Copilot Code Review for Azure DevOps
Automated pull request code reviews powered by the official GitHub Copilot CLI or Claude Code CLI. Get automated feedback on your PRs while leaving your code hosted in Azure DevOps repos.
Overview
This Azure DevOps extension provides a pipeline task that automatically reviews pull request code changes using GitHub Copilot or Claude Code. When triggered, the task:
- Fetches pull request details, changed files, and linked work item details from Azure DevOps
- Invokes the configured CLI agent (GitHub Copilot or Claude Code) to analyze the changes
- Posts review comments directly to the pull request
This brings AI-powered code review capabilities to Azure DevOps, helping teams improve code quality through AI-assisted reviews.
Prerequisites
This extension supports Windows and Linux Azure DevOps agents. Compatible with MS-hosted and self-hosted agents. Before using, ensure you have:
- AI Agent (one of the following):
- GitHub Copilot (default): An active GitHub Copilot subscription and a GitHub PAT with Copilot access permissions
- Claude Code: An Anthropic API key with access to Claude Code
- Azure DevOps Authentication (one of the following):
- System Access Token (Recommended): Use the pipeline's built-in OAuth token for Azure DevOps Services. Must grant permissions to Build Service Identity (see below).
- Personal Access Token: Required for Azure DevOps Server (on-prem) or if you prefer explicit token management. Needs permissions to read pull requests, write comments, and read code.
- PowerShell 7+: This extension requires PowerShell 7 or later (
pwsh) to be installed on the agent. PowerShell 7 is pre-installed on Microsoft-hosted agents.
Installation
- Install the extension from the Azure DevOps Marketplace
- Navigate to your Azure DevOps organization settings
- Go to Extensions and verify the extension is installed
Usage
Using System Access Token
The recommended approach for Azure DevOps Services uses the pipeline's built-in System Access Token and a personal access token for a GitHub account with Copilot access:
trigger: none
pool:
vmImage: 'ubuntu-latest' # or 'windows-latest'
steps:
- checkout: self
fetchDepth: 0
- task: CopilotCodeReview@1
displayName: 'Copilot Code Review'
inputs:
githubPat: '$(GITHUB_PAT)'
useSystemAccessToken: true
IMPORTANT: When using useSystemAccessToken, ensure the Build Service identity has "Contribute to pull requests" permission on your repository. See Granting Build Service Permissions below.
Using Personal Access Token
For Azure DevOps Server (on-prem) or if you prefer explicit token management:
trigger: none
pool:
vmImage: 'ubuntu-latest' # or 'windows-latest'
steps:
- checkout: self
fetchDepth: 0
- task: CopilotCodeReview@1
displayName: 'Copilot Code Review'
inputs:
githubPat: '$(GITHUB_PAT)'
azureDevOpsPat: '$(AZURE_DEVOPS_PAT)'
Using Claude Code CLI
To use Claude Code instead of GitHub Copilot, enable useClaudeCode and provide an Anthropic API key:
trigger: none
pool:
vmImage: 'ubuntu-latest' # or 'windows-latest'
steps:
- checkout: self
fetchDepth: 0
- task: CopilotCodeReview@1
displayName: 'Claude Code Review'
inputs:
useClaudeCode: true
anthropicApiKey: '$(ANTHROPIC_API_KEY)'
useSystemAccessToken: true
model: 'claude-sonnet-4-6'
maxTurns: '50'
maxBudget: '5.00'
NOTE: Claude Code CLI is installed automatically via npm install -g @anthropic-ai/claude-code. Node.js is available on all Azure DevOps agents. Output is streamed to the pipeline logs in real time.
Set Trigger
Use branch policies on your protected branches to specify the pipeline as a build validation that must finish before the PR can be completed:
With Custom Prompt
You can customize the review prompt to focus on aspects tailored to your needs:
- task: CopilotCodeReview@1
displayName: 'Copilot Code Review'
inputs:
githubPat: '$(GITHUB_PAT)'
useSystemAccessToken: true
prompt: |
Review this code focusing only on:
- Security vulnerabilities
- Performance bottlenecks
- Code simplification
Avoid lengthy explanations, keep comments concise and direct.
For longer custom prompts, create a .txt file in your repository and pass the file path as a task input:
- task: CopilotCodeReview@1
displayName: 'Copilot Code Review'
inputs:
githubPat: '$(GITHUB_PAT)'
useSystemAccessToken: true
promptFile: '$(Build.SourcesDirectory)/.copilot/review-prompt.txt'
IMPORTANT: If using a custom prompt, avoid including any double quotation marks (") as this will cause errors when passing the input to the Copilot CLI. Single quotes (') can be used instead and should not cause any issues.
