From 7f3ad2354fb651aa0d5e4bb1ff455b61523ce38f Mon Sep 17 00:00:00 2001 From: Bill Berry Date: Mon, 6 Apr 2026 21:12:28 -0700 Subject: [PATCH 1/4] feat(scripts): add maturity filtering and auto-generated artifact markers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - thread channel and maturity parameters through extension readme generation - add template markers to collection.md files with backward-compatible processing - add marker validation rules to collection validation pipeline - add unit tests for maturity filtering, marker handling, and marker validation šŸ”§ - Generated by Copilot --- collections/ado.collection.md | 4 + collections/coding-standards.collection.md | 4 + collections/data-science.collection.md | 4 + collections/design-thinking.collection.md | 4 + collections/experimental.collection.md | 4 + collections/github.collection.md | 4 + collections/gitlab.collection.md | 6 +- collections/hve-core-all.collection.md | 4 + collections/hve-core.collection.md | 4 + collections/installer.collection.md | 4 + collections/jira.collection.md | 6 +- collections/project-planning.collection.md | 4 + collections/rai-planning.collection.md | 4 + collections/security.collection.md | 18 +- plugins/ado/README.md | 4 + plugins/coding-standards/README.md | 4 + plugins/data-science/README.md | 4 + plugins/design-thinking/README.md | 4 + plugins/experimental/README.md | 4 + plugins/github/README.md | 4 + plugins/gitlab/README.md | 4 + plugins/hve-core-all/README.md | 4 + plugins/hve-core/README.md | 4 + plugins/installer/README.md | 4 + plugins/jira/README.md | 4 + plugins/project-planning/README.md | 4 + plugins/rai-planning/README.md | 4 + plugins/security/README.md | 4 + scripts/collections/Validate-Collections.ps1 | 20 ++ scripts/extension/Prepare-Extension.ps1 | 89 ++++++++- .../Validate-Collections.Tests.ps1 | 157 +++++++++++++++ .../extension/Prepare-Extension.Tests.ps1 | 182 ++++++++++++++++++ 32 files changed, 563 insertions(+), 15 deletions(-) diff --git a/collections/ado.collection.md b/collections/ado.collection.md index 7bbd2b5a8..14a238021 100644 --- a/collections/ado.collection.md +++ b/collections/ado.collection.md @@ -1,5 +1,7 @@ Manage Azure DevOps work items, monitor builds, create pull requests, and convert requirements documents into structured work item hierarchies ā€” all from within VS Code. + + This collection includes agents and prompts for: - **Work Item Management** ā€” Discover, create, update, and plan work items across ADO projects @@ -7,3 +9,5 @@ This collection includes agents and prompts for: - **Pull Request Creation** ā€” Generate PRs with linked work items and reviewer identification - **PRD-to-Work-Item Conversion** ā€” Transform Product Requirements Documents into ADO feature/user-story/task hierarchies - **Backlog Management** ā€” Orchestrated triage, discovery, sprint planning, and work item creation workflows through a central ADO Backlog Manager agent + + diff --git a/collections/coding-standards.collection.md b/collections/coding-standards.collection.md index 320ba0004..7c9c7ebfe 100644 --- a/collections/coding-standards.collection.md +++ b/collections/coding-standards.collection.md @@ -1,5 +1,7 @@ Enforce language-specific coding conventions and best practices across your projects, with pre-PR code review agents for catching functional defects early. This collection provides instructions for bash, Bicep, C#, PowerShell, Python, Rust, and Terraform that are automatically applied based on file patterns, plus agents that review branch diffs before opening pull requests. + + This collection includes: - **Code Review Functional** ā€” Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps @@ -15,3 +17,5 @@ Instructions for: - **Python** ā€” Scripting implementation with type hints, docstrings, uv project management, and pytest testing - **Rust** ā€” Rust development conventions targeting the 2021 edition - **Terraform** ā€” Infrastructure as code with provider configuration and module structure + + diff --git a/collections/data-science.collection.md b/collections/data-science.collection.md index 0b29c8c55..685f797d9 100644 --- a/collections/data-science.collection.md +++ b/collections/data-science.collection.md @@ -3,6 +3,8 @@ Generate data specifications, Jupyter notebooks, and Streamlit dashboards from n > [!CAUTION] > The RAI agents and prompts in this collection are **assistive tools only**. They do not replace qualified human review, organizational RAI review boards, or regulatory compliance programs. All AI-generated RAI artifacts **must** be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical risks, or produce recommendations that are incomplete or inappropriate for your context. + + This collection includes agents for: - **Data Specification Generation** ā€” Create structured data schemas and specifications from requirements @@ -10,3 +12,5 @@ This collection includes agents for: - **Streamlit Dashboard Generation** ā€” Create interactive dashboards from data sources - **Dashboard Testing** ā€” Comprehensive test suites for Streamlit applications - **RAI Planner** ā€” Responsible AI assessment with security model analysis, impact assessment, and dual-format backlog handoff + + diff --git a/collections/design-thinking.collection.md b/collections/design-thinking.collection.md index 8413ffd93..754ea25ed 100644 --- a/collections/design-thinking.collection.md +++ b/collections/design-thinking.collection.md @@ -2,6 +2,8 @@ Coaching identity, quality constraints, and methodology instructions for AI-enha > **Preview** ā€” Core features are complete and functional. Suitable for adoption with the understanding that refinements may follow. + + This collection includes agents, prompts, and instructions for: - **DT Start Project** ā€” Initializes a new Design Thinking coaching project with state file creation, frozen/fluid classification, and first Method 1 coaching interaction @@ -52,3 +54,5 @@ This collection includes agents, prompts, and instructions for: - **DT Curriculum Module 8: User Testing** ā€” Key concepts (leap-enabling vs leap-killing questions, non-linear iteration loops, behavior over opinions), task-based testing techniques, comprehension checks, and manufacturing practice exercises for teaching Method 8 - **DT Curriculum Module 9: Iteration at Scale** ā€” Key concepts (telemetry-driven enhancement, high-frequency pattern focus, incremental enhancement), production telemetry techniques, comprehension checks, and manufacturing practice exercises for teaching Method 9 - **DT Curriculum Scenario: Manufacturing** ā€” Factory floor improvement reference scenario (Meridian Components) with interview excerpts, observation data points, and test results used across all 9 curriculum modules for progressive learning exercises + + diff --git a/collections/experimental.collection.md b/collections/experimental.collection.md index 9d14cf645..dc624657f 100644 --- a/collections/experimental.collection.md +++ b/collections/experimental.collection.md @@ -1,7 +1,11 @@ Experimental and preview artifacts not yet promoted to stable collections. Items in this collection may change or be removed without notice. + + This collection includes agents, skills, and instructions for: - **Experiment Designer** ā€” Guides users through designing Minimum Viable Experiments (MVEs) with hypothesis formation, vetting, and structured experiment plans - **PowerPoint Builder** ā€” Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx - **Video to GIF** ā€” Convert video files to animated GIF format + + diff --git a/collections/github.collection.md b/collections/github.collection.md index 25a62557b..9f3df97d1 100644 --- a/collections/github.collection.md +++ b/collections/github.collection.md @@ -1,8 +1,12 @@ Manage GitHub issue backlogs with agents for discovery, triage, sprint planning, and execution. This collection brings structured backlog management workflows directly into VS Code. + + This collection includes agents and prompts for: - **Issue Discovery** ā€” Find and analyze issues across repositories with duplicate detection - **Triage** ā€” Automated label suggestion, milestone assignment, and priority assessment - **Sprint Planning** ā€” Organize issues into sprints with effort estimation - **Backlog Execution** ā€” Execute planned operations against issue backlogs + + diff --git a/collections/gitlab.collection.md b/collections/gitlab.collection.md index 1b65ff6af..29403a201 100644 --- a/collections/gitlab.collection.md +++ b/collections/gitlab.collection.md @@ -1,5 +1,9 @@ Use GitLab merge request and pipeline workflows from VS Code through a focused Python skill for inspecting merge requests, posting notes, triggering pipelines, and reading job logs. + + This collection includes: -- **GitLab Skill** - List and inspect merge requests, create or update merge requests, add notes, inspect pipelines, list jobs, and fetch job logs \ No newline at end of file +- **GitLab Skill** - List and inspect merge requests, create or update merge requests, add notes, inspect pipelines, list jobs, and fetch job logs + + \ No newline at end of file diff --git a/collections/hve-core-all.collection.md b/collections/hve-core-all.collection.md index 7e39b00fa..5c28f86ac 100644 --- a/collections/hve-core-all.collection.md +++ b/collections/hve-core-all.collection.md @@ -5,6 +5,8 @@ Use this edition when you want access to everything without choosing a focused c > [!CAUTION] > This collection includes security, responsible AI, and supply chain security agents and prompts that are **assistive tools only**. They do not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated security and compliance artifacts **must** be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment. + + Code review agents included (via coding-standards collection): - **Code Review Functional** ā€” Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps @@ -33,3 +35,5 @@ Skills included: - **Jira Integration** ā€” Jira backlog discovery, triage, execution, and PRD planning workflows backed by Jira issue operations and field discovery - **PR Reference** ā€” Generates PR reference XML files with commit history and diffs for pull request workflows - **Video to GIF** ā€” Converts video files to optimized GIF animations using FFmpeg two-pass palette optimization + + diff --git a/collections/hve-core.collection.md b/collections/hve-core.collection.md index 7ab6ae7e8..e24bb4439 100644 --- a/collections/hve-core.collection.md +++ b/collections/hve-core.collection.md @@ -1,5 +1,7 @@ HVE Core provides the flagship RPI (Research, Plan, Implement, Review) workflow for completing complex tasks through a structured four-phase process. The RPI workflow dispatches specialized agents that collaborate autonomously to deliver well-researched, planned, and validated implementations. This collection also includes Git workflow prompts for commit messages, merge operations, repository setup, and pull request management. + + This collection includes agents for: - **RPI Agent** ā€” Autonomous orchestrator that drives the full four-phase workflow @@ -28,3 +30,5 @@ Supporting subagents included: Skills included: - **PR Reference** ā€” Generates PR reference XML files with commit history and diffs for pull request workflows + + diff --git a/collections/installer.collection.md b/collections/installer.collection.md index 7a65d0e0e..09eba2799 100644 --- a/collections/installer.collection.md +++ b/collections/installer.collection.md @@ -1,5 +1,9 @@ Deploy HVE Core artifacts across workspace configurations with the hve-core-installer skill. This collection provides decision-driven setup for selecting and installing collections, agents, prompts, and instructions via the VS Code extension or clone-based methods. + + This collection includes skills for: - **HVE Core Installer** ā€” Decision-driven installer that deploys