github · docs-bot · May 7, 2026 · May 7, 2026 · May 7, 2026 · May 7, 2026
diff --git a/...nforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md b/...nforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md
@@ -32,8 +32,6 @@ Rulesets allow you to flexibly target the organizations, repositories, and branc
 * Within those organizations, you can target all **repositories**, or target a dynamic list by custom property or deployment context.
 * Within the repositories, you can target certain **branches or tags**: all branches, the default branch, or a dynamic list using `fnmatch` syntax.
 
-When you create a ruleset that targets branches in a repository, repository administrators can no longer rename branches or change the default branch in the targeted repository. They can still create and delete branches if they have the appropriate permissions.
-
 ## How can I control the format of commits?
 
 In branch or tag rulesets, you can add a rule that restricts the format of commit metadata such as commit message or author email.

diff --git a/...-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md b/...-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
@@ -190,6 +190,19 @@ Across all organizations owned by your enterprise, you can allow members with ad
 1. Under "Repository issue deletion", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
 1. Under "Repository issue deletion", select the dropdown menu and click a policy.
 
+{% ifversion repo-admin-branch-rename %}
+
+## Enforcing a policy for renaming protected branches
+
+By default, repository administrators can rename branches that are targeted by enterprise-level rules, provided the new branch name is still targeted by those rules. You can restrict this ability to enterprise owners only.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.repositories-tab %}
+1. Under "Repository branch renames", select the dropdown menu and click a policy.
+
+{% endif %}
+
 {% ifversion ghes %}
 
 ## Enforcing a policy for Git push limits

diff --git a/...-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md b/...-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md
@@ -54,6 +54,13 @@ Indicates that the directory given on the command line is not a database
 itself, but a directory that _contains_ one or more databases under
 construction. Those databases will be processed together.
 
+#### `--working-dir=<dir>`
+
+\[Advanced] The directory in which the specified command should be
+executed. If this argument is not provided, the command is executed in
+the value of `--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the
+current working directory.
+
 #### `--additional-dbs=<database>[:<database>...]`
 
 \[Advanced] Path to additional CodeQL databases under construction.

diff --git a/content/copilot/how-tos/use-copilot-agents/cloud-agent/index.md b/content/copilot/how-tos/use-copilot-agents/cloud-agent/index.md
@@ -13,6 +13,7 @@ children:
   - /integrate-cloud-agent-with-teams
   - /integrate-cloud-agent-with-linear
   - /integrate-cloud-agent-with-azure-boards
+  - /use-cloud-agent-via-the-api
   - /changing-the-ai-model
   - /configuring-agent-settings
   - /create-custom-agents-in-your-ide

