Understanding agents, invocation, handoffs, and subagents
Understanding agents, invocation, handoffs, and subagents
Custom agents are the most powerful customization mechanism in GitHub Copilotβs stack. While prompt files provide reusable commands and instruction files set persistent rules, agents do something fundamentally different β they change who the model is. When you switch to a custom agent, youβre not just giving the model new instructions. Youβre replacing its identity, restricting its tools, and defining how it should approach every subsequent interaction.
This article explains agents conceptually: what they are, why they exist as a separate mechanism, how invocation and handoff patterns work, and how subagent delegation enables complex multi-step workflows. For the practical how-to of writing agent files, see How to structure content for Copilot agent files. For designing orchestration prompts that coordinate agents, see How to design orchestrator prompts.
Table of contents
- π― What agents are β and what theyβre not
- ποΈ How agents override the identity layer
- π .agent.md vs AGENTS.md: two different worlds
- π Invocation techniques
- π€ Handoffs: multi-agent workflows
- π Subagent delegation
- π The orchestrator pattern
- β οΈ Boundaries and limitations
- π― Conclusion
- π References
π― What agents are β and what theyβre not
A custom agent is a specialized AI persona stored as an .agent.md file. Each agent defines:
- A specific role or expertise β security reviewer, planner, implementer, documentation writer
- Restricted tool access β what the agent can and canβt do
- Specialized instructions β how the agent should approach tasks
- Optional model preference β which LLM to use for this agent
- Optional handoffs β transitions to other agents
Agents vs. other customization types
The key distinction is persistence and identity:
| Mechanism | What it does | Persistence | Identity change |
|---|---|---|---|
| Prompt files | Injects a task into the user prompt | One request only | No β the model stays βitselfβ |
| Instruction files | Injects rules into the system prompt | Every matching request | No β adds rules without changing identity |
| Agents | Overrides the system promptβs identity layer | Every request until switched | Yes β the model becomes the agent |
When you invoke a prompt file, the model is still βGitHub Copilot, a helpful AI programming assistantβ β it just has an extra task to complete. When you switch to a custom agent, the model becomes that agent. It adopts the agentβs persona, follows its workflow, and restricts itself to the agentβs declared tools.
Why agents exist
Agents exist because some tasks require more than new instructions β they require a different mindset:
- A planning agent should think before acting, research thoroughly, and produce a structured plan. It shouldnβt impulsively edit files.
- An implementation agent should focus on execution β editing files, running tests, fixing errors. It shouldnβt spend time philosophizing about architecture.
- A security review agent should be skeptical, thorough, and restrictive. It should look for vulnerabilities, not help write features.
Instruction files can suggest these behaviors, but they canβt enforce them. An instruction that says βdonβt edit filesβ is guidance the model might ignore under pressure. An agent that only has codebase and problems tools literally canβt edit files β the capability isnβt available.
ποΈ How agents override the identity layer
Recall the prompt assembly architecture: the system prompt is built in six layers, with the agent definition at layer 6 (the final layer). When a custom agent is active, its body content replaces the default identity:
Without custom agent: With custom agent:
βββββββββββββββββββββββββββ ββββββββββββββββββββββββββββ
β Layer 1: Core identity β β Layer 1: Core identity β
β Layer 2: Model rules β β Layer 2: Model rules β
β Layer 3: Tool schema β β Layer 3: Tool schema β
β Layer 4: Output format β β Layer 4: Output format β
β Layer 5: Instructions β β Layer 5: Instructions β
β Layer 6: (empty) β β Layer 6: AGENT PERSONA β
βββββββββββββββββββββββββββ β "You are a security β
β auditor. Analyze..." β
ββββββββββββββββββββββββββββThe agent body acts as a full behavioral override. It doesnβt just add information β it tells the model who it is and how it should operate. This is why well-designed agents feel like working with a specialist rather than a general-purpose assistant.
