← Integrations AI coding

GitHub Copilot, evidenced.

Copilot runs in GitHub's cloud. You cannot proxy it the way you proxy other coding tools. What you can do is bring Copilot activity into your governance plane, pair it with a signed audit trail, and enforce one policy across every coding AI in your org.

Book a meeting See the runtime
The tool
GitHub Copilot
AI pair programmer across IDEs, CLI, and the web.

Copilot Business and Copilot Enterprise ship with content exclusions and admin logs. They do not ship with cryptographic evidence, unified cross-tool policy, or auditor-ready export. Raidu adds those layers.

Without governance

Copilot gives you controls. Not proof.

Admins configure Copilot exclusions and get a log. Regulators ask for tamper-evident evidence, cross-tool consistency, and retention guarantees. That gap is what Raidu closes.

Risk 01

Content exclusions without proof

GitHub honors repository-level content exclusions. Your auditor asks how you prove an exclusion was in effect at the moment of a specific completion. Admin settings alone are not evidence.

Risk 02

Audit log without tamper-evidence

Copilot's audit log is pulled from GitHub on demand. It is not cryptographically chained, not signed on your side, and not retained by you. If the record is disputed, the trust root is GitHub, not you.

Risk 03

Policy fragmentation across tools

Most teams run Copilot plus Cursor plus an Anthropic or OpenAI client. Each has its own admin panel. Security writes a policy once and enforces it three times. Drift is inevitable.

Risk 04

No unified SOC 2 or HIPAA evidence package

Auditors ask for one evidence bundle covering AI coding assistance across the org. Copilot produces some. Other tools produce some. Nobody produces one signed package. That is the gap.

With Raidu

How Raidu layers evidence around Copilot.

Raidu does not intercept Copilot's outbound traffic. GitHub does not allow that. Raidu complements Copilot with the three things GitHub does not provide: cross-tool policy, signed independent evidence, and auditor-ready export.

01

Unified policy across all coding AI

Policy plane

Define one policy for AI coding assistance. Raidu enforces it at runtime for Cursor, Cline, Continue, Claude Code. For Copilot, Raidu mirrors the rules into GitHub's admin settings via the Copilot admin API where supported, and flags drift.

02

Independent audit log

Evidence plane

Raidu ingests Copilot's usage logs via the GitHub API on a regular schedule, rebuilds the signed chain on your side with RSA-4096 signatures and SHA-256 hashes, and persists it to WORM with 10-year retention. Your evidence is yours.

03

Content exclusion proof

Evidence plane

Every configured exclusion is hashed and signed at the time it is set. When an auditor asks whether exclusion X was in effect on date Y, Raidu returns a signed timeline.

04

One SOC 2 / HIPAA / EU AI Act bundle

Export plane

Export a single evidence bundle covering Copilot and every other AI coding tool in the org. Auditor-ready. Regulation-mapped. Cryptographically verifiable without access to your environment.

Integration

Connect Copilot to your evidence plane.

Point Raidu at your GitHub org. Raidu pulls Copilot usage, rehashes, signs, and layers it under your unified policy.

Raidu console · GitHub connector json
{
  "connector": "github-copilot",
  "org": "acme-corp",
  "auth": "github-app",
  "ingest": {
    "usageLogs": "hourly",
    "contentExclusions": "on-change"
  },
  "policy": "coding.eng.v7",
  "sign": "rsa-4096",
  "retain": "10y"
}

// Every Copilot session becomes a signed record on your side, under your policy.
Questions

Questions from teams already on Copilot Enterprise.

Why can't Raidu intercept Copilot's outbound traffic directly? +
Copilot runs in GitHub's cloud and uses GitHub's own model routing. GitHub does not expose a configurable base URL for Copilot IDE plugins. Raidu integrates at the layers GitHub does expose: audit logs, admin APIs, and content exclusion settings.
Is the Raidu audit trail a replacement for GitHub's Copilot logs? +
It is an independent, signed mirror. GitHub's logs remain the upstream source. Raidu rehashes them under your key, ties them to your policy version, and persists them to WORM storage you control.
How does Raidu help with SOC 2 and HIPAA evidence? +
Raidu produces one exportable bundle covering every AI coding tool in your org, including Copilot. Mapped to SOC 2 CC controls and HIPAA Technical Safeguards. Signatures are independently verifiable.
Does this work for GitHub Copilot Business, Enterprise, or both? +
Both. Enterprise unlocks richer admin APIs and deeper ingestion; Business works for policy mirroring, usage ingestion, and evidence. Air-gapped GitHub Enterprise Server is also supported.
What about the new Copilot coding agent and Spaces? +
Any surface that writes to audit logs or admin APIs is covered. As GitHub expands Copilot's agent and workspace APIs, Raidu's connector follows.
Does Raidu replace Copilot? +
No. Raidu adds the governance and evidence layer around Copilot and around every other AI coding tool your team uses. Copilot stays Copilot.