Repo sync

content/code-security/tutorials/secure-your-organization/respond-to-a-security-incident.md

@@ -101,16 +101,18 @@ There are several containment actions you can choose to perform to limit the att
 
 For exposed or exploited credentials, the most immediate action you can take is to revoke the affected credentials to prevent further misuse.
 
-{% ifversion fpt or ghec or ghes > 3.17 %}
+{% ifversion fpt or ghec %}
+
 * **Revoke via the API**
 
   If the token is one of the following types, and the literal value of the token is known, you (or anybody) can revoke it by **submitting a request via the REST API**. See [AUTOTITLE](/rest/credentials/revoke?apiVersion=2022-11-28#revoke-a-list-of-credentials).
 
   * {% data variables.product.pat_v1_caps %}
-  * {% data variables.product.pat_v2_caps %}{% ifversion fpt or ghec or ghes > 3.20 %}
+  * {% data variables.product.pat_v2_caps %}
   * {% data variables.product.prodname_oauth_app %} access token
   * {% data variables.product.prodname_github_app %} user access token
-  * {% data variables.product.prodname_github_app %} refresh token{% endif %}
+  * {% data variables.product.prodname_github_app %} refresh token
+
 {% endif %}
 
 * **Revocation and containment options**

content/copilot/concepts/agents/about-enterprise-plugin-standards.md

@@ -17,7 +17,7 @@ redirect_from:
 
 > [!NOTE] This feature is in {% data variables.release-phases.public_preview %} and subject to change.
 
-Enterprise-managed plugin standards allow administrators to **define and enforce policies for plugin availability**. By configuring a `settings.json` file in the enterprise's `.github-private` repository, administrators can specify which plugin marketplaces are available to users and which plugins are installed automatically.
+Enterprise-managed plugin standards allow administrators to **define and enforce policies for plugin availability**. By configuring a `{% data variables.copilot.managed_setting_file %}` file in the enterprise's `.github-private` repository, administrators can specify which plugin marketplaces are available to users and which plugins are installed automatically.
 
 ## Where plugin standards apply
 
@@ -30,14 +30,14 @@ Users must upgrade to a supported client version for these standards to be appli
 
 ## How plugin standards work
 
-Enterprise plugin standards use a configuration file stored in your enterprise's `.github-private` repository. The configuration is defined in a `settings.json` file at the following path: `.github/copilot/settings.json`.
+Enterprise plugin standards use a configuration file stored in your enterprise's `.github-private` repository. The configuration is defined in a `{% data variables.copilot.managed_setting_file %}` file at the following path: `.github/copilot/{% data variables.copilot.managed_setting_file %}`. This file was previously called `settings.json`, which is still supported.
 
 For plugin standards, the file can define:
 
 * **Known marketplaces**. Plugin marketplaces that are available to users for browsing and installing plugins.
 * **Default-enabled plugins**. Specific plugins that are automatically installed when users authenticate.
 
-When a user authenticates to {% data variables.product.prodname_copilot_short %} in a supported client, the client queries an API endpoint that reads the `settings.json` from the enterprise's `.github-private` repository. The policies defined in the file are then applied to the user's session.
+When a user authenticates to {% data variables.product.prodname_copilot_short %} in a supported client, the client queries an API endpoint that reads the `{% data variables.copilot.managed_setting_file %}` file. The policies defined in the file are then applied to the user's session.
 
 ## Why use enterprise-managed plugin standards
 

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/configure-enterprise-plugin-standards.md

@@ -2,7 +2,7 @@
 title: Configuring enterprise plugin standards
 shortTitle: Configure plugin standards
 allowTitleToDifferFromFilename: true
-intro: 'Configure enterprise plugin standards by defining a `settings.json` file in your enterprise''s `.github-private` repository.'
+intro: 'Configure enterprise plugin standards by defining a `{% data variables.copilot.managed_setting_file %}` file in your enterprise''s `.github-private` repository.'
 permissions: Enterprise owners
 versions:
   feature: copilot
@@ -16,9 +16,8 @@ category:
 
 You can apply settings to control users' available plugin marketplaces and default-installed plugins. These settings apply to users on your enterprise's {% data variables.product.prodname_copilot_short %} plan. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-enterprise-plugin-standards).
 