selected HVE Core artifacts into target workspaces + + diff --git a/collections/jira.collection.md b/collections/jira.collection.md index 3fa2b4190..a48d32b73 100644 --- a/collections/jira.collection.md +++ b/collections/jira.collection.md @@ -1,9 +1,13 @@ Manage Jira backlog workflows and PRD-driven issue planning from VS Code. This collection adds dedicated Jira agents, prompts, and instructions on top of the Jira skill so discovery, triage, execution, and planning workflows use the same tracking and handoff patterns as the rest of HVE Core. + + This collection includes: - A Jira Backlog Manager agent for discovery, triage, execution, and single-issue backlog actions - A Jira PRD to WIT planning agent for converting requirements documents into Jira-ready issue hierarchies - Jira prompts for backlog discovery, triage, execution, and PRD planning workflows - Jira planning instructions for discovery, triage, execution, and PRD handoff artifacts -- The Jira skill for JQL search, issue inspection, creation, updates, transitions, comments, and field discovery \ No newline at end of file +- The Jira skill for JQL search, issue inspection, creation, updates, transitions, comments, and field discovery + + \ No newline at end of file diff --git a/collections/project-planning.collection.md b/collections/project-planning.collection.md index afbc8f8f9..db189c2ee 100644 --- a/collections/project-planning.collection.md +++ b/collections/project-planning.collection.md @@ -1,5 +1,7 @@ Create architecture decision records, requirements documents, and diagrams ā€” all through guided AI workflows. Evaluate AI-powered systems against Responsible AI standards and conduct STRIDE-based security model analysis with automated backlog generation. + + This collection includes agents for: - **Agile Coach** ā€” Create or refine goal-oriented user stories with clear acceptance criteria @@ -22,3 +24,5 @@ Supporting subagents included: - **Phase Implementor** ā€” Executes a single implementation phase from a plan with full codebase access and change tracking - **RPI Validator** ā€” Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents - **Implementation Validator** ā€” Validates implementation quality against architectural requirements, design principles, and code standards + + diff --git a/collections/rai-planning.collection.md b/collections/rai-planning.collection.md index 18db0b4e6..497c27182 100644 --- a/collections/rai-planning.collection.md +++ b/collections/rai-planning.collection.md @@ -3,6 +3,8 @@ Assess AI systems for responsible AI risks using structured standards-aligned an > [!CAUTION] > The RAI agents and prompts in this collection are **assistive tools only**. They do not replace qualified human review, organizational RAI review boards, or regulatory compliance programs. All AI-generated RAI artifacts **must** be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical risks, or produce recommendations that are incomplete or inappropriate for your context. + + This collection includes agents and prompts for: - **RAI Assessment** ā€” Conduct structured responsible AI assessments aligned to Microsoft RAI Standard v2 and NIST AI RMF @@ -10,6 +12,8 @@ This collection includes agents and prompts for: - **Security Model Analysis** ā€” Identify AI-specific threats using extended STRIDE methodology with ML-specific attack patterns - **Backlog Handoff** ā€” Generate prioritized RAI work items in ADO or GitHub formats + + ## Prerequisites The RAI Planner works as a standalone agent but produces the best results when paired with the **Security Planner** collection. Running a security assessment first provides threat context that enriches RAI impact analysis. diff --git a/collections/security.collection.md b/collections/security.collection.md index debccd3ac..8b360022d 100644 --- a/collections/security.collection.md +++ b/collections/security.collection.md @@ -3,6 +3,8 @@ Security review, planning, incident response, risk assessment, vulnerability ana > [!CAUTION] > The security agents and prompts in this collection are **assistive tools only**. They do not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated security artifacts **must** be reviewed and validated by qualified security professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment. + + This collection includes agents and prompts for: - **Security Plan Creation** - Generate threat models and security architecture documents @@ -24,10 +26,12 @@ Supporting subagents included: Skills included: -- **OWASP Top 10** - OWASP Top 10 for Web Applications (2025) vulnerability knowledge base -- **OWASP LLM Top 10** - OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base -- **OWASP Agentic Top 10** - OWASP Agentic Security Top 10 vulnerability knowledge base for AI agent systems -- **OWASP MCP Top 10** - OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments -- **OWASP Infrastructure Top 10** - OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments -- **OWASP CI/CD Top 10** - OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments -- **Security Reviewer Formats** - Format specifications and data contracts for the security reviewer orchestrator and its subagents +- **OWASP Top 10** ā€” OWASP Top 10 for Web Applications (2025) vulnerability knowledge base +- **OWASP LLM Top 10** ā€” OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base +- **OWASP Agentic Top 10** ā€” OWASP Agentic Security Top 10 vulnerability knowledge base for AI agent systems +- **OWASP MCP Top 10** ā€” OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments +- **OWASP Infrastructure Top 10** ā€” OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments +- **OWASP CI/CD Top 10** ā€” OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments +- **Security Reviewer Formats** ā€” Format specifications and data contracts for the security reviewer orchestrator and its subagents + + diff --git a/plugins/ado/README.md b/plugins/ado/README.md index d1cd252a8..3826c691b 100644 --- a/plugins/ado/README.md +++ b/plugins/ado/README.md @@ -7,6 +7,8 @@ Azure DevOps work item management, build monitoring, and pull request creation Manage Azure DevOps work items, monitor builds, create pull requests, and convert requirements documents into structured work item hierarchies ā€” all from within VS Code. + + This collection includes agents and prompts for: - **Work Item Management** ā€” Discover, create, update, and plan work items across ADO projects @@ -15,6 +17,8 @@ This collection includes agents and prompts for: - **PRD-to-Work-Item Conversion** ā€” Transform Product Requirements Documents into ADO feature/user-story/task hierarchies - **Backlog Management** ā€” Orchestrated triage, discovery, sprint planning, and work item creation workflows through a central ADO Backlog Manager agent + + ## Install ```bash diff --git a/plugins/coding-standards/README.md b/plugins/coding-standards/README.md index b550aa225..072ef72e9 100644 --- a/plugins/coding-standards/README.md +++ b/plugins/coding-standards/README.md @@ -7,6 +7,8 @@ Language-specific coding instructions and pre-PR code review agents for bash, Bi Enforce language-specific coding conventions and best practices across your projects, with pre-PR code review agents for catching functional defects early. This collection provides instructions for bash, Bicep, C#, PowerShell, Python, Rust, and Terraform that are automatically applied based on file patterns, plus agents that review branch diffs before opening pull requests. + + This collection includes: - **Code Review Functional** ā€” Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps @@ -23,6 +25,8 @@ Instructions for: - **Rust** ā€” Rust development conventions targeting the 2021 edition - **Terraform** ā€” Infrastructure as code with provider configuration and module structure + + ## Install ```bash diff --git a/plugins/data-science/README.md b/plugins/data-science/README.md index d34be2bb0..5d0067483 100644 --- a/plugins/data-science/README.md +++ b/plugins/data-science/README.md @@ -13,6 +13,8 @@ Generate data specifications, Jupyter notebooks, and Streamlit dashboards from n > [!CAUTION] > The RAI agents and prompts in this collection are **assistive tools only**. They do not replace qualified human review, organizational RAI review boards, or regulatory compliance programs. All AI-generated RAI artifacts **must** be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical risks, or produce recommendations that are incomplete or inappropriate for your context. + + This collection includes agents for: - **Data Specification Generation** ā€” Create structured data schemas and specifications from requirements @@ -21,6 +23,8 @@ This collection includes agents for: - **Dashboard Testing** ā€” Comprehensive test suites for Streamlit applications - **RAI Planner** ā€” Responsible AI assessment with security model analysis, impact assessment, and dual-format backlog handoff + + ## Install ```bash diff --git a/plugins/design-thinking/README.md b/plugins/design-thinking/README.md index 665720cb7..ac03cd04f 100644 --- a/plugins/design-thinking/README.md +++ b/plugins/design-thinking/README.md @@ -11,6 +11,8 @@ Coaching identity, quality constraints, and methodology instructions for AI-enha > **Preview** ā€” Core features are complete and functional. Suitable for adoption with the understanding that refinements may follow. + + This collection includes agents, prompts, and instructions for: - **DT Start Project** ā€” Initializes a new Design Thinking coaching project with state file creation, frozen/fluid classification, and first Method 1 coaching interaction @@ -62,6 +64,8 @@ This collection includes agents, prompts, and instructions for: - **DT Curriculum Module 9: Iteration at Scale** ā€” Key concepts (telemetry-driven enhancement, high-frequency pattern focus, incremental enhancement), production telemetry techniques, comprehension checks, and manufacturing practice exercises for teaching Method 9 - **DT Curriculum Scenario: Manufacturing** ā€” Factory floor improvement reference scenario (Meridian Components) with interview excerpts, observation data points, and test results used across all 9 curriculum modules for progressive learning exercises + + ## Install ```bash diff --git a/plugins/experimental/README.md b/plugins/experimental/README.md index 0e8fe47b9..a59aa43fc 100644 --- a/plugins/experimental/README.md +++ b/plugins/experimental/README.md @@ -9,12 +9,16 @@ Experimental and preview artifacts not yet promoted to stable collections Experimental and preview artifacts not yet promoted to stable collections. Items in this collection may change or be removed without notice. + + This collection includes agents, skills, and instructions for: - **Experiment Designer** ā€” Guides users through designing Minimum Viable Experiments (MVEs) with hypothesis formation, vetting, and structured experiment plans - **PowerPoint Builder** ā€” Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx - **Video to GIF** ā€” Convert video files to animated GIF format + + ## Install ```bash diff --git a/plugins/github/README.md b/plugins/github/README.md index c7c39da23..df28bb521 100644 --- a/plugins/github/README.md +++ b/plugins/github/README.md @@ -7,6 +7,8 @@ GitHub issue discovery, triage, sprint planning, and backlog execution agents an Manage GitHub issue backlogs with agents for discovery, triage, sprint planning, and execution. This collection brings structured backlog management workflows directly into VS Code. + + This collection includes agents and prompts for: - **Issue Discovery** ā€” Find and analyze issues across repositories with duplicate detection @@ -14,6 +16,8 @@ This collection includes agents and prompts for: - **Sprint Planning** ā€” Organize issues into sprints with effort estimation - **Backlog Execution** ā€” Execute planned