diff --git a/CHANGELOG.md b/CHANGELOG.md
index 83e675a805f9..2b14dc026042 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,15 @@
# Docs changelog
+**24 November 2025**
+
+We've added a new tutorial on burning down technical debt in a project:
+
+[Using GitHub Copilot to reduce technical debt](https://docs.github.com/en/copilot/tutorials/reduce-technical-debt)
+
+The addition of this tutorial was prompted by a presentation by Brittany Ellich at this year's GitHub Universe conference: [Tackling your tech debt with Copilot coding agent](https://www.youtube.com/watch?v=LafpndhNC_E), and is based on a GitHub community post by Akash Sharma: [Stop Letting Technical Debt Slow You Down](https://github.com/orgs/community/discussions/178975).
+
+
+
**13 November 2025**
We've published a new tutorial on [using custom instructions for Copilot code review](https://docs.github.com/copilot/tutorials/use-custom-instructions). In this tutorial you'll learn how to write effective custom instructions that help Copilot provide more relevant and actionable code reviews.
diff --git a/Dockerfile b/Dockerfile
index bee215efbe9b..2573d0924ce9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,7 @@
# ---------------------------------------------------------------
# To update the sha:
# https://github.com/github/gh-base-image/pkgs/container/gh-base-image%2Fgh-base-noble
-FROM ghcr.io/github/gh-base-image/gh-base-noble:20251114-221740-gd084d271e AS base
+FROM ghcr.io/github/gh-base-image/gh-base-noble:20251119-090131-gb27dc275c AS base
# Install curl for Node install and determining the early access branch
# Install git for cloning docs-early-access & translations repos
diff --git a/assets/images/help/copilot/tell-me-about-repo.png b/assets/images/help/copilot/tell-me-about-repo.png
deleted file mode 100644
index 58592bd2a60d..000000000000
Binary files a/assets/images/help/copilot/tell-me-about-repo.png and /dev/null differ
diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
index 674be32e215e..86116bb63743 100644
--- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
@@ -51,6 +51,9 @@ Disallowing {% data variables.product.prodname_GH_sp_cs_and_cq_or_as %} for an o
{% data reusables.enterprise-accounts.advanced-security-organization-policy-drop-down %}
{% data reusables.enterprise-accounts.advanced-security-individual-organization-policy-drop-down %}
+> [!NOTE]
+> If {% data variables.product.prodname_actions %} is not available for an organization, {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_code_quality %} will be unable to run even if they are made available with this policy. See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#policies).
+
{% ifversion ghec %}
## Enforcing a policy for visibility of dependency insights
diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
index d0e05f6d428c..0893a68bfc96 100644
--- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
@@ -31,6 +31,8 @@ Enterprise policies control the options that are available to enterprise members
If you don't enforce enterprise policies, organization owners{% ifversion custom-org-roles %} and users with the "Manage organization Actions policies" permission{% endif %} have full control over {% data variables.product.prodname_actions %} for their organizations.
+> [!NOTE] {% data variables.product.prodname_actions %} must be enabled for repositories in an organization for the {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} default setup and {% data variables.product.prodname_code_quality %} workflows to run. However, the {% data variables.product.prodname_codeql %} default setup for {% data variables.product.prodname_code_scanning %} is not affected by other {% data variables.product.prodname_actions %} policies (such as restricting access to public actions or reusable workflows).
+
## Enforcing policies
{% data reusables.enterprise-accounts.access-enterprise %}
@@ -48,7 +50,14 @@ In the "Policies" section, you can control which organizations within your enter
* Enable {% data variables.product.prodname_actions %} for specific organizations
* Disable {% data variables.product.prodname_actions %} for all organizations
-You can also limit the use of public actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}, with the following options:
+> [!NOTE]
+> If you disable {% data variables.product.prodname_actions %}, or do not enable the feature for one or more organizations, this blocks affected organizations from using {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_code_quality %} analysis.
+
+### Controlling access to public actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %}
+
+Enterprises often want to limit access to only a well-tested group of public actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %} as part of their supply chain governance. The policies available in {% data variables.product.github %} allow you to control access without blocking the dynamic workflows used by {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_code_quality %}.
+
+You can enforce strict controls without defining exceptions or additional configuration for {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_code_quality %}, with the following options:
* **Allow all actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}:** Any action {% ifversion actions-workflow-policy %}or reusable workflow{% endif %} can be used, regardless of who authored it or where it is defined.
* **Allow enterprise actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}:** Only actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %} defined in a repository within the enterprise can be used. {% ifversion ghec %}Blocks all access to actions authored by {% data variables.product.prodname_dotcom %}, such as the [`actions/checkout`](https://github.com/actions/checkout) action.{% endif %}
diff --git a/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md
index 505f2dc300aa..98ccf11b8b1a 100644
--- a/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md
+++ b/content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md
@@ -44,6 +44,26 @@ Due to risk of failure and performance impact for all users of your instance, we
> [!NOTE]
> To avoid rejection of a push due to a timeout, all combined pre-receive hooks should run in under five seconds.
+## Pre-receive hook timeouts
+
+Pre-receive hooks in {% data variables.product.prodname_ghe_server %} have a fixed timeout budget of 5 seconds (shared across all hooks). This is intentional design to prevent resource exhaustion from long-running hooks and to prevent runaway scripts from blocking repository operations indefinitely.
+
+All pre-receive hooks for a repository share a **cumulative timeout budget**:
+- If hook A takes 3 seconds, hook B gets 2 seconds remaining (from 5 second default)
+- If hook A times out at 5 seconds, hook B never executes
+
+> [!IMPORTANT]
+> Pre-receive hook timeouts are handled differently from exit codes:
+> - **Exit codes**: Enforcement configuration is honored (non-enforced hooks don't block pushes)
+> - **Timeouts**: Push may fail regardless of enforcement configuration
+
+### Timeout behavior
+
+Scenario | Enforcement = Enabled | Enforcement = Disabled/Testing
+----------|----------------------|--------------------------------
+Exit code ≠ 0 | Push rejected | Push continues (warning only)
+Timeout exceeded | Push rejected | Warning + push may still fail
+
{% ifversion ghes > 3.16 %}
{% data reusables.repositories.push-rule-and-prereceive-hooks %}
diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md
index dfc96c67a483..a009953a3e29 100644
--- a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md
+++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md
@@ -20,7 +20,7 @@ Your JWT must be signed using the `RS256` algorithm and must contain the followi
|---|---|---|
|`iat`| Issued At | The time that the JWT was created. To protect against clock drift, we recommend that you set this 60 seconds in the past and ensure that your server's date and time is set accurately (for example, by using the Network Time Protocol). |
|`exp`| Expires At | The expiration time of the JWT, after which it can't be used to request an installation token. The time must be no more than 10 minutes into the future. |
-|`iss`| Issuer | The client ID or application ID of your {% data variables.product.prodname_github_app %}. This value is used to find the right public key to verify the signature of the JWT. You can find your app's IDs on the settings page for your {% data variables.product.prodname_github_app %}. Use of the client ID is recommended. For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration#navigating-to-your-github-app-settings).|
+|`iss`| Issuer | The {% ifversion client-id-for-app %}client ID or {% endif %}application ID of your {% data variables.product.prodname_github_app %}. This value is used to find the right public key to verify the signature of the JWT. You can find your app's ID{% ifversion client-id-for-app %}s{% endif %} on the settings page for your {% data variables.product.prodname_github_app %}.{% ifversion client-id-for-app %} Use of the client ID is recommended.{% endif %} For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration#navigating-to-your-github-app-settings).|
|`alg`| Message authentication code algorithm | This should be `RS256` since your JWT must be signed using the `RS256` algorithm. |
To use a JWT, pass it in the `Authorization` header of an API request. For example:
@@ -47,7 +47,7 @@ Most programming languages have a package that can generate a JWT. In all cases,
> [!NOTE]
> You must run `gem install jwt` to install the `jwt` package in order to use this script.
