今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#copilot

找到 46 篇相关文章

开发者

GitHub lets enterprises pin Copilot's OpenTelemetry endpoint

Where Copilot's telemetry stream lands, decided centrally GitHub added a control on July 8 that lets an enterprise mandate where the Copilot Chat extension in VS Code and Copilot CLI send OpenTelemetry data, removing the need for individual developers to set OTEL_* environment variables. Per the GitHub changelog, the setting is delivered through a telemetry block in the enterprise-managed settings, and a managed value takes precedence over environment variables and user settings. Four things are configurable in the block: the OTLP export endpoint and transport ( otlp-http or otlp-grpc ), the OTel service name and resource attributes, exporter headers such as an authentication token for the collector, and whether prompt, response and tool content is captured, with a separate flag for whether developers can change that. Delivery uses the channels documented on the same page: native MDM (Windows Registry or macOS managed preferences), server-managed settings from a signed-in GitHub account, or a file-based managed-settings.json . Where this bites The precedence rule is the point. If a platform team owns the collector and needs traces routed to it, this is exactly the switch they wanted. If a developer had their own OTLP endpoint pointed at a local sink, they will see the session start emitting somewhere else. The changelog does not describe a per-user override once a managed value is set. A scoping note is worth reading twice. The changelog states that managed exporter headers apply only to the Copilot Chat extension's OTLP exporter. The endpoint and transport policy still reach the CLI agent host, but the auth-token flow the changelog calls out is bound to the Chat surface. On-call teams standing up the collector should plan for that asymmetry before it lands as a surprise during triage.

2026-07-12 原文 →
AI 资讯

GitHub Copilot's enterprise managed-settings.json is now GA

GA in a sentence GitHub moved its enterprise managed-settings.json to general availability on July 1, giving GitHub Enterprise Cloud admins a single JSON file that overrides Copilot behaviour in VS Code and Copilot CLI for anyone holding a Copilot Business or Copilot Enterprise seat issued from the enterprise or one of its organizations. The changelog frames it as a place to define AI standards for the tenant. In practice it is a supported home for Copilot policy that shipped one setting at a time in beta up to this point. The five keys the file accepts Five keys are documented at GA: extraKnownMarketplaces , enabledPlugins , strictKnownMarketplaces , disableBypassPermissionsMode , and model . Together they configure trust for extra plugin marketplaces, the enabled-plugins list, strict enforcement of the known-good marketplace list, whether Copilot CLI and the VS Code extension can run in bypass-permission mode, and which model a user is allowed to pick. Value shapes are not enumerated in the changelog itself; the docs page is the reference for the schema. How the file reaches a client The file lives at copilot/managed-settings.json inside the .github-private repository of the organization the enterprise nominates for the role. There is a backward-compatible path at .github/copilot/settings.json for tenants already using the older layout. Copilot clients fetch the file from the server on every authentication, hold it in memory, and refresh it hourly, per the changelog. That server-side file takes precedence over the file-based config a user may have on their own machine. Setup runs through the AI Controls tab in enterprise settings, or the equivalent API endpoint, where an admin picks the hosting organization. Anyone who followed the June rollouts of disableBypassPermissionsMode and strictKnownMarketplaces will recognise the same file and the same repo. GA is what turns the plumbing into a supported product surface. Where it will trip you Two operational details are

2026-07-05 原文 →
AI 资讯

Copilot CLI drops the PAT requirement inside GitHub Actions

GitHub said this week that Copilot CLI, when it runs inside a GitHub Actions workflow, will accept the built-in GITHUB_TOKEN for authentication. Per the July 2 changelog, the previous path required creating and storing a personal access token. The operational read is small and precise: one fewer human-owned credential to mint, rotate and inherit. The exact scope of the change The changelog covers a narrow surface. It applies to Copilot CLI when invoked from a GitHub Actions workflow, and it swaps the required credential from a PAT to the workflow's ambient GITHUB_TOKEN . GitHub does not describe changes to how Copilot CLI authenticates outside Actions, and this post will not extrapolate to those contexts. If your Copilot CLI usage lives on a developer laptop or in another CI system, nothing in this announcement moves for you. Why the PAT was the wrong credential to leave in the loop A personal access token has almost none of the properties you would want from an automation credential. It does not expire on a job boundary. It carries a person's identity, not the workflow's. It sits in Actions secrets long enough to outlive the engineer who created it. And its scopes were chosen by that engineer, at that moment, often wider than the job actually needs. GITHUB_TOKEN is the opposite shape. Actions mints it at the start of a job, scopes it through the workflow's permissions: block, and revokes it when the job ends. If the token leaks, the window for abuse is the runtime of the job, not the years until somebody remembers to rotate it. When the person who wrote the workflow leaves, the pipeline does not silently break because a token expired with their account. For scripted Copilot CLI calls that had to be wrapped in a PAT, that is the whole win. The tool authenticates against the workflow instead of against a human. Wiring it up The workflow-side pattern is the same one every GITHUB_TOKEN -consuming step already follows: declare permissions: explicitly at the job level, k

