* Refresh 6 stale instruction files flagged in #2133
Targeted refresh:
- blazor: C# 13 to C# 14. Drop the Visual Studio Enterprise mandate so contributors on VS Code or Rider aren't blocked by a paid SKU. Swap VS-only profiling for dotnet-trace and dotnet-counters.
- copilot-thought-logging: narrow applyTo from '**' to '**/Copilot-Processing.md'. Replace 9 Windows backslash paths with POSIX './Copilot-Processing.md' so the workflow works on macOS and Linux.
- genaiscript: drop the "avoid exception handlers or error checking" line. Replace it with: handle errors at I/O and external API boundaries, let unexpected exceptions surface.
- memory-bank: add the required 'description' frontmatter field (was a validation failure). Narrow applyTo from '**' to 'memory-bank/**'. Add an opt-in note so contributors know auxiliary files land in the workspace root.
Minor modernization:
- azure-functions-typescript: Node.js v20 to v22 LTS.
- localization: relative '../../issues' disclaimer link to absolute https://github.com/github/awesome-copilot/issues so it resolves regardless of the localized doc's path.
docs/README.instructions.md regenerated by 'npm run build' to pick up the new memory-bank description.
* revert applyTo narrow on copilot-thought-logging (#2133 review)
aaronpowell flagged that narrowing applyTo from '**' to
'**/Copilot-Processing.md' inverts the instruction. The instruction
tells Copilot to CREATE Copilot-Processing.md when handling any user
request, so it must apply globally, not only when that file is
already open.
Restore applyTo to '**'. Keep the POSIX path fixes (backslash to
'./Copilot-Processing.md') and the other 5 file fixes in this PR
unchanged.
---------
Co-authored-by: Aaron Powell <me@aaron-powell.com>
* Add Site Studio canvas extension
Site Studio is a canvas extension for planning, drafting, and tracking a
personal website section by section. It gives you and your agent a shared
dashboard with a status board, an autosaving content editor (with AI-draft
and [Sample: ...] placeholders), and a live feed of every change and milestone.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address Copilot review feedback
Robustness, prototype-pollution safety, and accessibility fixes from the
Copilot code review on #2117:
- Add "ai_request" to VALID_CHANGE_TYPES so log_change accepts the change
type the server itself emits (e.g. /api/request-generation).
- Bound the git branch lookup with timeout + maxBuffer so a hung git can't
block the extension process and canvas UI.
- Serialize state persistence via a promise queue and snapshot state
synchronously, so concurrent mutations can't clobber newer state on disk.
- Enforce a maximum request body size in readBodyJson to avoid unbounded
memory use on the loopback server.
- Guard the /events handler against a missing/closed instance instead of
throwing when servers.get(instanceId) is undefined.
- Reject unsafe field names (__proto__, prototype, constructor) in
upsertSectionContent and use an own-property check in deleteSectionContent
to prevent prototype pollution.
- Make the "Generate with AI" info tooltip reachable by keyboard and screen
readers (focusable, labelled) instead of mouse-hover only.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: ayangupt <ayangupt@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs: update Learning Hub with CLI v1.0.64-1.0.65 features
Add five missing features from the past week's CLI releases:
- HTTP(S) proxy user setting (v1.0.64)
- /every command and /loop alias for in-session scheduled prompts (v1.0.64)
- Inline image rendering in the terminal (v1.0.64)
- Autopilot auto-handles elicitation/permission prompts (v1.0.64)
- Shell command history accessible in normal mode via up/down and Ctrl+R (v1.0.65)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs: consolidate /every, /loop, /after docs and remove duplicate section
- Merge the duplicate /every+/loop section (added at line 640) into the
existing first-occurrence at line 521
- Add /after command documentation (from PR #2148 suggestion)
- Add example of /every invoking slash commands (/every 1d /chronicle standup)
- Add Ctrl+C as alternative to /every stop
- Add Experimental callout for /every, /loop, and /after
- Update lastUpdated to 2026-06-29
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
Retarget instructions/astro.instructions.md to Astro 7 and
instructions/svelte.instructions.md to Svelte 5 / SvelteKit 2, fix
outdated APIs, add current stable feature guidance, and trim non-code
(setup, deployment, testing-workflow, recap) content so each file
focuses solely on code structure and best practices.
Regenerated docs/README.instructions.md via npm start.
Co-authored-by: GeekTrainer <GeekTrainer@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The `name` frontmatter was `AWS CloudWatch Investigation`, which violated the Agent Skills spec and failed `npm run skill:validate` on main: name must be lowercase letters, numbers, and hyphens and must match the folder name (`aws-cloudwatch-investigation`). Correct the name and regenerate docs/README.skills.md so the validator passes (365/365) and the skills table renders consistently with every other entry.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- creating-effective-skills: add 'copilot skill' CLI subcommand for
listing, adding, and removing skills (v1.0.65); add '/skill' alias
- automating-with-hooks: document userPromptSubmitted additionalContext
injection into model-facing prompt (v1.0.65); update hook events table
- copilot-configuration-basics: add opt-in CI check status bar indicator
for current branch (v1.0.65)
- building-custom-agents: add note that /security-review is now available
to all users without --experimental (v1.0.64)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Show "by @handle" on each canvas extension card and in the details
modal, linking to the contributor's GitHub profile. Author metadata
lives in each extension's canvas.json (and external.json for external
extensions), where the rest of the canvas metadata is stored.
