Commit Graph

265 Commits

Author SHA1 Message Date
Aaron Powell e986f49695 Migrate extension metadata to plugin.json and enforce conventions (#2177)
* Remove pluginRoots property from marketplace.json

The pluginRoots property is not used by install tooling and was only
informational about the extension/plugin source directories. Removing it
simplifies the marketplace.json structure while maintaining all functionality.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Migrate java-modernization-studio to plugin.json and update validation workflow

- Create .github/plugin/plugin.json for java-modernization-studio extension
- Remove legacy canvas.json from java-modernization-studio
- Update validate-canvas-extensions.yml workflow to check for plugin.json instead of canvas.json
- Update workflow to trigger on .schemas/plugin.schema.json changes (instead of canvas.schema.json)
- Remove schema validation logic that relied on canvas.schema.json
- All 12 extensions now use plugin.json for metadata

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Add extensions field to all extension plugin.json files

Per https://github.com/github/copilot-agent-runtime/pull/9929, plugins that ship
extensions need to include an extensions field specifying where the extension code
is located. All 12 extensions now have extensions set to '.' to reference the
current directory where extension.mjs is located.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Enforce convention-based extension metadata and remove x-awesome-copilot

- Remove x-awesome-copilot.screenshots from all extension plugin.json files
- Enforce logo=assets/preview.png convention for all extensions
- Enforce extensions=. per copilot-agent-runtime#9929
- Update validate-plugins.mjs to enforce conventions
- Update validate-canvas-extensions.yml workflow with convention checks
- Update AGENTS.md and CONTRIBUTING.md documentation

All 12 extensions validated successfully.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Use standard plugin validation for extensions

Remove the custom extension schema and schema validation helper, and
validate extension plugin.json files through the existing plugin validator
instead. Update workflows to stop depending on the removed schema.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-03 12:24:38 +10:00
github-actions[bot] 071ddc82ec Add external plugin cockroachdb (#2187)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-03 10:11:26 +10:00
Copilot 3bd22bc0f4 Fix PR duplicate check not running on external contributor submissions (#2188)
* Initial plan

* Fix PR duplicate check not running on external contributor submissions

Add forks: [\"*\"] and roles: all to pr-duplicate-check.md so the
agentic workflow runs for all PR authors, including external contributors
submitting from forks. Previously, the generated lock.yml contained:
- A fork repository check blocking all fork PRs from running
- A team membership check (admin/maintainer/write) blocking external contributors

Recompiled with gh aw compile to regenerate pr-duplicate-check.lock.yml.
The pre_activation job (which held the membership gate) is now removed,
and the activation job runs unconditionally for all pull_request events.

Closes #2121

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fixing a bunch of warnings on all the agentic workflows

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-03 10:08:42 +10:00
Petr Pokorny 8c68eba690 dotnet-test: polyglot description and keywords, mirror 0.2.0 (#2178)
Reframe the external catalog entry to reflect the plugin's polyglot
test-generation pipeline (.NET/C#, Python, TypeScript/JavaScript, Java, Go,
Ruby, Rust, C++, Kotlin, Swift, PowerShell) and add polyglot keywords so
non-.NET developers can discover it. Mirrors the dotnet/skills 0.2.0 bump.

Edits the source (plugins/external.json) and regenerates the generated
.github/plugin/marketplace.json via npm run build. source stays unpinned
(tracks main), so no behavior change.
2026-07-02 12:01:04 +10:00
Ari LiVigni ContinuousG33k 388e0ed368 chore: update gh-skills-builder to v1.0.2 (#2183)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: arilivigni <4140343+arilivigni@users.noreply.github.com>
2026-07-02 10:30:26 +10:00
Aaron Powell 235bdb1872 Fixing git sha's (#2170) 2026-07-01 11:25:14 +10:00
Aaron Powell 79cda6bb19 Add canvas schema validation to extension submission workflow (#2161)
* Add canvas schema and extension submission checks

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* fix: use namespace import for js-yaml

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

* Fix contributors page build markup

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

* Address PR feedback on canvas schema validation

- Add ajv-cli@5 as a pinned devDependency; install via npm ci in CI instead of npx --yes
- Fix screenshot path regex to prevent .. traversal segments
- Validate canvas.schema.json is parseable JSON even on schema-only PRs

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Harden canvas extension workflow against injection attacks

Switch from newline to null-terminated git diff output (git diff -z) so filenames
containing newlines are read atomically, matching the existing skill-check.yml pattern.

