From b7cde38ed5c7062f7f858cf1373e6fc56fb3cad1 Mon Sep 17 00:00:00 2001 From: Vanessa Date: Wed, 11 Mar 2026 17:19:51 +1000 Subject: [PATCH 1/6] Fast-follow CCA for Jira integration, add enable beta features step (#60153) --- .../integrate-coding-agent-with-jira.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-jira.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-jira.md index 691dfdd6c1ef..08ca64996484 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-jira.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-jira.md @@ -21,7 +21,9 @@ The {% data variables.product.prodname_copilot %} integration in Jira allows you ## Prerequisites * You must have a {% data variables.product.github %} account with access to {% data variables.product.prodname_copilot_short %} through {% data variables.copilot.copilot_pro_short %}, {% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_business_short %}, or {% data variables.copilot.copilot_enterprise_short %}. -* You must have a Jira Cloud account with [AI features enabled](https://support.atlassian.com/organization-administration/docs/activate-atlassian-intelligence-for-products). +* You must have a Jira Cloud account with the following AI features enabled for your organization: + * **Jira must be an AI-enabled app** and Rovo must be activated. See [Activate AI for apps](https://support.atlassian.com/organization-administration/docs/activate-atlassian-intelligence-for-products) in the Atlassian documentation. + * **Beta AI features** must be turned on. See [Control access to beta AI features](https://support.atlassian.com/organization-administration/docs/control-access-to-beta-ai-features/) in the Atlassian documentation. * Installation and authentication must be completed for both Jira and {% data variables.product.github %}. ## Installation @@ -77,9 +79,17 @@ The first time you use {% data variables.copilot.copilot_coding_agent %} in Jira Only users with **write** access to a repository can trigger {% data variables.copilot.copilot_coding_agent %} to work in that repository. +You can trigger {% data variables.copilot.copilot_coding_agent %} in three ways: + +* **Assign** {% data variables.product.prodname_copilot %} to a work item using the Assignee field. +* **Mention** `@{% data variables.product.prodname_copilot %}` in a comment on a work item. +* **Add {% data variables.product.prodname_copilot_short %} to a workflow transition** so it is triggered automatically when a work item moves to a specific status. See [Collaborate on work items with AI agents](https://support.atlassian.com/jira-software-cloud/docs/collaborate-on-work-items-with-ai-agents/#Add-an-agent-to-workflow-transitions) for setup instructions. + > [!NOTE] > When you assign {% data variables.product.prodname_copilot_short %} to a Jira work item, the context the agent captures from Jira will be added to the pull request and **visible to everyone** if the repository is public. +### Example: Triggering {% data variables.copilot.copilot_coding_agent %} from a Jira work item + 1. In Jira, open or create a work item that contains clear requirements you want to delegate to {% data variables.copilot.copilot_coding_agent %}. 1. To specify a repository you want {% data variables.product.prodname_copilot_short %} to work in, mention it in the work item description or in a comment. 1. Assign `{% data variables.product.prodname_copilot %}` to the work item, or mention `@{% data variables.product.prodname_copilot %}` in a comment. For example: @@ -109,6 +119,13 @@ For more information, see [AUTOTITLE](/billing/concepts/product-billing/github-c If you run into problems, try the following solutions. +### You can't see the {% data variables.copilot.copilot_coding_agent %} and it is not possible to assign it to a Jira work item + +In Jira, check your Atlassian Administration settings for your organization are set as follows. + +1. Jira is an AI-enabled app, see [Activate AI for apps](https://support.atlassian.com/organization-administration/docs/activate-atlassian-intelligence-for-products) in the Atlassian documentation. +1. Beta AI features are enabled, see [Control access to beta AI features](https://support.atlassian.com/organization-administration/docs/control-access-to-beta-ai-features/) in the Atlassian documentation. + ### You can see the {% data variables.copilot.copilot_coding_agent %} but it is not possible to assign it to a Jira work item Check that you have connected your personal account on {% data variables.product.github %} to the {% data variables.product.prodname_copilot %} for Jira app. From 2e9bd3359a97c535fc1f107b63295ba6097f2c11 Mon Sep 17 00:00:00 2001 From: Sophie <29382425+sophietheking@users.noreply.github.com> Date: Wed, 11 Mar 2026 08:25:15 +0100 Subject: [PATCH 2/6] [Improvement]: Clarify documentation around Dependabot on self-hosted runners setting (#60125) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../about-dependabot-on-github-actions-runners.md | 10 ++++++++++ .../configure-on-self-hosted-runners.md | 3 +++ 2 files changed, 13 insertions(+) diff --git a/content/code-security/concepts/supply-chain-security/about-dependabot-on-github-actions-runners.md b/content/code-security/concepts/supply-chain-security/about-dependabot-on-github-actions-runners.md index 83dd1ed9ca0a..1f6fe8d0f8c3 100644 --- a/content/code-security/concepts/supply-chain-security/about-dependabot-on-github-actions-runners.md +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-on-github-actions-runners.md @@ -43,6 +43,16 @@ Running {% data variables.product.prodname_dependabot %} on standard {% data var {% data reusables.dependabot.vnet-arc-note %} +## How runner settings interact + +The {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners and {% data variables.product.prodname_dependabot %} on self-hosted runners settings are interdependent: + +* Enabling "{% data variables.product.prodname_dependabot %} on self-hosted runners" automatically enables "{% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners". Disabling "{% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners" automatically disables "{% data variables.product.prodname_dependabot %} on self-hosted runners". +* When both settings are enabled, {% data variables.product.prodname_dependabot %} jobs run **only** on self-hosted runners or {% data variables.actions.hosted_runners %} with a `dependabot` label—not on standard {% data variables.product.prodname_dotcom %}-hosted runners. + +> [!WARNING] +> If both settings are enabled but no self-hosted runners or {% data variables.actions.hosted_runners %} with a `dependabot` label are available, {% data variables.product.prodname_dependabot %} jobs will remain queued indefinitely. Ensure runners with this label are configured before enabling "{% data variables.product.prodname_dependabot %} on self-hosted runners". + ## Access and permissions If you are transitioning to using {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners and you restrict access to your organization's or repository's private resources, you may need to update your list of allowed IP addresses. For example, if you currently limit access to your private resources to the IP addresses that {% data variables.product.prodname_dependabot %} uses, you should update your allowlist to use the {% data variables.product.prodname_dotcom %}-hosted runners IP addresses sourced from the meta API endpoint. For more information, see [AUTOTITLE](/rest/meta). diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners.md index fe9e7fab2346..af4a2f1201a9 100644 --- a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-on-self-hosted-runners.md @@ -36,6 +36,9 @@ contentType: how-tos ## Enabling self-hosted runners for {% data variables.product.prodname_dependabot_updates %} +> [!WARNING] +> Before enabling "{% data variables.product.prodname_dependabot %} on self-hosted runners", ensure that your self-hosted runners or {% data variables.actions.hosted_runners %} are configured with the runner label used by {% data variables.product.prodname_dependabot %} (by default, `dependabot`). When this setting is enabled, {% data variables.product.prodname_dependabot %} jobs will only run on runners with this label. If no runners with this label are available, jobs will remain queued indefinitely. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners#how-runner-settings-interact). + Once you have configured self-hosted runners for {% data variables.product.prodname_dependabot_updates %}, you can enable or disable {% data variables.product.prodname_dependabot_updates %} on self-hosted runners at the organization or repository level. > [!NOTE] From 22bc1706345cdef2a515c757a007f4208f1328a4 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Wed, 11 Mar 2026 03:52:55 -0700 Subject: [PATCH 3/6] Update OpenAPI Description (#60134) Co-authored-by: Felix Guntrip --- src/github-apps/lib/config.json | 2 +- src/rest/data/fpt-2022-11-28/schema.json | 64 +++++++++++------ src/rest/data/ghec-2022-11-28/schema.json | 87 +++++++++++++++-------- src/rest/lib/config.json | 2 +- src/webhooks/lib/config.json | 2 +- 5 files changed, 105 insertions(+), 52 deletions(-) diff --git a/src/github-apps/lib/config.json b/src/github-apps/lib/config.json index f6bb82eb9581..19d304316bc0 100644 --- a/src/github-apps/lib/config.json +++ b/src/github-apps/lib/config.json @@ -60,5 +60,5 @@ "2022-11-28" ] }, - "sha": "ee16ba11e8b42e2c895b223c206eb1cebfb9cc62" + "sha": "1f6b671050a3d8584111edcd52e6818892e9b4c9" } \ No newline at end of file diff --git a/src/rest/data/fpt-2022-11-28/schema.json b/src/rest/data/fpt-2022-11-28/schema.json index af31f9bdc40d..3384ee6ef605 100644 --- a/src/rest/data/fpt-2022-11-28/schema.json +++ b/src/rest/data/fpt-2022-11-28/schema.json @@ -198197,11 +198197,20 @@ ] }, "budget_type": { - "type": "string", "description": "The type of pricing for the budget", - "enum": [ - "SkuPricing", - "ProductPricing" + "oneOf": [ + { + "type": "string", + "enum": [ + "SkuPricing" + ] + }, + { + "type": "string", + "enum": [ + "ProductPricing" + ] + } ], "examples": [ "SkuPricing" @@ -198428,11 +198437,20 @@ ] }, "budget_type": { - "type": "string", "description": "The type of pricing for the budget", - "enum": [ - "ProductPricing", - "SkuPricing" + "oneOf": [ + { + "type": "string", + "enum": [ + "ProductPricing" + ] + }, + { + "type": "string", + "enum": [ + "SkuPricing" + ] + } ], "examples": [ "ProductPricing" @@ -198594,11 +198612,7 @@ "type": "string", "name": "budget_type", "in": "body", - "description": "