diff --git a/...t/copilot/how-tos/use-copilot-agents/cloud-agent/use-cloud-agent-via-the-api.md b/...t/copilot/how-tos/use-copilot-agents/cloud-agent/use-cloud-agent-via-the-api.md
@@ -0,0 +1,93 @@
+---
+title: Using Copilot cloud agent via the API
+shortTitle: Use cloud agent via the API
+intro: 'You can start and manage {% data variables.copilot.copilot_cloud_agent %} tasks programmatically using the REST API.'
+product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
+versions:
+  feature: copilot
+contentType: how-tos
+category:
+  - Integrate Copilot with your tools
+---
+
+> [!NOTE]
+> The agent tasks API is in {% data variables.release-phases.public_preview %} and subject to change.
+
+You can use the agent tasks API to integrate {% data variables.copilot.copilot_cloud_agent_short %} into your own tools and workflows. For example, you can start a new task, list existing tasks, or check the status of a task.
+
+For the full API reference, see [AUTOTITLE](/rest/agent-tasks/agent-tasks).
+
+## Authentication
+
+The agent tasks API only supports user-to-server tokens. You can authenticate using a {% data variables.product.pat_generic %}, a {% data variables.product.prodname_oauth_app %} token or a {% data variables.product.prodname_github_app %} user-to-server token.
+
+Server-to-server tokens, such as {% data variables.product.prodname_github_app %} installation access tokens, are not supported.
+
+## Starting a task via the API
+
+To start a new {% data variables.copilot.copilot_cloud_agent_short %} task, send a `POST` request to `/agents/repos/{owner}/{repo}/tasks`. The only required parameter is `prompt`, which is the prompt for the agent.
+
+```shell copy
+curl -X POST \
+  -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: {{ defaultRestApiVersion }}" \
+  -H "Authorization: Bearer YOUR-TOKEN" \
+  https://api.github.com/agents/repos/OWNER/REPO/tasks \
+  -d '{
+    "prompt": "Fix the login button on the homepage",
+    "base_ref": "main"
+  }'
+```
+
+Replace the following placeholder values:
+
+* `YOUR-TOKEN`: A {% data variables.product.pat_generic %} or {% data variables.product.prodname_github_app %} user-to-server token.
+* `OWNER`: The account owner of the repository.
+* `REPO`: The name of the repository.
+
+You can also include the following optional parameters in the request body:
+
+* `base_ref`: The base branch for the new branch and pull request.
+* `model`: The AI model to use for the task. If omitted, {% data variables.copilot.copilot_auto_model_selection_short %} is used. For more information about supported models, see [AUTOTITLE](/rest/agent-tasks/agent-tasks).
+* `create_pull_request`: A boolean that determines whether to create a pull request for the task.
+
+## Listing tasks
+
+You can list tasks for a specific repository or across all repositories you have access to.
+
+To list tasks for a specific repository:
+
+```shell copy
+curl -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: {{ defaultRestApiVersion }}" \
+  -H "Authorization: Bearer YOUR-TOKEN" \
+  https://api.github.com/agents/repos/OWNER/REPO/tasks
+```
+
+To list your tasks across all repositories:
+
+```shell copy
+curl -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: {{ defaultRestApiVersion }}" \
+  -H "Authorization: Bearer YOUR-TOKEN" \
+  https://api.github.com/agents/tasks
+```
+
+## Checking the status of a task
+
+To check the status of a specific task, send a `GET` request with the task ID:
+
+```shell copy
+curl -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: {{ defaultRestApiVersion }}" \
+  -H "Authorization: Bearer YOUR-TOKEN" \
+  https://api.github.com/agents/repos/OWNER/REPO/tasks/TASK-ID
+```
+
+Replace `TASK-ID` with the ID of the task you want to check. You can get this ID from the response when you create a task or list tasks. The response includes the task's current `state`, which can be one of: `queued`, `in_progress`, `completed`, `failed`, `idle`, `waiting_for_user`, `timed_out`, or `cancelled`.
+
+## Further reading
+
+* [AUTOTITLE](/rest/agent-tasks/agent-tasks)
+* [AUTOTITLE](/copilot/concepts/agents/cloud-agent/about-cloud-agent)
+* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/cloud-agent/start-copilot-sessions)
diff --git a/...ngs/allowing-repository-admins-to-rename-branches-with-organization-rulesets.md b/...ngs/allowing-repository-admins-to-rename-branches-with-organization-rulesets.md
@@ -0,0 +1,30 @@
+---
+title: Allowing repository admins to rename branches with organization rulesets
+intro: 'Organization owners can allow people with repository admin permission to rename branches that are targeted by organization rulesets.'
+versions:
+  feature: repo-admin-branch-rename
+permissions: Organization owners can manage this setting.
+shortTitle: Allow branch renames
+category:
+  - Configure organization features
+---
+
+Organization owners control whether repository administrators can rename branches that are targeted by one or more branch rulesets. For existing organizations, this setting is off by default. For newly created organizations, this setting is on by default.
+
+When this setting is enabled, repository administrators can rename these branches, provided the new branch name is still targeted by all the same organization rulesets as the current branch name. This ensures that rulesets cannot be circumvented through branch renaming.
+
+Organization administrators can rename branches targeted by organization rulesets without restriction.
+
+> [!NOTE]
+> Even with this setting enabled, changing the default branch of a repository still requires an organization administrator when organization rulesets are in play.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.member-privileges %}
+1. Under "Branch renames", select **Allow repository administrators to rename branches protected by organization rules**.
+1. Click **Save**.
+
+## Further reading
+
+* [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch)
+* [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-renaming-protected-branches)
diff --git a/content/organizations/managing-organization-settings/index.md b/content/organizations/managing-organization-settings/index.md
@@ -27,6 +27,7 @@ children:
   - /configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization
   - /setting-permissions-for-adding-outside-collaborators
   - /allowing-people-to-delete-issues-in-your-organization
+  - /allowing-repository-admins-to-rename-branches-with-organization-rulesets
   - /enabling-or-disabling-github-discussions-for-an-organization
   - /managing-discussion-creation-for-repositories-in-your-organization
   - /managing-the-commit-signoff-policy-for-your-organization

diff --git a/...rganization-settings/managing-rulesets-for-repositories-in-your-organization.md b/...rganization-settings/managing-rulesets-for-repositories-in-your-organization.md
@@ -13,7 +13,17 @@ category:
 
