AI 资讯
GitHub Copilot's enterprise managed-settings.json is now GA
GA in a sentence GitHub moved its enterprise managed-settings.json to general availability on July 1, giving GitHub Enterprise Cloud admins a single JSON file that overrides Copilot behaviour in VS Code and Copilot CLI for anyone holding a Copilot Business or Copilot Enterprise seat issued from the enterprise or one of its organizations. The changelog frames it as a place to define AI standards for the tenant. In practice it is a supported home for Copilot policy that shipped one setting at a time in beta up to this point. The five keys the file accepts Five keys are documented at GA: extraKnownMarketplaces , enabledPlugins , strictKnownMarketplaces , disableBypassPermissionsMode , and model . Together they configure trust for extra plugin marketplaces, the enabled-plugins list, strict enforcement of the known-good marketplace list, whether Copilot CLI and the VS Code extension can run in bypass-permission mode, and which model a user is allowed to pick. Value shapes are not enumerated in the changelog itself; the docs page is the reference for the schema. How the file reaches a client The file lives at copilot/managed-settings.json inside the .github-private repository of the organization the enterprise nominates for the role. There is a backward-compatible path at .github/copilot/settings.json for tenants already using the older layout. Copilot clients fetch the file from the server on every authentication, hold it in memory, and refresh it hourly, per the changelog. That server-side file takes precedence over the file-based config a user may have on their own machine. Setup runs through the AI Controls tab in enterprise settings, or the equivalent API endpoint, where an admin picks the hosting organization. Anyone who followed the June rollouts of disableBypassPermissionsMode and strictKnownMarketplaces will recognise the same file and the same repo. GA is what turns the plumbing into a supported product surface. Where it will trip you Two operational details are
开发者
Automating Security in Python: A Hands-On Guide to SAST with Bandit and GitHub Actions
Introduction In today's fast-paced development cycles, security can no longer be an...
开源项目
🔥 rust-unofficial / awesome-rust - A curated list of Rust code and resources.
GitHub热门项目 | A curated list of Rust code and resources. | Stars: 58,153 | 144 stars this week | 语言: Rust
开源项目
🔥 kunchenguid / gnhf - Before I go to bed, I tell my agents: good night, have fun
GitHub热门项目 | Before I go to bed, I tell my agents: good night, have fun | Stars: 2,889 | 420 stars this week | 语言: TypeScript
开源项目
🔥 Starmel / OpenSuperWhisper - macOS dictation app
GitHub热门项目 | macOS dictation app | Stars: 1,678 | 494 stars this week | 语言: Swift
开源项目
🔥 kdsz001 / OpenWiki - OpenWiki — Mac desktop AI knowledge management tool. Capture
GitHub热门项目 | OpenWiki — Mac desktop AI knowledge management tool. Capture clipboard, build personal wiki, get AI insights. | Stars: 469 | 25 stars today | 语言: Rust
开源项目
🔥 Hmbown / CodeWhale - Open-source, community-driven agent harness
GitHub热门项目 | Open-source, community-driven agent harness | Stars: 39,416 | 65 stars today | 语言: Rust
开源项目
🔥 google-labs-code / stitch-skills - A library of Agent Skills designed to work with the Stitch M
GitHub热门项目 | A library of Agent Skills designed to work with the Stitch MCP server. Each skill follows the Agent Skills open standard, for compatibility with coding agents such as Antigravity, Gemini CLI, Claude Code, Cursor. | Stars: 6,363 | 35 stars today | 语言: TypeScript
开源项目
🔥 crynta / terax-ai - Lightweight (7MB) Terminal-first AI-native dev workspace
GitHub热门项目 | Lightweight (7MB) Terminal-first AI-native dev workspace | Stars: 7,916 | 44 stars today | 语言: TypeScript
开源项目
🔥 chthollyphile / folia-major - 专注于绚丽的歌词动画效果的本地音乐/navidrome/第三方网易云播放器
GitHub热门项目 | 专注于绚丽的歌词动画效果的本地音乐/navidrome/第三方网易云播放器 | Stars: 927 | 319 stars today | 语言: TypeScript
开源项目
🔥 immich-app / immich - High performance self-hosted photo and video management solu
GitHub热门项目 | High performance self-hosted photo and video management solution. | Stars: 105,393 | 198 stars today | 语言: TypeScript
开源项目
🔥 spicetify / cli - Command-line tool to customize Spotify client. Supports Wind
GitHub热门项目 | Command-line tool to customize Spotify client. Supports Windows, macOS, and Linux. | Stars: 23,582 | 28 stars today | 语言: JavaScript
