Get hands-on in this talk where we'll create a GitHub Copilot Extension from scratch. We'll use the Copilot Extensions SDK, https://github.com/copilot-extensions/preview-sdk.js, and Hono.js, covering best practices like payload validation and progress notifications and error handling. We'll also go through how to set up a dev environment for debugging, including port forwarding to expose your extension during development as well as the Node.js debugger. By the end, we'll have a working Copilot extension to demo. Learn how to leverage the extensions SDK, best practices: payload validation, progress notifications, and error handling, practical debugging techniques
Understanding GitHub Copilot Extensions
Nick Taylor kicks off by elaborating on what a GitHub Copilot extension entails. He describes it as a tool that extends Copilot with custom AI-powered workflows or third-party integrations. Taylor identifies two primary types of extensions: "skill sets" and "agent mode." Skill sets introduce new tools and services into Copilot, whereas agent mode offers complete control over the request-response cycle within a session. As Taylor puts it, “It knows what files you’re working on… and you can get the message history,” highlighting the depth of integration possible with agent mode.
The Security Imperative
Security is a cornerstone of Taylor’s discussion. He underscores the importance of a robust permissions model, noting that a Copilot extension requires a publicly accessible web application and a registered GitHub application. Permissions are necessary to read a user’s Copilot chat history and the editor context, albeit in a read-only capacity. Taylor reassures developers, emphasizing user control: “You just don’t want it all of a sudden just reading stuff without you knowing that it was doing that.”
Building and Deploying Your Extension
Taylor emphasizes practicality throughout his session. He introduces his own Copilot extension template, encouraging developers to explore it on GitHub. The process involves installing dependencies, exposing the development server via VS Code’s port forwarding, and configuring the GitHub app. Although the Preview SDK currently supports JavaScript/TypeScript, Taylor assures that backend implementations can be in any language.
A Live Demonstration
A highlight of the talk is Taylor’s live demo featuring a "wacky product manager" extension, designed to generate humorous feature ideas. This demo showcases the configuration process in GitHub and the use of utility functions like createAcknowledgeEvent and createConfirmationEvent. Taylor’s demo brings the extension to life, demonstrating iterative conversation in Copilot chat and providing a glimpse of its potential as a real PRD generator.
Conclusion and Best Practices
Taylor concludes by addressing code practices and the practical application of extensions in real-world scenarios. While some inline code was used for simplicity during the demo, he commends the open-source nature of Copilot, encouraging developers to expand and extend its functionalities. His session is peppered with humor and practical insights, making it both informative and engaging.
About The Speaker
Nick Taylor
Developer Advocate, Pomerium
Nick is a developer advocate at Pomerium, a zero trust, identity-aware proxy platform that enables secure, clientless connections to web applications and services without a corporate VPN. With over a decade of open source contributions and five years of professional open source experience at companies like OpenSauced, dev.to, and Netlify, he brings deep community knowledge to his work. You’ll often find him live streaming tech content, either solo or with friends from the community.
THE WEEKLY DIGEST
Subscribe
Sign up to be notified when we post.
Subscribe