microsoft · ultmaster · Sep 2, 2025 · Aug 15, 2025 · Aug 18, 2025 · Aug 18, 2025
diff --git a/docs/vscode/configuration.md b/docs/vscode/configuration.md
@@ -48,9 +48,13 @@ The following settings mainly control the language model used for POML testing f
 }
 ```
 
-**Options:** `openai`, `openaiResponse`, `microsoft`, `anthropic`, `google`
+**Options:** `vscode`, `openai`, `openaiResponse`, `microsoft`, `anthropic`, `google`
 **Default:** `openai`
 
+!!! note
+
+    If you have GitHub Copilot enabled in VS Code, you can set this to `vscode` to use VS Code's Language Model API. The API URL and API Key settings will be ignored in this case.
+
 ### Model Name
 
 ```json
@@ -59,9 +63,12 @@ The following settings mainly control the language model used for POML testing f
 }
 ```
 
-**Default:** `gpt-4o`  
+**Default:** `gpt-4o`
+
 For Azure OpenAI, use the deployment name. For other providers, use the model code name.
 
+For GitHub Copilot in VS Code, the model name will be used as the family name to select the model. See [this guide](https://code.visualstudio.com/api/extension-guides/ai/language-model) for explanations of model families.
+
 ### Temperature
 
 ```json

diff --git a/examples/110_code_review.poml b/examples/110_code_review.poml
@@ -0,0 +1,26 @@
+<!-- POML example for code review with educational comments -->
+<poml>
+  <!-- The role tag defines the AI assistant's expertise and perspective -->
+  <role>You are a senior software engineer with expertise in Python, web security, and best practices.</role>
+
+  <!-- The task tag specifies what the AI should do -->
+  <task>Review the provided Python Flask application for security vulnerabilities, performance issues, and code quality.</task>
+
+  <!-- The document tag includes external files. The parser attribute specifies how to read the file -->
+  <code inline="false" lang="python">
+    <document src="assets/110_sample_code.py" parser="txt" />
+  </code>
+
+  <!-- Use paragraphs to provide additional context or instructions -->
+  <p>Focus on security vulnerabilities, performance optimizations, and Python best practices.</p>
+
+  <!-- The output-format tag structures the expected response -->
+  <output-format>
+    Provide a structured code review with:
+    <list listStyle="decimal">
+      <item>Critical security issues</item>
+      <item>Performance improvements</item>
+      <item>Code quality suggestions</item>
+    </list>
+  </output-format>
+</poml>
diff --git a/examples/assets/110_sample_code.py b/examples/assets/110_sample_code.py
@@ -0,0 +1,85 @@
+import hashlib
+import sqlite3
+
+from flask import Flask, render_template_string, request
+
+app = Flask(__name__)
+
+
+# Database connection
+def get_db():
+    conn = sqlite3.connect("users.db")
+    return conn
+
+
+@app.route("/login", methods=["POST"])
+def login():
+    username = request.form["username"]
+    password = request.form["password"]
+
+    # Security issue: SQL injection vulnerability
+    query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
+
+    conn = get_db()
+    cursor = conn.cursor()
+    cursor.execute(query)
+    user = cursor.fetchone()
+
+    if user:
+        # Security issue: password stored in plain text
+        return f"Welcome {username}!"
+    else:
+        return "Invalid credentials"
+
+
+@app.route("/search")
+def search():
+    query = request.args.get("q", "")
+
+    # Security issue: XSS vulnerability
+    template = f"<h1>Search Results for: {query}</h1>"
+    return render_template_string(template)
+
+
+@app.route("/admin")
+def admin_panel():
+    # Security issue: No authentication check
+    conn = get_db()
+    cursor = conn.cursor()
+    cursor.execute("SELECT * FROM users")
+    users = cursor.fetchall()
+
+    # Performance issue: Loading all users at once
+    return str(users)
+
+
+def process_data(data):
+    result = []
+    # Performance issue: Inefficient nested loops
+    for i in range(len(data)):
+        for j in range(len(data)):
+            if data[i] == data[j] and i != j:
