Skip to content

Test: Copilot OTel Enterprise Policy #324133

Description

@zhichli

Refs: #298965 #323171

Complexity: 4

Authors: @zhichli

Create Issue


Companion TPI (MDM delivery): #324134

What it does

VS Code now consumes the GitHub Copilot /copilot_internal/managed_settings endpoint to apply enterprise OpenTelemetry (OTel) policy to both Copilot surfaces — the github.copilot.chat.otel.* extension settings and the chat.agentHost.otel.* agent-host settings — without introducing a new settings namespace. The managed telemetry.* block flows through the existing AccountPolicyService and respects the Account Policy Gate (the ChatApprovedAccountOrganizations allowlist).


Prerequisites

Important

You need an alternate GitHub account that is a member of the VSCodeTesting org and seated for Copilot Business/Enterprise.

Ping @zhichli if you need help

Sign out of your primary GitHub account in VS Code Insiders and sign in with the alt account.

The active policy lives in VSCodeTesting/.github-private/copilot/managed-settings.jsonread it to know what's currently configured, but don't edit it. You shouldn't need to edit it to get basic testing done.

Supported keys

Managed-setting key Type Example Policy
telemetry.enabled boolean true CopilotOtelEnabled
telemetry.endpoint string (uri) http://localhost:4318 CopilotOtelEndpoint
telemetry.protocol string http/json CopilotOtelProtocol, CopilotOtelOtlpProtocol
telemetry.captureContent boolean true CopilotOtelCaptureContent
telemetry.lockCaptureContent boolean true CopilotOtelCaptureContent
telemetry.serviceName string copilot-policy-smoke-test CopilotOtelServiceName
telemetry.resourceAttributes object {"deployment.environment":"local","service.namespace":"vscode-testing-policy","policy.source":"managed-settings"} CopilotOtelResourceAttributes
telemetry.headers object {"x-copilot-policy-test":"managed-settings","x-service-name":"copilot-policy-smoke-test"} CopilotOtelHeaders

Scenarios

Validate that the provided managed-keys configure the settings appropriately (use @hasPolicy):

Image

1. telemetry.enabled (CopilotOtelEnabled)

  • With telemetry.enabled: true synced, both github.copilot.chat.otel.enabled and chat.agentHost.otel.enabled show the "Managed by organization" badge and are locked on.
  • The user cannot turn OTel off via settings while it is managed.

2. telemetry.endpoint / telemetry.protocol (CopilotOtelEndpoint, CopilotOtelProtocol, CopilotOtelOtlpProtocol)

  • The OTLP endpoint and protocol settings are locked to the managed values on both surfaces.
  • A managed endpoint/protocol suppresses local file export (the outfile diversion is disabled), so telemetry can't be redirected to a local file.

3. telemetry.captureContent / telemetry.lockCaptureContent (CopilotOtelCaptureContent)

  • A managed captureContent value is authoritative and shows the managed badge.
  • With lockCaptureContent: true, the user cannot enable content capture themselves.

4. telemetry.serviceName / telemetry.resourceAttributes / telemetry.headers

  • serviceName, resourceAttributes, and headers reflect the managed values and show the managed badge.

How to debug

Developer: Policy Diagnostics is the primary diagnostic. It shows the raw managed_settings bag, the gate state, last fetch status, and the applied policy values for each CopilotOtel* policy (and which channel — Server / Native MDM / File — is winning each key).

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions