feat: add governance-audit hook — threat detection for Copilot sessions

Add real-time governance audit hook that scans prompts for threat signals: - 5 threat categories: data exfiltration, privilege escalation, system destruction, prompt injection, credential exposure - 4 governance levels: open, standard, strict, locked - Append-only JSON audit trail (logs/copilot/governance/audit.log) - Session summary with threat counts at session end - Privacy-aware: logs decisions and metadata, never prompt content Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-02-23 11:55:12 +00:00 · 2026-02-18 13:29:41 -08:00
parent 8480453512
commit 4a4b9343d5
6 changed files with 330 additions and 0 deletions
--- a/hooks/governance-audit/hooks.json
+++ b/hooks/governance-audit/hooks.json
@@ -0,0 +1,33 @@
+{
+  "version": 1,
+  "hooks": {
+    "sessionStart": [
+      {
+        "type": "command",
+        "bash": ".github/hooks/governance-audit/audit-session-start.sh",
+        "cwd": ".",
+        "timeoutSec": 5
+      }
+    ],
+    "sessionEnd": [
+      {
+        "type": "command",
+        "bash": ".github/hooks/governance-audit/audit-session-end.sh",
+        "cwd": ".",
+        "timeoutSec": 5
+      }
+    ],
+    "userPromptSubmitted": [
+      {
+        "type": "command",
+        "bash": ".github/hooks/governance-audit/audit-prompt.sh",
+        "cwd": ".",
+        "env": {
+          "GOVERNANCE_LEVEL": "standard",
+          "BLOCK_ON_THREAT": "false"
+        },
+        "timeoutSec": 10
+      }
+    ]
+  }
+}