sourcegraph · sourcegraph-buildkite · May 22, 2026
diff --git a/docs/admin/code-hosts/aws-codecommit.mdx b/docs/admin/code-hosts/aws-codecommit.mdx
@@ -37,7 +37,7 @@ AWS CodeCommit connections support the following configuration options, which ar
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/aws_codecommit.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 	// REQUIRED:

diff --git a/docs/admin/code-hosts/azuredevops.mdx b/docs/admin/code-hosts/azuredevops.mdx
@@ -69,7 +69,7 @@ Azure DevOps connections support the following configuration options, which are
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/azuredevops.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 	// Authentication alternatives: token OR windowsPassword
 

diff --git a/docs/admin/code-hosts/bitbucket-cloud.mdx b/docs/admin/code-hosts/bitbucket-cloud.mdx
@@ -116,7 +116,7 @@ Bitbucket Cloud connections support the following configuration options, which a
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/bitbucket_cloud.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 	// The workspace access token to use when authenticating with Bitbucket Cloud.

diff --git a/docs/admin/code-hosts/bitbucket-server.mdx b/docs/admin/code-hosts/bitbucket-server.mdx
@@ -202,7 +202,7 @@ Bitbucket Server / Bitbucket Data Center connections support the following confi
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/bitbucket_server.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 	// Authentication alternatives: token OR password
 

diff --git a/docs/admin/code-hosts/gerrit.mdx b/docs/admin/code-hosts/gerrit.mdx
@@ -113,7 +113,7 @@ Gerrit connections support the following configuration options, which are specif
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/gerrit.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 	// If non-null, enforces Gerrit repository permissions. This requires that there is an item in the [site configuration json](https://sourcegraph.com/docs/admin/config/site_config#auth-providers) `auth.providers` field, of type "gerrit" with the same `url` field as specified in this `GerritConnection`.

diff --git a/docs/admin/code-hosts/github.mdx b/docs/admin/code-hosts/github.mdx
@@ -454,7 +454,7 @@ GitHub connections support the following configuration options, which are specif
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/github.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 	// Authentication alternatives: token OR gitHubAppDetails OR externalAccount OR useRandomExternalAccount
 

diff --git a/docs/admin/code-hosts/gitlab.mdx b/docs/admin/code-hosts/gitlab.mdx
@@ -189,7 +189,7 @@ See [Internal rate limits](/admin/code-hosts/rate-limits#internal-rate-limits).
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/gitlab.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 	// If non-null, enforces GitLab repository permissions. This requires that there be an item in the `auth.providers` field of type "gitlab" with the same `url` field as specified in this `GitLabConnection`.

diff --git a/docs/admin/code-hosts/gitolite.mdx b/docs/admin/code-hosts/gitolite.mdx
@@ -25,7 +25,7 @@ To connect Gitolite to Sourcegraph:
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/gitolite.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 	// A list of repositories to never mirror from this Gitolite instance. Supports excluding by exact name ({"name": "foo"}).

diff --git a/docs/admin/code-hosts/other.mdx b/docs/admin/code-hosts/other.mdx
@@ -68,7 +68,7 @@ Repositories must be listed individually:
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/other_external_service.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 	// A list of repositories to never mirror by name after applying repositoryPathPattern. Supports excluding by exact name ({"name": "myrepo"}) or regular expression ({"pattern": ".*secret.*"}).

diff --git a/docs/admin/code-hosts/phabricator.mdx b/docs/admin/code-hosts/phabricator.mdx
@@ -76,7 +76,7 @@ The Sourcegraph instance's site admin must [update the `corsOrigin` site config
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/phabricator.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 	// SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.

diff --git a/docs/admin/config/settings.mdx b/docs/admin/config/settings.mdx
@@ -27,7 +27,7 @@ Settings options and their default values are shown below.
 
