Synchronize GitHub Copilot skills, hooks, agents, and instructions between a GitLab repository and your local workspace.
Features
GitLab Panel (remote)
Displays all four item types from the configured common GitLab project and group projects, grouped by type: Agents, Hooks, Instructions, Skills.
Each section loads independently and in parallel — one section failing does not block the others.
Section headers show a live count / loading spinner / error badge while fetching.
Fetch (⬇) — download a remote item and all its files into your local workspace.
Preview (👁) — open a rich Markdown preview of the item's main file without downloading.
Refresh (↺) — manually reload all sections from GitLab.
Local Panel (workspace)
Lists all items found in the workspace under .github/{skills,hooks,agents,instructions}/, grouped by type.
Item icons match the remote panel and are tinted by sync status (green = up-to-date, orange = modified, etc.).
Push (⬆) — upload local item files to the GitLab common project as a Merge Request.
Open — open the item's main file in a Markdown side-by-side preview.
Delete (🗑) — remove the item from your local workspace (with confirmation).
Auto-refresh — panel updates automatically when workspace files change.
Item Types & File Conventions
Type
Local path
Main file
Skill
.github/skills/<name>/
SKILL.md
Hook
.github/hooks/<name>/
README.md
Agent
.github/agents/
<name>.agent.md (flat file)
Instruction
.github/instructions/
<name>.instructions.md (flat file)
Skills and Hooks are directory-based (may include additional support files alongside the main .md).
Agents and Instructions are single flat files.
Main files use YAML front-matter for the description shown in the UI:
---
description: 'A brief description shown in the UI'
---
# My Item
...
Authentication
Method
Description
Personal Access Token (PAT)
Paste your GitLab PAT in settings. Needs read_api, read_repository, write_repository scopes.
OAuth / SSO (PKCE)
Opens a browser to the GitLab OAuth page. A loopback server on 127.0.0.1:54321 captures the callback. Works with any SSO provider (Google, LDAP, GitHub, …) configured in your GitLab instance.
Local Git
Uses your local git installation and its credential manager / SSH keys. No API token is needed for clone/push; a PAT is still required for Merge Request creation via the API.
All tokens are stored in VS Code Secret Storage (OS keychain) — never in plain-text settings.
Setup
Install the extension and click the Skills Sync icon in the Activity Bar.
Click ⚙ Open Settings and configure:
Setting
Description
skillsSync.gitlab.endpoint
GitLab server URL, e.g. https://gitlab.example.com
skillsSync.gitlab.groupId
GitLab Group ID or path containing your projects
skillsSync.gitlab.commonProjectId
Project ID/path of the common items repo
skillsSync.gitlab.skillsBranch
Branch to read/write from (default: main)
skillsSync.local.basePath
Workspace-relative parent of the type directories (default: .github)
skillsSync.auth.method
pat | oauth | git
skillsSync.gitlab.personalAccessToken
Your PAT (PAT auth)
skillsSync.gitlab.oauthClientId
OAuth Application Client ID (OAuth auth)
skillsSync.gitlab.gitTransport
http or ssh (Git auth)
skillsSync.gitlab.sshPort
SSH port (default: 22)
skillsSync.gitlab.allowInsecure
Allow self-signed certificates (local dev only)
Click Sign In to GitLab (or skip if using Git auth — credentials are picked up automatically).
The GitLab panel populates with all four item type sections.
Local Development
npm install
npm run watch # incremental compile
# Press F5 in VS Code to launch Extension Development Host
Security Notes
OAuth callback server binds to 127.0.0.1 only and shuts down immediately after the token is received.
Tokens are never logged or written to disk in plain text.
All GitLab API calls pass credentials via request headers only — never in query strings.
Insecure TLS (allowInsecure) is opt-in and intended for local dev instances only.
