Introduction

March 2026 marked the change for VS Code releases with them moving to weekly stable releases. Three releases shipped in the month: v1.111 - v1.113. The features across these three releases are heavily focused on agent autonomy, security, and customisation. I have been using the Insiders build on my personal device as usual, so some of these have been part of my workflow for a few weeks already.

Autopilot and Agent Permissions

The headline feature is a new permissions picker in the Chat view that lets you control how much autonomy the agent has per session. Three levels are available:

Default Approvals uses your configured approval settings. Tools that require approval show a confirmation dialog before they run, which is the existing behaviour.

Bypass Approvals auto-approves all tool calls without showing confirmation dialogs and automatically retries on errors. This removes the friction of clicking “approve” repeatedly during a long implementation session.

Autopilot (Preview) goes further. It auto-approves all tool calls, automatically retries on errors, auto-responds to questions, and the agent continues working autonomously until the task is complete. Behind the scenes, the agent stays in control and iterates until it signals completion by calling a task_complete tool.

Agent-Scoped Hooks (Preview)

Custom agent frontmatter now supports agent-scoped hooks that run only when you select a specific agent or when it is invoked via runSubagent. Agent-scoped hooks let you attach pre- and post-processing logic to a specific agent without side effects elsewhere.

To create an agent-scoped hook, you define it in the hooks section of the YAML frontmatter of your .agent.md file. The feature requires the chat.useCustomAgentHooks setting to be enabled.

Debug Events Snapshot

To help troubleshoot agent behaviour, you can now attach a snapshot of agent debug events as context in chat using #debugEventsSnapshot. This lets you ask the agent about loaded customisations, token consumption, or to diagnose why an agent is not behaving as expected.

MCP Server Sandboxing

is the standout here. On macOS and Linux, locally running stdio MCP servers can now be sandboxed to restrict file system and network access. Enable it with "sandboxEnabled": true in the MCP server configuration, and VS Code prompts for permissions as the server requests them. This matters because MCP servers run with the same permissions as the editor itself, so sandboxing adds a meaningful layer of protection without breaking existing workflows.

Integrated Browser Debugging

VSCodes Integrated Browser had an update in recent releases, but now you can also start debugging sessions within VSCode. Allowing breakpoints, variable inspection, and step-through debugging directly in VS Code without switching to a separate DevTools window.

Reading Images and Binary Data files

Agents can now read image files and binary data natively, which opens up workflows like analysing screenshots or inspecting build artefacts.

MCP support in Copilot CLI & Claude agents

MCP configurations carry over from the VS Code editor to the terminal. Previously, CLI sessions felt disconnected from the editor’s agent configuration, meaning MCP tools set up in VS Code were not available when working in the terminal.

Nested subagents

chat.subagents.allowInvocationsFromSubagents allows subagents to invoke other subagents, enabling more complex multi-step workflows. I can see this being valuable for orchestrating tasks that span multiple domains, such as a deployment agent that invokes a security scanning agent before proceeding.

Chat Customisations editor (Preview)

VS Code now provides a centralised interface for managing instructions, prompts, agents, and skills with syntax highlighting and AI-powered generation of initial content. This gives a central place to see all markdown files being used and makes it easier editing JSON and markdown files scattered across different directories.

Key Takeaways

• Autopilot gives agents full autonomy for well-scoped tasks, with Bypass Approvals as a sensible middle ground for day-to-day work
• MCP server sandboxing adds meaningful security for locally running MCP servers without breaking existing workflows
• Nested subagents enable complex, multi-step workflows that span different domains
• The Chat Customisations editor simplifies managing the growing set of agent configuration files
• Weekly stable releases close the gap between Insiders and Stable, which matters given the pace of change in agent features
• Edit Mode is deprecated and will be fully removed in v1.125

Further Resources

• VS Code March 2026 Release Notes (v1.111)
• VS Code February 2026 Release (v1.110)
• Autopilot and Agent Permissions Documentation
• Agent-scoped Hooks Documentation
• Debugging Chat Interactions