Manual Trigger for Specific PR
If you don't want to setup an automatic trigger, you can instead set up a pipeline with a Pull Request ID parameter to run reviews on demand:
parameters:
- name: pullRequestId
displayName: 'Pull Request ID'
type: string
default: ''
trigger: none
pool:
vmImage: 'ubuntu-latest'
steps:
- checkout: self
fetchDepth: 0
- task: CopilotCodeReview@1
displayName: 'Copilot Code Review'
inputs:
githubPat: '$(GITHUB_PAT)'
useSystemAccessToken: true
pullRequestId: '${{ parameters.pullRequestId }}'
| Input |
Required |
Default |
Description |
githubPat |
Conditional |
- |
GitHub Personal Access Token with Copilot access. Required when using GitHub Copilot CLI (default). |
useClaudeCode |
No |
false |
Use Claude Code CLI (Anthropic) instead of GitHub Copilot CLI |
anthropicApiKey |
Conditional |
- |
Anthropic API key. Required when useClaudeCode is true. |
maxTurns |
No |
- |
Maximum agentic turns for Claude Code CLI |
maxBudget |
No |
- |
Maximum cost in USD for a Claude Code session |
useSystemAccessToken |
No |
false |
Use pipeline's System.AccessToken instead of a PAT (recommended for Azure DevOps Services) |
azureDevOpsPat |
Conditional |
- |
Azure DevOps PAT for API access. Required if useSystemAccessToken is false. |
organization |
No |
$(System.CollectionUri) (inferred) |
Azure DevOps organization name for cloud-hosted teams |
collectionUri |
No |
$(System.CollectionUri) |
Azure DevOps collection URI for on-prem instances |
project |
No |
$(System.TeamProject) |
Azure DevOps project name |
repository |
No |
$(Build.Repository.Name) |
Repository name |
pullRequestId |
No |
$(System.PullRequest.PullRequestId) |
PR ID (auto-detected in PR builds) |
timeout |
No |
15 |
Timeout in minutes |
model |
No |
- |
Preferred model to use (see valid options below) |
promptFile |
No |
- |
Path to custom prompt file |
prompt |
No |
- |
Inline custom prompt (overrides promptFile) |
promptFileRaw |
No |
- |
(Advanced) Path to custom prompt file that will be passed as-is with no supportive direction. |
promptRaw |
No |
- |
(Advanced) Inline custom prompt that will be passed as-is with no supportive direction. |
authors |
No |
- |
Comma-separated list of email addresses to filter reviews (see below) |
includeWorkItems |
No |
true |
Fetch and include linked work item details as review context |
Copilot Models
As of April 2026, here are the model options supported by the GitHub Copilot CLI:
claude-sonnet-4.5 (default)claude-haiku-4.5claude-opus-4.5claude-sonnet-4gpt-5.2-codexgpt-5.2gpt-5.1-codex-maxgpt-5.1-codexgpt-5.1-codex-minigpt-5.1gpt-5gpt-5-minigpt-4.1gemini-3-pro-preview
Claude Code Models
As of April 2026, here are the model options supported by the Claude Code CLI:
| Alias |
Description |
default |
Recommended model setting, depending on your account type |
sonnet |
Uses the latest Sonnet model (currently Sonnet 4.6) for daily coding tasks |
opus |
Uses the latest Opus model (currently Opus 4.6) for complex reasoning tasks |
haiku |
Uses the fast and efficient Haiku model for simple tasks |
sonnet[1m] |
Uses Sonnet with a 1 million token context window for long sessions |
opus[1m] |
Uses Opus with a 1 million token context window for long sessions |
opusplan |
Special mode that uses opus during plan mode, then switches to sonnet for execution |
Aliases always point to the latest version. To pin to a specific version, use the full model name (for example, claude-opus-4-6).
Author Filtering
Use the authors input to limit code reviews to PRs created by specific users. This is useful when you want to:
- Only review code from certain team members (e.g. junior developers)
- Exclude automated bot PRs from review
- Limit Copilot usage to a subset of contributors
- Use separate prompts/models for certain team members
- task: CopilotCodeReview@1
displayName: 'Copilot Code Review'
inputs:
githubPat: '$(GITHUB_PAT)'
useSystemAccessToken: true
authors: 'alice@example.com, bob@example.com, charlie@example.com'
When configured:
- The task compares
$(Build.RequestedForEmail) against the provided email list
- If the PR author's email matches any in the list, the review proceeds normally
- If no match is found, the task completes successfully without running the code review
- Email comparison is case-insensitive
Setting Up Authentication
Option 1: System Access Token (Recommended)
The system access token is the Microsoft-recommended authentication method for Azure DevOps Services. It uses OAuth and requires no PAT management.
Granting Build Service Permissions
The Build Service identity needs permission to contribute to pull requests:
- Navigate to Repos
- From the repository dropdown, go to Manage repositories
- Go to the Security tab
- Find the [Project Name] Build Service ([Org Name]) identity
- Set Contribute to pull requests to Allow
TIP: If you don't see the Build Service identity, run a pipeline first to ensure it's been created.
