The art of simplicity

As GitHub Copilot expands its capabilities through the Model Context Protocol (MCP), it introduces an extra security challenge: how to give developers access to powerful AI tools while maintaining control over what external services those tools can access. This post walks you through setting up a curated MCP registry and enforcing access controls across your organization or enterprise when using Github Copilot. Why restrict access? MCP servers extend Copilot's capabilities by connecting it to external tools, databases, APIs, and services. While this opens up incredible possibilities for developer productivity, it also introduces potential security risks. Without proper controls, developers could: Connect Copilot to unauthorized external services Expose sensitive data to third-party MCP servers Use tools that don't meet your organization's security or compliance requirements Bypass established security policies through AI-assisted workflows A way is n...

As AI coding assistants become more sophisticated, we're approaching a future where multiple agents might work on different parts of your codebase simultaneously. But there's a challenge: how do you let multiple processes work on the same repository without constantly stepping on each other's toes? One solution is to have agents work on dedicated machines like GitHub Copilot Agent does in a GitHub Codespace. But what if you want to have multiple agents working on your local machine? Enter git worktrees – a powerful Git feature that's been hiding in plain sight since 2015, and the perfect foundation for multi-agent development workflows. What are Git worktrees? Git worktrees allow you to check out multiple branches from the same repository simultaneously, each in its own directory. Think of it as having multiple working directories all sharing the same Git history, but each can be on a different branch. Here's the key insight: while the working directories...

When building applications with .NET's dependency injection container, misconfigured services can lead to runtime exceptions that only surface when a particular code path is executed. Consider this scenario: you've registered a service with dependencies, but accidentally forgot to register one of those dependencies. Without validation, your application starts successfully, but crashes later when someone tries to use that service: This only fails when OrderService is first resolved, which might be deep in your application logic or in a rarely-used code path. Failing fast A better option is to fail fast and be aware of this problem immediately. This is exactly what the ValidateOnBuild property does. It tells the DI container to validate all registered services during the application startup phase: Now, instead of a runtime failure later, you get an immediate exception during startup with a clear error message about the missing dependency. Remark: Be aware, this i...

Github Copilot can be your best friend inside your IDE but also a pain in the *** when it keeps coming up with suggestions you are not waiting for. Of course you could disable the Github Copilot extension in your IDE, but that would be a shame. Hit snooze A small but useful feature I discovered recently is the Snooze option in VSCode. This allows you to disable Copilot for a short amount of time (5 minutes by default). To use this feature, click on the Github icon in the right bottom corner of VSCode: Now you see a Snooze button. Click on it to hide completions and suggestions for the next 5 minutes. A timer appears counting down and the Copilot icon is updated to indicate that the snooze mode is active (nice touch). You can cancel the snooze period at any moment by clicking on the Stop button.

With the ever growing list of supported AI models in Github Copilot, there is one question that is getting harder to answer. Which model should I use?  You can try to safe some money and stay away from the premium request models, but even then you have a lot of options to choose from. You also could check out the model recommendations based on the task you try to achieve but isn’t there a better way? Enter Auto mode With the latest update of GitHub Copilot in Visual Studio Code now a new Auto option is available. When you select Auto from the model picker, Copilot will select an appropriate model for you.   It is not clear what criteria are used to select a model but you can find out the chosen model at the bottom of the response:   Be aware that it is be possible that Auto mode could choose a premium request model, although a discount of 10% is applied when auto mode selects a premium requests model (if you are using a paid plan). For example, Sonn...

I was listening to the Coaching for Leaders podcast recently, and Scott Keller shared something that stopped me mid-stride: the six-word story exercise. His example was the famous Ernest Hemingway line (though its true authorship is debated): "For sale: baby shoes. Never worn." Six words. An entire world of heartbreak, hope deferred, a nursery that stayed empty. I must have read that sentence three times, feeling the weight of everything left unsaid. And then Keller posed the challenge: What's your six-word leadership story? I sat with my notebook open. Pen ready. And... nothing. The power of constraint There's something almost unfair about this exercise. Six words feels impossibly small. I've written mission statements, vision documents, strategic plans that span pages. I've crafted carefully worded emails, given presentations with dozens of slides. Six words? But that's exactly the point. When you have six words, you can't hide behin...

