Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Latest AI and industry news. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

News Trending Product

GitHub Copilot Now Plans, Researches, and Codes Alone

GitHub's Copilot cloud agent now researches codebases, proposes implementation plans for approval, and writes code on a branch with no pull request required.

Enterprise DNA | | via GitHub Changelog
GitHub Copilot Now Plans, Researches, and Codes Alone

GitHub rolled out a set of changes to its Copilot cloud agent last week that collectively change what the product actually is. This is no longer an autocomplete tool with occasional PR creation. As of April 1, Copilot cloud agent can research a codebase, propose an implementation plan, wait for a human to review and approve it, then write the code on a branch — without opening a pull request until you decide you are ready.

Two days later, on April 3, GitHub added cryptographic commit signing, organisation-level runner controls, and firewall settings for the agent. That combination — autonomous planning plus security controls — is the configuration that cautious enterprise teams have been waiting for.

What Changed

The April 1 changelog introduced three distinct modes for the Copilot cloud agent:

Research lets you ask Copilot broad questions about a codebase that require genuine investigation. Rather than surfacing documentation or generating a speculative answer, it works through the repository systematically and returns findings grounded in actual code. For teams inheriting a large legacy codebase or onboarding engineers onto complex systems, this is meaningfully different from a search or a docs summary.

Plan separates the proposal from the execution. You describe what you want built. Copilot returns an implementation plan. You review it, push back on any decisions you do not like, and approve the approach before a single line of code is written. This is the mode that turns Copilot from an assistant into something closer to a junior developer who checks their reasoning before starting work.

Code (branch-first) lets the agent write code on a branch without immediately forcing a pull request. You review the full diff via a button in the interface. If it looks right, you create the PR. If it does not, you iterate. The previously rigid PR-creation flow is now a step you trigger, not one the agent imposes.

Together, these three modes build a workflow that looks like this: ask a question, get a grounded research response, request an implementation plan, approve the approach, let the agent write it, review the diff, and create a PR when you are confident. That is a supervised but largely autonomous development loop.

Why Commit Signing Matters More Than It Sounds

The April 3 signing update is the change that unblocks enterprise adoption.

Many engineering teams, especially those in regulated industries or with serious security postures, require signed commits as a branch protection rule. A signed commit carries a cryptographic signature verifiable as coming from a specific identity. The “Verified” badge on GitHub is the visible indicator. If a commit is not signed, it cannot be merged.

Before April 3, Copilot cloud agent could not work in repos with this rule enabled. That made it unusable for the security-conscious teams most likely to be evaluating it for meaningful deployment. The signing update removes that blocker. The agent’s commits now show as verified.

The same April 3 release added organisation runner controls (letting administrators specify which runners the agent can use) and firewall settings (controlling what external resources the agent can access during its sessions). These are the kinds of controls that separate a prototype you let run on a test repo from an agent you let operate on production codebases.

What This Means for Teams Using AI in Development

The practical question for engineering teams and data professionals building internal tools is not whether to use AI assistance in development. That question has been answered. The question now is how to structure the human-in-the-loop checkpoints as AI agents take on more autonomous roles.

GitHub’s architecture here is a useful model: research is fully autonomous, planning requires human approval, code execution requires human review before promotion. Each stage involves AI doing more of the cognitive work while humans retain control over the decisions that carry the most risk.

For data teams building analytics tools, pipelines, or custom internal applications, this changes the cost structure for development work. Tasks that previously required days of focused developer time — understanding a codebase well enough to plan a feature, drafting an implementation for review — can now move faster. The human role shifts toward specification and review, which is where judgment matters most.

What this means for business:

If your team uses GitHub Copilot Business or Enterprise, the cloud agent capabilities are included. Enabling them requires an administrator to turn on the feature. The April 3 security updates mean it is now viable for teams that previously could not use it due to commit signing requirements.

More broadly, the direction is clear. Vibe coding — generating code through prompts without reviewing the underlying logic — is one version of AI-assisted development. What GitHub is building here is the opposite: a structured, supervised workflow where AI handles execution and humans handle decisions. For businesses deploying AI in engineering contexts, that second model is the one that scales safely.


If you want the playbook other teams are using with Claude and Codex right now, grab the free Working With Claude field guide. Download it here.

Working With Claude field guide cover

Free Resource

Going deeper with Claude?

Get the free 32-page implementation guide for ANZ teams.

No spam. Unsubscribe any time.