GitHub Opens Copilot Agent Session Streaming for Enterprise Audit Trails
GitHub has opened Copilot agent session streaming in public preview for Enterprise Cloud customers with enterprise managed users, giving security teams direct visibility into prompts, responses, and tool calls across Copilot clients.
GitHub Copilot agent session streaming is confirmed and in public preview for GitHub Enterprise Cloud customers with enterprise managed users. It gives enterprise owners a way to export Copilot agent activity, including prompts, responses, and tool calls, into audit pipelines or query it through a REST API. Confidence level: confirmed, with access limited by enterprise account type, policy settings, and preview status.

What changed
GitHub now lets eligible enterprises access Copilot agent session data across Copilot clients. The changelog names cloud agents on github.com, data-resident deployments on ghe.com, partner IDEs such as JetBrains and Eclipse, and broader Copilot client activity as covered surfaces.
The feature has two access paths. Enterprises can stream session data from audit log settings to an event collector or SIEM, including Microsoft Purview in public preview. They can also use the REST API endpoint GET /enterprises/{enterprise}/copilot/usage-records to retrieve recent Copilot usage records on demand.
| Surface | What it gives admins | Access path | Caveat |
|---|---|---|---|
| Streaming endpoint | Continuous Copilot agent session export | Audit log streaming settings | Public preview; SIEM setup required |
| REST API | On-demand usage-record retrieval | GET /enterprises/{enterprise}/copilot/usage-records | GitHub docs list a 48-hour window in the changelog context |
| Copilot clients | Prompts, responses, and tool-call visibility | Enterprise-paid Copilot licenses | Only where users operate under eligible enterprise controls |
| Microsoft Purview | Direct auditability route for Microsoft shops | Supported streaming endpoint | Public preview status applies |
Why this is early
This is early because GitHub marks the feature as public preview and the REST documentation says the endpoint is subject to change. The operational signal is still strong: GitHub published both the changelog and the API documentation, and the docs already list the permission model, endpoint path, supported filters, and enterprise constraints.
The scan did not rely on social posts or Product Hunt-style discovery for this item. It uses GitHub's own product announcement and documentation, then treats API examples as factual reference only. Code snippets in the docs triggered a generic curl pattern in the source scanner, but there were no source instructions to follow or role-changing claims to trust.
Key takeaways
- GitHub Copilot agent session streaming is in public preview for GitHub Enterprise Cloud customers with enterprise managed users.
- Enterprises can stream agent session data to SIEM-style collectors or query recent records through the REST API.
- The data covers prompts, responses, and tool calls across supported Copilot clients.
- GitHub requires enterprise-level policy enablement before these records are available.
- Security and compliance teams should treat this as an audit design change, not just another usage dashboard.
Availability and access
GitHub says enterprise customers must enable both "Copilot Usage Records Streaming" and "Copilot Usage Records API" in AI Controls. The REST docs say only eligible enterprise owners can access the usage-records endpoint, and token permissions must include the right enterprise-level read access.
This is not a Free, Pro, or small-team feature. The practical audience is organizations already managing Copilot at enterprise scale, especially those with enterprise managed users, data-residency requirements, SIEM ingestion, or internal AI governance reporting.
Practical LinkLoot angle
Agent logs are becoming part of the software audit trail. If Copilot agents can read code, call tools, and produce changes across multiple clients, enterprise teams need a record that security, legal, and engineering leaders can inspect without asking developers to self-report risky sessions.
This also changes rollout planning. Teams can pair Copilot access with a retention and review policy: decide which records go to the SIEM, who can query the API, how long records are retained outside GitHub, and what events trigger security review. LinkLoot's AI agent tools guide is the right hub for comparing this against other agent platforms that expose weaker audit hooks.
What to verify before you act
- Confirm your GitHub Enterprise Cloud and enterprise managed user setup is eligible for the preview.
- Enable the required AI Controls for usage-record streaming and API access before expecting data.
- Check token scopes, fine-grained permissions, and enterprise-owner access rules.
- Test the exact fields exported to your SIEM, including prompt, response, tool-call, user, timestamp, and client metadata.
- Review privacy, retention, and employee-monitoring requirements before storing raw agent sessions outside GitHub.
Source check
Confirmed by: GitHub's July 3 changelog confirms public preview status, covered Copilot clients, streaming support, Microsoft Purview preview support, and the REST endpoint name.
Confirmed by documentation: GitHub's REST API docs confirm the copilot/usage-records endpoint, preview caveat, enterprise permission requirements, supported query filters, and the broader Copilot metrics policy requirement.
Open items: Preview behavior can change. LinkLoot will treat API schema changes, broader customer availability, or GA status as update triggers rather than assuming the current preview contract is final.
It is a public-preview GitHub Enterprise Cloud feature that exports Copilot agent session activity, including prompts, responses, and tool calls, to audit pipelines.
