ā ļø MCP Safety Check (do this before you sleep)
- Remove high-risk tools you donāt need (merge/delete/admin).
- Scope tokens to least privilege and repo allow-lists.
- Add human-in-the-loop on deploy/merge tools (required reviewers or environment approvals).
- The related dramatics are further down, keep reading! š
š¦ Hey friends! I finally took the break Iāve been semi-planning for a while. Honestly, I almost extended it but I donāt much know what to do with myself if Iām not writing something every little bitāso here I am, up way too late (with appetizers, nonetheless). Partly delirious is, clearly, the perfect state for writing this post. You may consider yourself adequately notified (and sufficiently warned) that I make no promises of sense from this point forward! š„±š¤āļø
I am also fully aware of the missing half to the RAI Attribution post that I keep saying Iāll writeāand I will, eventually. Iām gonna blame GitHub partly, because their last release must have set a record somewhere. Iāve spent days reading notes, testing, circling back, and still finding things I somehow missed the first three passes.
The bigger piece, though, is that I had an idea (okayāseveral ideas š¤·āāļø) and need a little time to see if it can actually work. So nearly all my hours have gone to coding and prompting instead of writing. Canāt be helpedāthis situation currently demands my attention! Besides, arguing with those voices when they insist never ends well, so itās faster to just give in from the start.šš
GitHub Universe Review šŖ
Meanwhile, one of GitHubās recent updates claims theyāre adding a new user every secondā36 million new developers this year alone. Thatās about a 20% jump in everything GitHub, and AI tops the list. Which means Copilot just got a lot of upgrades.
Thanks to last weekās incredibly fullāread: excessiveārelease, I donāt know when Iāll catch up again. So I pulled together the ones that hit me hardest in a semi-ordered manner. Whether thatās good or bad, weāll see! āļøš³
š” ProTip: Nobody needs thirty feature drops in a single day. š Go look at the last week of October! GitHub, what were yāall thinking? Especially when GitHub Universe ā25 was happening the same day!
"Brave" is one word for it. This particular dev calls it a near-perfect example of "glutton for punishment"āand itās moved in next door to "Friday deployments". Honestly, you guys deserve a medal for sheer nerve, lots of luck, and probable animal sacrifice required to pull that one off successfully. š„ššāāļø
1. Agents, Agents, and More Agents š¦¾š
If your days are spent inside VS Code, then by far the most impactful change GitHub announced starts with a complete overhaul to chat modes. The obvious shift is that anything formerly known as a chat mode is now an agent in GitHub's universe. VS Code editor UI is catching up quickly, but configuration via repository files works today.
š¦ Why, yes! That "chat modes" mini-series I quite literally just finished immediately won the "poorly timed posts requiring instant corrections" award. š Honestly, I'm not really surprisedāand absolutely worth it.
Anything that currently lives in a .github/chatmodes/*.chatmode.md file can be safely relocated to its new home in .github/agents/*.agent.md. Besides a few settings, everything else in VS Code should still function the exact same wayābut watch for the release notes to drop. The official release notes should always be your version of truth.
If you're part of an organization or enterprise, there's a reserved <org-name>/.github repository available where you can drop your agents at ./agents/*.agent.md. For the internal version, add your agents in a repo at <org-name>/.github-private/agents/*.agent.md instead.
š¦ I haven't tested enterprise yet. I was already impatient with the whole approval process before this rose to a FOMO event! Naturally, I assigned "urgent" work to random somewhat adjacent roles (after I stretched) with a shocking level of confidence in this process I was defining as I went. SpoilerāI'm still waiting! ā³š
2. Agents Dashboard š§
Once you catch up on the rename, your favorite sparkly personalities are now fully compatible with Copilot coding agent. They live in the new Agents panel:
Youāll also see an Agents tab that lets you steer Copilotās coding agent mid-workflowāwithout killing your current run. Every send still costs a premium request, so use wisely!
š” ProTip: Markdown directives didnāt change much, but configuration did. Check the custom-agent docs for more info.
