diff --git a/.github/workflows/link-check-internal.yml b/.github/workflows/link-check-internal.yml
index 55a738e86400..3bbbf0ca9d4a 100644
--- a/.github/workflows/link-check-internal.yml
+++ b/.github/workflows/link-check-internal.yml
@@ -134,27 +134,28 @@ jobs:
               return
             }
 
-            const tableRows = redirectGroups.map(g => {
+            const directives = redirectGroups.map(g => {
               const occ = g.occurrences[0]
               const redirectTarget = occ?.redirectTarget ?? 'unknown'
               const file = occ?.file ?? 'unknown'
-              const lines = (occ?.lines ?? []).join(', ')
-              return `| \`${g.target}\` | \`${redirectTarget}\` | \`${file}\` | ${lines} |`
+              const lines = (occ?.lines ?? []).join(', ') || 'unknown'
+              return `- Update \`${g.target}\` to \`${redirectTarget}\` in \`${file}\` (line(s): ${lines})`
             }).join('\n')
 
             const artifactsUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}/artifacts`
 
             const bodyLines = [
-              'Copilot please fix the redirected internal links listed in the table below. All changes should be made within the `github/docs-internal` repository. For each entry, open the source file and replace the **Current Link** with the **Update To** path.',
+              'Copilot, fix the redirected internal links listed below. All changes should be made within the `github/docs-internal` repository.',
+              '',
+              'For each directive below, open the specified file and find the old link path. Replace it with the new link path exactly as shown. Do not invent or guess link paths — only use the exact paths provided in each directive.',
+              '',
               'When all changes are made, open a pull request in `github/docs-internal` with the fixes. The pull request description should reference this issue to create a link between them. When the pull request is open, leave a comment on this issue with a link to it.',
               '',
               `These are the first ${redirectGroups.length} of ${allRedirectGroups.length} redirects found.`,
               '',
-              '## Redirects to fix',
+              '## Redirects to update',
               '',
-              '| Current Link | Update To | File | Line(s) |',
-              '|---|---|---|---|',
-              tableRows,
+              directives,
             ]
 
             const MAX_ISSUE_BODY_LENGTH = 65536
@@ -179,7 +180,7 @@ jobs:
               agent_assignment: {
                 target_repo: 'github/docs-internal',
                 base_branch: 'main',
-                custom_instructions: 'For each entry in the table, open the source file in the github/docs-internal repository and replace the Current Link with the Update To path. When all changes are made, open a pull request in github/docs-internal with the fixes. When the pull request is open, leave a comment on this issue with a link to it.',
+                custom_instructions: 'Follow each directive in the issue exactly. Each directive specifies a file, the old link to find, and the new link to replace it with. Use only the exact paths provided — do not invent or guess any link paths. When all changes are made, open a pull request in github/docs-internal with the fixes. When the pull request is open, leave a comment on this issue with a link to it.',
               },
             })
 
diff --git a/.github/workflows/sync-secret-scanning.yml b/.github/workflows/sync-secret-scanning.yml
index 5a78633eeb33..68f068dde762 100644
--- a/.github/workflows/sync-secret-scanning.yml
+++ b/.github/workflows/sync-secret-scanning.yml
@@ -37,61 +37,44 @@ jobs:
         run: |
           npm run sync-secret-scanning
 
-      - name: Create a pull request
+      - name: Create pull request
+        id: create-pull-request
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # pin @v8.0.0
         env:
-          # Needed for gh
-          GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
-        run: |
-          # If nothing to commit, exit now. It's fine.
-          changes=$(git diff --name-only | wc -l)
-          untracked=$(git status --untracked-files --short | wc -l)
-          if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then
-            echo "There are no changes to commit. Exiting..."
-            exit 0
-          fi
-
-          git config --global user.name "docs-bot"
-          git config --global user.email "77750099+docs-bot@users.noreply.github.com"
-
-          branchname=sync-secret-scanning-`date +%Y%m%d%H%M%S`
-
-          remotesha=$(git ls-remote --heads origin $branchname)
-          if [ -n "$remotesha" ]; then
-            # output is not empty, it means the remote branch exists
-            echo "Branch $branchname already exists in 'github/docs-internal'. Exiting..."
-            exit 0
-          fi
-
-          git checkout -b $branchname
-          git add .
-          git commit -m "Add updated secret scanning data"
-          git push origin $branchname
-
-          echo "Creating pull request..."
-          gh pr create \
-            --title "Sync secret scanning data" \
-            --body '👋 humans. This PR updates the secret scanning data with the latest changes from github/token-scanning-service.
+          # Disable pre-commit hooks; they don't play nicely here
+          HUSKY: '0'
+        with:
+          # need to use a token with repo and workflow scopes for this step
+          token: ${{ secrets.DOCS_BOT_PAT_BASE }}
+          commit-message: 'Add updated secret scanning data'
+          title: Sync secret scanning data
+          body: |
+            👋 humans. This PR updates the secret scanning data with the latest changes from github/token-scanning-service.
 
             If CI passes, this PR will be auto-merged. :green_heart:
 
-            If CI does not pass or other problems arise, contact #docs-engineering on Slack.' \
-            --repo github/docs-internal \
-            --label secret-scanning-pipeline,'skip FR board',workflow-generated \
-            --head=$branchname
+            If CI does not pass or other problems arise, contact #docs-engineering on Slack.
+
+            This automated PR was created by [this workflow](https://github.com/github/docs-internal/blob/main/.github/workflows/sync-secret-scanning.yml).
+          branch: sync-secret-scanning-data
+          labels: |
+            secret-scanning-pipeline
+            skip FR board
+            workflow-generated
 
-          # can't approve your own PR, approve with Actions
-          echo "Approving pull request..."
-          unset GITHUB_TOKEN
-          gh auth login --with-token <<< "${{ secrets.GITHUB_TOKEN }}"
-          gh pr review --approve
-          echo "Approved pull request"
+      - name: Enable GitHub auto-merge
+        if: ${{ steps.create-pull-request.outputs.pull-request-number }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_BASE }}
+          AUTOMERGE_PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
+        run: npm run enable-automerge
 
-          # Actions can't merge the PR so back to docs-bot to merge
-          echo "Setting pull request to auto merge..."