-In the following example, replace `YOUR_PATH_TO_PEM` with the file path where your private key is stored. Replace `YOUR_CLIENT_ID` with the ID of your app. Make sure to enclose the values for `YOUR_PATH_TO_PEM` and `YOUR_CLIENT_ID` in double quotes.
+In the following example, replace `YOUR_PATH_TO_PEM` with the file path where your private key is stored. Replace {% ifversion client-id-for-app %}`YOUR_CLIENT_ID`{% else %}`YOUR_APP_ID`{% endif %} with the ID of your app. Make sure to enclose the values for `YOUR_PATH_TO_PEM` and {% ifversion client-id-for-app %}`YOUR_CLIENT_ID`{% else %}`YOUR_APP_ID`{% endif %} in double quotes.
```ruby
require 'openssl'
@@ -63,10 +63,11 @@ payload = {
iat: Time.now.to_i - 60,
# JWT expiration time (10 minute maximum)
exp: Time.now.to_i + (10 * 60),
-
+ {% ifversion client-id-for-app %}
# {% data variables.product.prodname_github_app %}'s client ID
- iss: "YOUR_CLIENT_ID"
-
+ iss: "YOUR_CLIENT_ID"{% else %}
+# {% data variables.product.prodname_github_app %}'s app ID
+ iss: "YOUR_APP_ID"{% endif %}
}
jwt = JWT.encode(payload, private_key, "RS256")
@@ -92,12 +93,19 @@ if len(sys.argv) > 1:
else:
pem = input("Enter path of private PEM file: ")
+{% ifversion client-id-for-app %}
# Get the Client ID
if len(sys.argv) > 2:
client_id = sys.argv[2]
else:
client_id = input("Enter your Client ID: ")
-
+{% else %}
+# Get the App ID
+if len(sys.argv) > 2:
+ app_id = sys.argv[2]
+else:
+ app_id = input("Enter your APP ID: ")
+{% endif %}
# Open PEM
with open(pem, 'rb') as pem_file:
@@ -108,9 +116,11 @@ payload = {
'iat': int(time.time()),
# JWT expiration time (10 minutes maximum)
'exp': int(time.time()) + 600,
-
+ {% ifversion client-id-for-app %}
# {% data variables.product.prodname_github_app %}'s client ID
- 'iss': client_id
+ 'iss': client_id{% else %}
+ # {% data variables.product.prodname_github_app %}'s app ID
+ 'iss': app_id{% endif %}
}
@@ -125,14 +135,16 @@ This script will prompt you for the file path where your private key is stored a
### Example: Using Bash to generate a JWT
> [!NOTE]
-> You must pass your Client ID and the file path where your private key is stored as arguments when running this script.
+> You must pass your {% ifversion client-id-for-app %}Client ID{% else %}App ID{% endif %} and the file path where your private key is stored as arguments when running this script.
```bash copy
#!/usr/bin/env bash
-set -o pipefail
+{% ifversion client-id-for-app %}
client_id=$1 # Client ID as first argument
-
+{% else %}
+app_id=$1 # App ID as first argument
+{% endif %}
pem=$( cat $2 ) # file path of the private key as second argument
now=$(date +%s)
@@ -151,7 +163,7 @@ header=$( echo -n "${header_json}" | b64enc )
payload_json="{
\"iat\":${iat},
\"exp\":${exp},
- \"iss\":\"${client_id}\"
+ {% ifversion client-id-for-app %}\"iss\":\"${client_id}\"{% else %}\"iss\":\"${app_id}\"{% endif %}
}"
# Payload encode
payload=$( echo -n "${payload_json}" | b64enc )
@@ -170,13 +182,16 @@ printf '%s\n' "JWT: $JWT"
### Example: Using PowerShell to generate a JWT
-In the following example, replace `YOUR_PATH_TO_PEM` with the file path where your private key is stored. Replace `YOUR_CLIENT_ID` with the ID of your app. Make sure to enclose the values for `YOUR_PATH_TO_PEM` in double quotes.
+In the following example, replace `YOUR_PATH_TO_PEM` with the file path where your private key is stored. Replace {% ifversion client-id-for-app %}`YOUR_CLIENT_ID`{% else %}`YOUR_APP_ID`{% endif %} with the ID of your app. Make sure to enclose the values for `YOUR_PATH_TO_PEM` in double quotes.
```powershell copy
#!/usr/bin/env pwsh
+{% ifversion client-id-for-app %}
$client_id = YOUR_CLIENT_ID
-
+{% else %}
+$app_id = YOUR_APP_ID
+{% endif %}
$private_key_path = "YOUR_PATH_TO_PEM"
$header = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
@@ -187,7 +202,7 @@ $header = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((Conve
$payload = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
iat = [System.DateTimeOffset]::UtcNow.AddSeconds(-10).ToUnixTimeSeconds()
exp = [System.DateTimeOffset]::UtcNow.AddMinutes(10).ToUnixTimeSeconds()
- iss = $client_id
+ {% ifversion client-id-for-app %}iss = $client_id{% else %}iss = $app_id{% endif %}
}))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
$rsa = [System.Security.Cryptography.RSA]::Create()
diff --git a/content/billing/concepts/cost-centers.md b/content/billing/concepts/cost-centers.md
index 034ce454799b..894eac856c2e 100644
--- a/content/billing/concepts/cost-centers.md
+++ b/content/billing/concepts/cost-centers.md
@@ -35,3 +35,4 @@ For more details, see [AUTOTITLE](/billing/reference/cost-center-allocation).
* The maximum number of resources per cost center is 10,000.
* A maximum of 50 resources can be added to or removed from a cost center at a time.
* Azure subscriptions can only be added to or removed from cost centers through the UI.