3. For the CLI Folks š„ļø
The new Copilot CLI is legit. Custom agents now extend to the latest CLI docs, which I haven't tested nearly as much as I'd like. Once you get the agent shared with either your repo or org, then use the /agent command or --agent=<name> flag. Thereās even mention of a local ~/.copilot/agents directory for global useāneeds testing, but itās promising.
GitHub also slipped in enhanced model selection, image support, and a streamlined UI in the October set of updates, making the CLI feel far more polished.
š¦ I'm still not caught up with the new CLI, so you guys are going to have to help me out with the functional half of this one! So go test it out and then come tell me everything I'm missing out on!
4. Coding agent reaches further āØ
Copilot coding agent can now work on any open pull requestānot just the one it createdāso no more stacked-branch dance. Use the same @copilot mention youād use on a Copilot PR, watch the little eyes š pop up, and let coding agent get to work.
It also works through Slack (assuming your Slack permissions actually line up) and through the new Copilot CLI. I would be much more excited about this development if work and GitHub werenāt in a stalemate over one permission that blocks access entirely. š
š¦ I do have a plan for the Slack issueā¦ sort of. Something must be done about this disservice to the Slack population! Until then, the receipts are here: coding agent in any PR and coding agent in Slack. āØ
5. Smarter Copilot Code Reviews š§¾
I've always loved Copilot's code reviews! It was a game changer when Copilot was able to pull instructions automatically from any repo. This latest change is just as impressiveānow your CodeQL and ESLint integrations can be checked automatically whenever Copilot performs a review. There's rumor about more linters on the way, soon!
One of my current favorite features includes these handy little notifications that pop up any time a linter error occurs in the most recent build. If you're not seeing them yet, you might need the preview feature enabled. Follow instructions in this previous post. š
š¦ When someone at work asked me why my PR was littered with lint warnings, my immediate response was, "I knowāisn't it great! š" Then I had to explain the divergent thought process that I completely failed to recognize through my initial excitement.
I did get around to it, eventually: "It's only great because these highlight the existing issues that would have been handled had I been aware of their existence. And I've just made it nearly impossible for any more to sneak in without notice!" Feel free to inject all the fervor you'd expect from a 7-year-old after a full bag of skittles for maximum immersive effect. š«£
6. New Embeddings = Smarter Copilot š§
This is the quiet one of the group, but seriously impressive nonetheless! This quiet update is hugeāembeddings now drive faster, more accurate code retrieval for Copilot. GitHubās Sept 2025 update reports +110%/+113% acceptance for C#/Java in VS Code, with ~37.6% retrieval gains. Most people wonāt even noticeātheyāll just feel Copilot getting smarter.
Considering almost all of my Java friends are still IntelliJ Enthusiasts, despite my persistence of missing out. And who knows what my C# friends are up toāmostly hiding, I think! š¤
š¦ Here's the GitHub Metrics if you love benchmarks. Worth a quick read, for sure!
7. Roster Rotation Changes the Lineup š
Quick reality check: model lineups shift fast. Treat anything labeled preview or legacy as volatile and pin versions until youāve verified replacements behave the same.
GitHub is really pushing the newest versions, which I'm 100% on board withāexcept for one tiny-ish-not-really complaint. š¤ What in the world are we supposed to use instead of the o-series models? I've seen the suggestion, which, as of this week, is drop in GPT-5 as the go-to replacement.
Seriously? Surely somebody thought through it more than that! I, no doubt, would have started a fresh debate with myself for making that utterly ridiculous suggestion! š
I'm not saying GPT-5 can't handle the jobāit probably does fine after some solid instructions and guardrails are set upābut it's not the replacement data magician that the now-entirely-unsupported o-series mastered. Not even a little close!
š¦ Honestly, I could get behind Gemini 2.5 Pro before GPT-5 on this one. For the very small-scoped runs, GPT-5-mini does top the freebie list. I guess we'll just have to see how this goes!
