Weekly DevOps Roundup: Governing Agents, Safer Pipelines

This week in DevOps, AI agents started to look less like helpers and more like production automation, so the focus shifted to guardrails: least-privilege identity, auditable tool access, and cost controls for token-heavy workflows. GitHub expanded MCP-based security checks (secret scanning GA and dependency scanning preview) and shared practical guidance for reviewing agent-generated pull requests, while Microsoft outlined patterns for governing multi-region agent sprawl and previewed an Azure Resource Manager MCP Server for structured ops automation. On the platform and infrastructure side, teams got updates that make change safer and more repeatable, from CodeQL and code-to-cloud correlation to Terraform stability, Azure cutover playbooks, and Kubernetes hardening and resiliency testing.

This Week's Overview

• AI agents in the delivery pipeline: governance, security, and cost controls
  • GitHub MCP Server adds secret and dependency scanning for agent workflows
  • Reviewing agent-generated pull requests like production changes
  • Least-privilege identity patterns for agents on Azure (azd template)
  • Governing agent sprawl with a multi-region landing zone reference architecture
  • Token spend becomes an ops problem: measuring and optimizing agent workflows
  • Azure Resource Manager MCP Server preview: tool-based access to ARM and Resource Graph
  • Centralizing Copilot CLI plugins and managing agent configuration at scale
• GitHub platform changes affecting DevOps workflows
  • CodeQL 2.25.3: Swift 6.3 support and query improvements
  • Defender for Cloud + GitHub Advanced Security: code-to-cloud correlation GA
  • Repository security advisory triage gets search and filters
  • Enterprise Live Migrations (ELM) preview for GHES to GHEC
  • Repository rulesets: user bypass actors and safer branch renaming
  • User-level setting to disable commit comments (plus API enforcement)
  • REST API deprecation: /rate_limit loses code_scanning_upload field on May 19, 2026
• Azure infrastructure and migration work: making change safer and repeatable
  • Terraform stability: migrating Azure managed disks with stable keys and state moves
  • Validation-driven Terraform for more predictable Azure Functions deployments
  • Near zero-downtime Azure PaaS cutovers with phased-parallel traffic shifting
  • ACR Artifact Cache now supports ACR-to-ACR upstream sources
  • Managed HSM customer-managed keys (CMK) deployments with Bicep
• Kubernetes and cloud-native security: auditing, hardening, and resiliency testing
  • Inspektor Gadget security audit: patched CVEs and hardening guidance
  • Single-region AKS high availability testing with Availability Zones
• VS Code, editors, and agent-enabled developer workflows
  • GitHub Copilot in VS Code: semantic indexing, /chronicle, and agent ergonomics
  • VS Code 1.120 (Insiders): agent session organization and safer terminal prompts
  • Zed 1.0: Rust-based editor with opt-in AI and parallel agents
• Other DevOps News

AI agents in the delivery pipeline: governance, security, and cost controls

This week had a clear theme: AI agents are moving from “helpful assistant” to “first-class automation actor” in CI/CD and ops, and teams are now filling in the missing guardrails. Building on last week's MCP-and-agent-ops thread (Goose + MCPUI and the push toward agents that execute real work with reviewable output), GitHub shipped more security coverage via the GitHub MCP (Model Context Protocol) server (secret scanning GA and dependency scanning in preview), while Microsoft published patterns for least-privilege agent authorization and for governing “agent sprawl” across regions.

At the same time, the operational reality is catching up: agent workflows can burn tokens fast, can be tricked (prompt injection), and can quietly broaden permissions (especially in GitHub Actions with an over-scoped GITHUB_TOKEN). The practical takeaway for DevOps teams is to treat agent setup like any other production system: define who can use which tools, log and audit behavior, and put cost controls and validation gates in the pipeline.

GitHub MCP Server adds secret and dependency scanning for agent workflows

Secret scanning with the GitHub MCP Server is now generally available, giving MCP-compatible agents a direct way to detect exposed secrets before they land in a commit or pull request. The important detail is that the GA release honors your existing push protection configuration, so your established detection and bypass rules carry over into the agent experience rather than creating a parallel policy surface.

In parallel, dependency scanning in the GitHub MCP Server entered public preview, exposing Dependabot-style checks (backed by the GitHub Advisory Database) to agents and MCP IDE integrations. In practice, this makes it easier to shift supply chain checks left into “draft code” time, but it also means you should review which repositories, branches, and actors can invoke these tools to avoid turning security tooling into an ungoverned automation backdoor.

