Clarify explanation of GitHub Copilot coding agent recommended allowlist #43216
Description
Code of Conduct
- I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
What part(s) of the article would you like to see updated?
As a reader, I'm trying to understand how the internet access controls work with the GitHub Copilot coding agent.
There's a statement in the related documentation page:
You can choose to turn off the recommended allowlist. Disabling the recommended allowlist is likely to increase the risk of unauthorized access to external resources.
I may be confused, but my understanding is:
- Copilot agent has a firewall. The firewall is enabled by default and can be toggled by the user.
- The Copilot agent allowlist can be enabled/disabled, with the firewall still enabled.
- Typically, allowlists deny access by default, with exemptions given to permit entries in the allowlist.
- If I disable the allowlist, but keep the firewall enabled, wouldn't that then reduce access to external resources?
- Why is disabling the recommended allowlist this way likely to increase the risk?1 Wouldn't it be more restricted?
- More in line with how I would expect the system works, on consulting the related GitHub changelog entry for the internet access configuration feature, it states that users can:
Opt out of GitHub’s recommended allow list for a more locked-down configuration.
It's certainly possible that my understanding of the system is confused — in which case, the documentation might benefit from clarification of why disabling an allowlist increases the risk — but it might also be that the documentation's wording is perhaps misleading.
Additional information
No response
Footnotes
-
(Is that maybe because all internet access is blocked, making it more likely that a user then disables the firewall entirely?) ↩