operations against issue backlogs + + ## Install ```bash diff --git a/plugins/gitlab/README.md b/plugins/gitlab/README.md index 36ed4a578..a8563a267 100644 --- a/plugins/gitlab/README.md +++ b/plugins/gitlab/README.md @@ -7,10 +7,14 @@ GitLab merge request and pipeline workflows through a Python skill Use GitLab merge request and pipeline workflows from VS Code through a focused Python skill for inspecting merge requests, posting notes, triggering pipelines, and reading job logs. + + This collection includes: - **GitLab Skill** - List and inspect merge requests, create or update merge requests, add notes, inspect pipelines, list jobs, and fetch job logs + + ## Install ```bash diff --git a/plugins/hve-core-all/README.md b/plugins/hve-core-all/README.md index 204abb487..54c79b0d9 100644 --- a/plugins/hve-core-all/README.md +++ b/plugins/hve-core-all/README.md @@ -12,6 +12,8 @@ Use this edition when you want access to everything without choosing a focused c > [!CAUTION] > This collection includes security, responsible AI, and supply chain security agents and prompts that are **assistive tools only**. They do not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated security and compliance artifacts **must** be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment. + + Code review agents included (via coding-standards collection): - **Code Review Functional** ā€” Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps @@ -41,6 +43,8 @@ Skills included: - **PR Reference** ā€” Generates PR reference XML files with commit history and diffs for pull request workflows - **Video to GIF** ā€” Converts video files to optimized GIF animations using FFmpeg two-pass palette optimization + + ## Install ```bash diff --git a/plugins/hve-core/README.md b/plugins/hve-core/README.md index 556bd2892..1a2e26c53 100644 --- a/plugins/hve-core/README.md +++ b/plugins/hve-core/README.md @@ -7,6 +7,8 @@ HVE Core RPI (Research, Plan, Implement, Review) workflow with Git commit, merge HVE Core provides the flagship RPI (Research, Plan, Implement, Review) workflow for completing complex tasks through a structured four-phase process. The RPI workflow dispatches specialized agents that collaborate autonomously to deliver well-researched, planned, and validated implementations. This collection also includes Git workflow prompts for commit messages, merge operations, repository setup, and pull request management. + + This collection includes agents for: - **RPI Agent** ā€” Autonomous orchestrator that drives the full four-phase workflow @@ -36,6 +38,8 @@ Skills included: - **PR Reference** ā€” Generates PR reference XML files with commit history and diffs for pull request workflows + + ## Install ```bash diff --git a/plugins/installer/README.md b/plugins/installer/README.md index e921b9265..b71577a38 100644 --- a/plugins/installer/README.md +++ b/plugins/installer/README.md @@ -7,10 +7,14 @@ Decision-driven installer skill for deploying HVE Core artifacts across workspac Deploy HVE Core artifacts across workspace configurations with the hve-core-installer skill. This collection provides decision-driven setup for selecting and installing collections, agents, prompts, and instructions via the VS Code extension or clone-based methods. + + This collection includes skills for: - **HVE Core Installer** ā€” Decision-driven installer that deploys selected HVE Core artifacts into target workspaces + + ## Install ```bash diff --git a/plugins/jira/README.md b/plugins/jira/README.md index e21566a78..fe7339fc6 100644 --- a/plugins/jira/README.md +++ b/plugins/jira/README.md @@ -7,6 +7,8 @@ Jira backlog management, PRD issue planning, and issue operations through agents Manage Jira backlog workflows and PRD-driven issue planning from VS Code. This collection adds dedicated Jira agents, prompts, and instructions on top of the Jira skill so discovery, triage, execution, and planning workflows use the same tracking and handoff patterns as the rest of HVE Core. + + This collection includes: - A Jira Backlog Manager agent for discovery, triage, execution, and single-issue backlog actions @@ -15,6 +17,8 @@ This collection includes: - Jira planning instructions for discovery, triage, execution, and PRD handoff artifacts - The Jira skill for JQL search, issue inspection, creation, updates, transitions, comments, and field discovery + + ## Install ```bash diff --git a/plugins/project-planning/README.md b/plugins/project-planning/README.md index 95a9976b8..2f622b905 100644 --- a/plugins/project-planning/README.md +++ b/plugins/project-planning/README.md @@ -7,6 +7,8 @@ PRDs, BRDs, ADRs, and architecture diagrams Create architecture decision records, requirements documents, and diagrams ā€” all through guided AI workflows. Evaluate AI-powered systems against Responsible AI standards and conduct STRIDE-based security model analysis with automated backlog generation. + + This collection includes agents for: - **Agile Coach** ā€” Create or refine goal-oriented user stories with clear acceptance criteria @@ -30,6 +32,8 @@ Supporting subagents included: - **RPI Validator** ā€” Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents - **Implementation Validator** ā€” Validates implementation quality against architectural requirements, design principles, and code standards + + ## Install ```bash diff --git a/plugins/rai-planning/README.md b/plugins/rai-planning/README.md index 3f9bf2150..f658a10b7 100644 --- a/plugins/rai-planning/README.md +++ b/plugins/rai-planning/README.md @@ -15,6 +15,8 @@ Assess AI systems for responsible AI risks using structured standards-aligned an > [!CAUTION] > The RAI agents and prompts in this collection are **assistive tools only**. They do not replace qualified human review, organizational RAI review boards, or regulatory compliance programs. All AI-generated RAI artifacts **must** be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical risks, or produce recommendations that are incomplete or inappropriate for your context. + + This collection includes agents and prompts for: - **RAI Assessment** ā€” Conduct structured responsible AI assessments aligned to Microsoft RAI Standard v2 and NIST AI RMF @@ -22,6 +24,8 @@ This collection includes agents and prompts for: - **Security Model Analysis** ā€” Identify AI-specific threats using extended STRIDE methodology with ML-specific attack patterns - **Backlog Handoff** ā€” Generate prioritized RAI work items in ADO or GitHub formats + + ## Prerequisites The RAI Planner works as a standalone agent but produces the best results when paired with the **Security Planner** collection. Running a security assessment first provides threat context that enriches RAI impact analysis. diff --git a/plugins/security/README.md b/plugins/security/README.md index bdad67561..c666e51b7 100644 --- a/plugins/security/README.md +++ b/plugins/security/README.md @@ -13,6 +13,8 @@ Security review, planning, incident response, risk assessment, vulnerability ana > [!CAUTION] > The security agents and prompts in this collection are **assistive tools only**. They do not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated security artifacts **must** be reviewed and validated by qualified security professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment. + + This collection includes agents and prompts for: - **Security Plan Creation** - Generate threat models and security architecture documents @@ -42,6 +44,8 @@ Skills included: - **OWASP CI/CD Top 10** - OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - **Security Reviewer Formats** - Format specifications and data contracts for the security reviewer orchestrator and its subagents + + ## Install ```bash diff --git a/scripts/collections/Validate-Collections.ps1 b/scripts/collections/Validate-Collections.ps1 index cd43f3e8c..176fd62f4 100644 --- a/scripts/collections/Validate-Collections.ps1 +++ b/scripts/collections/Validate-Collections.ps1 @@ -171,6 +171,26 @@ function Invoke-CollectionValidation { Write-Host " WARN $($file.Name): missing companion '$baseName.collection.md'" -ForegroundColor Yellow } + if (Test-Path -Path $companionPath) { + $mdContent = Get-Content -Path $companionPath -Raw + $beginMarker = '' + $endMarker = '' + $hasBegin = $mdContent.Contains($beginMarker) + $hasEnd = $mdContent.Contains($endMarker) + + if ($hasBegin -xor $hasEnd) { + Write-Host " WARN $($file.Name): $baseName.collection.md has mismatched auto-generation markers" -ForegroundColor Yellow + } + + if ($hasBegin -and $hasEnd) { + $beginIdx = $mdContent.IndexOf($beginMarker) + $endIdx = $mdContent.IndexOf($endMarker) + if ($endIdx -le $beginIdx) { + Write-Host " WARN $($file.Name): $baseName.collection.md has markers in wrong order" -ForegroundColor Yellow + } + } + } + $manifest = Get-CollectionManifest -CollectionPath $file.FullName $fileErrors = @() $seenItemKeys = @{} diff --git a/scripts/extension/Prepare-Extension.ps1 b/scripts/extension/Prepare-Extension.ps1 index f67fc10c0..a8073bb05 100644 --- a/scripts/extension/Prepare-Extension.ps1 +++ b/scripts/extension/Prepare-Extension.ps1 @@ -224,6 +224,8 @@ function Invoke-ExtensionCollectionsGeneration { files are removed. .PARAMETER RepoRoot Repository root path containing collections/ and extension/templates/. + .PARAMETER Channel + Release channel controlling maturity filtering for README generation. .OUTPUTS [string[]] Array of generated file paths. #> @@ -231,12 +233,17 @@ function Invoke-ExtensionCollectionsGeneration { [OutputType([string[]])] param( [Parameter(Mandatory = $true)] - [string]$RepoRoot + [string]$RepoRoot, + + [ValidateSet('Stable', 'PreRelease')] + [string]$Channel = 'Stable' ) $collectionsDir = Join-Path $RepoRoot 'collections' $templatesDir = Join-Path $RepoRoot 'extension/templates' + $allowedMaturities = Get-AllowedMaturities -Channel $Channel + $packageTemplatePath = Join-Path $templatesDir 'package.template.json' if (-not (Test-Path $packageTemplatePath)) { @@ -317,7 +324,7 @@ function Invoke-ExtensionCollectionsGeneration { default { Join-Path $RepoRoot "extension/README.$collectionId.md" } } - New-CollectionReadme -Collection $collection -CollectionMdPath $collectionMdPath -TemplatePath $readmeTemplatePath -RepoRoot $RepoRoot -OutputPath $readmePath + New-CollectionReadme -Collection $collection -CollectionMdPath $collectionMdPath -TemplatePath $readmeTemplatePath -RepoRoot $RepoRoot -OutputPath $readmePath -AllowedMaturities $allowedMaturities } return $expectedFiles @@ -368,6 +375,45 @@ function Get-ArtifactDescription { return '' } +function Split-CollectionMdByMarkers { + <# + .SYNOPSIS + Splits collection.md content at auto-generation markers. + #> + param( + [Parameter(Mandatory)] + [string]$Content + ) + + $beginMarker = '' + $endMarker = '' + + $beginIdx = $Content.IndexOf($beginMarker) + $endIdx = $Content.IndexOf($endMarker) + + if ($beginIdx -lt 0 -or $endIdx -lt 0 -or $endIdx -le $beginIdx) { + return @{ + HasMarkers = $false + Intro = $Content + Existing = '' + Footer = '' + } + } + + $intro = $Content.Substring(0, $beginIdx).TrimEnd() + $endMarkerEnd = $endIdx + $endMarker.Length + $footer = if ($endMarkerEnd -lt $Content.Length) { + $Content.Substring($endMarkerEnd).TrimStart("`r", "`n") + } else { '' } + + return @{ + HasMarkers = $true + Intro = $intro + Existing = '' + Footer = $footer + } +} + function New-CollectionReadme { <# .SYNOPSIS @@ -388,6 +434,8 @@ function New-CollectionReadme { Repository root path for resolving artifact file paths. .PARAMETER OutputPath Destination path for the generated README. + .PARAMETER AllowedMaturities + Maturity levels to include in artifact tables. Defaults to stable only. #> [CmdletBinding()] param( @@ -404,7 +452,9 @@ function New-CollectionReadme { [string]$RepoRoot, [Parameter(Mandatory = $true)] - [string]$OutputPath + [string]$OutputPath, + + [string[]]$AllowedMaturities = @('stable') ) $collectionId = [string]$Collection.id @@ -423,7 +473,17 @@ function New-CollectionReadme { '> **āš ļø Experimental** ā€” This collection is experimental and available only in the Pre-Release channel. Contents may change or be removed without notice.' } else { '' } - $bodyContent = (Get-Content -Path $CollectionMdPath -Raw).Trim() + $bodyContent = Get-Content -Path $CollectionMdPath -Raw + $parsed = Split-CollectionMdByMarkers -Content $bodyContent + + if ($parsed.HasMarkers) { + $bodyForTemplate = $parsed.Intro + if (-not [string]::IsNullOrWhiteSpace($parsed.Footer)) { + $bodyForTemplate = $bodyForTemplate + "`n`n" + $parsed.Footer.TrimEnd() + } + } else { + $bodyForTemplate = $bodyContent.Trim() + } # Collect artifacts with descriptions grouped by kind $agents = @() @@ -436,6 +496,10 @@ function New-CollectionReadme { if (-not $item.ContainsKey('kind') -or -not $item.ContainsKey('path')) { continue } + $maturity = Resolve-CollectionItemMaturity -Maturity $item.maturity + if ($AllowedMaturities -and $AllowedMaturities -notcontains $maturity) { + continue + } $kind = [string]$item.kind $path = [string]$item.path $artifactName = Get-CollectionArtifactKey -Kind $kind -Path $path @@ -478,6 +542,19 @@ function New-CollectionReadme { $null = $artifactSections.AppendLine() } + # Write back updated artifact section into collection.md when markers are present + if ($parsed.HasMarkers) { + $beginMarker = '' + $endMarker = '' + $generatedBlock = $artifactSections.ToString().TrimEnd() + $updatedCollectionMd = "$($parsed.Intro)`n`n$beginMarker`n`n$generatedBlock`n`n$endMarker" + if (-not [string]::IsNullOrWhiteSpace($parsed.Footer)) { + $updatedCollectionMd += "`n`n$($parsed.Footer.TrimEnd())" + } + $updatedCollectionMd += "`n" + Set-ContentIfChanged -Path $CollectionMdPath -Value $updatedCollectionMd + } + $fullEdition = if ($collectionId -notin @('hve-core', 'hve-core-all')) { "## Full Edition`n`nLooking for more agents covering additional domains? Check out the full [HVE Core](https://marketplace.visualstudio.com/items?itemName=ise-hve-essentials.hve-core) extension." } @@ -491,7 +568,7 @@ function New-CollectionReadme { -replace '\{\{DISPLAY_NAME\}\}', $displayName ` -replace '\{\{DESCRIPTION\}\}', $description ` -replace '\{\{MATURITY_NOTICE\}\}', $maturityNotice ` - -replace '\{\{BODY\}\}', $bodyContent ` + -replace '\{\{BODY\}\}', $bodyForTemplate ` -replace '\{\{ARTIFACTS\}\}', $artifactSections.ToString().TrimEnd() ` -replace '\{\{FULL_EDITION\}\}', $fullEdition @@ -1521,7 +1598,7 @@ function Invoke-PrepareExtension { # This ensures extension/package.json and extension/package.*.json exist # with the correct version from the template before any reads occur. try { - $generated = Invoke-ExtensionCollectionsGeneration -RepoRoot $RepoRoot + $generated = Invoke-ExtensionCollectionsGeneration -RepoRoot $RepoRoot -Channel $Channel Write-Host "Generated $($generated.Count) collection package file(s)" -ForegroundColor Green } catch { diff --git a/scripts/tests/collections/Validate-Collections.Tests.ps1 b/scripts/tests/collections/Validate-Collections.Tests.ps1 index 576486144..f0f0a87be 100644 --- a/scripts/tests/collections/Validate-Collections.Tests.ps1 +++ b/scripts/tests/collections/Validate-Collections.Tests.ps1 @@ -817,3 +817,160 @@ Describe 'Invoke-CollectionValidation - new checks' { $result.ErrorCount | Should -Be 0 } } + +Describe 'Invoke-CollectionValidation - marker validation' -Tag 'Unit' { + BeforeAll { + $script:repoRoot = Join-Path $TestDrive 'marker-validation' + $script:collectionsDir = Join-Path $script:repoRoot 'collections' + # Create artifact directories + $agentsDir = Join-Path $script:repoRoot '.github/agents/test' + New-Item -ItemType Directory -Path $agentsDir -Force | Out-Null + Set-Content -Path (Join-Path $agentsDir 'a.agent.md') -Value '---' -Force + $orphanDir = Join-Path $script:repoRoot '.github/agents/orphan' + New-Item -ItemType Directory -Path $orphanDir -Force | Out-Null + Set-Content -Path (Join-Path $orphanDir 'orphan.agent.md') -Value '---' -Force + } + + BeforeEach { + if (Test-Path $script:collectionsDir) { + Remove-Item -Path $script:collectionsDir -Recurse -Force + } + New-Item -ItemType Directory -Path $script:collectionsDir -Force | Out-Null + } + + It 'Passes when collection.md has valid matched marker pairs' { + $manifest = [ordered]@{ + id = 'valid-markers'; name = 'Valid Markers'; description = 'Matched markers' + items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) + } + Set-Content -Path (Join-Path $script:collectionsDir 'valid-markers.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) + $mdContent = @" +# Valid Markers + + +Generated content. + +"@ + Set-Content -Path (Join-Path $script:collectionsDir 'valid-markers.collection.md') -Value $mdContent + $canonical = [ordered]@{ + id = 'hve-core-all'; name = 'All'; description = 'Canonical' + items = @( + [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, + [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } + ) + } + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.yml') -Value (ConvertTo-Yaml -Data $canonical) + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.md') -Value '# All' + + $result = Invoke-CollectionValidation -RepoRoot $script:repoRoot + $result.Success | Should -BeTrue + $result.ErrorCount | Should -Be 0 + } + + It 'Warns but passes when begin marker exists without end marker' { + $manifest = [ordered]@{ + id = 'begin-only'; name = 'Begin Only'; description = 'Missing end' + items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) + } + Set-Content -Path (Join-Path $script:collectionsDir 'begin-only.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) + $mdContent = @" +# Begin Only + + +Content without end marker. +"@ + Set-Content -Path (Join-Path $script:collectionsDir 'begin-only.collection.md') -Value $mdContent + $canonical = [ordered]@{ + id = 'hve-core-all'; name = 'All'; description = 'Canonical' + items = @( + [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, + [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } + ) + } + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.yml') -Value (ConvertTo-Yaml -Data $canonical) + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.md') -Value '# All' + + $result = Invoke-CollectionValidation -RepoRoot $script:repoRoot + $result.Success | Should -BeTrue + $result.ErrorCount | Should -Be 0 + } + + It 'Warns but passes when end marker exists without begin marker' { + $manifest = [ordered]@{ + id = 'end-only'; name = 'End Only'; description = 'Missing begin' + items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) + } + Set-Content -Path (Join-Path $script:collectionsDir 'end-only.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) + $mdContent = @" +# End Only + +Content without begin marker. + +"@ + Set-Content -Path (Join-Path $script:collectionsDir 'end-only.collection.md') -Value $mdContent + $canonical = [ordered]@{ + id = 'hve-core-all'; name = 'All'; description = 'Canonical' + items = @( + [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, + [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } + ) + } + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.yml') -Value (ConvertTo-Yaml -Data $canonical) + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.md') -Value '# All' + + $result = Invoke-CollectionValidation -RepoRoot $script:repoRoot + $result.Success | Should -BeTrue + $result.ErrorCount | Should -Be 0 + } + + It 'Does not warn when collection.md has no markers (backward compat)' { + $manifest = [ordered]@{ + id = 'no-markers'; name = 'No Markers'; description = 'Legacy no markers' + items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) + } + Set-Content -Path (Join-Path $script:collectionsDir 'no-markers.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) + Set-Content -Path (Join-Path $script:collectionsDir 'no-markers.collection.md') -Value '# No Markers - legacy content without any markers' + $canonical = [ordered]@{ + id = 'hve-core-all'; name = 'All'; description = 'Canonical' + items = @( + [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, + [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } + ) + } + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.yml') -Value (ConvertTo-Yaml -Data $canonical) + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.md') -Value '# All' + + $result = Invoke-CollectionValidation -RepoRoot $script:repoRoot + $result.Success | Should -BeTrue + $result.ErrorCount | Should -Be 0 + } + + It 'Warns but passes when markers appear in wrong order' { + $manifest = [ordered]@{ + id = 'reversed'; name = 'Reversed'; description = 'Wrong order' + items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) + } + Set-Content -Path (Join-Path $script:collectionsDir 'reversed.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) + $mdContent = @" +# Reversed + + +Content. + +"@ + Set-Content -Path (Join-Path $script:collectionsDir 'reversed.collection.md') -Value $mdContent + $canonical = [ordered]@{ + id = 'hve-core-all'; name = 'All'; description = 'Canonical' + items = @( + [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, + [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } + ) + } + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.yml') -Value (ConvertTo-Yaml -Data $canonical) + Set-Content -Path (Join-Path $script:collectionsDir 'hve-core-all.collection.md') -Value '# All' + + $result = Invoke-CollectionValidation -RepoRoot $script:repoRoot + $result.Success | Should -BeTrue + $result.ErrorCount | Should -Be 0 + } +} diff --git a/scripts/tests/extension/Prepare-Extension.Tests.ps1 b/scripts/tests/extension/Prepare-Extension.Tests.ps1 index 8933289df..0eb3fa580 100644 --- a/scripts/tests/extension/Prepare-Extension.Tests.ps1 +++ b/scripts/tests/extension/Prepare-Extension.Tests.ps1 @@ -467,6 +467,188 @@ description: "My skill description" $content | Should -Match '# HVE Core - No Description' $content | Should -Match 'No description body' } + + Context 'Maturity filtering' { + It 'Excludes experimental items when AllowedMaturities contains only stable' { + $collection = @{ + id = 'maturity-test' + name = 'Maturity Test' + description = 'Maturity filtering test' + items = @( + @{ kind = 'agent'; path = '.github/agents/alpha.agent.md'; maturity = 'stable' }, + @{ kind = 'agent'; path = '.github/agents/zebra.agent.md'; maturity = 'experimental' } + ) + } + $mdPath = Join-Path $script:tempDir 'maturity-filter.collection.md' + 'Maturity body.' | Set-Content -Path $mdPath + $outPath = Join-Path $script:tempDir 'README.maturity-filter.md' + + New-CollectionReadme -Collection $collection -CollectionMdPath $mdPath -TemplatePath $script:templatePath -RepoRoot $script:tempDir -OutputPath $outPath -AllowedMaturities @('stable') + + $content = Get-Content -Path $outPath -Raw + $content | Should -Match 'alpha' + $content | Should -Not -Match 'zebra' + } + + It 'Includes experimental items when AllowedMaturities allows them' { + $collection = @{ + id = 'maturity-test2' + name = 'Maturity Test 2' + description = 'Maturity filtering test' + items = @( + @{ kind = 'agent'; path = '.github/agents/alpha.agent.md'; maturity = 'stable' }, + @{ kind = 'agent'; path = '.github/agents/zebra.agent.md'; maturity = 'experimental' } + ) + } + $mdPath = Join-Path $script:tempDir 'maturity-all.collection.md' + 'All maturity body.' | Set-Content -Path $mdPath + $outPath = Join-Path $script:tempDir 'README.maturity-all.md' + + New-CollectionReadme -Collection $collection -CollectionMdPath $mdPath -TemplatePath $script:templatePath -RepoRoot $script:tempDir -OutputPath $outPath -AllowedMaturities @('stable', 'preview', 'experimental') + + $content = Get-Content -Path $outPath -Raw + $content | Should -Match 'alpha' + $content | Should -Match 'zebra' + } + + It 'Excludes deprecated