• Secret scanning with GitHub MCP Server is now generally available
• Dependency scanning with GitHub MCP Server is in public preview

Reviewing agent-generated pull requests like production changes

As more teams accept agent-created PRs, review practices are becoming a DevOps control point rather than a code-style debate, and it directly extends last week's maintainer-pressure storyline around low-quality/LLM-driven PR volume by shifting the focus from “how to reduce noise” to “how to safely merge what you do accept.” A practical checklist this week focused on common failure modes: agents weakening CI, duplicating utility logic, introducing subtle bugs that still pass tests, and creating security exposure in LLM-powered GitHub workflows.

The guide also calls out two DevOps-specific risks that are easy to miss during review: prompt injection (where untrusted content alters agent behavior) and permission creep via the default GITHUB_TOKEN. If you're using agents to edit workflows or infrastructure code, review should explicitly include workflow diffs, tool invocation scope, and whether the agent changed any permissions or bypassed policy checks.

• Agent pull requests are everywhere. Here’s how to review them.

Least-privilege identity patterns for agents on Azure (azd template)

Curity and Microsoft published a new azd (Azure Developer CLI) template that deploys an AI agent app using a least-privilege authorization pattern built on short-lived OAuth 2.0 JWTs and token exchange. This also mirrors last week's GitHub warning about brittle assumptions in auth plumbing (token formats and pipeline credentials) by showing what “agent identity” looks like when you design for short-lived tokens and explicit authorization from day one. The template wires up Microsoft Entra ID with Curity Identity Server, adds API gateways with audit logging, and uses a layered Bicep deployment targeting Azure Container Apps.

For DevOps teams, the value is having a concrete starting point for “agent identity” that avoids long-lived secrets and pushes authorization decisions into claims-based checks. It also encourages treating audit logging and gateway policy as defaults, not bolt-ons, which matters when agents get access to operational APIs.

• Least privilege AI agents: A new azd template from Curity and Microsoft

Governing agent sprawl with a multi-region landing zone reference architecture

A reference architecture this week tackled the operational problem many teams are starting to hit: once you have multiple agents across teams, regions, and workloads, governance becomes fragmented fast. The proposed “AI agent landing zone” layers Azure API Management AI Gateway, Azure AI Foundry Control Plane, and Microsoft Agent 365 to centralize policy, safety controls, evaluation, and oversight.

The notable DevOps angle is that the architecture emphasizes a control plane mindset (policy and evaluation as shared platform capabilities) rather than per-agent bespoke configuration, which is a natural continuation of last week's “make guardrails scalable” thread (policies, moderation controls, and enforcement that does not depend on heroics). It also frames identity and oversight as platform primitives (including Microsoft Entra Agent ID), which is a useful signal for how to design multi-team rollout and prevent ad-hoc agent deployments from becoming unmanageable.

• Governing Agent Sprawl: A Multi-Region AI Agent Landing Zone on Azure (Reference Architecture)

Token spend becomes an ops problem: measuring and optimizing agent workflows

GitHub shared concrete techniques for cutting token usage in GitHub Agentic Workflows by first making it measurable. This pairs with last week's reliability mindset (treating hidden dependencies like transport/auth as things you can audit) by applying the same discipline to agent costs: instrument first, then optimize. Their approach included logging per-call usage, adding daily auditor/optimizer workflows, pruning unused MCP tools, and shifting deterministic data fetching out of the LLM loop into GitHub CLI steps.

The practical implication is that agent cost control looks a lot like performance work: instrument, identify hot spots, and refactor. If you're running agents in GitHub Actions, the “deterministic work in CLI steps” pattern is especially actionable because it reduces tool calls and keeps your agent prompts smaller and more stable.

• Improving token efficiency in GitHub Agentic Workflows

Azure Resource Manager MCP Server preview: tool-based access to ARM and Resource Graph

Microsoft announced a public preview of the Azure Resource Manager MCP Server, a remote MCP server that gives agents tool-based access to Azure Resource Manager operations. It includes natural-language-to-Azure Resource Graph queries and the ability to run ARM template deployments from VS Code.

This is a meaningful shift for ops automation because it moves “query and change Azure” into a structured tool interface that agents can call, rather than relying on free-form shell commands, and it builds directly on last week's MCP momentum (agents operating against real systems via MCP instead of custom glue). It also raises new governance questions (who can run which ARM operations, in which subscriptions, under which policies), so expect teams to pair this with Azure Policy, RBAC, and logging standards before enabling it broadly.

• Introducing the Azure Resource Manager MCP Server!

Centralizing Copilot CLI plugins and managing agent configuration at scale

Enterprise-managed plugins in GitHub Copilot CLI are now in public preview, enabling centralized control of plugin marketplaces, auto-install behavior, and baseline configuration through a shared settings.json. For enterprises, this is the missing “fleet management” layer that helps prevent each developer machine from becoming its own agent runtime with inconsistent tools and policies.

GitHub also added more flexible secrets and variables for Copilot cloud agent by introducing dedicated “Agents” secrets and variables, which echoes last week's warning about automation breaking on credential/token assumptions by making agent-specific secret handling more explicit and controllable. The key DevOps win is organization-level configuration with per-repository access controls, which makes it easier to roll out shared settings across many repos without copying secrets or creating fragile per-repo drift.

• Enterprise-managed plugins in GitHub Copilot CLI are now in public preview
• More flexible secrets and variables for Copilot cloud agent

GitHub platform changes affecting DevOps workflows

A cluster of GitHub platform updates this week focused on security scanning coverage, migration tooling, and repository governance controls. In the same spirit as last week's “plumbing that quietly breaks automation” (TLS and token format changes), these are the kinds of platform shifts that reward teams who inventory dependencies and keep internal tooling from hard-coding yesterday's assumptions. None of these are flashy on their own, but together they tighten the feedback loops teams depend on: scan results are easier to triage, rulesets are more flexible for real-world admin work, and GHES-to-cloud migration has a new “continuous sync then cutover” option.

CodeQL 2.25.3: Swift 6.3 support and query improvements

CodeQL 2.25.3 added Swift 6.3 support, which matters for teams scanning iOS/macOS codebases where toolchain versions can lag behind language releases. Coming right after last week's CodeQL modeling update (sanitizers/validators as models-as-data), this is the other half of keeping scanning effective over time: expand coverage while continuing to tune accuracy. The release also shipped multiple extractor and query improvements across languages, including higher-precision C/C++ queries and refinements to GitHub Actions security queries.

From a DevOps standpoint, this is a reminder to treat CodeQL version bumps like any other pipeline dependency: update, run it in CI, and review delta in findings. Higher precision can reduce noise, but it can also shift baselines and require tuning your triage process.

• CodeQL 2.25.3 adds Swift 6.3 support

Defender for Cloud + GitHub Advanced Security: code-to-cloud correlation GA

The Microsoft Defender for Cloud integration with GitHub Advanced Security is now generally available, bringing code-to-cloud correlation for deployed container artifacts. The integration surfaces runtime risk context inside GitHub security views and adds runtime-aware filters and campaign targeting across code scanning and Dependabot.

For teams already doing artifact attestations and using the Deployment Record API, this moves security triage closer to “what is actually running” instead of treating repository findings in isolation. It also nudges DevOps orgs toward a tighter linkage between build outputs, deployment records, and runtime posture data.

• Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available

Repository security advisory triage gets search and filters

GitHub added a search and filter bar to repository security advisories, letting you narrow by fields like severity, package, and ecosystem. This is a small UX change, but it directly impacts time-to-triage for teams juggling multiple advisories and coordinating patches across services, and it tracks with last week's theme that queue management (PRs, issues, and security work) is part of delivery reliability.

If you treat advisories as an operational queue (not a static record), better filtering reduces friction in weekly security review and makes it easier to spot patterns (for example, repeated issues in a single ecosystem).

• Search and filter bar for repository security advisories

Enterprise Live Migrations (ELM) preview for GHES to GHEC

Enterprise Live Migrations entered public preview as a new approach to migrate repositories from GitHub Enterprise Server (GHES) to GitHub Enterprise Cloud (GHEC) with continuous sync and a fast cutover. GitHub positioned ELM as complementary to GitHub Enterprise Importer, which implies a growing menu of migration paths depending on your constraints and data shape.

For DevOps teams, the big operational difference is the promise of reduced downtime and less “big bang” migration risk. You'll still want to validate which GHES versions include ELM and plan cutover windows and rollback, but continuous sync can simplify coordination with release trains and compliance checkpoints.

• Enterprise Live Migrations is now in public preview

Repository rulesets: user bypass actors and safer branch renaming

GitHub repository rulesets gained two changes that remove common admin pain. This continues last week's “guardrails, with controlled escape hatches” line (policy automation and maintainer controls) by making exceptions explicit and auditable instead of relying on weakening rules when something urgent comes up. You can now add individual users as bypass actors (via UI, REST API, and GraphQL), and repository admins can rename rule-protected branches as long as the new name stays within all applicable ruleset scopes.

This matters when you're tightening controls but still need controlled exceptions for incident response or migration work. It also reduces the temptation to weaken rulesets globally just to perform routine branch hygiene.

• Repository rulesets: User bypass and branch renaming

User-level setting to disable commit comments (plus API enforcement)

GitHub added a user-level setting to enable or disable commit comments by default for repositories owned by a personal account, with repository-level overrides still available. Disabling commit comments also blocks creating them via REST and GraphQL APIs, while keeping existing comments accessible.

While this is not a typical “DevOps feature,” it can affect automation that posts commit comments for reporting or compliance notes, similar to last week's theme of “quiet platform shifts that break brittle tooling.” If you have bots that rely on commit comments, make sure they have a fallback (issues, PR comments, check runs) and consider standardizing on more auditable review artifacts.

• Disable commit comments on the user level

REST API deprecation: /rate_limit loses code_scanning_upload field on May 19, 2026

GitHub will remove the code_scanning_upload field from the /rate_limit REST API response on May 19, 2026. If you parse this field in scripts or dashboards, update now to avoid unexpected failures.

This is the kind of change that tends to break quiet dependencies in CI health checks and internal tooling, and it fits right alongside last week's warnings about TLS/token format assumptions as another “grep it before it pages you” migration. A quick grep through your automation for code_scanning_upload is worth doing this week.

• Deprecation notice: code_scanning_upload field will be removed from rate_limit API endpoint

Azure infrastructure and migration work: making change safer and repeatable

The Azure-heavy DevOps stories this week centered on reducing risk during change: avoiding destructive Terraform churn, validating earlier in pipelines, designing cutovers for near-zero downtime, and improving supply chain performance with registry caching. This is a direct continuation of last week's “reliability-and-guardrails” direction, but expressed through infrastructure state, validation, and migration mechanics instead of GitHub connectivity/token plumbing. Across them, the common thread is shifting “surprises” out of production by making identity, validation, and deployment state more explicit.

Terraform stability: migrating Azure managed disks with stable keys and state moves

A Terraform guide highlighted a common pitfall: using index-based for_each keys can cause destructive churn for Azure managed disks when collection ordering changes. The suggested fix is to migrate to stable keys and use terraform state mv to preserve existing resources, avoiding delete-and-recreate behavior.

The post also shows a reusable GitHub Copilot skill to generate deterministic move commands, which can help when you have dozens or hundreds of state moves to perform. Even with assistance, the safe pattern is to generate the move plan, review it like a migration script, and then run it in a controlled sequence alongside plan validation.

• Safely Migrating Terraform Managed Disks on Azure Using Stable Keys and Copilot

Validation-driven Terraform for more predictable Azure Functions deployments

A case study described a “validation-driven Terraform” approach for Azure Functions that moves common deployment failures from terraform apply into pull request checks and plan stages. This echoes last week's “make gates enforceable via APIs and first-class evidence” theme (policy inspection at scale and richer test evidence) by treating Terraform validations as a pipeline contract, not tribal knowledge. The approach uses PR checks, Azure pre-flight checks, and Terraform-native validations (including input validation and preconditions) to catch issues earlier.

For DevOps teams, this is a useful reminder that Terraform code quality is pipeline quality. If your failures are happening late, adding validation primitives and enforcing them in CI can reduce noisy rollbacks and speed up review because reviewers see failures as structured checks, not runtime surprises.

• How Validation‑Driven Terraform Made Our Azure Function Deployments Predictable

Near zero-downtime Azure PaaS cutovers with phased-parallel traffic shifting

A step-by-step cutover strategy focused on phased-parallel migrations for Azure PaaS services, with explicit guidance on traffic shifting using Azure Front Door. It calls out messaging risks with Azure Service Bus, plus the need to validate HA/DR, observability, and rollback as first-class steps rather than “after we cut over.”

This is practical for teams migrating production APIs where DNS flips and one-time cutovers are too risky. A phased-parallel plan gives you time to compare behavior between old and new stacks under real traffic while keeping rollback straightforward.

• Cutover Strategy for Azure PaaS Services: A Step-by-Step Guide to Near Zero-Downtime Migrations

ACR Artifact Cache now supports ACR-to-ACR upstream sources

Azure Container Registry (ACR) Artifact Cache can now use another ACR as an upstream source, enabling ACR-to-ACR pull-through caching for promotion and registry hierarchy scenarios. The announcement includes supported networking and authentication combinations and an Azure CLI walkthrough using a user-assigned managed identity with RBAC roles.

For platform teams, this enables more controlled image flows between environments (for example, central build registry to regional run registries) without forcing every cluster to pull across long paths. It can also reduce external bandwidth and improve reliability when paired with Private Link and consistent identity configuration.

• Use Azure Container Registry as an Upstream Source for Artifact Cache

Managed HSM customer-managed keys (CMK) deployments with Bicep

A Bicep walkthrough covered deploying Azure Managed HSM, creating an RSA-HSM key, assigning RBAC roles, and configuring an Azure resource (example: Storage account) to use customer-managed keys. It also flags common failure points around permissions and how key rotation behaves.

If you're standardizing encryption controls in IaC, this is a useful map of the “sharp edges” that show up in real deployments. Treat RBAC and rotation as part of the deployment definition, not operational follow-ups, since mis-scoped permissions are a common cause of failed applies and delayed releases.

• Deploying Azure Resources with Managed HSM Keys Using Bicep

Kubernetes and cloud-native security: auditing, hardening, and resiliency testing

Kubernetes-focused DevOps content this week leaned toward trust-building: validate tooling, patch vulnerabilities, and test availability assumptions rather than relying on architecture diagrams. This fits cleanly with last week's “engineer reliability instead of retrying until green” mindset, just applied at the cluster and runtime layer instead of CI primitives. That includes both security (tool audits, RBAC hardening) and resilience (zone failure simulations and runtime validation).

Inspektor Gadget security audit: patched CVEs and hardening guidance

Inspektor Gadget completed its first independent security audit, resulting in patches for three vulnerabilities including CVE-2026-24905 and CVE-2026-25996. The audit also produced hardening recommendations aimed at safer Kubernetes and Linux host inspection deployments, which is relevant because eBPF-based inspection tools often require elevated access.

For operators, the actionable follow-up is to review how the tool is deployed in-cluster (RBAC scope, privileged access, and host visibility) and align it with least-privilege principles where possible. If you're using Inspektor Gadget as part of runtime debugging or security inspection, confirm you're running the patched versions and incorporate the audit's hardening guidance into your baseline cluster configuration.

• Inspektor Gadget Completes Its First Independent Security Audit

Single-region AKS high availability testing with Availability Zones

A guide on AKS high availability testing laid out a concrete validation plan for single-region deployments that rely on Availability Zones. It includes pod, node, zone, network, and dependency failure simulations, along with the metrics and checks used to confirm runtime resiliency under traffic (readiness/liveness probes, monitoring signals, and failure handling).

This type of test plan is useful because “multi-zone” is not automatically “highly available” unless your workloads, dependencies, and autoscaling behaviors are validated under stress. If you already use Azure Chaos Studio and Azure Monitor, the guide gives a practical way to structure experiments and decide which failures should be absorbed automatically versus escalated.

• High Availability Testing for Azure Kubernetes Service in a Single Region with Availability Zones

VS Code, editors, and agent-enabled developer workflows

Editor and IDE updates this week focused on making agent work more observable and controllable inside daily development. This extends last week's shift from “agents can do tasks” to “agents operate through real systems with UI and traceability” by pulling oversight (diffs, sessions, terminals, token usage) into the place developers spend their time. That includes VS Code changes around agent sessions, token usage, and safer terminal handling, plus Zed 1.0 reaching a milestone as a Rust-built editor with optional AI features that can be disabled entirely.

