New public preview features in Copilot code review: AI reviews that see the full picture

[Akash1134]

The Copilot code review (CCR) experience just leveled up. We’re blending LLM detections, agentic tool calling, and deterministic engines like ESLint and CodeQL so your AI reviewer understands the whole codebase, spots the important stuff, and hands fixes straight to the Copilot coding agent. The result? Reviews that feel collaborative, trustworthy, and fast.

Rich context with tool calling 🧰

CCR now uses agentic tool calling to gather full project context—source files, directory structure, references, and more—before it weighs in. That deeper knowledge means feedback that’s precise, relevant, and grounded in how your change fits into the bigger picture.

💡 Why it matters: Less generic noise, more “oh wow, that’s useful.” You ship cleaner code with fewer back-and-forths.

Video demo coming soon

Deterministic detections meet LLM insight 🕵️‍♀️

We’ve woven CodeQL and leading linters (starting with ESLint) into CCR. Now your AI reviewer fuses semantic reasoning with battle-tested rule engines to surface high-signal findings for quality and maintainability.

💡 Why it matters: Critical issues get caught and explained clearly. Only GitHub delivers CodeQL-powered insights directly inside AI reviews.

Video demo coming soon

Seamless handoff to the Copilot coding agent 🤝

Ready for fixes? Mention @copilot in your pull request and CCR will hand suggested changes to the Copilot coding agent, which automatically applies them in a stacked PR. You just review and merge.

💡 Why it matters: Fewer manual edits, fewer review cycles, more time for the problems that actually need you.

Video demo coming soon

Customizable workflows & editor availability 🛠️

CCR already supports customizable instructions and multi-editor workflows, and now these new detections slot right in. Define standards in instructions.md or copilot-instructions.md—whether you care about tests, performance, or readability—and CCR will enforce them across VS Code, Visual Studio, JetBrains IDEs, Xcode, and github.com.

💡 Why it matters: Your team’s voice and priorities guide every review, no matter where you work.

Getting started 🚀

Tool calling and deterministic detections are in public preview and enabled by default for Copilot Pro and Copilot Pro Plus users. Copilot Business and Copilot Enterprise customers can opt in via the Copilot code review policies in admin settings.

Join the conversation below and tell us how CCR is changing your review flow.

Disclaimer: The UI for features in public preview is subject to change.

[BOLT04]

hi @Akash1134 , this seems like an incredible release 🙂 !! I'm curious to learn more about the "Deterministic detections meet LLM insight", about the CodeQL analysis, does this work for all users that have CCR enabled? I was under the impression for private repos, we only have this if we pay for GitHub Advanced Security.

Btw, the "implement suggestion" to coding agent is really handy 💯

[eshwer]

does this work for all users that have CCR enabled?

This is on by default for all Copilot Pro / Plus users and is enabled through a policy for Copilot Business and Enterprise users.

Policy for reference:

[eshwer]

Btw, the "implement suggestion" to coding agent is really handy 💯

Amazing!

[vtjballeng]

Is this active or do we need to sign up for the preview? If we need to sign up, where is that link or option?

[eshwer]

This is on by default for all Copilot Pro / Plus users and is enabled through a policy for Copilot Business and Enterprise users.

[jlandure]

Is this working also with AGENTS.md standard?
Thanks!

[eshwer]

Not yet but on our roadmap! I recommend using /NAME-instructions.md files in the meantime

[jlandure]

Keep me posted!

[Scopesource]

hi, the keynote talk seemed to suggest its all live but I cant find it anywhere... any help please?

[eshwer]

This is on by default for all Copilot Pro / Plus users and is enabled through a policy for Copilot Business and Enterprise users.

[mdryden]

We ended up opting out of the Preview features in Copilot Review for two reasons:

1. "Implement with copilot" is too much when it's a simple thing like "remove this extra blank line". We missed the option to simply commit the suggestion.
2. The actions that were kicking off to do the review were timing out on the CodeQL run. We're using C#, and that portion of the run would time out after 9 minutes. The additional checks meant that the copilot feedback took much longer to appear in the PR, and consumed 10+ action minutes on each review request.

