Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
246570f
deps(deps): bump https://github.com/astral-sh/ruff-pre-commit
dependabot[bot] Jun 15, 2026
832e095
Merge remote-tracking branch 'origin/dependabot/pre_commit/https-/git…
diegoitaliait Jun 21, 2026
13e5fad
feat: enhance counter-validation requirements in plan writing and aud…
diegoitaliait Jun 21, 2026
fbf5794
feat: update skill documentation for Java and Node.js projects with b…
diegoitaliait Jun 21, 2026
a506f50
feat: enhance Python guidelines with additional common mistakes and s…
diegoitaliait Jun 21, 2026
9c26df8
refactor: improve readability of assertions in counter-validation tests
diegoitaliait Jun 21, 2026
eadeae9
feat: add internal-excel skill with detailed usage guidelines and too…
diegoitaliait Jun 22, 2026
322178e
feat: enhance internal-excel skill documentation with locale handling…
diegoitaliait Jun 22, 2026
b28c80f
feat: enhance internal-excel skill documentation with data integrity,…
diegoitaliait Jun 22, 2026
2fbd85d
feat: enhance bisync_apply logic to allow only resolvable repo blocke…
diegoitaliait Jun 22, 2026
e6c7f35
feat: enhance sync reporting and logic for bisync operations, includi…
diegoitaliait Jun 23, 2026
08f00e0
feat: update AGENTS.md to clarify repository operating principles, sc…
diegoitaliait Jun 23, 2026
e12ab08
feat: update VSCode settings to specify default Python environment ma…
diegoitaliait Jun 23, 2026
5325c96
feat: enhance copilot instructions and related tests for clarity on r…
diegoitaliait Jun 23, 2026
5f6f8a1
Refactor syncing.py to introduce ConsumerLocalKnowledgeSpec for bette…
diegoitaliait Jun 24, 2026
e2643f1
feat: enhance internal-gateway-simple-task with Direct Execution Cont…
diegoitaliait Jun 26, 2026
bedbe6a
feat: implement Direct Execution vs Retained Plan Recommendation acro…
diegoitaliait Jun 26, 2026
e0a48b6
feat: add sequence diagnostics for prompt exports with detailed loggi…
diegoitaliait Jun 27, 2026
3233a13
feat: enhance AI resource review documentation with decision-usefulne…
diegoitaliait Jun 30, 2026
c545107
feat: update AI resource review documentation to include acceptance f…
diegoitaliait Jun 30, 2026
c5b5fa2
Refactor AI resource sync scripts and update reporting format
diegoitaliait Jun 30, 2026
cee1d46
feat: update sync scripts and documentation to enhance reporting form…
diegoitaliait Jun 30, 2026
7880f1c
Enhance skills documentation and references across various internal s…
diegoitaliait Jun 30, 2026
9fc0ce3
feat: enhance AGENTS.md with clearer guidance on repository policy an…
diegoitaliait Jul 1, 2026
75e70e8
refactor: streamline AGENTS.md by removing redundant guidance and cla…
diegoitaliait Jul 1, 2026
aacacec
test: realign root policy assertions to current agents contract
diegoitaliait Jul 1, 2026
f5aa25a
docs: codify current agents root policy contract
diegoitaliait Jul 1, 2026
c090adf
fix: make tools import explicit for analyzer tests
diegoitaliait Jul 1, 2026
72f274f
test: apply ruff formatting for CI stability
diegoitaliait Jul 1, 2026
2898650
build: add ruff to script validation lockfile
diegoitaliait Jul 1, 2026
f94f4e0
build: use venv ruff binary in catalog lint
diegoitaliait Jul 1, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/INVENTORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ This file is the exact path inventory for the live GitHub Copilot catalog in thi
- `.github/skills/internal-debugging/SKILL.md`
- `.github/skills/internal-devops-core-principles/SKILL.md`
- `.github/skills/internal-docker/SKILL.md`
- `.github/skills/internal-excel/SKILL.md`
- `.github/skills/internal-gateway-critical-master/SKILL.md`
- `.github/skills/internal-gateway-execute-plans/SKILL.md`
- `.github/skills/internal-gateway-idea-brainstorming/SKILL.md`
Expand Down Expand Up @@ -168,10 +169,12 @@ These imported `openai-*` office skills remain support-only depth for repositori
- `.github/scripts/graphify-file-change-hook.sh`
- `.github/scripts/install-graphify-hooks.sh`
- `.github/scripts/lib/catalog_checks.py`
- `.github/scripts/lib/cli_runner.py`
- `.github/scripts/lib/critical_master.py`
- `.github/scripts/lib/fingerprinting.py`
- `.github/scripts/lib/internal_skills.py`
- `.github/scripts/lib/inventory.py`
- `.github/scripts/lib/jsonc.py`
- `.github/scripts/lib/shared.py`
- `.github/scripts/lib/syncing.py`
- `.github/scripts/lib/token_risks.py`
Expand All @@ -183,6 +186,7 @@ These imported `openai-*` office skills remain support-only depth for repositori
- `.github/scripts/validate_critical_output.py`
- `.github/scripts/validate_critical_output.sh`
- `.github/scripts/validate_internal_skills.py`
- `.github/scripts/validate_internal_skills.sh`

## Agents

Expand Down
5 changes: 2 additions & 3 deletions .github/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,8 @@
This directory is the source-side catalog for reusable GitHub Copilot
customization assets maintained in `cloud-strategy.github`.