Add an allowlist regex guard on the extracted extension directory name immediately after
it is parsed from git diff output. Any name not matching ^[a-z0-9][a-z0-9-]*$ (e.g.
names containing dollar signs, parentheses, spaces, or other shell metacharacters) is
silently skipped before being used anywhere in the script.

Add a matching allowlist guard on each screenshot path extracted from canvas.json before
the file-existence check, so a crafted manifest cannot supply a path with shell
metacharacters or traversal segments even after the schema check passes.

Follows the same defence-in-depth pattern introduced after the injection PoCs in #1236
and #1240.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Replace ajv-cli with in-repo schema validator

- Remove ajv-cli to avoid vulnerable/deprecated transitive dependencies
- Add eng/validate-json-schema.mjs using ajv + ajv-formats
- Update validate-canvas-extensions workflow to use local script
- Use npm ci --ignore-scripts in PR validation job

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-01 10:40:40 +10:00
Aaron Powell 28c3a14af4 Switch skill CI validation workflows to vally lint (#2030)
* Switch skill CI checks to vally lint

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Adding Vally to allowed words

* case sensitivity

* Migrate external plugin quality gates from skill-validator to vally lint

Replace the downloaded skill-validator binary with
px @microsoft/vally-cli lint
in the external plugin quality gates pipeline:

- Remove downloadSkillValidator() and SKILL_VALIDATOR_ARCHIVE_URL constant
- Replace uildSkillValidatorArgs() + 
unSkillValidatorGate() with
  uildVallyLintArgs() + 
unVallyLintGate() that run
px vally-cli lint
  per resolved skill directory (falling back to the full plugin root when no
  specific skill paths can be resolved from plugin.json)
- Rename result keys skill_validator_status / skill_validator_output
  to ally_lint_status / ally_lint_output throughout both
  ng/external-plugin-quality-gates.mjs and ng/external-plugin-intake.mjs
- Update PR comment markdown to show 'vally lint' instead of 'skill-validator'
- Update CONTRIBUTING.md prose references accordingly

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Use @microsoft/vally library directly instead of vally-cli subprocess

Replace the npx-spawned vally-cli process with a direct call to the
@microsoft/vally core library in the external plugin quality gates scripts:

- Add @microsoft/vally as a devDependency in package.json
- Import runLint and LintConsoleReporter from @microsoft/vally
- Replace runVallyLintGate() process spawn with async API call:
  - runLint({ rootPath }) returns structured LintResults
  - LintConsoleReporter with a Writable capture stream collects
    text output without printing to stdout
- Make runExternalPluginQualityGates() async (propagated to
  runExternalPluginPrQualityGates() and both main entry points)
- Use Promise.all in runExternalPluginPrQualityGates() for parallel
  plugin checks
- Fix remaining skill_validator_status reference in pr-quality-gates
  summary string (now vally-lint=...) and YAML workflow table header
- Add 'npm install @microsoft/vally' step to both calling workflows

This removes a layer of indirection (Node -> npx -> CLI -> library)
and replaces it with a direct in-process library call, which is faster,
more reliable, and gives structured access to lint results.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 14:07:45 +10:00
Aaron Powell 7f19be7380 Fix contributor check gh api marker argument error (#2151)
* Fix contributor check comment upsert behavior

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix contributor check jq marker filtering

