Stream GitHub Copilot agent sessions before audit gaps grow

GitHub changelog image for Copilot agent session streaming.GitHub Changelog
GitHub changelog image for Copilot agent session streaming.GitHub Changelog
AI & Automation

GitHub Copilot agent session streaming is in public preview for Enterprise Cloud customers with enterprise managed users, adding SIEM and REST API access to prompts, responses, and tool-call activity.

GitHub Copilot agent session streaming is now in public preview for GitHub Enterprise Cloud customers with enterprise managed users. Confidence level: confirmed. The useful change is visibility: enterprises can stream or retrieve session activity across Copilot clients, including prompts, responses, and tool calls.

GitHub Copilot agent session streaming changelog image
GitHub Copilot agent session streaming changelog image
GitHub changelog image for Copilot agent session streaming. Source: GitHub Changelog.

What changed

GitHub announced the public preview on July 2, 2026. Enterprise Cloud customers with enterprise managed users can access Copilot agent session data across cloud agents on github.com and data-resident ghe.com, Copilot CLI, Visual Studio Code, Visual Studio, and partner IDEs such as JetBrains and Eclipse.

The data can be sent through a streaming endpoint to an event collector or SIEM from audit log settings. GitHub also says Microsoft Purview is available as a supported streaming endpoint in public preview. For on-demand pulls, enterprise owners can use a REST API endpoint that retrieves the last 48 hours of session data.

Why this is early

This is early because the feature is public preview and limited to Enterprise Cloud customers with enterprise managed users. It is still useful now because coding-agent adoption is moving faster than many audit pipelines.

GitHub's own changelog is the primary source for the session-streaming facts. GitHub's Copilot usage metrics documentation provides adjacent context on how Copilot activity data is exposed to authorized enterprise and organization roles, but it does not replace the changelog for this specific preview.

Key takeaways

  • Copilot agent session streaming is in public preview for Enterprise Cloud with enterprise managed users.
  • The stream can include prompts, responses, and tool calls across supported Copilot clients.
  • Enterprises can send data to an event collector, SIEM, or Microsoft Purview preview endpoint.
  • A REST API path can retrieve the last 48 hours of session data on demand.
  • Teams should review privacy, retention, and access rules before treating session logs as a compliance record.
RouteBest fitAccessCaveat
Streaming endpointSIEM, audit pipeline, or Purview ingestionEnabled through Copilot AI Controls and audit log settingsPublic preview, enterprise scope only
REST APIShort-lookback investigations and spot checksEnterprise owners, last 48 hoursToo short for long-term retention by itself
Existing Copilot metricsAdoption and usage reportingAuthorized enterprise or organization rolesMetrics are not a full session trace

Availability and access

The preview is not for every Copilot customer. GitHub names GitHub Enterprise Cloud customers with enterprise managed users. To enable it, admins go to the Copilot subpage in AI Controls and set both "Copilot Usage Records Streaming" and "Copilot Usage Records API" to enabled everywhere.

The supported client scope is broad, but policy comes first. Before enabling session export, decide who can read the data, how long it is retained, which sensitive prompts require extra handling, and whether security teams or engineering managers own the review workflow.

Practical LinkLoot angle

This is the audit layer many agent programs need before scaling. A coding agent can touch repositories, tools, terminals, and pull requests; without session records, review teams end up reconstructing intent from diffs and scattered chat history.

Start with one controlled pipeline. Stream records into the existing security log path, map fields to the incident model, and test three questions: who started the agent session, what tools were called, and which repository or client surface was involved. Pair this with LinkLoot's AI agent tools guide when defining which agent actions need review gates.

What to verify before you act

  • Confirm your GitHub plan, enterprise managed user setup, and data residency requirements.
  • Check whether the preview exposes the fields your audit team needs, including prompts, responses, and tool calls.
  • Decide whether Microsoft Purview, a SIEM, or a custom collector is the system of record.
  • Do not rely on the 48-hour REST lookback as your only retention path.
  • Review internal policy for sensitive prompt content before broadening access to session logs.

Source check

Confirmed by: GitHub's July 2, 2026 changelog confirms the public preview, customer scope, client coverage, streaming endpoint, REST API option, Microsoft Purview preview support, and AI Controls enablement path.

Context: GitHub's Copilot usage metrics documentation confirms that Copilot usage data is exposed through dashboard and API paths for authorized roles. LinkLoot treats that page as context only; the session-streaming release details come from the changelog.

FAQ

It is a public preview that lets eligible enterprises stream Copilot agent session data such as prompts, responses, and tool calls.