+* Outside collaborators can only be added to cost centers via the cost center API. For more information, see [AUTOTITLE](/billing/tutorials/control-costs-at-scale#add-resources-to-the-cost-center).
diff --git a/content/code-security/code-quality/concepts/about-code-quality.md b/content/code-security/code-quality/concepts/about-code-quality.md
index a0996b24ddd4..6d9b4bcd87b3 100644
--- a/content/code-security/code-quality/concepts/about-code-quality.md
+++ b/content/code-security/code-quality/concepts/about-code-quality.md
@@ -42,7 +42,7 @@ With {% data variables.product.prodname_code_quality_short %}, you can:
{% data reusables.code-quality.codeql-supported-languages %}
-Code quality problems in other languages are detected by AI analysis alone. For more information on analysis, see [AUTOTITLE](/code-security/code-quality/responsible-use/code-quality).
+{% data variables.product.prodname_code_quality_short %} also performs AI-powered analysis with results displayed separately on the "**{% data variables.code-quality.recent_suggestions %}**" repository dashboard. Unlike the rule-based {% data variables.product.prodname_codeql %} analysis that scans the entire codebase and pull requests, this AI-powered analysis only examines files recently pushed to the default branch and may identify issues in languages beyond those listed above. For more information, see [AUTOTITLE](/code-security/code-quality/responsible-use/code-quality).
## Understanding where {% data variables.product.prodname_code_quality_short %} findings appear after enablement
diff --git a/content/code-security/code-quality/get-started/quickstart.md b/content/code-security/code-quality/get-started/quickstart.md
index f75d6679cc8f..d83df156c546 100644
--- a/content/code-security/code-quality/get-started/quickstart.md
+++ b/content/code-security/code-quality/get-started/quickstart.md
@@ -21,7 +21,7 @@ In this tutorial, you’ll learn how to identify and fix a code quality finding
### Prerequisites
* {% data variables.product.prodname_code_quality %} must be enabled for your repository and you must have code in a supported language. See [AUTOTITLE](/code-security/code-quality/how-tos/enable-code-quality).
-* If you're enabling {% data variables.product.prodname_code_quality %} for the first time, ensure you've waited a few minutes after enablement for a scan of the default branch to complete.
+* If you're enabling {% data variables.product.prodname_code_quality %} for the first time, ensure you've waited a few minutes after enablement for a full {% data variables.product.prodname_codeql %} scan of the default branch to complete.
## Review scan results for your default branch
@@ -30,7 +30,7 @@ In your repository, go to the **Security** tab, click **{% data variables.code-q
Here you'll see:
* Ratings for the **Reliability** and **Maintainability** of your codebase, which help you understand your code health at a glance.
-* A **results list** of all the quality issues detected on your default branch, which are grouped by rule and language.
+* A **results list** of all the quality issues detected by a {% data variables.product.prodname_codeql %}-powered analysis on your default branch, which are grouped by rule and language.
diff --git a/content/code-security/code-quality/how-tos/interpret-results.md b/content/code-security/code-quality/how-tos/interpret-results.md
index ec56aab213b0..23869a52345b 100644
--- a/content/code-security/code-quality/how-tos/interpret-results.md
+++ b/content/code-security/code-quality/how-tos/interpret-results.md
@@ -50,6 +50,8 @@ Code quality results should always be interpreted in the context of your reposit
* Repositories with a lot of generated code may have many maintenance results, lowering the rating for maintainability. This is not a problem if the source code itself is maintainable.
* Large repositories with a lot of code in a fully supported language often have many results even if the majority of the code has good maintainability and reliability standards.
+To learn more about the metrics and how the ratings are calculated, see [AUTOTITLE](/code-security/code-quality/reference/metrics-and-ratings).
+
## Next steps
* Remediate quality findings in your default branch and improve the maintainability and reliability rating for your repository. See [AUTOTITLE](/code-security/code-quality/tutorials/improve-your-codebase).
diff --git a/content/code-security/code-quality/tutorials/fix-findings-in-prs.md b/content/code-security/code-quality/tutorials/fix-findings-in-prs.md
index 7c7c41089304..3a9ffe17c743 100644
--- a/content/code-security/code-quality/tutorials/fix-findings-in-prs.md
+++ b/content/code-security/code-quality/tutorials/fix-findings-in-prs.md
@@ -26,9 +26,9 @@ Catching code quality issues early keeps your team's codebase in shape. {% data
## 1. Understand how {% data variables.product.prodname_code_quality %} works on pull requests
-When you open a pull request, {% data variables.product.prodname_code_quality %} automatically scans your changes for quality issues like those described above.
+When you open a pull request, {% data variables.product.prodname_code_quality %} uses {% data variables.product.prodname_codeql %} to automatically scan your changes for quality issues like those described above.
-The results of the scan are reported as comments on your pull request, left by the `{% data variables.code-quality.pr_commenter %}`. Each comment corresponds to a specific code quality problem that was detected in your changes, and comes with a suggested autofix.
+The results of the {% data variables.product.prodname_codeql %} scan are reported as comments on your pull request, left by the `{% data variables.code-quality.pr_commenter %}`. Each comment corresponds to a specific code quality problem that was detected in your changes, and comes with a suggested autofix.
Comments are labeled by severity (**Error**, **Warning**, **Note**), so you can see which findings are the most critical to address.
diff --git a/content/code-security/code-quality/tutorials/improve-recent-merges.md b/content/code-security/code-quality/tutorials/improve-recent-merges.md
index 34def7636762..221ada52a503 100644
--- a/content/code-security/code-quality/tutorials/improve-recent-merges.md
+++ b/content/code-security/code-quality/tutorials/improve-recent-merges.md
@@ -17,7 +17,7 @@ redirect_from:
## Introduction
-This tutorial shows you how to explore and remediate quality issues that have been detected by {% data variables.product.prodname_code_quality_short %}'s analysis of code that was recently merged into your default branch.
+This tutorial shows you how to explore and remediate quality issues that have been detected by {% data variables.product.prodname_code_quality_short %}'s AI-powered analysis of code that was recently merged into your default branch.
When you improve quality of recently merged files, you reduce technical debt in the repository and make it easier for other developers to work on files that are under active development.
diff --git a/content/code-security/code-quality/tutorials/improve-your-codebase.md b/content/code-security/code-quality/tutorials/improve-your-codebase.md
index 73f1a6c9c194..fe1e7c19e29a 100644
--- a/content/code-security/code-quality/tutorials/improve-your-codebase.md
+++ b/content/code-security/code-quality/tutorials/improve-your-codebase.md
@@ -20,7 +20,7 @@ This tutorial guides you through using {% data variables.product.prodname_code_q
### Prerequisites
* {% data variables.product.prodname_code_quality_short %} is enabled for your repository. See [AUTOTITLE](/code-security/code-quality/how-tos/enable-code-quality).
-* A full scan of the default branch has completed.
+* If you're enabling {% data variables.product.prodname_code_quality %} for the first time, ensure you've waited a few minutes after enablement for a full {% data variables.product.prodname_codeql %} scan of the default branch to complete.
