Lilly Tech Systems
Copilot Coding Agent
The Copilot Coding Agent is GitHub's autonomous AI developer — assign it an issue and it plans the changes, writes code, runs tests, and opens a pull request, all without human intervention.
What Is the Copilot Coding Agent?
The Copilot Coding Agent is a step beyond code completion and chat. While Copilot's other features assist you as you work, the coding agent works independently. You describe a task in a GitHub Issue, assign it to Copilot, and the agent takes over — reading your codebase, planning the implementation, writing code, creating or updating tests, and opening a pull request for your review.
This is true agentic AI: the system makes decisions, takes actions, observes results, and iterates until the task is complete. It operates in a secure, sandboxed cloud environment powered by GitHub Actions, so it has the same access your CI/CD pipelines have — no more, no less.
The coding agent is designed for well-defined, bounded tasks. It is not meant to architect entire systems or make design decisions. Think of it as a capable junior developer who can reliably implement features, fix bugs, and write tests when given clear instructions.
Setting Up the Coding Agent
Before using the coding agent, you need to enable it in your repository or organization settings:
- Go to your repository on GitHub.com and click Settings
- In the left sidebar, click Copilot > Coding agent
- Toggle Enable Copilot coding agent to on
- Choose which branches the agent can create PRs against (typically
mainordevelop) - Optionally, configure a copilot-setup-steps.yml file in
.github/to define the environment the agent uses (language runtimes, package installation, build commands)
Here is an example copilot-setup-steps.yml that configures a Node.js environment:
# .github/copilot-setup-steps.yml
steps:
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm ci
- run: npm run buildThis file tells the agent how to set up your project so it can run tests and verify its changes compile correctly.
The Agent Workflow: From Issue to Pull Request
Here is the complete lifecycle of a coding agent task:
Step 1: Create a Well-Written Issue
The issue is the agent's specification. The clearer and more detailed your issue, the better the result. A good issue includes:
- A clear description of what needs to change
- Acceptance criteria — what does "done" look like?
- References to relevant files, functions, or components
- Any constraints (e.g., "do not change the public API," "use the existing validation library")
Title: Add rate limiting to the /api/search endpoint Description: The /api/search endpoint currently has no rate limiting, which makes it vulnerable to abuse. Add rate limiting with the following requirements: - Use the existing `express-rate-limit` package (already in package.json) - Limit to 30 requests per minute per IP address - Return a 429 status code with a JSON error message when the limit is exceeded - Add the rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining) - Add unit tests for the rate limiting behavior Relevant files: - src/routes/search.ts (the endpoint to protect) - src/middleware/index.ts (where other middleware is registered) - tests/routes/search.test.ts (existing test file to extend)
Step 2: Assign to Copilot
Assign the issue to Copilot from the Assignees dropdown, or mention @copilot in a comment asking it to work on the issue. The agent will begin within minutes.
Step 3: Agent Plans and Implements
The agent creates a branch (named something like copilot/issue-42-rate-limiting) and works through the task:
- Reads the issue description and explores the repository to understand the codebase
- Creates an implementation plan (visible in the session log)
- Makes code changes across one or more files
- Runs the test suite to verify nothing is broken
- If tests fail, analyzes the errors and fixes its code
- Iterates until all tests pass or it reaches a stopping point
Step 4: Review the Pull Request
The agent opens a PR with a detailed summary of what it changed and why. Review it exactly as you would any human-authored PR.
Step 5: Iterate or Merge
If the PR needs changes, leave review comments. The agent reads your feedback and pushes additional commits to address it. When satisfied, approve and merge.
