OpsPilot AI — VS Code Extension

Enterprise DevOps Copilot built on Azure AI Foundry (GPT-4.1).
Submit infrastructure tasks, enforce policy gates, and manage multi-level approvals — all from inside VS Code.

What This Extension Does

OpsPilot AI connects VS Code to the OpsPilot backend API. You describe a DevOps task in plain English. The agent plans it, validates it, runs a dry-run simulation, checks policy, and either executes it or routes it through an approval workflow — depending on the environment and risk level.

Data Flow

You type a task in VS Code
        ↓
OpsPilot Extension
        ↓
POST /agent/run  →  PlannerAgent
                        ↓
                   ValidatorAgent  (blocks dangerous patterns)
                        ↓
                   PolicyEngine    (calculates approvals needed)
                        ↓
                   SimulationEngine (dry-run: terraform plan / kubectl --dry-run)
                        ↓
              requires approval?
              /                  \
            YES                   NO
             ↓                     ↓
   VS Code dialog            Task completed
   Approve / Reject          notification
             ↓
   POST /approval/approve
             ↓
        Execution

Approval Rules

Environment	Action	Approvals Required
dev	any	0
qa	apply / deploy	1
prod	apply / deploy	1
prod	destroy	2

Requirements

OpsPilot API running at http://localhost:8000
Azure AI Foundry credentials configured in the API

Start the API before using the extension:

cd /path/to/opspilot-ai
.venv/bin/uvicorn api.main:app --host 0.0.0.0 --port 8000 --reload

Setup

1. Set your password

Cmd+Shift+P → OpsPilot: Set Password

Enter your OpsPilot password. It is stored securely in VS Code's built-in secret store — never written to disk or settings files.

Default credentials:

Username: admin@opspilot.dev
Password: admin123

2. Verify the API is reachable

Cmd+Shift+P → OpsPilot: Check API Health

You should see: OpsPilot API: ok — v1.0.0

3. Run your first task

Cmd+Shift+P → OpsPilot: Run DevOps Task

Type your task in plain English
Select the target environment (dev, qa, prod)
The extension shows a progress notification while the agent runs
If approval is required, a dialog appears immediately — you can approve or reject inline

Commands

All commands are available via Cmd+Shift+P:

Command	Description
OpsPilot: Set Password	Save your API password to VS Code's secret store
OpsPilot: Check API Health	Verify the API is running and show its version
OpsPilot: Run DevOps Task	Submit a task and handle the full agent pipeline
OpsPilot: Approve Pending Action	Approve a specific pending action by its ID
OpsPilot: Reject Pending Action	Reject a specific pending action by its ID
OpsPilot: View Sessions	Open the Sessions panel in the sidebar

Click the OpsPilot AI icon in the activity bar (left sidebar) to open two panels:

Sessions — recent task sessions with their current status (simulated, pending_approval, executed)
Pending Approvals — actions waiting for approval, showing the action description and ID

Example Tasks

Type these into OpsPilot: Run DevOps Task:

deploy the payment service                    → kubernetes apply  (dev: runs immediately)
scale the api pods to 5 replicas              → kubernetes scale  (dev: runs immediately)
run terraform plan on the staging environment → terraform plan    (any env: runs immediately)
deploy the auth service to production         → kubernetes apply  (prod: requires 1 approval)
destroy the staging infrastructure            → terraform destroy (prod: requires 2 approvals)

Settings

Configure via Cmd+, → search OpsPilot:

Setting	Default	Description
`opspilot.apiUrl`	`http://localhost:8000`	URL of the OpsPilot API server
`opspilot.username`	`admin@opspilot.dev`	Username for API authentication
`opspilot.defaultEnvironment`	`dev`	Default environment shown in task picker

To point the extension at a remote API:

Cmd+, → search opspilot.apiUrl
Change to your server URL, e.g. https://opspilot.yourcompany.com

Approval Workflow

When a task requires approval, VS Code shows a dialog:

Task requires 2 approval(s). Risk: HIGH
[ Approve ]  [ Reject ]  [ Dismiss ]

Approve — submits your approval immediately
Reject — cancels the action
Dismiss — closes the dialog; the action stays pending and can be approved later via OpsPilot: Approve Pending Action

For the second approval (prod destroy requires 2), a second user must log in with their own credentials and approve using the same approval ID.

Security

Passwords are stored in VS Code's SecretStorage — encrypted on disk by the OS keychain
JWT tokens are held in memory only and cleared when you change the password
All API calls use Bearer token authentication
The extension makes no outbound network calls except to your configured opspilot.apiUrl

Troubleshooting

"Run 'OpsPilot: Set Password' first"
→ Run Cmd+Shift+P → OpsPilot: Set Password and enter your password before running any other command.

"OpsPilot error: connect ECONNREFUSED"
→ The API is not running. Start it with:

.venv/bin/uvicorn api.main:app --host 0.0.0.0 --port 8000 --reload

"OpsPilot error: Auth failed"
→ Wrong username or password. Check opspilot.username in settings and re-run OpsPilot: Set Password.

Command shows wrong prompt
→ Reload VS Code: Cmd+Shift+P → Developer: Reload Window

Publisher

Anirudh Deshmukh — marketplace.visualstudio.com/publishers/anirudhdeshmukh

Source code: github.com/anirudhdeshmukh/opspilot-ai

OpsPilot AI

anirudhdeshmukh