From zero to a governed Copilot session in under 2 minutes.
Open a terminal in your project directory and run:
npx @ntdev204/copilot-kit initThe CLI downloads the latest .github/ configuration from GitHub and extracts it into your project.
After init completes, reload VS Code so Copilot picks up the new instructions file:
Ctrl+Shift+P → Developer: Reload WindowOpen GitHub Copilot Chat (Ctrl+Shift+I) and try a request that exercises the risk engine:
Refactor the authentication module to use JWT tokens instead of session cookiesYou'll notice Copilot now responds with a structured risk assessment before making any changes — this is the AGF L2 (Elevated) mode in action.
Ask Copilot something low-risk to see FLUID mode in action:
What is the difference between map() and forEach() in JavaScript?The response is concise and direct — no risk headers, no checklists. The Risk Engine scored this L0 Trivial and entered FLUID mode automatically.
Use the @agent syntax to explicitly invoke a specialist:
@security-auditor Review this API endpoint for vulnerabilities:
app.post('/login', (req, res) => {
const { username, password } = req.body
db.query(`SELECT * FROM users WHERE username='{username}'...`)
})You can override the strictness mode at any time during a conversation:
go fluid # Switches to FLUID mode (no governance headers)
standard+ # Switches to STANDARD+ (structured output)
lockdown # Switches to LOCKDOWN (maximum safety)What just happened?
init, which placed 45 skills, 11 rules, 8 prompts, and 12 agent modes into your .github/ directory. GitHub Copilot now reads .github/copilot-instructions.md on every request and applies the full AGF governance system automatically.Next: understand the internals