items regardless of channel' { + $collection = @{ + id = 'deprecated-test' + name = 'Deprecated Test' + description = 'Deprecated filtering test' + items = @( + @{ kind = 'agent'; path = '.github/agents/alpha.agent.md'; maturity = 'stable' }, + @{ kind = 'agent'; path = '.github/agents/zebra.agent.md'; maturity = 'deprecated' } + ) + } + $mdPath = Join-Path $script:tempDir 'deprecated.collection.md' + 'Deprecated body.' | Set-Content -Path $mdPath + $outPath = Join-Path $script:tempDir 'README.deprecated.md' + + New-CollectionReadme -Collection $collection -CollectionMdPath $mdPath -TemplatePath $script:templatePath -RepoRoot $script:tempDir -OutputPath $outPath -AllowedMaturities @('stable', 'preview', 'experimental') + + $content = Get-Content -Path $outPath -Raw + $content | Should -Match 'alpha' + $content | Should -Not -Match 'zebra' + } + } + + Context 'Template marker handling' { + It 'Preserves intro text and replaces marker section in README' { + $collection = @{ + id = 'marker-intro' + name = 'Marker Intro' + description = 'Marker intro test' + items = @( + @{ kind = 'agent'; path = '.github/agents/alpha.agent.md' } + ) + } + $mdPath = Join-Path $script:tempDir 'marker-intro.collection.md' + @" +Hand-authored intro paragraph. + + + +Old stale artifact list. + + +"@ | Set-Content -Path $mdPath -Encoding utf8NoBOM + $outPath = Join-Path $script:tempDir 'README.marker-intro.md' + + New-CollectionReadme -Collection $collection -CollectionMdPath $mdPath -TemplatePath $script:templatePath -RepoRoot $script:tempDir -OutputPath $outPath + + $content = Get-Content -Path $outPath -Raw + $content | Should -Match 'Hand-authored intro paragraph' + $content | Should -Not -Match 'Old stale artifact list' + } + + It 'Writes back updated artifact section into collection.md' { + $collection = @{ + id = 'marker-wb' + name = 'Marker Writeback' + description = 'Marker writeback test' + items = @( + @{ kind = 'agent'; path = '.github/agents/alpha.agent.md' } + ) + } + $mdPath = Join-Path $script:tempDir 'marker-wb.collection.md' + @" +Writeback intro. + + + +Old content to replace. + + +"@ | Set-Content -Path $mdPath -Encoding utf8NoBOM + $outPath = Join-Path $script:tempDir 'README.marker-wb.md' + + New-CollectionReadme -Collection $collection -CollectionMdPath $mdPath -TemplatePath $script:templatePath -RepoRoot $script:tempDir -OutputPath $outPath + + $mdContent = Get-Content -Path $mdPath -Raw + $mdContent | Should -Match '' + $mdContent | Should -Match '' + $mdContent | Should -Match 'alpha' + $mdContent | Should -Not -Match 'Old content to replace' + } + + It 'Works without markers for backward compatibility' { + $collection = @{ + id = 'no-markers' + name = 'No Markers' + description = 'No markers test' + items = @( + @{ kind = 'agent'; path = '.github/agents/alpha.agent.md' } + ) + } + $mdPath = Join-Path $script:tempDir 'no-markers.collection.md' + 'Legacy body content without markers.' | Set-Content -Path $mdPath -Encoding utf8NoBOM + $outPath = Join-Path $script:tempDir 'README.no-markers.md' + + New-CollectionReadme -Collection $collection -CollectionMdPath $mdPath -TemplatePath $script:templatePath -RepoRoot $script:tempDir -OutputPath $outPath + + $content = Get-Content -Path $outPath -Raw + $content | Should -Match 'Legacy body content without markers' + } + + It 'Preserves footer content after end marker' { + $collection = @{ + id = 'marker-footer' + name = 'Marker Footer' + description = 'Marker footer test' + items = @( + @{ kind = 'agent'; path = '.github/agents/alpha.agent.md' } + ) + } + $mdPath = Join-Path $script:tempDir 'marker-footer.collection.md' + @" +Footer intro. + + + +Old artifacts. + + + +## Prerequisites + +This requires setup first. +"@ | Set-Content -Path $mdPath -Encoding utf8NoBOM + $outPath = Join-Path $script:tempDir 'README.marker-footer.md' + + New-CollectionReadme -Collection $collection -CollectionMdPath $mdPath -TemplatePath $script:templatePath -RepoRoot $script:tempDir -OutputPath $outPath + + $readmeContent = Get-Content -Path $outPath -Raw + $readmeContent | Should -Match 'Footer intro' + $readmeContent | Should -Match 'Prerequisites' + + $mdContent = Get-Content -Path $mdPath -Raw + $mdContent | Should -Match '' + $mdContent | Should -Match '' + $mdContent | Should -Match '## Prerequisites' + $mdContent | Should -Match 'This requires setup first' + } + } } #endregion Package Generation Function Tests From 3e72bbcd0148220d6f5f6ac0119b6212839fc243 Mon Sep 17 00:00:00 2001 From: Bill Berry Date: Tue, 7 Apr 2026 11:10:54 -0700 Subject: [PATCH 2/4] fix(scripts): address 7 review findings from task validation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - expand New-CollectionReadme help with in-place update and marker behavior (IV-001) - add ValidateNotNullOrEmpty to AllowedMaturities parameter (IV-002) - centralize marker strings as script-scope constants in both scripts (IV-003) - remove unused Existing key from Split-CollectionMdByMarkers return (IV-004) - add duplicate-BEGIN-marker edge case test (IV-005) - add empty-string-throws test for Split-CollectionMdByMarkers (IV-006) - standardize Set-ContentIfChanged encoding to utf8NoBOM (IV-007) šŸ”§ - Generated by Copilot --- .../Modules/CollectionHelpers.psm1 | 2 +- scripts/collections/Validate-Collections.ps1 | 14 ++--- scripts/extension/Prepare-Extension.ps1 | 26 +++++----- .../extension/Prepare-Extension.Tests.ps1 | 51 +++++++++++++++++++ 4 files changed, 74 insertions(+), 19 deletions(-) diff --git a/scripts/collections/Modules/CollectionHelpers.psm1 b/scripts/collections/Modules/CollectionHelpers.psm1 index 29237ec53..ce4d79d40 100644 --- a/scripts/collections/Modules/CollectionHelpers.psm1 +++ b/scripts/collections/Modules/CollectionHelpers.psm1 @@ -49,7 +49,7 @@ function Set-ContentIfChanged { if ($parentDir -and -not (Test-Path -LiteralPath $parentDir)) { New-Item -ItemType Directory -Path $parentDir -Force | Out-Null } - Set-Content -LiteralPath $Path -Value $Value -Encoding utf8 -NoNewline + Set-Content -LiteralPath $Path -Value $Value -Encoding utf8NoBOM -NoNewline return $true } diff --git a/scripts/collections/Validate-Collections.ps1 b/scripts/collections/Validate-Collections.ps1 index 176fd62f4..fdc6fc071 100644 --- a/scripts/collections/Validate-Collections.ps1 +++ b/scripts/collections/Validate-Collections.ps1 @@ -23,6 +23,10 @@ $ErrorActionPreference = 'Stop' Import-Module (Join-Path $PSScriptRoot 'Modules/CollectionHelpers.psm1') -Force Import-Module (Join-Path $PSScriptRoot '../lib/Modules/CIHelpers.psm1') -Force +# Auto-generation marker constants for collection.md validation +$script:CollectionMdBeginMarker = '' +$script:CollectionMdEndMarker = '' + #region Validation Helpers function Test-KindSuffix { @@ -173,18 +177,16 @@ function Invoke-CollectionValidation { if (Test-Path -Path $companionPath) { $mdContent = Get-Content -Path $companionPath -Raw - $beginMarker = '' - $endMarker = '' - $hasBegin = $mdContent.Contains($beginMarker) - $hasEnd = $mdContent.Contains($endMarker) + $hasBegin = $mdContent.Contains($script:CollectionMdBeginMarker) + $hasEnd = $mdContent.Contains($script:CollectionMdEndMarker) if ($hasBegin -xor $hasEnd) { Write-Host " WARN $($file.Name): $baseName.collection.md has mismatched auto-generation markers" -ForegroundColor Yellow } if ($hasBegin -and $hasEnd) { - $beginIdx = $mdContent.IndexOf($beginMarker) - $endIdx = $mdContent.IndexOf($endMarker) + $beginIdx = $mdContent.IndexOf($script:CollectionMdBeginMarker) + $endIdx = $mdContent.IndexOf($script:CollectionMdEndMarker) if ($endIdx -le $beginIdx) { Write-Host " WARN $($file.Name): $baseName.collection.md has markers in wrong order" -ForegroundColor Yellow } diff --git a/scripts/extension/Prepare-Extension.ps1 b/scripts/extension/Prepare-Extension.ps1 index a8073bb05..687b3ed8d 100644 --- a/scripts/extension/Prepare-Extension.ps1 +++ b/scripts/extension/Prepare-Extension.ps1 @@ -64,6 +64,10 @@ $ErrorActionPreference = 'Stop' Import-Module (Join-Path $PSScriptRoot "../lib/Modules/CIHelpers.psm1") -Force Import-Module (Join-Path $PSScriptRoot "../collections/Modules/CollectionHelpers.psm1") -Force +# Auto-generation marker constants shared across Split-CollectionMdByMarkers and New-CollectionReadme +$script:CollectionMdBeginMarker = '' +$script:CollectionMdEndMarker = '' + #region Pure Functions #region Package Generation Functions @@ -385,23 +389,19 @@ function Split-CollectionMdByMarkers { [string]$Content ) - $beginMarker = '' - $endMarker = '' - - $beginIdx = $Content.IndexOf($beginMarker) - $endIdx = $Content.IndexOf($endMarker) + $beginIdx = $Content.IndexOf($script:CollectionMdBeginMarker) + $endIdx = $Content.IndexOf($script:CollectionMdEndMarker) if ($beginIdx -lt 0 -or $endIdx -lt 0 -or $endIdx -le $beginIdx) { return @{ HasMarkers = $false Intro = $Content - Existing = '' Footer = '' } } $intro = $Content.Substring(0, $beginIdx).TrimEnd() - $endMarkerEnd = $endIdx + $endMarker.Length + $endMarkerEnd = $endIdx + $script:CollectionMdEndMarker.Length $footer = if ($endMarkerEnd -lt $Content.Length) { $Content.Substring($endMarkerEnd).TrimStart("`r", "`n") } else { '' } @@ -409,7 +409,6 @@ function Split-CollectionMdByMarkers { return @{ HasMarkers = $true Intro = $intro - Existing = '' Footer = $footer } } @@ -424,10 +423,14 @@ function New-CollectionReadme { with descriptions read from each artifact's YAML frontmatter. Tokens: {{DISPLAY_NAME}}, {{DESCRIPTION}}, {{BODY}}, {{ARTIFACTS}}, {{FULL_EDITION}}. + When the collection markdown file contains BEGIN/END markers, the + generated artifact section is written back into the source file via + Set-ContentIfChanged so the collection.md stays in sync. .PARAMETER Collection Parsed collection manifest hashtable. .PARAMETER CollectionMdPath - Path to the collection markdown body file. + Path to the collection markdown body file. When markers are present, + this file is updated in place with the generated artifact section. .PARAMETER TemplatePath Path to the README template file containing placeholder tokens. .PARAMETER RepoRoot @@ -454,6 +457,7 @@ function New-CollectionReadme { [Parameter(Mandatory = $true)] [string]$OutputPath, + [ValidateNotNullOrEmpty()] [string[]]$AllowedMaturities = @('stable') ) @@ -544,10 +548,8 @@ function New-CollectionReadme { # Write back updated artifact section into collection.md when markers are present if ($parsed.HasMarkers) { - $beginMarker = '' - $endMarker = '' $generatedBlock = $artifactSections.ToString().TrimEnd() - $updatedCollectionMd = "$($parsed.Intro)`n`n$beginMarker`n`n$generatedBlock`n`n$endMarker" + $updatedCollectionMd = "$($parsed.Intro)`n`n$($script:CollectionMdBeginMarker)`n`n$generatedBlock`n`n$($script:CollectionMdEndMarker)" if (-not [string]::IsNullOrWhiteSpace($parsed.Footer)) { $updatedCollectionMd += "`n`n$($parsed.Footer.TrimEnd())" } diff --git a/scripts/tests/extension/Prepare-Extension.Tests.ps1 b/scripts/tests/extension/Prepare-Extension.Tests.ps1 index 0eb3fa580..09ca51856 100644 --- a/scripts/tests/extension/Prepare-Extension.Tests.ps1 +++ b/scripts/tests/extension/Prepare-Extension.Tests.ps1 @@ -2865,4 +2865,55 @@ Describe 'New-CollectionReadme - maturity notice' { #endregion Maturity Notice Tests +#region Split-CollectionMdByMarkers Tests + +Describe 'Split-CollectionMdByMarkers' { + It 'Returns HasMarkers false for content without markers' { + $result = Split-CollectionMdByMarkers -Content 'Hello world' + $result.HasMarkers | Should -BeFalse + $result.Intro | Should -Be 'Hello world' + $result.Footer | Should -Be '' + } + + It 'Throws for empty string input' { + { Split-CollectionMdByMarkers -Content '' } | Should -Throw + } + + It 'Parses intro and footer around markers' { + $content = "Intro text`n`n`n`nGenerated`n`n`n`nFooter text" + $result = Split-CollectionMdByMarkers -Content $content + $result.HasMarkers | Should -BeTrue + $result.Intro | Should -Be 'Intro text' + $result.Footer | Should -Be 'Footer text' + } + + It 'Returns HasMarkers false when only BEGIN marker is present' { + $content = "Intro`n`nSome content" + $result = Split-CollectionMdByMarkers -Content $content + $result.HasMarkers | Should -BeFalse + } + + It 'Returns HasMarkers false when END marker appears before BEGIN' { + $content = "`n" + $result = Split-CollectionMdByMarkers -Content $content + $result.HasMarkers | Should -BeFalse + } + + It 'Returns HasMarkers false for duplicate BEGIN markers without END' { + $content = "`n`nContent" + $result = Split-CollectionMdByMarkers -Content $content + $result.HasMarkers | Should -BeFalse + } + + It 'Does not include an Existing key in the result' { + $noMarkers = Split-CollectionMdByMarkers -Content 'plain' + $noMarkers.Keys | Should -Not -Contain 'Existing' + + $withMarkers = Split-CollectionMdByMarkers -Content "Intro`n`n`n" + $withMarkers.Keys | Should -Not -Contain 'Existing' + } +} + +#endregion Split-CollectionMdByMarkers Tests + #endregion Additional Coverage Tests From 9720cd6f09e6be12adaf607707576994d8c914fd Mon Sep 17 00:00:00 2001 From: Bill Berry Date: Thu, 9 Apr 2026 21:39:14 -0700 Subject: [PATCH 3/4] refactor(scripts): centralize marker constants and extract shared helpers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - move marker constants to CollectionHelpers.psm1 and export as module variables - move Split-CollectionMdByMarkers to CollectionHelpers.psm1 with full decorators - move Get-ArtifactDescription to CollectionHelpers.psm1 for reuse - add collection.md writeback block to Generate-Plugins.ps1 šŸ”§ - Generated by Copilot --- .../Modules/CollectionHelpers.psm1 | 105 ++++++++++++++++++ scripts/collections/Validate-Collections.ps1 | 12 +- scripts/extension/Prepare-Extension.ps1 | 85 +------------- scripts/plugins/Generate-Plugins.ps1 | 68 ++++++++++++ 4 files changed, 178 insertions(+), 92 deletions(-) diff --git a/scripts/collections/Modules/CollectionHelpers.psm1 b/scripts/collections/Modules/CollectionHelpers.psm1 index ce4d79d40..168042531 100644 --- a/scripts/collections/Modules/CollectionHelpers.psm1 +++ b/scripts/collections/Modules/CollectionHelpers.psm1 @@ -9,6 +9,12 @@ #Requires -Version 7.0 #Requires -Modules PowerShell-Yaml +# --------------------------------------------------------------------------- +# Marker Constants (shared across collection scripts) +# --------------------------------------------------------------------------- +$script:CollectionMdBeginMarker = '' +$script:CollectionMdEndMarker = '' + # --------------------------------------------------------------------------- # Internal Utilities # --------------------------------------------------------------------------- @@ -594,17 +600,116 @@ function Update-HveCoreAllCollection { } } +function Split-CollectionMdByMarkers { + <# + .SYNOPSIS + Splits collection markdown content at auto-generation markers. + .DESCRIPTION + Locates the BEGIN and END auto-generated-artifact markers in the + supplied markdown string and returns the intro (before), footer (after), + and a flag indicating whether markers were found. + .PARAMETER Content + The full text content of a collection.md file. + .OUTPUTS + [hashtable] with keys HasMarkers ([bool]), Intro ([string]), + and Footer ([string]). + .NOTES + Returns the entire content as Intro with HasMarkers = $false when + markers are missing or mis-ordered. + #> + [CmdletBinding()] + param( + [Parameter(Mandatory)] + [string]$Content + ) + + $beginIdx = $Content.IndexOf($script:CollectionMdBeginMarker) + $endIdx = $Content.IndexOf($script:CollectionMdEndMarker) + + if ($beginIdx -lt 0 -or $endIdx -lt 0 -or $endIdx -le $beginIdx) { + return @{ + HasMarkers = $false + Intro = $Content + Footer = '' + } + } + + $intro = $Content.Substring(0, $beginIdx).TrimEnd() + $endMarkerEnd = $endIdx + $script:CollectionMdEndMarker.Length + $footer = if ($endMarkerEnd -lt $Content.Length) { + $Content.Substring($endMarkerEnd).TrimStart("`r", "`n") + } else { '' } + + return @{ + HasMarkers = $true + Intro = $intro + Footer = $footer + } +} + +function Get-ArtifactDescription { + <# + .SYNOPSIS + Reads the description from an artifact file's YAML frontmatter. + .DESCRIPTION + Parses the YAML frontmatter block at the top of a markdown file and + returns the description field value. Returns an empty string when the + file is missing, has no frontmatter, or lacks a description field. + Strips the common " - Brought to you by microsoft/hve-core" suffix. + .PARAMETER FilePath + Absolute path to the artifact markdown file. + .OUTPUTS + [string] Description text, or empty string if unavailable. + #> + [CmdletBinding()] + [OutputType([string])] + param( + [Parameter(Mandatory = $true)] + [string]$FilePath + ) + + if (-not (Test-Path $FilePath)) { + return '' + } + + $content = Get-Content -Path $FilePath -Raw + if ($content -match '(?s)^---\s*\r?\n(.*?)\r?\n---') { + $yamlBlock = $Matches[1] + try { + $frontmatter = ConvertFrom-Yaml -Yaml $yamlBlock + if ($frontmatter -is [hashtable] -and $frontmatter.ContainsKey('description')) { + $desc = [string]$frontmatter.description + # Strip the common branding suffix + $desc = $desc -replace '\s*-\s*Brought to you by microsoft/hve-core$', '' + return $desc.Trim() + } + } + catch { + Write-Verbose "Failed to parse frontmatter from $FilePath`: $_" + } + } + + return '' +} + Export-ModuleMember -Function @( 'Get-AllCollections', + 'Get-ArtifactDescription', 'Get-ArtifactFiles', 'Get-ArtifactFrontmatter', 'Get-CollectionArtifactKey', 'Get-CollectionManifest', 'Resolve-CollectionItemMaturity', 'Set-ContentIfChanged', + 'Split-CollectionMdByMarkers', 'Test-ArtifactDeprecated', 'Test-DeprecatedPath', 'Test-HveCoreRepoRelativePath', 'Test-HveCoreRepoSpecificPath', 'Update-HveCoreAllCollection' ) + +Export-ModuleMember -Variable @( + 'CollectionMdBeginMarker', + 'CollectionMdEndMarker' +) diff --git a/scripts/collections/Validate-Collections.ps1 b/scripts/collections/Validate-Collections.ps1 index fdc6fc071..d856e02ca 100644 --- a/scripts/collections/Validate-Collections.ps1 +++ b/scripts/collections/Validate-Collections.ps1 @@ -23,10 +23,6 @@ $ErrorActionPreference = 'Stop' Import-Module (Join-Path $PSScriptRoot 'Modules/CollectionHelpers.psm1') -Force Import-Module (Join-Path $PSScriptRoot '../lib/Modules/CIHelpers.psm1') -Force -# Auto-generation marker constants for collection.md validation -$script:CollectionMdBeginMarker = '' -$script:CollectionMdEndMarker = '' - #region Validation Helpers function Test-KindSuffix { @@ -177,16 +173,16 @@ function Invoke-CollectionValidation { if (Test-Path -Path $companionPath) { $mdContent = Get-Content -Path $companionPath -Raw - $hasBegin = $mdContent.Contains($script:CollectionMdBeginMarker) - $hasEnd = $mdContent.Contains($script:CollectionMdEndMarker) + $hasBegin = $mdContent.Contains($CollectionMdBeginMarker) + $hasEnd = $mdContent.Contains($CollectionMdEndMarker) if ($hasBegin -xor $hasEnd) { Write-Host " WARN $($file.Name): $baseName.collection.md has mismatched auto-generation markers" -ForegroundColor Yellow } if ($hasBegin -and $hasEnd) { - $beginIdx = $mdContent.IndexOf($script:CollectionMdBeginMarker) - $endIdx = $mdContent.IndexOf($script:CollectionMdEndMarker) + $beginIdx = $mdContent.IndexOf($CollectionMdBeginMarker) + $endIdx = $mdContent.IndexOf($CollectionMdEndMarker) if ($endIdx -le $beginIdx) { Write-Host " WARN $($file.Name): $baseName.collection.md has markers in wrong order" -ForegroundColor Yellow } diff --git a/scripts/extension/Prepare-Extension.ps1 b/scripts/extension/Prepare-Extension.ps1 index 687b3ed8d..14f197c95 100644 --- a/scripts/extension/Prepare-Extension.ps1 +++ b/scripts/extension/Prepare-Extension.ps1 @@ -64,10 +64,6 @@ $ErrorActionPreference = 'Stop' Import-Module (Join-Path $PSScriptRoot "../lib/Modules/CIHelpers.psm1") -Force Import-Module (Join-Path $PSScriptRoot "../collections/Modules/CollectionHelpers.psm1") -Force -# Auto-generation marker constants shared across Split-CollectionMdByMarkers and New-CollectionReadme -$script:CollectionMdBeginMarker = '' -$script:CollectionMdEndMarker = '' - #region Pure Functions #region Package Generation Functions @@ -334,85 +330,6 @@ function Invoke-ExtensionCollectionsGeneration { return $expectedFiles } -function Get-ArtifactDescription { - <# - .SYNOPSIS - Reads the description from an artifact file's YAML frontmatter. - .DESCRIPTION - Parses the YAML frontmatter block at the top of a markdown file and - returns the description field value. Returns an empty string when the - file is missing, has no frontmatter, or lacks a description field. - Strips the common " - Brought to you by microsoft/hve-core" suffix. - .PARAMETER FilePath - Absolute path to the artifact markdown file. - .OUTPUTS - [string] Description text, or empty string if unavailable. - #> - [CmdletBinding()] - [OutputType([string])] - param( - [Parameter(Mandatory = $true)] - [string]$FilePath - ) - - if (-not (Test-Path $FilePath)) { - return '' - } - - $content = Get-Content -Path $FilePath -Raw - if ($content -match '(?s)^---\s*\r?\n(.*?)\r?\n---') { - $yamlBlock = $Matches[1] - try { - $frontmatter = ConvertFrom-Yaml -Yaml $yamlBlock - if ($frontmatter -is [hashtable] -and $frontmatter.ContainsKey('description')) { - $desc = [string]$frontmatter.description - # Strip the common branding suffix - $desc = $desc -replace '\s*-\s*Brought to you by microsoft/hve-core$', '' - return $desc.Trim() - } - } - catch { - Write-Verbose "Failed to parse frontmatter from $FilePath`: $_" - } - } - - return '' -} - -function Split-CollectionMdByMarkers { - <# - .SYNOPSIS - Splits collection.md content at auto-generation markers. - #> - param( - [Parameter(Mandatory)] - [string]$Content - ) - - $beginIdx = $Content.IndexOf($script:CollectionMdBeginMarker) - $endIdx = $Content.IndexOf($script:CollectionMdEndMarker) - - if ($beginIdx -lt 0 -or $endIdx -lt 0 -or $endIdx -le $beginIdx) { - return @{ - HasMarkers = $false - Intro = $Content - Footer = '' - } - } - - $intro = $Content.Substring(0, $beginIdx).TrimEnd() - $endMarkerEnd = $endIdx + $script:CollectionMdEndMarker.Length - $footer = if ($endMarkerEnd -lt $Content.Length) { - $Content.Substring($endMarkerEnd).TrimStart("`r", "`n") - } else { '' } - - return @{ - HasMarkers = $true - Intro = $intro - Footer = $footer - } -} - function New-CollectionReadme { <# .SYNOPSIS @@ -549,7 +466,7 @@ function New-CollectionReadme { # Write back updated artifact section into collection.md when markers are present if ($parsed.HasMarkers) { $generatedBlock = $artifactSections.ToString().TrimEnd() - $updatedCollectionMd = "$($parsed.Intro)`n`n$($script:CollectionMdBeginMarker)`n`n$generatedBlock`n`n$($script:CollectionMdEndMarker)" + $updatedCollectionMd = "$($parsed.Intro)`n`n$($CollectionMdBeginMarker)`n`n$generatedBlock`n`n$($CollectionMdEndMarker)" if (-not [string]::IsNullOrWhiteSpace($parsed.Footer)) { $updatedCollectionMd += "`n`n$($parsed.Footer.TrimEnd())" } diff --git a/scripts/plugins/Generate-Plugins.ps1 b/scripts/plugins/Generate-Plugins.ps1 index 7930bff9c..6099734ab 100644 --- a/scripts/plugins/Generate-Plugins.ps1 +++ b/scripts/plugins/Generate-Plugins.ps1 @@ -307,6 +307,74 @@ function Invoke-PluginGeneration { } } + #region Update collection.md artifact tables + if (-not $DryRun) { + $collectionMdPath = Join-Path $collectionsDir "$id.collection.md" + if (Test-Path $collectionMdPath) { + $bodyContent = Get-Content -Path $collectionMdPath -Raw + $parsed = Split-CollectionMdByMarkers -Content $bodyContent + + if ($parsed.HasMarkers) { + $agents = @() + $prompts = @() + $instructions = @() + $skills = @() + + foreach ($item in $filteredCollection.items) { + if (-not $item.ContainsKey('kind') -or -not $item.ContainsKey('path')) { + continue + } + $kind = [string]$item.kind + $path = [string]$item.path + $artifactName = Get-CollectionArtifactKey -Kind $kind -Path $path + + $resolvedPath = Join-Path $RepoRoot ($path -replace '^\.