docs(learning-hub): add v1.0.40 features — /chronicle GA, COPILOT_HOME, autopilot limit, MCP client_credentials, ACP skills

- copilot-configuration-basics.md: document /chronicle command (now GA for all users),
  COPILOT_HOME env var (replaces deprecated --config-dir), and
  --max-autopilot-continues flag (default 5 in v1.0.40)
- understanding-mcp-servers.md: add client_credentials OAuth grant type for
  fully headless MCP server authentication (v1.0.40)
- creating-effective-skills.md: note that skills are available as slash
  commands in ACP clients (e.g. Zed) as of v1.0.40

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

website/src/content/docs/learning-hub/copilot-configuration-basics.md

@@ -3,7 +3,7 @@ title: 'Copilot Configuration Basics'
 description: 'Learn how to configure GitHub Copilot at user, workspace, and repository levels to optimize your AI-assisted development experience.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-04-30
+lastUpdated: 2026-05-02
 estimatedReadingTime: '10 minutes'
 tags:
   - configuration
@@ -374,6 +374,11 @@ Settings: File → Settings → Tools → GitHub Copilot
 
 Configuration file: `~/.copilot-cli/config.json`
 
+> **Configuration directory (v1.0.40+)**: The `COPILOT_HOME` environment variable sets the root directory for all Copilot CLI configuration files. This replaces the `--config-dir` flag, which is now deprecated. Set `COPILOT_HOME` in your shell profile for a persistent override:
+> ```bash
+> export COPILOT_HOME=~/.my-copilot-config
+> ```
+
 ```json
 {
   "editor": "vim",
@@ -463,6 +468,14 @@ The `/undo` command reverts the last turn—including any file changes the agent
 
 Use `/undo` when the agent's last response went in an unwanted direction and you want to try a different approach from that point.
 
+The `/chronicle` command gives you a navigable timeline of everything the agent has done in the session: files created or modified, commands run, tool calls made, and key conversation milestones. It's especially useful for longer sessions where you want to review the agent's work without scrolling back through the full chat:
+
+```
+/chronicle
+```
+
+> **Note**: `/chronicle` (along with session history and file tracking) is now available to all users as of v1.0.40. Previously it required a feature flag.
+
 The `/cd` command changes the working directory for the current session. Each session maintains its own working directory that persists when you switch between sessions:
 
 ```
@@ -541,6 +554,14 @@ The `/allow-all` command (also accessible as `/yolo`) enables autopilot mode, wh
 
 > **Note**: `/allow-all on` permissions persist after `/clear` starts a new session, so you don't need to re-enable it each time.
 
+In autopilot mode, Copilot will continue working through a task autonomously. As of v1.0.40, autopilot mode limits continuation messages to **5 by default** to prevent runaway sessions. You can raise or lower this limit with `--max-autopilot-continues`:
+
+```bash
+copilot --autopilot --max-autopilot-continues 10 "Refactor the auth module"
+```
+
+Set `--max-autopilot-continues 0` to remove the limit entirely (the pre-v1.0.40 behaviour).
+
 > **ACP clients (v1.0.39+)**: ACP clients can also toggle allow-all mode programmatically via session configuration, without issuing a slash command. This is useful for automated pipelines that drive Copilot CLI through the ACP protocol.
 
 The `--effort` flag (shorthand for `--reasoning-effort`) controls how much computational reasoning the model applies to a request:

website/src/content/docs/learning-hub/creating-effective-skills.md

@@ -3,7 +3,7 @@ title: 'Creating Effective Skills'
 description: 'Master the art of writing reusable, shareable skill folders that deliver consistent results across your team.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-02-26
+lastUpdated: 2026-05-02
 estimatedReadingTime: '9 minutes'
 tags:
   - skills
@@ -347,7 +347,7 @@ Use [scripts/parse-test-output.sh](scripts/parse-test-output.sh) to extract stru
 
 **Q: How do I invoke a skill?**
 
-A: Skills can be invoked in two ways. Users can type the skill name as a `/command` in VS Code Chat (e.g., `/generate-tests`). Agents can also discover and invoke skills automatically based on the skill's description and the user's intent.
+A: Skills can be invoked in three ways. Users can type the skill name as a `/command` in VS Code Chat (e.g., `/generate-tests`). Agents can also discover and invoke skills automatically based on the skill's description and the user's intent. As of v1.0.40, skills are also available as slash commands in **ACP clients** (e.g., Zed), matching the CLI experience.
 
 **Q: How are skills different from prompts?**
 

website/src/content/docs/learning-hub/understanding-mcp-servers.md

@@ -3,7 +3,7 @@ title: 'Understanding MCP Servers'
 description: 'Learn how Model Context Protocol servers extend GitHub Copilot with access to external tools, databases, and APIs.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-04-16
+lastUpdated: 2026-05-02
 estimatedReadingTime: '8 minutes'
 tags:
   - mcp
@@ -179,6 +179,7 @@ These are especially useful for plugins and installer scripts that need to self-
 Some MCP servers require authentication to connect to protected resources. GitHub Copilot CLI supports several authentication approaches:
 
 - **OAuth**: MCP servers can use the OAuth flow to authenticate with external services. The CLI handles the browser redirect and token storage automatically. This also works when running in ACP (Agent Coordination Protocol) mode.
+- **`client_credentials` OAuth grant type (v1.0.40+)**: For fully headless environments (e.g., server-side automation, CI pipelines) where a browser redirect is not possible and no human is present, MCP servers can authenticate using the OAuth `client_credentials` grant type. This flow exchanges a client ID and secret for a token without user interaction — no browser, no device code, no manual approval step.
 - **Device code flow (RFC 8628)**: When the CLI runs in a **headless or CI environment** where a browser redirect is not possible, it automatically falls back to the device code flow. You'll see a URL and a code to enter on another device to complete authentication.
 - **`/mcp auth`**: If a token expires or you need to switch accounts, run `/mcp auth` inside a session. This opens the re-authentication UI for any OAuth-enabled MCP server and supports account switching. You can re-authenticate without restarting the session.
 - **Microsoft Entra ID (Azure AD)**: MCP servers that authenticate via Microsoft Entra ID are fully supported. Once you complete the initial login, the CLI caches the authentication and **will not show the consent screen on subsequent connections** — you authenticate once per session rather than every time the server reconnects.