[2026-03-20] Trace any Copilot coding agent commit to its session logs (#60381)

Copilot · timrogers · hubwriter · web-flow · commit e0c9dcb16058 · 2026-03-24T19:51:52.000Z
Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: timrogers &lt;116134+timrogers@users.noreply.github.com&gt;
Co-authored-by: Tim Rogers &lt;timrogers@github.com&gt;
Co-authored-by: hubwriter &lt;hubwriter@github.com&gt;
Co-authored-by: mc &lt;42146119+mchammer01@users.noreply.github.com&gt;
diff --git a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md
@@ -149,7 +149,10 @@ Security is a fundamental consideration when you enable {% data variables.copilo
 * **Treated as an outside collaborator**
   * Draft pull requests created by {% data variables.copilot.copilot_coding_agent %} must be reviewed and merged by a human. {% data variables.copilot.copilot_coding_agent %} cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request.
   * By default, {% data variables.product.prodname_actions %} workflows are not triggered for {% data variables.copilot.copilot_coding_agent %}'s pull requests until a user with write access to the repository clicks the **Approve and run workflows** button. Optionally, you can configure {% data variables.product.prodname_copilot_short %} to allow workflows to run automatically. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs#managing-github-actions-workflow-runs).
-* **Tracked for compliance**: {% data variables.copilot.copilot_coding_agent %}'s commits are co-authored by the developer who assigned the issue or requested the change to the pull request, allowing attribution of proposed changes. The developer who asked {% data variables.product.prodname_copilot_short %} to create a pull request cannot approve that pull request. In repositories where an approving review is required, this ensures that at least one independent developer reviews {% data variables.copilot.copilot_coding_agent %}'s work.
+* **Tracked for compliance**
+  * {% data variables.copilot.copilot_coding_agent %}'s commits are authored by {% data variables.product.prodname_copilot_short %}, with the developer who assigned the issue or requested the change to the pull request marked as the co-author. This makes it easier to identify code generated by {% data variables.copilot.copilot_coding_agent %} and who started the task.
+  * The commit message for each agent-authored commit includes a link to the agent session logs, for code review and auditing. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions).
+  * The developer who asked {% data variables.product.prodname_copilot_short %} to create a pull request cannot approve that pull request. In repositories where an approving review is required, this ensures that at least one independent developer reviews {% data variables.copilot.copilot_coding_agent %}'s work.
 
 For more information, see:
 * [AUTOTITLE](/copilot/tutorials/pilot-copilot-coding-agent#2-secure) (information on how organization owners can further enhance security)
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions.md
@@ -121,6 +121,12 @@ You can see a list of your running and past pull requests generated by agents in
 
    <img width=350rem src="/assets/images/help/copilot/coding-agent/mobile-status-dropdown.png" alt="Screenshot of the status dropdown list with a check mark against 'Open'." />
 
+## Tracing commits to session logs
+
+Every commit from {% data variables.copilot.copilot_coding_agent %} is authored by {% data variables.product.prodname_copilot_short %}, with the human who started the task marked as the co-author. Each commit message includes a link to the session logs for that commit.
+
+This gives you a permanent link from any agent-authored commit back to the full session logs, so you can understand why {% data variables.product.prodname_copilot_short %} made a change during code review or trace it later for auditing purposes.
+
 ## Using the session logs to understand {% data variables.product.prodname_copilot_short %}'s approach
 
 You can dive into {% data variables.product.prodname_copilot_short %}'s session logs in {% data variables.product.github %} or {% data variables.product.prodname_vscode %} to understand how it approached your task.
diff --git a/content/copilot/responsible-use/copilot-coding-agent.md b/content/copilot/responsible-use/copilot-coding-agent.md
@@ -121,6 +121,12 @@ Its permissions are limited, allowing it to push code and read other resources.
 
 {% data variables.copilot.copilot_coding_agent %} does not have access to Actions organization or repository secrets or variables during runtime. Only secrets and variables specifically added to the `copilot` environment are passed to the agent.
 
+### Ensuring traceability
+
+{% data variables.copilot.copilot_coding_agent %}'s commits are authored by {% data variables.product.prodname_copilot_short %}, with the human who started the task marked as the co-author. This makes it easier to identify code generated by the agent and who initiated the task.
+
+Each commit message includes a link to the agent session logs. This gives you a permanent link from any agent-authored commit to the full session logs, so you can understand why {% data variables.product.prodname_copilot_short %} made a change during code review or trace it later for auditing purposes.
+
 ### Preventing data exfiltration
 
 By default, {% data variables.copilot.copilot_coding_agent %} has a firewall enabled to prevent exfiltration of code or other sensitive data, either accidentally or due to malicious user input.