The type of pricing for the budget

", - "enum": [ - "ProductPricing", - "SkuPricing" - ] + "description": "

The type of pricing for the budget

" }, { "type": "string", @@ -198712,11 +198726,20 @@ "default": "" }, "budget_type": { - "type": "string", "description": "The type of pricing for the budget", - "enum": [ - "ProductPricing", - "SkuPricing" + "oneOf": [ + { + "type": "string", + "enum": [ + "ProductPricing" + ] + }, + { + "type": "string", + "enum": [ + "SkuPricing" + ] + } ] }, "budget_product_sku": { @@ -307783,7 +307806,7 @@ "type": "array of strings", "name": "selected_usernames", "in": "body", - "description": "

The usernames of the organization members whose codespaces be billed to the organization.

", + "description": "

The usernames of the organization members and outside collaborators whose codespaces should be billed to the organization.

", "isRequired": true } ], @@ -307872,7 +307895,7 @@ "type": "array of strings", "name": "selected_usernames", "in": "body", - "description": "

The usernames of the organization members whose codespaces should not be billed to the organization.

", + "description": "

The usernames of the organization members and outside collaborators whose codespaces should not be billed to the organization.

", "isRequired": true } ], @@ -542499,7 +542522,8 @@ "enum": [ "deployed", "decommissioned" - ] + ], + "default": "deployed" }, { "type": "string", diff --git a/src/rest/data/ghec-2022-11-28/schema.json b/src/rest/data/ghec-2022-11-28/schema.json index cc064e225af2..6de84f73c03a 100644 --- a/src/rest/data/ghec-2022-11-28/schema.json +++ b/src/rest/data/ghec-2022-11-28/schema.json @@ -210430,11 +210430,20 @@ ] }, "budget_type": { - "type": "string", "description": "The type of pricing for the budget", - "enum": [ - "SkuPricing", - "ProductPricing" + "oneOf": [ + { + "type": "string", + "enum": [ + "SkuPricing" + ] + }, + { + "type": "string", + "enum": [ + "ProductPricing" + ] + } ], "examples": [ "SkuPricing" @@ -210626,11 +210635,7 @@ "name": "budget_type", "in": "body", "description": "

The type of pricing for the budget

", - "isRequired": true, - "enum": [ - "ProductPricing", - "SkuPricing" - ] + "isRequired": true }, { "type": "string", @@ -210728,11 +210733,20 @@ ] }, "budget_type": { - "type": "string", "description": "The type of pricing for the budget", - "enum": [ - "ProductPricing", - "SkuPricing" + "oneOf": [ + { + "type": "string", + "enum": [ + "ProductPricing" + ] + }, + { + "type": "string", + "enum": [ + "SkuPricing" + ] + } ], "examples": [ "ProductPricing" @@ -210916,11 +210930,20 @@ ] }, "budget_type": { - "type": "string", "description": "The type of pricing for the budget", - "enum": [ - "ProductPricing", - "SkuPricing" + "oneOf": [ + { + "type": "string", + "enum": [ + "ProductPricing" + ] + }, + { + "type": "string", + "enum": [ + "SkuPricing" + ] + } ], "examples": [ "ProductPricing" @@ -211078,11 +211101,7 @@ "type": "string", "name": "budget_type", "in": "body", - "description": "

The type of pricing for the budget

", - "enum": [ - "ProductPricing", - "SkuPricing" - ] + "description": "

The type of pricing for the budget

" }, { "type": "string", @@ -211193,11 +211212,20 @@ ] }, "budget_type": { - "type": "string", "description": "The type of pricing for the budget", - "enum": [ - "ProductPricing", - "SkuPricing" + "oneOf": [ + { + "type": "string", + "enum": [ + "ProductPricing" + ] + }, + { + "type": "string", + "enum": [ + "SkuPricing" + ] + } ], "examples": [ "ProductPricing" @@ -324648,7 +324676,7 @@ "type": "array of strings", "name": "selected_usernames", "in": "body", - "description": "

The usernames of the organization members whose codespaces be billed to the organization.

