Commit Graph

1926 Commits

Author SHA1 Message Date
James Montemagno 49e83892cb Add Work Hub canvas extension (#2238)
* Add Work Hub canvas extension

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Address Work Hub review feedback

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-08 12:05:10 +10:00
James Montemagno 314cf968ab Add Repo Actions Hub canvas extension (#2237)
* Add repo actions hub extension

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Fix repo actions hub review feedback

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-08 12:04:09 +10:00
jennyf19 2b777b3933 Update Ember agent to claude-opus-4.7 (#2236)
Bump default model to latest Claude Opus release.

Co-authored-by: Jenny Ferries <jennyf19@users.noreply.github.com>
2026-07-08 12:02:07 +10:00
David Gilbert 58024e5bde Update Datadog plugin repository to datadog-labs/copilot-plugin (#2231)
Datadog renamed their repo from vscode-plugin to copilot-plugin.
2026-07-08 11:55:16 +10:00
James Montemagno 34f0e35050 Fix duplicate PR check role gating (#2241)
Remove the read-only role override from the PR duplicate check so gh-aw pre-activation gates unsupported actors before the PR checkout step runs.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-08 11:23:01 +10:00
James Montemagno cb2a6022d7 Fix installed canvas repo scope follow-up (#2230)
* Address canvas review feedback

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Optimize arcade sprite sheet

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Shrink arcade extension package files

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Address backlog canvas API review

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Compress arcade defender sounds

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-07 13:45:13 +10:00
github-actions[bot] 1f92908fa8 learning-hub: update docs for v1.0.67–v1.0.69 CLI releases (#2229)
- Add /mcp list command (shows attached servers mid-turn) to understanding-mcp-servers
- Add stayInAutopilot setting to CLI settings table in copilot-configuration-basics
- Add auto allow-all mode (LLM judge-based approval) to copilot-configuration-basics
- Add kimi-k2.7-code model to the model selection table in building-custom-agents
- Update lastUpdated dates on all three modified pages

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-07 12:06:15 +10:00
David Pine d61dfdcddc fix(website): remediate WCAG accessibility issues and add axe regression guardrail (#2180)
* fix(website): remediate WCAG accessibility issues and add axe regression guardrail

Fixes accessibility violations found by an axe-core sweep of every website
page in both light and dark themes:

- aria-allowed-role (WCAG 1.3.1, 4.1.2): the shared resource card rendered
  an <article> with role="listitem", which is not an allowed role for that
  element. Switched the wrapper to a <div role="listitem"> so the listitem
  role is valid (affected every card, e.g. #arcade-canvas on /extensions/).
- aria-required-children (WCAG 1.3.1): removed role="list" from the tools,
  contributors, and cookbook containers whose children are not list items.
- nested-interactive (WCAG 4.1.2): removed tabIndex=0 from extension cards
  and rendered the author as a non-interactive span so no interactive
  control is nested inside another (the author link remains in the modal).
- color-contrast (WCAG 1.4.3): gave .btn-primary explicit white text with an
  AA-compliant hover (#7326d6), and bumped the dark-theme secondary text gray
  (--sl-color-gray-3) to #84849c (5.32:1) so ToC / meta / footer text passes.

Adds a checked-in regression guardrail:

- website/scripts/a11y-audit.mjs runs axe-core over all routes in both themes
  against the production build and fails on critical/serious violations only
  (moderate/minor are reported but non-blocking). Transitions/animations are
  disabled before sampling so axe measures settled, steady-state colors
  instead of mid-theme-transition frames.
- Adds npm scripts (website:a11y at the root, a11y in website/) and README
  docs. The matching Build Website CI step is proposed in the PR description
  (omitted from this commit because the authoring token lacks workflow scope).

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* fix(website): harden a11y audit per PR review

- Fail fast when a route navigation returns a non-2xx response, so the
  guardrail can't silently pass against a broken/missing route (page.goto
  resolves even for 4xx/5xx).
- Launch the Astro preview server via `node <astro-bin>` instead of
  `spawn(..., { shell: true })`. Removing the shell layer keeps signal
  delivery / detached-PGID shutdown predictable; resolving Astro's bin and
  running it with process.execPath also avoids the EINVAL that modern Node
  raises when spawning the npx.cmd shim without a shell on Windows.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: David Pine <7679720+IEvangelist@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-07 11:11:17 +10:00
github-actions[bot] 96f3275a66 sync: update cli-for-beginners ch03 and ch05 from upstream (#2203)
Chapter 03 (Development Workflows):
- Add /branch and /fork session-branching section to Workflow 5
- Update /diff description to note it works in non-git folders
- Update Workflow 5 summary to include /branch

Chapter 05 (Skills):
- Add argument-hint SKILL.md frontmatter property to properties table
- Expand Managing Skills section with copilot skill terminal command (Option 1)
- Document /skill as shortcut alias for /skills (Option 2)
- Update Key Takeaways to reflect argument-hint and copilot skill

Synced from upstream commits:
- db287eefea68 (docs: add copilot skill CLI command, /branch alias)
- aec96cfd6175 (Update README for clarity on branching commands)
- 296db3e76acf (Rephrase skills management instructions for clarity)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-07 11:10:43 +10:00
David Gilbert 2ac83c7a46 Update Datadog plugin to v0.7.21 (#2193)
* Update Datadog plugin to v0.7.21

* Update Datadog plugin to v0.7.21

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-07 10:56:40 +10:00
James Montemagno e370b97107 Fix canvas repo detection and shrink oversized preview images (#2227)
Canvas extensions (accessibility-kanban, where-was-i) resolved git state
against the extension's install directory or the session-state folder
instead of the repo the session was opened in. This broke repo/branch
detection for user-scoped installs and worktrees ("unknown/unknown",
"detached HEAD"). Both now read the active session's working directory
from the canvas request context on open and on each action, so they
follow whichever project/worktree opened them.

where-was-i also re-gathers context on open when the saved branch is
blank, so it never opens stuck on stale data.