Tool restriction as capability control
The agentβs tools: field in YAML frontmatter controls what runtime tools become available. This is capability control, not just guidance:
| Agent role | Typical tools | What this prevents |
|---|---|---|
| Planning/research agent | codebase, problems, changes |
Canβt edit files, canβt run commands |
| Implementation agent | codebase, editor, filesystem, terminal |
Full access (appropriate for implementation) |
| Review agent | codebase, problems, usages |
Canβt modify code, can only analyze |
| Documentation agent | codebase, editor |
Can read and write, but canβt execute |
π .agent.md vs AGENTS.md: two different worlds
A common source of confusion is the difference between .agent.md files and AGENTS.md files. Despite similar names, they serve fundamentally different purposes:
| Aspect | .agent.md files |
AGENTS.md files |
|---|---|---|
| Purpose | Define VS Code chat personas | Provide instructions to the GitHub Copilot Coding Agent |
| Location | .github/agents/*.agent.md |
Anywhere in repository (commonly root or per-folder) |
| Platform | VS Code only (v1.106+) | GitHub.com, VS Code, Visual Studio |
| Execution | Interactive β runs locally in IDE | Asynchronous β runs on GitHub, creates PRs |
| Tool control | β
Full control via tools field |
β No tool configuration |
| Handoffs | β Workflow transitions between agents | β Not supported |
| Model selection | β
Via model field |
β Platform-determined |
When to use which
.agent.mdβ for interactive development workflows in VS Code: planning, reviewing, implementing, documentingAGENTS.mdβ for the GitHub Copilot Coding Agent that works on issues asynchronously and creates pull requests- Alternative filenames:
CLAUDE.md,GEMINI.mdwork as model-specific alternatives toAGENTS.md
π Invocation techniques
Agents can be invoked through three distinct mechanisms, each suited to different situations.
Direct selection (user-initiated)
The simplest invocation: the user selects an agent from the agent picker in Copilot Chat. This switches the active persona for all subsequent messages until the user switches again.
When to use: When the user intentionally wants to work with a specialist β βI need to plan this featureβ (select the planner agent).
The agents property (subagent routing)
An agentβs YAML can declare which other agents itβs allowed to invoke as subagents:
---
name: orchestrator
agents:
- researcher
- implementer
- reviewer
tools: ['agent', 'codebase', 'editor']
---The agents property accepts:
- An array of agent names β only these agents are available as subagents
*β all agents are available[](empty array) β no subagent access
When to use: When building orchestrator agents that delegate to specialist agents. The agents property lets you control which specialists are available, preventing uncontrolled delegation chains.
The runSubagent tool (programmatic delegation)
The model itself can decide to spawn a subagent at runtime using the runSubagent tool. This is the mechanism behind the agents property β when an agent has tools: ['agent'], the model gains access to runSubagent and can invoke it when it determines delegation would help.
When to use: You donβt call runSubagent directly. Itβs available to the model when you include agent in the agentβs tools list. The model decides when delegation is beneficial based on its instructions and the current task.
π€ Handoffs: multi-agent workflows
Handoffs enable orchestrating sequential workflows between agents. Unlike subagent delegation (where one agent spawns another in an isolated context), handoffs transfer control β the conversation moves from one agent to another, with the user reviewing and approving each transition.
How handoffs work
A handoff is declared in the agentβs YAML frontmatter:
---
name: architect
description: Plans implementation approach
handoffs:
- label: Start Implementation
agent: implementer
prompt: "Implement the plan outlined above."
send: false # false = user reviews before sending
---When the architect agent completes its task, the user sees a βStart Implementationβ button. Selecting it starts a new conversation with the implementer agent, pre-filled with the handoff prompt.
