Repo sync

content/code-security/reference/security-incident-response/investigation-areas.md

@@ -109,6 +109,8 @@ You found suspicious code in your repository, a security researcher reported an
 
 * Review the **Actions** tab for unexpected workflow runs, especially those triggered by unfamiliar users or at unusual times.
 * Inspect workflow run logs for suspicious output.
+* Review the credentials accessible to suspicious workflow runs, including the default `GITHUB_TOKEN`, any {% data variables.product.pat_generic_plural %}, {% data variables.product.prodname_github_app %} tokens, or other credentials stored as secrets. The `GITHUB_TOKEN` is scoped to the job and expires when the job completes, but other credentials have their own lifecycle and do not expire with the job. Any credential that may have been exposed should be treated as compromised and rotated or replaced immediately.
+* Be aware that workflow run logs only capture standard output from workflow steps. Activity that does not write to standard output (such as network calls, file system modifications, or background processes) will not appear in the logs. For a more comprehensive investigation, correlate with audit log events.
 * Use {% data variables.product.github %} code search to find suspicious files or code additions, particularly in workflow files (`.github/workflows/`), shell scripts, or configuration files.
 * Use the Activity view to check for pushes to unusual branch names, force pushes, pushes from unexpected actors.
 * Check the audit logs for changes to security settings or disablement actions (look for events like `repository_ruleset.destroy`, `repository_secret_scanning_push_protection.disable`, or other `.delete`, `.disable`, `.destroy` events).
@@ -127,6 +129,8 @@ You found suspicious code in your repository, a security researcher reported an
 ### Key resources
 
 * [Containment actions](/code-security/tutorials/secure-your-organization/responding-to-security-incidents#step-2-contain-the-threat)
+* [AUTOTITLE](/actions/concepts/security/github_token)
+* [AUTOTITLE](/actions/reference/security/secure-use)
 
 {% ifversion fpt or ghec %}
 

content/code-security/reference/security-incident-response/investigation-tools.md

@@ -156,7 +156,8 @@ Read access to the repository.
 
 * Confirm what executed in CI/CD at a given time (such as the commands executed, or the dependency installed).
 * Investigate suspicious workflow runs, such as those triggered by an unfamiliar user or at an unusual time, to see what actions were performed, which secrets were accessed, and what code was executed.
-* Determine whether a workflow had access to any secrets.
+* Review what credentials a workflow job had access to, including the default `GITHUB_TOKEN`, any {% data variables.product.pat_generic_plural %}, {% data variables.product.prodname_github_app %} tokens, other credentials stored as secrets, and access tokens obtained during the workflow run.
+* Retrieve logs programmatically via the REST API for archival, forensic, or automation purposes.
 
 #### Permissions required
 
@@ -166,8 +167,22 @@ Read access to the repository.
 
 * [AUTOTITLE](/actions/how-tos/monitor-workflows/view-workflow-run-history)
 * [AUTOTITLE](/actions/how-tos/monitor-workflows/use-workflow-run-logs)
+* [AUTOTITLE](/actions/how-tos/manage-workflow-runs/download-workflow-artifacts)
+* [AUTOTITLE](/actions/concepts/security/github_token)
+* [AUTOTITLE](/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets)
+* [AUTOTITLE](/actions/reference/security/secure-use)
+* [AUTOTITLE](/rest/actions/workflow-runs)
+* [AUTOTITLE](/rest/actions/workflow-jobs)
+* [AUTOTITLE](/code-security/tutorials/implement-supply-chain-best-practices/securing-builds)
 