Also compress oversized extension preview images (pngquant, with a mild
resize for the photographic arcade-canvas art) so every preview.png is
comfortably under the installer's inline-byte cap that was blocking
release-notes-showcase from installing.

Update release-notes-showcase author to Kayla Cinnamon.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-07 10:54:51 +10:00
Ari LiVigni ContinuousG33k 969d814f7e Update gh-skills-builder to v1.0.3 (#2228)
* chore: update gh-skills-builder to v1.0.2

Co-authored-by: arilivigni <4140343+arilivigni@users.noreply.github.com>

* Update gh-skills-builder to v1.0.3 with new commit sha

Co-authored-by: arilivigni <4140343+arilivigni@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: arilivigni <4140343+arilivigni@users.noreply.github.com>
2026-07-07 10:52:57 +10:00
Aaron Powell e986f49695 Migrate extension metadata to plugin.json and enforce conventions (#2177)
* Remove pluginRoots property from marketplace.json

The pluginRoots property is not used by install tooling and was only
informational about the extension/plugin source directories. Removing it
simplifies the marketplace.json structure while maintaining all functionality.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Migrate java-modernization-studio to plugin.json and update validation workflow

- Create .github/plugin/plugin.json for java-modernization-studio extension
- Remove legacy canvas.json from java-modernization-studio
- Update validate-canvas-extensions.yml workflow to check for plugin.json instead of canvas.json
- Update workflow to trigger on .schemas/plugin.schema.json changes (instead of canvas.schema.json)
- Remove schema validation logic that relied on canvas.schema.json
- All 12 extensions now use plugin.json for metadata

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Add extensions field to all extension plugin.json files

Per https://github.com/github/copilot-agent-runtime/pull/9929, plugins that ship
extensions need to include an extensions field specifying where the extension code
is located. All 12 extensions now have extensions set to '.' to reference the
current directory where extension.mjs is located.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Enforce convention-based extension metadata and remove x-awesome-copilot

- Remove x-awesome-copilot.screenshots from all extension plugin.json files
- Enforce logo=assets/preview.png convention for all extensions
- Enforce extensions=. per copilot-agent-runtime#9929
- Update validate-plugins.mjs to enforce conventions
- Update validate-canvas-extensions.yml workflow with convention checks
- Update AGENTS.md and CONTRIBUTING.md documentation

All 12 extensions validated successfully.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Use standard plugin validation for extensions

Remove the custom extension schema and schema validation helper, and
validate extension plugin.json files through the existing plugin validator
instead. Update workflows to stop depending on the removed schema.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-03 12:24:38 +10:00
Finn Womack da3855ab20 add windows arm64 python gha wheel builder agent (#1940) 2026-07-03 10:32:53 +10:00
github-actions[bot] 071ddc82ec Add external plugin cockroachdb (#2187)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-03 10:11:26 +10:00
Jakub Jareš 4642e471ea Add pester-should-migration skill (experimental) (#2164)
* Add pester-should-migration skill (experimental)

Companion to the pester-migration skill. Focuses on the optional move from
the classic v5 `Should -Be` assertion syntax to the new v6 `Should-*`
assertions (e.g. `Should -Be` -> `Should-Be`). Includes a full
operator-by-operator mapping and the behavioral gotchas (negation as a
separate command, BeExactly -> Should-BeString -CaseSensitive, truthy/falsy
vs strict bool, BeNullOrEmpty split, collections, pipeline unwrapping).

Marked experimental/preview: verified against Pester 6.0.0-rc2; the new
Should-* assertions may still change before the 6.0 release.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Trim experimental status callout in pester-should-migration

Address review feedback: drop the time-based, human-oriented preview guidance (release-candidate timing, "as of mid-2026", release-notes link) from the status callout, keeping a lean experimental marker. The agent has no concept of time, so that prose is just extra tokens.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Awesome Copilot Community <awesome-copilot-community@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-07-03 10:10:37 +10:00
Copilot 3bd22bc0f4 Fix PR duplicate check not running on external contributor submissions (#2188)
* Initial plan

* Fix PR duplicate check not running on external contributor submissions

Add forks: [\"*\"] and roles: all to pr-duplicate-check.md so the
agentic workflow runs for all PR authors, including external contributors
submitting from forks. Previously, the generated lock.yml contained:
- A fork repository check blocking all fork PRs from running
- A team membership check (admin/maintainer/write) blocking external contributors

Recompiled with gh aw compile to regenerate pr-duplicate-check.lock.yml.
The pre_activation job (which held the membership gate) is now removed,
and the activation job runs unconditionally for all pull_request events.

Closes #2121

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fixing a bunch of warnings on all the agentic workflows

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-03 10:08:42 +10:00
Petr Pokorny 8c68eba690 dotnet-test: polyglot description and keywords, mirror 0.2.0 (#2178)
Reframe the external catalog entry to reflect the plugin's polyglot
test-generation pipeline (.NET/C#, Python, TypeScript/JavaScript, Java, Go,
Ruby, Rust, C++, Kotlin, Swift, PowerShell) and add polyglot keywords so
non-.NET developers can discover it. Mirrors the dotnet/skills 0.2.0 bump.

Edits the source (plugins/external.json) and regenerates the generated
.github/plugin/marketplace.json via npm run build. source stays unpinned
(tracks main), so no behavior change.
2026-07-02 12:01:04 +10:00
dependabot[bot] 893df3fb7a chore(deps-dev): bump lodash (#2176)
Bumps the npm_and_yarn group with 1 update in the / directory: [lodash](https://github.com/lodash/lodash).


Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-02 12:00:09 +10:00
github-actions[bot] f6fc97747f [bot] docs(learning-hub): update for Copilot CLI v1.0.65–v1.0.67 (#2185)
* docs(learning-hub): update with Copilot CLI v1.0.65–v1.0.67 changes

- Add Claude Sonnet 5 to model table in building-custom-agents.md (v1.0.67)
- Document --allow-all-mcp-server-instructions flag in understanding-mcp-servers.md (v1.0.66)
- Add @-style imports for instruction files in defining-custom-instructions.md (v1.0.66)
- Add sessionLimits setting to configuration table in copilot-configuration-basics.md (v1.0.66)
- Document subagent concurrency and depth limits in agents-and-subagents.md (v1.0.66)

Sources:
- https://github.com/github/copilot-cli/releases/tag/v1.0.67 (2026-06-30)
- https://github.com/github/copilot-cli/releases/tag/v1.0.66 (2026-06-30)
- https://github.com/github/copilot-cli/releases/tag/v1.0.65 (2026-06-24)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update website/src/content/docs/learning-hub/building-custom-agents.md

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-07-02 11:55:52 +10:00
James Montemagno 3169734bc2 Add Token Pac-Man canvas extension (#2175)
* Add Token Pac-Man canvas extension

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Address Token Pac-Man review feedback

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-02 10:51:57 +10:00
Ari LiVigni ContinuousG33k 388e0ed368 chore: update gh-skills-builder to v1.0.2 (#2183)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: arilivigni <4140343+arilivigni@users.noreply.github.com>
2026-07-02 10:30:26 +10:00
Jakub Jareš fb0fae173f Add pester-migration skill (experimental) (#2163)
* Add pester-migration skill

A self-contained, experimental skill that helps upgrade PowerShell Pester
test suites across major versions (v3->v4, v4->v5, v5->v6). One router
SKILL.md plus per-jump references. The v5->v6 guidance tracks Pester 6,
which is still a release candidate.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Regenerate skills index for pester-migration

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address review feedback on pester-migration skill

- Pin the stable-v5 install to -MaximumVersion 5.99.99 so it keeps
  installing v5 after Pester 6 goes GA (SKILL.md).
- Make the baseline run command version-agnostic (bare Invoke-Pester)
  and note that parameters differ across majors (SKILL.md).
- Replace the '->' mapping arrows inside powershell fences with
  comment + valid replacement lines so snippets are copy/paste-safe
  (SKILL.md v5->v6 cheat sheet, v5-to-v6.md, and v3-to-v4.md).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address review: scope -SkipPublisherCheck, trim status callout, order references

- Drop -SkipPublisherCheck from the default install commands; scope it to
  Windows PowerShell 5.1 (installing over the OS's Microsoft-signed built-in
  Pester 3) per pester.dev install docs, instead of an unconditional default.
- Trim the experimental status callout: keep the preview marker, drop the
  date-based, human-oriented wording.
- Reorder the References table into version progression order (v3->v4, v4->v5,
  v5->v6).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: nohwnd <jakub@jares.cz>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-07-02 10:29:37 +10:00
github-actions[bot] a4aebcd4bd docs(learning-hub): add /pr auto, /pr automerge, and /chronicle skills review (#2168)
Document three new CLI commands from Copilot CLI v1.0.66 (2026-06-30):

- /pr auto: self-paced loop that fixes one failing item per run and
  paces around CI to drive a PR to green
- /pr automerge: extends /pr auto to continue until the PR is fully
  merged (CI passes, reviews approved, PR merged)
- /chronicle skills review: interactive review flow for agent-proposed
  draft skill changes (accept, reject, or defer each draft)

Changes:
- copilot-configuration-basics.md: add /pr auto + /pr automerge section
  in CLI Session Commands, extend /chronicle section with skills review
  subcommand
- creating-effective-skills.md: add Q&A entry for /chronicle skills review
  in the Common Questions section

Sources:
- https://github.com/github/copilot-cli/commit/c802cc3f06ffd2a57968cf8efabd3d550650ac5e
  (changelog for v1.0.66)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-07-01 12:07:28 +10:00
Ayan Gupta b7f2e084eb Add author attribution to Site Studio canvas (#2166)
Adds the author block to extensions/site-studio/canvas.json so the canvas
gallery shows attribution (by @ayangupt), matching other extensions.