-          unset GITHUB_TOKEN
-          gh auth login --with-token <<< "${{ secrets.DOCS_BOT_PAT_BASE }}"
-          gh pr merge --auto --merge
-          echo "Set pull request to auto merge"
+      - if: ${{ steps.create-pull-request.outputs.pull-request-number }}
+        name: Approve
+        uses: juliangruber/approve-pull-request-action@dcc4effb325c0b503408619918d56e40653dcc91
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          number: ${{ steps.create-pull-request.outputs.pull-request-number }}
 
       - uses: ./.github/actions/slack-alert
         if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
diff --git a/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md b/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md
index 08c9ed6784a4..5d2077102fba 100644
--- a/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md
+++ b/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md
@@ -315,7 +315,7 @@ jobs:
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
-| [`issues`](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues) | - `opened`<br/>- `edited`<br/>- `deleted`<br/>- `transferred`<br/>- `pinned`<br/>- `unpinned`<br/>- `closed`<br/>- `reopened`<br/>- `assigned`<br/>- `unassigned`<br/>- `labeled`<br/>- `unlabeled`<br/>- `locked`<br/>- `unlocked`<br/>- `milestoned`<br/> - `demilestoned`<br/> - `typed`<br/> - `untyped` | Last commit on default branch | Default branch |
+| [`issues`](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues) | - `opened`<br/>- `edited`<br/>- `deleted`<br/>- `transferred`<br/>- `pinned`<br/>- `unpinned`<br/>- `closed`<br/>- `reopened`<br/>- `assigned`<br/>- `unassigned`<br/>- `labeled`<br/>- `unlabeled`<br/>- `locked`<br/>- `unlocked`<br/>- `milestoned`<br/> - `demilestoned`<br/> - `typed`<br/> - `untyped`{% ifversion issue-fields %}<br/> - `field_added`<br/> - `field_removed`{% endif %} | Last commit on default branch | Default branch |
 
 > [!NOTE]
 > * {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues). {% data reusables.developer-site.limit_workflow_to_activity_types %}
@@ -331,6 +331,18 @@ on:
     types: [opened, edited, milestoned]
 ```
 
+{% ifversion issue-fields %}
+
+You can also run a workflow when an issue field value is set, changed, or cleared. The `field_added` activity type fires both when a field value is initially set and when an existing value is updated. The `field_removed` activity type fires when a field value is cleared.
+
+```yaml
+on:
+  issues:
+    types: [field_added, field_removed]
+```
+
+{% endif %}
+
 ## `label`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
diff --git a/content/billing/concepts/product-billing/github-code-quality.md b/content/billing/concepts/product-billing/github-code-quality.md
index c083b4baa54d..26dbe434de9a 100644
--- a/content/billing/concepts/product-billing/github-code-quality.md
+++ b/content/billing/concepts/product-billing/github-code-quality.md
@@ -15,23 +15,35 @@ category:
 
 ## How use of {% data variables.product.prodname_code_quality %} is measured
 
-### For general availability
-
-When {% data variables.product.prodname_code_quality_short %} is generally available, scanning repositories will incur two types of costs for an organization:
-
-* {% data variables.product.prodname_ai_credits_short %}
-* {% data variables.product.prodname_actions %} minutes needed to run the scans unless you use self-hosted runners
+{% data variables.product.prodname_code_quality_short %} billing depends on whether the product is generally available or in {% data variables.release-phases.public_preview %}. The product is anticipated to move from public preview to generally available in July, 2026, and this page will be updated accordingly.
 
 ### For the {% data variables.release-phases.public_preview %}
 
-When you scan private repositories during the {% data variables.release-phases.public_preview %}, you **will not be billed** for {% data variables.product.prodname_ai_credits_short %} usage, but {% data variables.product.prodname_actions %} minutes **will be consumed**.
+When you scan private repositories during the {% data variables.release-phases.public_preview %}, you **will not be billed** for {% data variables.product.prodname_ai_credits_short %} or active committer usage, but {% data variables.product.prodname_actions %} minutes **will be consumed**.
 
 To view consumption of actions by the `{% data variables.code-quality.workflow_name_billing %}` workflow, download a detailed usage report from the "Billing and licensing" tab. See [AUTOTITLE](/billing/how-tos/products/view-productlicense-use).
 
 > [!NOTE]
 > {% data reusables.code-quality.shared-workflow-preview %}
 
+### For general availability
+
+When {% data variables.product.prodname_code_quality_short %} is generally available, use of the product will incur three types of costs for an organization:
+* **{% data variables.product.prodname_actions %} minutes** — {% data variables.product.prodname_code_quality_short %} scans run as {% data variables.product.prodname_actions %} workflows and consume {% data variables.product.prodname_actions %} minutes, unless you use self-hosted runners. For more information, see [AUTOTITLE](/billing/concepts/product-billing/github-actions).
+* **{% data variables.product.prodname_ai_credits %}** — {% data variables.product.prodname_code_quality_short %} features that use AI models consume {% data variables.product.prodname_ai_credits_short %}. Each interaction is priced based on the number of tokens consumed, where 1 {% data variables.product.prodname_ai_credit_singular %} = {% data variables.product.prodname_ai_credits_value %}. {% data reusables.code-quality.model-usage %} For more information about how {% data variables.product.prodname_ai_credits_short %} work, see [AUTOTITLE](/copilot/concepts/billing/usage-based-billing-for-organizations-and-enterprises).
+* **Active committers** — Your license usage is calculated based on the number of unique, active committers to repositories with {% data variables.product.prodname_code_quality_short %} enabled. {% data variables.product.prodname_github_app %} bots are ignored. For information about differences between bot and machine accounts, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/differences-between-github-apps-and-oauth-apps#machine-vs-bot-accounts).