## 1. Assess your repository's overall code health
diff --git a/content/copilot/concepts/agents/code-review.md b/content/copilot/concepts/agents/code-review.md
index 1580e239df44..5d428c67f997 100644
--- a/content/copilot/concepts/agents/code-review.md
+++ b/content/copilot/concepts/agents/code-review.md
@@ -26,7 +26,28 @@ category:
This article provides an overview of {% data variables.copilot.copilot_code-review_short %}. For instructions on how to request a code review from {% data variables.product.prodname_copilot_short %}, see [AUTOTITLE](/copilot/how-tos/agents/copilot-code-review/using-copilot-code-review).
-### {% data variables.copilot.copilot_code-review-tools-preview_cap %}
+## Availability
+
+{% data variables.copilot.copilot_code-review_short %} is supported in:
+
+* {% data variables.product.prodname_dotcom_the_website %}
+* {% data variables.product.prodname_mobile %}
+* {% data variables.product.prodname_vscode_shortname %}
+* {% data variables.product.prodname_vs %}
+* Xcode
+* JetBrains IDEs
+
+{% data variables.copilot.copilot_code-review_short %} is a premium feature, available with the {% data variables.copilot.copilot_pro_short %}, {% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_business_short %}, and {% data variables.copilot.copilot_enterprise_short %} plans. See [Copilot plans](https://github.com/features/copilot/plans?ref_product=copilot&ref_type=purchase&ref_style=text).
+
+If you receive {% data variables.product.prodname_copilot_short %} from an organization then, to be able to request a pull request review from {% data variables.product.prodname_copilot_short %} on {% data variables.product.prodname_dotcom_the_website %} or in {% data variables.product.prodname_mobile %}, the **{% data variables.copilot.copilot_code-review_short %}** option must be enabled in the {% data variables.product.prodname_copilot_short %} policy settings for the organization. See [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization).
+
+## Excluded files
+
+Dependency management files (such as package.json and Gemfile.lock) and certain other types of files (such as log files and SVGs) are excluded from {% data variables.copilot.copilot_code-review_short %}. If you include any of these files in a pull request, {% data variables.copilot.copilot_code-review_short %} will not consider the file when carrying out the review. Similarly, using {% data variables.copilot.copilot_code-review_short %} on one of these files in your IDE, will not generate review comments.
+
+For more information, see [AUTOTITLE](/copilot/reference/review-excluded-files).
+
+## {% data variables.copilot.copilot_code-review-tools-preview_cap %}
> [!NOTE]
>
@@ -50,21 +71,6 @@ In the event that {% data variables.product.prodname_actions %} is unavailable o
>
> Usage charges will apply when the feature becomes generally available.
-## Availability
-
-{% data variables.copilot.copilot_code-review_short %} is supported in:
-
-* {% data variables.product.prodname_dotcom_the_website %}
-* {% data variables.product.prodname_mobile %}
-* {% data variables.product.prodname_vscode_shortname %}
-* {% data variables.product.prodname_vs %}
-* Xcode
-* JetBrains IDEs
-
-{% data variables.copilot.copilot_code-review_short %} is a premium feature, available with the {% data variables.copilot.copilot_pro_short %}, {% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_business_short %}, and {% data variables.copilot.copilot_enterprise_short %} plans. See [Copilot plans](https://github.com/features/copilot/plans?ref_product=copilot&ref_type=purchase&ref_style=text).
-
-If you receive {% data variables.product.prodname_copilot_short %} from an organization then, to be able to request a pull request review from {% data variables.product.prodname_copilot_short %} on {% data variables.product.prodname_dotcom_the_website %} or in {% data variables.product.prodname_mobile %}, the **{% data variables.copilot.copilot_code-review_short %}** option must be enabled in the {% data variables.product.prodname_copilot_short %} policy settings for the organization. See [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization).
-
## Code review monthly quota
Each time {% data variables.product.prodname_copilot_short %} reviews a pull request, or reviews code in your IDE, your monthly quota of Copilot premium requests is reduced by one.
diff --git a/content/copilot/reference/ai-models/model-hosting.md b/content/copilot/reference/ai-models/model-hosting.md
index 2aa0dfbc9845..498e0558fa97 100644
--- a/content/copilot/reference/ai-models/model-hosting.md
+++ b/content/copilot/reference/ai-models/model-hosting.md
@@ -46,11 +46,20 @@ Used for:
## Anthropic models
+
+
+
+
+{% data reusables.copilot.claude-promo-period %} See [Model multipliers](/copilot/reference/ai-models/supported-models#model-multipliers).
+
+
+
Used for:
* {% data variables.copilot.copilot_claude_haiku_45 %}
* {% data variables.copilot.copilot_claude_sonnet_45 %}
* {% data variables.copilot.copilot_claude_opus_41 %}
+* {% data variables.copilot.copilot_claude_opus_45 %}
* {% data variables.copilot.copilot_claude_sonnet_40 %}
These models are hosted by Amazon Web Services, Anthropic PBC, and Google Cloud Platform. {% data variables.product.github %} has provider agreements in place to ensure data is not used for training. Additional details for each provider are included below:
@@ -80,8 +89,6 @@ When using {% data variables.copilot.copilot_gemini %} models, input prompts and
{% data reusables.copilot.grok-promo-period %}
-Complimentary access to Grok Code Fast 1 is continuing past the previously announced end time. A new end date has not been set. We may update or conclude this promotion at any time. Regular pricing applies after the extension ends. See [AUTOTITLE](/copilot/reference/ai-models/supported-models#model-multipliers).
-
These models are hosted on xAI. xAI operates {% data variables.copilot.copilot_grok_code %} in {% data variables.product.prodname_copilot %} under a zero data retention API policy. This means xAI commits that user content (both inputs sent to the model and outputs generated by the model):
Will **not** be:
diff --git a/content/copilot/reference/ai-models/supported-models.md b/content/copilot/reference/ai-models/supported-models.md
index bb200cd4e228..e45b20d77846 100644
--- a/content/copilot/reference/ai-models/supported-models.md
+++ b/content/copilot/reference/ai-models/supported-models.md
@@ -98,6 +98,14 @@ Each model has a premium request multiplier, based on its complexity and resourc
For more information about premium requests, see [AUTOTITLE](/copilot/managing-copilot/monitoring-usage-and-entitlements/about-premium-requests).
