Copilot code review now utilizes a firewall, custom setup steps, and independent runner configurations. It now reads custom instructions from the head branch to allow for easy testing and validation of custom instructions. These changes give administrators and developers more control over how Copilot code review runs in their environment.

Expanding custom instructions, now easier to validate

Custom instructions are now read from the head branch of the pull request instead of the base branch. This includes copilot-instructions.md, *.instructions.md, agent skills, and AGENTS.md. This means you can iterate on and test custom instructions in a feature branch without needing to merge them first.

Copilot code review now reads REVIEW.md, GEMINI.md, and CLAUDE.md files from your repository, so your customizations are understood regardless of where they live. If your team already maintains review guidelines or model-specific instructions in these files, Copilot code review will automatically pick them up and incorporate them into its review process.

You can now configure the environment available to Copilot code review during runtime using a copilot-code-review.yml file in your .github/workflows/ directory. This lets you install dependencies, configure runners on the repository level independently of Copilot cloud agent, set up tooling, or run any preparation steps that Copilot code review needs to produce the reviews you desire for your repository.