The art of simplicity

Techorama 2026 was a blast! Great content, great atmosphere and great people. And of course, the main conversation topic was AI and how it will shape our industry. Nobody knows what is coming next but at least we already got a glimpse into the future. I delivered a presentation about integrating the GitHub Copilot SDK into your application and hopefully proved how easy it is to get an agent running inside your systems. AI is moving from assistants we query to agents that collaborate with us inside our applications. By reusing the same agentic loop behind the Copilot CLI, the Copilot SDK makes that shift practical for every developer. In this session, we explore how to embed GitHub Copilot–powered agents directly into your apps, extend them with custom skills, and connect them to your own data and workflows. You’ll see how to design agent behaviors, orchestrate tool use, and create safe, reliable interactions that feel native to your product. Whether you’re building personal ...

If you looked at an older GitHub Copilot SDK example online and copied it over, there is a chance that you see the following error message when you try to execute the code: Unhandled exception. System.ArgumentException: An OnPermissionRequest handler is required when creating a session. For example, to allow all permissions, use CreateSessionAsync(new() { OnPermissionRequest = PermissionHandler.ApproveAll }); at GitHub.Copilot.SDK.CopilotClient.CreateSessionAsync(SessionConfig config, CancellationToken cancellationToken) So, what exactly is happening here? The important part is this: An OnPermissionRequest handler is required when creating a session. The GitHub Copilot SDK is designed with a permission-based execution model . Whenever Copilot wants to execute a tool, access resources, or perform potentially impactful operations, the SDK expects the host application to decide whether that action is allowed. This is done through the OnPermissionRequest callback. With older...

In the previous post we got a working .NET app talking to the Copilot agent runtime. We created a CopilotSession , sent messages through it, and saw how multi-turn conversations just work — the agent remembered what you said three messages ago without you having to manage that state yourself. That "just works" quality is deliberate, and it's worth understanding what's actually happening underneath. Sessions are the stateful core of the Copilot SDK. How you create, configure, scope, and dispose them determines whether your application is resilient, scalable, and cost-efficient — or fragile and leaky. This post goes deep on sessions: what they are, how their lifecycle works, how to persist them across restarts, and the patterns that hold up in production. The mental model: Client vs. Session Before getting into lifecycle specifics, it's worth being precise about the two core classes and what each one owns. CopilotClient is infrastructure. It manages th...

In the previous post talked about why the GitHub Copilot SDK matters: it gives you a production-grade agent harness out of the box, so you can skip building the infrastructure and focus on your actual product. Now let's make it concrete. This post walks through everything you need to get up and running with the SDK in .NET — from prerequisites to a working streaming agent with a custom tool. What we will build We’ll keep it simple. By the end of this post you'll have a console application that: Connects to Copilot's agent runtime Sends a prompt and receives a streaming response Has a multi-turn conversation with persistent context Calls a custom tool you define in C# Prerequisites You'll need three things before touching any code. 1. .NET 8 or later The SDK requires .NET 8+. Verify your version: dotnet --version 2. GitHub Copilot CLI, installed and authenticated The SDK communicates with the Copilot CLI running as a local process — it...

Building an agent sounds straightforward until you actually start. Before you write a single line of business logic, you're already deep in infrastructure decisions: How do you manage context across multiple turns? How do you orchestrate tool calls? How do you handle model routing, MCP server integration, permissions, failure modes, and safety boundaries? By the time you've answered all those questions, you've quietly built a small platform — and you haven't shipped anything yet. This is the tax that every team building agentic applications has been paying. Until now... Meet the GitHub Copilot SDK GitHub launched the Copilot SDK in technical preview in January 2026, and its core value proposition is refreshingly direct: stop building the harness, start building your product . The SDK gives you programmatic access to the same production-tested execution loop that powers GitHub Copilot CLI. That means the planning, tool invocation, multi-turn context management,...

While visiting multiple organizations and talking to colleagues about integrating AI into their software development lifecycle, I noticed something: The approaches couldn’t have been more different. Some teams were embedding AI deeply into every step of development—coding, testing, documentation, even architectural decision-making. Others were deliberately cautious, limiting AI to narrow, controlled use cases. Opposites. And yet, both felt… reasonable. That’s when it clicked for me: We are all beginners. Not in the dismissive sense. Not in a “we don’t know anything” kind of way. But in the ways as described inside the Dreyfus Model of Skill Acquisition .   The Dreyfus model, briefly The Dreyfus model describes how people acquire skills through five stages: Novice – Rely on rules and rigid guidelines Advanced Beginner – Start recognizing patterns, but still need support Competent – Can plan, prioritize, and make conscious de...

With the introduction of agent skills , we can teach our AI agent to handle our most repetitive and specialized workflows. After adding context through an agent.md file, integrating tool calls using MCP, creating our own Agents, this is a logical next step in defining your AI enabled software development lifecycle. Here's everything you need to know to get started. What are agent skills? Agent skills are folders of instructions, scripts, and resources that GitHub Copilot can load automatically when relevant to your prompt. Think of them as reusable "playbooks" you write once and invoke repeatedly — without having to re-explain the context every time. Unlike custom instructions , which set broad coding guidelines that apply across nearly every task, skills are meant for specialized, on-demand capabilities: things like running a specific test suite, converting file formats, generating components, or following a custom deployment checklist. How to create your firs...

