GitHub updates Copilot with new agentic code review features
Serge Bulaev
GitHub has announced new Copilot features that may help reduce the daily review workload for developers and maintainers. These updates include Copilot Code Review, Agentic Merge, and new contributor controls, which are meant to handle repetitive tasks while keeping humans in control. The tools are offered as optional building blocks, not strict requirements, so teams can choose what fits best. GitHub suggests that these tools provide an early check for problems but are not a complete security solution. How quickly teams use these features may depend on how much they trust the safety measures and how well the tools catch real issues.
GitHub is updating Copilot with new agentic code review features designed to reduce the daily review burden on developers and maintainers. The update introduces three key pillars: advanced Copilot Code Review, Agentic Merge, and new contributor controls. These tools automate repetitive tasks while keeping humans in the loop, and are offered as flexible building blocks rather than mandatory workflow changes.
Copilot code review moves to an agentic architecture
The new agentic architecture for Copilot Code Review enables it to analyze the entire repository context, not just the code changes. It can identify potential issues, suggest specific line-by-line fixes, and even open new pull requests with the proposed patches, all while running security scans.
According to a changelog entry from March 5, 2026, Copilot Code Review now operates on an agentic architecture. This allows it to gather repository-wide context before generating line-specific comments. Further feature docs explain its ability to propose inline fixes and, via a public preview, use a cloud agent to apply these fixes in a new pull request. GitHub emphasizes that this agent runs in a secure, firewalled environment and performs CodeQL, secret scanning, and dependency analysis, positioning it as a powerful first-pass review tool rather than a complete security guarantee.
Agentic Merge and workflow guardrails
The new Agentic Merge feature can monitor CI checks, act on review feedback, and execute a merge once all repository conditions are met. However, human oversight remains a core principle; pull requests are never automatically merged without explicit maintainer approval. This approach balances powerful automation with essential governance and compliance needs.
Maintainer controls aim for community relief
To support large open source projects, GitHub is enhancing moderation and gating features. Maintainers gain more control with options to lock conversations, manage comments, and set temporary interaction limits. New settings allow for restricting pull request approvals to specific users or teams. GitHub is also reportedly developing further "maintainer relief" tools, such as pinned contribution guidelines and criteria-based gating.
Key security guardrails for agentic workflows are now integrated into the UI:
- Workflows execute with least-privilege permissions by default.
- Code is validated and scanned for threats before application.
- Cross-repository workflow dispatches are controlled via allowlists.
- Review approvals can be gated and restricted to designated teams.
These controls are optional and can be adopted incrementally, offering a flexible framework suitable for projects of any size, from small libraries to enterprise monorepos.
Balancing Automation and Control
The road to 2026 for GitHub developers involves two parallel tracks: powerful agents that automate mechanical work and robust policy controls that keep humans in command. The adoption rate of these new Copilot features will ultimately hinge on the community's trust in the security guardrails and the agent's real-world effectiveness in identifying and resolving code defects.
What exactly can the new agentic Copilot code review do for my pull requests today?
Since March 5, 2026 the feature is generally available for Copilot Pro, Pro+, Business and Enterprise tiers.
It now runs on an agentic tool-calling architecture that examines the entire repository context (directory layout, related files, external references) instead of only the diff.
Key abilities:
- Find vulnerabilities - each suggestion is run through CodeQL, secret scanning and dependency analysis before it is shown.
- Suggest concrete changes - feedback is mapped to exact lines and files.
- Auto-apply fixes in a public preview - click "Create PR" and the Copilot cloud agent will spin up an ephemeral, fire-walled container, patch the code and open a new PR with the fixes already applied.
- Obey custom review guidance so your team style guide is respected.
Current limitation: the fix loop is still preview and subject to change, so every created PR still requires human review and approval.
How does agentic merge differ from classic GitHub Actions or bots?
Agentic merge (part of the Agentic Workflows stack, public preview June 11, 2026) goes beyond CI triggers.
When enabled, you define a policy in plain Markdown and GitHub compiles it into Actions YAML behind the scenes.
It can:
- Finish remaining PR tasks (assign reviewers, add labels, update docs).
- Wait for CI to go green and automatically rerun failed jobs if safe.
- Apply squash or rebase strategies that respect the repo's merge-settings.
Human-in-the-loop is enforced: workflows run in a read-only sandbox with a dedicated threat-detection job, and no PR is auto-merged until a maintainer clicks "Confirm".
The goal is to reduce busy-work, not to replace oversight.
What new controls can open-source maintainers use to govern contributions?
GitHub doubled-down on maintainer relief in 2026:
- Review gates - limit approvals and requested-changes to a named list of users.
- Temporary interaction limits - throttle or block users during spam waves.
- Enhanced moderation - maintainers with write access can now delete or hide comments and lock conversations without leaving the UI.
- Policy files - a pinned
CONTRIBUTING.mdandCODE_OF_CONDUCT.mdare surfaced in every new PR template, making expectations explicit. - Team maintainer roles - delegate membership and review assignment while keeping admin privileges separate.
Every control is opt-in and configurable, reflecting GitHub's stance to provide building blocks rather than enforce a single workflow.
Is the Copilot cloud agent safe to run against sensitive enterprise code?
Yes. Each agent run is:
- Ephemeral - container lives only for the task, then is destroyed.
- Fire-walled - no outbound internet except controlled package registries.
- Scanned in real time - newly generated code is re-checked by CodeQL and secret scanning before the PR is opened.
- Least-privilege by default - the workflow starts with read-only repo permissions and escalates only if the policy explicitly allows.
All actions are logged and reviewable under the normal Actions auditing stack.
When will these features reach my Copilot tier?
| Tier | Agentic code review | Agentic merge preview |
|---|---|---|
| Copilot Free | Not included | Not included |
| Pro / Pro+ | Available today | Public preview |
| Business / Enterprise | Available today | Public preview |
GitHub has not announced final GA dates for agentic merge; they recommend treating it as early-access and enabling it only on low-risk repositories while the guardrails mature.