hotfix/, release/, chore/), trunk branch detection, and a
step-by-step workflow for branch creation.
The skill complements the existing conventional-commit skill and
references the specification at https://conventional-branch.github.io.
* fix: use explicit numbered workflow steps in conventional-branch skill
Replace markdown heading-based workflow steps (### 1., ### 2.)
with explicit 'Step N — Title' format for better agent
comprehension.
* Prepare for archiving of copilot-sdk-java repo in favor of java directory in copilot-sdk
* Update README
* Update with latest `java` from `copilot-sdk`.
### 16:37 Prompt
I have added `copilot-sdk-00` to this VS Code workspace. The `copilot-sdk-00/java` directory **is** the Copilot SDK for which this `copilot-sdk-java.instructions.md` is the instructions.
Do a deep read of the source code in `copilot-sdk-00/java`.
Do a deep read of the existing `copilot-sdk-java.instructions.md`.
Suggest any updates based on what should be changed in `copilot-sdk-java.instructions.md`, based on your findings.
### 16:51 Response
Now I have a comprehensive picture. Let me summarize the findings and suggest updates:
---
Based on my deep read of the Java SDK source code and the current copilot-sdk-java.instructions.md, here are the updates I'd suggest:
## Issues Found
### 1. Incorrect: `session.setModel()` documentation is slightly wrong
The instructions show `session.setModel(modelId)` — this is actually correct (it exists on CopilotSession), but the full signatures should be documented:
- `setModel(String model)`
- `setModel(String model, String reasoningEffort)`
- `setModel(String model, String reasoningEffort, ModelCapabilitiesOverride modelCapabilities)` *(since 1.3.0)*
### 2. Incorrect: `PreToolUseHookOutput` API
The instructions show:
```java
var decision = new PreToolUseHookOutput().setKind("allow");
```
But actually `PreToolUseHookOutput` is a **record** with static factory methods:
- `PreToolUseHookOutput.allow()`
- `PreToolUseHookOutput.deny()`
- `PreToolUseHookOutput.deny(String reason)`
- `PreToolUseHookOutput.ask()`
### 3. Missing: `CopilotClientOptions` fields not documented
These are in the source but not in the instructions:
- `setRemote(boolean)` — Mission Control integration
- `setTelemetry(TelemetryConfig)` — OpenTelemetry export *(since 1.2.0)*
- `setSessionIdleTimeoutSeconds(int)` — Idle timeout *(since 1.3.0)*
- `setExecutor(Executor)` — Custom thread pool
- `setTcpConnectionToken(String)` — TCP security token
### 4. Missing: `ToolDefinition.createSkipPermission()`
A third factory method exists *(since 1.2.0)* that skips the CLI permission request entirely. The instructions only mention `create()` and `createOverride()`.
### 5. Missing: Session listing with filters
The instructions show `client.listSessions()` but don't mention the overload with `SessionListFilter` that can filter by `cwd`, `gitRoot`, `repository`, and `branch`.
### 6. Missing: `session.log()` with URL
The instructions show `log(message, level, ephemeral)` but there's also a 4-param overload:
```java
session.log(String message, String level, Boolean ephemeral, String url)
```
### 7. Missing: MCP Server Configuration
The instructions mention `setMcpServers()` in the SessionConfig options list but don't show how to configure them. There are two types:
- `McpStdioServerConfig` — Local/stdio-based servers
- `McpHttpServerConfig` — HTTP/SSE remote servers
### 8. Missing: Cloud Sessions / Remote features
The `setRemote(boolean)` option on client options and per-session GitHub token support for cloud/content-exclusion scenarios.
### 9. Missing: `ModelCapabilitiesOverride`
Vision/image support can be controlled via model capabilities override, but this isn't documented.
### 10. Missing: `EventErrorPolicy` enum values
The instructions mention `EventErrorPolicy.SUPPRESS_AND_LOG_ERRORS` but don't list the other value: `PROPAGATE_AND_LOG_ERRORS` (which is the default).
### 11. Missing: `onLifecycle()` typed overload
There's also `onLifecycle(String eventType, SessionLifecycleHandler handler)` for filtering specific lifecycle events.
### 12. Minor: `send()` return type
`session.send()` returns `CompletableFuture<String>` (the message ID), which is worth mentioning since it can be used for correlation.
---
## Recommended Priority
**High priority** (incorrect info):
- Fix#2 (`PreToolUseHookOutput` API)
**Medium priority** (missing important features):
- Add #4 (`createSkipPermission`)
- Add #7 (MCP server configuration examples)
- Add #3 (missing client options)
- Add #5 (session list filters)
**Low priority** (nice-to-have completeness):
- Expand #1 (setModel overloads)
- Add #6 (log with URL)
- Add #9-12 (minor additions)
Would you like me to apply any or all of these updates to the file?
### 16:52 Prompt
Yes. Apply all of these.
### 16:54 Response
Created 12 todos
Now I have the full file. Let me apply all the changes:
Starting: *Fix PreToolUseHookOutput API (incorrect)* (1/12)
Replacing 84 lines with 199 lines in [](file:///e%3A/workareas/awesome-copilot-00/instructions/copilot-sdk-java.instructions.md)
```
```
Completed: *Fix PreToolUseHookOutput API (incorrect)* (1/12)
All 12 updates have been applied to copilot-sdk-java.instructions.md:
1. **Fixed** `PreToolUseHookOutput` — now uses correct static factory methods (`allow()`, `deny()`, `ask()`) instead of the incorrect `new PreToolUseHookOutput().setKind("allow")`
2. **Added** `ToolDefinition.createSkipPermission()` section (since 1.2.0)
3. **Added** 5 missing `CopilotClientOptions` fields: `remote`, `telemetry`, `sessionIdleTimeoutSeconds`, `executor`, `tcpConnectionToken`
4. **Added** `SessionListFilter` with `setRepository()`, `setBranch()`, `setCwd()`, `setGitRoot()`
5. **Expanded** `setModel()` to show all 3 overloads (model, reasoning effort, capabilities)
6. **Added** `log(message, level, ephemeral, url)` overload
7. **Added** full MCP server configuration section with `McpStdioServerConfig` and `McpHttpServerConfig` examples
8. **Added** `EventErrorPolicy` enum values with explanations
9. **Added** `onLifecycle(String eventType, handler)` filtered overload
10. **Added** note that `send()` returns `CompletableFuture<String>` (message ID for correlation)
11. **Added** `ModelCapabilitiesOverride` section with vision/limits configuration (since 1.3.0)
12. **Added** `remote` option for Mission Control / cloud session integration
13. **Bonus:** Expanded `SessionHooks` example to include all 5 hook types (`onPreToolUse`, `onPostToolUse`, `onUserPromptSubmitted`, `onSessionStart`, `onSessionEnd`)
Made changes.
### 16:54 Prompt
In the "## Core Principles" section. Add a bullet point that describes how `Optional` is used in the API.
### 16:58 Response
Searched for text `Optional` (`copilot-sdk-00` · `java/src/main/java/com/github/copilot/sdk/json/*.java`), 10 results
Searched for text `Optional` (`copilot-sdk-00` · `java/src/main/java/com/github/copilot/sdk/json/InfiniteSessionConfig.java`), 13 results
Replacing 7 lines with 8 lines in [](file:///e%3A/workareas/awesome-copilot-00/instructions/copilot-sdk-java.instructions.md)
```
```
Added the bullet point describing how `Optional<T>`, `OptionalInt`, and `OptionalDouble` are used on config class getters to distinguish "not set" from explicit values, while setters accept raw types and return `this` for fluent chaining.
Made changes.
### 16:58 Prompt
Consider this code from the Java README.
```java
public class CopilotSDK {
public static void main(String[] args) throws Exception {
var lastMessage = new String[]{null};
// Create and start client
try (var client = new CopilotClient()) { // JDK 25+: comment out this line
// JDK 25+: uncomment the following 3 lines for virtual thread support
// var options = new CopilotClientOptions()
// .setExecutor(Executors.newVirtualThreadPerTaskExecutor());
// try (var client = new CopilotClient(options)) {
client.start().get();
// Create a session
var session = client.createSession(
new SessionConfig().setOnPermissionRequest(PermissionHandler.APPROVE_ALL).setModel("claude-sonnet-4.5")).get();
// Handle assistant message events
session.on(AssistantMessageEvent.class, msg -> {
lastMessage[0] = msg.getData().content();
System.out.println(lastMessage[0]);
});
// Handle session usage info events
session.on(SessionUsageInfoEvent.class, usage -> {
var data = usage.getData();
System.out.println("\n--- Usage Metrics ---");
System.out.println("Current tokens: " + data.currentTokens().intValue());
System.out.println("Token limit: " + data.tokenLimit().intValue());
System.out.println("Messages count: " + data.messagesLength().intValue());
});
// Send a message
var completable = session.sendAndWait(new MessageOptions().setPrompt("What is 2+2?"));
// and wait for completion
completable.get();
}
boolean success = lastMessage[0] != null && lastMessage[0].contains("4");
System.exit(success ? 0 : -1);
}
}
```
I want to get across the very important JDK 25 comment. What's the best place to encode that knowledge in the instructions?
* Apply review suggestions
* Add visual-pr plugin: screenshot capture, annotation, PR embedding, and screen recording
Four skills that teach Copilot to capture UI screenshots (Playwright + PIL),
annotate them with algorithmic label placement, embed before/after images
in PR descriptions, and record animated GIF demos.
Includes demo images showing the annotation engine on GitHub Issues.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Update generated README tables and marketplace.json
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Embed annotate.py module in image-annotations skill
The full working module (annotate_image, grid_image, diff_images) is now
included as a code block so users can save it as annotate.py and import
directly. Scrubbed project-specific labels from examples.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: mss.mss() context manager, fix RECT struct, consistent placeholder
- Use mss.mss() context manager instead of mss.MSS() (ui-screenshots, screen-recording)
- Fix broken RECT struct in window+GIF combining example (screen-recording)
- Consistent projectId placeholder in AzDO upload example (pr-screenshots)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fresh pull of updated stage with 2 skills and updated README only
* adjusted skills after feedback and used skill analyser to review
---------
Co-authored-by: Mark Heynes <mutl3y@heynes.biz>
* fix(analyzer): update CWE mappings and terminology to official MITRE standards
* feat(analyzer): integrate CWE 4.20 AI/ML security weaknesses and modern Top 25 view
* fix(analyzer): normalize agent name to match filename and pass validation