Merge pull request #43657 from github/repo-sync

Repo sync

Author: docs-bot

content/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-coding-agent.md

@@ -50,6 +50,10 @@ By default, {% data variables.copilot.copilot_coding_agent %} is available in al
 
 Once {% data variables.copilot.copilot_coding_agent %} is enabled for a repository, any user with access to {% data variables.copilot.copilot_coding_agent %} and write permission for the repository can delegate work to {% data variables.product.prodname_copilot_short %}.
 
+## Managing the agent firewall for your organization
+
+Organization owners can configure the {% data variables.copilot.copilot_coding_agent %} firewall for their organization, including whether it is enabled for the organization and which external hosts and URLs the agent can access. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall).
+
 ## Next steps
 
 * Tell the members of repositories where {% data variables.copilot.copilot_coding_agent %} is available that they can delegate work to the {% data variables.copilot.copilot_coding_agent_short %}.

content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall.md

@@ -11,13 +11,10 @@ redirect_from:
   - /copilot/how-tos/agents/copilot-coding-agent/customize-the-agent-firewall
   - /copilot/how-tos/agents/coding-agent/customize-the-agent-firewall
 contentType: how-tos
-category: 
+category:
   - Configure Copilot
 ---
 
-> [!NOTE]
-> Firewall configuration has moved to the {% data variables.copilot.copilot_coding_agent %} settings page. Previous configurations saved as Actions variables will be maintained on that page.
-
 ## Overview
 
 By default, {% data variables.product.prodname_copilot_short %}'s access to the internet is limited by a firewall.
@@ -52,44 +49,69 @@ The recommended allowlist, enabled by default, allows access to:
 
 For the complete list of hosts included in the recommended allowlist, see [AUTOTITLE](/copilot/reference/copilot-allowlist-reference#copilot-coding-agent-recommended-allowlist).
 
-## Disabling the recommended allowlist
+## Configuring the firewall at the organization level
 
-You can choose to turn off the recommended allowlist. Disabling the recommended allowlist is likely to increase the risk of unauthorized access to external resources.
+Organization owners can configure all firewall settings at the organization level. To access the firewall settings:
 
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-settings %}
-1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short %}**.
-1. Toggle the **Recommended allowlist** setting **off**.
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.copilot.coding-agent-settings %}
+
+### Enabling or disabling the firewall
+
+> [!WARNING]
+> Disabling the firewall will allow {% data variables.product.prodname_copilot_short %} to connect to any host, increasing risks of exfiltration of code or other sensitive information.
+
+1. Under "Internet access", set the **Enable firewall** setting to **Enabled**, **Disabled**, or **Let repositories decide** (default).
+
+### Enabling or disabling the recommended allowlist
+
+1. Under "Internet access", set the **Recommended allowlist** setting to **Enabled**, **Disabled**, or **Let repositories decide** (default).
 
-To use the recommended allowlist in addition to your own allowlist, keep the **Recommended allowlist** setting **on**, and add your additional addresses in the **Custom allowlist** page.
+### Controlling whether repositories can add custom allowlist rules
 
-## Allowlisting additional hosts in the agent's firewall
+By default, repository administrators can add their own entries to the firewall allowlist. Organization owners can disable this to prevent repositories from adding custom rules.
 
-You can allowlist additional addresses in the agent's firewall.
+1. Under "Internet access", set the **Allow repository custom rules** setting to **Enabled** (default) or **Disabled**.
+
+### Managing the organization custom allowlist
+
+Items added to the organization custom allowlist apply to all repositories in the organization. These items cannot be deleted at the repository level. Organization-level and repository-level rules are combined.
+
+1. Under "Internet access", click **Organization custom allowlist**.
+{% data reusables.copilot.coding-agent.custom-allowlist-add-entries %}
+
+## Configuring the firewall at the repository level
+
+Repository administrators can configure firewall settings at the repository level, including enabling or disabling the firewall, enabling or disabling the recommended allowlist, and managing a custom allowlist. Depending on the organization-level configuration, some of these settings may be locked.
+
+To access the firewall settings:
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short %}**.
-1. Click **Custom allowlist**
-1. Add the addresses you want to include in the allowlist. You can include:
 
-   * **Domains** (for example, `packages.contoso.corp`). Traffic will be allowed to the specified domain and any subdomains.
+### Enabling or disabling the firewall
 
-     **Example**: `packages.contoso.corp` will allow traffic to `packages.contoso.corp` and `prod.packages.contoso.corp`, but not `artifacts.contoso.corp`.
+> [!NOTE]
+> You can only change this setting at the repository level if the organization-level **Enable firewall** setting is set to **Let repositories decide**. If the organization-level setting is **Enabled** or **Disabled**, you can't change this setting for individual repositories.
 
-   * **URLs** (for example, `https://packages.contoso.corp/project-1/`). Traffic will only be allowed on the specified scheme (`https`) and host (`packages.contoso.corp`), and limited to the specified path and descendant paths.
+1. Toggle the **Enable firewall** setting on or off.
 
-     **Example**: `https://packages.contoso.corp/project-1/` will allow traffic to `https://packages.contoso.corp/project-1/` and `https://packages.contoso.corp/project-1/tags/latest`, but not `https://packages.consoto.corp/project-2`, `ftp://packages.contoso.corp` or `https://artifacts.contoso.corp`.
+### Enabling or disabling the recommended allowlist
 
-1. Click **Add Rule**.
-1. After validating your list, click **Save changes**.
+> [!NOTE]
+> You can only change this setting at the repository level if the organization-level **Recommended allowlist** setting is set to **Let repositories decide**. If the organization-level setting is **Enabled** or **Disabled**, you can't change this setting for individual repositories.
 
-### Disabling the firewall
+1. Toggle the **Recommended allowlist** setting on or off.
 
-> [!WARNING]
-> Disabling the firewall will allow {% data variables.product.prodname_copilot_short %} to connect to any host, increasing risks of exfiltration of code or other sensitive information.
+### Managing the custom allowlist
+
+> [!NOTE]
+> You can only add custom allowlist rules at the repository level if the organization-level **Allow repository custom rules** setting is set to **Enabled**. For more information, see [Controlling whether repositories can add custom allowlist rules](#controlling-whether-repositories-can-add-custom-allowlist-rules).
 
-The firewall is enabled by default. To disable the firewall, toggle the **Enable firewall** setting to **off**.
+1. Click **Custom allowlist**.
+{% data reusables.copilot.coding-agent.custom-allowlist-add-entries %}
 
 ## Further reading
 

data/reusables/copilot/coding-agent-settings.md

@@ -1 +1 @@
-1. In the sidebar, under "Code, planning, and automation", click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**, and then click **{% data variables.copilot.copilot_coding_agent_short %}**.
+1. In the sidebar, under "Code, planning, and automation", click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**, and then click **{% data variables.copilot.copilot_coding_agent_short_cap_c %}**.

data/reusables/copilot/coding-agent/custom-allowlist-add-entries.md

@@ -0,0 +1,12 @@
+1. Add the addresses you want to include in the allowlist. You can include:
+
+   * **Domains** (for example, `packages.contoso.corp`). Traffic will be allowed to the specified domain and any subdomains.
+
+     **Example**: `packages.contoso.corp` will allow traffic to `packages.contoso.corp` and `prod.packages.contoso.corp`, but not `artifacts.contoso.corp`.
+
+   * **URLs** (for example, `https://packages.contoso.corp/project-1/`). Traffic will only be allowed on the specified scheme (`https`) and host (`packages.contoso.corp`), and limited to the specified path and descendant paths.
+
+     **Example**: `https://packages.contoso.corp/project-1/` will allow traffic to `https://packages.contoso.corp/project-1/` and `https://packages.contoso.corp/project-1/tags/latest`, but not `https://packages.contoso.corp/project-2`, `ftp://packages.contoso.corp` or `https://artifacts.contoso.corp`.
+
+1. Click **Add rule**.
+1. After validating your list, click **Save changes**.

src/github-apps/lib/config.json

@@ -60,5 +60,5 @@
       "2022-11-28"
     ]
   },
-  "sha": "c8a7d24eac4f40d797db33e85d5aa1480b163c27"
+  "sha": "758e5523c8b6082bdd547cef042b884229a0355c"
 }