+                result.append(data[i])
+    return result
+
+
+class UserManager:
+    def __init__(self):
+        self.users = []
+
+    def add_user(self, name, email, password):
+        # Maintainability issue: No input validation
+        user = {"name": name, "email": email, "password": password}  # Security issue: storing plain password
+        self.users.append(user)
+
+    def find_user(self, email):
+        # Performance issue: Linear search
+        for user in self.users:
+            if user["email"] == email:
+                return user
+        return None
+
+
+if __name__ == "__main__":
+    # Security issue: Debug mode in production
+    app.run(debug=True, host="0.0.0.0")
diff --git a/examples/expects/110_code_review.txt b/examples/expects/110_code_review.txt
@@ -0,0 +1,108 @@
+===== human =====
+
+# Role
+
+You are a senior software engineer with expertise in Python, web security, and best practices.
+
+# Task
+
+Review the provided Python Flask application for security vulnerabilities, performance issues, and code quality.
+
+```python
+import hashlib
+import sqlite3
+
+from flask import Flask, render_template_string, request
+
+app = Flask(__name__)
+
+
+# Database connection
+def get_db():
+    conn = sqlite3.connect("users.db")
+    return conn
+
+
+@app.route("/login", methods=["POST"])
+def login():
+    username = request.form["username"]
+    password = request.form["password"]
+
+    # Security issue: SQL injection vulnerability
+    query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
+
+    conn = get_db()
+    cursor = conn.cursor()
+    cursor.execute(query)
+    user = cursor.fetchone()
+
+    if user:
+        # Security issue: password stored in plain text
+        return f"Welcome {username}!"
+    else:
+        return "Invalid credentials"
+
+
+@app.route("/search")
+def search():
+    query = request.args.get("q", "")
+
+    # Security issue: XSS vulnerability
+    template = f"<h1>Search Results for: {query}</h1>"
+    return render_template_string(template)
+
+
+@app.route("/admin")
+def admin_panel():
+    # Security issue: No authentication check
+    conn = get_db()
+    cursor = conn.cursor()
+    cursor.execute("SELECT * FROM users")
+    users = cursor.fetchall()
+
+    # Performance issue: Loading all users at once
+    return str(users)
+
+
+def process_data(data):
+    result = []
+    # Performance issue: Inefficient nested loops
+    for i in range(len(data)):
+        for j in range(len(data)):
+            if data[i] == data[j] and i != j:
+                result.append(data[i])
+    return result
+
+
+class UserManager:
+    def __init__(self):
+        self.users = []
+
+    def add_user(self, name, email, password):
+        # Maintainability issue: No input validation
+        user = {"name": name, "email": email, "password": password}  # Security issue: storing plain password
+        self.users.append(user)
+
+    def find_user(self, email):
+        # Performance issue: Linear search
+        for user in self.users:
+            if user["email"] == email:
+                return user
+        return None
+
+
+if __name__ == "__main__":
+    # Security issue: Debug mode in production
+    app.run(debug=True, host="0.0.0.0")
+
+```
+
+Focus on security vulnerabilities, performance optimizations, and Python best practices.
+
+# Output Format
+
+Provide a structured code review with: 
+
+1. Critical security issues
+2. Performance improvements
+3. Code quality suggestions
diff --git a/package.json b/package.json
@@ -246,13 +246,15 @@
           "type": "string",
           "description": "Language Model Provider",
           "enum": [
+            "vscode",
             "openai",
             "openaiResponse",
             "microsoft",
             "anthropic",
             "google"
           ],
           "enumItemLabels": [
+            "VS Code LM (GitHub Copilot)",
             "OpenAI Chat Completion",
             "OpenAI Response API",
             "Azure OpenAI",