This week’s Copilot Weekly is one of the biggest in recent memory. VS Code 1.115 shipped a new companion app for running parallel agent sessions, Autopilot mode arrived in public preview, remote control of CLI sessions launched, and GitHub quietly checked off a major enterprise compliance box with FedRAMP Moderate and regional data residency. There’s a lot to unpack.

VS Code 1.115: The Agent-Native Release

VS Code Agents Companion App

The headline feature in VS Code 1.115 (April 8) is the VS Code Agents companion app, shipping inside VS Code Insiders with no separate install required. It’s designed for running multiple agent sessions simultaneously across different repositories, each isolated in its own worktree.

From the companion app, developers can monitor session progress, review diffs inline, leave feedback mid-task, and open pull requests without context-switching. Custom instructions, MCP servers, and plugins all carry over from the main VS Code environment automatically.

For teams running complex multi-repo projects or parallel feature branches, this changes the calculus on how much AI-driven work can run concurrently.

Autopilot Mode โ€” Public Preview

Autopilot is the other major 1.115 story. This new permission mode lets agents approve their own tool calls, auto-retry on errors, and run to task completion without requiring human sign-off at each step. Developers can now choose from three permission levels per session โ€” Default, Bypass Approvals, and Autopilot โ€” giving fine-grained control over agent autonomy.

Combined with nested subagents (subagents can now invoke other subagents via chat.subagents.allowInvocationsFromSubagents), this opens the door to genuinely complex multi-step workflows that were previously impractical.

Terminal, Chat, and Codebase Improvements

The 1.115 release also ships several quality-of-life improvements worth noting:

  • A new send_to_terminal tool lets agents interact with background terminals โ€” useful when a foreground terminal times out on an SSH prompt or long-running process.
  • A /troubleshoot slash command analyzes agent debug logs to diagnose unexpected behavior in past sessions.
  • #codebase semantic search now runs against a single auto-managed index, eliminating the split between local and remote indexing for faster, more consistent results.
  • Image and video attachments are now supported in Copilot Chat, with a full carousel review UI for agents to return visual confirmation of changes.
  • A new Chat Customizations Editor consolidates instructions, custom agents, skills, and plugins into a single interface with in-editor MCP and plugin marketplace browsing.

Copilot Cloud Agent Gets Practical

Fix Merge Conflicts in Three Clicks

GitHub added a Fix with Copilot button to pull request pages. Click it, and Copilot cloud agent (formerly “coding agent”) resolves the conflicts in its own cloud dev environment, verifies the build and tests still pass, and pushes the result. No manual resolution required.

The same @copilot mention in PR comments also handles failing Actions workflows, code review feedback, and arbitrary code changes on request. For high-velocity teams, this turns merge conflict resolution from a context-switch tax into a background task.

Validation Suite Now 20% Faster

Copilot cloud agent’s validation tools โ€” CodeQL, GitHub Advisory Database, secret scanning, and Copilot code review โ€” now run in parallel rather than sequentially, cutting validation time by 20%. The agent still attempts to self-heal any issues before requesting human review. Which tools run is configurable per repository under Settings โ†’ Copilot โ†’ Cloud agent.

Cloud Agent on GitHub Mobile

The GitHub Mobile app now surfaces the full cloud agent workflow: codebase research, implementation planning, branch-based code changes, diff review, and PR creation โ€” all from a phone. Available now on iOS and Android.

Remote CLI Sessions โ€” Public Preview

Copilot CLI v1.0.25 ships a --remote flag (or /remote within an active session) that streams your terminal session to GitHub in real time. A shareable link and QR code are generated; from any browser or the GitHub Mobile app you can monitor progress, send steering messages, switch between plan/interactive/autopilot modes, approve permission requests, and respond to ask_user prompts โ€” all synced live back to the terminal.

For distributed teams, this is a meaningful change. Developers can kick off long-running agent tasks locally, step away, and supervise from a phone or another machine without maintaining an active SSH session.

Enterprise note: Business and Enterprise admins must explicitly enable both the Remote Control and CLI policies in organization settings before this feature is accessible. It’s off by default.

This release also adds guided MCP server installation from a registry directly within the CLI, no terminal gymnastics required.