Handoff properties
| Property | Description | Required |
|---|---|---|
label |
Button text shown to the user | Yes |
agent |
Target agent name | Yes |
prompt |
Message to pre-fill for the target agent | No |
send |
Auto-send (true) or let user review (false) |
No (default: true) |
Handoffs vs. subagents
The choice between handoffs and subagents depends on workflow visibility and control:
| Aspect | Handoffs | Subagents |
|---|---|---|
| Control flow | Sequential β user approves each step | Delegated β main agent manages internally |
| User visibility | High β button prompts at each transition | Low β collapsed tool call |
| Context | New conversation (fresh context) | Isolated child context |
| Use case | Multi-phase workflows (plan β implement β review) | Focused subtasks within a single workflow |
| Communication | Explicit user transitions | Internal agent-to-agent |
| Orchestration | User-driven | Agent-driven |
Common handoff patterns
1. Linear pipeline (plan β implement β review):
Architect β [Start Implementation] β Implementer β [Review Code] β Reviewer2. Branching decision:
Triage Agent β [Quick Fix] β Fixer Agent
β [Deep Analysis] β Analyst Agent
β [Escalate] β Senior Reviewer Agent3. Iterative loop:
Implementer β [Run Tests] β Tester β [Fix Issues] β Implementerπ Subagent delegation
A subagent is an independent AI agent that performs focused work in its own isolated context window and returns a summary to the main agent. The main agent stays in control, receiving condensed results without the noise of the subagentβs intermediate processing.
Why isolation matters
Each subagent gets a fresh context window. It doesnβt inherit the main agentβs conversation history, tool call results, or accumulated context. This isolation provides three benefits:
- Focus. The subagent works on exactly one task without being distracted by other context.
- Scalability. The main agentβs context window stays lean β it gets a summary, not the full transcript.
- Parallelism. Independent subtasks can run concurrently in separate context windows.
How subagent execution works
Main Agent (orchestrator)
β
ββ Sends task prompt βββ Subagent A
β ββ Gets its own context window
β ββ Runs tools autonomously
β ββ Returns summary βββ Main Agent
β
ββ Sends task prompt βββ Subagent B (can run in parallel)
β ββ Gets its own context window
β ββ Runs tools autonomously
β ββ Returns summary βββ Main Agent
β
ββ Incorporates results β Continues with next stepKey characteristics
| Aspect | Behavior |
|---|---|
| Context isolation | Each subagent starts with a clean context window β no inherited conversation history |
| Synchronous execution | The main agent waits for subagent results before continuing |
| Parallel support | VS Code can spawn multiple subagents concurrently when tasks are independent |
| Tool inheritance | By default, subagents inherit the main sessionβs model and tools |
| Custom agent override | When using a custom agent as subagent, its tools, model, and instructions override defaults |
| Result format | Only the subagentβs final result returns β not intermediate tool calls |
Subagents vs. new sessions
Subagents maintain a relationship with the parent agent β they do focused work and report back. Creating a new chat session creates an entirely separate conversation with no connection:
| Aspect | Subagent | New session |
|---|---|---|
| Relationship | Child β reports results back | Independent β no connection |
| Context | Isolated but linked via task prompt | Completely separate |
| Coordination | Main agent synthesizes results | Manual user coordination |
| Use case | Delegating part of a larger task | Starting unrelated work |
Controlling subagent visibility
Two agent properties control subagent behavior:
user-invokable: false β Hides the agent from the agent picker. Use this for agents that should only be invoked as subagents, never directly by users:
---
name: code-analyzer
user-invokable: false
tools: ['codebase', 'problems']
---disable-model-invocation: true β Prevents the model from automatically invoking this agent as a subagent. The agent is only invoked when explicitly named in an agents array or by user selection:
---
name: dangerous-migrator
disable-model-invocation: true
tools: ['editor', 'terminal']
---π The orchestrator pattern
The orchestrator pattern combines agents, handoffs, and subagents into a coordinated system where a central coordinator decomposes complex tasks and delegates to specialists.