Co-authored-by: Ayan Gupta <ayangupt@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-01 12:03:22 +10:00
Aaron Powell 235bdb1872 Fixing git sha's (#2170) 2026-07-01 11:25:14 +10:00
Ayan Gupta 65ba0b3922 Add Java Modernization Studio canvas extension (#2156)
* Add Java Modernization Studio canvas extension

A canvas extension that drives the GitHub Copilot App Modernization for Java workflow from an interactive dashboard: environment readiness checks, repo assessment, prioritized plan/progress, validation gates (CVE scan, test generation), and one-click predefined-task runs — all grounded in the repo's real artifacts (.appmod/assessment.json, plan.md, progress.md). Includes a node:test suite (109 tests) for the grounding logic.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>

* Secure cockpit loopback server with a per-instance token

Address Copilot review feedback on the Java Modernization Studio canvas:

- Mint a per-instance secret in createInstanceServer, embed it in the
  iframe URL, and validate it on every loopback request (/, /state,
  /events, /action). Other local processes can no longer read repo
  state or dispatch agent actions just by guessing the random port.
  Mirrors the existing diagram-viewer token pattern; the client echoes
  the token from its boot payload. The guard is a no-op when no token is
  set, so direct makeHandler unit tests are unaffected.
- Handle async request-handler rejections in createServer with a .catch
  that returns 500 and logs, instead of leaking an unhandled rejection
  that could destabilize the extension process.
- Tests: token guard 403s unauthenticated /, /state, /events and
  /action and allows valid-token requests; the end-to-end test asserts
  the tokenized URL and a tokenless 403.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix CI: add preview screenshot and clear codespell hits

Add the required assets/preview.png screenshot for the canvas-extension
validator, and resolve two codespell findings in the cockpit:
rename the planSim helper's `nd` variable to `notDone` and reword a
catalog comment to avoid the `invokable`/`invocable` flag.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Harden cockpit loopback server per Copilot review

Address the second-round Copilot review comments on the loopback server:

- broadcast(): drop an SSE client whose write() throws instead of keeping
  it in the Set, so a uncleanly-disconnected client can't cause repeated
  exceptions or leak dead entries on every subsequent broadcast.
- POST /action: treat a malformed JSON body or a missing/invalid "kind"
  as a 400 client error (with an application/json body) instead of a 200
  carrying { ok:false, error:"Unknown action: undefined" }.
- Handler catch: set Content-Type: application/json on the 500 error
  response so it is consistent with the other JSON routes.

Adds four tests covering dead-client eviction, the two 400 paths, and the
JSON-typed 500. Full suite: 115 passing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>

* Add canvas.json gallery metadata for Java Modernization Studio

Aaron requested a canvas.json so the awesome-copilot website/gallery can
list this extension. Generated via `npm run website:data`
(writePerExtensionCanvasManifests), which derives id/name/description/
version/keywords/screenshots from package.json + the createCanvas source +
assets, and carries the author through. Output committed verbatim so a CI
regeneration produces no diff.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>

* Add author tag to package.json

Declare the author in the package manifest (object form, matching the
author already carried in canvas.json so it includes the profile URL).
The published gallery sources author from canvas.json; this adds the
conventional npm author tag to package.json for completeness. Verified
`npm run website:data` still emits the author on the extensions record
and leaves canvas.json byte-identical.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>

---------

Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-01 11:10:53 +10:00
Gordon Lam d47a6c93b7 Add copilot-pr-autopilot skill (#1944)
* Add copilot-pr-autopilot skill

Skill that drives any GitHub pull request through repeated rounds of
Copilot Code Review until the agent has either resolved every thread
or explicitly escalated it to the human. Triggered via GraphQL (no
@copilot mention needed), triages every open thread with a fix /
decline / escalate rubric, replies and resolves each thread citing
the pushed SHA, then re-triggers until HEAD is reviewed with zero
threads awaiting the agent's reply.

Includes step scripts (01 request-review, 02 check-review-status,
03 list-open-threads, 08 reply-and-resolve, 10 cleanup-outdated),
shared library (_lib.ps1) with gh-CLI wrappers (Invoke-Gh,
Invoke-GhGraphQL, ConvertFrom-GhJson, Assert-GhReady), reply
templates, and reference docs for each step.

Repo-agnostic. Requires gh CLI on PATH and repo Triage/Write for
full autopilot; external PR authors get single-iteration mode with
manual re-trigger via the UI re-request button or a substantive
push.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address review: split per-step references + add recap-gate circuit breaker

- Fix #1: give steps 1/7/10 their own reference files
  (01-request-review.md, 07-commit-push.md, 10-cleanup.md); trim the
  inline bodies out of orchestration.md so it stays cross-cutting only.
- Fix #3: add a recurring round-cap & recap gate to 09-convergence.md —
  default STOP every 10th round, recap all prior rounds, detect drift
  (out-of-scope / over-engineering / wrong-direction / belongs-in-separate-PR)
  with CONTINUE / REVERT-AND-SHIP / HAND-OFF verdicts. Agent reasoning,
  no new script.
- Surface the gate from SKILL.md and orchestration.md; regenerate
  docs/README.skills.md. Markdown-only change; scripts unchanged.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs(copilot-pr-autopilot): surface recap gate in decision pseudo-code; clarify Copilot+human convergence and round definition

- Inject the round-cap recap gate into the '## Decision: loop back or exit'
  pseudo-code else-branch so an agent following the code block (not just the
  prose) runs the STOP-every-10th-round check before looping.
- Broaden the 'never terminal' paragraph: non-convergence is driven by a
  Copilot finding OR a human review comment (this skill handles both); the
  loop ends only when there are no new comments from either source AND every
  open thread (Copilot or human) has an agent reply/escalation.
- Define a 'round' explicitly as one execution of step 1 (01-request-review),
  i.e. one Copilot-review trigger — the cap counts review rounds, not tool
  calls or fix edits.