 {/* SCHEMA_SYNC_START: admin/config/settings.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 
@@ -81,6 +81,9 @@ Settings options and their default values are shown below.
 	// Usually this setting is used in global and organization settings. If set in user settings, the message will only be displayed to that single user.
 	"cody.notices": null,
 
+	// BETA: Enable the new compare experience. This feature is under active development and will eventually become the default (and the setting will be removed)
+	"compareV2.enabled": false,
+
 	// Disable the Slack community call-to-action banner on the Deep Search page.
 	"deepSearch.slackCta.disabled": false,
 

diff --git a/docs/admin/config/site-config.mdx b/docs/admin/config/site-config.mdx
@@ -21,7 +21,7 @@ All site configuration options and their default values are shown below.
 
 {/* SCHEMA_SYNC_START: admin/config/site.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:44Z */}
 ```json
 {
 
@@ -311,7 +311,6 @@ All site configuration options and their default values are shown below.
 			"requireUpperandLowerCase": true
 		},
 		"perforceChangelistMapping": "enabled",
-		"preciseCodeNavFlow": "v2",
 		"pythonPackages": "disabled",
 		"ranking": {
 			"flushWallTimeMS": 500,
@@ -677,9 +676,11 @@ All site configuration options and their default values are shown below.
 	//     "enabled": true
 	//   }
 	// - {
+	//     "disabledMessage": "Need an account? [Open a ticket](https://tickets.example.com/new) to request access.",
 	//     "enabled": false
 	//   }
 	"auth.accessRequest": {
+		"disabledMessage": null,
 		"enabled": true
 	},
 
@@ -722,6 +723,9 @@ All site configuration options and their default values are shown below.
 		]
 	},
 
+	// When enabled, the sign-in and sign-up pages can be loaded inside an iframe (e.g. for embedded applications). When disabled (the default), these pages reject framing requests using Sec-Fetch-Dest/Sec-Fetch-Site fetch metadata headers to prevent clickjacking attacks. Password reset endpoints are always protected regardless of this setting.
+	"auth.allowEmbeddedAuth": false,
+
 	// IP allowlist for access to the Sourcegraph instance. If set, only requests from these IP addresses will be allowed. By default client IP is inferred connected client IP address, and you may configure to use a request header to determine the user IP.
 	"auth.allowedIpAddress": {
 		"clientIpAddress": null,
@@ -901,7 +905,7 @@ All site configuration options and their default values are shown below.
 
 	// The tag to use for the batcheshelper image in executors when using native execution. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.
 	// Other example values:
-	// - "4.1.0"
+	// - "7.2.0"
 	"executors.batcheshelperImageTag": null,
 
 	// The URL where Sourcegraph executors can reach the Sourcegraph instance. If not set, defaults to externalURL. URLs with a path (other than `/`) are not allowed. For Docker executors, the special hostname `host.docker.internal` can be used to refer to the Docker container's host.
@@ -937,7 +941,7 @@ All site configuration options and their default values are shown below.
 
 	// The tag to use for the src-cli image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.
 	// Other example values:
-	// - "4.1.0"
+	// - "7.2.0"
 	"executors.srcCLIImageTag": null,
 
 

diff --git a/docs/admin/repo/perforce.mdx b/docs/admin/repo/perforce.mdx
@@ -228,7 +228,7 @@ With this setting, Sourcegraph will ignore any rules with a host other than `*`,
 
 {/* SCHEMA_SYNC_START: admin/code_hosts/perforce.schema.json */}
 {/* WARNING: This section is auto-generated during releases. Do not edit manually. */}
-{/* Last updated: 2026-04-27T11:17:39Z */}
+{/* Last updated: 2026-05-22T23:03:45Z */}
 ```json
 {
 	// If non-null, enforces Perforce depot permissions.

