The art of simplicity

GitHub Copilot CLI is my 'go-to' coding agent when I work directly from your terminal. It understands my codebase, proposes edits, runs commands, and helps me move faster without leaving the command line. As I care about privacy, offline workflows, or custom model experimentation, I decided to try Copilot CLI entirely on local LLMs using Ollama. No cloud dependency. No API keys. Just my machine, a local model and my workflow. In this post, I’ll walk through how to set it up, and how to use it effectively. Why combine Copilot CLI with Ollama? Copilot CLI gives you a powerful agentic interface for your codebase. Ollama gives you a fast, local model runtime with support for dozens of open models. Together, you get: Local-first AI coding:  keep your code and prompts on your machine Predictable performance:  no rate limits or network delays Model flexibility : swap between Qwen, Llama, Mistral, Gemma, and more Agentic workflows:  Copilot CLI can edit...

Yesterday I tried deploying a Docker image to Azure Container Apps and hit a wall with a cryptic error about an invalid operating system.  It took me a lot of time to find the root cause and fix it.Here's what happened, why it happens, and the exact command to fix it. The error After pushing an image to Azure Container Registry and pointing a Container App at it, the deployment failed with this message: Selected tag uses an invalid operating system ''. Error when deploying an Azure Container App image. The error is frustrating because it gave me almost nothing to work with; an empty string where the OS name should be. The image built and pushed just fine, so what's going on? Root cause The culprit is provenance attestation — a feature that Docker BuildKit enables by default when using docker buildx . When provenance is enabled, Docker generates an extra manifest layer containing build metadata. This results in a multi-platform image manifest (an OCI image i...

Security vulnerabilities in your dependencies are one of those things where I know that I should address them promptly, but the process of hunting down the right package version, understanding the scope of the issue, and making the change without breaking anything can turn a five-minute fix into a frustrating rabbit hole. With the Visual Studio March 2026 update, that workflow just got a whole lot smoother. GitHub Copilot can now help you fix NuGet package vulnerabilities directly from Solution Explorer, turning what used to be a manual research task into a guided, in-editor experience. What's new? When Visual Studio detects a vulnerability in one of your NuGet packages, you'll now see a Fix with GitHub Copilot link alongside the vulnerability notification in Solution Explorer. One click is all it takes to kick off the process: Copilot analyzes the vulnerability, identifies the appropriate dependency updates, and implements them for you — without disrupting the rest of y...

With the Data API builder, you can easily generate an API on top of an existing database. However typing out the configuration settings in the dab-config.json isn't much fun. The auto-entities features I talked about before can certainly help, but that is not always the right solution. With the integrated GUI in the MSSQL extension for Visual Studio Code, you can replace the manual JSON configuration with a visual interface that handles entity selection, CRUD permission mapping, API type targeting, and Docker-based local deployment — all without leaving the editor. This post covers exactly what the UI does, what it generates, and where it falls short. Entry points The DAB configuration view is accessible from two places: Object Explorer — right-click a database node → Build Data API (Preview)... Schema Designer — Design API button (top-right toolbar) or the Backend icon in the left panel Both open the same configuration surface. Entity selection Tables a...

While creating a workflow system with the Microsoft Agents SDK, I encountered the following error message when testing my workflow: System.InvalidOperationException: Cannot use a Workflow that is already owned by another runner or parent workflow. at Microsoft.Agents.AI.Workflows.Workflow.TakeOwnership(...) at InProcessRunnerContext..ctor(...) at InProcessRunner.CreateTopLevelRunner(...) It's cryptic if you haven't seen it before. But once you understand the ownership model, the fix is straightforward. What's actually happening .NET workflow runtimes treat workflow instances as stateful, non-reentrant objects. When a runner picks up a workflow, it takes exclusive ownership of that instance. No other runner — and no parent workflow — is allowed to touch it while that ownership is held. This is by design. Workflows accumulate state as they execute, and allowing two runners to share that state simultaneously would corrupt it. The runtime enforces ow...

Data API builder 2.0 (currently in public preview) is a major release focused on MCP and AI integration. Among its headline features is the ability to expose stored procedures as custom MCP tools , making them discoverable and callable by AI agents. No glue code, no middleware, no extra plumbing. In this post I'll walk through how the feature works, and show a practical example: wiring up a full-text search stored procedure as its own dedicated tool that any MCP client can discover and call by name. The idea: a dedicated search tool By default, DAB's SQL MCP Server exposes tables and views through generic DML tools — things like list_books , get_book , and so on. These are useful for straightforward CRUD, but they're not designed for complex operations like full-text search. With custom-tool: true , you can go further. Set that flag on a stored-procedure entity and DAB dynamically registers the procedure as a named, purpose-built tool in tools/list . The AI agent di...

If you've been maintaining a large dab-config.json , you know the pain: every table, view, and stored procedure needs its own entities block. Schema grows, config grows. Someone adds a table and forgets to update the config, and suddenly your API is silently missing endpoints. DAB 2.0 Preview introduces autoentities — a pattern-based approach that discovers and exposes database objects automatically, every time DAB starts. This post covers how it works, how to configure it from the CLI, and what to watch for. Getting started As DAB 2.0 is still in preview, you first need to install the preview version: dotnet tool install microsoft.dataapibuilder --prerelease Note: MSSQL data sources only, for now. Initialize a new dab-config.json file if it doesn't exists yet: dotnet dab init Remark:  Notice that we prefix dab with dotnet to avoid collisions with the globally installed release version. How it works Instead of defining each entity explicitly, you define one ...