Other notable retirees include everyone on team Anthropic < v4, including Opus and Sonnet Thinking. Granted Claude 3.5 has a tiny bit of life left still, but cake and cards are scheduled to be delivered tomorrow for the goodbye partyāNovember 6, 2025.
š¦ For the record, if anyone asks me about the grander playing field of all Copilot models that we got in return? I've got very few complaints overall. I'm not going to be happy about it until I see a realistic replacement for my data magician, though. š Get your latest model news from the GitHub docs.
8. GitHub Spark š„
Spark is still limited to enterprise users plus a lucky few from the waiting list. You should consider this a special agentic "Bob the Builder" that's designed to output a very specific full-stack system: React + TypeScript + Cosmos DB + Azure deploys. I've yet to see anything impressive resembling a backendābut it's entirely possible I gave up before it had a chance.
Spark is not Copilotāif you try to ask it a question or if your prompt looks like a conversation, then you'll pay 4 premium requests for crickets (at best). š¦
You can open the Spark app in a codespace with Copilot (or so it says on this docs page). The two very independent systems are supposed to sync automatically, which is like two siblings arguing over whose turn it is to play with the new friend in town, if you ask me! But at least it's functional chaos. šÆ
š¦ I'm not even gonna pretend to feel guilty about getting early Spark access. š As far as I'm concernedābetween GitHub and work (it's mostly a toss-up)āI deserved that access long before I realized I already had it.
9. Agentic Workflows via GitHub Next āļø
Natural-language GitHub Actions Agentic Workflows got a short spotlight at Universe. Write a YAML-ish markdown file, run gh aw add ..., and it becomes a new workflow. Iām still testing the scalability and reuse story.
Iām not sure yet what this does that coding agent + CLI canāt, but I plan to find out. They have several examples, but the "Regular Documentation Update" workflow stands outābecause if thereās a non-regular one, I have questions!
š¦ Seriously, if my next ābrilliantā idea shows up in GitHubās release notes before I can even investigate the theory, Iām filing an official complaint for telepathic violation. š§ š„šØ
10. Not Nearly Everything š
Thereās plenty I left out on purpose: quiet CLI refinements, the auto-model picker (based on availability), smarter branch/PR optimizations, and Copilot Spaces with increased size and repo limitsāwhich is starting to look like GitHub positioning them to replace enterprise knowledge bases (that would be a good call!) š§
Then thereās the quietly rolled-out enhanced metrics reporting via the new billing API updates. Teams can finally see their usageānumbers, budgets, and whoās burning through premium requests fastest. Transparency: gift or curse? Guess we'll know who's winning the Premium Request Usage Leaderboard when stats drop at the end of the month.
šāāļø Umā¦ me. The answer is definitely me!
Friendly PSA for the GitHub MCP ā¼ļø
The GitHub MCP server also got a major boost with the latest updates, including multi-tool definitions and enhanced defaults for Copilot. Very cool, until Copilot decided to be extra "helpful".
- My first clue something was off: my name alerting on a merged PR that wasnāt mine. š²
- Second: I definitely didnāt click merge! š¤Ø
- Then the prod deploy pipeline started humming happily, but nothing is approved. š±
- Panic queues while Copilot joyously generates release notes for the occasion. š”
- Don't worryāeverything was fine. I stopped the catastrophe and was able to restore to an equivalent state. š
As soon as I recovered, I pulled all the tools from the official GitHub MCP and it could have been much, much worse! Like "DROP REPO" kinds of "worse"! Can you imagine how very bad that sort of day would be? NopeāI don't want to either!
š” ProTip: If youāre using GitHubās MCP (especially if you're admin anywhere), stop and review which tools are enabled by default. Trust me. You do not want to learn what happens following an āaccidental DROP REPOā command. šµ
š”ļø Written by a human with a mild espresso addiction
Fueled by caffeine, late-night release notes, and questionable curiosity. ChatGPT heckled, spell-checked, and occasionally offered existential advice.
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.