+
+#### Active and unique committers
+
+Each **active committer** to at least one repository with {% data variables.product.prodname_code_quality_short %} enabled uses **one license**. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored.
+
+* **Active committers** are committers who contributed to at least one repository and have a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} license with your organization or enterprise. That is, they are also a member, an enterprise-managed user, an external collaborator, or have a pending invitation to join your organization or enterprise.
+* **Unique committers** is the number of active committers who contributed only to one repository, or only to repositories in one organization. You can free up this number of licenses by disabling {% data variables.product.prodname_code_quality_short %} for that repository or organization.
+
+Users can contribute to multiple repositories or organizations. Usage is measured across the whole organization or enterprise to ensure that each member uses one license regardless of how many repositories or organizations the user contributes to.
+
 ## Further reading
 
 * [AUTOTITLE](/code-security/code-quality/get-started/quickstart)
-* [AUTOTITLE](/code-security/code-quality/how-tos/enable-code-quality)
+* [AUTOTITLE](/billing/concepts/product-billing/github-actions)
+* [AUTOTITLE](/copilot/concepts/billing/usage-based-billing-for-organizations-and-enterprises)
diff --git a/content/code-security/concepts/secret-security/about-push-protection.md b/content/code-security/concepts/secret-security/about-push-protection.md
index d002bac81cb6..e0c856eb33e5 100644
--- a/content/code-security/concepts/secret-security/about-push-protection.md
+++ b/content/code-security/concepts/secret-security/about-push-protection.md
@@ -89,16 +89,3 @@ After you enable push protection for repositories, you can customize it by:
 * Designating contributors who can bypass push protection and approve bypass requests for other contributors{% ifversion push-protection-org-enterprise-exemptions %}, or are exempt from push protection entirely{% endif %}{% ifversion push-protected-pattern-configuration %}
 * Configuring which secret patterns are included in push protection at the enterprise or organization level{% endif %}
 
-## Next steps
-
-To enable push protection:
-* **For a repository**, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository).
-{% ifversion security-configurations-cloud -%}
-* **For an organization or enterprise**, you need to apply a {% data variables.product.prodname_security_configuration %}. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-in-your-organization) and [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-to-your-enterprise).
-{% elsif security-configuration-enterprise-level -%}
-* **For an organization or enterprise**, you need to apply a {% data variables.product.prodname_security_configuration %}. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration) and [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise).
-{% else -%}
-* **For an organization**, you need to apply a {% data variables.product.prodname_security_configuration %}. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration).
-{% endif %}
-
-For a list of secrets and service providers supported by push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
diff --git a/content/code-security/concepts/secret-security/about-secret-scanning.md b/content/code-security/concepts/secret-security/about-secret-scanning.md
index 06364fa70eb0..dd104b32650d 100644
--- a/content/code-security/concepts/secret-security/about-secret-scanning.md
+++ b/content/code-security/concepts/secret-security/about-secret-scanning.md
@@ -76,14 +76,3 @@ Validity checks are separate from {% data variables.product.prodname_secret_scan
 ## How can I access this feature?
 
 {% data reusables.gated-features.secret-scanning %}
-
-## Next steps
-
-* **If you've received an alert**, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning) to learn how to review, resolve, and remediate exposed secrets.
-{%- ifversion secret-risk-assessment %}
-* **If you're securing an organization**, see [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk) to determine your organization's exposure to leaked secrets.
-{% endif %}
-
-## Further reading
-
-* For a complete list of supported secrets and service providers, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
diff --git a/content/code-security/concepts/secret-security/push-protection-metrics.md b/content/code-security/concepts/secret-security/push-protection-metrics.md
index cb77b0f76417..edba7c17547d 100644
--- a/content/code-security/concepts/secret-security/push-protection-metrics.md
+++ b/content/code-security/concepts/secret-security/push-protection-metrics.md
@@ -34,7 +34,3 @@ You can see {% data variables.product.prodname_secret_scanning %} metrics for a
 * The `admin` role for the repository
 * A custom repository role with the "View {% data variables.product.prodname_secret_scanning %} alerts" fine-grained permissions for the repository
 * Access to alerts for the repository
-
-## Next steps
-
-To find your push protection metrics, see [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection).
diff --git a/content/code-security/concepts/secret-security/secret-leakage-risks.md b/content/code-security/concepts/secret-security/secret-leakage-risks.md
index 769790d1ab75..e35e348a999f 100644
--- a/content/code-security/concepts/secret-security/secret-leakage-risks.md
+++ b/content/code-security/concepts/secret-security/secret-leakage-risks.md
@@ -86,17 +86,3 @@ Encourage individual developers to enable push protection for their personal acc
 ### 2. Detect existing secrets
 
 Use **{% data variables.product.prodname_secret_scanning %}** to continuously monitor your repositories for hardcoded secrets and generate alerts when credentials are detected, enabling you to revoke and rotate compromised credentials quickly. Beyond default detection of provider patterns, you can expand scanning to non-provider patterns and define custom patterns for organization-specific secrets. This helps you gain visibility into secret sprawl across your organization.
-
-## Next steps
-
-To protect your organization from secret leakage:
-{% ifversion secret-risk-assessment %}
-1. Run a free secret risk assessment to understand your current exposure. {% data variables.secret-scanning.secret-risk-assessment-cta-product %}
-{% endif %}
-1. Enable push protection to prevent new secrets from being committed.
-1. Enable {% data variables.product.prodname_secret_scanning %} to begin detecting existing secret leaks.
-1. Establish secure credential management practices for your development teams.
-
-{% ifversion secret-risk-assessment %}
-For an overview of {% data variables.product.github %}'s secret security features, see [AUTOTITLE](/code-security/concepts/secret-security/about-secret-security-with-github).