Markdown-only; no script changes.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* copilot-pr-autopilot: make recap-gate round count deterministic

Add 09-review-round.ps1: counts Copilot Code Review submissions straight
from the PR's API history (full GraphQL pagination), so the recap-gate
trigger is a derived number, not a fallible agent mental tally. This
removes the exact failure mode the skill exists to survive — a count
drifting across a long run (the real 156-round case).

The script reports Round + RecapDue (Round % RecapInterval == 0) only;
it never stops the loop or picks the verdict. CONTINUE / REVERT-AND-SHIP
/ HAND-OFF stays agent reasoning. 09-convergence.md updated to reference
the deterministic count while preserving 'no script stops the loop' and
'non-convergence = Copilot finding OR human comment'.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Regenerate docs/README.skills.md for copilot-pr-autopilot (add 09-review-round.ps1)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-01 11:09:58 +10:00
Aaron Powell 79cda6bb19 Add canvas schema validation to extension submission workflow (#2161)
* Add canvas schema and extension submission checks

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* fix: use namespace import for js-yaml

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

* Fix contributors page build markup

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

* Address PR feedback on canvas schema validation

- Add ajv-cli@5 as a pinned devDependency; install via npm ci in CI instead of npx --yes
- Fix screenshot path regex to prevent .. traversal segments
- Validate canvas.schema.json is parseable JSON even on schema-only PRs

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Harden canvas extension workflow against injection attacks

Switch from newline to null-terminated git diff output (git diff -z) so filenames
containing newlines are read atomically, matching the existing skill-check.yml pattern.

Add an allowlist regex guard on the extracted extension directory name immediately after
it is parsed from git diff output. Any name not matching ^[a-z0-9][a-z0-9-]*$ (e.g.
names containing dollar signs, parentheses, spaces, or other shell metacharacters) is
silently skipped before being used anywhere in the script.

Add a matching allowlist guard on each screenshot path extracted from canvas.json before
the file-existence check, so a crafted manifest cannot supply a path with shell
metacharacters or traversal segments even after the schema check passes.

Follows the same defence-in-depth pattern introduced after the injection PoCs in #1236
and #1240.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Replace ajv-cli with in-repo schema validator

- Remove ajv-cli to avoid vulnerable/deprecated transitive dependencies
- Add eng/validate-json-schema.mjs using ajv + ajv-formats
- Update validate-canvas-extensions workflow to use local script
- Use npm ci --ignore-scripts in PR validation job

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-01 10:40:40 +10:00
Aaron Powell 28c3a14af4 Switch skill CI validation workflows to vally lint (#2030)
* Switch skill CI checks to vally lint

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Adding Vally to allowed words

* case sensitivity

* Migrate external plugin quality gates from skill-validator to vally lint

Replace the downloaded skill-validator binary with
px @microsoft/vally-cli lint
in the external plugin quality gates pipeline:

- Remove downloadSkillValidator() and SKILL_VALIDATOR_ARCHIVE_URL constant
- Replace uildSkillValidatorArgs() + 
unSkillValidatorGate() with
  uildVallyLintArgs() + 
unVallyLintGate() that run
px vally-cli lint
  per resolved skill directory (falling back to the full plugin root when no
  specific skill paths can be resolved from plugin.json)
- Rename result keys skill_validator_status / skill_validator_output
  to ally_lint_status / ally_lint_output throughout both
  ng/external-plugin-quality-gates.mjs and ng/external-plugin-intake.mjs
- Update PR comment markdown to show 'vally lint' instead of 'skill-validator'
- Update CONTRIBUTING.md prose references accordingly

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Use @microsoft/vally library directly instead of vally-cli subprocess

Replace the npx-spawned vally-cli process with a direct call to the
@microsoft/vally core library in the external plugin quality gates scripts:

- Add @microsoft/vally as a devDependency in package.json
- Import runLint and LintConsoleReporter from @microsoft/vally
- Replace runVallyLintGate() process spawn with async API call:
  - runLint({ rootPath }) returns structured LintResults
  - LintConsoleReporter with a Writable capture stream collects
    text output without printing to stdout
- Make runExternalPluginQualityGates() async (propagated to
  runExternalPluginPrQualityGates() and both main entry points)
- Use Promise.all in runExternalPluginPrQualityGates() for parallel
  plugin checks
- Fix remaining skill_validator_status reference in pr-quality-gates
  summary string (now vally-lint=...) and YAML workflow table header
- Add 'npm install @microsoft/vally' step to both calling workflows

This removes a layer of indirection (Node -> npx -> CLI -> library)
and replaces it with a direct in-process library call, which is faster,
more reliable, and gives structured access to lint results.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 14:07:45 +10:00
Komal Vardhan Lolugu df58232729 create-implementation-plan: require unique identifiers (#1989) (#2142)
* create-implementation-plan: require unique identifiers (#1989)

The skill template tells the agent to use REQ-, TASK-, GOAL-, and
similar prefixed identifiers, but never says they have to be unique
or how to check. @basilevs reported plans coming back with duplicate
TASK IDs and proposed three POSIX one-liners that catch the two real
collision modes (table rows and bullet declarations) plus a broad
diagnostic scan.

Document the uniqueness rule under the existing Template Validation
Rules, then add a new "Identifier Uniqueness Check" section with all
three bash commands and instructions on which must come back empty
before the plan is finalized.

DEP-* references intentionally allowed in multiple sections per the
reporter's note.

Closes #1989.

* codespell: ignore GUD identifier prefix (#1989)

Upstream skills/create-implementation-plan/SKILL.md already uses
GUD-001 in the template body. Codespell currently slips past it on
word-boundary, but the regex alternation (GUD|RISK|...) added in the
previous commit on this branch makes codespell flag it as a misspelling
of GOOD.

GUD is the documented "Guideline" identifier prefix alongside REQ,
SEC, CON, PAT, etc. Add it to the ignore-words-list, matching the
pattern every other technical-token exemption in .codespellrc uses.

* create-implementation-plan: clarify declaration vs reference (#1989 review)

basilevs flagged that calling out DEP-* specifically was misleading,
because any identifier can appear as a reference. A TASK body can
cite a REQ, one TASK can cite another, and so on. The original
phrasing made it sound like DEP-* was the only prefix allowed to
recur.

Rewrite the rule to lead with "uniquely declared":
- Define declaration as the leading bullet/cell ID (e.g., the table
  row in Implementation Phase N, or '- **REQ-001**:').
- Say explicitly that references elsewhere in the plan are expected
  and not collisions, with concrete examples (TASK citing REQ,
  TASK citing TASK, Dependencies pointing at a DEP declared upstream).
- Tighten the check intro to call (1) and (2) declaration-targeted
  gates and (3) a broad informational scan that will see references.

Bash checks unchanged; they already encode the declaration-vs-reference
distinction via the table-cell and bullet-prefix anchors.
2026-06-30 10:36:03 +10:00
dependabot[bot] db80f8c2d4 chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates (#2160)
Bumps the npm_and_yarn group with 1 update in the / directory: [lodash](https://github.com/lodash/lodash).
Bumps the npm_and_yarn group with 2 updates in the /website directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) and [esbuild](https://github.com/evanw/esbuild).


Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.18.1)

Updates `astro` from 6.1.9 to 6.4.8
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/astro@6.4.8/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.4.8/packages/astro)

Updates `devalue` from 5.7.1 to 5.8.1
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/devalue/compare/v5.7.1...v5.8.1)

Updates `esbuild` from 0.27.7 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.7...v0.28.1)

Updates `vite` from 7.3.2 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: astro
  dependency-version: 6.4.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: devalue
  dependency-version: 5.8.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-30 10:16:44 +10:00
Komal Vardhan Lolugu 4e8726dd50 azure-devops-cli: handle long comments on Windows (#2061) (#2140)
* azure-devops-cli: handle long comments on Windows (#2061)

On Windows 'az' is a cmd.exe batch wrapper capped at ~8191 characters,
so a long --discussion / --description value silently truncates or
fails. Document three verified ways out so the coding agent doesn't
waste 3-5 turns falling back to raw token retrieval and REST:

1. azps.ps1 in PowerShell on Windows. Same Azure CLI, invoked through
   the Python entry point with no cmd.exe length cap. Pair with
   'Get-Content -Raw' so the body lives in a variable, not on the
   command line.

2. Native --file-path flags where Azure CLI offers them. Applies to
   'az devops wiki page create' and 'az devops wiki page update', both
   documented with --encoding.

3. 'az devops invoke --in-file' as the universal escape hatch for
   commands with no --file-path (work-item --discussion, PR
   --description). Documented example posts to the work item
   comments REST endpoint with api-version 7.0-preview.3.

The earlier draft suggested the Azure CLI '@<file>' convention as a
generic substitute for inline string args. The official docs only
document it for JSON parameters and the CLI source uses
'get_file_json' specifically, so the claim is removed and replaced
with an explicit warning not to rely on it for plain string args.

Files touched:
- skills/azure-devops-cli/SKILL.md: new 'Posting long comments on
  Windows' section with shell-detection table and three verified
  options.
- skills/azure-devops-cli/references/boards-and-iterations.md: short
  pointer at each --discussion example back to SKILL.md, plus an
  inline PowerShell snippet.

Closes #2061.

* azure-devops-cli: move long-comments guidance to reference file (#2061 review)

aaronpowell asked for the Windows long-comments section to live as a
reference file rather than inline in SKILL.md, so the token weight
isn't always loaded into the agent's context.