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-29 12:23:17 +10:00
Aaron Powell 13a1dce22e Fix contributor reputation check comment deduping (#2150)
* Fix contributor check comment upsert behavior

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-29 11:59:19 +10:00
github-actions[bot] 0d855afc2e Add external plugin ui5-modernization (#2131)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-26 11:24:57 +10:00
Aaron Powell 4c852c8641 Removing the latent labels from the old branching setup (#2130) 2026-06-26 10:31:05 +10:00
Aaron Powell f72401434f chore: remove check-pr-target workflow (#2124)
Now that main is the contributor branch and staged is retired,
no new PRs will target staged. The check-pr-target guard is
no longer needed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-25 14:45:14 +10:00
Aaron Powell 0eb6062f94 chore(phase2): retarget all automation and contributor guidance from staged to main (#2122)
* chore(phase2): retarget all automation from staged to main

- publish.yml: trigger on main, publish only to marketplace
- check-pr-target.yml: invert — now blocks PRs targeting staged, welcomes main
- 10 PR validation workflows: branches [staged] → [main]
- external-plugin-command-router.yml: --base staged → main (3×), message text
- external-plugin-rereview-command.yml: --base staged → main (2×), message text
- external-plugin-rereview.yml: staged reference in review comment text
- external-plugin-intake.yml: ref: staged checkout → main
- external-plugin-pr-quality-gates.yml: ref: staged checkout → main
- external-plugin-quality-gates.yml: ref: staged checkout → main
- check-plugin-structure.yml: error messages updated for new branch model
- contributors.yml: ref and base target → main
- setup-labels.yml: targets-main label description updated
- cli-for-beginners-sync.md + .lock.yml: base-branch staged → main
- codeowner-update.md + .lock.yml: base-branch staged → main
- learning-hub-updater.md + .lock.yml: base-branch staged → main

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs(phase2): update contributor guidance from staged to main

- CONTRIBUTING.md: branch from main, PR targets main; remove Phase 2 gate note
- AGENTS.md: PR target + external plugin PR automation references
- .github/pull_request_template.md: PR checklist targets main
- website/src/content/docs/learning-hub/agentic-workflows.md: PR target

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* aw updates

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-25 14:36:53 +10:00
github-actions[bot] ab44e41dbb Add external plugin gh-skills-builder (#2120)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-25 11:21:32 +10:00
github-actions[bot] 710f4fff66 Add external plugin datadog (#2099)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-23 14:13:23 +10:00
github-actions[bot] 478af086ff Add external plugin agent-council (#2087)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-23 11:26:33 +10:00
Ayan Gupta 9c87c1bb64 Upgrade agentic workflows from gh-aw v0.72.1 to v0.80.9 (#2092)
- Recompile all 6 workflow lock files with gh-aw v0.80.9
- Update gh-aw-actions/setup v0.72.1 → v0.80.9
- Update actions/checkout v6.0.2 → v7.0.0
- Refresh container image pins across all workflows
- Fix learning-hub-updater.md: add missing permissions.contents: read
  (root cause of safe_outputs 'Failed to apply bundle' failures)
- Update dispatcher SKILL.md and agentic-workflows agent
- Update actions-lock.json and copilot-setup-steps.yml

Fixes: #2077 (learning-hub-updater), #2080 (cli-for-beginners-sync)
Part of: #2076

Co-authored-by: Ayan Gupta <ayangupta@Ayans-MacBook-Pro.local>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-23 11:25:54 +10:00
Aaron Powell b253270faa Phase 1: split source vs published refs and verify dual publish (#2085)
* chore: finalize phase 1 marketplace migration wiring

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: avoid hardcoded source branch in plugin docs links

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 15:04:40 +10:00
Aaron Powell 18654630ab fix: use pull_request_target trigger for external plugin PR quality gates (#2043)
The workflow was using the pull_request trigger which restricts
GITHUB_TOKEN to read-only for fork PRs, causing the sync-pr-state
job to fail with 403 when trying to add labels.