Yesterday I started exploring the Github Copilot CLI. Turned out that there was more to talk about than what would be good fit for one blog post. So here is a continuation of my previous post. In case you missed, go read that post first before continuing here. Ready? Let's dive in again! Let’s explore some features Switching between models The Github Copilot CLi was using Claude Code in my previous examples. I don’t know if that is the default or that there was a specific reason that this model was used by the CLI but you can easily switch between models through the /model command. Hit enter to get a list of available models: Select a mode and hit enter: Extensibility with MCP servers Copilot CLI ships with the GitHub MCP (Model Context Protocol) server built-in, enabling repository interactions and issue searches. But you can extend it further by adding any MCP server from the registry using /mcp . Want to integrate Playwright for browser testing? Need to connect ...

In my continuous journey to become an AI native developer, I reserve some time every day to discover new tools and try new ways of working. Today I decided to give the new Github Copilot CLI a try. As developers we spend a significant portion of our day in the terminal. Cloning repositories, installing dependencies, debugging issues, running builds, and navigating codebases—all without leaving the command line. But when you needed AI assistance from Github Copilot, you had to break your flow and switch to your editor or browser. Other AI vendors like Claude Code even offers a command line first experience, but a similar experience for Github Copilot was missing. Until now. What is GitHub Copilot CLI? GitHub Copilot CLI brings AI-powered assistance directly to your terminal. It's a command-line tool that lets you leverage the power of GitHub Copilot without ever leaving your shell. No context switching, no workflow interruptions—just you, your terminal, and an intelligent as...

Today, when building web applications, security has to be a top priority. An easy mistake to make is forgetting to add the [Authorize] attribute to controllers or actions inside your ASP.NET Core backend. This creates a security vulnerability where sensitive pages become accessible to unauthenticated users. Of course, you could create a SecureBaseController class that includes this attribute but now you need to remember to inherit from this base class. Instead of remembering to secure every single endpoint, what if we could flip the script and make authentication the default? Setting an Authorization Fallback Policy ASP.NET Core provides a powerful feature called the Authorization Fallback Policy . This allows you to require authentication globally across your entire application, making security the default rather than an opt-in feature. To implement it, in your Program.cs file, configure the authorization services with a fallback policy that requires authenticated users: ...

Every developer has felt that moment of panic: "Did I just run that DELETE statement on production?" A colleague (thanks Jef!) pointed out a nice trick in SQL Server Management Studio to avoid such kind of heart-stopping moments. Turns out there is simple yet powerful feature in SQL Server Management Studio (SSMS) called Connection colors that does exactly what the name suggests. Let’s find out how to use this feature… The problem: Context switching gone wrong When you're managing multiple SQL Server environments—development, staging, and production—it's surprisingly easy to lose track of which connection you're working with. All it takes is one misplaced query execution, and suddenly you're: Dropping tables in production Running test data scripts on live systems Executing resource-intensive queries during peak hours Modifying critical data without proper backups The consequences can range from embarrassing to career-threatening. Th...

By default every request inside your HTTP file is independent from any other request. But what if you want to use the output of one request as the input of another request? This is exactly what you can achieve using request variables. Creating resources with dependencies As an example I created a new ProjectController that we will use to: Create a new project Use the returned project id to create and assign a new task to this project I updated the http file with a new request to create the project. Notice that I included a createProject variable to name the request. I can now use this createProject variable in other requests. In our example I extract the project id value from the response: The following table describes the syntax in more details: Element Description requestVarName ( login in this case ) Request Variable which is being referenced. response|request Whether the value will be...

Yesterday I explained how you can introduce environment specific variables when using .http files in Visual Studio. But now we need to repeat these variables for every environment even when they stay the same. In this post I show how to avoid this by introducing the special $shared environment. The $shared environment Visual Studio 2022 version 17.12 introduced the $shared environment, which is perfect for variables that should be available across all environments: You can now use these shared variables no matter which environment you have selected: More information Use .http files in Visual Studio 2022 | Microsoft Learn

HTTP files provide a convenient way to test your API’s inside Visual Studio. In this post we'll look at a specific feature; the usage of environment-specific variables that let you seamlessly switch between environments without modifying your request files. Getting started with .http files Before diving into environment variables, let's understand the basics. When you create an ASP.NET Core project in Visual Studio 2022, you'll often find a .http file already in your solution. Here's a simple example: Variables are defined with @variableName = value and referenced using {{variableName}} . The ### delimiter separates multiple requests in a single file. Creating environment files The real power comes when you externalize these variables into environment files. Visual Studio supports two types of environment files: 1. http-client.env.json (Shared) This file contains environment configurations that are shared across your team and typically committed to sourc...