- Root [`AGENTS.md`](../AGENTS.md) is the strategic entrypoint.
- `.github/copilot-instructions.md` is the compact repo-wide Copilot routing bridge.
- `.github/instructions/copilot-code-review.instructions.md` owns the global review baseline.
- Root [`AGENTS.md`](../AGENTS.md) is the strategic agent-policy entrypoint.
- `.github/copilot-instructions.md` is review-only for GitHub.com Copilot code review.
- [`INVENTORY.md`](INVENTORY.md) is the exact path inventory for the live catalog.

## Agents
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Use this agent for route selection, mode selection, approval posture, and bounda
## Routing Rules

- Use this agent for consumer-repository baseline propagation, drift assessment, `plan`, `audit`, and explicit `apply` runs.
- Use this agent when the target repository must inherit the bridge model around `AGENTS.md`, `.github/copilot-instructions.md`, `.github/instructions/copilot-code-review.instructions.md`, `.github/INVENTORY.md`, repository-root `LESSONS_LEARNED.md`, and explicitly shared hygiene files.
- Use this agent when the target repository must inherit the root `AGENTS.md` policy model, review-only Copilot configuration, `.github/INVENTORY.md`, repository-root `LESSONS_LEARNED.md`, and explicitly shared hygiene files.
- Select `apply` only on explicit request, after the current evidence shows a conflict-safe plan and no unmanaged target-local cleanup is being implied.
- Do not use this agent for source-side catalog governance, external-resource refreshes, or managed-scope redesign in this repository; recommend `local-sync-external-resources` or `internal-gateway-idea-brainstorming` as appropriate.
- Do not use this agent for one-resource agent or skill authoring; recommend `internal-agent-creator` or `internal-skill-creator` as appropriate.
Expand All @@ -38,7 +38,7 @@ Use this agent for route selection, mode selection, approval posture, and bounda
## Core Rules

- Treat this repository as the source of truth for the managed sync baseline.
- Keep root guidance layered: `AGENTS.md` is the bridge, `.github/copilot-instructions.md` is the compact Copilot routing bridge, `.github/instructions/copilot-code-review.instructions.md` owns global review behavior, and `.github/INVENTORY.md` is the live catalog.
- Keep root guidance layered: `AGENTS.md` is the agent policy entrypoint, `.github/copilot-instructions.md` is review-only for GitHub.com Copilot code review, and `.github/INVENTORY.md` is the live catalog.
- Keep target assumptions narrow and let the core skill own mirrored categories, exclusions, automation entrypoints, plan-file lifecycle, and validation sequence.
- When repository-root `LESSONS_LEARNED.md` is in scope, preserve or migrate target-authored lesson rows through the core skill workflow.
- When the source baseline includes approved imported-asset override registries or replay patches, mirror them as source-managed governance assets rather than creating target-local hidden forks.
Expand Down
93 changes: 62 additions & 31 deletions .github/copilot-instructions.md
Original file line number Diff line number Diff line change
@@ -1,31 +1,62 @@
# Copilot Bridge

Use `AGENTS.md` as the canonical repository bridge for policy, precedence,
ownership boundaries, and routing.

Apply only matching instruction files from `.github/instructions/`.

Select the smallest relevant skill from the prompt, target path, command
surface, validation signal, or repository evidence.

Load task-specific skills or references only when workflow depth is needed.

Do not edit imported upstream assets in place unless the need is strong,
explicit, and registered.

Do not hardcode secrets. Use least privilege and evidence-first validation.

When editing contracts, update validators/tests and run the closest available
checks.

Report completed work with outcome, changed files, validation results, and
remaining gaps.

Treat retained plans and `LESSONS_LEARNED.md` as non-canonical.

Keep retained-plan workflow details in dedicated retained-plan skills and lesson-codification owners.

Keep ledger row rules in their owned retained-learning files and skills.

Include detailed resource sections only when the user asks or a narrower
contract requires them.
# GitHub.com Copilot Code Review

This file is only for GitHub.com Copilot code review.

It is not a general task-execution guide, repository routing guide, planning
workflow, or local agent runtime contract.

## Review Objective

Review changed files for defects that matter before merge.