\//', '') + if ($kind -eq 'skill') { + $resolvedPath = Join-Path $resolvedPath 'SKILL.md' + } + $artifactDesc = Get-ArtifactDescription -FilePath $resolvedPath + + $entry = @{ Name = $artifactName; Description = $artifactDesc } + switch ($kind) { + 'agent' { $agents += $entry } + 'prompt' { $prompts += $entry } + 'instruction' { $instructions += $entry } + 'skill' { $skills += $entry } + } + } + + $artifactSections = [System.Text.StringBuilder]::new() + + foreach ($section in @( + @{ Title = 'Chat Agents'; Items = $agents }, + @{ Title = 'Prompts'; Items = $prompts }, + @{ Title = 'Instructions'; Items = $instructions }, + @{ Title = 'Skills'; Items = $skills } + )) { + if ($section.Items.Count -eq 0) { continue } + + $null = $artifactSections.AppendLine("### $($section.Title)") + $null = $artifactSections.AppendLine() + $null = $artifactSections.AppendLine('| Name | Description |') + $null = $artifactSections.AppendLine('|------|-------------|') + foreach ($entry in ($section.Items | Sort-Object { $_.Name })) { + $null = $artifactSections.AppendLine("| **$($entry.Name)** | $($entry.Description) |") + } + $null = $artifactSections.AppendLine() + } + + $generatedBlock = $artifactSections.ToString().TrimEnd() + $updatedCollectionMd = "$($parsed.Intro)`n`n$($CollectionMdBeginMarker)`n`n$generatedBlock`n`n$($CollectionMdEndMarker)" + if (-not [string]::IsNullOrWhiteSpace($parsed.Footer)) { + $updatedCollectionMd += "`n`n$($parsed.Footer.TrimEnd())" + } + $updatedCollectionMd += "`n" + Set-ContentIfChanged -Path $collectionMdPath -Value $updatedCollectionMd + } + } + } + #endregion + $itemCount = $filteredCollection.items.Count $totalAgents += $result.AgentCount $totalCommands += $result.CommandCount From 1ec452c3e01a169a612fc1a43df3fe887dc6a98c Mon Sep 17 00:00:00 2001 From: Bill Berry Date: Thu, 9 Apr 2026 21:51:30 -0700 Subject: [PATCH 4/4] chore(docs): regenerate collection.md artifact tables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - regenerate all 14 collection.md files with structured artifact tables - replace hand-written summaries with auto-generated content between markers - tables include instructions, agents, prompts, skills per collection šŸ“ - Generated by Copilot --- collections/ado.collection.md | 45 +++- collections/coding-standards.collection.md | 50 +++- collections/data-science.collection.md | 37 ++- collections/design-thinking.collection.md | 122 ++++++---- collections/experimental.collection.md | 25 +- collections/github.collection.md | 31 ++- collections/gitlab.collection.md | 14 +- collections/hve-core-all.collection.md | 265 +++++++++++++++++++-- collections/hve-core.collection.md | 73 ++++-- collections/installer.collection.md | 12 +- collections/jira.collection.md | 39 ++- collections/project-planning.collection.md | 84 +++++-- collections/rai-planning.collection.md | 32 ++- collections/security.collection.md | 98 +++++--- plugins/ado/README.md | 47 +++- plugins/coding-standards/README.md | 56 +++-- plugins/data-science/README.md | 39 ++- plugins/design-thinking/README.md | 122 ++++++---- plugins/experimental/README.md | 25 +- plugins/github/README.md | 33 ++- plugins/gitlab/README.md | 12 +- plugins/hve-core-all/README.md | 262 ++++++++++++++++++-- plugins/hve-core/README.md | 87 ++++--- plugins/installer/README.md | 12 +- plugins/jira/README.md | 39 ++- plugins/project-planning/README.md | 84 +++++-- plugins/rai-planning/README.md | 32 ++- plugins/security/README.md | 95 +++++--- 28 files changed, 1474 insertions(+), 398 deletions(-) diff --git a/collections/ado.collection.md b/collections/ado.collection.md index 14a238021..ebcbaed7c 100644 --- a/collections/ado.collection.md +++ b/collections/ado.collection.md @@ -2,12 +2,45 @@ Manage Azure DevOps work items, monitor builds, create pull requests, and conver -This collection includes agents and prompts for: +### Chat Agents -- **Work Item Management** ā€” Discover, create, update, and plan work items across ADO projects -- **Build Monitoring** ā€” Query build status, review logs, and diagnose failures -- **Pull Request Creation** ā€” Generate PRs with linked work items and reviewer identification -- **PRD-to-Work-Item Conversion** ā€” Transform Product Requirements Documents into ADO feature/user-story/task hierarchies -- **Backlog Management** ā€” Orchestrated triage, discovery, sprint planning, and work item creation workflows through a central ADO Backlog Manager agent +| Name | Description | +|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | +| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | + +### Prompts + +| Name | Description | +|-------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| +| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | +| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | +| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | +| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | +| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | +| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | +| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | +| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado-update-wit-items** | Prompt to update work items based on planning files | + +### Instructions + +| Name | Description | +|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | +| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | +| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | +| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | +| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | +| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | +| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | diff --git a/collections/coding-standards.collection.md b/collections/coding-standards.collection.md index 7c9c7ebfe..87d5b50e4 100644 --- a/collections/coding-standards.collection.md +++ b/collections/coding-standards.collection.md @@ -2,20 +2,46 @@ Enforce language-specific coding conventions and best practices across your proj -This collection includes: +### Chat Agents -- **Code Review Functional** ā€” Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps -- **Code Review Standards** ā€” Skills-based code reviewer that enforces project-defined coding standards via dynamic skill loading -- **Code Review Full** ā€” Orchestrates both functional and standards reviews in a single pass +| Name | Description | +|----------------------------|---------------------------------------------------------------------------------------------------------------------------| +| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | +| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | +| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | -Instructions for: +### Prompts -- **Bash** ā€” Shell scripting conventions and best practices -- **Bicep** ā€” Infrastructure as code implementation standards -- **C#** ā€” Code and test conventions including nullable reference types, async patterns, and xUnit testing -- **PowerShell** ā€” Script and module conventions including comment-based help, CmdletBinding, PSScriptAnalyzer compliance, and copyright headers -- **Python** ā€” Scripting implementation with type hints, docstrings, uv project management, and pytest testing -- **Rust** ā€” Rust development conventions targeting the 2021 edition -- **Terraform** ā€” Infrastructure as code with provider configuration and module structure +| Name | Description | +|----------------------------|----------------------------------------------------------------------------------------------------| +| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | +| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | + +### Instructions + +| Name | Description | +|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **coding-standards/bash/bash** | Instructions for bash script implementation | +| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | +| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | +| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | +| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | +| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | +| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | +| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | +| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | diff --git a/collections/data-science.collection.md b/collections/data-science.collection.md index 685f797d9..50956c9a5 100644 --- a/collections/data-science.collection.md +++ b/collections/data-science.collection.md @@ -5,12 +5,37 @@ Generate data specifications, Jupyter notebooks, and Streamlit dashboards from n -This collection includes agents for: +### Chat Agents -- **Data Specification Generation** ā€” Create structured data schemas and specifications from requirements -- **Jupyter Notebook Generation** ā€” Build data analysis notebooks with visualizations and documentation -- **Streamlit Dashboard Generation** ā€” Create interactive dashboards from data sources -- **Dashboard Testing** ā€” Comprehensive test suites for Streamlit applications -- **RAI Planner** ā€” Responsible AI assessment with security model analysis, impact assessment, and dual-format backlog handoff +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | +| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | +| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | + +### Prompts + +| Name | Description | +|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | + +### Instructions + +| Name | Description | +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/collections/design-thinking.collection.md b/collections/design-thinking.collection.md index 754ea25ed..684436619 100644 --- a/collections/design-thinking.collection.md +++ b/collections/design-thinking.collection.md @@ -4,55 +4,77 @@ Coaching identity, quality constraints, and methodology instructions for AI-enha -This collection includes agents, prompts, and instructions for: - -- **DT Start Project** ā€” Initializes a new Design Thinking coaching project with state file creation, frozen/fluid classification, and first Method 1 coaching interaction -- **DT Resume Coaching** ā€” Resumes an existing coaching session from saved state, restoring context from the project's coaching state file -- **DT Method Next** ā€” Assesses current coaching state and recommends the next method with sequencing validation, handling edge cases for no project, all methods complete, and iteration loops -- **DT Handoff Implementation Space** ā€” Implementation Space exit handoff that compiles DT Methods 7-9 outputs into an RPI-ready artifact with tiered routing to task-planner or task-implementor, handoff lineage from all nine methods, content sanitization, and a completion ceremony -- **DT Handoff Problem Space** ā€” Problem Space exit handoff that compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting task-researcher, with readiness assessment and quality markers -- **DT Method 4: Ideation** ā€” Divergent idea generation with constraint-informed creativity for Method 4b brainstorming -- **DT Method 4: Convergence** ā€” Theme discovery through philosophy-based clustering for Method 4c brainstorming -- **DT Method 5: Concepts** ā€” Concept articulation from brainstorming themes for Method 5b user concepts -- **DT Method 5: Evaluation** ā€” Stakeholder alignment and three-lens evaluation for Method 5c user concepts -- **DT Method 6: Planning** ā€” Concept analysis and prototype approach design for Method 6a lo-fi prototyping -- **DT Method 6: Building** ā€” Scrappy prototype building with fidelity enforcement for Method 6b -- **DT Method 6: Testing** ā€” Hypothesis-driven testing and constraint validation for Method 6c -- **DT Coaching Identity** ā€” Defines the coach's interaction