Option 2: Personal Access Token
Create a personal access token:
- Navigate to User settings > Personal access tokens
- Click New token
- Click Show all scopes
- Create a new token with the following scopes:
- Code: Read
- Pull Request Threads: Read & Write
- Store the token as a secret variable in your Azure DevOps pipeline
NOTE: When using a PAT, PR comments will be attributed to the account that created the PAT. For large teams, consider using a dedicated service account.
GitHub Personal Access Token (for Copilot CLI)
- Go to GitHub Settings > Developer Settings > Personal Access Tokens
- Generate a new Fine-grained token with the following options:
- Repository access: Public
- Permission: Copilot Requests
- Store the token as a secret variable in your Azure DevOps pipeline
IMPORTANT: If your user account is part of a GitHub organization, ensure the organization admin goes to GitHub Policies > Copilot > Copilot CLI and sets the policy to Enabled everywhere
Anthropic API Key (for Claude Code CLI)
- Go to Anthropic Console
- Create an API key
- Store the key as a secret variable in your Azure DevOps pipeline (e.g.,
ANTHROPIC_API_KEY)
Storing Tokens in Azure DevOps
- Navigate to Pipelines > Library
- Create a new Variable Group or edit an existing one
- Add the relevant variables:
GITHUB_PAT (mark as secret) — for Copilot CLIANTHROPIC_API_KEY (mark as secret) — for Claude Code CLIAZURE_DEVOPS_PAT (mark as secret) — if not using System Access Token
- Link the variable group to your pipeline
Alternatively, you can create the pipeline first and then configure the pipeline-specific variables.
How It Works
- Install CLI Agent: The task ensures the configured CLI agent is installed on the build agent. GitHub Copilot CLI is installed via
winget (Windows) or the official install script (Linux). Claude Code CLI is installed via npm install -g @anthropic-ai/claude-code.
- Fetch PR Context: The task retrieves pull request metadata, existing comments, iteration details, and linked work item details via the Azure DevOps API
- Run Code Review: Using the PR context and local Git commands, the CLI agent analyzes the changes using the configured or default prompt
- Post Comments: Review findings are posted as comments on the pull request via the Azure DevOps API
Default Review Focus Areas
The default prompt instructs Copilot to focus on:
- Performance: Identifying inefficient code patterns
- Best Practices: Adherence to coding standards
- Reusability: Opportunities for code reuse
- Maintainability: Code clarity and documentation
- Simplification: Reducing complexity
- Security: Potential vulnerabilities
- Code Consistency: Style and pattern consistency
Limitations
- GitHub Copilot CLI: On Windows, requires
winget to be available. On Linux, requires curl and bash (standard on most systems). If using MS-hosted agents, these should be available by default.
- Claude Code CLI: Requires
npm to be available (pre-installed on all Azure DevOps agents). Requires an Anthropic API key.
- General Comments Only: Posts general PR comments (file-level inline comments not yet supported)
- Context Window: Very large PRs may exceed the agent's context limits
Troubleshooting
Task fails with "GitHub Copilot CLI not found"
- Windows: Ensure your agent can access
winget and has internet connectivity to install the Copilot CLI.
- Linux: Ensure
curl and bash are available, and the agent has internet connectivity to download from https://gh.io/copilot-install.
Task fails with "Claude Code CLI not found"
- Ensure
npm is available on the agent and the agent has internet connectivity to install @anthropic-ai/claude-code from npm.
- On self-hosted agents, ensure the agent user has permission to install global npm packages.
Authentication errors
Verify that:
- Your GitHub PAT has Copilot access
- If your user account is part of a GitHub organization, ensure the organization admin goes to GitHub Policies > Copilot > Copilot CLI and sets the policy to Enabled everywhere
- If using
azureDevOpsPat:
- Your Azure DevOps PAT has Code (Read) and Pull Request Threads (Read & Write) permissions
- The token is not expired
- If using
useSystemAccessToken:
- The Build Service identity has "Contribute to pull requests" permission on the repository
- Try explicitly mapping the
SYSTEM_ACCESSTOKEN environment variable:
- task: CopilotCodeReview@1
displayName: 'Copilot Code Review'
inputs:
githubPat: '$(GITHUB_PAT)'
useSystemAccessToken: true
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
Timeout errors
For large PRs, increase the timeout input value. The default is 15 minutes.
Check the pipeline logs for Copilot's analysis output and determine if the agent experienced connectivity issues when posting comments. Even if Copilot finds no issues, it should still post a single comment indicating the PR looks good when using the default prompt.
Contributing
Contributions are welcome! Please feel free to submit issues or pull requests on GitHub.
License
This project is licensed under GNU General Public License v3 - see the LICENSE file for details.
Support
For issues and feature requests, please use the GitHub Issues page.
Acknowledgments
Disclaimers
- This project is not affiliated with or endorsed by Azure, GitHub, Anthropic, or the Microsoft Corporation.
- All responses and interactions generated by GitHub Copilot or Claude Code remain subject to the probabilistic nature of the underlying LLM. As with all LLM-based interactions, there is a non-zero chance of unpredictable results. Use at your own discretion.
