Note: GitHub also supports extending Copilot via the Model Context Protocol (MCP). See
extensions/mcp-serverfor the MCP-based alternative.
Build safe AI agents with natural language and 0% policy violations
Part of Agent OS - Kernel-level governance for AI agents
AgentOS brings safety-first AI agent development directly into GitHub Copilot. Create policy-compliant autonomous agents with natural language, backed by a 0% policy violation guarantee.
┌─────────────────────────────────────────────────────┐
│ "Create agent for..." │
└────────────────────┬────────────────────────────────┘
│
┌───────────▼───────────┐
│ 🛡️ AgentOS Extension │
│ │
│ • Agent Generation │
│ • Policy Enforcement │
│ • CMVK Verification │
│ • Compliance Check │
└───────────┬───────────┘
│
┌────────────────┼────────────────┐
│ │ │
┌───▼───┐ ┌───────▼───────┐ ┌───▼───┐
│ Code │ │ GitHub Actions│ │ Tests │
│Python │ │ Workflow │ │ │
│TS/Go │ └───────────────┘ └───────┘
└───────┘
@agentos create agent for processing customer feedback from Slack
Instantly generates:
- Agent code (Python, TypeScript, or Go)
- Safety policies
- GitHub Actions workflow
- Test suite
Browse templates by category:
- Data Processing: ETL pipelines, CSV processors, data sync
- DevOps: Deployment automation, monitoring, incident response
- Customer Support: Ticket routing, sentiment analysis, FAQ bots
- Content Management: Moderation, SEO, social media
- Security: Access audits, compliance checks, secret scanning
Automatic policy detection and enforcement:
- Rate limiting for APIs
- PII protection and redaction
- Authentication requirements
- Retry with backoff
- Audit logging
Built-in support for:
- GDPR - EU data protection
- HIPAA - Healthcare data
- SOC 2 - Security & availability
- PCI DSS - Payment card data
Code reviewed by multiple AI models for consensus-based safety.
| Command | Description |
|---|---|
@agentos create agent for [task] |
Create agent from description |
@agentos design workflow to [goal] |
Design multi-step workflow |
@agentos templates [category] |
Browse agent templates |
@agentos test |
Test agent with scenarios |
@agentos debug |
Debug agent failures |
@agentos compliance [framework] |
Check compliance (gdpr, hipaa, soc2, pci-dss) |
@agentos security |
Run security audit |
@agentos deploy |
Deploy to GitHub Actions |
@agentos review |
Review code with CMVK |
@agentos policy |
Show active policies |
@agentos audit |
View audit log |
@agentos help |
Show all commands |
User: @agentos create agent for monitoring API uptime and alerting on failures
AgentOS: 🤖 Agent Created: ApiUptimeMonitoringAgent
### Tasks
- Check API endpoint health
- Record response times
- Detect outages
- Send Slack alerts
### 🛡️ Safety Policies Applied
✅ API Rate Limiting (rate_limit): Limits API calls to prevent quota exhaustion
✅ Retry with Backoff (retry): Retries failed operations with exponential backoff
✅ Audit Logging (logging): Logs all agent actions for audit trail
[Generated Code]
[Deploy to GitHub Actions] [Test Agent]
- Go to GitHub Settings → Copilot → Extensions
- Search for "AgentOS"
- Enable the extension
git clone https://github.com/microsoft/agent-governance-toolkit
cd agent-os/extensions/copilot
npm install
npm run build
npm start# .env
PORT=3000
LOG_LEVEL=info
CMVK_API_ENDPOINT=https://api.agent-os.dev/cmvk
ALLOWED_ORIGINS=https://github.com,https://api.github.com,https://copilot.github.comALLOWED_ORIGINS is a comma-separated CORS allowlist. If not set, the extension
defaults to GitHub production origins.
Do not use wildcard or overly broad origins in production. Keep this list restricted to trusted GitHub domains used by your deployment.
Examples:
- Valid:
ALLOWED_ORIGINS=https://github.com,https://copilot.github.com - Invalid:
ALLOWED_ORIGINS=*orALLOWED_ORIGINS=ftp://example.com
If ALLOWED_ORIGINS is set but contains no valid http/https origins, the
service fails fast at startup with a configuration error.
This extension no longer uses wildcard CORS (*). Requests to protected API
routes must include an allowed Origin header.
Migration steps:
- Set
ALLOWED_ORIGINSexplicitly for your deployment. - Update clients and browser integrations to send an
Originheader. - Expect
403responses for disallowed origins and missing-origin requests on protected routes.
Create .github/agent-os.json:
{
"policies": {
"blockDestructiveSQL": true,
"blockFileDeletes": true,
"blockSecretExposure": true,
"blockPrivilegeEscalation": true
},
"compliance": ["gdpr", "soc2"],
"deployment": {
"requireApproval": true,
"allowedEnvironments": ["staging", "production"]
}
}| Endpoint | Method | Description |
|---|---|---|
/api/copilot |
POST | Handle @agentos chat commands |
/api/webhook |
POST | GitHub webhook endpoint |
/api/templates |
GET | List agent templates |
/api/templates/:id |
GET | Get template by ID |
/api/compliance |
GET | List compliance frameworks |
/api/compliance/validate |
POST | Validate against framework |
/api/audit |
GET | Get audit log |
/api/policy |
GET/POST | Manage policies |
/api/status |
GET | Service status |
/health |
GET | Health check |
/setup |
GET | Setup page |
/auth/callback |
GET | OAuth callback |
When you create an agent, AgentOS generates:
agents/
├── customer_feedback_agent.py # Agent code
├── customer-feedback-agent/
│ └── README.md # Documentation
policies/
└── customer-feedback-agent.yaml # Safety policies
tests/
└── test_customer_feedback_agent.py
.github/workflows/
└── customer-feedback-agent.yml # GitHub Actions
- All policy checks run locally
- CMVK is opt-in (code sent only when explicitly requested)
- Audit logs stored locally only
- No telemetry or analytics
- Secrets never logged or transmitted
- Chat response: <2 seconds
- Inline suggestions: <100ms
- Policy evaluation: <50ms
- Code generation: <5 seconds
docker build -t agentos-copilot .
docker run -p 3000:3000 agentos-copilotSee CONTRIBUTING.md for guidelines.
MIT License - see LICENSE.
Build safe AI agents with AgentOS