-{% endif %}
\ No newline at end of file
diff --git a/content/code-security/concepts/security-at-scale/best-practices-for-selecting-pilot-repositories.md b/content/code-security/concepts/security-at-scale/best-practices-for-selecting-pilot-repositories.md
index f91a3e8b2dbf..cf27db6cf9cc 100644
--- a/content/code-security/concepts/security-at-scale/best-practices-for-selecting-pilot-repositories.md
+++ b/content/code-security/concepts/security-at-scale/best-practices-for-selecting-pilot-repositories.md
@@ -83,15 +83,3 @@ Take these steps to set your pilot up for success.
 * Confirm repository owners agree to participate. Unwilling teams generate negative feedback that doesn't reflect actual product issues.
 * Identify champions within each pilot team. Champions answer questions and keep feedback flowing.
 * Document baseline metrics like commit frequency and contributor count. These baselines help you measure pilot impact.
-
-## Further reading
-
-* [Identify repositories for secret protection](https://support.github.com/product-guides/github-advanced-security-secret-protection/get-started/identify-repositories-for-secret-protection) in the GitHub Advanced Security product guides
-
-{% ifversion secret-risk-assessment %}
-
-## Next steps
-
-Now that you've selected your pilot repositories, review pricing and configure {% data variables.product.prodname_GH_secret_protection %}. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/protect-your-secrets).
-
-{% endif %}
\ No newline at end of file
diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk.md
index cbb9b0d3d74f..6c24d05d09da 100644
--- a/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk.md
+++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk.md
@@ -34,6 +34,3 @@ category:
 
 {% data reusables.secret-risk-assessment.notification-report-ready %}
 
-## Next steps
-
-Now that you've generated a {% data variables.product.prodname_secret_risk_assessment %} report for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-a-custom-security-configuration.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-a-custom-security-configuration.md
index 89580f96d7b4..82ab8187dd6f 100644
--- a/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-a-custom-security-configuration.md
+++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-a-custom-security-configuration.md
@@ -35,11 +35,3 @@ To learn how to create a {% data variables.product.prodname_custom_security_conf
 > If you apply an enforced configuration, this information is reported in the list of repositories. An enforced configuration means that repository owners are blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.
 
 After you apply a configuration, each repository's configuration status reflects the result of the operation—for example, `attached`, `attaching`, or `failed`. For the full list of statuses and recommended actions, see [AUTOTITLE](/code-security/reference/security-at-scale/security-configuration-statuses).
-
-## Next steps
-
-To learn how to monitor security alerts in your organization, see [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/analyze-organization-data/find-insecure-repositories).
-
-{% data reusables.security-configurations.edit-configuration-next-step %}
-
-{% data reusables.security-configurations.troubleshooting-next-step %}
diff --git a/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning.md
index ea4cafea0711..17637570a496 100644
--- a/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning.md
+++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning.md
@@ -93,8 +93,3 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 {% indented_data_reference reusables.secret-scanning.push-protection-enterprise-note spaces=3 %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories within your organizations with {% data variables.product.prodname_GH_secret_protection %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
-
-## Further reading
-
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns)
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns)
diff --git a/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-ai-powered-generic-secret-detection.md b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-ai-powered-generic-secret-detection.md
index a9782a020286..3929870803d7 100644
--- a/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-ai-powered-generic-secret-detection.md
+++ b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-ai-powered-generic-secret-detection.md
@@ -36,11 +36,10 @@ You must configure {% data variables.secret-scanning.generic-secret-detection %}
 
 1. Create a new {% data variables.product.prodname_custom_security_configuration %}, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
 1. When creating the custom security configuration, ensure that "{% data variables.product.prodname_secret_protection %}" is set to **Enabled**, and that the dropdown menu for "Scan for generic secrets" is also set to **Enabled**.
-1. Apply the {% data variables.product.prodname_custom_security_configuration %} to one or more repositories. For more information, see [Applying a {% data variables.product.prodname_custom_security_configuration %}](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration).
+1. Apply the {% data variables.product.prodname_custom_security_configuration %} to one or more repositories. For more information, see [AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration).
 
 For information on how to view alerts for generic secrets that have been detected using AI, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).
 
 ## Further reading
 
 * [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets)
-* [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
diff --git a/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns.md b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns.md
index 23da3c9386f1..78a80f36ef47 100644
--- a/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns.md
+++ b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns.md
@@ -33,7 +33,3 @@ For more information about non-provider patterns, see "{% ifversion fpt or ghec
 ### Enabling detection of non-provider patterns for an organization
 
 You can enable scanning for non-provider patterns at the organization level by applying a custom security configuration. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration).
-
-## Further reading
-
-* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
diff --git a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md
index a6867d54dfec..8a3232007bbd 100644
--- a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md
+++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md
@@ -58,4 +58,3 @@ You can grant specific individuals or teams in your organization the ability to
 1. Create (or edit) a custom organization role. For information on creating and editing custom roles, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles#creating-a-custom-role).
 1. When choosing which permissions to add to the custom role, select the "Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests" permission.
 1. Assign the custom role to individual members or teams in your organization. For more information on assigning custom roles, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles#assigning-an-organization-role).