", + "description": "

The usernames of the organization members and outside collaborators whose codespaces should be billed to the organization.

", "isRequired": true } ], @@ -324737,7 +324765,7 @@ "type": "array of strings", "name": "selected_usernames", "in": "body", - "description": "

The usernames of the organization members whose codespaces should not be billed to the organization.

", + "description": "

The usernames of the organization members and outside collaborators whose codespaces should not be billed to the organization.

", "isRequired": true } ], @@ -591256,7 +591284,8 @@ "enum": [ "deployed", "decommissioned" - ] + ], + "default": "deployed" }, { "type": "string", diff --git a/src/rest/lib/config.json b/src/rest/lib/config.json index 5324eee5e8f5..a488054d8813 100644 --- a/src/rest/lib/config.json +++ b/src/rest/lib/config.json @@ -53,5 +53,5 @@ ] } }, - "sha": "ee16ba11e8b42e2c895b223c206eb1cebfb9cc62" + "sha": "1f6b671050a3d8584111edcd52e6818892e9b4c9" } \ No newline at end of file diff --git a/src/webhooks/lib/config.json b/src/webhooks/lib/config.json index bd93420bba6f..6d6cc913fb41 100644 --- a/src/webhooks/lib/config.json +++ b/src/webhooks/lib/config.json @@ -1,3 +1,3 @@ { - "sha": "ee16ba11e8b42e2c895b223c206eb1cebfb9cc62" + "sha": "1f6b671050a3d8584111edcd52e6818892e9b4c9" } \ No newline at end of file From 313f3b381b13cb99b5904bcb3ae1ecf596fb1948 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Wed, 11 Mar 2026 06:09:26 -0700 Subject: [PATCH 4/6] docs: update copilot-cli content from source docs (#60146) Co-authored-by: github-actions[bot] Co-authored-by: hubwriter Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../agents/copilot-cli/about-copilot-cli.md | 14 +- .../how-tos/copilot-cli/cli-best-practices.md | 2 +- .../configure-copilot-cli.md | 26 +-- .../use-copilot-agents/manage-agents.md | 10 +- .../reference/cli-command-reference.md | 210 ++++++++++++++++-- .../copilot/reference/cli-plugin-reference.md | 2 +- .../copilot/responsible-use/copilot-cli.md | 2 +- src/content-pipelines/state/copilot-cli.sha | 2 +- 8 files changed, 226 insertions(+), 42 deletions(-) diff --git a/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md b/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md index 829b1b553a46..d86f8c779123 100644 --- a/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md +++ b/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md @@ -49,7 +49,7 @@ You can also pass the CLI a single prompt directly on the command line. The CLI To use the CLI programmatically, include the `-p` or `--prompt` command-line option in your command. To allow {% data variables.product.prodname_copilot_short %} to modify and execute files you should also use one of the approval options described later in this article—see [Allowing tools to be used without manual approval](#allowing-tools-to-be-used-without-manual-approval) ). For example: ```bash copy - copilot -p "Show me this week's commits and summarize them" --allow-tool 'shell(git)' + copilot -p "Show me this week's commits and summarize them" --allow-tool='shell(git)' ``` Alternatively, you can use a script to output command-line options and pipe this to `copilot`. For example: @@ -245,22 +245,22 @@ The `--deny-tool` and `--allow-tool` options require one of the following argume For `git` and `gh` commands, you can specify a particular first-level subcommand to allow or deny. For example: ```shell - copilot --deny-tool 'shell(git push)' + copilot --deny-tool='shell(git push)' ``` - The tool specification is optional. For example, `copilot --allow-tool 'shell'` allows {% data variables.product.prodname_copilot_short %} to use any shell command without individual approval. + The tool specification is optional. For example, `copilot --allow-tool='shell'` allows {% data variables.product.prodname_copilot_short %} to use any shell command without individual approval. * `'write'` This argument allows or denies tools—other than shell commands—permission to modify files. - For example, `copilot --allow-tool 'write'` allows {% data variables.product.prodname_copilot_short %} to edit files without your individual approval. + For example, `copilot --allow-tool='write'` allows {% data variables.product.prodname_copilot_short %} to edit files without your individual approval. * `'MCP_SERVER_NAME'` This argument allows or denies tools from the specified MCP server, where `MCP_SERVER_NAME` is the name of an MCP server that you have configured. Tools from the server are specified in parentheses, using the tool name that is registered with the MCP server. Using the server name without specifying a tool allows or denies all tools from that server. - For example, `copilot --deny-tool 'My-MCP-Server(tool_name)'` prevents {% data variables.product.prodname_copilot_short %} from using the tool called `tool_name` from the MCP server called `My-MCP-Server`. + For example, `copilot --deny-tool='My-MCP-Server(tool_name)'` prevents {% data variables.product.prodname_copilot_short %} from using the tool called `tool_name` from the MCP server called `My-MCP-Server`. You can find an MCP server's name by entering `/mcp` in the CLI's interactive interface, then selecting the server from the list that's displayed. @@ -271,13 +271,13 @@ You can use a combination of approval options to determine exactly which tools { For example, to prevent {% data variables.product.prodname_copilot_short %} from using the `rm` and `git push` commands, but automatically allow all other tools, use: ```shell -copilot --allow-all-tools --deny-tool 'shell(rm)' --deny-tool 'shell(git push)' +copilot --allow-all-tools --deny-tool='shell(rm)' --deny-tool='shell(git push)' ``` To prevent {% data variables.product.prodname_copilot_short %} from using the tool `tool_name` from the MCP server named `My-MCP-Server`, but allow all other tools from that server to be used without individual approval, use: ```shell -copilot --allow-tool 'My-MCP-Server' --deny-tool 'My-MCP-Server(tool_name)' +copilot --allow-tool='My-MCP-Server' --deny-tool='My-MCP-Server(tool_name)' ``` #### Security implications of automatic tool approval diff --git a/content/copilot/how-tos/copilot-cli/cli-best-practices.md b/content/copilot/how-tos/copilot-cli/cli-best-practices.md index 6d65f8304164..b73b1490ff9f 100644 --- a/content/copilot/how-tos/copilot-cli/cli-best-practices.md +++ b/content/copilot/how-tos/copilot-cli/cli-best-practices.md @@ -76,7 +76,7 @@ To reset previously approved tools, use: You can also preconfigure allowed tools via CLI flags: ```bash -copilot --allow-tool 'shell(git:*)' --deny-tool 'shell(git push)' +copilot --allow-tool='shell(git:*)' --deny-tool='shell(git push)' ``` **Common permission patterns:** diff --git a/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md b/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md index 1acdebde158d..8c6ad21f9c24 100644 --- a/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md +++ b/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md @@ -109,7 +109,7 @@ Use `--deny-tool` to prevent {% data variables.product.prodname_copilot_short %} * For example: ```shell - copilot --deny-tool 'shell(git push)' + copilot --deny-tool='shell(git push)' ``` This option takes precedence over the `--allow-all-tools` and `--allow-tool` options. @@ -121,7 +121,7 @@ Use `--allow-tool` to allow {% data variables.product.prodname_copilot_short %} * For example: ```shell - copilot --allow-tool 'shell' + copilot --allow-tool='shell' ``` ### Specifying which tool you want to allow or deny @@ -139,7 +139,7 @@ Use `shell(COMMAND)` to allow or deny a specific shell command. * For example, to prevent {% data variables.product.prodname_copilot_short %} from using any `rm` command, use: ```shell - copilot --deny-tool 'shell(rm)' + copilot --deny-tool='shell(rm)' ``` For `git` and `gh` commands, specify a particular first-level subcommand to allow or deny. @@ -147,10 +147,10 @@ For `git` and `gh` commands, specify a particular first-level subcommand to allo * For example, to prevent {% data variables.product.prodname_copilot_short %} from using `git push`, use: ```shell - copilot --deny-tool 'shell(git push)' + copilot --deny-tool='shell(git push)' ``` -The tool specification is optional. For example, `copilot --allow-tool 'shell'` allows {% data variables.product.prodname_copilot_short %} to use any shell command without individual approval. +The tool specification is optional. For example, `copilot --allow-tool='shell'` allows {% data variables.product.prodname_copilot_short %} to use any shell command without individual approval. #### Allowing or denying `'write'` tools @@ -159,7 +159,7 @@ Use `'write'` to allow or deny tools—other than shell commands—permission to * For example, to allow {% data variables.product.prodname_copilot_short %} to edit files without your individual approval, use: ```shell - copilot --allow-tool 'write' + copilot --allow-tool='write' ``` #### Allowing or denying MCP server tools @@ -169,7 +169,7 @@ Use `'MCP_SERVER_NAME'` to allow or deny a specific tool from the specified MCP * For example, to prevent {% data variables.product.prodname_copilot_short %} from using the tool called `tool_name` from the MCP server called `My-MCP-Server`, use: ```shell - copilot --deny-tool 'My-MCP-Server(tool_name)' + copilot --deny-tool='My-MCP-Server(tool_name)' ``` `MCP_SERVER_NAME` is the name of an MCP server that you have configured. @@ -187,13 +187,13 @@ To determine exactly which tools {% data variables.product.prodname_copilot_shor * To prevent {% data variables.product.prodname_copilot_short %} from using the `rm` and `git push` commands, but automatically allow all other tools, use: ```shell - copilot --allow-all-tools --deny-tool 'shell(rm)' --deny-tool 'shell(git push)' + copilot --allow-all-tools --deny-tool='shell(rm)' --deny-tool='shell(git push)' ``` * To prevent {% data variables.product.prodname_copilot_short %} from using the tool `tool_name` from the MCP server named `My-MCP-Server`, but allow all other tools from that server to be used without individual approval, use: ```shell - copilot --allow-tool 'My-MCP-Server' --deny-tool 'My-MCP-Server(tool_name)' + copilot --allow-tool='My-MCP-Server' --deny-tool='My-MCP-Server(tool_name)' ``` ### Limiting available tools @@ -246,15 +246,15 @@ To disable URL verification, use the `--allow-all-urls` flag. ### Pre-approving specific domains -To pre-approve specific domains, use `--allow-url `. +To pre-approve specific domains, use `--allow-url=DOMAIN`. -* For example, `--allow-url github.com`. +* For example, `--allow-url=github.com`. ### Denying specific domains -To deny specific domains, use `--deny-url `. +To deny specific domains, use `--deny-url=DOMAIN`. -* For example, `--deny-url github.com`. +* For example, `--deny-url=github.com`. ## Allowing all tools, paths, and URLs diff --git a/content/copilot/how-tos/use-copilot-agents/manage-agents.md b/content/copilot/how-tos/use-copilot-agents/manage-agents.md index 7d295f9110a0..a7b96ff73470 100644 --- a/content/copilot/how-tos/use-copilot-agents/manage-agents.md +++ b/content/copilot/how-tos/use-copilot-agents/manage-agents.md @@ -15,7 +15,7 @@ category: ## 1. Select a repository and choose your agent 1. Start a new agent task. - + * Open the **{% octicon "agent" aria-label="The Agents icon" %} Agents** tab in a repository * Open the [Agents page](https://github.com/copilot/agents?ref_product=copilot&ref_type=engagement&ref_style=text) * Use the **Task** button or `/task` command from [{% data variables.copilot.copilot_chat_short %}](https://github.com/copilot?ref_product=copilot&ref_type=engagement&ref_style=text) @@ -40,7 +40,7 @@ For more information on ways to start new agent tasks, see [AUTOTITLE](/copilot/ Once the agent starts working, it will continue to update the session log and overview with its progress and thought process. -Each session displays its status. Click on a session to open the session log, where you can monitor the agent's progress, see the tools it's using, and track how long the session has been running. +Each session displays its status. Click on a session to open the session log, where you can monitor the agent's progress, see the tools it's using, and track how long the session has been running. {% data variables.copilot.copilot_coding_agent %} sessions can also be tracked from the {% data variables.product.prodname_cli %}, {% data variables.product.prodname_mobile %}, {% data variables.product.prodname_vscode %}, Raycast, and JetBrains IDEs. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). @@ -68,14 +68,14 @@ In the prompt box under the agent session log, prompt {% data variables.product. You can guide the agent in your local development environment on further changes, or make any edits that require human expertise. ### {% data variables.product.prodname_vscode_shortname %} - + At the bottom of the agent session view, click the **{% octicon "vscode" aria-label="VS Code" %} Open in {% data variables.product.prodname_vscode_shortname %}** button to launch the session directly in {% data variables.product.prodname_vscode_shortname %}. {% data reusables.copilot.coding-agent.use-latest-vscode %} ### {% data variables.copilot.copilot_cli %} 1. At the bottom of the agent session view, click the dropdown list next to **{% octicon "vscode" aria-label="VS Code" %} Open in {% data variables.product.prodname_vscode_shortname %}**. - 1. Click **{% octicon "agent" aria-label="Agent" %} Continue in {% data variables.copilot.copilot_cli %}** to copy the `copilot --resume=` command to your clipboard. + 1. Click **{% octicon "agent" aria-label="Agent" %} Continue in {% data variables.copilot.copilot_cli %}** to copy the `copilot --resume=SESSION-ID` command to your clipboard. ![Screenshot of the session action dropdown list, "Continue in Copilot CLI" is highlighted with a dark orange outline.](/assets/images/help/copilot/coding-agent/open-agent-session-in-copilot-cli.png) 1. In your terminal, paste and run the command to resume the agent session. @@ -85,7 +85,7 @@ Once the agent completes a session, you can navigate to the pull request to revi ## 6. Archive agent sessions -Sessions that have been stopped can be archived to remove them from the sessions list. +Sessions that have been stopped can be archived to remove them from the sessions list. 1. Open the agent session you want to archive. 1. In the top right corner, click **{% octicon "kebab-horizontal" aria-label="More actions" %}**, then click **{% octicon "inbox" aria-hidden="true" aria-label="inbox" %} Archive session**. diff --git a/content/copilot/reference/cli-command-reference.md b/content/copilot/reference/cli-command-reference.md index ac0eb2863f41..48df2064051d 100644 --- a/content/copilot/reference/cli-command-reference.md +++ b/content/copilot/reference/cli-command-reference.md @@ -121,23 +121,23 @@ For a complete list of available slash commands enter `/help` in the CLI's inter | `--allow-all-paths` | Disable file path verification and allow access to any path. | | `--allow-all-tools` | Allow all tools to run automatically without confirmation. Required when using the CLI programmatically (env: `COPILOT_ALLOW_ALL`). | | `--allow-all-urls` | Allow access to all URLs without confirmation. | -| `--allow-tool [TOOLS...]` | Tools the CLI has permission to use. Will not prompt for permission. | -| `--allow-url [URLS...]` | Allow access to specific URLs or domains. | +| `--allow-tool=TOOL ...` | Tools the CLI has permission to use. Will not prompt for permission. For multiple tools, use a quoted, comma-separated list. | +| `--allow-url=URL ...` | Allow access to specific URLs or domains. For multiple URLs, use a quoted, comma-separated list. | | `--alt-screen [VALUE]` | Use the terminal alternate screen buffer (`on` or `off`). | | `--autopilot` | Enable autopilot continuation in prompt mode. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/autopilot). | -| `--available-tools [TOOLS...]` | Only these tools will be available to the model. | +| `--available-tools=TOOL ...` | Only these tools will be available to the model. For multiple tools, use a quoted, comma-separated list. | | `--banner` | Show the startup banner. | -| `--bash-env [VALUE]` | Enable `BASH_ENV` support for bash shells (`on` or `off`). | +| `--bash-env` | Enable `BASH_ENV` support for bash shells. | | `--config-dir PATH` | Set the configuration directory (default: `~/.copilot`). | | `--continue` | Resume the most recent session. | -| `--deny-tool [TOOLS...]` | Tools the CLI does not have permission to use. Will not prompt for permission. | -| `--deny-url [URLS...]` | Deny access to specific URLs or domains, takes precedence over `--allow-url`. | +| `--deny-tool=TOOL ...` | Tools the CLI does not have permission to use. Will not prompt for permission. For multiple tools, use a quoted, comma-separated list. | +| `--deny-url=URL ...` | Deny access to specific URLs or domains, takes precedence over `--allow-url`. For multiple URLs, use a quoted, comma-separated list. | | `--disable-builtin-mcps` | Disable all built-in MCP servers (currently: `github-mcp-server`). | | `--disable-mcp-server SERVER-NAME` | Disable a specific MCP server (can be used multiple times). | | `--disable-parallel-tools-execution` | Disable parallel execution of tools (LLM can still make parallel tool calls, but they will be executed sequentially). | | `--disallow-temp-dir` | Prevent automatic access to the system temporary directory. | | `--enable-all-github-mcp-tools` | Enable all {% data variables.product.github %} MCP server tools, instead of the default CLI subset. Overrides the `--add-github-mcp-toolset` and `--add-github-mcp-tool` options. | -| `--excluded-tools [TOOLS...]` | These tools will not be available to the model. | +| `--excluded-tools=TOOL ...` | These tools will not be available to the model. For multiple tools, use a quoted, comma-separated list. | | `--experimental` | Enable experimental features (use `--no-experimental` to disable). | | `-h`, `--help` | Display help. | | `-i PROMPT`, `--interactive PROMPT` | Start an interactive session and automatically execute this prompt. | @@ -155,10 +155,10 @@ For a complete list of available slash commands enter `/help` in the CLI's inter | `--output-format FORMAT` | FORMAT can be `text` (default) or `json` (outputs JSONL: one JSON object per line). | | `-p PROMPT`, `--prompt PROMPT` | Execute a prompt programmatically (exits after completion). | | `--plain-diff` | Disable rich diff rendering (syntax highlighting via the diff tool specified by your git config). | -| `--resume [SESSION-ID]` | Resume a previous interactive session by choosing from a list (optionally specify a session ID). | +| `--resume[=SESSION-ID]` | Resume a previous interactive session by choosing from a list (optionally specify a session ID). | | `-s`, `--silent` | Output only the agent response (without usage statistics), useful for scripting with `-p`. | | `--screen-reader` | Enable screen reader optimizations. | -| `--share [PATH]` | Share a session to a Markdown file after completion of a programmatic session (default path: `./copilot-session-.md`). | +| `--share[=PATH]` | Share a session to a Markdown file after completion of a programmatic session (default path: `./copilot-session-.md`). | | `--share-gist` | Share a session to a secret {% data variables.product.github %} gist after completion of a programmatic session. | | `--stream MODE` | Enable or disable streaming mode (mode choices: `on` or `off`). | | `-v`, `--version` | Show version information. | @@ -185,13 +185,13 @@ Deny rules always take precedence over allow rules, even when `--allow-all` is s ```shell # Allow all git commands except git push -copilot --allow-tool 'shell(git:*)' --deny-tool 'shell(git push)' +copilot --allow-tool='shell(git:*)' --deny-tool='shell(git push)' # Allow a specific MCP server tool -copilot --allow-tool 'MyMCP(create_issue)' +copilot --allow-tool='MyMCP(create_issue)' # Allow all tools from a server -copilot --allow-tool 'MyMCP' +copilot --allow-tool='MyMCP' ``` ## Environment variables @@ -241,6 +241,7 @@ Settings cascade from user to repository to local, with more specific scopes ove | `companyAnnouncements` | `string[]` | `[]` | Custom messages shown randomly on startup. | | `log_level` | `"none"` \| `"error"` \| `"warning"` \| `"info"` \| `"debug"` \| `"all"` \| `"default"` | `"default"` | Logging verbosity. | | `model` | `string` | varies | AI model to use (see the `/model` command). | +| `powershell_flags` | `string[]` | `["-NoProfile", "-NoLogo"]` | Flags passed to PowerShell (`pwsh`) on startup. Windows only. | | `reasoning_effort` | `"low"` \| `"medium"` \| `"high"` \| `"xhigh"` | `"medium"` | Reasoning effort level for extended thinking. Higher levels use more compute. | | `render_markdown` | `boolean` | `true` | Render Markdown in terminal output. | | `screen_reader` | `boolean` | `false` | Enable screen reader optimizations. | @@ -259,7 +260,8 @@ Repository settings apply to everyone who works in the repository. Only a subset |-----|------|---------------|-------------| | `companyAnnouncements` | `string[]` | Replaced—repository takes precedence | Messages shown randomly on startup. | | `enabledPlugins` | `Record` | Merged—repository overrides user for same key | Declarative plugin auto-install. | -| `marketplaces` | `Record` | Merged—repository overrides user for same key | Plugin marketplaces available in this repository. | +| `extraKnownMarketplaces` | `Record` | Merged—repository overrides user for same key | Plugin marketplaces available in this repository. | +| `marketplaces` | `Record` | Merged—repository overrides user for same key | Plugin marketplaces (deprecated—use `extraKnownMarketplaces`). | ### Local settings (`.github/copilot/settings.local.json`) @@ -434,6 +436,21 @@ The CLI includes built-in MCP servers that are available without additional setu Use `--disable-builtin-mcps` to disable all built-in servers, or `--disable-mcp-server SERVER-NAME` to disable a specific one. +### MCP server trust levels + +MCP servers are loaded from multiple sources, each with a different trust level. + +| Source | Trust level | Review required | +|--------|-------------|----------------| +| Built-in | High | No | +| Repository (`.github/mcp.json`) | Medium | Recommended | +| Workspace (`.mcp.json`, `.vscode/mcp.json`) | Medium | Recommended | +| Dev Container (`.devcontainer/devcontainer.json`) | Medium | Recommended | +| User config (`~/.copilot/mcp-config.json`) | User-defined | User responsibility | +| Remote servers | Low | Always | + +All MCP tool invocations require explicit permission. This applies even to read-only operations on external services. + ## Skills reference Skills are Markdown files that extend what the CLI can do. Each skill lives in its own directory containing a `SKILL.md` file. When invoked (via `/SKILL-NAME` or automatically by the agent), the skill's content is injected into the conversation. @@ -525,3 +542,170 @@ Session approvals reset when you run `/clear` or start a new session. | `PLAN_COMMAND` | `on` | Interactive planning mode. | | `AGENTIC_MEMORY` | `on` | Persistent memory across sessions. | | `CUSTOM_AGENTS` | `on` | Custom agent definitions. | + +## OpenTelemetry monitoring + +{% data variables.copilot.copilot_cli_short %} can export traces and metrics via [OpenTelemetry](https://opentelemetry.io/) (OTel), giving you visibility into agent interactions, LLM calls, tool executions, and token usage. All signal names and attributes follow the [OTel GenAI Semantic Conventions](https://github.com/open-telemetry/semantic-conventions/blob/main/docs/gen-ai/). + +OTel is off by default with zero overhead. It activates when any of the following conditions are met: + +* `COPILOT_OTEL_ENABLED=true` +* `OTEL_EXPORTER_OTLP_ENDPOINT` is set +* `COPILOT_OTEL_FILE_EXPORTER_PATH` is set + +### OTel environment variables + +| Variable | Default | Description | +|----------|---------|-------------| +| `COPILOT_OTEL_ENABLED` | `false` | Explicitly enable OTel. Not required if `OTEL_EXPORTER_OTLP_ENDPOINT` is set. | +| `OTEL_EXPORTER_OTLP_ENDPOINT` | — | OTLP endpoint URL. Setting this automatically enables OTel. | +| `COPILOT_OTEL_EXPORTER_TYPE` | `otlp-http` | Exporter type: `otlp-http` or `file`. Auto-selects `file` when `COPILOT_OTEL_FILE_EXPORTER_PATH` is set. | +| `OTEL_SERVICE_NAME` | `github-copilot` | Service name in resource attributes. | +| `OTEL_RESOURCE_ATTRIBUTES` | — | Extra resource attributes as comma-separated `key=value` pairs. Use percent-encoding for special characters. | +| `OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT` | `false` | Capture full prompt and response content. See [Content capture](#content-capture). | +| `OTEL_LOG_LEVEL` | — | OTel diagnostic log level: `NONE`, `ERROR`, `WARN`, `INFO`, `DEBUG`, `VERBOSE`, `ALL`. | +| `COPILOT_OTEL_FILE_EXPORTER_PATH` | — | Write all signals to this file as JSON-lines. Setting this automatically enables OTel. | +| `COPILOT_OTEL_SOURCE_NAME` | `github.copilot` | Instrumentation scope name for tracer and meter. | +| `OTEL_EXPORTER_OTLP_HEADERS` | — | Auth headers for the OTLP exporter (for example, `Authorization=Bearer token`). | + +### Traces + +The runtime emits a hierarchical span tree for each agent interaction. Each tree contains an `invoke_agent` root span, with `chat` and `execute_tool` child spans. + +#### `invoke_agent` span attributes + +Wraps the entire agent invocation: all LLM calls and tool executions for one user message. Span kind: `CLIENT`. + +| Attribute | Description | +|-----------|-------------| +| `gen_ai.operation.name` | `invoke_agent` | +| `gen_ai.provider.name` | Provider (for example, `github`, `anthropic`) | +| `gen_ai.agent.id` | Session identifier | +| `gen_ai.agent.name` | Agent name (subagents only) | +| `gen_ai.agent.description` | Agent description (subagents only) | +| `gen_ai.agent.version` | Runtime version | +| `gen_ai.conversation.id` | Session identifier | +| `gen_ai.request.model` | Requested model | +| `gen_ai.response.model` | Resolved model | +| `gen_ai.response.id` | Last response ID | +| `gen_ai.response.finish_reasons` | `["stop"]` or `["error"]` | +| `gen_ai.usage.input_tokens` | Total input tokens (all turns) | +| `gen_ai.usage.output_tokens` | Total output tokens (all turns) | +| `gen_ai.usage.cache_read.input_tokens` | Cached input tokens read | +| `gen_ai.usage.cache_creation.input_tokens` | Cached input tokens created | +| `github.copilot.turn_count` | Number of LLM round-trips | +| `github.copilot.cost` | Monetary cost | +| `github.copilot.aiu` | AI units consumed | +| `server.address` | Server hostname | +| `server.port` | Server port | +| `error.type` | Error class name (on error) | +| `gen_ai.input.messages` | Full input messages as JSON (content capture only) | +| `gen_ai.output.messages` | Full output messages as JSON (content capture only) | +| `gen_ai.system_instructions` | System prompt content as JSON (content capture only) | +| `gen_ai.tool.definitions` | Tool schemas as JSON (content capture only) | + +#### `chat` span attributes + +One span per LLM request. Span kind: `CLIENT`. + +| Attribute | Description | +|-----------|-------------| +| `gen_ai.operation.name` | `chat` | +| `gen_ai.provider.name` | Provider name | +| `gen_ai.request.model` | Requested model | +| `gen_ai.conversation.id` | Session identifier | +| `gen_ai.response.id` | Response ID | +| `gen_ai.response.model` | Resolved model | +| `gen_ai.response.finish_reasons` | Stop reasons | +| `gen_ai.usage.input_tokens` | Input tokens this turn | +| `gen_ai.usage.output_tokens` | Output tokens this turn | +| `gen_ai.usage.cache_read.input_tokens` | Cached tokens read | +| `gen_ai.usage.cache_creation.input_tokens` | Cached tokens created | +| `github.copilot.cost` | Turn cost | +| `github.copilot.aiu` | AI units consumed this turn | +| `github.copilot.server_duration` | Server-side duration | +| `github.copilot.initiator` | Request initiator | +| `github.copilot.turn_id` | Turn identifier | +| `github.copilot.interaction_id` | Interaction identifier | +| `server.address` | Server hostname | +| `server.port` | Server port | +| `error.type` | Error class name (on error) | +| `gen_ai.input.messages` | Full prompt messages as JSON (content capture only) | +| `gen_ai.output.messages` | Full response messages as JSON (content capture only) | +| `gen_ai.system_instructions` | System prompt content as JSON (content capture only) | + +#### `execute_tool` span attributes + +One span per tool call. Span kind: `INTERNAL`. + +| Attribute | Description | +|-----------|-------------| +| `gen_ai.operation.name` | `execute_tool` | +| `gen_ai.provider.name` | Provider name (when available) | +| `gen_ai.tool.name` | Tool name (for example, `readFile`) | +| `gen_ai.tool.type` | `function` | +| `gen_ai.tool.call.id` | Tool call identifier | +| `gen_ai.tool.description` | Tool description | +| `error.type` | Error class name (on error) | +| `gen_ai.tool.call.arguments` | Tool input arguments as JSON (content capture only) | +| `gen_ai.tool.call.result` | Tool output as JSON (content capture only) | + +### Metrics + +#### GenAI convention metrics + +| Metric | Type | Unit | Description | +|--------|------|------|-------------| +| `gen_ai.client.operation.duration` | Histogram | s | LLM API call and agent invocation duration | +| `gen_ai.client.token.usage` | Histogram | tokens | Token counts by type (`input`/`output`) | +| `gen_ai.client.operation.time_to_first_chunk` | Histogram | s | Time to receive first streaming chunk | +| `gen_ai.client.operation.time_per_output_chunk` | Histogram | s | Inter-chunk latency after first chunk | + +#### Vendor-specific metrics + +| Metric | Type | Unit | Description | +|--------|------|------|-------------| +| `github.copilot.tool.call.count` | Counter | calls | Tool invocations by `gen_ai.tool.name` and `success` | +| `github.copilot.tool.call.duration` | Histogram | s | Tool execution latency by `gen_ai.tool.name` | +| `github.copilot.agent.turn.count` | Histogram | turns | LLM round-trips per agent invocation | + +### Span events + +Lifecycle events recorded on the active `chat` or `invoke_agent` span. + +| Event | Description | Key attributes | +|-------|-------------|----------------| +| `github.copilot.session.truncation` | Conversation history was truncated | `github.copilot.token_limit`, `github.copilot.pre_tokens`, `github.copilot.post_tokens`, `github.copilot.tokens_removed`, `github.copilot.messages_removed` | +| `github.copilot.session.compaction_start` | History compaction began | None | +| `github.copilot.session.compaction_complete` | History compaction completed | `github.copilot.success`, `github.copilot.pre_tokens`, `github.copilot.post_tokens`, `github.copilot.tokens_removed`, `github.copilot.messages_removed` | +| `github.copilot.skill.invoked` | A skill was invoked | `github.copilot.skill.name`, `github.copilot.skill.path`, `github.copilot.skill.plugin_name`, `github.copilot.skill.plugin_version` | +| `github.copilot.session.shutdown` | Session is shutting down | `github.copilot.shutdown_type`, `github.copilot.total_premium_requests`, `github.copilot.lines_added`, `github.copilot.lines_removed`, `github.copilot.files_modified_count` | +| `github.copilot.session.abort` | User cancelled the current operation | `github.copilot.abort_reason` | +| `exception` | Session error | `github.copilot.error_type`, `github.copilot.error_status_code`, `github.copilot.error_provider_call_id` | + +### Resource attributes + +All signals carry these resource attributes. + +| Attribute | Value | +|-----------|-------| +| `service.name` | `github-copilot` (configurable