Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-04-11 18:55:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: update Learning Hub for MCP config locations, folder trust, and CLI settings (v1.0.6-v1.0.10) (#1137)

Browse Source 
- understanding-mcp-servers.md: document multiple config file locations
  (.mcp.json, .vscode/mcp.json, devcontainer.json), folder trust security
  requirement for workspace MCP servers, and experimental MCP_ALLOWLIST

- copilot-configuration-basics.md: document new camelCase CLI config
  settings (includeCoAuthoredBy, effortLevel, autoUpdatesChannel,
  statusLine), plus include_gitignored and extension_mode options

Sources: github/copilot-cli releases v1.0.6 through v1.0.10 (2026-03-16 to 2026-03-20)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2026-03-24 10:05:59 +11:00
committed by GitHub
parent b1537c6d96
commit 99a99a420e
2 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
website/src/content/docs/learning-hub/copilot-configuration-basics.md
View File

@@ -3,7 +3,7 @@ title: 'Copilot Configuration Basics'
description: 'Learn how to configure GitHub Copilot at user, workspace, and repository levels to optimize your AI-assisted development experience.'
authors:
- GitHub Copilot Learning Hub Team
lastUpdated: 2025-11-28
lastUpdated: 2026-03-23
estimatedReadingTime: '10 minutes'
tags:
- configuration
@@ -344,6 +344,19 @@ Configuration file: `~/.copilot-cli/config.json`
}
```
CLI settings use **camelCase** naming. Key settings added in recent releases:
| Setting | Description |
|---------|-------------|
| `includeCoAuthoredBy` | Include Co-authored-by trailer in commits |
| `effortLevel` | Default reasoning effort level (`low`, `medium`, `high`) |
| `autoUpdatesChannel` | Update channel (`stable`, `preview`) |
| `statusLine` | Show status line in the terminal UI |
| `include_gitignored` | Include gitignored files in `@` file search |
| `extension_mode` | Control extensibility (agent tools and plugins) |
> **Note**: Older snake_case names (e.g., `include_gitignored`, `auto_updates_channel`) are still accepted for backward compatibility, but camelCase is now the preferred format.
## Common Questions
**Q: How do I disable Copilot for specific files?**

17
website/src/content/docs/learning-hub/understanding-mcp-servers.md
View File

@@ -3,7 +3,7 @@ title: 'Understanding MCP Servers'
description: 'Learn how Model Context Protocol servers extend GitHub Copilot with access to external tools, databases, and APIs.'
authors:
- GitHub Copilot Learning Hub Team
lastUpdated: 2026-02-26
lastUpdated: 2026-03-23
estimatedReadingTime: '8 minutes'
tags:
- mcp
@@ -61,7 +61,17 @@ GitHub Copilot provides several **built-in tools** that are always available:
## Configuring MCP Servers
MCP servers are configured per-workspace in `.vscode/mcp.json`:
MCP servers are configured per-workspace. GitHub Copilot CLI discovers server definitions from several locations (loaded in order):
| File | Scope | Notes |
|------|-------|-------|
| `.mcp.json` | Repository root | Preferred for repo-shared configuration |
| `.vscode/mcp.json` | VS Code workspace | VS Codecompatible workspace config |
| `devcontainer.json` | Dev container | Available when running inside a container |
> **Security**: Workspace MCP servers are loaded **only after folder trust is confirmed**. If you haven't explicitly trusted a folder, servers defined in its config files won't start — protecting you from malicious MCP server configurations in untrusted repositories.
Example `.mcp.json` or `.vscode/mcp.json`:
```json
{
@@ -193,8 +203,9 @@ MCP server SDKs are available in [Python](https://github.com/modelcontextprotoco
- **Principle of least privilege**: Only give MCP servers the minimum access they need. Use read-only database connections for analysis agents.
- **Keep secrets out of config files**: Use `${input:variableName}` for API keys and connection strings, or load from environment variables.
- **Document your servers**: Add comments or a README explaining which MCP servers your project uses and why.
- **Version control carefully**: Commit `.vscode/mcp.json` for shared server configurations, but use `.gitignore` for any files containing credentials.
- **Version control carefully**: Commit `.mcp.json` or `.vscode/mcp.json` for shared server configurations, but use `.gitignore` for any files containing credentials.
- **Test server connectivity**: Verify MCP servers start correctly before relying on them in agent workflows.
- **Use the MCP allowlist (experimental)**: In high-security environments, the `MCP_ALLOWLIST` feature flag lets you validate MCP servers against a configured registry, blocking unrecognized servers from loading. This is an experimental feature for enterprise environments requiring strict control over which MCP servers are permitted.
## Common Questions