Typespec Create Api Plugin

Name: Typespec Create Api Plugin
Author: github

github/awesome-copilot

Scaffold a Microsoft 365 Copilot TypeSpec API plugin with REST operations, auth, and Adaptive Cards from your external API.

Overview

typespec-create-api-plugin is an agent skill for the Build phase that generates TypeSpec API plugin files for Microsoft 365 Copilot with REST operations and agent wiring.

Install

npx skills add https://github.com/github/awesome-copilot --skill typespec-create-api-plugin

What is this skill?

Generates main.tsp agent definition with @agent, @instructions, and operation references
Produces actions.tsp with @service, @actions, @route, @get/@action REST ops, and response models
Uses @microsoft/typespec-m365-copilot plus OpenAPI3 HTTP imports
Documents optional @useAuth for protected APIs and server base URL binding
Structured for Adaptive Cards and human/model-facing action metadata
Two-file layout: main.tsp agent definition and actions.tsp API operations

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 8.4k installs on skills.sh; 34.6k GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You need a Microsoft 365 Copilot plugin but lack a correct TypeSpec layout for agents, actions, and REST bindings.

Who is it for?

Indie builders adding a Copilot agent that calls an existing or planned REST API on Microsoft 365.

Skip if: Teams not targeting M365 Copilot, pure OpenAPI-only APIs with no Copilot agent, or production deploy without human review of auth and routes.

When should I use this skill?

You need to generate a TypeSpec API plugin with REST operations, authentication, and Adaptive Cards for Microsoft 365 Copilot.

What do I get? / Deliverables

You get main.tsp and actions.tsp stubs with decorators, namespaces, and operation signatures ready to customize and compile for Copilot.

main.tsp agent namespace with @agent and operation references
actions.tsp service namespace with routed operations and response models

Recommended Skills

Microsoft Foundrymicrosoft/azure-skills

Microsoft Foundry skill guides agents through the full Azure AI Foundry lifecycle—containerizing agents, pushing to ACR,…377k installs·1.2k stars

Azure Aimicrosoft/azure-skills

azure-ai is a Prism-oriented quick reference for Microsoft Azure AI work, with the published body centered on the Azure …375k installs·1.2k stars

Azure Hosted Copilot Sdkmicrosoft/azure-skills

Azure Hosted Copilot SDK is Microsoft's entry skill for repos using @github/copilot-sdk—it detects CopilotClient usage, …346k installs·1.2k stars

Lark Eventlarksuite/cli

Lark real-time subscription skill via lark-cli event consume for building bots and streaming webhook-style agent workers…208k installs·13.7k stars

Running Claude Code Via Litellm Copilotxixu-me/skills

Running Claude Code via LiteLLM Copilot walks through pointing Claude Code at a local LiteLLM proxy that forwards Anthro…200k installs·61 stars

Setup Matt Pocock Skillsmattpocock/skills

One-time per-repo setup so Matt Pocock engineering skills share correct issue tracker, triage strings, and domain docume…180k installs·121k stars

Journey fit

Primary fit

BuildIntegrations & version control

Copilot plugin authoring is product integration work done while building the agent surface that talks to your REST backend. TypeSpec packages wire M365 Copilot agents to external HTTP APIs—the canonical integrations shelf for agent builders.

Also useful

BuildAgent skills & templates

How it compares

Use as a TypeSpec/Copilot scaffold generator instead of generic OpenAPI codegen that omits M365 Copilot agent decorators.

Common Questions / FAQ

Who is typespec-create-api-plugin for?

Solo and indie developers building Microsoft 365 Copilot integrations who want agent-ready TypeSpec files generated in a standard two-file pattern.

When should I use typespec-create-api-plugin?

During Build integrations when you are defining a Copilot API plugin—after you know your REST base URL and operations and before you register or test the plugin in M365.

Is typespec-create-api-plugin safe to install?

Treat it like any community skill: review the Security Audits panel on this Prism page and inspect generated auth and server URLs before publishing plugins.

SKILL.md

READMESKILL.md - Typespec Create Api Plugin

# Create TypeSpec API Plugin

Create a complete TypeSpec API plugin for Microsoft 365 Copilot that integrates with external REST APIs.