开源项目
🔥 huggingface / speech-to-speech - Build local voice agents with open-source models
GitHub热门项目 | Build local voice agents with open-source models | Stars: 5,273 | 162 stars today | 语言: Python
开源项目
🔥 ai-boost / awesome-harness-engineering - Awesome list for AI agent harness engineering: tools, patter
GitHub热门项目 | Awesome list for AI agent harness engineering: tools, patterns, evals, memory, MCP, permissions, observability, and orchestration. | Stars: 2,669 | 125 stars today | 语言: Python
开源项目
🔥 google / adk-python - An open-source, code-first Python toolkit for building, eval
GitHub热门项目 | An open-source, code-first Python toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control. | Stars: 20,444 | 16 stars today | 语言: Python
开源项目
🔥 jiji262 / douyin-downloader - A practical Douyin downloader for both single-item and profi
GitHub热门项目 | A practical Douyin downloader for both single-item and profile batch downloads, with progress display, retries, SQLite deduplication, and browser fallback support. 抖音批量下载工具,去水印,支持视频、图集、合集、音乐(原声)。免费!免费!免费! | Stars: 8,465 | 61 stars today | 语言: Python
开源项目
🔥 hesreallyhim / awesome-claude-code - A hand-picked collection of the finest of resources for the
GitHub热门项目 | A hand-picked collection of the finest of resources for the most awesome of agents, Claude Code, the undisputed champion of coding companions, from the unstoppable team at Anthropic PBC. A delectable showcase of top tier skills, ambidextrous agents, scintillating status lines, top notch developer tooling, and also we have plugins | Stars: 47,975 | 100 stars today | 语言: Python
开源项目
🔥 alirezarezvani / claude-skills - 337 Claude Code skills & agent skills & plugins (30+ Agents,
GitHub热门项目 | 337 Claude Code skills & agent skills & plugins (30+ Agents, 70+ custom commands, 330+ skills, customizable references, scripts)for Claude Code, Codex, Gemini CLI, Cursor, and 8 more coding agents — engineering, marketing, product, compliance, C-level advisory, research, business operations, commercial & finance, and your daily productivity skills. | Stars: 19,948 | 130 stars today | 语言: Python
AI 资讯
Copilot CLI drops the PAT requirement inside GitHub Actions
GitHub said this week that Copilot CLI, when it runs inside a GitHub Actions workflow, will accept the built-in GITHUB_TOKEN for authentication. Per the July 2 changelog, the previous path required creating and storing a personal access token. The operational read is small and precise: one fewer human-owned credential to mint, rotate and inherit. The exact scope of the change The changelog covers a narrow surface. It applies to Copilot CLI when invoked from a GitHub Actions workflow, and it swaps the required credential from a PAT to the workflow's ambient GITHUB_TOKEN . GitHub does not describe changes to how Copilot CLI authenticates outside Actions, and this post will not extrapolate to those contexts. If your Copilot CLI usage lives on a developer laptop or in another CI system, nothing in this announcement moves for you. Why the PAT was the wrong credential to leave in the loop A personal access token has almost none of the properties you would want from an automation credential. It does not expire on a job boundary. It carries a person's identity, not the workflow's. It sits in Actions secrets long enough to outlive the engineer who created it. And its scopes were chosen by that engineer, at that moment, often wider than the job actually needs. GITHUB_TOKEN is the opposite shape. Actions mints it at the start of a job, scopes it through the workflow's permissions: block, and revokes it when the job ends. If the token leaks, the window for abuse is the runtime of the job, not the years until somebody remembers to rotate it. When the person who wrote the workflow leaves, the pipeline does not silently break because a token expired with their account. For scripted Copilot CLI calls that had to be wrapped in a PAT, that is the whole win. The tool authenticates against the workflow instead of against a human. Wiring it up The workflow-side pattern is the same one every GITHUB_TOKEN -consuming step already follows: declare permissions: explicitly at the job level, k
开源项目
🔥 ModernRelay / omnigraph - Lakehouse native graph engine with git-style workflows
GitHub热门项目 | Lakehouse native graph engine with git-style workflows | Stars: 524 | 47 stars today | 语言: Rust