Introduction
As agent systems become more capable, the most important design question is no longer what they can do—it's what they should be allowed to do.
Real-world agent systems in software engineering operate within constraints such as security requirements, compliance obligations, operational risk management, and organizational policies.
Without governance, even well-designed agents can introduce serious problems:
- Unauthorized changes to critical code
- Unsafe deployments
- Excessive permissions or sensitive data exposure
- Lack of accountability and forensic trace
In the GitHub ecosystem, governance isn't a separate system. It's enforced directly via repository controls, workflows, and enforceable policies.