GitHub Copilot CLI is my 'go-to' coding agent when I work directly from your terminal. It understands my codebase, proposes edits, runs commands, and helps me move faster without leaving the command line. As I care about privacy, offline workflows, or custom model experimentation, I decided to try Copilot CLI entirely on local LLMs using Ollama. No cloud dependency. No API keys. Just my machine, a local model and my workflow. In this post, I’ll walk through how to set it up, and how to use it effectively. Why combine Copilot CLI with Ollama? Copilot CLI gives you a powerful agentic interface for your codebase. Ollama gives you a fast, local model runtime with support for dozens of open models. Together, you get: Local-first AI coding:  keep your code and prompts on your machine Predictable performance:  no rate limits or network delays Model flexibility : swap between Qwen, Llama, Mistral, Gemma, and more Agentic workflows:  Copilot CLI can edit...

Yesterday I tried deploying a Docker image to Azure Container Apps and hit a wall with a cryptic error about an invalid operating system.  It took me a lot of time to find the root cause and fix it.Here's what happened, why it happens, and the exact command to fix it. The error After pushing an image to Azure Container Registry and pointing a Container App at it, the deployment failed with this message: Selected tag uses an invalid operating system ''. Error when deploying an Azure Container App image. The error is frustrating because it gave me almost nothing to work with; an empty string where the OS name should be. The image built and pushed just fine, so what's going on? Root cause The culprit is provenance attestation — a feature that Docker BuildKit enables by default when using docker buildx . When provenance is enabled, Docker generates an extra manifest layer containing build metadata. This results in a multi-platform image manifest (an OCI image i...

Security vulnerabilities in your dependencies are one of those things where I know that I should address them promptly, but the process of hunting down the right package version, understanding the scope of the issue, and making the change without breaking anything can turn a five-minute fix into a frustrating rabbit hole. With the Visual Studio March 2026 update, that workflow just got a whole lot smoother. GitHub Copilot can now help you fix NuGet package vulnerabilities directly from Solution Explorer, turning what used to be a manual research task into a guided, in-editor experience. What's new? When Visual Studio detects a vulnerability in one of your NuGet packages, you'll now see a Fix with GitHub Copilot link alongside the vulnerability notification in Solution Explorer. One click is all it takes to kick off the process: Copilot analyzes the vulnerability, identifies the appropriate dependency updates, and implements them for you — without disrupting the rest of y...

With the Data API builder, you can easily generate an API on top of an existing database. However typing out the configuration settings in the dab-config.json isn't much fun. The auto-entities features I talked about before can certainly help, but that is not always the right solution. With the integrated GUI in the MSSQL extension for Visual Studio Code, you can replace the manual JSON configuration with a visual interface that handles entity selection, CRUD permission mapping, API type targeting, and Docker-based local deployment — all without leaving the editor. This post covers exactly what the UI does, what it generates, and where it falls short. Entry points The DAB configuration view is accessible from two places: Object Explorer — right-click a database node → Build Data API (Preview)... Schema Designer — Design API button (top-right toolbar) or the Backend icon in the left panel Both open the same configuration surface. Entity selection Tables a...

While creating a workflow system with the Microsoft Agents SDK, I encountered the following error message when testing my workflow: System.InvalidOperationException: Cannot use a Workflow that is already owned by another runner or parent workflow. at Microsoft.Agents.AI.Workflows.Workflow.TakeOwnership(...) at InProcessRunnerContext..ctor(...) at InProcessRunner.CreateTopLevelRunner(...) It's cryptic if you haven't seen it before. But once you understand the ownership model, the fix is straightforward. What's actually happening .NET workflow runtimes treat workflow instances as stateful, non-reentrant objects. When a runner picks up a workflow, it takes exclusive ownership of that instance. No other runner — and no parent workflow — is allowed to touch it while that ownership is held. This is by design. Workflows accumulate state as they execute, and allowing two runners to share that state simultaneously would corrupt it. The runtime enforces ow...

Data API builder 2.0 (currently in public preview) is a major release focused on MCP and AI integration. Among its headline features is the ability to expose stored procedures as custom MCP tools , making them discoverable and callable by AI agents. No glue code, no middleware, no extra plumbing. In this post I'll walk through how the feature works, and show a practical example: wiring up a full-text search stored procedure as its own dedicated tool that any MCP client can discover and call by name. The idea: a dedicated search tool By default, DAB's SQL MCP Server exposes tables and views through generic DML tools — things like list_books , get_book , and so on. These are useful for straightforward CRUD, but they're not designed for complex operations like full-text search. With custom-tool: true , you can go further. Set that flag on a stored-procedure entity and DAB dynamically registers the procedure as a named, purpose-built tool in tools/list . The AI agent di...