From 0d4784bb5bec9191e7c44ea521666721e256835a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 18 Mar 2026 14:37:24 +0000 Subject: [PATCH 1/2] Initial plan From 0ba906120134ca9b6dc6cf3c8c4e58887084e0a0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 18 Mar 2026 14:43:36 +0000 Subject: [PATCH 2/2] doc: add Copilot agent permissions document and update README Co-authored-by: calinschurig <92351885+calinschurig@users.noreply.github.com> --- README.md | 3 ++- doc/copilot-agent-permissions.md | 40 ++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 doc/copilot-agent-permissions.md diff --git a/README.md b/README.md index fb4ede5..d622ac3 100644 --- a/README.md +++ b/README.md @@ -4,4 +4,5 @@ This repository contains scripts to assist in testing components of the Juulink * [failover](./failover) contains scripts to automate timed failover, as well as testing automation scripts. * [locust](./locust) contains scripts to run locust. -* [doc](./doc) contains extra documentation about specific topics. \ No newline at end of file +* [doc](./doc) contains extra documentation about specific topics. + * [doc/copilot-agent-permissions.md](./doc/copilot-agent-permissions.md) describes what permissions the GitHub Copilot coding agent has in this repository. \ No newline at end of file diff --git a/doc/copilot-agent-permissions.md b/doc/copilot-agent-permissions.md new file mode 100644 index 0000000..8cc1c0b --- /dev/null +++ b/doc/copilot-agent-permissions.md @@ -0,0 +1,40 @@ +# GitHub Copilot Coding Agent Permissions + +This document describes the permissions available to the GitHub Copilot coding agent when working in this repository. + +## Read Permissions + +The agent can read the following GitHub resources: + +| Resource | Details | +| --- | --- | +| Repository contents | Files, directories, and commit history in the current repository | +| Issues | Issue titles, descriptions, comments, labels, and sub-issues | +| Pull requests | PR details, diffs, file changes, reviews, review comments, and check run statuses | +| Workflows & CI | Workflow definitions, run history, job logs, and artifacts | +| Code scanning alerts | CodeQL and other code scanning tool results | +| Secret scanning alerts | Secret scanning alert details and resolutions | +| Commits, branches & tags | Full commit metadata, branch listings, tag listings, and releases | +| Labels | Label names, colors, and descriptions | +| Repository metadata | Description, topics, language, stars, and other public repository info | + +## Write Permissions + +The agent can make the following changes: + +| Resource | Details | +| --- | --- | +| Repository files | Commit and push file changes to the current working branch via the `report_progress` tool | +| Pull request description | Update the description of the open PR it is working on | + +## Limitations + +The agent operates under the following restrictions: + +- **Cannot open new pull requests** — the agent may only update the PR it was assigned to. +- **Cannot push directly via `git`** — all code pushes go through the `report_progress` tool, which stages, commits, and pushes changes. +- **Cannot access other repositories** — the agent only has access to the single repository that was cloned for its current task. +- **Cannot access secrets or credentials** — API tokens, passwords, and other secrets are not directly accessible. +- **Cannot access `.github/agents/`** — agent instruction files in this directory are off-limits. +- **Cannot push to other branches** — the agent works exclusively on the branch associated with its PR. +- **Cannot generate harmful or copyrighted content** — content policies apply regardless of task instructions.