2026-07-04 原文 →
AI 资讯

The Workflow is the Product: Why Enterprise AI Must Move Beyond Copilots

For the last few years, many enterprise AI conversations have started with the same question: “Where can we add an AI copilot?” It is an understandable starting point. Copilots are familiar. They sit inside existing tools, help users draft content, summarize information, search documents, write code, or answer questions. For teams experimenting with AI, they feel safe. But after 10 years of building mobile apps, web platforms, AI systems, internal tools, and enterprise-grade products, I have learned something that sounds simple but changes the whole strategy: The workflow is the product. Not the chatbot. Not the prompt box. Not the model. Not the dashboard. The workflow. Enterprise AI only becomes valuable when it changes how work actually moves across people, systems, approvals, decisions, and data. That is why companies now need to move beyond standalone copilots and toward AI workflow automation, enterprise AI agents, and agentic workflows that are designed around real operational outcomes. Copilots Help. Workflows Transform. An AI copilot is useful when a person needs assistance inside a task. It can draft an email, summarize a meeting, search policy documents, or help an engineer understand code. These are valuable use cases. But they usually improve a single moment of work, not the complete business process. A workflow, on the other hand, connects the full chain. For example, consider enterprise customer onboarding. A copilot may summarize the sales call. A workflow system can take that summary, extract requirements, identify missing information, create onboarding tasks, notify customer success, update the CRM, generate a kickoff plan, check billing setup, and flag delivery risks. That is a very different level of impact. AI Copilot AI Workflow Automation Assists one user Coordinates work across teams Responds when asked Triggers actions automatically Works inside a tool Connects multiple systems Improves productivity Improves operating performance Helps with

2026-06-30 原文 →
开发者

Connecting Sophos Central to a Copilot Studio Agent with Power Automate

I wanted a chat agent that could pull security alerts from Sophos Central on demand. Type "get Sophos alerts" into a Copilot Studio chat, get back a readable answer. No dashboard, no manual API calls. It works now, end to end. Agent calls a Power Automate flow, the flow talks to the Sophos API, and the response comes back formatted in chat. This post is how I got there, including the bugs that ate most of my time. The shape of the thing Three pieces: A Copilot Studio agent that the user talks to A Power Automate flow that does the actual API work The Sophos Central API on the other end The agent does not call Sophos directly. It calls the flow, the flow handles auth and the request, and the result gets passed back to the agent to format. Keeping the API logic in the flow means the agent stays simple. The flow The flow is named Sophos - Get Alerts , living in a solution called Sophos Integration . Here is the structure: [Trigger: When Copilot Studio calls a flow] | [Init ClientId] - String (Sophos Client ID) [Init ClientSecret] - String (Sophos Client Secret) [Init TenantId] - String (your Sophos tenant ID) [Init ApiHost] - https://api-<region>.central.sophos.com | [HTTP Get Token] POST https://id.sophos.com/api/v2/oauth2/token Header: Content-Type: application/x-www-form-urlencoded Body: grant_type=client_credentials&client_id={ClientId}&client_secret={ClientSecret}&scope=token | [Parse Token] - extract access_token | [HTTP Get Alerts] GET {ApiHost}/common/v1/alerts Headers: Authorization: Bearer {access_token} X-Tenant-ID: {TenantId} Accept: application/json | [Return value(s) to PVA: AlertsResponse = body('HTTP_Get_Alerts')] Auth is OAuth client credentials. You request a token, then use it as a bearer token on the alerts call. The tenant ID goes in an X-Tenant-ID header, not the URL. Where the credentials live This is the part people will have opinions about, so let me be upfront. The Sophos client ID, secret, and tenant ID are stored as flow-scoped variables wit

2026-06-23 原文 →
AI 资讯

GitHub Copilot is usage-based now. Here's what that changes for terminal users.

