A practical guide to deploying GitHub Copilot SDK applications in production, covering two key areas: authentication strategies and observability. Authentication options include service account tokens, per-user GitHub OAuth flows, and BYOK (Bring Your Own Key) with OpenAI, Azure AI Foundry, or Anthropic. For observability, the post explains session-level metrics using hooks, tool call tracing, and context compaction monitoring. It also covers the SDK's built-in OpenTelemetry support with W3C trace context propagation, showing how to enable distributed tracing with a single config line and route spans to backends like Jaeger, Grafana, or Azure Monitor. The post concludes with a comprehensive pre-deployment checklist covering architecture, session state, authentication, observability, and resilience.
Table of contents
Authentication in productionObservabilityBuilt-in OpenTelemetry supportDeployment checklistWhat's nextSort: