- Remove redundant `<mission>` section from gem-browser-tester
- Add "Reflect" step to gem-documentation-writer for self-review on high-priority or failed tasks
- Refactor gem-orchestrator completion phase to generate a walkthrough markdown file instead of a review
- Update orchestrator rules to allow direct execution for creating walkthrough files
Merges the two separate action workflows (block-workflow-yaml.yml and
validate-agentic-workflows.yml) into a single validate-agentic-workflows-pr.yml
with two jobs: check-forbidden-files runs first, then compile-workflows
runs only if the file check passes.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Workflows are now standalone .md files in workflows/ — no subfolders
or README.md needed. Each file contains both the metadata frontmatter
(name, description, triggers, tags) and the agentic workflow definition
(on, permissions, safe-outputs) in a single file.
Updated all build scripts, CI workflows, docs, and review checklists.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Prevents contributors from pushing compiled YAML (.yml, .yaml, .lock.yml)
or .github/ directories into the workflows/ directory. Only .md markdown
source files are accepted — compilation happens downstream via gh aw compile.
This is a security measure to prevent malicious GitHub Actions code
from being introduced through contributed agentic workflows.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds validate-agentic-workflows.yml that runs on PRs touching workflows/.
Uses gh-aw CLI setup action to install the compiler, then runs
'gh aw compile --validate' on each workflow .md file. Posts a sticky
PR comment with fix instructions on failure.
Also adds workflows/** to validate-readme.yml path triggers so README
tables are regenerated when workflows change.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add support for contributing Agentic Workflows — AI-powered repository
automations that run coding agents in GitHub Actions, defined in markdown
with natural language instructions (https://github.github.com/gh-aw).
Changes:
- Create workflows/ directory for community-contributed workflows
- Add workflow metadata parsing (yaml-parser.mjs)
- Add workflow README generation (update-readme.mjs, constants.mjs)
- Add workflow data to website generation (generate-website-data.mjs)
- Update README.md, CONTRIBUTING.md, and AGENTS.md with workflow docs,
contributing guidelines, and code review checklists
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
These agents/, commands/, and skills/ directories inside plugin folders
are generated by eng/materialize-plugins.mjs during CI publish and
should not be committed to the staged branch.
- Remove 185 materialized files from git tracking
- Add .gitignore rules to prevent accidental re-commits
- Update publish.yml to force-add materialized files despite .gitignore
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Scans agents, prompts, instructions, hooks, and skills folders to
identify resources that haven't had a major change in over 30 days
(stale) or 14 days (aging). Runs weekly or on demand and files a
GitHub issue with the report.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Switch from colon to tab delimiter to handle colons in evidence text
- Base64-encode evidence to prevent parsing issues
- Use MAX_SEVERITY in log output and JSON events
- Narrow regex patterns to reduce false positives:
- third[_-]?party instead of third.?party
- Role reassignment scoped to AI terms
- System prompt injection requires 'you are' context
- Fix session-end stats to scope to current session only
- Update privacy statement to clarify evidence snippets are logged
- Rename credential description to 'Possible hardcoded credential'
- Fix database destruction regex to also match semicolons
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