 ## About managing rulesets for an organization
 
-After creating a ruleset at the organization level, you can make changes to the ruleset to alter how people can interact with the targeted repositories. For example, you can add rules to better protect the branches or tags in those repositories{% ifversion not fpt %}, or you can switch your ruleset from "Evaluate" mode to "Active" after testing its effects on the contributor experience for your repositories{% endif %}. Organizational rulesets that apply to branches of a repository will no longer allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch. Repository administrators may create and delete branches so long as they have the appropriate permissions.
+After creating a ruleset at the organization level, you can make changes to the ruleset to alter how people can interact with the targeted repositories. For example, you can add rules to better protect the branches or tags in those repositories{% ifversion not fpt %}, or you can switch your ruleset from "Evaluate" mode to "Active" after testing its effects on the contributor experience for your repositories{% endif %}.
+
+{% ifversion repo-admin-branch-rename %}
+
+For information about how organizational rulesets affect branch renaming, see [AUTOTITLE](/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets).
+
+{% else %}
+
+Organizational rulesets that apply to branches of a repository will not allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch.
+
+{% endif %}
 
 {% ifversion push-rule-delegated-bypass %}
 

diff --git a/...-repository/managing-branches-in-your-repository/changing-the-default-branch.md b/...-repository/managing-branches-in-your-repository/changing-the-default-branch.md
@@ -27,9 +27,13 @@ You can also rename the default branch. For more information, see [AUTOTITLE](/r
 
 To change the default branch, your repository must have more than one branch. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository#creating-a-branch).
 
-{% ifversion not fpt %}
+{% ifversion repo-admin-branch-rename %}
 
-Rulesets at the organization{% ifversion ghec %} or enterprise{% endif %} level that apply to branches of a repository will not allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch. See [AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization){% ifversion ghec %} or [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance){% endif %}.
+If organizational or enterprise rulesets target branches in your repository, changing the default branch requires an organization or enterprise administrator. Whether repository administrators can rename other targeted branches depends on the branch-rename setting or policy configured by your organization or enterprise. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets).
+
+{% else %}
+
+Rulesets at the organization level that apply to branches of a repository will not allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch. See [AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization).
 
 {% endif %}
 

diff --git a/...es-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md b/...es-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md
@@ -1,7 +1,7 @@
 ---
 title: Renaming a branch
 intro: You can change the name of a branch in a repository.
-permissions: 'People with write permissions to a repository can rename a branch in the repository unless it is the [default branch](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch) or a [protected branch](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches). People with admin permissions can rename the default branch and protected branches.'
+permissions: 'People with write permissions to a repository can rename a branch in the repository unless it is the [default branch](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch) or covered by a [branch protection](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) or ruleset. People with admin permissions can rename the default branch and protected branches.'
 versions:
   fpt: '*'
   ghes: '*'
@@ -24,7 +24,27 @@ Although file URLs are automatically redirected, raw file URLs are not redirecte
 
 {% data variables.product.prodname_actions %} workflows do not follow renames, so if your repository publishes an action, anyone using that action with `@{old-branch-name}` will break. You should consider adding a new branch with the original content plus an additional commit reporting that the branch name is {% data variables.release-phases.closing_down %} and suggesting that users migrate to the new branch name.
 
-Organizational rulesets that apply to branches of a repository will no longer allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch. Repository administrators may create and delete branches so long as they have the appropriate permissions.
+## Who can rename a branch
+
+Most branches can be renamed by any user with **write** permission to the repository.
+
+Some branches can only be renamed by a repository administrator: the repository's default branch, and any branch covered by a branch protection or a repository-level branch ruleset.
+
+{% ifversion repo-admin-branch-rename %}
+
+When organization-level or enterprise-level rulesets target branches in a repository, renaming those branches typically requires an organization or enterprise administrator.
+
+However, organization and enterprise owners can allow repository administrators to rename branches covered by these rulesets, provided the new branch name is still subject to all the same rules as the current name. Changing the default branch still requires an organization or enterprise administrator when rulesets are in play.
+
+For more information, see [AUTOTITLE](/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-renaming-protected-branches).
+
+{% else %}
+
+Organizational rulesets that apply to branches of a repository will not allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch.
+
+{% endif %}
+
+Repository administrators may create and delete branches so long as they have the appropriate permissions.
 
 ## Renaming a branch
 

diff --git a/data/features/repo-admin-branch-rename.yml b/data/features/repo-admin-branch-rename.yml
@@ -0,0 +1,6 @@
+# Reference: github/releases#8431
+# Allow repo admins to rename branches protected by org/enterprise rulesets
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.22'
diff --git a/data/reusables/actions/supported-github-runners.md b/data/reusables/actions/supported-github-runners.md
@@ -36,7 +36,7 @@ For public repositories, jobs using the workflow labels shown in the table below
       <td>
         <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md">windows-latest</a></code>,
          <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md">windows-2025</a></code>,
-        <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-VS2026-Readme.md">windows-2025-vs2026</a></code> ({% data variables.release-phases.public_preview %}),
+        <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-VS2026-Readme.md">windows-2025-vs2026</a></code>,
         <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2022-Readme.md">windows-2022</a></code>
       </td>
     </tr>