* Run contributor checks from AGT scripts
Fetch the pinned AGT contributor check scripts directly and execute them with Python so the workflow no longer depends on missing console entrypoints from the published package.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Log contributor check JSON outputs
Dump the raw AGT JSON outputs and stderr logs in the contributor check workflow to make future debugging easier.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Normalize AGT risk extraction in the contributor check workflow so missing per-check values do not render as blank or inflate the overall risk.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add automated contributor reputation screening on PR/issue open events
using AGT's pip-installable CLI tools. Detects coordinated inauthentic
contribution patterns (credential laundering, spray-and-pray).
- Installs via pip (pinned to agent-governance-toolkit==3.3.0)
- Uses jq for JSON parsing
- Fails closed: UNKNOWN risk maps to MEDIUM
- Posts risk summary comment on MEDIUM/HIGH with link to workflow run
- Adds needs-review label for maintainer attention
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Aaron Powell
Imran Siddique