-
diff --git a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository.md b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository.md
index c710f3f5184a..f6187c877832 100644
--- a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository.md
+++ b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository.md
@@ -21,9 +21,3 @@ category:
 1. In the "{% data variables.product.prodname_secret_protection %}" section, to the right of "Push protection", click **Enable**.{% else %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-push-protection-repo %}{% endif %}
-
-## Further reading
-
-* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection)
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning)
-* [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)
diff --git a/content/code-security/how-tos/use-ghas-with-ai-coding-agents/scan-for-secrets-with-github-mcp-server.md b/content/code-security/how-tos/use-ghas-with-ai-coding-agents/scan-for-secrets-with-github-mcp-server.md
index e10b1741e86d..bc92b3b2f0c2 100644
--- a/content/code-security/how-tos/use-ghas-with-ai-coding-agents/scan-for-secrets-with-github-mcp-server.md
+++ b/content/code-security/how-tos/use-ghas-with-ai-coding-agents/scan-for-secrets-with-github-mcp-server.md
@@ -146,7 +146,3 @@ If push protection is enabled, the MCP server also blocks secrets from being inc
 | Agent doesn't recognize the tool | Confirm your IDE or agent supports MCP. See [AUTOTITLE](/copilot/concepts/context/mcp#availability). |
 | Unexpected detection results | Your organization's security configuration controls which patterns are scanned. Check your repository security settings. |
 | Tool works in one client but not another | The experience varies across MCP-compatible clients. Check your client's MCP documentation for supported features. |
-
-## Further reading
-
-* [AUTOTITLE](/copilot/how-tos/provide-context/use-mcp-in-your-ide/configure-toolsets)
\ No newline at end of file
diff --git a/content/code-security/tutorials/remediate-leaked-secrets/assessing-ghsp-impact.md b/content/code-security/tutorials/remediate-leaked-secrets/assessing-ghsp-impact.md
index 81040cf45a82..fdc7d5ea0c5e 100644
--- a/content/code-security/tutorials/remediate-leaked-secrets/assessing-ghsp-impact.md
+++ b/content/code-security/tutorials/remediate-leaked-secrets/assessing-ghsp-impact.md
@@ -143,7 +143,3 @@ Based on your analysis, determine the next steps.
 * Schedule regular reviews (weekly or monthly) of the security overview
 * Set up notifications for new {% data variables.secret-scanning.alerts %}
 * Track metrics over time to demonstrate continuous improvement
-
-## Further reading
-
-* To understand {% data variables.product.prodname_secret_scanning %} metrics in detail, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
\ No newline at end of file
diff --git a/content/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts.md b/content/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts.md
index c1d62e576337..860eb73f1fd7 100644
--- a/content/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts.md
+++ b/content/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts.md
@@ -133,7 +133,3 @@ In the alert view, you can review any labels assigned to the alert. The labels p
 |`multi-repo`| The secret detected in your repository has been found across multiple repositories in your organization or enterprise. This information may help you more easily dedupe the alert across your organization or enterprise. | If you have appropriate permissions, you'll see links to any specific alerts for the same secret in your organization or enterprise. |
 
 {% endif %}
-
-## Next steps
-
-* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts)
diff --git a/content/code-security/tutorials/remediate-leaked-secrets/remediating-a-leaked-secret.md b/content/code-security/tutorials/remediate-leaked-secrets/remediating-a-leaked-secret.md
index 7c8d05250e06..043f4f9ff524 100644
--- a/content/code-security/tutorials/remediate-leaked-secrets/remediating-a-leaked-secret.md
+++ b/content/code-security/tutorials/remediate-leaked-secrets/remediating-a-leaked-secret.md
@@ -186,10 +186,3 @@ Dealing with secret leaks is often disruptive, complicated, and time-consuming.
    * Regularly rotate secrets to minimize the impact of any potential leaks.
 1. Document incidents and remediation steps to help your team learn from past mistakes and improve future practices.
 1. Advocate for, and undertake, regular learning and security training. See, for example, [{% data variables.product.github %} Advanced Security](https://learn.microsoft.com/en-us/training/paths/github-advanced-security/) course from Microsoft Learn.
-
-## Further reading
-
-* [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
-* [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)
-* [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)
-* [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)
diff --git a/content/code-security/tutorials/secret-protection-adoption-path.md b/content/code-security/tutorials/secret-protection-adoption-path.md
index 818facc5bed6..b3a671cdb4d6 100644
--- a/content/code-security/tutorials/secret-protection-adoption-path.md
+++ b/content/code-security/tutorials/secret-protection-adoption-path.md
@@ -12,15 +12,6 @@ category:
   - Protect your secrets
 journeyArticlesHeading: 'All secret protection articles'
 journeyTracks:
-  - id: 'quick_start'
-    title: 'Quick start: Essential reading'
-    description: 'New to secret protection? Start here for the most important concepts and procedures. These articles provide foundational knowledge to help you understand secret risks, evaluate GitHub Secret Protection (GHSP), and begin your adoption journey.'
-    guides:
-      - href: '/code-security/concepts/secret-security/secret-leakage-risks'
-      - href: '/code-security/concepts/secret-security/about-secret-scanning'
-      - href: '/code-security/tutorials/secure-your-organization/interpreting-secret-risk-assessment-results'
-      - href: '/code-security/tutorials/remediate-leaked-secrets/assessing-ghsp-impact'
-      - href: '/code-security/concepts/secret-security/about-push-protection'
   - id: 'assess'
     title: 'Phase 1: Assess your current secret risk'
     description: 'Run a free secret risk assessment (SRA) to understand your organization exposure and establish baseline metrics. Before purchasing GHSP, identify how many secrets are exposed across your organization and build a data-driven business case for the investment.'
diff --git a/content/code-security/tutorials/trialing-github-advanced-security/trial-advanced-security.md b/content/code-security/tutorials/trialing-github-advanced-security/trial-advanced-security.md
index 9212b5fd0eb6..cef6247ffa3a 100644
--- a/content/code-security/tutorials/trialing-github-advanced-security/trial-advanced-security.md
+++ b/content/code-security/tutorials/trialing-github-advanced-security/trial-advanced-security.md
@@ -52,9 +52,3 @@ If you pay for {% data variables.product.prodname_ghe_cloud %} with metered bill
 {% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
 1. To the right of "{% data variables.product.prodname_GHAS %} trial", select the **Manage** dropdown menu and click **Purchase**.
 {% data reusables.advanced-security.purchase-ghas %}
-
-## Next steps
-
-1. [AUTOTITLE](/code-security/trialing-github-advanced-security/enable-security-features-trial)
-1. [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-secret-scanning)
-1. [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-code-scanning)
diff --git a/content/copilot/reference/copilot-cli-reference/acp-server.md b/content/copilot/reference/copilot-cli-reference/acp-server.md
index 3d2cefedc433..f457fac622b2 100644
--- a/content/copilot/reference/copilot-cli-reference/acp-server.md
+++ b/content/copilot/reference/copilot-cli-reference/acp-server.md
@@ -32,6 +32,9 @@ The Agent Client Protocol (ACP) is a protocol that standardizes communication be
 
 {% data variables.copilot.copilot_cli %} can be started as an ACP server using the `--acp` flag. The server supports two modes, `stdio` and `TCP`.