diff --git a/docs/cli/references/abc/index.mdx b/docs/cli/references/abc/index.mdx
@@ -0,0 +1,15 @@
+# `src abc`
+
+manages agentic batch changes.
+
+
+
+## Usage
+
+```sh
+$ src abc [command options]
+```
+
+## Subcommands
+
+* [`variables`](abc/variables)
diff --git a/docs/cli/references/abc/variables/delete.mdx b/docs/cli/references/abc/variables/delete.mdx
@@ -0,0 +1,32 @@
+# `src abc variables delete`
+
+Delete variables on a workflow instance.
+
+Delete workflow instance variables
+
+Examples:
+
+  Delete a variable from a workflow instance:
+
+	    $ src abc variables delete QWdlbnRpY1dvcmtmbG93SW5zdGFuY2U6MQ== approval
+
+  Delete multiple variables in one request:
+
+	    $ src abc variables delete QWdlbnRpY1dvcmtmbG93SW5zdGFuY2U6MQ== --var approval --var checkpoints
+
+## Usage
+
+```sh
+$ src abc variables delete [options] <workflow-instance-id> [<name> ...]
+```
+
+## Flags
+
+| Name | Description | Default Value |
+|------|-------------|---------------|
+| `--dump-requests` | Log GraphQL requests and responses to stdout | `false`|
+| `--get-curl` | Print the curl command for executing this query and exit (WARNING: includes printing your access token!) | `false`|
+| `--insecure-skip-verify` | Skip validation of TLS certificates against trusted chains | `false`|
+| `--trace` | Log the trace ID for requests. See https://docs.sourcegraph.com/admin/observability/tracing | `false`|
+| `--user-agent-telemetry` | Include the operating system and architecture in the User-Agent sent with requests to Sourcegraph | `true`|
+| `--var` | Variable name to delete. Repeat for multiple names. | ``|
diff --git a/docs/cli/references/abc/variables/index.mdx b/docs/cli/references/abc/variables/index.mdx
@@ -0,0 +1,16 @@
+# `src abc variables`
+
+manage workflow instance variables.
+
+
+
+## Usage
+
+```sh
+$ src abc variables [command options]
+```
+
+## Subcommands
+
+* [`delete`](variables/delete)
+* [`set`](variables/set)
diff --git a/docs/cli/references/abc/variables/set.mdx b/docs/cli/references/abc/variables/set.mdx
@@ -0,0 +1,38 @@
+# `src abc variables set`
+
+Set variables on a workflow instance.
+
+Set workflow instance variables
+
+Examples:
+
+  Set a string variable on a workflow instance:
+
+    	$ src abc variables set QWdlbnRpY1dvcmtmbG93SW5zdGFuY2U6MQ== prompt="tighten the review criteria"
+
+  Set multiple variables in one request:
+
+    	$ src abc variables set QWdlbnRpY1dvcmtmbG93SW5zdGFuY2U6MQ== --var prompt="tighten the review criteria" --var checkpoints='[1,2,3]'
+
+  Set a structured JSON value:
+
+	    $ src abc variables set QWdlbnRpY1dvcmtmbG93SW5zdGFuY2U6MQ== checkpoints='[1,2,3]'
+
+NOTE: Values are interpreted as JSON literals when valid. Otherwise they are sent as plain strings.
+
+## Usage
+
+```sh
+$ src abc variables set [options] <workflow-instance-id> [<name>=<value> ...]
+```
+
+## Flags
+
+| Name | Description | Default Value |
+|------|-------------|---------------|
+| `--dump-requests` | Log GraphQL requests and responses to stdout | `false`|
+| `--get-curl` | Print the curl command for executing this query and exit (WARNING: includes printing your access token!) | `false`|
+| `--insecure-skip-verify` | Skip validation of TLS certificates against trusted chains | `false`|
+| `--trace` | Log the trace ID for requests. See https://docs.sourcegraph.com/admin/observability/tracing | `false`|
+| `--user-agent-telemetry` | Include the operating system and architecture in the User-Agent sent with requests to Sourcegraph | `true`|
+| `--var` | Variable assignment in <name>=<value> form. Repeat to set multiple variables. | ``|
diff --git a/docs/cli/references/api.mdx b/docs/cli/references/api.mdx
@@ -1,37 +1,6 @@
 # `src api`
 
