Merge pull request #44710 from github/repo-sync

Repo sync

Author: docs-bot

content/code-security/tutorials/secure-your-organization/respond-to-a-security-incident.md

@@ -101,16 +101,18 @@ There are several containment actions you can choose to perform to limit the att
 
 For exposed or exploited credentials, the most immediate action you can take is to revoke the affected credentials to prevent further misuse.
 
-{% ifversion fpt or ghec or ghes > 3.17 %}
+{% ifversion fpt or ghec %}
+
 * **Revoke via the API**
 
   If the token is one of the following types, and the literal value of the token is known, you (or anybody) can revoke it by **submitting a request via the REST API**. See [AUTOTITLE](/rest/credentials/revoke?apiVersion=2022-11-28#revoke-a-list-of-credentials).
 
   * {% data variables.product.pat_v1_caps %}
-  * {% data variables.product.pat_v2_caps %}{% ifversion fpt or ghec or ghes > 3.20 %}
+  * {% data variables.product.pat_v2_caps %}
   * {% data variables.product.prodname_oauth_app %} access token
   * {% data variables.product.prodname_github_app %} user access token
-  * {% data variables.product.prodname_github_app %} refresh token{% endif %}
+  * {% data variables.product.prodname_github_app %} refresh token
+  
 {% endif %}
 
 * **Revocation and containment options**

content/copilot/concepts/agents/about-enterprise-plugin-standards.md

@@ -17,7 +17,7 @@ redirect_from:
 
 > [!NOTE] This feature is in {% data variables.release-phases.public_preview %} and subject to change.
 
-Enterprise-managed plugin standards allow administrators to **define and enforce policies for plugin availability**. By configuring a `settings.json` file in the enterprise's `.github-private` repository, administrators can specify which plugin marketplaces are available to users and which plugins are installed automatically.
+Enterprise-managed plugin standards allow administrators to **define and enforce policies for plugin availability**. By configuring a `{% data variables.copilot.managed_setting_file %}` file in the enterprise's `.github-private` repository, administrators can specify which plugin marketplaces are available to users and which plugins are installed automatically.
 
 ## Where plugin standards apply
 
@@ -30,14 +30,14 @@ Users must upgrade to a supported client version for these standards to be appli
 
 ## How plugin standards work
 
-Enterprise plugin standards use a configuration file stored in your enterprise's `.github-private` repository. The configuration is defined in a `settings.json` file at the following path: `.github/copilot/settings.json`.
+Enterprise plugin standards use a configuration file stored in your enterprise's `.github-private` repository. The configuration is defined in a `{% data variables.copilot.managed_setting_file %}` file at the following path: `.github/copilot/{% data variables.copilot.managed_setting_file %}`. This file was previously called `settings.json`, which is still supported.
 
 For plugin standards, the file can define:
 
 * **Known marketplaces**. Plugin marketplaces that are available to users for browsing and installing plugins.
 * **Default-enabled plugins**. Specific plugins that are automatically installed when users authenticate.
 
-When a user authenticates to {% data variables.product.prodname_copilot_short %} in a supported client, the client queries an API endpoint that reads the `settings.json` from the enterprise's `.github-private` repository. The policies defined in the file are then applied to the user's session.
+When a user authenticates to {% data variables.product.prodname_copilot_short %} in a supported client, the client queries an API endpoint that reads the `{% data variables.copilot.managed_setting_file %}` file. The policies defined in the file are then applied to the user's session.
 
 ## Why use enterprise-managed plugin standards
 

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/configure-enterprise-plugin-standards.md

@@ -2,7 +2,7 @@
 title: Configuring enterprise plugin standards
 shortTitle: Configure plugin standards
 allowTitleToDifferFromFilename: true
-intro: 'Configure enterprise plugin standards by defining a `settings.json` file in your enterprise''s `.github-private` repository.'
+intro: 'Configure enterprise plugin standards by defining a `{% data variables.copilot.managed_setting_file %}` file in your enterprise''s `.github-private` repository.'
 permissions: Enterprise owners
 versions:
   feature: copilot
@@ -16,9 +16,8 @@ category:
 
 You can apply settings to control users' available plugin marketplaces and default-installed plugins. These settings apply to users on your enterprise's {% data variables.product.prodname_copilot_short %} plan. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-enterprise-plugin-standards).
 
-1. In your enterprise's `.github-private` repository, navigate to the `.github/copilot/` directory. If you don't have a `.github-private` repository yet, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents).
-1. Create or edit the `settings.json` file at `.github/copilot/settings.json`.
-1. Add your plugin policy configuration to the file. The `settings.json` file supports the following top-level properties:
+{% data reusables.copilot.create-managed-settings %}
+1. Add your plugin policy configuration to the file. The `{% data variables.copilot.managed_setting_file %}` file supports the following top-level properties:
 