 
+> [!NOTE]
+> When running in ACP mode, the tool-filtering flags (`--available-tools`, `--excluded-tools`) and the reasoning flag (`--effort`, `--reasoning-effort`) are applied to each session started by the ACP client.
+
 ### stdio mode (recommended for IDE integration)
 
 By default, when providing the `--acp` flag, `stdio` mode will be inferred. The `--stdio` flag can also be provided for disambiguation.
diff --git a/content/copilot/reference/copilot-cli-reference/cli-command-reference.md b/content/copilot/reference/copilot-cli-reference/cli-command-reference.md
index bc47f90873cd..397f1e8731ef 100644
--- a/content/copilot/reference/copilot-cli-reference/cli-command-reference.md
+++ b/content/copilot/reference/copilot-cli-reference/cli-command-reference.md
@@ -20,7 +20,7 @@ docsTeamMetrics:
 |------------------------|----------------------------------------------------|
 | `copilot`              | Launch the interactive user interface.             |
 | `copilot completion SHELL` | Print a shell script for the chosen shell that can be used to enable tab completion for {% data variables.copilot.copilot_cli_short %}. Supported shells: `bash`, `zsh`, `fish`. See [Using `copilot completion`](#using-copilot-completion). |
-| `copilot help [TOPIC]` | Display help information. Help topics include: `config`, `commands`, `environment`, `logging`, `monitoring`, `permissions`, and `providers`. |
+| `copilot help [TOPIC]` | Display help information. Help topics include: `billing`, `config`, `commands`, `environment`, `logging`, `monitoring`, `permissions`, and `providers`. |
 | `copilot init`         | Initialize {% data variables.product.prodname_copilot_short %} custom instructions for this repository. |
 | `copilot login`        | Authenticate with {% data variables.product.prodname_copilot_short %} via the OAuth device flow. Accepts `--host HOST` to specify the {% data variables.product.github %} host URL (default: `https://github.com`). |
 | `copilot login` [OPTION] | Authenticate with {% data variables.product.prodname_copilot_short %} via the OAuth device flow. See [`copilot login` options](#copilot-login-options). |
@@ -241,7 +241,7 @@ Holding <kbd>↑</kbd> or <kbd>↓</kbd> accelerates scrolling after the first 1
 | `/rubber-duck [PROMPT]`                             | Consult the rubber duck agent for a second opinion on plans, code, and tests. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/rubber-duck). |
 | `/sandbox [enable\|disable]`                        | Configure shell command sandboxing. |
 | `/search [QUERY]`, `/find [QUERY]`                  | Search the conversation timeline. {% data reusables.copilot.experimental %} |
-| `/session [info\|checkpoints [n]\|files\|plan\|rename [NAME]\|cleanup\|prune\|delete [ID]\|delete-all]`, `/sessions [info\|checkpoints [n]\|files\|plan\|rename [NAME]\|cleanup\|prune\|delete [ID]\|delete-all]`  | Show session information and manage sessions. Subcommands: `info`, `checkpoints`, `files`, `plan`, `rename`, `cleanup`, `prune`, `delete`, `delete-all`. |
+| `/session [info\|checkpoints [n]\|files\|plan\|rename [NAME]\|cleanup\|prune\|delete [ID]\|delete-all]`, `/sessions [info\|checkpoints [n]\|files\|plan\|rename [NAME]\|cleanup\|prune\|delete [ID]\|delete-all]`  | Show session information and manage sessions. The `info` subcommand shows session details including the session link (when available). Subcommands: `info`, `checkpoints`, `files`, `plan`, `rename`, `cleanup`, `prune`, `delete`, `delete-all`. |
 | `/share [file\|html\|gist] [session\|research] [PATH]`, `/export [file\|html\|gist] [session\|research] [PATH]` | Share the session to a Markdown file, interactive HTML file, or {% data variables.product.github %} gist. |
 | `/skills [list\|info\|add\|remove\|reload] [ARGS...]`   | Manage skills for enhanced capabilities. See [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/create-skills). |
 | `/statusline`, `/footer`                            | Configure which items appear in the status line. |
@@ -312,7 +312,7 @@ For a complete list of available slash commands enter `/help` in the CLI's inter
 | `--plain-diff`                     | Disable rich diff rendering (syntax highlighting via the diff tool specified by your git config). |
 | `--plugin-dir=DIRECTORY`           | Load a plugin from a local directory (can be used multiple times). |
 | `--remote`                         | Enable remote access to this session from {% data variables.product.prodname_dotcom_the_website %} and {% data variables.product.prodname_mobile %}. See [AUTOTITLE](/copilot/how-tos/copilot-cli/use-copilot-cli/steer-remotely). |
-| `--resume[=VALUE]`                 | Resume a previous interactive session by choosing from a list. Optionally specify a session ID, ID prefix, or session name. Name matching is exact and case-insensitive; falls back to the auto-generated summary when no explicit name matches. |
+| `-r`, `--resume[=VALUE]`           | Resume a previous interactive session by choosing from a list. Optionally specify a session ID, ID prefix, or session name. Name matching is exact and case-insensitive; falls back to the auto-generated summary when no explicit name matches. |
 | `-s`, `--silent`                   | Output only the agent response (without usage statistics), useful for scripting with `-p`. |
 | `--screen-reader`                  | Enable screen reader optimizations. |
 | `--secret-env-vars=VAR ...`        | Redact an environment variable from shell and MCP server environments (can be used multiple times). For multiple variables, use a quoted, comma-separated list. The values in the `GITHUB_TOKEN` and `COPILOT_GITHUB_TOKEN` environment variables are redacted from output by default. |
@@ -329,6 +329,24 @@ For a complete list of commands and options, run `copilot help`.
 
 You can use `--remote` with `--resume <TASK-ID>` to resume a remote task locally. This works even when the task was originally created outside a Git repository.
