* fix: reset bot review when PR base is changed off main
The check-pr-target workflow only ran on 'opened' events targeting main,
so it never re-ran after a submitter edited the base branch to 'staged'.
The REQUEST_CHANGES review was left in place, blocking merge and requiring
a manual maintainer override.
Changes:
- Broaden trigger to also fire on edited, reopened, and synchronize events,
and add 'staged' to the branches filter so the workflow runs after a
base-branch edit.
- Before posting REQUEST_CHANGES, check whether the bot already has an
active CHANGES_REQUESTED review to avoid duplicate reviews.
- After a base-branch edit: if the PR no longer targets main and the bot's
latest review state is CHANGES_REQUESTED, post an APPROVE review to
clear the block automatically.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: rerun PR target check for any base branch
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
* Add workflow run link to external plugin intake comments
- Include a link to the GitHub Actions workflow run in intake comment
- Helps users trace which action run generated the intake report
- Works for both initial intake and re-run intake flows
- Link appears at bottom of comment for all intake states (passed/failed/quality gates)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review feedback on intake comment formatting
- Remove leading spaces from runLink construction to preserve markdown formatting
- Remove unnecessary newline prefix before runLink in quality gates section
- Move workflow run link to the very end of all comment types (after warnings)
- For merged intake comments, append link as final element
- Remove unused runId parameter from applyExternalPluginIntakeEvaluation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Run contributor checks from AGT scripts
Fetch the pinned AGT contributor check scripts directly and execute them with Python so the workflow no longer depends on missing console entrypoints from the published package.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Log contributor check JSON outputs
Dump the raw AGT JSON outputs and stderr logs in the contributor check workflow to make future debugging easier.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Normalize AGT risk extraction in the contributor check workflow so missing per-check values do not render as blank or inflate the overall risk.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add automated contributor reputation screening on PR/issue open events
using AGT's pip-installable CLI tools. Detects coordinated inauthentic
contribution patterns (credential laundering, spray-and-pray).
- Installs via pip (pinned to agent-governance-toolkit==3.3.0)
- Uses jq for JSON parsing
- Fails closed: UNKNOWN risk maps to MEDIUM
- Posts risk summary comment on MEDIUM/HIGH with link to workflow run
- Adds needs-review label for maintainer attention
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Updating the workflow to publish to the new marketplace branch
Using env vars for the branch names so that we can easily update without inlining everything as we progress through
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* removing old scripts
* consolidated folder
* Updating usage of scripts
* Adding script to generate an open PR report, rather than making AI gen it each time
* Adding step to close old quality report discussions
* Fix the nightly report summaries
* Fix workflow trigger
* Fix advisory regex to handle optional variation selector
Match ℹ with or without the trailing U+FE0F variation selector so advisory counts are reliable regardless of output encoding.
When the full report exceeds GitHub's 65K body limit, the summary
table stays in the discussion/issue body and the verbose skill/agent
output is posted as follow-up comments (split into chunks if needed).
This ensures no output is lost.
* Initial pass at bringing a website experience to copilot cli for beginners
* dropped the number from the heading
* Adding codeowner
* agentic workflow to keep the docs in sync
* Making it more aligned with the source material
* Removing the badges and TOC since we get some of that from astro
* updating the agentic workflow
* Adding learning hub to llms.txt
* Removing nav that comes from the source markdown files
* Fixing model names
* handling arrays of models for agent frontmatter
* Cleaning up some warnings on website build
* adding a workflow to run and perform CI of the website
* Initial plan
* feat: add PR duplicate check agentic workflow
Adds a new GitHub Agentic Workflow that triggers on pull_request
events (opened, synchronize, reopened) to detect potential duplicate
agents, instructions, skills, and workflows being contributed via PR.
When relevant files are changed, the agent compares them against
existing resources and posts a comment on the PR listing any potential
duplicates with context and a suggestion. If no relevant files are
changed or no duplicates are found, it calls noop.
- .github/workflows/pr-duplicate-check.md: source workflow (gh-aw format)
- .github/workflows/pr-duplicate-check.lock.yml: compiled workflow
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
Scoped custom token only to create-pull-request safe output.
All other operations use default token fallback chains.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Without explicit github-token, the compiler generates a proper
fallback chain (GH_AW_GITHUB_TOKEN || GITHUB_TOKEN) ensuring
a valid token is always available for git push operations.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Aaron Powell
Copilot
Imran Siddique
Sertxito
Jan Krivanek
Renee Noble
Satya K
Simon Kurtz