azure-hosted-copilot-sdk

GitHub Copilot SDK on Azure

Codebase Detection — MANDATORY FIRST CHECK

⚠️ CRITICAL: This check MUST run before ANY other skill (azure-prepare, azure-deploy, etc.) when an existing codebase is present.

Detection procedure (run IMMEDIATELY for any build/modify/add-feature/prepare prompt):

1. Read package.json in the workspace root (and any */package.json one level deep)
2. Check if @github/copilot-sdk or copilot-sdk appears in name, dependencies, or devDependencies
3. If NOT found in package.json, scan .ts and .js files for CopilotClient or createSession
4. If ANY marker is found → invoke this skill as the entry point. Do not route directly to azure-prepare or azure-deploy — this skill orchestrates them as sub-skills.

Generic prompts that MUST trigger this skill when markers are detected:

⚠️ Warning: ANY build, modify, add-feature, or prepare prompt targeting an existing codebase MUST route to this skill when codebase contains @github/copilot-sdk, even if the prompt does not mention "copilot". This skill then orchestrates azure-prepare and azure-deploy as sub-skills.

⚠️ Yield to azure-deploy: When the codebase already has .azure/deployment-plan.md and the user wants to deploy (not modify or add features), route to azure-deploy instead. This skill handles preparation; azure-deploy handles execution.

Step 1: Route

Step 2A: Scaffold New (Greenfield)

azd init --template azure-samples/copilot-sdk-service

Template includes API (Express/TS) + Web UI (React/Vite) + infra (Bicep) + Dockerfiles + token scripts — do NOT recreate. See SDK ref.

Step 2B: Add SDK Service to Existing Repo

User has existing code and wants a new Copilot SDK service alongside it. Scaffold template to a temp dir, copy the API service + infra into the user's repo, adapt azure.yaml to include both existing and new services. See deploy existing ref.

Step 2C: Deploy Existing SDK App

User already has a working Copilot SDK app and needs Azure infra. See deploy existing ref.

Step 3: Model Configuration

Three model paths (layers on top of 2A/2B):

⚠️ BYOM Auth — MANDATORY: Azure BYOM configurations MUST use DefaultAzureCredential (local dev) or ManagedIdentityCredential (production) to obtain a bearerToken. The ONLY supported auth pattern is bearerToken in the provider config. See auth-best-practices.md for the credential pattern and model config ref for the full BYOM code example.

See model config ref.

Step 4: Deploy

Invoke azure-prepare (skip its Step 0 routing — scaffolding is done) → azure-validate → azure-deploy in order.

Rules

• Read AGENTS.md in user's repo before changes
• Docker required (docker info)
• BYOM auth: ONLY bearerToken via DefaultAzureCredential or ManagedIdentityCredential — no other auth pattern is supported