 
+> [!NOTE]
+> When `permissions.disableBypassPermissionsMode` is set to `"disable"` in your settings, all allow-all flags (`--allow-all-tools`, `--allow-all-paths`, `--allow-all-urls`, `--allow-all`, `--yolo`) are suppressed at startup and cannot be used to grant elevated permissions.
+
+## Supported models
+
+Use `--model=MODEL` or the `COPILOT_MODEL` environment variable to select the AI model. Pass `auto` to let {% data variables.product.prodname_copilot_short %} pick the best available model automatically.
+
+| Model | Best for |
+|-------|----------|
+| `claude-sonnet-4.6` | General-purpose coding (default) |
+| `gpt-5.4` | Complex reasoning tasks |
+| `claude-haiku-4.5` | Fast, lightweight operations |
+| `gpt-5.3-codex` | Code-focused tasks |
+| `gemini-3.1-pro-preview` | Google Gemini reasoning |
+| `gemini-3.5-flash` | Fast Google Gemini responses |
+
+You can also switch models during an interactive session using the `/model` slash command.
+
 ## Tool availability values
 
 The `--available-tools` and `--excluded-tools` options support these values:
@@ -408,6 +426,7 @@ copilot --allow-tool='MyMCP'
 | `COPILOT_CACHE_HOME` | Override the cache directory (used for marketplace caches, auto-update packages, and other ephemeral data). See [AUTOTITLE](/copilot/reference/copilot-cli-reference/cli-config-dir-reference#changing-the-location-of-the-configuration-directory) for platform defaults. |
 | `COPILOT_CUSTOM_INSTRUCTIONS_DIRS` | Comma-separated list of additional directories for custom instructions. |
 | `COPILOT_EDITOR` | Editor command for interactive editing (checked after `$VISUAL` and `$EDITOR`). Defaults to `vi` if none are set. |
+| `COPILOT_ENABLE_HTTP2` | Set to `1` or `true` to opt into HTTP/2 transport. HTTP/1.1 is the default. |
 | `COPILOT_GH_HOST` |{% data variables.product.github %} hostname for {% data variables.copilot.copilot_cli_short %} only, overriding `GH_HOST`. Use when `GH_HOST` targets {% data variables.product.prodname_ghe_server %} but {% data variables.product.prodname_copilot_short %} needs to authenticate against {% data variables.product.prodname_dotcom_the_website %} or a {% data variables.product.prodname_ghe_cloud %} hostname. |
 | `COPILOT_GITHUB_TOKEN` | Authentication token. Takes precedence over `GH_TOKEN` and `GITHUB_TOKEN`. |
 | `COPILOT_HOME` | Override the configuration and state directory. Default: `$HOME/.copilot`. |
diff --git a/content/copilot/reference/copilot-cli-reference/cli-config-dir-reference.md b/content/copilot/reference/copilot-cli-reference/cli-config-dir-reference.md
index 4277aa131971..792c41210f02 100644
--- a/content/copilot/reference/copilot-cli-reference/cli-config-dir-reference.md
+++ b/content/copilot/reference/copilot-cli-reference/cli-config-dir-reference.md
@@ -241,6 +241,7 @@ These settings apply across all your sessions and repositories. You can edit thi
 | `mergeStrategy` | `"rebase"` \| `"merge"` | — | Conflict resolution strategy for `/pr fix conflicts`. When set to `"rebase"`, conflicts are resolved by rebasing onto the base branch. When set to `"merge"`, the base branch is merged into the feature branch. If not configured, a picker dialog is shown. |
 | `model` | `string` | varies | AI model to use. Set to `"auto"` to let {% data variables.product.prodname_copilot_short %} pick the best available model automatically. Managed by the `/model` slash command. |
 | `mouse` | `boolean` | `true` | Enable mouse support in alt screen mode. Can also be set with `--mouse` or `--no-mouse`. |
+| `permissions.disableBypassPermissionsMode` | `string` | — | When set to `"disable"`, all allow-all flags (`--allow-all-tools`, `--allow-all-paths`, `--allow-all-urls`, `--allow-all`, `--yolo`) are suppressed at startup and cannot be used to grant elevated permissions. |
 | `powershellFlags` | `string[]` | `["-NoProfile", "-NoLogo"]` | Flags passed to PowerShell on startup. On Windows, the CLI prefers PowerShell 7+ (`pwsh`) and falls back to Windows PowerShell (`powershell.exe`) when `pwsh` is unavailable. Windows only. |
 | `remote` | `"on"` \| `"off"` | `"on"` | Controls session syncing and remote access. Set to `"off"` to keep session data local only and disable remote control. Can also be set with `--remote` or `--no-remote`. |
 | `renderMarkdown` | `boolean` | `true` | Render Markdown in terminal output. |
diff --git a/content/copilot/tutorials/roll-out-at-scale/govern-at-scale/establish-ai-managers.md b/content/copilot/tutorials/roll-out-at-scale/govern-at-scale/establish-ai-managers.md
index 4a18991df098..dd9112a897ad 100644
--- a/content/copilot/tutorials/roll-out-at-scale/govern-at-scale/establish-ai-managers.md
+++ b/content/copilot/tutorials/roll-out-at-scale/govern-at-scale/establish-ai-managers.md
@@ -14,7 +14,7 @@ redirect_from:
 ---
 
 > [!NOTE]
-> Enterprise custom roles and enterprise teams are in public preview and subject to change.
+> Enterprise custom roles are in public preview and subject to change.