Switching to pull_request_target runs the workflow in the base
repo context so declared permissions (issues: write, pull-requests:
write) are honoured for cross-repository PRs.

The workflow is safe to use pull_request_target because:
- detect-changed-plugins reads files via the GitHub API only (no checkout)
- run-quality-gates checks out the trusted staged branch, not the PR head
- sync-pr-state also checks out the staged branch

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-18 10:57:33 +10:00
Sanyam beef5a5fe0 Update modernize-dotnet plugin to 1.0.1157-preview1 (#2039)
Co-authored-by: Sanyam Vipul Savla <sasavla+microsoft@microsoft.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-06-18 10:03:45 +10:00
Aaron Powell 5e0c0aa59e fixing spelling skill (#2038)
* fixing spelling skill

* adjusting path
2026-06-18 09:42:12 +10:00
Dan Wahlin 2f9d85eef8 Add Agent Arcade canvas extension (#2031)
* Add Agent Arcade canvas extension

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Refine Agent Arcade canvas behavior

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update Agent Arcade canvas credits

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update Agent Arcade canvas catalog anchor

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Ignoring the minified file

* Configure codespell to skip minified Phaser file

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Aaron Powell <me@aaron-powell.com>
2026-06-17 19:29:18 +10:00
Aaron Powell 17b174fb0a Canvas manifest implementation for extensions (#2029)
* Add keyword display to extension cards on website

- Add .resource-keywords and .keyword-tag CSS styles for rendering keyword badges
- Update renderExtensionsHtml() to display keywords below extension description
- Keywords now visible on the website extensions page with styled badges
- Regenerate website data to include keyword metadata

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Canvas manifest implementation for all extensions

Add per-extension canvas manifests with:
- Structured canvas metadata (name, description, version, keywords)
- Screenshot definitions (icon and gallery with path/type)
- Relative paths for images within each extension directory

Enhance extension metadata:
- Generate meaningful descriptions from source analysis
- Extract and assign keywords for discoverability
- Store metadata in package.json and extension source files

Update website rendering and data generation:
- Include keywords in extension cards and search index
- Add per-extension canvas.json files for independent evolution
- Support screenshot metadata in manifest structure
- Generate extensions.json with full canonical paths for website

All 9 local canvas extensions now have complete manifests with descriptions, keywords, and screenshot references.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Tweaking some descriptions

* Fix description priority to prefer package.json over in-source metadata

Reverse the priority in canvasDescription so that package.json descriptions
(which contain the enhanced, manually-curated descriptions) take precedence
over older in-source descriptions extracted from createCanvas(...) calls.

This prevents regression when npm run website:data regenerates outputs,
ensuring that committed canvas.json files maintain the current descriptions.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix canvas validation to skip external.json file

The validation script was treating extensions/external.json as if it were
a directory, causing false validation failures. Added check to skip files
(identified by presence of dot in filename) and only validate actual
canvas extension directories.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-17 15:28:15 +10:00
Aaron Powell fae6a92c9d Centralize label management and fix permission issues (#2018)
* fix: Allow label operations on pull requests in external plugin approval workflow

The sync-merged-pr-labels job needs pull-requests: write permission to
add/remove labels on merged PRs. Previously it only had issues: write which
is for issues, not pull requests. This fixes the permission error when
workflows try to modify PR labels from a non-contributor account.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: Handle 403 permission errors when creating external plugin intake labels

When running on PRs from fork contributors, the GitHub token may not have
permission to create labels in the repository. This is expected and should
not cause the workflow to fail. Allow the ensureLabel function to gracefully
handle 403 Forbidden errors in addition to 422 (label already exists) errors.