    ```json copy
    {

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands.md

@@ -0,0 +1,36 @@
+---
+title: Disabling automatic command approval in Copilot clients
+shortTitle: Disable automatic commands
+allowTitleToDifferFromFilename: true
+intro: 'Disable yolo mode to stop agents from running commands without approval.'
+permissions: Enterprise owners
+versions:
+  feature: copilot
+contentType: how-tos
+category:
+  - Configure Copilot
+  - Manage Copilot for a team
+---
+
+> [!NOTE] This feature is in {% data variables.release-phases.public_preview %} and subject to change.
+
+You can prevent users from using modes that enable automatic approval of agent commands in {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %}. The `disableBypassPermissionsMode` setting is defined in your enterprise's `{% data variables.copilot.managed_setting_file %}` file and applies to users on your enterprise's {% data variables.product.prodname_copilot_short %} plan.
+
+This setting blocks users from using:
+
+* The `--yolo` or `--allow-all` flag
+* The `/yolo` or `/allow-all` command
+* All runtime paths that enable combined bypass mode
+
+This setting does **not** block individual flags such as `--allow-all-tools` or `--allow-all-paths`.
+
+{% data reusables.copilot.create-managed-settings %}
+1. Add the following property.
+
+   ```json copy
+   {
+     "permissions": {
+       "disableBypassPermissionsMode": "disable"
+     }
+   }
+   ```

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/index.md

@@ -7,6 +7,7 @@ versions:
 children:
   - /prepare-for-custom-agents
   - /configure-enterprise-plugin-standards
+  - /disable-automatic-commands
   - /monitor-agentic-activity
   - /enable-copilot-cloud-agent
   - /block-agentic-features

content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md

@@ -267,7 +267,9 @@ This flag combines:
 * `--allow-all-paths` (disable path verification).
 * `--allow-all-urls` (disables URL verification).
 
-> [!TIP] During an interactive session, you can also enable all permissions with the `/allow-all` or `/yolo` slash commands.
+During an interactive session, you can also enable all permissions with the `/allow-all` or `/yolo` slash commands.
+
+{% data reusables.copilot.disable-bypass %}
 
 ## Further reading
 

content/copilot/how-tos/copilot-cli/use-copilot-cli/allowing-tools.md

@@ -79,6 +79,8 @@ For details of the supported tool kinds, see [AUTOTITLE](/copilot/reference/copi
 
 The following command-line options give {% data variables.copilot.copilot_cli_short %} permission to use all available tools.
 
+{% data reusables.copilot.disable-bypass %}
+
 * `--allow-all-tools` — Full access to the available tools.
 
 * `--allow-all`  or `--yolo` — Equivalent to using all of the `--allow-all-tools`, `--allow-all-paths`, and `--allow-all-urls` options when starting the CLI.

content/organizations/managing-programmatic-access-to-your-organization/github-credential-types.md

@@ -38,7 +38,7 @@ The following sections describe revocation options for each credential type base
 
 * If the token **belongs to you**, you can delete it via your personal account settings. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#deleting-a-personal-access-token).
 {% data reusables.credentials.revoke-via-api %}
-* **Organization owners** and **enterprise owners** do not have direct visibility into or control over individual tokens. However, they can:{% ifversion fpt or ghec or ghes > 3.17 %}
+* **Organization owners** and **enterprise owners** do not have direct visibility into or control over individual tokens. However, they can:{% ifversion fpt or ghec %}
    * Revoke them using the REST API, if the actual token value is known. See [AUTOTITLE](/rest/credentials/revoke?apiVersion=2022-11-28#revoke-a-list-of-credentials).{% endif %}
    * Restrict the access of {% data variables.product.pat_generic_plural %} to the organization or enterprise entirely. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise).
 * **Organization owners and enterprise owners** on {% data variables.product.prodname_ghe_cloud %} with SSO enforced can revoke the SSO authorization for a specific {% data variables.product.pat_v1 %}. See [Revoking SSO authorization](#revoking-sso-authorization) for details.
@@ -49,7 +49,7 @@ The following sections describe revocation options for each credential type base
 * If the token **belongs to you**, you can delete it via your personal account settings. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#deleting-a-personal-access-token).
 {% data reusables.credentials.revoke-via-api %}
 * **Organization owners**: Can view and revoke individual tokens. Note, however, that when an organization owner revokes a {% data variables.product.pat_v2 %}, any SSH keys created by the token will continue to work and the token will still be able to read public resources within the organization. The revocation changes the resource owner from the organization to the user, and the user can reassign it back. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/reviewing-and-revoking-personal-access-tokens-in-your-organization).
-* **Organization owners** and **enterprise owners** can:{% ifversion fpt or ghec or ghes > 3.17 %}
+* **Organization owners** and **enterprise owners** can:{% ifversion fpt or ghec %}
    * Revoke the token using the REST API. See [AUTOTITLE](/rest/credentials/revoke?apiVersion=2022-11-28#revoke-a-list-of-credentials).{% endif %}
    * Restrict the access of {% data variables.product.pat_generic_plural %} to the organization or enterprise entirely. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise).
 * **Revoked automatically** if pushed to a public repository or gist, or if unused for one year. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation).

content/rest/credentials/revoke.md

@@ -7,7 +7,6 @@ intro: >-
 versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.18'
 autogenerated: rest
 allowTitleToDifferFromFilename: true
 category:

data/reusables/copilot/create-managed-settings.md

@@ -0,0 +1,2 @@
+1. In your enterprise's `.github-private` repository, navigate to the `.github/copilot/` directory. If you haven't set a `.github-private` repository as your enterprise's source of agent configuration, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents).
+1. Create or edit the `{% data variables.copilot.managed_setting_file %}` file. (This file was previously named `settings.json`, which is also supported.)