Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-02-20 02:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
awesome-copilot/hooks/governance-audit/audit-session-end.sh
Imran Siddique 32d8f7f622 fix: address Copilot PR review comments on governance-audit hook 
- Switch from colon to tab delimiter to handle colons in evidence text
- Base64-encode evidence to prevent parsing issues
- Use MAX_SEVERITY in log output and JSON events
- Narrow regex patterns to reduce false positives:
  - third[_-]?party instead of third.?party
  - Role reassignment scoped to AI terms
  - System prompt injection requires 'you are' context
- Fix session-end stats to scope to current session only
- Update privacy statement to clarify evidence snippets are logged
- Rename credential description to 'Possible hardcoded credential'
- Fix database destruction regex to also match semicolons

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-02-18 14:49:17 -08:00

49 lines
1.6 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# Governance Audit: Log session end with summary statistics
set -euo pipefail
if [[ "${SKIP_GOVERNANCE_AUDIT:-}" == "true" ]]; then
exit 0
fi
INPUT=$(cat)
mkdir -p logs/copilot/governance
TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
LOG_FILE="logs/copilot/governance/audit.log"
# Count events from this session (filter by session start timestamp)
TOTAL=0
THREATS=0
SESSION_START=""
if [[ -f "$LOG_FILE" ]]; then
# Find the last session_start event to scope stats to current session
SESSION_START=$(grep '"session_start"' "$LOG_FILE" 2>/dev/null | tail -1 | jq -r '.timestamp' 2>/dev/null || echo "")
if [[ -n "$SESSION_START" ]]; then
# Count events after session start
TOTAL=$(awk -v start="$SESSION_START" -F'"timestamp":"' '{split($2,a,"\""); if(a[1]>=start) count++} END{print count+0}' "$LOG_FILE" 2>/dev/null || echo 0)
THREATS=$(awk -v start="$SESSION_START" -F'"timestamp":"' '{split($2,a,"\""); if(a[1]>=start && /threat_detected/) count++} END{print count+0}' "$LOG_FILE" 2>/dev/null || echo 0)
else
TOTAL=$(wc -l < "$LOG_FILE" 2>/dev/null || echo 0)
THREATS=$(grep -c '"threat_detected"' "$LOG_FILE" 2>/dev/null || echo 0)
fi
fi
jq -Rn \
--arg timestamp "$TIMESTAMP" \
--argjson total "$TOTAL" \
--argjson threats "$THREATS" \
'{"timestamp":$timestamp,"event":"session_end","total_events":$total,"threats_detected":$threats}' \
>> "$LOG_FILE"
if [[ "$THREATS" -gt 0 ]]; then
echo "⚠️ Session ended: $THREATS threat(s) detected in $TOTAL events"
else
echo "✅ Session ended: $TOTAL events, no threats"
fi
exit 0
Reference in New Issue View Git Blame Copy Permalink