This fixes the sync-pr-state job failure in external-plugin-pr-quality-gates.yml
when run on PRs from external contributors.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* refactor: Centralize label management into a single workflow_dispatch workflow

Create a new 'setup-labels' workflow that is manually dispatched and handles
all label creation and updates. This workflow:
- Creates all labels used by the repository
- Updates descriptions if labels already exist
- Reports success/failure counts
- Fails if any labels cannot be created

All individual workflows now assume labels exist and will fail (loudly) if
they don't. This makes it clear to maintainers when the setup-labels workflow
needs to be dispatched:

- label-pr-intent.yml
- skill-check-comment.yml
- external-plugin-approval-command.yml
- external-plugin-command-router.yml
- external-plugin-rereview.yml
- external-plugin-rereview-command.yml
- eng/external-plugin-intake-state.mjs

This approach is better because:
- Single source of truth for label definitions
- Avoids permission issues with fork contributors
- Clear failure modes when labels are missing
- Easier to maintain consistent label configuration
- No more scattered label creation logic across workflows

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Remove unused ensureLabel methods and managedLabels constants

Labels are now centrally managed by the setup-labels workflow and
assumed to exist in all other workflows. Removed:

- ensureLabel() methods from all 6 workflows and 1 JS module
- managedLabels constants that were only used by ensureLabel
- Promise.all() calls that invoked ensureLabel for each label
- Updated syncManagedLabels in skill-check-comment.yml to remove ensureLabel call

All workflows now assume labels exist and will fail if they don't,
which is the desired behavior—it signals maintainers to dispatch the
setup-labels workflow when new labels need to be created.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-17 14:12:07 +10:00
Aaron Powell 5fb37f6461 feat: add canvas extension validation and labeling (#2017)
- Update PR template to include canvas extension as a contribution type
- Add 'canvas-extension' label (color: E4B9FF) to label-pr-intent workflow
  with auto-detection for PRs touching extensions/**
- Add new validate-canvas-extensions.yml workflow that checks:
  - extension.mjs is present in each changed extension folder
  - assets/preview.png screenshot is present in each changed extension folder
  - Posts a REQUEST_CHANGES review with a fix guide on failure

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-17 09:44:13 +10:00
Florian Vogt 1dd0e3969d deps(external.json): Update UI5 plugins to v0.1.4 (#2011)
* deps(external.json): Update UI5 plugins to v0.1.4

* fix: Remove ref tag according to GitHub Copilot code review
2026-06-17 09:31:55 +10:00
Aaron Powell a34c98bfbf Automate external plugin update PR quality checks (#2005)
* Add PR quality gates for external plugin updates

Automate external plugin update PR review by running skill-validator and install smoke checks against changed entries in plugins/external.json. Sync PR workflow-state labels and upsert a marker-based status comment with source tree links for each changed plugin.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Tighten external plugin PR workflow permissions

Scope write permissions to the PR synchronization job, keep the quality-gate job read-only, and handle no-op and detection-failure states explicitly. Also fix source tree link encoding for refs, SHAs, and plugin paths.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Fix external plugin workflow job steps

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
2026-06-16 15:40:21 +10:00
Sophio Japharidze 376c05bd6d Update SonarQube plugin version (#2004) 2026-06-16 10:05:21 +10:00
github-actions[bot] 9cadf9a385 Add external plugin modernize-java (#1997)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-15 11:50:09 +10:00
Aaron Powell 8a32e00ea0 Removing old plugin to unblock #1962 external plugin addition (#1996) 2026-06-15 11:24:01 +10:00
Aaron Powell 3ae6b2007c Add soft-gate PR risk scan automation for agentic PRs (#1969)
* Add soft-gate PR risk scanning automation

Introduce a PR risk scanner script plus two workflows: one to scan changed files and upload findings, and one to upsert a sticky PR comment with a summary table and findings. This adds non-blocking supply-chain risk visibility for agentic contributions.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Harden path checks and reduce scanner false positives

Reject absolute paths, enforce repo-root containment after resolution, and tighten unpinned-version detection to dependency/version contexts to avoid markdown noise.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Harden soft-gate behavior and scanner coverage