- Prioritize correctness, security, regressions, missing validation, and
maintainability.
- Prefer actionable findings over broad advice.
- Tie each finding to concrete changed-file evidence.
- Do not restate repository policy unless the diff creates a specific risk.

## Finding Priority

Use these buckets when reporting issues:

- `Critical`: data loss, credential exposure, remote code execution, production
outage, or a merge-blocking contract break.
- `Major`: correctness bugs, security weaknesses, broken validators, missing
required tests, or behavior regressions.
- `Minor`: maintainability, edge-case, resilience, or observability issues that
should be fixed before merge when practical.
- `Nit`: small clarity or style issues that are safe to ignore.
- `Notes`: useful context that is not a defect.

## Required Checks

- Check for hardcoded secrets, credentials, keys, tokens, and tenant-sensitive
values.
- Check least privilege, destructive behavior controls, unsafe execution paths,
and missing input validation.
- Check whether changed behavior has appropriate tests, fixtures, docs, or
validators.
- Check contract alignment for changed schemas, generated assets, sync behavior,
prompts, instructions, skills, scripts, and CI workflows.
- Check that fixes are scoped to the requested behavior and do not rewrite large
unaffected areas.

## Review Discipline

- Report findings first, ordered by severity.
- For each finding, include the file or changed area, impact, and a concrete fix
direction.
- Avoid speculative findings when the diff does not provide enough evidence.
- Avoid praise, summaries, or style-only comments unless they reveal a real
maintenance risk.
- Escalate repeated instances of the same defect pattern when the repetition
increases risk.

## Non-Scope

- Do not provide implementation plans unless the review finding needs fix
guidance.
- Do not ask the author to follow local runtime workflows that GitHub.com cannot
execute.
- Do not treat this file as instructions for coding agents, local CLIs, or
non-review Copilot chat behavior.
6 changes: 4 additions & 2 deletions .github/instructions/internal-python.instructions.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,10 @@ This file is optimized for Copilot code review and should produce only evidenced
- Do not flag stable domain invariants merely because they are constants near domain code.
- Verify type hints and public interfaces stay consistent with call sites.
- Flag manual formatting churn that fights the repository formatter; when Ruff is configured, prefer `ruff format` and Ruff diagnostics over subjective style edits.
- Report dependency usage that is unpinned or unnecessary for the change.
- Report dependency usage that is unpinned, unnecessary for the change, or unjustified for the data volume and import or install cost.
- Flag vendored libraries, wheelhouses, copied site-packages, or fallback dependency mirrors.
- Flag new external dependencies that are missing hash-locked pins in the owning requirements file.
- When behavior changes, verify docs and output contracts stay aligned: filenames, produced artifacts, columns, and other user-visible output details must match reality.
- Check tests for deterministic coverage of changed behavior.
- Flag logging or exception messages that may leak sensitive values.
- Flag test setup that bypasses the repository's shared runner, pytest rootdir or testpaths contract, or declared interpreter or virtualenv setup without a reproducibility reason.
- Flag logging or exception messages that may leak sensitive values, raw request or response bodies, or secrets.
18 changes: 9 additions & 9 deletions .github/scripts/audit_copilot_catalog.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
from pathlib import Path

from lib.catalog_checks import run_consistency_checks
from lib.shared import Finding, find_repo_root, log_info, render_json
from lib.cli_runner import has_severity, run_finding_cli
from lib.shared import Finding, find_repo_root, log_info


def parse_args() -> argparse.Namespace:
Expand All @@ -26,14 +27,13 @@ def parse_args() -> argparse.Namespace:
def main() -> int:
args = parse_args()
root = find_repo_root(Path(args.root))
findings = run_consistency_checks(root, include_token_risks=True)
if args.format == "json":
print(render_json([finding.to_dict() for finding in findings]))
elif args.format == "compact":
print(render_json(build_compact_payload(findings)))
else:
render_text(findings)
return 1 if any(finding.severity == "blocking" for finding in findings) else 0
findings = run_finding_cli(
detect_fn=lambda: run_consistency_checks(root, include_token_risks=True),
format_name=args.format,
render_text=render_text,
compact_builder=build_compact_payload,
)
return 1 if has_severity(findings, "blocking") else 0


def render_text(findings: list[Finding]) -> None:
Expand Down
9 changes: 8 additions & 1 deletion .github/scripts/build_inventory.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,14 @@
from pathlib import Path

from lib.inventory import build_inventory_markdown, write_inventory
from lib.shared import INVENTORY_PATH, find_repo_root, log_error, log_info, log_success, read_text
from lib.shared import (
INVENTORY_PATH,
find_repo_root,
log_error,
log_info,
log_success,
read_text,
)


def parse_args() -> argparse.Namespace:
Expand Down
27 changes: 17 additions & 10 deletions .github/scripts/check_catalog_consistency.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,14 @@
from pathlib import Path