As of June 1, 2026, all GitHub Copilot plans run on usage-based billing. Premium request units are gone. What replaced them is a token-metered currency called GitHub AI Credits: one credit equals one cent, and every model interaction converts into credits based on the input, output, and cached tokens it consumes, charged at each model's published rate. GitHub's framing is that Copilot outgrew its old pricing. A one-line completion and a multi-hour autonomous run used to cost the same, and once agentic use went mainstream, that flat rate stopped matching the compute behind it. Tying the price to tokens fixes the mismatch. If your Copilot use is mostly autocomplete, this barely registers. If you drive Copilot as an agent from the terminal, it changes which moves cost money. Here's the practical shape of it. Requests out, tokens in Old model: each interaction cost one premium request, scaled by a per-model multiplier, drawn from a monthly request allowance. New model: each interaction costs whatever its tokens cost on the model you picked. Every paid plan still ships with a monthly pool, now denominated in credits, with the option to set a budget for usage past it. Published figures put the included pool at 1,500 credits for Pro, 7,000 for Pro+, and 20,000 for Max, with pooled per-user allowances on Business and Enterprise. Worth knowing if you pay yearly: annual Pro and Pro+ subscribers stay on the request-based model until the term ends, and several model multipliers went up for them on June 1. An annual plan doesn't dodge the change. It postpones part of it while making the strong models eat more of the old allowance. Autocomplete is untouched Before anyone starts rationing, here's the part that didn't move. Inline completions and Next Edit Suggestions are still unlimited and still free. If your day is mostly tab-completion in the editor, your costs read identical to May. Nothing to monitor there. The meter lands on the rest: chat, and especially the agentic runs th

2026-06-22 原文 →
AI 资讯

AI credits are the new lines of code metric

GitHub added a tiny field to the Copilot usage metrics API this week that is going to create a lot of very confident spreadsheets. Enterprise and organization admins can now see ai_credits_used in the user-level Copilot usage reports. One field. Per user. Available for single-day and 28-day reports. It is not the invoice, and GitHub is careful to say it is a consumption signal rather than a billed total. Still, the shape is obvious. Now AI usage can sit next to adoption, activity, team, department, cost center, and whatever else the company already exports into a dashboard. That is useful. It is also exactly how a tool metric becomes a management metric. And once that happens, the question is no longer "can we measure AI usage?" The question is "what weird behavior will this metric create?" every useful metric becomes a temptation I understand why this field exists. If a company is paying for Copilot, especially with usage-based pieces attached to more expensive models and premium features, it needs some way to understand consumption. Platform teams need budget signals. Engineering leaders need adoption signals. Procurement needs something more concrete than "people seem to like it." Finance will eventually ask why one org burns through credits much faster than another. That is normal. The problem starts when a consumption signal is treated as a productivity signal. High AI credit usage might mean a developer is doing valuable work with agent mode, code review, test generation, refactoring, or research. It might also mean the developer is stuck, repeatedly asking the model to solve the wrong problem, generating code that gets deleted, or using a heavyweight model where a small one would have been fine. Low AI credit usage might mean a developer does not need much help. It might mean the work is mostly design, review, debugging, incident response, mentoring, or architecture. It might mean the codebase is small and well understood. It might mean the developer is skept

2026-06-21 原文 →
AI 资讯

How we built an internal data analytics agent

Qubot, our internal Copilot-powered analytics agent, allows any GitHub employee to ask questions about our data in plain language. Here's what we learned as we built it. The post How we built an internal data analytics agent appeared first on The GitHub Blog .

2026-06-20 原文 →
AI 资讯

GitHub Copilot Desktop App Targets Parallel Agentic Workflows

GitHub has introduced the GitHub Copilot app, a desktop control centre for agent-native development that aims to keep engineers in charge while AI agents handle more coding work. Mario Rodriguez writes on the GitHub blog that the recent wave of coding agents has brought faster delivery but also "disjointed workflows, more context switching, and too much time spent reviewing agent-generated code". By Matt Saunders

2026-06-17 原文 →