+
+
+
+
+{% data reusables.copilot.claude-promo-period %}
+
+
+
{% data reusables.copilot.model-multipliers %}
## Next steps
diff --git a/content/copilot/reference/index.md b/content/copilot/reference/index.md
index 2f9e400bf016..5cf4d79e94f5 100644
--- a/content/copilot/reference/index.md
+++ b/content/copilot/reference/index.md
@@ -17,6 +17,7 @@ children:
- /metrics-data
- /copilot-billing
- /agentic-audit-log-events
+ - /review-excluded-files
- /copilot-usage-metrics
contentType: reference
---
diff --git a/content/copilot/reference/review-excluded-files.md b/content/copilot/reference/review-excluded-files.md
new file mode 100644
index 000000000000..4a651c87749f
--- /dev/null
+++ b/content/copilot/reference/review-excluded-files.md
@@ -0,0 +1,86 @@
+---
+title: Files excluded from {% data variables.copilot.copilot_code-review %}
+shortTitle: Review excluded files
+intro: 'Understand the types of files that are excluded from a review by {% data variables.product.prodname_copilot_short %}.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+category:
+ - Author and optimize with Copilot
+contentType: reference
+---
+
+Certain types of files are excluded from {% data variables.copilot.copilot_code-review_short %}. These include dependency management files, log files, SVG files, and files in locations typically reserved for vendor files or automatically generated files.
+
+If you include any of these files in a pull request, {% data variables.copilot.copilot_code-review_short %} will not consider the file when carrying out the review. Similarly, using {% data variables.copilot.copilot_code-review_short %} on one of these files in your IDE, will not generate review comments.
+
+This is an example of some of the files that are excluded from {% data variables.copilot.copilot_code-review_short %}:
+
+* `.gitignore`
+* `package-lock.json`
+* `yarn.lock`
+* `jest.config.js`
+* `next.config.js`
+* `tailwind.config.js`
+* `tsconfig.json`
+* `requirements.txt`
+* `Pipfile.lock`
+* `Gemfile.lock`
+* `composer.lock`
+* `Cargo.lock`
+* `go.sum`
+* `paket.lock`
+* `pubspec.lock`
+* `stack.yaml`
+* `elm.json`
+* `Project.toml`
+* `Manifest.toml`
+* `renv.lock`
+* `build.sbt`
+* `Package.resolved`
+* `deps.edn`
+* `build.gradle`
+* `mix.lock`
+* `build.gradle.kts`
+* `cpanfile`
+* `Podfile.lock`
+* `conanfile.txt`
+* `info.rkt`
+* `rockspec`
+* `opam`
+* `rebar.config`
+* `nimble`
+* `shard.yml`
+* `dub.json`
+* `dub.sdl`
+* `GPR`
+* `Mason.toml`
+* `fpm.toml`
+* `pack.pl`
+* `baseline.st`
+* `PacletInfo.m`
+* `info.ss`
+* `Jpkg`
+* `box.json`
+* `GNAVI.xml`
+
+Files matching these patterns are also excluded:
+
+* `**/*.svg`
+* `**/*.log`
+* `**/*.lock`
+* `**/go.sum`
+* `**/*.ipynb.raw.html`
+* `**/dist/**/*`
+* `**/node_modules/**/*`
+* `**/*.min.js`
+* `**/*.d.ts`
+* `**/coverage/**/*`
+* `**/*.bundle.js`
+* `**/*.map`
+* `**/out/**/*`
+* `**/vendor/**/*`
+* `**/bin/**/*`
+* `**/generated/**/*`
+* `**/generated-sources/**/*`
diff --git a/content/copilot/tutorials/index.md b/content/copilot/tutorials/index.md
index 0e4ebdf44c72..e60355bcb8a2 100644
--- a/content/copilot/tutorials/index.md
+++ b/content/copilot/tutorials/index.md
@@ -21,6 +21,7 @@ children:
- /explore-pull-requests
- /write-tests
- /refactor-code
+ - /optimize-code-reviews
- /reduce-technical-debt
- /review-ai-generated-code
- /learn-a-new-language
diff --git a/content/copilot/tutorials/optimize-code-reviews.md b/content/copilot/tutorials/optimize-code-reviews.md
new file mode 100644
index 000000000000..e0fc72219ee4
--- /dev/null
+++ b/content/copilot/tutorials/optimize-code-reviews.md
@@ -0,0 +1,229 @@
+---
+title: Build an optimized review process with {% data variables.product.prodname_copilot_short %}
+allowTitleToDifferFromFilename: true
+shortTitle: Optimize code reviews
+intro: Automate reviews with {% data variables.product.prodname_copilot_short %} to optimize and improve your review process.
+product: '{% data variables.copilot.copilot_code-review_short %} is available for {% data variables.copilot.copilot_pro_short %}, {% data variables.copilot.copilot_pro_plus %}, {% data variables.copilot.copilot_business_short %} and {% data variables.copilot.copilot_enterprise_short %}. See [Copilot plans](https://github.com/features/copilot/plans?ref_product=copilot&ref_type=purchase&ref_style=text).'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+contentType: tutorials
+category:
+ - Accelerate PR velocity
+ - Author and optimize with Copilot
+redirect_from:
+ - /copilot/tutorials/optimize-reviews-with-copilot
+---
+
+## Introduction
+
+Code reviews are more efficient when you spend less time on minor implementation details, such as naming and style conventions, and instead focus your effort on higher level design, problem solving, and functionality that meets user needs.
+
+In this article, we'll show how automatic reviews from {% data variables.product.prodname_copilot_short %} can help optimize your review process so you spend less time on minor changes and more time on nuanced problem solving and deeper understanding for implementation that's not simply adequate, but skillfully meets user needs.
+
+## 1. Improve review quality from {% data variables.product.prodname_copilot_short %}
+
+{% data variables.copilot.copilot_code-review_short %} can provide automated reviews for all pull requests in your repository and make reviewing more efficient by catching changes you don't want in your code. When paired with custom instructions, {% data variables.copilot.copilot_code-review_short %} is more effective because it can provide responses that are tailored to the way your team works, the tools you use, or the specifics of your project.
+
+Best practices for writing custom instructions include:
+* Distinct headings
+* Bullet points
+* Short, direct instructions
+
+Let's look at an example. If you're building an order processing system using Python, your custom instructions may include Python-specific formatting, performance, and secure coding practices, as well as guidance directly relevant to your project. The following example shows what a few of the lines of your custom instructions might look like.
+
+```markdown
+## Repository context
+- This repository implements an order processing system (order intake, payment, fulfillment) where correctness, security, and auditability are critical.
+
+## Style and conventions
+- Follow the PEP 8 and PEP 257 style guide for Python.
+- Use clear, domain-relevant names (orders, payments, inventory, customers, shipments).
+- Prefer small, focused functions and methods with clearly defined responsibilities.
+
+## Secure coding
+- Verify proper input validation and sanitization.
+- Review authentication and authorization logic.
+
+## Error handling guidelines
+- Handle timeouts and network errors gracefully.
+- Ensure failures are logged with enough detail for debugging.
+
+## Order processing context
+- Ensure order creation, payment handling, and updates are idempotent to avoid duplicate orders or duplicate charges.
+- Validate and normalize all order, payment, and customer data before persisting or acting on it.
+- Do not log or persist sensitive data (passwords, raw payment details, full identifiers) without hashing, encryption, or redaction.