- Move the "Posting long comments on Windows" section to a new
  references/long-comments-on-windows.md verbatim.
- Strip the section from SKILL.md (56 fewer lines in the always-loaded
  surface).
- Add the new file to the Reference Files table in SKILL.md with a
  one-line "when to read" hint covering --discussion, --description,
  and --content failures on Windows.
- Update the two pointer comments in references/boards-and-iterations.md
  to point at the new reference file instead of the SKILL.md section.

docs/README.skills.md regenerated by 'npm run build' to pick up the
new reference file in the skill's bundled assets column.
2026-06-29 23:47:06 +00:00
Komal Vardhan Lolugu 0fa87ab383 Refresh 6 stale instruction files (#2133) (#2139)
* Refresh 6 stale instruction files flagged in #2133

Targeted refresh:
- blazor: C# 13 to C# 14. Drop the Visual Studio Enterprise mandate so contributors on VS Code or Rider aren't blocked by a paid SKU. Swap VS-only profiling for dotnet-trace and dotnet-counters.
- copilot-thought-logging: narrow applyTo from '**' to '**/Copilot-Processing.md'. Replace 9 Windows backslash paths with POSIX './Copilot-Processing.md' so the workflow works on macOS and Linux.
- genaiscript: drop the "avoid exception handlers or error checking" line. Replace it with: handle errors at I/O and external API boundaries, let unexpected exceptions surface.
- memory-bank: add the required 'description' frontmatter field (was a validation failure). Narrow applyTo from '**' to 'memory-bank/**'. Add an opt-in note so contributors know auxiliary files land in the workspace root.

Minor modernization:
- azure-functions-typescript: Node.js v20 to v22 LTS.
- localization: relative '../../issues' disclaimer link to absolute https://github.com/github/awesome-copilot/issues so it resolves regardless of the localized doc's path.

docs/README.instructions.md regenerated by 'npm run build' to pick up the new memory-bank description.

* revert applyTo narrow on copilot-thought-logging (#2133 review)

aaronpowell flagged that narrowing applyTo from '**' to
'**/Copilot-Processing.md' inverts the instruction. The instruction
tells Copilot to CREATE Copilot-Processing.md when handling any user
request, so it must apply globally, not only when that file is
already open.

Restore applyTo to '**'. Keep the POSIX path fixes (backslash to
'./Copilot-Processing.md') and the other 5 file fixes in this PR
unchanged.

---------

Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-06-29 23:44:35 +00:00
Ayan Gupta f0b1d44c7e Add Site Studio canvas extension (#2117)
* Add Site Studio canvas extension

Site Studio is a canvas extension for planning, drafting, and tracking a
personal website section by section. It gives you and your agent a shared
dashboard with a status board, an autosaving content editor (with AI-draft
and [Sample: ...] placeholders), and a live feed of every change and milestone.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address Copilot review feedback

Robustness, prototype-pollution safety, and accessibility fixes from the
Copilot code review on #2117:

- Add "ai_request" to VALID_CHANGE_TYPES so log_change accepts the change
  type the server itself emits (e.g. /api/request-generation).
- Bound the git branch lookup with timeout + maxBuffer so a hung git can't
  block the extension process and canvas UI.
- Serialize state persistence via a promise queue and snapshot state
  synchronously, so concurrent mutations can't clobber newer state on disk.
- Enforce a maximum request body size in readBodyJson to avoid unbounded
  memory use on the loopback server.
- Guard the /events handler against a missing/closed instance instead of
  throwing when servers.get(instanceId) is undefined.
- Reject unsafe field names (__proto__, prototype, constructor) in
  upsertSectionContent and use an own-property check in deleteSectionContent
  to prevent prototype pollution.
- Make the "Generate with AI" info tooltip reachable by keyboard and screen
  readers (focusable, labelled) instead of mouse-hover only.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: ayangupt <ayangupt@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 09:10:16 +10:00
github-actions[bot] 564298be32 [bot] Add CLI v1.0.64–1.0.65 features to Learning Hub configuration docs (#2146)
* docs: update Learning Hub with CLI v1.0.64-1.0.65 features

Add five missing features from the past week's CLI releases:

- HTTP(S) proxy user setting (v1.0.64)
- /every command and /loop alias for in-session scheduled prompts (v1.0.64)
- Inline image rendering in the terminal (v1.0.64)
- Autopilot auto-handles elicitation/permission prompts (v1.0.64)
- Shell command history accessible in normal mode via up/down and Ctrl+R (v1.0.65)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs: consolidate /every, /loop, /after docs and remove duplicate section

- Merge the duplicate /every+/loop section (added at line 640) into the
  existing first-occurrence at line 521
- Add /after command documentation (from PR #2148 suggestion)
- Add example of /every invoking slash commands (/every 1d /chronicle standup)
- Add Ctrl+C as alternative to /every stop
- Add Experimental callout for /every, /loop, and /after
- Update lastUpdated to 2026-06-29

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-06-29 13:50:21 +10:00
Aaron Powell 7f19be7380 Fix contributor check gh api marker argument error (#2151)
* Fix contributor check comment upsert behavior

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix contributor check jq marker filtering

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-29 12:23:17 +10:00
Aaron Powell 13a1dce22e Fix contributor reputation check comment deduping (#2150)
* Fix contributor check comment upsert behavior

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-29 11:59:19 +10:00
github-actions[bot] 0938fdc524 [bot] docs(learning-hub): update for Copilot CLI v1.0.64–v1.0.66 features (#2138)
* docs(learning-hub): update for Copilot CLI v1.0.64-v1.0.66 features

- building-custom-agents: add reasoningEffort frontmatter field (v1.0.66+)
- copilot-configuration-basics:
  - add proxy setting to settings table (v1.0.64+)
  - update /cd to note session-resume persistence and agent discovery (v1.0.65)
  - update /worktree to note task-in-name feature (v1.0.66+)
  - add /every and /loop commands for scheduled prompts (v1.0.64+)
  - add dynamic skill retrieval --dynamic-retrieval flag (v1.0.66+)
- understanding-mcp-servers: add MCP server toggle from list view (v1.0.66+)
- working-with-canvas-extensions: add canvas auto-resume on restart (v1.0.65)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* revert learning-hub canvas persistence docs update

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-29 11:53:05 +10:00
Christopher Harrison bdd993f43a Modernize Astro and Svelte instruction files (#2141)
Retarget instructions/astro.instructions.md to Astro 7 and
instructions/svelte.instructions.md to Svelte 5 / SvelteKit 2, fix
outdated APIs, add current stable feature guidance, and trim non-code
(setup, deployment, testing-workflow, recap) content so each file
focuses solely on code structure and best practices.