Make PR risk scan workflows non-blocking on scanner/artifact edge cases, always upload artifacts, reduce required permissions, and extend scanner script detection to plugin skill paths.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-15 10:59:01 +10:00
Muhammad Ubaid Raza f89afd9a39 [Feat] Introduce exploration modes, fast routes, skill detection (#1963)
* chore(deps, docs): bump marketplace version to 1.46.0

- Refine execution priority guidance in agent documentation
- Imrpvoe discovery guidance
- Improve context cache guidance
- Add script usage guidelines to agent documentation
- Simplify agent input references

* feat: bump marketplace version to 1.47.0 and enhance agent workflows

- Add Bug‑Fix Mode with validation gate for `debugger_diagnosis` tasks
- Expand allowed task types to include `research`
- Reduce subagent concurrency limit from 4 to 2
- Update design validation handling for flagged tasks
- Update marketplace plugin version reference to 1.47.0

* chore: bump marketplace version to 1.48.0 and refine agent context envelope workflow documentation

- Enhance the Init section in gem-browser-tester.agent.md, gem-code-simplifier.agent.md, and gem-critic.agent.md with detailed context envelope handling, active context treatment, and reuse_notes trust/verification logic.
- Add explicit steps for safe assumption, verification before use, and controlled re‑reading of context notes.

* chore: refine verification of symbol usages before modifying shared components

* chore(marketplace): bump version to 1.50.0; refactor(gem-browser-tester): simplify workflow steps

* chore(docs): simplify Phase 0 task classification and streamline initialization

* chore: Merges teps for batching

* feat: Enhcanc esuport for trivial/ low complex tasks

* chore: bump version to 1.56.0 and add config settings for visual regression, devops approvals, and orchestrator complexity

* chore: fix toc links

* chore: Remove emojis from headings

* chore: Update readme

* chore: Enforce orchestration

* chore: clarify orchestrator role and bump version to 1.59.0

* chore: bump version to 1.61.0 and refine agent documentation

* chore: bump version to 1.62.0 and refine agent documentation

* chore: bump version to 1.63.0 and add mandatory rules notice to all agent documentation files

* chore:  Improve batching instructions

- bump version to 1.64.0

* chore: refactor gem-planner agent definition and JSON output to remove redundant fields and simplify structure

* chore: bump marketplace version to 1.66.0 and refactor gem-planner plan format, update agent documentation to clarify reuse_notes and simplify structures
2026-06-15 10:25:23 +10:00
Aaron Powell 3e4cc87e91 fix: auto-approve bot review when PR base is changed off main (#1971)
* fix: reset bot review when PR base is changed off main

The check-pr-target workflow only ran on 'opened' events targeting main,
so it never re-ran after a submitter edited the base branch to 'staged'.
The REQUEST_CHANGES review was left in place, blocking merge and requiring
a manual maintainer override.

Changes:
- Broaden trigger to also fire on edited, reopened, and synchronize events,
  and add 'staged' to the branches filter so the workflow runs after a
  base-branch edit.
- Before posting REQUEST_CHANGES, check whether the bot already has an
  active CHANGES_REQUESTED review to avoid duplicate reviews.
- After a base-branch edit: if the PR no longer targets main and the bot's
  latest review state is CHANGES_REQUESTED, post an APPROVE review to
  clear the block automatically.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: rerun PR target check for any base branch

Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
2026-06-12 12:21:47 +10:00
github-actions[bot] 6e686c67b1 Add external plugin ui5-typescript-conversion (#1959)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
2026-06-12 12:09:20 +10:00
github-actions[bot] f9d78331be Add external plugin github-copilot-modernization (#1965)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-12 12:01:37 +10:00
github-actions[bot] a95f613071 Add external plugin ui5 (#1957)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-12 12:00:35 +10:00
github-actions[bot] 5bba01f5bf Add external plugin elasticsearch (#1956)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-12 12:00:11 +10:00
github-actions[bot] cbc9655c10 Add external plugin copilot-goal-skill (#1950)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-12 11:59:51 +10:00
Aaron Powell c4a0a3ef5a Route intake failures to submitter fixes (#1970)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-11 15:17:32 +10:00
Aaron Powell 517be706aa Fix external plugin command concurrency issues (#1958)
* Separate re-review commands from intake/approval pipeline