+- Call out obvious performance issues in core order workflows (e.g., N+1 queries, per-order synchronous network calls) and suggest simpler, more efficient alternatives.
+
+## Review style
+- Be concise, specific and actionable.
+- Explain the "why" behind recommendations using bullet points.
+```
+
+In the next section, we'll walk through how our example custom instructions can positively impact the review comments {% data variables.product.prodname_copilot_short %} provides for a pull request.
+
+## 2. Automate reviews to address style conventions and performance
+
+When automatic {% data variables.copilot.copilot_code-review_short %} is enabled, {% data variables.product.prodname_copilot_short %} will automatically review a pull request once it's out of draft mode.
+
+Imagine you submit a pull request that includes the following function to update inventory in your order processing system.
+
+```python
+def notify_inventory(product_id, quantity):
+ requests.post("http://inventory-service/update", json={"product_id": product_id, "quantity": quantity})
+```
+
+While this is functional, it lacks clarity and robustness. The intent of types are implicit, there are no docstrings, and it does not include error handling or logging, which makes it unclear whether the notification actually worked.
+
+{% data variables.product.prodname_copilot_short %} would review the code and may make the following comment and code suggestion.
+
+{% data reusables.copilot.example-prompts.response-is-an-example %}
+
+```copilot
+Missing error handling for network calls
+
+The notify_inventory function makes a synchronous network call without any error handling for timeouts, connection failures, or non-200 responses.
+
+Why this matters:
+
+- Network failures will cause unhandled exceptions and crash the order processing flow
+- Orders could be marked as CONFIRMED but inventory never gets updated
+- This violates the requirement to "handle timeouts and network errors gracefully"
+- Failures won't be logged with enough detail for debugging
+
+Recommendation: Add proper error handling with timeout and logging:
+```
+
+```python
+def notify_inventory(product_id: str, quantity: int) -> bool:
+ """Notify the inventory service of order placement.
+
+ Args:
+ product_id: The product identifier.
+ quantity: The quantity ordered.
+
+ Returns:
+ True if the notification succeeded; False otherwise.
+ """
+ try:
+ response = requests.post(
+ "http://inventory-service/update",
+ json={"product_id": product_id, "quantity": quantity},
+ timeout=5,
+ )
+ response.raise_for_status()
+ logger.info(
+ "Inventory notified for product %s, quantity %d (status %d)",
+ product_id,
+ quantity,
+ response.status_code,
+ )
+ return True
+ except requests.exceptions.Timeout:
+ logger.error(
+ "Timeout notifying inventory for product %s, quantity %d",
+ product_id,
+ quantity,
+ exc_info=True,
+ )
+ except requests.exceptions.RequestException:
+ logger.error(
+ "Failed to notify inventory for product %s, quantity %d",
+ product_id,
+ quantity,
+ exc_info=True,
+ )
+ return False
+```
+
+The response from {% data variables.product.prodname_copilot_short %} follows guidance from your custom instructions in its recommendation. In this example, it follows the PEP 8 and 257 style guidance for Python and suggests an improvement to better handle timeouts and error logging, while concisely explaining the reasoning behind the suggestions.
+
+> [!NOTE] Always carefully review {% data variables.product.prodname_copilot_short %}'s suggestions before accepting and committing.
+
+Automatic review comments like these support you in building your own understanding when you're coding or can help you focus and narrow feedback given to others when reviewing.
+
+
+## 3. Flag security vulnerabilities and fix them
+
+Next, imagine you've been tasked to improve how passwords are stored in your order processing system. You submit a pull request with code you thought sufficiently hashed user passwords to protect them.
+
+```python
+def get_password_hash(password: str, salt: str) -> str:
+ """Hash a password with the given salt using SHA-256.
+
+ Returns the hexadecimal representation of the hashed password.
+ """
+ return hashlib.sha256((password + salt).encode()).hexdigest()
+
+
+class User:
+ """Represents a user in the order processing system."""
+
+ def __init__(self, username: str, password: str, salt: str):
+ """Initialize a User with username, password, and salt.
+
+ The password is hashed and stored for authentication.
+ """
+ self.username = username
+ self.salt = salt
+ self.password_hash = get_password_hash(password, self.salt)
+
+ def verify_password(self, password: str) -> bool:
+ """Verify a plain-text password against the stored hash."""
+ return get_password_hash(password, self.salt) == self.password_hash
+```
+
+However, in this example, using SHA-256 is not acceptable as it's not computationally expensive enough to protect user passwords.
+
+While {% data variables.copilot.copilot_code-review_short %} can make security best practice suggestions, {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} takes it a step further. Leveraging the capabilities of {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} analysis to analyze the code in a {% data variables.product.github %} repository and find security vulnerabilities and coding errors, {% data variables.copilot.copilot_autofix_short %} can then suggest fixes for alerts, enabling you to prevent and reduce vulnerabilities more efficiently.
+
+For example, {% data variables.copilot.copilot_autofix_short %} may make the following comment on the code.
+
+```copilot
+Using SHA-256 for password hashing is insecure for authentication systems. SHA-256 is designed to be fast, making it vulnerable to brute-force attacks.
+
+To fix the problem, use a password-specific hashing algorithm like bcrypt, scrypt, or argon2 (e.g., `argon2-cffi` from the PyPI package) which are designed to be slow and include built-in salting mechanisms.
+```
+
+{% data variables.copilot.copilot_autofix_short %} will also make code suggestions for a potential fix to the vulnerability for you to review. In this case, it may make code suggestions, like those below, to import a package and update the code related to hashing the password.
+
+```python
+from argon2 import PasswordHasher
+```
+
+```python
+def get_initial_hash(password: str):
+ ph = PasswordHasher()
+ return ph.hash(password)
+
+def check_password(password: str, known_hash):
+ ph = PasswordHasher()
+ return ph.verify(known_hash, password)
+```
+
+> [!NOTE]
+> * Always verify and validate any changes {% data variables.product.prodname_copilot_short %} suggests before accepting them.
+> * In this example, {% data variables.copilot.copilot_code-review_short %} may also highlight the need to generate unique salts.
+
+As you can see, identifying vulnerabilities automatically, along with suggestions for fixing them, helps you make security a priority. {% data variables.copilot.copilot_autofix_short %} enables you to focus on understanding secure coding and on fixes that work best for your code base and project.
+
+## Optimized reviews with {% data variables.product.prodname_copilot_short %}
+
+Automatic review comments help you optimize your reviews and secure your code more efficiently regardless of your level of experience.
+
+* Custom instructions helped refine the responses from {% data variables.copilot.copilot_code-review_short %} so they were specific to our project and user needs and we also saw how we can tailor how much explanation {% data variables.product.prodname_copilot_short %} provides in feedback.
+* {% data variables.copilot.copilot_code-review_short %} helped us quickly improve our error logging and understand why it mattered.
+* {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} helped us prevent using an insufficient password hashing approach and protect user data.