-
-## Flags
-
-| Name | Description | Default Value |
-|------|-------------|---------------|
-| `-dump-requests` | Log GraphQL requests and responses to stdout | `false` |
-| `-get-curl` | Print the curl command for executing this query and exit (WARNING: includes printing your access token!) | `false` |
-| `-insecure-skip-verify` | Skip validation of TLS certificates against trusted chains | `false` |
-| `-query` | GraphQL query to execute, e.g. 'query \{ currentUser \{ username \} \}' (stdin otherwise) |  |
-| `-trace` | Log the trace ID for requests. See https://docs.sourcegraph.com/admin/observability/tracing | `false` |
-| `-user-agent-telemetry` | Include the operating system and architecture in the User-Agent sent with requests to Sourcegraph | `true` |
-| `-vars` | GraphQL query variables to include as JSON string, e.g. '\{"var": "val", "var2": "val2"\}' |  |
-
-
-## Usage
-
-```
-Usage of 'src api':
-  -dump-requests
-    	Log GraphQL requests and responses to stdout
-  -get-curl
-    	Print the curl command for executing this query and exit (WARNING: includes printing your access token!)
-  -insecure-skip-verify
-    	Skip validation of TLS certificates against trusted chains
-  -query string
-    	GraphQL query to execute, e.g. 'query { currentUser { username } }' (stdin otherwise)
-  -trace
-    	Log the trace ID for requests. See https://docs.sourcegraph.com/admin/observability/tracing
-  -user-agent-telemetry
-    	Include the operating system and architecture in the User-Agent sent with requests to Sourcegraph (default true)
-  -vars string
-    	GraphQL query variables to include as JSON string, e.g. '{"var": "val", "var2": "val2"}'
+interacts with the Sourcegraph GraphQL API.
 
 Exit codes:
 
@@ -43,21 +12,35 @@ Examples:
 
   Run queries (identical behavior):
 
-    	$ echo 'query { currentUser { username } }' | src api
-    	$ src api -query='query { currentUser { username } }'
+    	$ echo 'query \{ currentUser \{ username \} \}' | src api
+    	$ src api -query='query \{ currentUser \{ username \} \}'
 
   Specify query variables:
 
     	$ echo '<query>' | src api 'var1=val1' 'var2=val2'
 
   Searching for "Router" and getting result count:
 
-    	$ echo 'query($query: String!) { search(query: $query) { results { resultCount } } }' | src api 'query=Router'
+    	$ echo 'query($query: String!) \{ search(query: $query) \{ results \{ resultCount \} \} \}' | src api 'query=Router'
 
   Get the curl command for a query (just add '-get-curl' in the flags section):
 
-    	$ src api -get-curl -query='query { currentUser { username } }'
+    	$ src api -get-curl -query='query \{ currentUser \{ username \} \}'
 
+## Usage
 
+```sh
+$ src api [options] [variable=value ...]
 ```
-
+
+## Flags
+
+| Name | Description | Default Value |
+|------|-------------|---------------|
+| `--dump-requests` | Log GraphQL requests and responses to stdout | `false`|
+| `--get-curl` | Print the curl command for executing this query and exit (WARNING: includes printing your access token!) | `false`|
+| `--insecure-skip-verify` | Skip validation of TLS certificates against trusted chains | `false`|
+| `--query` | GraphQL query to execute, e.g. 'query \{ currentUser \{ username \} \}' (stdin otherwise) | ``|
+| `--trace` | Log the trace ID for requests. See https://docs.sourcegraph.com/admin/observability/tracing | `false`|
+| `--user-agent-telemetry` | Include the operating system and architecture in the User-Agent sent with requests to Sourcegraph | `true`|
+| `--vars` | GraphQL query variables to include as JSON string, e.g. '\{"var": "val", "var2": "val2"\}' | ``|
diff --git a/docs/cli/references/auth/index.mdx b/docs/cli/references/auth/index.mdx
@@ -0,0 +1,27 @@
+# `src auth`
+
+authentication helper commands.
+
+Authentication-related helper commands.
+
+Examples:
+
+Print the active auth token:
+
+$ src auth token
+sgp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+Print the current Authorization header:
+
+$ src auth token --header
+Authorization: token sgp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+## Usage
+
+```sh
+$ src auth [command options]
+```
+
+## Subcommands
+
+* [`token`](auth/token)