Custom agent tool definitions not honored when Copilot CLI runs as a third-party agent in VS Code #304574
Description
When the Copilot CLI runs as a third-party agent inside VS Code, custom agents invoked as sub-agents do not receive the tools declared in their .agent.md definition files. The agents are restricted to a limited read-only set (file viewing only), regardless of what the tools property specifies.
The same agents work correctly when the CLI runs natively in the terminal, where they receive full access to their declared tools including GitHub MCP tools and terminal execution.
Steps to reproduce
- Define a custom agent in
~/.copilot/agents/with specific tools declared in the YAML frontmatter (e.g.,github/search_issues,read). - Start the Copilot CLI as a third-party agent inside VS Code.
- Ask the CLI to delegate a task to the custom agent.
- Observe that the sub-agent reports having only file-viewing tools (grep, glob, view) and cannot access its declared tools.
- Run the same agent from the CLI natively in the terminal. The agent receives all declared tools and works as expected.
Additional testing
- Removing the
toolsproperty entirely (which per the custom agents configuration docs enables all available tools) produces the same restricted behavior. - Setting Copilot Chat to "Bypass Approvals" permission level does not change the outcome. The sub-agent still only receives read-only file tools.
These results suggest the restriction is not related to tool naming, agent configuration, or permission settings, but to how VS Code mediates tool access for third-party agents.
Expected behavior
Custom agents invoked as sub-agents should receive the tools declared in their agent definition, regardless of whether the CLI is running natively or inside VS Code.
Actual behavior
The VS Code host restricts sub-agents to a limited read-only tool set, silently ignoring the tools property from the agent definition. No error or warning is surfaced.
Environment
- VS Code Insiders 1.113.0-insider
- OS: Linux x64 (WSL2)