diff --git a/docs/src/content/docs/consumer/install-mcp-servers.md b/docs/src/content/docs/consumer/install-mcp-servers.md index f361a82b3..39e6e82d0 100644 --- a/docs/src/content/docs/consumer/install-mcp-servers.md +++ b/docs/src/content/docs/consumer/install-mcp-servers.md @@ -80,7 +80,7 @@ writes a runtime-specific MCP config file. The schemas differ; the | GitHub Copilot CLI | `~/.copilot/mcp-config.json` | global | JSON `mcpServers` | | VS Code (Copilot) | `.vscode/mcp.json` | project | JSON `servers` | | Claude Code | `.mcp.json` (project) or `~/.claude.json` (`-g`) | both | JSON `mcpServers` | -| Cursor | `.cursor/mcp.json` | project (only if `.cursor/` exists) | JSON `mcpServers` | +| Cursor | `.cursor/mcp.json` | project (only if `.cursor/` exists) | JSON `mcpServers` (Cursor-native schema: `type: stdio` / `type: http`) | | Codex CLI | `~/.codex/config.toml` | global | TOML `[mcp_servers.*]` | | Gemini CLI | `.gemini/settings.json` | project (only if `.gemini/` exists) | JSON `mcpServers` | | OpenCode | `opencode.json` | project (only if `.opencode/` exists) | JSON `mcp` | diff --git a/docs/src/content/docs/enterprise/policy-reference.md b/docs/src/content/docs/enterprise/policy-reference.md index 7488251a4..d35f2f037 100644 --- a/docs/src/content/docs/enterprise/policy-reference.md +++ b/docs/src/content/docs/enterprise/policy-reference.md @@ -293,6 +293,8 @@ manifest: Detect files in governance directories that are not tracked by APM. +A file is "tracked by APM" only if it was produced by an installed plugin. Pre-existing files that APM did not deploy are counted as unmanaged even if they reside in a governed directory. + ### `action` | Value | Behavior | @@ -422,7 +424,7 @@ A child policy can only tighten constraints — never relax them: | `max_depth` | `min(parent, child)` | | `mcp.self_defined` | Escalates: `allow` < `warn` < `deny` | | `manifest.scripts` | Escalates: `allow` < `deny` | -| `unmanaged_files.action` | Escalates: `ignore` < `warn` < `deny` | +| `unmanaged_files.action` | Escalates: `ignore` < `warn` < `deny`. Omitting `unmanaged_files` in the child is treated as "no opinion" -- the parent value is preserved unchanged. | | `source_attribution` | `parent OR child` — either enables it | | `trust_transitive` | `parent AND child` — both must allow it | diff --git a/docs/src/content/docs/getting-started/authentication.md b/docs/src/content/docs/getting-started/authentication.md index 89f46c522..fd394cecf 100644 --- a/docs/src/content/docs/getting-started/authentication.md +++ b/docs/src/content/docs/getting-started/authentication.md @@ -184,14 +184,16 @@ export ADO_APM_PAT=your_ado_pat apm install dev.azure.com/myorg/myproject/myrepo ``` -ADO is always auth-required. Uses 3-segment paths (`org/project/repo`). No `ADO_HOST` equivalent - always use FQDN syntax: +ADO is always auth-required. Uses 3-segment paths (`org/project/repo`). No `ADO_HOST` equivalent - always use FQDN syntax. Both the shorthand (`dev.azure.com/...`) and full HTTPS URL (`https://dev.azure.com/...`) forms are accepted: ```bash apm install dev.azure.com/myorg/myproject/myrepo#main +apm install https://dev.azure.com/myorg/myproject/_git/myrepo # full URL also accepted apm install mycompany.visualstudio.com/org/project/repo # legacy URL # Sub-path inside an ADO repo, pinned to a tag (use the _git form for sub-paths): apm install dev.azure.com/myorg/myproject/_git/myrepo/instructions/security#v2.0 +apm install https://dev.azure.com/myorg/myproject/_git/myrepo/instructions/security#v2.0 ``` If your ADO project or repository name contains spaces, URL-encode them as `%20`: