COPILOT CLI 1.0.11 GOES MONOREPO‑AWARE AND ENFORCES MCP POLICIES; GITHUB PREVIEWS AI SECURITY DETECTIONS FOR IAC
GitHub shipped Copilot CLI 1.0.11 with monorepo-aware agent discovery and stricter MCP policy enforcement, and previewed AI-powered security detections in pull ...
GitHub shipped Copilot CLI 1.0.11 with monorepo-aware agent discovery and stricter MCP policy enforcement, and previewed AI-powered security detections in pull requests.
Copilot CLI v1.0.11 adds real monorepo support by discovering custom instructions, MCP servers, skills, and agents at every directory level up to the git root, plus a personal skills dir at ~/.agents/skills. It tightens governance with org-wide enforcement for third‑party MCP servers and clear warnings when policies block them, and fixes the model picker so models display correctly. Quality-of-life updates include per‑session working dirs with /cd, improved /new and /clear, merged extension hooks, OAuth fixes for MCP servers, and better terminal behavior.
Some users reported missing high‑end models in VS Code discussion; the 1.0.11 notes call out model picker fixes, which may address that symptom. In parallel, GitHub detailed AI‑powered detections in Code Security to complement CodeQL, expanding PR coverage to Shell/Bash, Dockerfiles, Terraform (HCL), and PHP with strong early feedback blog. If you want hands‑on agent patterns, Microsoft’s post on agentic platform engineering includes a runnable repo article.
Monorepo-aware agent discovery and stricter MCP governance make Copilot CLI safer and more usable at scale.
AI detections in PRs extend security coverage to Dockerfiles, Terraform, and scripts developers actually change.
-
terminal
In a monorepo, place skills/agents at nested paths and verify 1.0.11 discovers them; confirm per-session /cd restores dirs when switching sessions.
-
terminal
Enable AI-powered detections on a test repo and open PRs touching Dockerfiles/Terraform to measure precision vs. CodeQL-only baselines.
Legacy codebase integration strategies...
- 01.
Audit and align org allowlists for third‑party MCP servers before upgrading, or teams may see blocked agents.
- 02.
If developers saw missing models in VS Code, retest after 1.0.11 and document any remaining gaps tied to policy.
Fresh architecture paradigms...
- 01.
Design repos to co-locate reusable skills/agents by domain; rely on directory-level discovery instead of a single global config.
- 02.
Make PR-based security the default by combining CodeQL with AI detections for IaC and scripting languages.