from lib.catalog_checks import run_consistency_checks
from lib.shared import Finding, find_repo_root, log_error, log_success, log_warn, render_json
from lib.cli_runner import run_finding_cli, should_fail
from lib.shared import (
Finding,
find_repo_root,
log_error,
log_success,
log_warn,
)


def parse_args() -> argparse.Namespace:
Expand All @@ -28,16 +35,16 @@ def parse_args() -> argparse.Namespace:
def main() -> int:
args = parse_args()
root = find_repo_root(Path(args.root))
findings = run_consistency_checks(root, include_token_risks=args.include_token_risks)
if args.format == "json":
print(render_json([finding.to_dict() for finding in findings]))
elif args.format == "compact":
print(render_json(build_compact_payload(findings)))
else:
render_text(findings)
findings = run_finding_cli(
detect_fn=lambda: run_consistency_checks(
root, include_token_risks=args.include_token_risks
),
format_name=args.format,
render_text=render_text,
compact_builder=build_compact_payload,
)

has_blocking = any(finding.severity == "blocking" for finding in findings)
if has_blocking or (args.strict and findings):
if should_fail(findings, strict=args.strict):
return 1
if not findings:
log_success("No consistency findings detected.")
Expand Down
15 changes: 8 additions & 7 deletions .github/scripts/detect_token_risks.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
import argparse
from pathlib import Path

from lib.shared import Finding, find_repo_root, log_warn, render_json
from lib.cli_runner import run_finding_cli, should_fail
from lib.shared import Finding, find_repo_root, log_warn
from lib.token_risks import detect_token_risks


Expand All @@ -26,12 +27,12 @@ def parse_args() -> argparse.Namespace:
def main() -> int:
args = parse_args()
root = find_repo_root(Path(args.root))
findings = detect_token_risks(root)
if args.format == "json":
print(render_json([finding.to_dict() for finding in findings]))
else:
render_text(findings)
return 1 if args.strict and findings else 0
findings = run_finding_cli(
detect_fn=lambda: detect_token_risks(root),
format_name=args.format,
render_text=render_text,
)
return 1 if should_fail(findings, strict=args.strict, blocking_severity=None) else 0


def render_text(findings: list[Finding]) -> None:
Expand Down
9 changes: 8 additions & 1 deletion .github/scripts/github_catalog_validation.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,14 @@
import subprocess
from pathlib import Path

from lib.shared import find_repo_root, log_error, log_info, log_success, log_warn, render_json
from lib.shared import (
find_repo_root,
log_error,
log_info,
log_success,
log_warn,
render_json,
)


def parse_args() -> argparse.Namespace:
Expand Down
30 changes: 22 additions & 8 deletions .github/scripts/lib/catalog_checks.py
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
from __future__ import annotations

from collections import defaultdict
import re
from collections import defaultdict
from pathlib import Path

import yaml

from .inventory import collect_inventory_sections, parse_inventory_markdown
from .shared import (
INVENTORY_PATH,
IGNORED_SYNC_FILENAMES,
IGNORED_SYNC_PARTS,
IMPORTED_ASSET_OVERRIDES_PATH,
INVENTORY_PATH,
LEGACY_AGENT_TOOL_IDS,
SUPERPOWERS_NORMALIZATION_PATH,
Finding,
finding_sort_key,
IGNORED_SYNC_FILENAMES,
IGNORED_SYNC_PARTS,
is_imported_asset,
iter_markdown_assets,
load_frontmatter,
Expand Down Expand Up @@ -214,14 +214,28 @@ def check_bridge_references(root: Path) -> list[Finding]:
)
if copilot_path.exists():
copilot_text = read_text(copilot_path)
if "AGENTS.md" not in copilot_text:
if "This file is only for GitHub.com Copilot code review." not in copilot_text:
findings.append(
Finding(
severity="blocking",
code="copilot-instructions-missing-review-scope",
path=".github/copilot-instructions.md",
message=".github/copilot-instructions.md must explicitly declare GitHub.com code-review-only scope.",
suggestion="Restore the review-only scope line in .github/copilot-instructions.md.",
)
)

if (
"Do not treat this file as instructions for coding agents, local CLIs, or"
not in copilot_text
):
findings.append(
Finding(
severity="blocking",
code="copilot-instructions-missing-agents-reference",
code="copilot-instructions-missing-runtime-boundary",
path=".github/copilot-instructions.md",
message=".github/copilot-instructions.md no longer references AGENTS.md as the strategic bridge.",
suggestion="Restore the AGENTS.md reference to keep cross-surface precedence explicit.",
message=".github/copilot-instructions.md must keep the non-runtime boundary explicit.",
suggestion="Restore the non-runtime boundary line under the non-scope section.",
)
)
return findings
Expand Down
Loading