## Requirements

Generate TypeSpec files with:

### main.tsp - Agent Definition
```typescript
import "@typespec/http";
import "@typespec/openapi3";
import "@microsoft/typespec-m365-copilot";
import "./actions.tsp";

using TypeSpec.Http;
using TypeSpec.M365.Copilot.Agents;
using TypeSpec.M365.Copilot.Actions;

@agent({
  name: "[Agent Name]",
  description: "[Description]"
})
@instructions("""
  [Instructions for using the API operations]
""")
namespace [AgentName] {
  // Reference operations from actions.tsp
  op operation1 is [APINamespace].operationName;
}
```

### actions.tsp - API Operations
```typescript
import "@typespec/http";
import "@microsoft/typespec-m365-copilot";

using TypeSpec.Http;
using TypeSpec.M365.Copilot.Actions;

@service
@actions(#{
    nameForHuman: "[API Display Name]",
    descriptionForModel: "[Model description]",
    descriptionForHuman: "[User description]"
})
@server("[API_BASE_URL]", "[API Name]")
@useAuth([AuthType]) // Optional
namespace [APINamespace] {
  
  @route("[/path]")
  @get
  @action
  op operationName(
    @path param1: string,
    @query param2?: string
  ): ResponseModel;

  model ResponseModel {
    // Response structure
  }
}
```

## Authentication Options

Choose based on API requirements:

1. **No Authentication** (Public APIs)
   ```typescript
   // No @useAuth decorator needed
   ```

2. **API Key**
   ```typescript
   @useAuth(ApiKeyAuth<ApiKeyLocation.header, "X-API-Key">)
   ```

3. **OAuth2**
   ```typescript
   @useAuth(OAuth2Auth<[{
     type: OAuth2FlowType.authorizationCode;
     authorizationUrl: "https://oauth.example.com/authorize";
     tokenUrl: "https://oauth.example.com/token";
     refreshUrl: "https://oauth.example.com/token";
     scopes: ["read", "write"];
   }]>)
   ```

4. **Registered Auth Reference**
   ```typescript
   @useAuth(Auth)
   
   @authReferenceId("registration-id-here")
   model Auth is ApiKeyAuth<ApiKeyLocation.header, "X-API-Key">
   ```

## Function Capabilities

### Confirmation Dialog
```typescript
@capabilities(#{
  confirmation: #{
    type: "AdaptiveCard",
    title: "Confirm Action",
    body: """
    Are you sure you want to perform this action?
      * **Parameter**: {{ function.parameters.paramName }}
    """
  }
})
```

### Adaptive Card Response
```typescript
@card(#{
  dataPath: "$.items",
  title: "$.title",
  url: "$.link",
  file: "cards/card.json"
})
```

### Reasoning & Response Instructions
```typescript
@reasoning("""
  Consider user's context when calling this operation.
  Prioritize recent items over older ones.
""")
@responding("""
  Present results in a clear table format with columns: ID, Title, Status.
  Include a summary count at the end.
""")
```

## Best Practices

1. **Operation Names**: Use clear, action-oriented names (listProjects, createTicket)
2. **Models**: Define TypeScript-like models for requests and responses
3. **HTTP Methods**: Use appropriate verbs (@get, @post, @patch, @delete)
4. **Paths**: Use RESTful path conventions with @route
5. **Parameters**: Use @path, @query, @header, @body appropriately
6. **Descriptions**: Provide clear descriptions for model understanding
7. **Confirmations**: Add for destructive operations (delete, update critical data)
8. **Cards**: Use for rich visual responses with multiple data items

## Workflow

Ask the user:
1. What is the API base URL and purpose?
2. What operations are needed (CRUD operations)?
3. What authentication method does the API use?
4. Should confirmations be required for any operations?
5. Do responses need Adaptive Cards?

Then generate:
- Complete `main.tsp` with agent definition
- Complete `actions.tsp` with API operations and models
- Option

What is this skill?

Generates main.tsp agent definition with @agent, @instructions, and operation references

Produces actions.tsp with @service, @actions, @route, @get/@action REST ops, and response models

Uses @microsoft/typespec-m365-copilot plus OpenAPI3 HTTP imports

Documents optional @useAuth for protected APIs and server base URL binding

Structured for Adaptive Cards and human/model-facing action metadata

Two-file layout: main.tsp agent definition and actions.tsp API operations

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 8.4k installs on skills.sh; 34.6k GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

BuildIntegrations & version control

Also useful

BuildAgent skills & templates

SKILL.md

READMESKILL.md - Typespec Create Api Plugin

# Create TypeSpec API Plugin

Create a complete TypeSpec API plugin for Microsoft 365 Copilot that integrates with external REST APIs.

