GitHub Copilot Custom Agents: Extend AI Across Your Stack

TL;DR

• GitHub Copilot now supports custom agents — Markdown-defined domain experts that extend AI across observability, security, IaC, and DevOps tools
• Partner-built agents from PagerDuty, JFrog, MongoDB, Terraform, and 15+ others are available today
• Agents work in Copilot CLI, VS Code, and github.com — no setup, just add a .md file to your repo
• This shifts Copilot from code completion to full-stack workflow automation that understands your team's rules and tools

The Big Picture

GitHub Copilot started as an autocomplete engine. Now it's becoming the control plane for your entire development workflow.

Custom agents are the mechanism. They're Markdown files that turn Copilot into a domain expert for whatever tool or workflow you need — incident response, security scanning, database migrations, Terraform reviews. You define the agent once, drop it in your repo, and it works everywhere Copilot does: CLI, VS Code, github.com.

This matters because your actual work doesn't happen in one editor. You're juggling PagerDuty alerts, JFrog security scans, MongoDB performance issues, Terraform drift, feature flag cleanup. Every tool has its own interface, its own context switching cost, its own tribal knowledge about how your team uses it.

Custom agents collapse that. Instead of opening five browser tabs and remembering which dashboard shows what, you ask Copilot. The agent knows your tools, your conventions, your compliance rules. It pulls data via Model Context Protocol (MCP) servers, applies your team's standards, and gives you actionable output.

The partner ecosystem launched with 20+ production-ready agents. PagerDuty for incident triage. JFrog for dependency vulnerabilities. Neon for database migrations. Amplitude for A/B test scaffolding. These aren't demos — they're solving real engineering problems today.

How It Works

A custom agent is a Markdown file with a YAML frontmatter block. That's it. No SDK, no deployment pipeline, no infrastructure.

Here's the structure:

--- 
name: terraform-agent 
description: Expert at reviewing and optimizing Terraform infrastructure code 
--- 

You are a Terraform specialist. Your expertise includes:

- Reviewing .tf files for security issues and best practices
- Identifying resource drift and configuration problems
- Suggesting optimizations for cost and performance
- Enforcing team conventions for module structure

Only work on Terraform files. Do not modify application code.

You drop this file into .github/agents/terraform-agent.md in your repository. Copilot picks it up automatically. No registration, no API keys, no config files.

The agent becomes available in three places:

Copilot CLI — the fastest path for terminal workflows. Run multi-step tasks, pipe output to scripts, integrate into CI:

copilot --agent=terraform-agent --prompt "Review my IaC for security issues"

VS Code — select the agent from the Copilot Chat dropdown. It has full context of your open files and workspace.

github.com — open the Copilot panel, switch to the Agents tab, pick your agent. Useful for code review or when you're already in the browser.

The agent doesn't just answer questions. It can read files, make changes, generate PRs, pull data from external tools via MCP. If you've used Copilot's memory system, this is the next layer — agents that don't just remember your codebase, but understand your entire stack.

Scope control happens at three levels. Repository-level agents live in .github/agents/ and only work in that repo. Organization-level agents go in a .github or .github-private repository and become available across all repos in your org. Enterprise-level agents work the same way but span your entire GitHub Enterprise instance.

This scoping matters for compliance. Your security team can define a JFrog agent with your company's vulnerability policies, publish it org-wide, and every developer gets the same security guidance without needing to remember the rules.

The partner agents use MCP servers to connect to external systems. When you run the PagerDuty agent, it's not hallucinating incident data — it's pulling real alerts from your PagerDuty account via API. Same with JFrog scanning your actual dependencies, MongoDB analyzing your real query patterns, Terraform reading your live infrastructure state.

MCP is the protocol that makes this work. It's an open standard for connecting LLMs to external data sources. GitHub didn't invent it (Anthropic did), but they're using it to turn Copilot into a universal interface for your dev tools.

The Markdown format is deliberate. It's versionable, reviewable, diffable. You can iterate on an agent in a PR, test it in a branch, roll it back if it breaks. It's infrastructure as code, but for AI behavior.

What This Changes For Developers

The workflow shift is immediate. Instead of context-switching between tools, you stay in your terminal or editor and ask Copilot.

Incident response example: You get paged at 2am. Normally you'd open PagerDuty, read the alert, check logs, correlate metrics, figure out what's broken. With the PagerDuty agent:

copilot --agent=pagerduty-incident-responder --prompt "Summarize active incidents and suggest next steps"

It pulls the alert context, correlates related incidents, suggests investigation paths based on your runbooks. You're not eliminating the work, but you're eliminating the tool-hopping and the "where do I even start" paralysis.

Security scanning example: Your CI fails because of a vulnerable dependency. You need to know which package, what CVE, what version fixes it, whether upgrading breaks anything. The JFrog agent does this in one command:

copilot --agent=jfrog-security --prompt "Scan for vulnerable dependencies and provide safe upgrade paths"

It identifies the vulnerable packages, checks compatibility, suggests upgrade versions, and can even patch your package.json or requirements.txt directly. Then it generates a PR description explaining what changed and why.

Database migration example: You're moving from a legacy Postgres instance to Neon's serverless platform. Schema migrations are risky. The Neon Migration Specialist agent reviews your migration files, flags unsafe operations (like dropping columns without a backfill), suggests indexing strategies, validates foreign key constraints.

The pattern repeats across every domain. Terraform reviews. MongoDB query optimization. Feature flag cleanup. A/B test scaffolding. The agent encodes your team's expertise so junior developers get the same quality guidance as senior engineers.

This also solves the "expert on vacation" problem. Your Terraform guru is out for two weeks. Normally that means risky deploys get delayed or pushed through without proper review. With the Terraform agent, the team's conventions are encoded and available to everyone.

The CLI integration is particularly powerful for automation. You can pipe agent output to other commands, run agents in CI, chain multiple agents together. Example: run the JFrog security agent in CI, fail the build if critical vulnerabilities are found, auto-generate a PR with fixes.

Try It Yourself

Pick an agent from the partner catalog. Here are the most immediately useful:

PagerDuty Incident Responder — triage production incidents faster:

copilot --agent=pagerduty-incident-responder --prompt "Summarize active incidents and propose next investigation steps"

JFrog Security Agent — fix vulnerable dependencies:

copilot --agent=jfrog-security --prompt "Scan for vulnerable dependencies and provide safe upgrade paths"

Terraform Infrastructure Agent — review IaC before deploy:

copilot --agent=terraform-agent --prompt "Review my Terraform files for security issues and best practices"

MongoDB Performance Advisor — optimize slow queries:

copilot --agent=mongodb-performance-advisor --prompt "Analyze this query and suggest optimizations"

LaunchDarkly Flag Cleanup — remove stale feature flags:

copilot --agent=launchdarkly-flag-cleanup --prompt "Identify obsolete feature flags safe to remove"

To add an agent to your repo, create .github/agents/<agent-name>.md and paste the agent definition from the catalog. Commit it. The agent is live immediately.

If you want to build your own agent, the GitHub docs have the full spec. Start simple — a README specialist, a commit message formatter, a code review checklist enforcer. Then graduate to agents that integrate with your internal tools via MCP.

The Bottom Line

Use custom agents if you're tired of context-switching between dev tools, or if your team has conventions that never get documented properly, or if you want junior developers to follow senior-level practices automatically. The PagerDuty, JFrog, and Terraform agents are production-ready today and solve real problems.

Skip this if you're a solo developer with a simple stack, or if your team doesn't use any of the partner tools yet. The value scales with team size and tool complexity.

The real opportunity here isn't the 20 partner agents — it's the pattern. GitHub is turning Copilot into a universal interface for your entire development workflow. The developer role is shifting from writing every line to orchestrating systems. Custom agents are the orchestration layer. If you're not experimenting with this now, you'll be playing catch-up in six months when your competitors have encoded their entire playbook into reusable agents.

Source: GitHub Blog