via `OTEL_SERVICE_NAME`) | +| `service.version` | Runtime version | + +### Content capture + +By default, no prompt content, responses, or tool arguments are captured—only metadata like model names, token counts, and durations. To capture full content, set `OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT=true`. + +> [!WARNING] +> Content capture may include sensitive information such as code, file contents, and user prompts. Only enable this in trusted environments. + +When content capture is enabled, the following attributes are populated. + +| Attribute | Content | +|-----------|---------| +| `gen_ai.input.messages` | Full prompt messages (JSON) | +| `gen_ai.output.messages` | Full response messages (JSON) | +| `gen_ai.system_instructions` | System prompt content (JSON) | +| `gen_ai.tool.definitions` | Tool schemas (JSON) | +| `gen_ai.tool.call.arguments` | Tool input arguments | +| `gen_ai.tool.call.result` | Tool output | diff --git a/content/copilot/reference/cli-plugin-reference.md b/content/copilot/reference/cli-plugin-reference.md index f71654cbc6dd..b15ce684b1dd 100644 --- a/content/copilot/reference/cli-plugin-reference.md +++ b/content/copilot/reference/cli-plugin-reference.md @@ -146,7 +146,7 @@ For more information, see [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-cop | Agents | `agents/` (default, overridable in manifest) | | Skills | `skills/` (default, overridable in manifest) | | Hooks config | `hooks.json` or `hooks/hooks.json` | -| MCP config | `.mcp.json` or `.github/mcp.json` | +| MCP config | `.mcp.json`, `.vscode/mcp.json`, `.devcontainer/devcontainer.json`, `.github/mcp.json` | | LSP config | `lsp.json` or `.github/lsp.json` | ## Loading order and precedence diff --git a/content/copilot/responsible-use/copilot-cli.md b/content/copilot/responsible-use/copilot-cli.md index 56881cc90eda..e8e3ba3a49f7 100644 --- a/content/copilot/responsible-use/copilot-cli.md +++ b/content/copilot/responsible-use/copilot-cli.md @@ -103,7 +103,7 @@ By default, {% data variables.copilot.copilot_cli_short %}: * Will ask for permission before modifying files. Ensure that it is modifying the correct files before granting permission. * Will ask for permission before executing commands that may be dangerous. Review these commands carefully before giving it permission to run. -You can grant {% data variables.copilot.copilot_cli_short %} specific permissions, or all permissions, by using the various command line options: for example, `--allow-tool [TOOLS...]`, `--allow-all-tools`, `--allow-all` (or its slash command equivalent `/allow-all` for use in an interactive session). For more information, see [AUTOTITLE](/copilot/reference/cli-command-reference#command-line-options). Typically, when you use {% data variables.copilot.copilot_cli_short %} in autopilot mode, you will grant it full permissions to allow it to complete a task autonomously, without requiring you to approve activity as it works on the task. For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-cli/autopilot). +You can grant {% data variables.copilot.copilot_cli_short %} specific permissions, or all permissions, by using the various command line options: for example, `--allow-tool=[TOOLS...]`, `--allow-all-tools`, `--allow-all` (or its slash command equivalent `/allow-all` for use in an interactive session). For more information, see [AUTOTITLE](/copilot/reference/cli-command-reference#command-line-options). Typically, when you use {% data variables.copilot.copilot_cli_short %} in autopilot mode, you will grant it full permissions to allow it to complete a task autonomously, without requiring you to approve activity as it works on the task. For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-cli/autopilot). For more information about security practices while using {% data variables.copilot.copilot_cli %}, see "Security considerations" in [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli#security-considerations). diff --git a/src/content-pipelines/state/copilot-cli.sha b/src/content-pipelines/state/copilot-cli.sha index 5daa10eea00a..6f86da6e6ace 100644 --- a/src/content-pipelines/state/copilot-cli.sha +++ b/src/content-pipelines/state/copilot-cli.sha @@ -1 +1 @@ -939b44065d747eced9cbeb2d745988bdce61f0e0 +5dbbfe04bd3b818bd9aafc4e0f53bd94d701aea5 From 0f5198e14f335962337e184c266bfcbbafc68c8d Mon Sep 17 00:00:00 2001 From: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Date: Wed, 11 Mar 2026 13:13:43 +0000 Subject: [PATCH 5/6] Add 'skip FR board' label to PR creation step (#60161) --- .github/workflows/content-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/content-pipelines.yml b/.github/workflows/content-pipelines.yml index 96e640510cb7..1fe634a0186a 100644 --- a/.github/workflows/content-pipelines.yml +++ b/.github/workflows/content-pipelines.yml @@ -181,7 +181,7 @@ jobs: --body "$PR_BODY" \ --base main \ --head "$UPDATE_BRANCH" \ - --label "workflow-generated,content-pipeline-update,ready-for-doc-review" + --label "workflow-generated,content-pipeline-update,ready-for-doc-review,skip FR board" fi - uses: ./.github/actions/slack-alert From b888128880dc1f6d1a226a6d2b59ab7dd3ecd8d9 Mon Sep 17 00:00:00 2001 From: Damien Butler <81618731+DamienButler@users.noreply.github.com> Date: Wed, 11 Mar 2026 13:54:05 +0000 Subject: [PATCH 6/6] Update documentation on changing enterprise slug to include ghe not supported (#60128) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../changing-the-url-for-your-enterprise.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md b/content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md index 09fefeeeb014..83031b6e0268 100644 --- a/content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md +++ b/content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md @@ -16,6 +16,7 @@ If your company pays for {% data variables.product.prodname_ghe_cloud %} by cred > [!NOTE] > If you pay for {% data variables.product.prodname_ghe_cloud %} via invoice, or if your enterprise uses {% data variables.product.prodname_emus %}, you must contact {% data variables.contact.contact_enterprise_sales %} to change your enterprise slug. +> For enterprises hosted on {% data variables.enterprise.data_residency_site %}, changing the enterprise slug is not currently supported. ## Considerations when changing your enterprise slug