 ### Notes and limitations
 
 * {% data variables.product.github %} automatically redacts secrets from workflow logs.
-* By default, workflow logs are retained by {% data variables.product.github %} for 90 days, but you can configure this retention period to be longer (up to 400 days for private repositories).
+* By default, workflow logs are retained by {% data variables.product.github %} for 90 days, but you can configure this retention period. {% ifversion fpt or ghec %}For public repositories, the maximum retention is 90 days. For private{% ifversion ghec %} and internal{% endif %} repositories, the maximum is 400 days.{% else %}The maximum retention is 400 days.{% endif %} Retention can be configured at the enterprise, organization, or repository level. If a workflow run occurred outside of your configured retention window, the logs may no longer be available. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository), [AUTOTITLE](/organizations/managing-organization-settings/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization), or [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise).
+* Workflow runs (including their logs) can also be deleted via the REST API. To check whether a run was deleted, query for `workflows.delete_workflow_run` events in the audit log.
+* The default `GITHUB_TOKEN` issued to each job is scoped to that job and expires when the job finishes or after its effective maximum lifetime (up to 24 hours on self-hosted runners). Even if a step captured the token, it cannot be reused after the job finishes. For more information, see [AUTOTITLE](/actions/concepts/security/github_token).
+* Other credentials referenced in workflows, such as {% data variables.product.pat_generic_plural %}, {% data variables.product.prodname_github_app %} installation tokens, or third-party API keys stored as secrets, have their own lifecycle and do not expire when the job ends. If a workflow step exposed one of these credentials, the token remains valid until it is revoked or expires according to its own policy. Any credential that may have been exposed should be treated as compromised and rotated or replaced immediately. Review the workflow file and the repository, organization, and environment secrets to determine which credentials were accessible. For more information, see [AUTOTITLE](/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets).
+* You can download logs for an entire workflow run or for a specific job programmatically using the REST API. Both endpoints return a redirect URL that is valid for one minute. For more information, see [AUTOTITLE](/rest/actions/workflow-runs) and [AUTOTITLE](/rest/actions/workflow-jobs).
+* Workflow run logs only capture standard output from workflow steps. Activity that does not write to standard output, such as network calls, file system modifications, or background processes, does not appear in the logs.
+* For {% data variables.product.github %}-hosted runners, the runner environment is ephemeral and destroyed after the job completes. {% data variables.product.github %} does not retain any data beyond the workflow run logs for these runners. For self-hosted runners, additional host-level or network telemetry may be available from your own infrastructure.
+* For a more comprehensive investigation, correlate workflow run logs with audit log events. Events such as `git.clone`, `git.fetch`, `git.push`, `protected_branch.create`, and `protected_branch.policy_override` can provide additional context. Because Git events in {% data variables.product.github %}-hosted audit logs are currently retained for only 7 days for enterprises, setting up streamed enterprise audit logs ahead of time is important for this type of investigation. For more information, see [AUTOTITLE](/code-security/tutorials/secure-your-organization/preparing-for-security-incidents).

content/copilot/how-tos/copilot-cli/customize-copilot/add-mcp-servers.md

@@ -22,10 +22,15 @@ The Model Context Protocol (MCP) is an open standard that defines how applicatio
 
 If your organization or enterprise has configured a registry URL and allowlist policy, those settings apply to {% data variables.copilot.copilot_cli_short %}. The configured registry URL will appear as a discovery source, and only servers permitted by the allowlist policy can run.
 
-You can add MCP servers using the interactive `/mcp add` command within the CLI, or by editing the configuration file directly.
+You can add MCP servers in the following ways:
+* [Using the `/mcp add` command](#using-the-mcp-add-command)
+* [Using the `copilot mcp add` subcommand](#using-the-copilot-mcp-add-subcommand)
+* [Editing the configuration file](#editing-the-configuration-file)
+* [Searching and installing from the registry (experimental)](#searching-and-installing-from-the-registry)
 
 For installation instructions, available tools, and URLs for specific MCP servers, see the [{% data variables.product.github %} MCP Registry](https://github.com/mcp).
 
+
 ### Using the `/mcp add` command
 
 1. In interactive mode, enter `/mcp add`. A configuration form is displayed. Use <kbd>Tab</kbd> to navigate between fields.
@@ -50,6 +55,59 @@ For installation instructions, available tools, and URLs for specific MCP server
 1. Next to **Tools**, specify which tools from the server should be available. Enter `*` to include all tools, or provide a comma-separated list of tool names (no quotes needed). The default is `*`.
 1. Press <kbd>Ctrl</kbd>+<kbd>S</kbd> to save the configuration. The MCP server is added and available immediately without restarting the CLI.
 
+### Using the `copilot mcp add` subcommand
+
+You can add MCP servers from the terminal using the `copilot mcp add` subcommand, without entering interactive mode. The server is added to the user configuration at `~/.copilot/mcp-config.json`.
+
+For local (stdio) servers, provide the command after `--`:
+
+```shell copy
+copilot mcp add SERVER-NAME -- COMMAND [ARGS...]
+```
+
+For remote (HTTP/SSE) servers, specify the transport and provide the URL:
+
+```shell copy
+copilot mcp add --transport http SERVER-NAME URL
+```
+
+You can also pass additional options:
+
+* `--env KEY=VALUE`: Set environment variables for the server. Repeat for multiple variables.
+* `--header "HEADER: VALUE"`: Set HTTP headers for remote servers. Repeat for multiple headers.
+* `--transport TRANSPORT`: Set the transport type (`stdio`, `http`, or `sse`). The default is `stdio`.
+* `--tools TOOLS`: Specify which tools to enable. Use `*` for all tools (default), a comma-separated list, or `""` for none.
+* `--timeout MS`: Set a timeout in milliseconds.
+
+#### Examples
+
+Add a local stdio server:
+
+```shell copy
+copilot mcp add context7 -- npx -y @upstash/context7-mcp
+```
+
+Add a local server with environment variables:
+
+```shell copy
+copilot mcp add github -e GITHUB_PERSONAL_ACCESS_TOKEN=YOUR_GITHUB_PAT -- docker run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN ghcr.io/github/github-mcp-server
+```
+
+Add a remote HTTP server:
+
+```shell copy
+copilot mcp add --transport http notion \
+  https://mcp.notion.com/mcp
+```
+
+Add a remote server with an authorization header:
+
+```shell copy
+copilot mcp add --transport http \
+  --header "Authorization: Bearer YOUR-TOKEN" \
+  stripe https://mcp.stripe.com
+```
+
 ### Editing the configuration file
 
 You can also add MCP servers by editing the configuration file at `~/.copilot/mcp-config.json`. This is useful if you want to share configurations or add multiple servers at once.
@@ -80,9 +138,31 @@ The following example shows a configuration file with a local server and a remot
 
 For more information on MCP server configuration, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/cloud-agent/extend-cloud-agent-with-mcp#writing-a-json-configuration-for-mcp-servers).
 
+### Searching and installing from the registry
+
+> [!NOTE]
+> The `/mcp search` command is currently an experimental feature. To use it, start {% data variables.copilot.copilot_cli_short %} with the `--experimental` command line option, or enter `/experimental on` during a session.
+
+You can discover and install MCP servers directly from the [{% data variables.product.github %} MCP Registry](https://github.com/mcp) using the `/mcp search` command in interactive mode. This lets you browse available servers, view their details, and install them without manually filling out the configuration form.
+
+If your organization has configured a custom MCP registry URL, `/mcp search` connects to that registry instead of the default {% data variables.product.github %} registry.
+
+1. In interactive mode, enter `/mcp search` to browse top servers by stars, or `/mcp search QUERY` to search for a specific server. For example:
+
+   ```text
+   /mcp search context7
+   ```
+
+1. A keyboard-navigable list of matching servers is displayed. Use the arrow keys to browse the results.
+1. Select a server to open its configuration form. The form is pre-populated with the server's configuration from the registry. Fill in any required fields, such as API keys or tokens.
+1. Press <kbd>Ctrl</kbd>+<kbd>S</kbd> to save. The server is added to your `mcp-config.json` and started immediately.
+
+
 ## Managing MCP servers
 
-You can manage your configured MCP servers using the following `/mcp` commands in {% data variables.copilot.copilot_cli_short %}.
+You can manage your configured MCP servers using the `/mcp` commands in interactive mode or the `copilot mcp` subcommands from the terminal.
+
+### Using `/mcp` commands in interactive mode
 
 * **List configured MCP servers:** Use the command `/mcp show`. This displays all configured MCP servers and their current status.
 
@@ -96,6 +176,34 @@ You can manage your configured MCP servers using the following `/mcp` commands i
 
 * **Enable a previously disabled server:** Use the command `/mcp enable SERVER-NAME`.
 
+### Using `copilot mcp` subcommands from the terminal
+
+You can also manage MCP servers from the terminal without entering interactive mode.
+
+* **List all configured servers:**
+
+  ```shell copy
+  copilot mcp list
+  ```
+
+  Lists servers from all configuration sources (user, workspace, and plugin). Add `--json` for JSON output.
+
+* **View server details:**
+
+  ```shell copy
+  copilot mcp get SERVER-NAME
+  ```
+
+  Shows a server's type, status, and available tools. Add `--json` for JSON output.
+
+* **Remove a server:**
+
+  ```shell copy
+  copilot mcp remove SERVER-NAME
+  ```
+
+  Removes the server from the user configuration.
+
 ## Using MCP servers
 
 Once you have added an MCP server, {% data variables.product.prodname_copilot_short %} can automatically use the tools it provides when relevant to your prompt. You can also directly reference an MCP server and specific tools in a prompt to ensure they are used.

content/copilot/how-tos/troubleshoot-copilot/index.md

@@ -11,6 +11,7 @@ children:
   - /troubleshoot-firewall-settings
   - /troubleshoot-network-errors
   - /troubleshoot-spark
+  - /troubleshoot-copilot-slowness
 redirect_from:
   - /copilot/troubleshooting-github-copilot
   - /copilot/how-tos/troubleshoot

