Govern AI agents on GitHub
Apply governance to AI agents that open pull requests and manage issues. The GitHub pack enforces pre-dispatch policy checks on repository operations, requires approval for write actions, and logs every agent interaction with your repos. Read operations are allowed by default; writes such as creating a PR, issue, or comment are gated by policy.
What this pack does
- Pre-dispatch policy checks on PR creation, issue create, and comments
- Repository allowlist enforced by the worker
- Approval gates for write-category operations
- Full audit trail of agent-initiated changes
Use cases
Require approval before an agent opens a pull request
Scope agents to an allowlist of repositories
Audit all AI-generated pull requests and issue activity
Quick setup
- 1Install the GitHub pack: cordumctl pack install github
- 2Configure a GitHub App or PAT with required scopes
- 3Define policy rules for repository operations
- 4Enable the pack and test with a dry-run agent
Frequently asked questions
Can I restrict which repositories agents can act on?
Yes. The GitHub worker enforces a repository allowlist, so agents only operate on the repos you authorize. Read operations are allowed by default, while writes such as opening pull requests, creating issues, or adding comments are evaluated against policy before they run.
Which GitHub actions can agents take, and how are they gated?
The worker supports read actions like fetching repos, issues, and pull requests, and write actions for creating issues, commenting, and opening pull requests. Write actions require approval by default, so the Safety Kernel returns a Require Approval or Deny decision before the GitHub API call is ever made. You can further express which repos and actions are permitted with allow/deny lists.
Do agents need a personal access token, or can we use a GitHub App?
Either works. You can authenticate the worker with a GitHub App or a PAT scoped to the minimum permissions it needs. Cordum governs the action at the policy layer regardless of credential type, and you keep the token in the worker environment rather than in the agent.
What audit detail do we get for AI-generated pull requests?
Every agent-initiated change is captured in the audit trail with the repository, action, governance decision, and approver if one was required. That gives you a complete record of which agent opened which PR or issue, and on whose authority it was allowed.
Ready to govern GitHub?
Other integrations
Approval notifications and agent alerts in Slack channels.
Govern AI agent read and write actions against the AWS API.
Governance for AI agents managing Jira workflows.
Govern AI agents responding to Kubernetes incidents.
Feed Datadog alerts into governed agent workflows.
Govern AI agents in PagerDuty incident workflows.