- Removed /re-review-* from external-plugin-command-router.yml
- Created external-plugin-rereview-command.yml with separate concurrency
- Each pipeline maintains independent per-issue serialization
  - Router: /approve, /reject, /mark-ready-for-review, /rerun-intake
  - Re-review: /re-review-keep, /re-review-needs-changes, /re-review-remove

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Scope router workflow token permissions

- Set default router workflow permissions to contents:read + issues:write
- Move elevated contents/pull-requests write permissions to approval-command only
- Keep approval command behavior unchanged while reducing privileges for rerun-intake and mark-ready paths

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Align router concurrency with intake workflow

- Update command router to reuse the intake concurrency group key
- Preserve queueing behavior for comment commands

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-10 15:14:57 +10:00
Aaron Powell 50854076f2 The new lines weren't working properly as we'd filter them out, whoops (#1951) 2026-06-10 14:44:16 +10:00
Preyas Prakasan d93e8cf931 Plugin for AWS and addition of new skills 🤖🤖🤖 (#1903)
* aws plugin and adding few more aws agents

* updating the agent def

* fixed around skill validator results.

---------

Co-authored-by: Preyas Prakasan <preyasprakasan@Preyass-MacBook-Pro.local>
2026-06-10 14:43:31 +10:00
Muhammad Ubaid Raza 33c3ac8935 chore(deps, docs): bump marketplace version to 1.46.0 (#1877)
* chore(deps, docs): bump marketplace version to 1.46.0

- Refine execution priority guidance in agent documentation
- Imrpvoe discovery guidance
- Improve context cache guidance
- Add script usage guidelines to agent documentation
- Simplify agent input references

* feat: bump marketplace version to 1.47.0 and enhance agent workflows

- Add Bug‑Fix Mode with validation gate for `debugger_diagnosis` tasks
- Expand allowed task types to include `research`
- Reduce subagent concurrency limit from 4 to 2
- Update design validation handling for flagged tasks
- Update marketplace plugin version reference to 1.47.0

* chore: bump marketplace version to 1.48.0 and refine agent context envelope workflow documentation

- Enhance the Init section in gem-browser-tester.agent.md, gem-code-simplifier.agent.md, and gem-critic.agent.md with detailed context envelope handling, active context treatment, and reuse_notes trust/verification logic.
- Add explicit steps for safe assumption, verification before use, and controlled re‑reading of context notes.

* chore: refine verification of symbol usages before modifying shared components

* chore(marketplace): bump version to 1.50.0; refactor(gem-browser-tester): simplify workflow steps

* chore(docs): simplify Phase 0 task classification and streamline initialization

* chore: Merges teps for batching

* feat: Enhcanc esuport for trivial/ low complex tasks

* chore: bump version to 1.56.0 and add config settings for visual regression, devops approvals, and orchestrator complexity

* chore: fix toc links

* chore: Remove emojis from headings

* chore: Update readme

* chore: Enforce orchestration

* chore: clarify orchestrator role and bump version to 1.59.0

* chore: bump version to 1.61.0 and refine agent documentation
2026-06-10 14:34:29 +10:00
Aaron Powell 27bc67adbb Adding more reactions when slash commands are run (#1949) 2026-06-09 15:55:12 +10:00
Aaron Powell 7d65425eeb Render issue bodies as markdown in external plugins board (#1946)
* feat: Add external plugins Kanban board canvas extension