-1. In your enterprise's `.github-private` repository, navigate to the `.github/copilot/` directory. If you don't have a `.github-private` repository yet, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents).
-1. Create or edit the `settings.json` file at `.github/copilot/settings.json`.
-1. Add your plugin policy configuration to the file. The `settings.json` file supports the following top-level properties:
+{% data reusables.copilot.create-managed-settings %}
+1. Add your plugin policy configuration to the file. The `{% data variables.copilot.managed_setting_file %}` file supports the following top-level properties:
 
    ```json copy
    {

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands.md

@@ -0,0 +1,36 @@
+---
+title: Disabling automatic command approval in Copilot clients
+shortTitle: Disable automatic commands
+allowTitleToDifferFromFilename: true
+intro: 'Disable yolo mode to stop agents from running commands without approval.'
+permissions: Enterprise owners
+versions:
+  feature: copilot
+contentType: how-tos
+category:
+  - Configure Copilot
+  - Manage Copilot for a team
+---
+
+> [!NOTE] This feature is in {% data variables.release-phases.public_preview %} and subject to change.
+
+You can prevent users from using modes that enable automatic approval of agent commands in {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %}. The `disableBypassPermissionsMode` setting is defined in your enterprise's `{% data variables.copilot.managed_setting_file %}` file and applies to users on your enterprise's {% data variables.product.prodname_copilot_short %} plan.
+
+This setting blocks users from using:
+
+* The `--yolo` or `--allow-all` flag
+* The `/yolo` or `/allow-all` command
+* All runtime paths that enable combined bypass mode
+
+This setting does **not** block individual flags such as `--allow-all-tools` or `--allow-all-paths`.
+
+{% data reusables.copilot.create-managed-settings %}
+1. Add the following property.
+
+   ```json copy
+   {
+     "permissions": {
+       "disableBypassPermissionsMode": "disable"
+     }
+   }
+   ```

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/index.md

@@ -7,6 +7,7 @@ versions:
 children:
   - /prepare-for-custom-agents
   - /configure-enterprise-plugin-standards
+  - /disable-automatic-commands
   - /monitor-agentic-activity
   - /enable-copilot-cloud-agent
   - /block-agentic-features

content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md

@@ -267,7 +267,9 @@ This flag combines:
 * `--allow-all-paths` (disable path verification).
 * `--allow-all-urls` (disables URL verification).
 
-> [!TIP] During an interactive session, you can also enable all permissions with the `/allow-all` or `/yolo` slash commands.
+During an interactive session, you can also enable all permissions with the `/allow-all` or `/yolo` slash commands.
+
+{% data reusables.copilot.disable-bypass %}
 
 ## Further reading
 

content/copilot/how-tos/copilot-cli/use-copilot-cli/allowing-tools.md

@@ -79,6 +79,8 @@ For details of the supported tool kinds, see [AUTOTITLE](/copilot/reference/copi
 
 The following command-line options give {% data variables.copilot.copilot_cli_short %} permission to use all available tools.
 
+{% data reusables.copilot.disable-bypass %}
+
 * `--allow-all-tools` — Full access to the available tools.
 
 * `--allow-all`  or `--yolo` — Equivalent to using all of the `--allow-all-tools`, `--allow-all-paths`, and `--allow-all-urls` options when starting the CLI.

content/copilot/how-tos/copilot-sdk/troubleshooting/compatibility.md

@@ -167,9 +167,7 @@ The Copilot SDK communicates with the CLI via JSON-RPC protocol. Features must b
 | **Development** | | |
 | Toggle experimental | `/experimental`, `--experimental` | Runtime flag |
 | Custom instructions control | `--no-custom-instructions` | CLI flag |
-| Diagnose session | `/diagnose` | TUI command |
 | View/manage instructions | `/instructions` | TUI command |
-| Collect debug logs | `/collect-debug-logs` | Diagnostic tool |
 | Reindex workspace | `/reindex` | TUI command |
 | IDE integration | `/ide` | IDE-specific workflow |
 | **Non-interactive Mode** | | |

content/copilot/reference/copilot-cli-reference/cli-command-reference.md

@@ -203,8 +203,6 @@ Holding <kbd>↑</kbd> or <kbd>↓</kbd> accelerates scrolling after the first 1
 | `/chronicle <standup\|tips\|improve\|reindex>`      | Session history tools and insights. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/chronicle). |
 | `/clear [PROMPT]`, `/new [PROMPT]`, `/reset [PROMPT]` | Start a new conversation. |
 | `/clikit [COMPONENT]`                               | Preview CLI business components (for example, quota info). |
-| `/collect-debug-logs [file\|gist] [PATH]`           | Collect debug logs to an archive file or {% data variables.product.github %} gist. |
-| `/diagnose [PROMPT]`                                | Analyze the current session log and optionally prompt the agent with a question about diagnostics. |
 | `/compact [FOCUS-INSTRUCTIONS]`                     | Summarize the conversation history to reduce context window usage. Optionally provide focus instructions to steer the summary—for example, `/compact focus on the auth module`. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/context-management#compaction). |
 | `/context`                                          | Show the context window token usage and visualization. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/context-management#checking-your-context-usage). |
 | `/copy`                                             | Copy the last response to the clipboard. |

content/organizations/managing-programmatic-access-to-your-organization/github-credential-types.md

@@ -38,7 +38,7 @@ The following sections describe revocation options for each credential type base
 
 * If the token **belongs to you**, you can delete it via your personal account settings. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#deleting-a-personal-access-token).
 {% data reusables.credentials.revoke-via-api %}
-* **Organization owners** and **enterprise owners** do not have direct visibility into or control over individual tokens. However, they can:{% ifversion fpt or ghec or ghes > 3.17 %}
+* **Organization owners** and **enterprise owners** do not have direct visibility into or control over individual tokens. However, they can:{% ifversion fpt or ghec %}
    * Revoke them using the REST API, if the actual token value is known. See [AUTOTITLE](/rest/credentials/revoke?apiVersion=2022-11-28#revoke-a-list-of-credentials).{% endif %}
    * Restrict the access of {% data variables.product.pat_generic_plural %} to the organization or enterprise entirely. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise).
 * **Organization owners and enterprise owners** on {% data variables.product.prodname_ghe_cloud %} with SSO enforced can revoke the SSO authorization for a specific {% data variables.product.pat_v1 %}. See [Revoking SSO authorization](#revoking-sso-authorization) for details.
@@ -49,7 +49,7 @@ The following sections describe revocation options for each credential type base
 * If the token **belongs to you**, you can delete it via your personal account settings. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#deleting-a-personal-access-token).
 {% data reusables.credentials.revoke-via-api %}
 * **Organization owners**: Can view and revoke individual tokens. Note, however, that when an organization owner revokes a {% data variables.product.pat_v2 %}, any SSH keys created by the token will continue to work and the token will still be able to read public resources within the organization. The revocation changes the resource owner from the organization to the user, and the user can reassign it back. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization).
-* **Organization owners** and **enterprise owners** can:{% ifversion fpt or ghec or ghes > 3.17 %}
+* **Organization owners** and **enterprise owners** can:{% ifversion fpt or ghec %}
    * Revoke the token using the REST API. See [AUTOTITLE](/rest/credentials/revoke?apiVersion=2022-11-28#revoke-a-list-of-credentials).{% endif %}
    * Restrict the access of {% data variables.product.pat_generic_plural %} to the organization or enterprise entirely. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise).
 * **Revoked automatically** if pushed to a public repository or gist, or if unused for one year. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation).

content/rest/credentials/revoke.md

@@ -7,7 +7,6 @@ intro: >-
 versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.18'
 autogenerated: rest
 allowTitleToDifferFromFilename: true
 category:

data/reusables/copilot/create-managed-settings.md

@@ -0,0 +1,2 @@
+1. In your enterprise's `.github-private` repository, navigate to the `.github/copilot/` directory. If you haven't set a `.github-private` repository as your enterprise's source of agent configuration, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents).
+1. Create or edit the `{% data variables.copilot.managed_setting_file %}` file. (This file was previously named `settings.json`, which is also supported.)

data/reusables/copilot/disable-bypass.md

@@ -0,0 +1 @@
+> [!NOTE] If you have a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} license, these commands may be blocked by an enterprise administrator.

data/reusables/credentials/revoke-via-api.md

@@ -1,2 +1,2 @@
-{% ifversion fpt or ghec or ghes > 3.17 %}
+{% ifversion fpt or ghec %}
 * If the token is owned by someone else, and the actual token value is known, **anyone** can submit a request to revoke it using the REST API. The API doesn't require authentication - anyone with the token value can submit it for revocation. See [AUTOTITLE](/rest/credentials/revoke?apiVersion=2022-11-28#revoke-a-list-of-credentials) in the REST API documentation.{% endif %}

data/variables/copilot.yml

@@ -254,3 +254,6 @@ copilot_workspace_short: 'Workspace'
 
 # BYOK
 copilot_byok_supported_features: '{% data variables.copilot.copilot_chat_short %}, {% data variables.copilot.copilot_cli_short %}, and {% data variables.product.prodname_vscode_shortname %}'
+
+## File for enterprise client management
+managed_setting_file: 'managed-settings.json'

src/github-apps/lib/config.json

@@ -60,5 +60,5 @@
       "2022-11-28"
     ]
   },
-  "sha": "5228aaa58229307d5c18092199d4d3b09050265a"
+  "sha": "7a0a14cf24805c7efd23fef351bfab80391ec8fb"
 }

src/rest/data/fpt-2022-11-28/billing.json

@@ -28,7 +28,7 @@
         },
         {
           "name": "per_page",
-          "description": "<p>The number of results per page (max 10).</p>",
+          "description": "<p>The number of results per page (max 100).</p>",
           "in": "query",
           "schema": {
             "type": "integer",
@@ -61,7 +61,7 @@
         }
       ],
       "bodyParameters": [],
-      "descriptionHTML": "<p>Gets all budgets for an organization. The authenticated user must be an organization admin or billing manager.\nEach page returns up to 10 budgets.</p>",
+      "descriptionHTML": "<p>Gets all budgets for an organization. The authenticated user must be an organization admin or billing manager.\nEach page returns up to 100 budgets.</p>",
       "codeExamples": [
         {
           "request": {