content/copilot/how-tos/troubleshoot-copilot/troubleshoot-copilot-slowness.md

@@ -0,0 +1,74 @@
+---
+title: Troubleshooting slow responses from GitHub Copilot
+intro: Troubleshooting help for slow responses from {% data variables.product.prodname_copilot %}.
+allowTitleToDifferFromFilename: true
+versions:
+  feature: copilot
+shortTitle: Troubleshoot slow responses
+redirect_from:
+  - /copilot/troubleshooting-github-copilot/troubleshooting-copilot-slowness
+  - /copilot/how-tos/troubleshoot/troubleshooting-copilot-slowness
+  - /copilot/how-tos/troubleshoot/troubleshoot-copilot-slowness
+contentType: how-tos
+category:
+  - Troubleshooting Copilot
+---
+
+## About the problem
+
+If {% data variables.product.prodname_copilot %} is responding more slowly than expected, the problem may be related to network conditions, local system performance, editor configuration, or connectivity restrictions such as proxies or firewalls. Because {% data variables.product.prodname_copilot_short %} relies on remote services to generate responses, issues that affect communication with {% data variables.product.github %} services can reduce responsiveness or cause delays. The troubleshooting steps below can help you determine whether the problem is caused by your environment or by a broader service issue.
+
+If {% data variables.product.prodname_copilot_short %} is responding slowly, work through the following troubleshooting steps.
+
+## Check your internet connection 
+
+Make sure you have a stable, high-speed internet connection. Slow or inconsistent connectivity can increase latency and affect how quickly {% data variables.product.prodname_copilot_short %} returns responses.
+
+## Check the GitHub status page  
+
+Visit the [GitHub status page](https://www.githubstatus.com/) to confirm whether there is an ongoing incident affecting {% data variables.product.prodname_copilot_short %} or related GitHub services.
+
+## Update your editor and {% data variables.product.prodname_copilot_short %} extension 
+
+Make sure your editor and the {% data variables.product.prodname_copilot_short %} extension or plugin are up to date. After updating, restart your editor.
+
+## Check for extension conflicts
+
+Temporarily disable other extensions or plugins, especially ones related to AI coding assistants, linting, formatting, or code analysis. Conflicts between extensions can sometimes affect editor responsiveness and make {% data variables.product.prodname_copilot_short %} appear slow.
+
+## Try a smaller or simpler file
+
+{% data variables.product.prodname_copilot_short %} may respond more slowly in very large files or in projects with high complexity. Test whether performance improves in a smaller file or after splitting large files into smaller units.
+
+## Test in a new project or workspace
+
+Open a new minimal project or workspace and test {% data variables.product.prodname_copilot_short %} there. If response times improve, the issue may be related to the size, dependencies, or configuration of your main project.
+
+## Review system resource usage
+
+Check CPU and memory usage on your machine. High system load or limited available resources can slow down your editor and affect how quickly {% data variables.product.prodname_copilot_short %} responds.
+
+## Check proxy, VPN, and firewall settings
+
+If you use a proxy, VPN, firewall, or security software that inspects web traffic, verify that it is not blocking or interfering with connections required by {% data variables.product.prodname_copilot_short %}. If you work behind a corporate proxy or firewall, you may need to review your organization's network configuration and make sure to follow [AUTOTITLE](/copilot/how-tos/troubleshoot-copilot/troubleshoot-firewall-settings).
+
+## Review logs for errors or timeouts
+
+Check your editor logs for errors, timeouts, or connectivity problems.
+
+   * In **Visual Studio Code**, open the **Output** panel and select **GitHub Copilot** from the dropdown.
+   * In **JetBrains IDEs**, open the logs from the **Help** menu.
+
+For more information, see [AUTOTITLE](/copilot/how-tos/troubleshoot-copilot/view-logs?tool=vscode#viewing-and-collecting-log-files). Save any relevant logs if you need to report the problem.
+
+## Try a different network or device
+
+If possible, test {% data variables.product.prodname_copilot_short %} on a different network or another device. This can help determine whether the issue is specific to your current environment.
+
+## Check GitHub Docs and known issues
+
+Review [AUTOTITLE](/copilot/how-tos/troubleshoot-copilot/troubleshoot-common-issues), similar reports, or environment-specific guidance.
+
+## Contact GitHub Support with diagnostic details
+
+If the problem persists, collect relevant diagnostic information before contacting GitHub Support. Include your editor and {% data variables.product.prodname_copilot_short %} extension or plugin versions, steps to reproduce the problem, example files if available, and any related log messages or errors.

content/copilot/reference/copilot-billing/models-and-pricing.md

@@ -43,6 +43,8 @@ All prices are **per 1 million tokens**.
 
 Anthropic models include a cache write cost in addition to cached input.
 
+{% data reusables.copilot.model-fable-disabled %}
+
 | Model | Release status | Category | Input | Cached input | Cache write | Output |
 | --- | --- | --- | ---: | ---: | ---: | ---: |
 | {% for entry in tables.copilot.models-and-pricing %}{% if entry.provider == "anthropic" %} |