What the Coding Agent Handles Well
The coding agent excels at tasks that are well-defined and have clear success criteria. Here are the categories where it consistently delivers good results:
| Task Category | Examples | Success Rate |
|---|---|---|
| Bug fixes | Fix off-by-one errors, null pointer exceptions, incorrect return values | High |
| Adding tests | Write unit tests for existing untested functions | High |
| Small features | Add a new API endpoint, create a utility function, add form validation | High |
| Refactoring | Extract a class, rename variables across files, convert callbacks to async/await | High |
| Documentation | Add JSDoc comments, update README sections, generate API docs | High |
| Dependency updates | Update a library and fix breaking changes in the code | Medium |
| Medium features | Add authentication to an existing API, implement pagination | Medium |
Reviewing Agent-Generated Pull Requests
Reviewing PRs from the coding agent requires a slightly different mindset than reviewing human code. Here is what to focus on:
- Read the session log. Every agent PR includes a link to the session log showing the agent's reasoning, commands it ran, and decisions it made. This helps you understand why it made certain choices.
- Check for over-engineering. The agent sometimes adds more abstraction or complexity than needed. Look for unnecessary wrapper functions, excessive error handling, or unused imports.
- Verify test quality. The agent writes tests, but they may test implementation details rather than behavior. Ensure tests will not break on valid refactoring.
- Look for hardcoded values. The agent may hardcode values that should be configurable. Check for magic numbers, hardcoded URLs, or inline credentials.
- Confirm it followed your conventions. Does the code match your project's naming conventions, file organization, and error handling patterns?
# Good review comment for the agent: "The rate limit of 30 is hardcoded on line 15. Please move this to an environment variable RATE_LIMIT_PER_MINUTE with a default of 30, and read it in src/config.ts where other env vars are configured." # The agent will read this comment, make the change, and push a new commit.
Copilot Agent in GitHub Actions (CI Integration)
The coding agent runs inside GitHub Actions by default, which means it benefits from your existing CI/CD setup. Key details:
- The agent uses GitHub-hosted runners (or your self-hosted runners if configured)
- It can run your project's existing test suite, linting, and build steps
- CI results inform the agent's decisions — if tests fail, it reads the output and tries to fix the issues
- The agent respects branch protection rules, so it cannot merge its own PRs if approvals are required
You can customize the agent's CI behavior by adding specific steps to your copilot-setup-steps.yml:
# .github/copilot-setup-steps.yml
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- run: pip install -r requirements.txt
- run: pip install -r requirements-dev.txt
# The agent will automatically run pytest after making changesLimitations and When NOT to Use the Coding Agent
Understanding the agent's limitations is just as important as knowing its strengths. Do not use the coding agent for:
- Architecture decisions — The agent should not decide whether to use a microservices vs. monolithic architecture, or choose between databases. These decisions require human judgment.
- Large-scale refactoring — Rewriting an entire module or migrating frameworks is too complex. Break it into smaller issues instead.
- Security-critical code — Authentication, encryption, and access control logic should always be human-written and reviewed by a security engineer.
- UI/UX design — The agent cannot see what the UI looks like. It can write CSS and HTML, but it cannot judge visual quality or user experience.
- Performance optimization — The agent does not profile code or measure performance. It may write "correct" code that is inefficient.
- Tasks requiring external access — The agent runs in a sandboxed environment and cannot access external APIs, databases, or services during its session.
Real-World Use Cases
Here are practical scenarios where teams are successfully using the Copilot Coding Agent in production:
Use Case 1: Onboarding Backlog Cleanup
A team had 50 "good first issues" in their backlog — small bugs, documentation gaps, and minor enhancements. They assigned batches of 5-10 issues to the coding agent and reviewed the resulting PRs. In one week, they cleared 35 issues that had been sitting for months.
Use Case 2: Test Coverage Sprint
A project had 40% test coverage and needed to reach 80% for compliance. The team created issues like "Add unit tests for src/services/billing.ts" for each untested module. The coding agent generated comprehensive test suites for 20 modules, bringing coverage to 72% in three days.
Use Case 3: API Migration
When upgrading from Express 4 to Express 5, a team created issues for each breaking change: "Update route parameter syntax in src/routes/users.ts," "Replace deprecated req.host with req.hostname in src/middleware/logging.ts." The agent handled each migration task independently, making the upgrade manageable.
Use Case 4: Accessibility Fixes
After an accessibility audit flagged 30 components missing ARIA labels, alt text, and keyboard navigation, the team created issues for each component. The agent added the necessary attributes, and the team reviewed each PR against WCAG guidelines.