FedRAMP Moderate and Data Residency โ€” Now Generally Available

This is the enterprise story of the week. GitHub Copilot now supports regional data processing in US and EU geographies, keeping all inference and associated data within the designated region. US government customers additionally get FedRAMP Moderate authorization across model infrastructure, covering agent mode, inline suggestions, chat, PR summaries, code review, and Copilot CLI.

Available models at launch: GPT-5.4, Claude Sonnet 4.6, and Claude Opus 4.6. Gemini models are excluded pending GCP data-resident endpoint support.

There is a cost to this: data-resident and FedRAMP requests carry a 10% model multiplier premium. Admins must opt in via enterprise/organization Copilot settings โ€” it’s not automatic.

For organizations in regulated industries or those navigating public sector procurement, this removes a major blocker to Copilot adoption.

BYOK for Copilot Business and Enterprise

Bring Your Own Key is now available for Business and Enterprise users in VS Code Chat. Developers can supply keys from OpenRouter, Ollama, Google, OpenAI, Azure OpenAI, Anthropic, and OpenAI-compatible endpoints. Setting COPILOT_OFFLINE=true routes all traffic to the configured provider, enabling air-gapped deployments. Admins must enable the BYOK policy in GitHub.com’s Copilot settings before members can add keys.

Privacy, Limits, and Service Notes

Training Data Opt-Out Deadline: April 24

Starting April 24, 2026, GitHub will use Copilot interaction data (prompts, suggestions, acceptances, rejections, edits) for model training for individual users โ€” opted in by default. Business and Enterprise customers are explicitly excluded from this policy under their existing agreements. Individual users can opt out at Settings > Copilot > Features > Privacy before the deadline.

Copilot Pro Trials Paused

GitHub paused all Copilot Pro free trials on April 10 โ€” including trials already in progress โ€” citing a significant rise in abuse. Affected users can switch to Copilot Free or upgrade to a paid plan. No timeline for resumption was provided.

New Usage Limits and Opus 4.6 Fast Retirement

New capacity limits are rolling out progressively to address high-concurrency strain on shared infrastructure. Simultaneously, Opus 4.6 Fast has been retired for Copilot Pro+ users; GitHub recommends Opus 4.6 or Auto mode as alternatives. These changes affect consumer Pro+ plans only โ€” enterprises on managed plans are unaffected.

Model Selection Expands

GitHub now lets you select a specific model when kicking off tasks with the Claude or Codex third-party cloud agents on github.com โ€” Claude Sonnet/Opus 4.5โ€“4.6 for Claude, GPT-5.2-Codex through GPT-5.4 for Codex. Included in existing subscriptions; Business/Enterprise admins must enable the relevant policy first.

Security Platform: Free Risk Assessment and More

Code Security Risk Assessment โ€” Generally Available

Organization admins and security managers now have a free Code Security Risk Assessment under Security > Assessments. It surfaces vulnerability counts by severity, language, and rule type โ€” with explicit callouts for alerts fixable by Copilot Autofix โ€” and identifies high-impact repositories to prioritize remediation. No GHAS license required.

OIDC for Dependabot and Code Scanning โ€” GA

OIDC authentication is now GA for Dependabot and code scanning registries, covering AWS CodeArtifact, Azure DevOps Artifacts, and JFrog Artifactory โ€” eliminating long-lived secrets in Dependabot workflows for these registry types.

What to Watch

  • April 24 privacy deadline โ€” Individual Copilot users should review and set their training data opt-out preferences before GitHub’s new policy takes effect. Communicate this to any developers on personal plans in your org.
  • VS Code Agents companion app adoption โ€” Autopilot mode and parallel agent sessions represent a meaningful shift in how agentic development workflows get structured. Worth piloting on a team before broad rollout.
  • Remote CLI governance โ€” The --remote flag is a powerful capability, but it’s also a new governance surface. Enterprise admins should evaluate the Remote Control policy and its implications before enabling it organization-wide.
  • FedRAMP and data residency rollout โ€” If your organization is in a regulated industry or pursuing public sector contracts, the time to evaluate Copilot’s FedRAMP compliance posture is now.

Check back next week for the latest on GitHub Copilot โ€” and if you’re evaluating enterprise AI agent adoption, Big Hat Group can help you navigate governance, compliance, and deployment strategy.