Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall#disabling-the-recommended-allowlist
What part(s) of the article would you like to see updated?
As a reader, I'm trying to understand how the internet access controls work with the GitHub Copilot coding agent.
There's a statement in the related documentation page:
You can choose to turn off the recommended allowlist. Disabling the recommended allowlist is likely to increase the risk of unauthorized access to external resources.
I may be confused, but my understanding is:
- Copilot agent has a firewall. The firewall is enabled by default and can be toggled by the user.
- The Copilot agent allowlist can be enabled/disabled, with the firewall still enabled.
- Typically, allowlists deny access by default, with exemptions given to permit entries in the allowlist.
- If I disable the allowlist, but keep the firewall enabled, wouldn't that then reduce access to external resources?
- Why is disabling the recommended allowlist this way likely to increase the risk?1 Wouldn't it be more restricted?
- More in line with how I would expect the system works, on consulting the related GitHub changelog entry for the internet access configuration feature, it states that users can:
Opt out of GitHub’s recommended allow list for a more locked-down configuration.
It's certainly possible that my understanding of the system is confused — in which case, the documentation might benefit from clarification of why disabling an allowlist increases the risk — but it might also be that the documentation's wording is perhaps misleading.
Additional information
No response
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall#disabling-the-recommended-allowlist
What part(s) of the article would you like to see updated?
As a reader, I'm trying to understand how the internet access controls work with the GitHub Copilot coding agent.
There's a statement in the related documentation page:
I may be confused, but my understanding is:
It's certainly possible that my understanding of the system is confused — in which case, the documentation might benefit from clarification of why disabling an allowlist increases the risk — but it might also be that the documentation's wording is perhaps misleading.
Additional information
No response
Footnotes
(Is that maybe because all internet access is blocked, making it more likely that a user then disables the firewall entirely?) ↩