+
+## Next steps
+
+To make your reviews more efficient and effective using {% data variables.product.prodname_copilot_short %}'s review capabilities, get started by following these steps.
+
+1. Create custom instructions specific to your project and repository. Write your own, or take inspiration from our library of examples. See [AUTOTITLE](/copilot/tutorials/customization-library/custom-instructions).
+1. To enable automatic {% data variables.copilot.copilot_code-review_short %} for your repository, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/request-a-code-review/configure-automatic-review).
+1. To configure {% data variables.copilot.copilot_autofix_short %} for your repo you'll need to enable {% data variables.product.prodname_code_scanning %}. Once {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} analysis is enabled, {% data variables.copilot.copilot_autofix_short %} is enabled by default. For the easiest setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
+
+## Further reading
+
+To go deeper with reviewing AI generated code, see [AUTOTITLE](/copilot/tutorials/review-ai-generated-code).
diff --git a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
index b11722a45be5..be07decf8ef4 100644
--- a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
@@ -52,7 +52,7 @@ You{% ifversion custom-org-roles %}, and any users with the "Edit custom propert
-1. In the modal dialog that appears, select a value for each property you'd like to set for the selected repositories.
+1. In the modal dialog that appears, select a value for each property you'd like to set for the selected repositories. This value cannot exceed 75 characters in length.
1. Click **Save changes**.
## Viewing values for repositories in your organization
diff --git a/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md b/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md
index 1e347cec56b9..b429cf3a4eb0 100644
--- a/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md
+++ b/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md
@@ -24,6 +24,7 @@ When you sign up for a {% data variables.product.prodname_sponsors %} profile so
* [Open Collective Europe](https://opencollective.com/europe)
* [Open Source Collective](https://opencollective.com/opensource)
* [Python Software Foundation](https://www.python.org/psf-landing/)
+* [Radiant Earth](https://radiant.earth/)
* [Software in the Public Interest](https://www.spi-inc.org/)
* [Software Underground](https://softwareunderground.org/)
diff --git a/data/features/client-id-for-app.yml b/data/features/client-id-for-app.yml
new file mode 100644
index 000000000000..7a98fcd59dac
--- /dev/null
+++ b/data/features/client-id-for-app.yml
@@ -0,0 +1,6 @@
+# Reference: #14091
+
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.18'
diff --git a/data/reusables/copilot/chat-previous-conversation.md b/data/reusables/copilot/chat-previous-conversation.md
deleted file mode 100644
index 9f12986f1657..000000000000
--- a/data/reusables/copilot/chat-previous-conversation.md
+++ /dev/null
@@ -1 +0,0 @@
-1. If the panel contains a previous conversation you had with {% data variables.product.prodname_copilot_short %}, click the {% octicon "plus" aria-hidden="true" aria-label="plus" %} plus sign icon at the top right of the {% data variables.product.prodname_copilot_short %} panel to start a new conversation.
diff --git a/data/reusables/copilot/claude-promo-period.md b/data/reusables/copilot/claude-promo-period.md
new file mode 100644
index 000000000000..ea437677b145
--- /dev/null
+++ b/data/reusables/copilot/claude-promo-period.md
@@ -0,0 +1 @@
+> [!Important] {% data variables.copilot.copilot_claude_opus_45 %} has a promotional multiplier of **1** through Friday, December 5, 2025. After that date, the multiplier will change to **3**.
diff --git a/data/reusables/enterprise-onboarding/creating-custom-properties.md b/data/reusables/enterprise-onboarding/creating-custom-properties.md
index 64db02761a57..11a4856beeb6 100644
--- a/data/reusables/enterprise-onboarding/creating-custom-properties.md
+++ b/data/reusables/enterprise-onboarding/creating-custom-properties.md
@@ -25,7 +25,7 @@ You can add custom properties to your enterprise to make those properties availa
{% data reusables.enterprise-accounts.access-enterprise %}
1. In the left sidebar, under "Policies", click **Custom properties**.
1. To add a new custom property, in the upper-right corner, click **New property**.
-1. Enter a name, description, and type for the custom property. The name must be unique across all of your organizations, and cannot contain spaces.
+1. Enter a name, description, and type for the custom property. The name must be unique across all of your organizations, can't contain spaces, and cannot exceed 75 characters in length.
1. Optionally, select **Allow repository actors to set this property**. When enabled, repository users and apps with the repository-level `custom properties` fine-grained permission will be able to set and update the property value for their repository. Additionally, any actor creating a repository can set the property on the repository.
1. Optionally, select **Require this property for all repositories** and add a default value. This means that you require that all repositories in your enterprise have a value for this property. Repositories that don’t have an explicit value for this property will inherit the default value.
1. Click **Save property**.
diff --git a/data/reusables/gated-features/code-scanning.md b/data/reusables/gated-features/code-scanning.md
index bb8c3a6b846a..ea4644d585a5 100644
--- a/data/reusables/gated-features/code-scanning.md
+++ b/data/reusables/gated-features/code-scanning.md
@@ -1,14 +1,4 @@
{% data variables.product.prodname_code_scanning_caps %} is available for the following repository types:
-{%- ifversion fpt %}
* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
-
-{%- elsif ghec %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
-
-{%- elsif ghes %}
-* Organization-owned repositories with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
-
-{% endif %}
+* Organization-owned repositories on {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, or {% data variables.product.prodname_ghe_server %}, with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled.