 
 ## Overview
 
diff --git a/data/features/enterprise-teams-ga.yml b/data/features/enterprise-teams-ga.yml
new file mode 100644
index 000000000000..abb32c8dd573
--- /dev/null
+++ b/data/features/enterprise-teams-ga.yml
@@ -0,0 +1,6 @@
+# Reference: #19643
+# Enterprise teams GA and associated capabilities
+
+versions:
+  ghec: '*'
+  ghes: '>=3.22'
diff --git a/data/reusables/code-quality/model-usage.md b/data/reusables/code-quality/model-usage.md
new file mode 100644
index 000000000000..def2e3379694
--- /dev/null
+++ b/data/reusables/code-quality/model-usage.md
@@ -0,0 +1 @@
+{% data variables.product.prodname_code_quality_short %} is a purpose-built product that uses a carefully tuned mix of models, prompts, and system behaviors to deliver consistent, high-quality analysis across a wide range of codebases. Model switching is not supported, as changing the model is likely to compromise the reliability and accuracy of analysis results.
\ No newline at end of file
diff --git a/data/reusables/enterprise-onboarding/about-teams.md b/data/reusables/enterprise-onboarding/about-teams.md
index 23b9c0a3dd5c..276bb82e14e3 100644
--- a/data/reusables/enterprise-onboarding/about-teams.md
+++ b/data/reusables/enterprise-onboarding/about-teams.md
@@ -6,8 +6,6 @@ Teams are **groups of users** in an enterprise or organization. By creating team
 
 **Organization teams** are managed at the organization level and can only include members of a single organization. There are certain features of organization teams that are not currently supported for enterprise teams, such as CODEOWNER status.
 
->[!NOTE] Enterprise teams are in public preview and subject to change.
-
 ## Can I manage teams from an identity provider?
 
 {% ifversion ghes %}If you have enabled SCIM user provisioning on {% data variables.product.prodname_ghe_server %}{% else %}If you have integrated {% data variables.product.github %} with an identity provider (IdP){% endif %}, you can link teams on {% data variables.product.github %} with groups in your IdP. When membership of the IdP group changes, the change is reflected in the {% data variables.product.github %} team, allowing you to centralize access management.
@@ -43,8 +41,11 @@ You may need to create organization teams if the functionality you need is not c
 
 However, unlike organization teams, enterprise teams currently do **not** support:
 
+{%- ifversion enterprise-teams-ga %}
+{%- else %}
 * `@-mentions` of the team name in organizations
 * Review requests of the team in pull requests
+{%- endif %}
 * Adding the team to a project board
 {%- ifversion not ghes %}
 * Team sync if you use {% data variables.product.prodname_ghe_cloud %} with personal accounts
diff --git a/data/reusables/enterprise-onboarding/best-practices.md b/data/reusables/enterprise-onboarding/best-practices.md
index aabb93f99bc5..045f4243e618 100644
--- a/data/reusables/enterprise-onboarding/best-practices.md
+++ b/data/reusables/enterprise-onboarding/best-practices.md
@@ -22,8 +22,6 @@ You should regularly evaluate your strategies for access, governance, and organi
 
 ## Use teams to organize people
 
->[!NOTE] Enterprise teams are in public preview and subject to change.
-
 Enterprise teams are the best way to control access and permissions at scale. Create teams and manage their membership as your primary means of performing actions like adding users to organizations, granting licenses, and delegating access to enterprise settings.
 
 When you use teams in this way, controlling membership of teams is a sensitive action. Limit the permission to control teams and their membership to a small number of people. If you use an external identity provider (IdP), sync teams to IdP groups so that team membership can be controlled by a central administrator.
diff --git a/data/reusables/enterprise-onboarding/create-enterprise-teams.md b/data/reusables/enterprise-onboarding/create-enterprise-teams.md
index 8ae2e18ae7a7..4dc2ff204495 100644
--- a/data/reusables/enterprise-onboarding/create-enterprise-teams.md
+++ b/data/reusables/enterprise-onboarding/create-enterprise-teams.md
@@ -1,5 +1,3 @@
->[!NOTE] Enterprise teams are in public preview and subject to change.
-
 ## 1. Navigate to the enterprise teams page
 
 {% data reusables.enterprise-accounts.access-enterprise %}
diff --git a/data/reusables/enterprise/enterprise-team-api.md b/data/reusables/enterprise/enterprise-team-api.md
index 143d788cdc8c..2fbd7e95ea2f 100644
--- a/data/reusables/enterprise/enterprise-team-api.md
+++ b/data/reusables/enterprise/enterprise-team-api.md
@@ -1,10 +1,3 @@
-> [!NOTE]
-> These endpoints are currently in {% data variables.release-phases.public_preview %} and subject to change.
->
-> This API documentation is for enterprises on {% data variables.product.prodname_ghe_cloud %}.
->
-> If your enterprise is Copilot Business for non-GHE, please refer to the early access documentation link that was previously shared to you.
-
 These endpoints are only available to authenticated members of the enterprise team's enterprise with classic {% data variables.product.pat_generic_plural %} with the `read:enterprise` [scope](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps) for `GET` APIs and `admin:enterprise` for other APIs.
 
 These endpoints are not compatible with {% data variables.product.pat_v2_plural %} or GitHub App access tokens.
diff --git a/data/reusables/enterprise/enterprise-teams-can.md b/data/reusables/enterprise/enterprise-teams-can.md
index ee210b780052..b21cff43764b 100644
--- a/data/reusables/enterprise/enterprise-teams-can.md
+++ b/data/reusables/enterprise/enterprise-teams-can.md
@@ -6,3 +6,6 @@ Enterprise teams can:
 * Be assigned **predefined and custom enterprise roles**, giving members access to enterprise settings.
 * Be **added to organizations**, where organization administrators can grant the team additional access and permissions.
 * Receive **bypass access** on rulesets.
+{%- ifversion enterprise-teams-ga %}
+* Be mentioned, assigned, or requested for review in **issues and pull requests**.
+{%- endif %}
diff --git a/src/content-pipelines/state/copilot-cli.sha b/src/content-pipelines/state/copilot-cli.sha
index f54c7c673ed6..6e1167442368 100644
--- a/src/content-pipelines/state/copilot-cli.sha
+++ b/src/content-pipelines/state/copilot-cli.sha
@@ -1 +1 @@
-cb4c40cf4c55ea965aa476893bd504298b2ecfb4
+433f0a85a4d48d0ffc48e45dab2e3c4f13ce9510