Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-02-23 20:05:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: address Copilot PR review comments on governance-audit hook

Browse Source 
- Switch from colon to tab delimiter to handle colons in evidence text
- Base64-encode evidence to prevent parsing issues
- Use MAX_SEVERITY in log output and JSON events
- Narrow regex patterns to reduce false positives:
  - third[_-]?party instead of third.?party
  - Role reassignment scoped to AI terms
  - System prompt injection requires 'you are' context
- Fix session-end stats to scope to current session only
- Update privacy statement to clarify evidence snippets are logged
- Rename credential description to 'Possible hardcoded credential'
- Fix database destruction regex to also match semicolons

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Imran Siddique
2026-02-18 14:49:17 -08:00
parent 4a4b9343d5
commit 32d8f7f622
3 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hooks/governance-audit/README.md
View File

@@ -93,7 +93,7 @@ Events are written to `logs/copilot/governance/audit.log` in JSON Lines format:
## Privacy & Security
- Prompts are **never** logged — only threat signals and metadata are recorded
- Full prompts are **never** logged — only matched threat patterns (minimal evidence snippets) and metadata are recorded
- Add `logs/` to `.gitignore` to keep audit data local
- Set `SKIP_GOVERNANCE_AUDIT=true` to disable entirely
- All data stays local — no external network calls