Regenerated docs/README.instructions.md via npm start.

Co-authored-by: GeekTrainer <GeekTrainer@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-29 11:21:54 +10:00
Sukanth Gunda 15671f7703 fix(skills): make aws-cloudwatch-investigation pass skill validation (#2137)
The `name` frontmatter was `AWS CloudWatch Investigation`, which violated the Agent Skills spec and failed `npm run skill:validate` on main: name must be lowercase letters, numbers, and hyphens and must match the folder name (`aws-cloudwatch-investigation`). Correct the name and regenerate docs/README.skills.md so the validator passes (365/365) and the skills table renders consistently with every other entry.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-29 10:53:30 +10:00
github-actions[bot] cd420ca862 docs(learning-hub): update for Copilot CLI v1.0.64-v1.0.65 features (#2127)
- creating-effective-skills: add 'copilot skill' CLI subcommand for
  listing, adding, and removing skills (v1.0.65); add '/skill' alias
- automating-with-hooks: document userPromptSubmitted additionalContext
  injection into model-facing prompt (v1.0.65); update hook events table
- copilot-configuration-basics: add opt-in CI check status bar indicator
  for current branch (v1.0.65)
- building-custom-agents: add note that /security-review is now available
  to all users without --experimental (v1.0.64)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-26 15:36:40 +10:00
github-actions[bot] 0d855afc2e Add external plugin ui5-modernization (#2131)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-26 11:24:57 +10:00
Aaron Powell 4c852c8641 Removing the latent labels from the old branching setup (#2130) 2026-06-26 10:31:05 +10:00
Ashley Wolf e9c8e37041 Add contributor attribution to canvas extension cards (#2111)
Show "by @handle" on each canvas extension card and in the details
modal, linking to the contributor's GitHub profile. Author metadata
lives in each extension's canvas.json (and external.json for external
extensions), where the rest of the canvas metadata is stored.

- Store author {name, url} in canvas.json / external.json
- Read author from canvas.json in the website data generator and emit
  it to extensions.json
- Render the GitHub @handle, derived from the profile URL, as the link
  text, with the contributor's name as the link title
- Escape the sanitized author URL before interpolating it into href

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-25 14:52:58 +10:00
Aaron Powell f72401434f chore: remove check-pr-target workflow (#2124)
Now that main is the contributor branch and staged is retired,
no new PRs will target staged. The check-pr-target guard is
no longer needed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-25 14:45:14 +10:00
Aaron Powell 0eb6062f94 chore(phase2): retarget all automation and contributor guidance from staged to main (#2122)
* chore(phase2): retarget all automation from staged to main

- publish.yml: trigger on main, publish only to marketplace
- check-pr-target.yml: invert — now blocks PRs targeting staged, welcomes main
- 10 PR validation workflows: branches [staged] → [main]
- external-plugin-command-router.yml: --base staged → main (3×), message text
- external-plugin-rereview-command.yml: --base staged → main (2×), message text
- external-plugin-rereview.yml: staged reference in review comment text
- external-plugin-intake.yml: ref: staged checkout → main
- external-plugin-pr-quality-gates.yml: ref: staged checkout → main
- external-plugin-quality-gates.yml: ref: staged checkout → main
- check-plugin-structure.yml: error messages updated for new branch model
- contributors.yml: ref and base target → main
- setup-labels.yml: targets-main label description updated
- cli-for-beginners-sync.md + .lock.yml: base-branch staged → main
- codeowner-update.md + .lock.yml: base-branch staged → main
- learning-hub-updater.md + .lock.yml: base-branch staged → main

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs(phase2): update contributor guidance from staged to main

- CONTRIBUTING.md: branch from main, PR targets main; remove Phase 2 gate note
- AGENTS.md: PR target + external plugin PR automation references
- .github/pull_request_template.md: PR checklist targets main
- website/src/content/docs/learning-hub/agentic-workflows.md: PR target

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* aw updates

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-25 14:36:53 +10:00
github-actions[bot] 87c6d5f258 docs: update Learning Hub for Copilot CLI v1.0.61-v1.0.64 (#2119)
- understanding-mcp-servers: add .github/mcp.json to config discovery table (v1.0.61)
- installing-and-using-plugins: add extensions as a plugin component type (v1.0.62)
- copilot-configuration-basics: add /settings, /worktree, and /diagnose commands (v1.0.61, v1.0.64); note per-model token totals in /usage (v1.0.64)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-25 11:53:32 +10:00
github-actions[bot] ab44e41dbb Add external plugin gh-skills-builder (#2120)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-25 11:21:32 +10:00
Eugene Sviridov 226b11dc87 Fix install dropdown render2 (#2118)
* fix: close other install dropdowns when opening a new one

* fix: render install dropdown above resource item siblings
2026-06-25 11:18:42 +10:00