- Create interactive Kanban board showing external plugin submission issues
- Display issues in columns based on labels: 'requires-submitter-fixes', 'ready-for-review', 'approved', 'rejected'
- Support drag-and-drop state transitions between columns
- Show PR links for approved issues via [Generated PR](url) pattern in issue body
- Display issue summaries with numbers and titles
- Use app theme variables for visual integration
- Implement demo mode with example issues for consistent testing

The canvas includes:
- HTTP server with /api/issues endpoint for issue fetching
- Drag-and-drop UI with vanilla JavaScript
- Responsive HTML/CSS Kanban layout
- Auto-refresh on drag operations

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* feat: Add issue detail modal to Kanban board canvas

- Click any issue card to view full details in a modal
- Modal shows issue description, creation/update dates, labels, and PR link
- Displays formatted dates and color-coded label badges
- Modal can be closed via X button or clicking outside
- Drag-and-drop still works on issue cards
- Added hover effects to issue cards for better interactivity

Demo data now includes issue body descriptions, created_at, and updated_at timestamps for realistic display.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* feat: Integrate real external plugin issues from repository

- Replaced hard-coded demo data with live gh CLI integration
- Attempts to fetch actual issues using 'gh issue list --label external-plugin'
- Tries multiple gh installation paths for Windows compatibility
- Falls back to demo data if gh CLI isn't accessible from extension subprocess
- Demo data now contains real external plugin issue titles from repository
- Maintains full functionality (Kanban board, drag-drop, modal details, PR links)

Note: gh CLI integration may require environment configuration on Windows.
The extension gracefully degrades to accurate demo data when live integration unavailable.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Implement external plugins Kanban board canvas with GitHub API integration

- Created external-plugins-board canvas extension with HTTP loopback server
- 4-column Kanban board layout (requires-submitter-fixes, ready-for-review, approved, rejected)
- Fetches real issues from github/awesome-copilot repository via GitHub REST API
- Click issues to view full details in modal (title, description, dates, labels, PR links)
- Drag-and-drop support for state transitions (future: update labels via API)
- Responsive design with theme variable integration for light/dark mode
- No hard-coded demo data - displays actual repository data

Resolved subprocess execution limitation:
- Extension subprocess is sandboxed and cannot execute system binaries (gh, cmd.exe, powershell.exe)
- Solution: Use GitHub REST API directly instead of gh CLI subprocess execution
- API calls work perfectly from within restricted subprocess environment

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Render issue body as markdown in board modal

- add marked dependency for markdown parsing\n- render issue body HTML in the modal\n- style markdown elements for readable theme-aware output\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-09 15:53:42 +10:00
Aaron Powell 0adac0dadd React to accepted rerun intake comments (#1948)
* React to rerun intake comments

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* some whitespace fixes

* more whitespace fixes

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-09 15:08:41 +10:00
Tim Mulholland 881690af58 Merge pull request #1912 from SanyamSavla/SanyamSavla/update-modernize-dotnet-1.0.1152-preview1 2026-06-07 23:20:46 -07:00
Aaron Powell d11fb21f3a Add workflow run link to external plugin intake comments (#1915)
* Add workflow run link to external plugin intake comments

- Include a link to the GitHub Actions workflow run in intake comment
- Helps users trace which action run generated the intake report
- Works for both initial intake and re-run intake flows
- Link appears at bottom of comment for all intake states (passed/failed/quality gates)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address PR review feedback on intake comment formatting

- Remove leading spaces from runLink construction to preserve markdown formatting
- Remove unnecessary newline prefix before runLink in quality gates section
- Move workflow run link to the very end of all comment types (after warnings)
- For merged intake comments, append link as final element
- Remove unused runId parameter from applyExternalPluginIntakeEvaluation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-04 12:30:39 -07:00
Sanyam Vipul Savla cfa33d6929 Update modernize-dotnet plugin to 1.0.1152-preview1 2026-06-03 16:16:22 -07:00