## Requirements

Generate TypeSpec files with:

### main.tsp - Agent Definition
```typescript
import "@typespec/http";
import "@typespec/openapi3";
import "@microsoft/typespec-m365-copilot";
import "./actions.tsp";

using TypeSpec.Http;
using TypeSpec.M365.Copilot.Agents;
using TypeSpec.M365.Copilot.Actions;

@agent({
  name: "[Agent Name]",
  description: "[Description]"
})
@instructions("""
  [Instructions for using the API operations]
""")
namespace [AgentName] {
  // Reference operations from actions.tsp
  op operation1 is [APINamespace].operationName;
}
```

### actions.tsp - API Operations
```typescript
import "@typespec/http";
import "@microsoft/typespec-m365-copilot";

using TypeSpec.Http;
using TypeSpec.M365.Copilot.Actions;

@service
@actions(#{
    nameForHuman: "[API Display Name]",
    descriptionForModel: "[Model description]",
    descriptionForHuman: "[User description]"
})
@server("[API_BASE_URL]", "[API Name]")
@useAuth([AuthType]) // Optional
namespace [APINamespace] {
  
  @route("[/path]")
  @get
  @action
  op operationName(
    @path param1: string,
    @query param2?: string
  ): ResponseModel;

  model ResponseModel {
    // Response structure
  }
}
```

## Authentication Options

Choose based on API requirements:

1. **No Authentication** (Public APIs)
   ```typescript
   // No @useAuth decorator needed
   ```

2. **API Key**
   ```typescript
   @useAuth(ApiKeyAuth<ApiKeyLocation.header, "X-API-Key">)
   ```

3. **OAuth2**
   ```typescript
   @useAuth(OAuth2Auth<[{
     type: OAuth2FlowType.authorizationCode;
     authorizationUrl: "https://oauth.example.com/authorize";
     tokenUrl: "https://oauth.example.com/token";
     refreshUrl: "https://oauth.example.com/token";
     scopes: ["read", "write"];
   }]>)
   ```

4. **Registered Auth Reference**
   ```typescript
   @useAuth(Auth)
   
   @authReferenceId("registration-id-here")
   model Auth is ApiKeyAuth<ApiKeyLocation.header, "X-API-Key">
   ```

## Function Capabilities

### Confirmation Dialog
```typescript
@capabilities(#{
  confirmation: #{
    type: "AdaptiveCard",
    title: "Confirm Action",
    body: """
    Are you sure you want to perform this action?
      * **Parameter**: {{ function.parameters.paramName }}
    """
  }
})
```

### Adaptive Card Response
```typescript
@card(#{
  dataPath: "$.items",
  title: "$.title",
  url: "$.link",
  file: "cards/card.json"
})
```

### Reasoning & Response Instructions
```typescript
@reasoning("""
  Consider user's context when calling this operation.
  Prioritize recent items over older ones.
""")
@responding("""
  Present results in a clear table format with columns: ID, Title, Status.
  Include a summary count at the end.
""")
```

## Best Practices

1. **Operation Names**: Use clear, action-oriented names (listProjects, createTicket)
2. **Models**: Define TypeScript-like models for requests and responses
3. **HTTP Methods**: Use appropriate verbs (@get, @post, @patch, @delete)
4. **Paths**: Use RESTful path conventions with @route
5. **Parameters**: Use @path, @query, @header, @body appropriately
6. **Descriptions**: Provide clear descriptions for model understanding
7. **Confirmations**: Add for destructive operations (delete, update critical data)
8. **Cards**: Use for rich visual responses with multiple data items

## Workflow

Ask the user:
1. What is the API base URL and purpose?
2. What operations are needed (CRUD operations)?
3. What authentication method does the API use?
4. Should confirmations be required for any operations?
5. Do responses need Adaptive Cards?

Then generate:
- Complete `main.tsp` with agent definition
- Complete `actions.tsp` with API operations and models
- Option

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is typespec-create-api-plugin for?

When should I use typespec-create-api-plugin?

Is typespec-create-api-plugin safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is typespec-create-api-plugin for?

When should I use typespec-create-api-plugin?

Is typespec-create-api-plugin safe to install?

SKILL.md