We are now announcing general availability of GitHub’s Enterprise AI Controls and agent control plane, a suite of enterprise governance features designed to give GitHub Enterprise administrators deeper control and greater auditability around the use of AI controls and agents across their environments. AI administration teams are expected to enable AI capabilities for their users while keeping their businesses safe. That starts with governance fundamentals, understanding agent activity, and effective audit logging. In the preview announcement we introduced these core features:

A role and a workspace for AI administrators

AI Controls in enterprise settings is the one consolidated view and top-level navigation for administrative tasks related to AI systems in GitHub. Decentralize this administration responsibility to the enterprise teams responsible for AI standards and adoption through an enterprise custom role, using fine-grained permissions that allow you to view audit logs, agent session activity, and manage AI Controls.

Know what your agents are doing

Audit logs give you full visibility into what your agents are up to. Each log entry includes an actor_is_agent identifier, along with user and user_id fields so you can see who the agent is acting on behalf of. A new agent_session.task event also captures when sessions have started, finished, or failed to complete. In addition, you can view cloud agent session activity from the last 24 hours, and manage an enterprise-wide MCP allowlist through a centralized MCP registry URL.

Set enterprise standards for custom agents

Custom agents give you the opportunity to give your agents context and specialization that works for your enterprise and organization code bases and roles. Set the standards, version control them, and start from a place of intention that can evolve. Use the 1-click push rule to protect the static file path for custom agents (i.e., .github/agents/*.md) across your enterprise from edits and update that rule for how you choose to operate at scale.

What’s new in this release

With the general availability release, administrators or designated AI managers additionally receive more discovery and configuration capabilities.

Discover and manage agent activity

Search for agentic session activity filtered by specific agents, including third-party agents, and track usage by organizations within your enterprise. The agents page audit log automatically prefilters results from Copilot and third-party agents for faster discovery. Cloud agent session activity now goes beyond the initial 1,000 record limit, making all sessions from the last 24 hours visible and easy to trace down to the session details.

Configure enterprise agent policies

API support is available to programmatically apply enterprise-wide custom agent definitions for greater control and compliance. You can set the source organization and list custom agents defined in the canonical .github-private/agents/*.md repository path. On the UI side, the AI Controls tab in enterprise settings is now the permanent home for all AI-related policies and settings, with the previous Copilot policies page and its redirect fully removed.

MCP enterprise allow lists remain in public preview

Managing enterprise-wide MCP allowlists will remain in preview at this time. We are designing allowlists that scale better across organizations without creating multiple registries. All other AI Controls features are generally available.

Looking ahead

Moving forward we’ll be introducing more comprehensive session activity coverage to Copilot clients such as VS Code and Copilot CLI, add programmatic access support to agent activity, add granularity and API coverage to policies in AI Controls, and provide more options for MCP governance.

To learn more, see our documentation on AI controls and the agent control plane.

Join the discussion within GitHub Community.