- Store author {name, url} in canvas.json / external.json
- Read author from canvas.json in the website data generator and emit
it to extensions.json
- Render the GitHub @handle, derived from the profile URL, as the link
text, with the contributor's name as the link title
- Escape the sanitized author URL before interpolating it into href
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Now that main is the contributor branch and staged is retired,
no new PRs will target staged. The check-pr-target guard is
no longer needed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Load open issues from the current repository instead of hardcoded SignalBox data, preserve board metadata across refreshes, and expose filter state through canvas actions/API.
Update the canvas UI and metadata to Repository Issues Kanban, add multi-label OR filtering controls, and surface repo detection/fetch errors in the board.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Prototype extension details modal
- Add detail popup modal for extension cards with full metadata and gallery
- Implement image gallery with thumbnail strip and main image selection
- Add modal styling and positioning in global.css
- Connect card click handlers to open modal with extension data
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix accessibility issues with modal focus restoration
- Add missing listing-cards-page class to agents.astro page root
- Pass focusable button element to openCardDetailsModal instead of article
- Fixes focus restoration for keyboard users when closing modal
- Applied fix across all listing pages (agents, instructions, hooks, plugins, skills, workflows)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address remaining PR review feedback
- Fix extension modal ARIA state by setting aria-current to "true" and removing it when inactive
- Use focusable .resource-preview as modal trigger for extension thumbnail/click/keyboard paths
- Extract shared multi-select helpers into pages/select-utils.ts and reuse across instructions/hooks/plugins/workflows
- Remove unused card-model.ts to avoid dead/overlapping type definitions
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sanitize URL input before embedding it in Copilot handoff prompts in both bash and PowerShell hook scripts to prevent command/prompt injection from untrusted link text.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add technical job search instructions for CV tailoring, cover letters, and offer evaluation
* chore: regenerate README.instructions.md after adding job search instructions
* refactor: convert technical-job-search from instruction to skill
Per reviewer feedback, instructions load on every turn and waste tokens
for content that is only useful during active job search sessions. A skill
is opted into explicitly, making this a better fit.
- Remove instructions/technical-job-search.instructions.md
- Add skills/technical-job-search/SKILL.md with equivalent content
- Update docs/README.instructions.md and docs/README.skills.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: regenerate README.skills.md
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* new hook fix-broken-links
* codespell: add ans for variable short for answer
* update: scripts hand off alternative url to copilot cmd
* codespell: add ext. arcade-canvas/game/phaser.min.js
* Apply suggestions from code review
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* update: rm em-dash from hook scripts
---------
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
The workflow was using the pull_request trigger which restricts
GITHUB_TOKEN to read-only for fork PRs, causing the sync-pr-state
job to fail with 403 when trying to add labels.
Switching to pull_request_target runs the workflow in the base
repo context so declared permissions (issues: write, pull-requests:
write) are honoured for cross-repository PRs.
The workflow is safe to use pull_request_target because:
- detect-changed-plugins reads files via the GitHub API only (no checkout)
- run-quality-gates checks out the trusted staged branch, not the PR head
- sync-pr-state also checks out the staged branch
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Load PRs from the active workspace repo instead of the extension directory, surface PR load errors in the canvas UI, and add MediaPipe CDN fallbacks for better runtime reliability.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add automations learning hub guide and integrate into docs
- Create new learning hub article: "Using Automations in the GitHub Copilot app"
- Covers practical approach to getting started with automations
- Includes templates, work-surface audit technique, and real examples
- Features the in-app "Awesome Copilot daily PR summary" automation as concrete reference
- Integrates Ashley's Slack guidance on iterative refinement and discovery
- Link from main Learning Hub index and GitHub Copilot app article
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* docs: add canvas extensions learning hub guide
Add a new Learning Hub page for creating and iterating canvas extensions with /create-canvas, including examples and best practices for storage scope and joinSession/createCanvas handlers.
Wire the article into Fundamentals navigation and related Learning Hub pages, and add stable extension card anchors so docs can deep-link to specific entries in the Canvas Extensions listing.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Add keyword display to extension cards on website
- Add .resource-keywords and .keyword-tag CSS styles for rendering keyword badges
- Update renderExtensionsHtml() to display keywords below extension description
- Keywords now visible on the website extensions page with styled badges
- Regenerate website data to include keyword metadata
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Canvas manifest implementation for all extensions
Add per-extension canvas manifests with:
- Structured canvas metadata (name, description, version, keywords)
- Screenshot definitions (icon and gallery with path/type)
- Relative paths for images within each extension directory
Enhance extension metadata:
- Generate meaningful descriptions from source analysis
- Extract and assign keywords for discoverability
- Store metadata in package.json and extension source files
Update website rendering and data generation:
- Include keywords in extension cards and search index
- Add per-extension canvas.json files for independent evolution
- Support screenshot metadata in manifest structure
- Generate extensions.json with full canonical paths for website
All 9 local canvas extensions now have complete manifests with descriptions, keywords, and screenshot references.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Tweaking some descriptions
* Fix description priority to prefer package.json over in-source metadata
Reverse the priority in canvasDescription so that package.json descriptions
(which contain the enhanced, manually-curated descriptions) take precedence
over older in-source descriptions extracted from createCanvas(...) calls.
This prevents regression when npm run website:data regenerates outputs,
ensuring that committed canvas.json files maintain the current descriptions.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix canvas validation to skip external.json file
The validation script was treating extensions/external.json as if it were
a directory, causing false validation failures. Added check to skip files
(identified by presence of dot in filename) and only validate actual
canvas extension directories.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>