GitHub Copilot in VS Code: semantic indexing, /chronicle, and agent ergonomics

GitHub's April releases for Copilot in VS Code (v1.116-v1.119) emphasized better context and lower overhead: semantic search across workspaces and GitHub repos, the experimental /chronicle chat-history index, and reduced token usage through prompt caching and deferred tool loading. Agent-focused improvements included inline diffs, terminal access, browser tab sharing, BYOK model providers, and remote monitoring of Copilot CLI sessions.

If you're rolling this out across a team, the practical questions are now less about “can Copilot answer?” and more about policy and observability: which plans expose which capabilities, how you audit agent sessions, and how you budget token-based billing when semantic indexing and tool calls become part of daily workflows.

• GitHub Copilot in Visual Studio Code, April releases
• Visual Studio Code and GitHub Copilot - What's new in 1.119

VS Code 1.120 (Insiders): agent session organization and safer terminal prompts

Visual Studio Code 1.120 (Insiders) added multiple refinements for chat and agent workflows, including session organization changes and a model context size picker. It also improves handling of terminal password prompts, which matters when agents can interact with terminals and logs might otherwise capture sensitive input.

The release also introduced a proposed custom diff editor API (customDiffEditorProvider) and improved GitHub and Copilot CLI integrations. For DevOps-heavy repos, these editor-level changes can reduce friction when reviewing large agent-generated diffs and can improve safety when running scripts that prompt for credentials.

• Visual Studio Code 1.120

Zed 1.0: Rust-based editor with opt-in AI and parallel agents

Zed reached version 1.0, with DevClass highlighting its Rust implementation and LSP-driven language support. Its optional AI features include Zeta LLM predictions and parallel agents, and it provides a setting to disable AI entirely.

For teams evaluating developer environments, Zed's stance is useful: AI is a capability you can turn on when it fits the workflow, not a mandatory dependency. If your organization has strict policies, the ability to fully disable AI features can simplify adoption discussions while still benefiting from a modern editor core.

• Zed team releases version 1.0 of Rust-built editor: Traditional editor and AI tool

Other DevOps News

Several long-form guides this week focused on operationalizing AI-assisted development without turning it into a black box, picking up on last week's push to keep architecture and decisions reviewable in GitHub by turning specs, ADRs, and agent validation into first-class, PR-friendly artifacts. That included spec-driven development for more predictable generation, ADR drafting as a reviewable artifact, and patterns for building custom stand-up and validation agents that integrate with existing systems like Jira, Azure DevOps, and Terraform.

• Validating agentic behavior when “correct” isn’t deterministic
• Moving Beyond Prompts: A Practical Introduction to Spec-Driven Development
• Architecture Decision Records (ADR) Made Easy with AI
• The Daily Stand-Up Agent: A Custom Copilot for Summarizing Jira & Azure DevOps Progress
• Building an AI Agent for Azure Infrastructure Validation

Microsoft also published several “how-to run it” articles that fit squarely into DevOps execution: deploying Agent Framework agents to Foundry Hosted Agents with Entra ID and Application Insights, scaling Spark automation via high concurrency Fabric Livy sessions, and improving reliability and observability in large Azure Functions workloads.

• From Local to Production: Deploy Your Microsoft Agent Framework Agent with Foundry Hosted Agents
• High Concurrency Support for the Fabric Livy API— Scalable Spark Automation (Preview)
• Performance Tuning and Scaling Optimization for Large-Scale Azure Workloads

Migration and modernization content continued to expand beyond “lift and shift” into repeatable pipelines and guardrailed tooling, including Logic Apps migration automation, AWS-to-Azure best practices, and containerization-to-AKS workflows through VS Code tooling. If you're planning a multi-quarter program, these are useful as reference points for process and sequencing.

• Bringing all your Integration workloads to Logic Apps Standard
• Build and Deploy Logic App Workflows Using Visual Studio Code and CI/CD Pipeline
• From AWS to Azure: Practical Lessons and Best Practices from Real-World Migrations
• Containerization Assist Integration with AKS VSCode Extension

A few practitioner stories rounded out the week, including QA-focused Copilot usage with strict human review, Copilot Spaces used as a “best practices coach” grounded on a Markdown knowledge base, and a cautionary Copilot CLI mishap caused by an unintended extension prompt written to disk.

• From Test Cases to Trust: Elevating Enterprise Quality with GitHub Copilot
• Turning GitHub Copilot into a “Best Practices Coach” with Copilot Spaces + a Markdown Knowledge Base
• Shooting yourself in the foot with AI