After pulling some NuGet packages into my .NET Aspire project, I ran into this cryptic startup failure: Aspire.Hosting.DistributedApplicationException: Newer version of the Aspire.Hosting.AppHost package is required to run the application. Ensure you are referencing at least version '13.2.2'. at Aspire.Hosting.Dcp.DcpDependencyCheck.EnsureDcpVersion(DcpInfo dcpInfo) at Aspire.Hosting.Dcp.DcpDependencyCheck.GetDcpInfoAsync(...) at Aspire.Hosting.Dcp.DcpHost.StartAsync(...) The app host refuses to start, and the logs point you toward a version check deep inside DCP internals. The error message tells me that a minimum version of the hosting package is required,but no matter how many times I ran dotnet restore or update NuGet packages through Visual Studio, the error persists. That's because there are two places that pin the Aspire version. Why updating NuGet packages isn't enough Aspire AppHost projects use a special SDK reference at the very...

Yesterday, I created a minimal .NET project with DevUI and registered a couple of standalone agents. That gets you surprisingly far for interactive testing. But real business scenarios quickly outgrow a single agent: you need data flowing through multiple specialized steps, decisions being made along the way, and a clear picture of the whole pipeline. That's what workflows are for. In this post, we'll build a content review pipeline as a concrete example — a Writer agent drafts a response, a Reviewer agent critiques it, and a deterministic formatting step finalizes the output. All of it visualized in DevUI. Agents vs Workflows — the key distinction The Agent Framework docs put it cleanly: an agent is LLM-driven and dynamic — it decides which tools to call and in what order, based on the conversation. A workflow is a predefined graph of operations, some of which may be AI agents, but the topology is explicit and deterministic . You decide exactly what runs after what. ...

If you've been exploring the Microsoft Agent Framework , you've probably seen the Python DevUI example showcased prominently in the docs. DevUI is a fantastic inner-loop tool — it lets you visually inspect your agents: their messages, reasoning steps, tool calls, and conversation state, all in a browser dashboard while you develop locally. Think of it as Swagger UI, but for AI agents. The problem? When I went looking for a .NET / C# equivalent , I couldn't find one. The official Microsoft Learn page for DevUI samples simply said: "DevUI samples for C# are coming soon." — Not great when you're trying to ship. So I built one. This post walks through a complete, working .NET Core example using Microsoft Agent Framework 1.0, with DevUI wired up and ready to go. What is DevUI? DevUI is a lightweight developer dashboard shipped as part of the Microsoft Agent Framework. It is not intended for production — it's a local dev tool, similar in spirit to what...

While preparing our MFA rollout at ADFS level, we started making the switch from classic authorization rules to custom access control policies in ADFS. This post explains the difference and the rationale behind this switch. A tale of two mechanisms When you work with Active Directory Federation Services (ADFS), there are two ways to control what happens when a user tries to authenticate: authorization rules and access control policies . On the surface, they feel similar; both let you define conditions around user access. But under the hood, they represent two distinct generations of the same capability. Understanding the difference matters especially when implementing MFA, because the mechanism you choose affects flexibility, maintainability, and how cleanly your logic can scale. Authorization rules: the classic approach Authorization rules are the original ADFS mechanism, introduced back when claims-based identity was first baked into the platform. They use a proprietary la...

In my earlier posts about the GitHub Copilot CLI , I already introduced the /compact command, a slash command that summarizes your conversation history to free up context space, letting you keep working in the same session without losing momentum. Well, good news! It's no longer CLI-only. The February 2026 release of VS Code brings /compact directly into the editor, and it's part of a much broader story about making agents actually usable for the kind of long, messy, real-world tasks developers deal with every day. The Context Window problem Here's what happens without context compaction: you start an agent session, ask it to dig into a complex feature, go back and forth a few times, and eventually the conversation grows so large that the model starts losing the thread, or the session simply stops. You're forced to start over, re-explain everything, and lose all the accumulated understanding the agent had built up. Context compaction solves this by summarizing...

After a routine Visual Studio update silently upgraded Git for Windows to version 2.49.0, pushes to Azure DevOps started failing with a cryptic NTLM authentication error — even though our setup was supposed to use Kerberos. Here's what happened and how to fix it in 30 seconds. The symptoms You update Visual Studio (or Git for Windows directly), and suddenly any push to your Azure DevOps remote fails. The error mentions NTLM even though your network is configured for Kerberos. Typical signs: Git push fails immediately after a Visual Studio or Git for Windows update Error references NTLM authentication failure Clones and fetches from the same remote may still work The remote URL is an internal TFS/Azure DevOps server (e.g. https://tfs.yourcompany.com ) What changed Git for Windows 2.49.0 (shipped as MinGit 2.49.0) changed how it negotiates authentication for HTTPS remotes. The new default behaviour causes Git to attempt NTLM where it previously fell through ...

If you've spent any time working with GitHub Copilot in agent mode, you've probably hit that frustrating moment: the agent does something unexpected, picks the wrong tool, ignores a prompt file, or just… takes forever, and you have no idea why. Until recently, your only recourse was the raw Chat Debug view : useful, but dense, and not exactly designed for quick diagnosis. That changes with the Agent Debug Log panel, available in preview as of VS Code 1.110. What it is The Agent Debug Log panel shows a chronological event log of everything that happens during a chat session, including tool calls, LLM requests, prompt file discovery, and errors. Think of it as a structured, human-readable trace of your agent's entire thought process, rendered right inside VS Code. It replaces the old Diagnostics chat action with a richer, more detailed view, and is particularly valuable as your agent setups grow in complexity; custom instructions, multiple prompt files, MCP servers, and...