← Back
GitHub
GitHub's Enterprise AI Controls and agent control plane now generally available
GitHub CopilotGitHub · releaseapifeatureplatform · github.blog ↗

General Availability Release

GitHub's Enterprise AI Controls and agent control plane are now generally available, delivering a suite of enterprise governance features designed to help GitHub Enterprise administrators manage AI capabilities securely across their organizations. This unified platform consolidates AI administration, audit visibility, and policy enforcement into a single control center.

Key Features

AI Administration Role & Workspace

A new consolidated AI Controls view serves as the top-level navigation for all AI-related administrative tasks. Enterprise administrators can delegate AI governance responsibilities through custom roles with fine-grained permissions, enabling teams to view audit logs, monitor agent activity, and manage enterprise AI policies without full admin access.

Enhanced Agent Activity Visibility

Comprehensive audit logging now captures all agent operations with full attribution. Log entries include:

  • actor_is_agent identifiers to distinguish agent actions from user actions
  • user and user_id fields showing who the agent is acting on behalf of
  • New agent_session.task events tracking session start, completion, and failure states
  • Cloud agent session activity from the last 24 hours with expanded visibility beyond previous limits

Custom Agent Standards & Protection

Administrators can establish enterprise-wide standards for custom agents through version control. A new one-click push rule protects the .github/agents/*.md file path from unauthorized edits, enabling consistent custom agent governance across the enterprise.

New in General Availability

Agent Activity Discovery & Management: Search and filter agentic session activity by specific agents (including third-party integrations), track usage by organization, and access all sessions from the last 24 hours—removing the previous 1,000 record limit for complete audit trails.

Enterprise Agent Policies via API: New REST API endpoints enable programmatic management of custom agent definitions, allowing organizations to apply enterprise-wide agent policies with greater control and compliance automation. The AI Controls tab now serves as the permanent home for all AI policies, with deprecated Copilot policies pages removed.

MCP Allowlists (Preview): Enterprise-wide MCP registry management remains in public preview while GitHub designs scalable solutions for multi-organization deployments.

Looking Ahead

GitHub plans to expand session activity coverage to additional Copilot clients (VS Code, Copilot CLI), add programmatic access to agent activity metrics, extend policy API coverage, and improve MCP governance options.