docs: update Learning Hub for v1.0.40 release

- Add client_credentials OAuth grant type for fully headless MCP auth
- Add Azure DevOps auto-disable note to MCP FAQ
- Add /chronicle command (now GA) to config-basics session commands
- Add --max-autopilot-continues flag documentation to autopilot section
- Add COPILOT_HOME env var and --config-dir deprecation note
- Add prompt mode security env vars (GITHUB_COPILOT_PROMPT_MODE_REPO_HOOKS,
  GITHUB_COPILOT_PROMPT_MODE_WORKSPACE_MCP) to hooks FAQ

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

website/src/content/docs/learning-hub/automating-with-hooks.md

@@ -3,7 +3,7 @@ title: 'Automating with Hooks'
 description: 'Learn how to use hooks to automate lifecycle events like formatting, linting, and governance checks during Copilot agent sessions.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-04-28
+lastUpdated: 2026-05-03
 estimatedReadingTime: '8 minutes'
 tags:
   - hooks
@@ -596,6 +596,10 @@ A: The hook is terminated and the agent continues. Set `timeoutSec` appropriatel
 
 A: Yes. Hooks for the same event run in the order they appear in the array. If any hook fails (non-zero exit), subsequent hooks for that event may be skipped.
 
+**Q: Do hooks run when the CLI is used in prompt mode (`-p`)?**
+
+A: Not by default. In prompt mode (invoked with `-p` or `--prompt`), repository hooks and workspace MCP servers are **disabled** for security-by-default behavior — prompt mode is often used in automated scripts and CI pipelines where running arbitrary repository scripts could be a security risk. To opt in to hooks in prompt mode, set the environment variable `GITHUB_COPILOT_PROMPT_MODE_REPO_HOOKS=1` before running the CLI. Similarly, `GITHUB_COPILOT_PROMPT_MODE_WORKSPACE_MCP=1` enables workspace MCP servers in prompt mode.
+
 **Q: Do hooks work with the Copilot coding agent?**
 
 A: Yes. Hooks are especially valuable with the coding agent because they provide deterministic guardrails for autonomous operations. See [Using the Copilot Coding Agent](../using-copilot-coding-agent/) for details.

website/src/content/docs/learning-hub/copilot-configuration-basics.md

@@ -3,7 +3,7 @@ title: 'Copilot Configuration Basics'
 description: 'Learn how to configure GitHub Copilot at user, workspace, and repository levels to optimize your AI-assisted development experience.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-04-30
+lastUpdated: 2026-05-03
 estimatedReadingTime: '10 minutes'
 tags:
   - configuration
@@ -374,6 +374,8 @@ Settings: File → Settings → Tools → GitHub Copilot
 
 Configuration file: `~/.copilot-cli/config.json`
 
+> **Tip**: You can override the location of this directory by setting the `COPILOT_HOME` environment variable (e.g., `COPILOT_HOME=/custom/path copilot`). The `--config-dir` flag that previously served the same purpose is **deprecated** as of v1.0.40 and will be removed in a future release. Update any scripts or CI pipelines to use `COPILOT_HOME` instead.
+
 ```json
 {
   "editor": "vim",
@@ -463,6 +465,14 @@ The `/undo` command reverts the last turn—including any file changes the agent
 
 Use `/undo` when the agent's last response went in an unwanted direction and you want to try a different approach from that point.
 
+The `/chronicle` command shows a timeline of all files that were **created or modified** during the current session. It gives you a compact, ordered view of every change the agent has made — useful for reviewing the scope of work before committing or sharing:
+
+```
+/chronicle
+```
+
+> **Note**: Session history, file tracking, and `/chronicle` are available to all users as of v1.0.40. Previously they required opting in to experimental features.
+
 The `/cd` command changes the working directory for the current session. Each session maintains its own working directory that persists when you switch between sessions:
 
 ```
@@ -543,6 +553,14 @@ The `/allow-all` command (also accessible as `/yolo`) enables autopilot mode, wh
 
 > **ACP clients (v1.0.39+)**: ACP clients can also toggle allow-all mode programmatically via session configuration, without issuing a slash command. This is useful for automated pipelines that drive Copilot CLI through the ACP protocol.
 
+When the CLI is in autopilot mode, it limits the number of automatic continuation messages to **5 by default**. You can raise or lower this with `--max-autopilot-continues`:
+
+```bash
+copilot --autopilot --max-autopilot-continues 10 "Refactor the auth service"
+```
+
+Setting `--max-autopilot-continues 0` removes the limit entirely, though this may consume many requests for large tasks. The limit prevents runaway automation while still allowing the agent to complete multi-step work.
+
 The `--effort` flag (shorthand for `--reasoning-effort`) controls how much computational reasoning the model applies to a request:
 
 ```bash

website/src/content/docs/learning-hub/understanding-mcp-servers.md

@@ -3,7 +3,7 @@ title: 'Understanding MCP Servers'
 description: 'Learn how Model Context Protocol servers extend GitHub Copilot with access to external tools, databases, and APIs.'
 authors:
   - GitHub Copilot Learning Hub Team
-lastUpdated: 2026-04-16
+lastUpdated: 2026-05-03
 estimatedReadingTime: '8 minutes'
 tags:
   - mcp
@@ -179,6 +179,7 @@ These are especially useful for plugins and installer scripts that need to self-
 Some MCP servers require authentication to connect to protected resources. GitHub Copilot CLI supports several authentication approaches:
 
 - **OAuth**: MCP servers can use the OAuth flow to authenticate with external services. The CLI handles the browser redirect and token storage automatically. This also works when running in ACP (Agent Coordination Protocol) mode.
+- **`client_credentials` OAuth grant type** *(v1.0.40+)*: For fully headless, server-to-server authentication with no user interaction required at all. When an MCP server supports the `client_credentials` grant type, the CLI authenticates using client credentials without any browser redirect or device code. This is ideal for CI pipelines and automation scripts where even a device code prompt would be impractical.
 - **Device code flow (RFC 8628)**: When the CLI runs in a **headless or CI environment** where a browser redirect is not possible, it automatically falls back to the device code flow. You'll see a URL and a code to enter on another device to complete authentication.
 - **`/mcp auth`**: If a token expires or you need to switch accounts, run `/mcp auth` inside a session. This opens the re-authentication UI for any OAuth-enabled MCP server and supports account switching. You can re-authenticate without restarting the session.
 - **Microsoft Entra ID (Azure AD)**: MCP servers that authenticate via Microsoft Entra ID are fully supported. Once you complete the initial login, the CLI caches the authentication and **will not show the consent screen on subsequent connections** — you authenticate once per session rather than every time the server reconnects.
@@ -280,6 +281,10 @@ If you see a warning that an MCP server is blocked, contact your organization ad
 
 ## Common Questions
 
+**Q: Does Copilot CLI disable any MCP servers automatically?**
+
+A: Yes. If it detects an **Azure DevOps** repository (rather than a GitHub repository), the CLI automatically disables the GitHub MCP server, since it would have no useful targets to connect to. Other MCP servers continue to work normally.
+
 **Q: Do MCP servers run in the cloud?**
 
 A: No, MCP servers typically run locally on your machine as child processes. They're started automatically when needed and stopped when the session ends.