GitHub packed several Copilot changes into July 1 and July 2, 2026, and they fit together better than the individual changelog posts suggest. If your team uses Copilot in VS Code, the CLI, or enterprise-managed environments, this is the right rollout order: cap spend, choose routing defaults, lock governance, decide browser access, then turn on observability.
Step 1: Put a ceiling on agent spend first
GitHub shipped AI credit session limits for Copilot CLI and the Copilot SDK on July 1, with support in Copilot CLI 1.0.66+ and Copilot SDK 1.0.5+.
For interactive work:
/limits set max-ai-credits 120For scripts and scheduled runs:
copilot -p "review this repo for flaky tests" --max-ai-credits 120GitHub calls this a soft cap, so a response already in flight can finish and slightly exceed the number you set. That is still far better than finding out after the fact that an unattended agent burned through a large budget. If you run recurring automations, treat --max-ai-credits like a timeout flag and keep it in the command by default.
Step 2: Make Auto the normal path
GitHub also updated Copilot CLI auto model selection on July 1. According to GitHub, Auto weighs utilization, model health, task complexity, debugging difficulty, and tool orchestration needs before routing the request.
That makes Auto more than a convenience toggle. It is a routing layer that can move between cheaper and more capable models without making every developer think about model choice on every prompt. GitHub also documents a 10% discount on model costs while using auto model selection on paid Copilot plans.
A practical rule works well here:
- Use Auto for normal engineering work.
- Override the model for benchmarking, incidents, or cases where reproducibility matters.
- Review patterns where one specific model consistently outperforms Auto for your workload.
Step 3: Centralize defaults in managed-settings.json
For enterprise admins, July 1 brought the cleaner enforcement point. GitHub made enterprise managed-settings.json generally available and added the ability to default new conversations to Auto by setting model to auto.
{
"permissions": {
"disableBypassPermissionsMode": "disable",
"model": "auto"
}
}GitHub says this file lives in the source organization's .github-private repository at copilot/managed-settings.json, takes precedence over supported client file-based settings, and is currently enforced in VS Code and Copilot CLI for enterprise-issued Business and Enterprise licenses.
That gives you one place to standardize both approval behavior and starting model mode. It is a much stronger control than docs or onboarding checklists.
Step 4: Roll out browser tools with explicit sharing rules
Browser tools for GitHub Copilot in VS Code also went generally available on July 1. Agents can drive a real browser, inspect pages, click through flows, read content, collect console errors, and take screenshots.
The permission model is the important part. Pages you opened stay private until you explicitly select Share with Agent. Shared pages keep using your existing session, including cookies and login state. Pages the agent opens itself run in isolated ephemeral sessions, and sensitive permissions like camera, microphone, location, notifications, and clipboard reads still require explicit approval.
That means browser tools should be rolled out as a controlled workflow, not as a vague promise that Copilot can now browse the web.
Step 5: Enable streaming after the guardrails are in place
On July 2, GitHub put Copilot agent session streaming into public preview for GitHub Enterprise Cloud customers with enterprise managed users. It covers session activity across github.com cloud agents, Copilot CLI, VS Code, Visual Studio, and partner IDEs.
GitHub says you can stream prompts, responses, and tool calls to an event collector or SIEM, and the REST API can pull the last 48 hours of usage records on demand.
This is most useful after the first four controls are already set. At that point, streaming tells you whether real usage matches the policy you thought you rolled out.
What to do this week
- Update Copilot CLI and add
--max-ai-creditsto recurring tasks. - Make Auto the default for normal work, but document when to override it.
- Add enterprise
managed-settings.jsonso defaults stop drifting. - Pilot browser tools with a small group and teach the
Share with Agentmodel explicitly. - Turn on session streaming or the REST API once the first four controls are in place.
That is the practical lesson from GitHub's July 1-2 release cluster: Copilot is becoming easier to run as an engineering system instead of an ad hoc assistant.
References
- GitHub Changelog: Set AI credit session limits in Copilot CLI and SDK
- GitHub Docs: Setting an AI credit session limit in GitHub Copilot CLI
- GitHub Changelog: Copilot CLI auto model selection routes based on task
- GitHub Docs: About Copilot auto model selection
- GitHub Changelog: Enterprise managed-settings.json is generally available
- GitHub Docs: Configuring enterprise managed settings
- GitHub Changelog: Browser tools for GitHub Copilot in VS Code are generally available
- Visual Studio Code Docs: Integrated browser
- GitHub Changelog: Copilot agent session streaming is now in public preview
Image credit: cover photo "My Desk" by llimllib via Flickr / Openverse, licensed under CC BY-SA 2.0, [source](https://www.flickr.com/photos/64114626@N00/3679964891).