src/rest/data/fpt-2022-11-28/agent-tasks.json

@@ -85,9 +85,10 @@
           "name": "is_archived",
           "in": "query",
           "schema": {
-            "type": "boolean"
+            "type": "boolean",
+            "default": false
           },
-          "description": "<p>Filter by archived status. When <code>true</code>, returns only archived tasks. When <code>false</code>, returns only non-archived tasks.</p>"
+          "description": "<p>Filter by archived status. When <code>true</code>, returns only archived tasks. When <code>false</code> or omitted, returns only non-archived tasks. Defaults to <code>false</code>.</p>"
         },
         {
           "name": "since",
@@ -108,7 +109,7 @@
         }
       ],
       "bodyParameters": [],
-      "descriptionHTML": "<p>Returns a list of tasks for a specific repository</p>",
+      "descriptionHTML": "<div class=\"ghd-alert ghd-alert-accent\" data-container=\"alert\"><p class=\"ghd-alert-title\"><svg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden><path d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"></path></svg>Note</p>\n<p>\nThis endpoint is in public preview and is subject to change.</p>\n</div>\n<p>Returns a list of tasks for a specific repository</p>",
       "codeExamples": [
         {
           "request": {
@@ -451,7 +452,7 @@
         {
           "type": "string",
           "name": "model",
-          "description": "<p>Model identifier</p>"
+          "description": "<p>The model to use for this task. The allowed models may change over time and depend on the user's GitHub Copilot plan and organization policies. Currently supported values: <code>claude-sonnet-4.6</code>, <code>claude-opus-4.6</code>, <code>gpt-5.2-codex</code>, <code>gpt-5.3-codex</code>, <code>gpt-5.4</code>, <code>claude-sonnet-4.5</code>, <code>claude-opus-4.5</code></p>"
         },
         {
           "type": "string",
@@ -467,24 +468,9 @@
           "type": "string",
           "name": "base_ref",
           "description": "<p>Base ref for new branch/PR</p>"
-        },
-        {
-          "type": "string",
-          "name": "event_type",
-          "description": "<p>Type of event</p>"
-        },
-        {
-          "type": "string",
-          "name": "event_url",
-          "description": "<p>URL of the triggering event</p>"
-        },
-        {
-          "type": "array of strings",
-          "name": "event_identifiers",
-          "description": "<p>Identifiers for tracking</p>"
         }
       ],
-      "descriptionHTML": "<p>Creates a new task for a repository</p>",
+      "descriptionHTML": "<div class=\"ghd-alert ghd-alert-accent\" data-container=\"alert\"><p class=\"ghd-alert-title\"><svg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden><path d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"></path></svg>Note</p>\n<p>\nThis endpoint is in public preview and is subject to change.</p>\n</div>\n<p>Creates a new task for a repository</p>",
       "codeExamples": [
         {
           "request": {
@@ -784,7 +770,7 @@
         }
       ],
       "bodyParameters": [],
-      "descriptionHTML": "<p>Returns a task by ID scoped to an owner/repo path</p>",
+      "descriptionHTML": "<div class=\"ghd-alert ghd-alert-accent\" data-container=\"alert\"><p class=\"ghd-alert-title\"><svg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden><path d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"></path></svg>Note</p>\n<p>\nThis endpoint is in public preview and is subject to change.</p>\n</div>\n<p>Returns a task by ID scoped to an owner/repo path</p>",
       "codeExamples": [
         {
           "request": {
@@ -1325,9 +1311,10 @@
           "name": "is_archived",
           "in": "query",
           "schema": {
-            "type": "boolean"
+            "type": "boolean",
+            "default": false
           },
-          "description": "<p>Filter by archived status. When <code>true</code>, returns only archived tasks. When <code>false</code>, returns only non-archived tasks.</p>"
+          "description": "<p>Filter by archived status. When <code>true</code>, returns only archived tasks. When <code>false</code> or omitted, returns only non-archived tasks. Defaults to <code>false</code>.</p>"
         },
         {
           "name": "since",
@@ -1340,7 +1327,7 @@
         }
       ],
       "bodyParameters": [],
-      "descriptionHTML": "<p>Returns a list of tasks for the authenticated user</p>",
+      "descriptionHTML": "<div class=\"ghd-alert ghd-alert-accent\" data-container=\"alert\"><p class=\"ghd-alert-title\"><svg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden><path d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"></path></svg>Note</p>\n<p>\nThis endpoint is in public preview and is subject to change.</p>\n</div>\n<p>Returns a list of tasks for the authenticated user</p>",
       "codeExamples": [
         {
           "request": {
@@ -1645,7 +1632,7 @@
         }
       ],
       "bodyParameters": [],
-      "descriptionHTML": "<p>Returns a task by ID with its associated sessions</p>",
+      "descriptionHTML": "<div class=\"ghd-alert ghd-alert-accent\" data-container=\"alert\"><p class=\"ghd-alert-title\"><svg version=\"1.1\" width=\"16\" height=\"16\" viewBox=\"0 0 16 16\" class=\"octicon mr-2\" aria-hidden><path d=\"M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z\"></path></svg>Note</p>\n<p>\nThis endpoint is in public preview and is subject to change.</p>\n</div>\n<p>Returns a task by ID with its associated sessions</p>",
       "codeExamples": [
         {
           "request": {