diff --git a/data/tables/copilot/model-multipliers.yml b/data/tables/copilot/model-multipliers.yml
index 10ce00d0ad46..e84196b9e475 100644
--- a/data/tables/copilot/model-multipliers.yml
+++ b/data/tables/copilot/model-multipliers.yml
@@ -17,6 +17,10 @@
multiplier_paid: 10
multiplier_free: Not applicable
+- name: Claude Opus 4.5
+ multiplier_paid: 1 (**3** after Dec 5, 2025)
+ multiplier_free: Not applicable
+
- name: Claude Sonnet 4
multiplier_paid: 1
multiplier_free: Not applicable
diff --git a/data/tables/copilot/model-release-status.yml b/data/tables/copilot/model-release-status.yml
index 78ef028992e9..d20ba3f0bacc 100644
--- a/data/tables/copilot/model-release-status.yml
+++ b/data/tables/copilot/model-release-status.yml
@@ -82,6 +82,13 @@
ask_mode: true
edit_mode: true
+- name: 'Claude Opus 4.5'
+ provider: 'Anthropic'
+ release_status: 'Public preview'
+ agent_mode: true
+ ask_mode: true
+ edit_mode: true
+
- name: 'Claude Sonnet 4'
provider: 'Anthropic'
release_status: 'GA'
diff --git a/data/tables/copilot/model-supported-clients.yml b/data/tables/copilot/model-supported-clients.yml
index 151dc7bcc116..bb94dddca429 100644
--- a/data/tables/copilot/model-supported-clients.yml
+++ b/data/tables/copilot/model-supported-clients.yml
@@ -29,6 +29,14 @@
xcode: true
jetbrains: true
+- name: Claude Opus 4.5
+ dotcom: true
+ vscode: true
+ vs: false
+ eclipse: false
+ xcode: false
+ jetbrains: false
+
- name: Claude Sonnet 4
dotcom: true
vscode: true
diff --git a/data/tables/copilot/model-supported-plans.yml b/data/tables/copilot/model-supported-plans.yml
index 63d94d9f89dd..c0db26603d48 100644
--- a/data/tables/copilot/model-supported-plans.yml
+++ b/data/tables/copilot/model-supported-plans.yml
@@ -26,6 +26,13 @@
business: false
enterprise: true
+- name: Claude Opus 4.5
+ free: false
+ pro: true
+ pro_plus: true
+ business: true
+ enterprise: true
+
- name: Claude Sonnet 4
free: false
pro: true
diff --git a/data/variables/copilot.yml b/data/variables/copilot.yml
index 07fd47e4c8f5..ca733c518085 100644
--- a/data/variables/copilot.yml
+++ b/data/variables/copilot.yml
@@ -138,6 +138,7 @@ copilot_claude: 'Claude'
copilot_claude_haiku_45: 'Claude Haiku 4.5'
copilot_claude_opus: 'Claude Opus 4'
copilot_claude_opus_41: 'Claude Opus 4.1'
+copilot_claude_opus_45: 'Claude Opus 4.5'
copilot_claude_sonnet: 'Claude Sonnet'
copilot_claude_sonnet_35: 'Claude Sonnet 3.5'
copilot_claude_sonnet_37: 'Claude Sonnet 3.7'
diff --git a/src/landings/components/journey/JourneyLearningTracks.module.scss b/src/landings/components/journey/JourneyLearningTracks.module.scss
index 58e3fff5fda1..44b7dcf89f29 100644
--- a/src/landings/components/journey/JourneyLearningTracks.module.scss
+++ b/src/landings/components/journey/JourneyLearningTracks.module.scss
@@ -1,11 +1,12 @@
-.learningTracks {
+.journeyTracks {
+ margin-bottom: 1rem;
+ margin-left: 1rem;
+}
+
+.trackCard {
border: 1px solid
var(--borderColor-default, var(--color-border-default, #d1d9e0));
border-radius: 12px;
- padding: 1.5rem;
- padding-bottom: 0.75rem;
- margin-bottom: 1rem;
- margin-left: 1rem;
box-shadow:
0px 1px 3px 0px rgba(31, 35, 40, 0.08),
0px 1px 0px 0px rgba(31, 35, 40, 0.06);
@@ -15,6 +16,24 @@
--bgColor-default,
var(--color-canvas-default, #ffffff)
);
+ transition: all 0.2s ease-in-out;
+
+ // journey card hover effect only when the card is not expanded
+ &:not([open]):hover {
+ box-shadow:
+ 0 0.25rem 0.5rem 0 rgba(31, 35, 40, 0.12),
+ 0 0.125rem 0.25rem 0 rgba(31, 35, 40, 0.08);
+ transform: translateY(-2px);
+ background-color: var(--bgColor-muted, var(--color-canvas-subtle));
+ }
+}
+
+.trackSummary {
+ list-style: none;
+ cursor: pointer;
+ display: block;
+ position: relative;
+ padding: 1.5rem 1.5rem 1.75rem 1.5rem;
}
.trackHeader {
@@ -26,25 +45,25 @@
gap: 0.5rem;
}
-.anchorLink {
- color: var(--fgColor-default, var(--color-fg-default, #1f2328));
- text-decoration: none;
-}
-
.trackDescription {
- margin: 0 0 1rem 0;
- color: var(--fgColor-muted, var(--color-fg-muted, #656d76));
+ margin: 0;
+ padding-right: 2rem;
+
+ p {
+ margin: 0;
+ color: var(--fgColor-muted, var(--color-fg-muted, #656d76));
+ }
}
.expandButton {
- top: 0;
- right: 0;
+ top: 1.5rem;
+ right: 1.5rem;
}
.trackGuides {
- margin-top: 1rem;
- margin-bottom: 1rem;
- padding-left: 0;
+ margin-top: 0;
+ margin-bottom: 0;
+ padding: 0 1.5rem 0.75rem 1.5rem;
list-style: none;
counter-reset: guide-counter;
}
@@ -76,11 +95,6 @@
line-height: 1;
}
-.guideLink {
- color: var(--fgColor-accent, var(--color-accent-fg, #0969da));
- text-decoration: none;
-}
-
/* Hide only the timeline line that extends below the last badge, preserve everything else */
.timelineContainer :global(.Timeline-Item:last-child::before) {
background: linear-gradient(
@@ -189,21 +203,20 @@
}
.mobileItem .mobileTile {
- border: 1px solid
- var(--borderColor-default, var(--color-border-default, #d1d9e0));
- border-radius: 12px;
- padding: 1rem;
margin-top: 0.5rem;
text-align: left;
- box-shadow:
- 0px 1px 3px 0px rgba(31, 35, 40, 0.08),
- 0px 1px 0px 0px rgba(31, 35, 40, 0.06);
- position: relative;
- z-index: 3;
- background-color: var(
- --bgColor-default,
- var(--color-canvas-default, #ffffff)
- );
+
+ .trackCard {
+ z-index: 3;
+ }
+
+ .trackSummary {
+ padding: 1rem 1rem 1.75rem 1rem;
+ }
+
+ .trackGuides {
+ padding: 0 1rem 0.75rem 1rem;
+ }
}
/* Desktop: show Timeline component */
diff --git a/src/landings/components/journey/JourneyLearningTracks.tsx b/src/landings/components/journey/JourneyLearningTracks.tsx
index 03997a07873c..20cbcc355b34 100644
--- a/src/landings/components/journey/JourneyLearningTracks.tsx
+++ b/src/landings/components/journey/JourneyLearningTracks.tsx
@@ -1,6 +1,6 @@
/* filepath: /workspaces/docs-internal/src/landings/components/journey/JourneyLearningTracks.tsx */
import { ChevronDownIcon, ChevronUpIcon } from '@primer/octicons-react'
-import { Button, Details, Timeline, Token, useDetails } from '@primer/react'
+import { Details, Timeline, Token, useDetails } from '@primer/react'
import { Link } from '@/frame/components/Link'
import { JourneyTrack } from '@/journeys/lib/journey-path-resolver'
import styles from './JourneyLearningTracks.module.scss'
@@ -14,40 +14,38 @@ export const JourneyLearningTracks = ({ tracks }: JourneyLearningTracksProps) =>
return null
}
- const renderTrackContent = (track: JourneyTrack, trackIndex: number) => {
+ const renderTrackContent = (track: JourneyTrack) => {
const { getDetailsProps, open } = useDetails({})
return (
- <>
-