Conceptual architecture
βββββββββββββββββββββββββββββββββββββββββββββββ
β ORCHESTRATOR AGENT β
β βββ Receives user request β
β βββ Decomposes into subtasks β
β βββ Delegates to specialists β
β βββ Synthesizes results β
β βββ Reports summary to user β
βββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β Research β β Implementβ β Review β β
β β Agent β β Agent β β Agent β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β
β Each specialist: β
β β’ Has its own context window β
β β’ Uses only its declared tools β
β β’ Returns a focused summary β
βββββββββββββββββββββββββββββββββββββββββββββββWhy orchestrators work
The orchestrator pattern mirrors how effective human teams work: a project manager decomposes a task, assigns specialists, and synthesizes their results. The AI equivalent provides:
- Separation of concerns β each agent focuses on what it does best
- Context management β the orchestratorβs context stays lean because subagent details are summarized
- Tool safety β research agents canβt accidentally edit files; implementation agents have clear write permissions
- Scalability β adding a new capability means adding a new specialist, not rewriting the orchestrator
When to use orchestration
| Scenario | Orchestration worthwhile? |
|---|---|
| Simple code edit | No β use a single agent or inline chat |
| Feature implementation with research | Maybe β depends on complexity |
| Multi-step refactoring across files | Yes β separate analysis from implementation |
| Full project setup with testing | Yes β planning, scaffolding, testing are distinct concerns |
| Security audit with remediation | Yes β review and fix are different expertises |
For practical guidance on designing orchestrator prompts, see How to design orchestrator prompts. For subagent implementation details, see How to design subagent orchestrations.
β οΈ Boundaries and limitations
Current limitations
- VS Code only. Custom agents (
.agent.md) work in VS Code 1.106+. Visual Studio doesnβt support them for chat. - Experimental subagent support. The
agentsproperty and custom agent subagent invocation are experimental and may change. - No cross-agent memory. Agents donβt share state between sessions. Each session starts fresh.
- Handoff context loss. Handoffs start new conversations β the target agent doesnβt automatically get the full context of the previous agentβs work.
Best practices
- Design agents with the principle of least privilege. Give each agent only the tools it needs for its role.
- Use
user-invokable: falsefor specialist subagents that shouldnβt appear in the agent picker. - Keep agent instructions focused. A 200-line agent body is harder for the model to follow than a 50-line one.
- Test handoff workflows end-to-end. Verify that each transition provides enough context for the next agent to continue.
π― Conclusion
Agents are GitHub Copilotβs most powerful customization mechanism because they change the modelβs identity, not just its instructions. The ecosystem provides three invocation patterns (direct selection, the agents property, and runSubagent), two workflow patterns (handoffs for user-controlled transitions, subagents for agent-controlled delegation), and the orchestrator pattern for coordinating complex multi-step tasks.
Key takeaways
- Agents override the identity layer of the system prompt β they change who the model is
- Tool restriction in agents provides true capability control, not just guidance
.agent.mdis for VS Code chat personas;AGENTS.mdis for the async GitHub Coding Agent- Handoffs transfer control with user approval β ideal for multi-phase workflows
- Subagents delegate with context isolation β ideal for focused subtasks within a larger workflow
- The orchestrator pattern combines these mechanisms for scalable, multi-agent systems
Next steps
- How to structure content for Copilot agent files β practical guide to writing
.agent.mdfiles - How to design orchestrator prompts β designing the coordinator in orchestration patterns
- How to design subagent orchestrations β implementing delegation with
runSubagent - Understanding skills, hooks, and lifecycle automation β complementary mechanisms that extend agent capabilities
π References
VS Code Copilot Customization Overview [π Official] Microsoftβs comprehensive guide covering custom agents, their file format, tool configuration, and handoff workflows. The authoritative source for .agent.md specification.
VS Code Agent Mode Documentation [π Official] Documentation for Agent mode in VS Code β autonomous file editing, plan mode integration, and multi-step workflows.
How to write a great AGENTS.md [π Verified Community] Official GitHub blog post analyzing 2,500+ agent files. Covers the six core areas: commands, testing, project structure, code style, git workflow, and boundaries.
VS Code v1.106 Release Notes [π Official] November 2024 release that stabilized custom agents, introduced handoff workflows, and added the target field.
VS Code v1.107 Release Notes [π Official] December 2024 release introducing Agent HQ, background agents, work tree isolation, and enhanced agent session management.