I'd love to see the simple "commit this suggestion" come back under the new model, and I'd like to see some control over what additional things happen such as CodeQL checks.

[weshaggard]

We are also hitting timeouts on the codeql jobs in our repo.

[eshwer]

Are you still getting reviews (excluding CodeQL)? Or is the entire review failing?

[weshaggard]

We are getting reviews but the codeql job is being cancelled and shows up as such on our PRs and blocks merging because we ensure all checks are passing.

[eshwer]

@weshaggard do you have branch protection rules or repository rulesets configured for the repo, and can you share the exact text or screenshot of those rules?

[weshaggard]

Yes, we have branch protection enabled, and we have one required status check that ensures that all other triggered checks pass before allowing the PR to merge. This check is seeing one job cancelled (see logs for example https://github.com/Azure/azure-sdk-for-net/actions/runs/19348953097/job/55356175324#step:2:26) and that job is the codeql job from the coding agent.

[Yuri05]

Very nice - but please add an option for disabling of CodeQL in Copilot PR reviews.

We usually have a dedicated CodeQL (advanced) GH action for this, so running CodeQL in a Copilot PR review in addition to the CodeQL-action only slows down the review without providing any additional benefit.

Thank you!

[eshwer]

That is coming soon!!

[Yuri05]

Great - thank you!

[kajtzu]

The 9 minute max run time is too short for a large Java project (~ 2 M LOC with gradle). It would be nice if it could be changed to longer somehow.

[eshwer]

Noted! I'll share this back with the team. What is an acceptable run time? In your opinion.

[kajtzu]

I have no idea since it has never competed yet :) it is fine if it takes 20 minutes assuming it creates real value for the developers.

[justincgould]

Hi, will the ESLint implementation respect our custom .eslintrc if found?

[eshwer]

Not to start. Is that something you are interested in?

In the meantime, we are planning on adding configurations to allow you to enable/disable ESLint if you have your own ESLint implementation.

[matei-stellarator]

At the moment we are encountering a few problems with the CodeQL analysis (go) Job:

• Timeouts after 9 minutes or so - is there any way to manually specify a timeout at the moment (today, THU 13 NOV 2025)?
• go + git with private module dependencies - is there any way to configure git in order to make this work?
  Currently getting the classic errors:

 exit status 128: fatal: could not read Username for 'https://github.com/': terminal prompts disabled Confirm the import path was entered correctly. If this is a private repository, see https://golang.org/doc/faq#git_https for additional information. 

In our standard workflows we can do this using:

git config --global url."https://username:${TOKEN}@github.com/orgname".insteadOf "https://github.com/orgname" 

Not sure if/how we can do the same for the CodeQL analysis (go) Job or if it even is possible - any suggestions?

• In the docs for the Copilot Coding Agent there is a mention of a .github/workflows/copilot-setup-steps.yml file that can be usedfor running Copilot setup steps - https://docs.github.com/en/enterprise-cloud@latest/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment - would that file be imported / used by the Copilot Code Review CodeQL analysis (go) Job as well?

[eshwer]

• There is not a way to specify a timeout today, though it is something we will explore.
• Same for private module dependencies, we are looking into this now. Thank you for the feedback on it!

[vmourac-vtex]

Hi, will CodeQL analysis should I expect the quality of the review to increase only in terms of security issues being detected or will it be able to increase the overall quality of reviews and suggestions?

[eshwer]

In its current form, it is increasing the types of detections we can make. Over time, as we add more grouping mechanisms, it will also increase the quality of the suggestions made by Copilot.

[vmourac-vtex]

Can a Custom Agent (org or repo level) be assigned to a task when Implement with Copilot is clicked by a user? If so, do we have any visibility about what custom agent was used?

[eshwer]

Not today, but that is a great idea! I'll discuss it with the team.