[EDI] Rewrite "Using Copilot coding agent effectively in your organization" as a tutorial (#56645)

Author: isaacmbrown

content/copilot/concepts/about-copilot-coding-agent.md

@@ -39,6 +39,14 @@ To delegate tasks to {% data variables.product.prodname_copilot_short %}, you ca
 
 While working on a coding task, {% data variables.product.prodname_copilot_short %} has access to its own ephemeral development environment, powered by {% data variables.product.prodname_actions %}, where it can explore your code, make changes, execute automated tests and linters and more.
 
+### Benefits over traditional AI workflows
+
+When used effectively, {% data variables.copilot.copilot_coding_agent %} offers productivity benefits over traditional AI assistants in IDEs:
+
+* With **AI assistants in IDEs**, coding happens **locally**. Individual developers pair in **synchronous** sessions with the AI assistant. Decisions made during the session are **untracked** and lost to time unless committed. Although the assistant helps write code, the developer still has a lot of **manual steps** to do: create the branch, write commit messages, push the changes, open the PR, write the PR description, get a review, iterate in the IDE, and repeat. These steps take time and effort that may be hard to justify for simple or routine issues.
+
+* With **{% data variables.copilot.copilot_coding_agent %}**, all coding and iterating happens **on {% data variables.product.github %}** as part of the pull request workflow. {% data variables.product.prodname_copilot_short %} **automates** branch creation, commit message writing and pushing, PR opening, and PR description writing. Developers let the agent **work in the background** and then steer {% data variables.product.prodname_copilot_short %} to a final solution using PR reviews. Working on {% data variables.product.github %} adds **transparency**, where every step happens in a commit and is viewable in logs. Working on {% data variables.product.github %} also opens up **collaboration** opportunities for the entire team.
+
 ### {% data variables.copilot.copilot_coding_agent %} versus agent mode
 
 {% data variables.copilot.copilot_coding_agent %} is distinct from the "agent mode" feature available in {% data variables.product.prodname_vs %} and {% data variables.product.prodname_vscode %}. {% data variables.copilot.copilot_coding_agent %} works autonomously in a {% data variables.product.prodname_actions %}-powered environment to complete development tasks assigned through {% data variables.product.github %} issues or {% data variables.copilot.copilot_chat %} prompts, and creates pull requests with the results. In contrast, agent mode in {% data variables.product.prodname_vs %} and {% data variables.product.prodname_vscode %} is part of the {% data variables.copilot.copilot_edits %} feature that allows {% data variables.product.prodname_copilot_short %} to make autonomous edits directly in your local development environment. For more information about agent mode, see [AUTOTITLE](/copilot/using-github-copilot/copilot-chat/asking-github-copilot-questions-in-your-ide?tool=visualstudio#copilot-edits-1).
@@ -65,6 +73,22 @@ Within your monthly usage allowance for {% data variables.product.prodname_actio
 
 For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-copilot/about-billing-for-github-copilot#allowance-usage-for-copilot-coding-agent).
 
+## Built-in security protections
+
+Security is a fundamental consideration when you enable {% data variables.copilot.copilot_coding_agent %}, as with any other AI agent. {% data variables.product.prodname_copilot_short %} has a strong base of built-in security protections that you can supplement by following best practice guidance.
+
+* **Subject to existing governance**: Organization settings and enterprise policies control availability. Any security policies and practices set up for the organization also apply to {% data variables.copilot.copilot_coding_agent %}.
+* **Restricted development environment**: {% data variables.product.prodname_copilot_short %} works in a sandbox development environment with internet access controlled by a firewall. It has read-only access to the repository it's assigned to work in.
+* **Limited access to branches**: {% data variables.product.prodname_copilot_short %} can only create and push to branches beginning with `copilot/`. It is subject to any branch protections and required checks for the working repository.
+* **Responds only to users with write permissions**: {% data variables.product.prodname_copilot_short %} will not respond to feedback from users with lower levels of access.
+* **Treated as an outside collaborator**: Draft pull requests proposed by {% data variables.product.prodname_copilot_short %} require approval by a user with write permissions before Actions workflows can run. {% data variables.product.prodname_copilot_short %} cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request.
+* **Tracked for compliance**: {% data variables.product.prodname_copilot_short %}'s commits are co-authored by the developer who assigned the issue or requested the change to the pull request, allowing attribution of proposed changes. The developer who asked {% data variables.product.prodname_copilot_short %} to create a pull request cannot approve that pull request. In repositories where an approving review is required, this ensures that at least one independent developer reviews {% data variables.product.prodname_copilot_short %}'s work.
+
+For more information, see:
+* [AUTOTITLE](/copilot/tutorials/pilot-copilot-coding-agent#2-secure) (information on how organization owners can further enhance security)
+* [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-copilot-coding-agent-on-githubcom)
+* [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page/)
+
 ## Risks and mitigations
 
 {% data variables.copilot.copilot_coding_agent %} is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks. Where possible, {% data variables.product.github %} has applied appropriate mitigations.

content/copilot/tutorials/index.md

@@ -20,6 +20,7 @@ children:
   - /modernizing-legacy-code-with-github-copilot
   - /using-copilot-to-migrate-a-project
   - /upgrading-projects-with-github-copilot
+  - /pilot-copilot-coding-agent
   - /rolling-out-github-copilot-at-scale
 redirect_from:
   - /copilot/using-github-copilot/guides-on-using-github-copilot