philosophy (Think, Speak, Empower), progressive hint engine, psychological safety patterns, and hat-switching framework for consistent behavior across all nine methods -- **DT Coach**: Conversational coaching agent that guides teams through all 9 methods with Think/Speak/Empower philosophy -- **DT Coaching State** ā€” Session persistence schema, method progress tracking, and session recovery protocol enabling the coach to resume seamlessly across conversations -- **DT Method Sequencing** ā€” Governs the nine-method sequence across three spaces, space boundary transition protocols with readiness signals, non-linear iteration patterns, method routing logic, and coaching state tracking -- **DT Quality Constraints** ā€” Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods -- **DT Method 01: Scope Conversations** ā€” Frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation for transforming initial customer requests into genuine understanding of business challenges -- **DT Method 01 Deep** ā€” Advanced stakeholder analysis, power dynamics, and scope negotiation expertise loaded on-demand for complex Method 1 coaching scenarios -- **DT Method 02: Design Research** ā€” Interview techniques, research planning, environmental observation, and insight extraction patterns for systematic discovery of end-user needs through direct engagement across three phases: planning, execution, and documentation -- **DT Method 02 Deep: Advanced Design Research** ā€” On-demand deep reference covering advanced interview techniques, ethnographic observation methods, evidence triangulation, and manufacturing research patterns; loaded by the coach for complex research scenarios requiring specialist guidance -- **DT Method 03: Input Synthesis** ā€” Pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness for transforming fragmented research data into unified problem understanding -- **DT Method 03 Deep** ā€” Advanced affinity analysis with multi-pass clustering, insight frameworks with observation-inference-insight formula, HMW question scaffolding, problem statement articulation, and manufacturing synthesis patterns -- **DT Method 04 Deep: Advanced Brainstorming Techniques** ā€” Advanced facilitation techniques (brainwriting, morphological analysis, provocation), creative block recovery, convergence frameworks (impact/effort matrix, weighted D/F/V scoring), and cross-pollination from analogous industries loaded on-demand for complex Method 4 coaching scenarios -- **DT Industry: Healthcare** ā€” Healthcare-specific vocabulary mapping, constraints (HIPAA, patient safety, clinical workflow), empathy tools (patient journey mapping, clinician shadow), and an ED wait-time reference scenario for on-demand industry context loading -- **DTā†’RPI Handoff Contract** ā€” Exit-point definitions, artifact schemas, per-agent input contracts, graduation awareness behavior, and quality markers for lateral transitions from Design Thinking coaching into the RPI workflow -- **DT RPI Implementation Context** ā€” DT-aware task-implementor augmentation that enforces space-appropriate fidelity constraints, stakeholder validation against handoff maps, confidence-marker handling, and return path triggers when operating on DT artifacts -- **DT RPI Planning Context** ā€” DT-aware task-planner augmentation that shapes implementation planning around fidelity constraints, iteration support, confidence-informed risk assessment, and stakeholder-segmented success criteria when operating on DT artifacts -- **DT RPI Research Context** ā€” DT-aware task-researcher augmentation that frames research around stakeholder needs, quality-marked findings, assumption validation, and return path triggers when operating on DT artifacts -- **DT RPI Review Context** ā€” DT-aware task-reviewer augmentation that defines quality criteria per artifact type (coaching, method, deep, industry, handoff, agent, output), review checklist additions for coaching tone and fidelity enforcement, anti-patterns to flag, and severity mapping for Design Thinking artifacts -- **DT Method 07: High-Fidelity Prototypes** ā€” Technical translation, functional prototypes, and specifications for Implementation Space entry with three-hat architecture and progressive fidelity modeling -- **DT Method 07: Deep Expertise** ā€” On-demand fidelity translation, architecture trade-off analysis, specification writing patterns, and manufacturing-specific prototyping guidance for complex Method 7 coaching scenarios -- **DT Method 08: User Testing** ā€” Evidence-based evaluation, test protocols, and non-linear iteration support for structured user testing of hi-fi prototypes with leap-enabling questioning and loop decision coaching -- **DT Method 08 Deep** ā€” Advanced test design, small-sample analysis, iteration triggers, and bias mitigation expertise loaded on-demand for complex Method 8 coaching scenarios -- **DT Method 09: Iteration at Scale** ā€” Continuous optimization through telemetry-driven enhancement, systematic refinement cycles, and organizational deployment planning covering change management, training, and adoption metrics -- **DT Method 09 Deep** ā€” Advanced organizational change management (ADKAR framework), scaling patterns, adoption measurement systems, scaling anti-patterns, and manufacturing deployment strategies loaded on-demand for complex Method 9 coaching scenarios -- **DT Industry: Manufacturing** ā€” On-demand industry context providing manufacturing vocabulary mapping, operational constraints (safety culture, shift patterns, union dynamics), empathy tools (gemba walk, shift-handoff observation, operator shadow), and a reference scenario for contextualizing Design Thinking coaching in manufacturing environments -- **DT Industry: Energy** ā€” On-demand energy-sector context providing vocabulary mapping (NERC/FERC/SCADA terminology), critical infrastructure constraints (regulatory weight, long asset lifecycles, security classification), empathy tools (control room observation, field ride-along, regulatory timeline mapping), and a renewable integration reference scenario -- **DT Curriculum Module 1: Scope Conversations** ā€” Key concepts (frozen vs fluid requests, stakeholder mapping, constraint discovery), progressive questioning techniques, comprehension checks, and manufacturing practice exercises for teaching Method 1 -- **DT Curriculum Module 2: Design Research** ā€” Key concepts (genuine need discovery, environmental context, universal discovery sequence), contextual inquiry techniques, comprehension checks, and manufacturing practice exercises for teaching Method 2 -- **DT Curriculum Module 3: Synthesis** ā€” Key concepts (multi-source pattern recognition, theme development, context preservation), affinity clustering techniques, comprehension checks, and manufacturing practice exercises for teaching Method 3 -- **DT Curriculum Module 4: Brainstorming** ā€” Key concepts (divergent vs convergent phases, constraint-driven creativity, philosophy-based clustering), AI spring-boarding techniques, comprehension checks, and manufacturing practice exercises for teaching Method 4 -- **DT Curriculum Module 5: User Concepts** ā€” Key concepts (minimum viable visuals, understanding speed, interaction vs value concepts), stick figure approach and silent review techniques, comprehension checks, and manufacturing practice exercises for teaching Method 5 -- **DT Curriculum Module 6: Low-Fidelity Prototypes** ā€” Key concepts (scrappy principle, instant failure as instant win, single-assumption testing), simple material prototyping techniques, comprehension checks, and manufacturing practice exercises for teaching Method 6 -- **DT Curriculum Module 7: High-Fidelity Prototypes** ā€” Key concepts (technical feasibility validation, stripped-down functional focus, multiple implementation comparison), hardware and integration testing techniques, comprehension checks, and manufacturing practice exercises for teaching Method 7 -- **DT Curriculum Module 8: User Testing** ā€” Key concepts (leap-enabling vs leap-killing questions, non-linear iteration loops, behavior over opinions), task-based testing techniques, comprehension checks, and manufacturing practice exercises for teaching Method 8 -- **DT Curriculum Module 9: Iteration at Scale** ā€” Key concepts (telemetry-driven enhancement, high-frequency pattern focus, incremental enhancement), production telemetry techniques, comprehension checks, and manufacturing practice exercises for teaching Method 9 -- **DT Curriculum Scenario: Manufacturing** ā€” Factory floor improvement reference scenario (Meridian Components) with interview excerpts, observation data points, and test results used across all 9 curriculum modules for progressive learning exercises +### Chat Agents + +| Name | Description | +|-----------------------|------------------------------------------------------------------------------------------------------------| +| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | +| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | + +### Prompts + +| Name | Description | +|-------------------------------------|--------------------------------------------------------------------------------------------------------------------| +| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | +| **dt-handoff-problem-space** | Problem Space exit handoff ā€” compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-handoff-solution-space** | Solution Space exit handoff ā€” compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | +| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | +| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | +| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | +| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | +| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | +| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | +| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | +| **dt-resume-coaching** | Resume a Design Thinking coaching session ā€” reads coaching state and re-establishes context | +| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | + +### Instructions + +| Name | Description | +|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | +| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | +| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning ā€” factory floor improvement project used across all 9 curriculum modules | +| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | +| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | +| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | +| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | +| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | +| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis ā€” advanced affinity analysis, insight frameworks, and problem statement articulation | +| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | +| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | +| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming ā€” advanced facilitation techniques, creative block recovery, and convergence frameworks | +| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | +| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | +| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | +| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | +| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | +| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | +| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate ā€” advanced test design, small-sample analysis, iteration triggers, and bias mitigation | +| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | +| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale ā€” change management, scaling, and adoption measurement | +| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale ā€” systematic refinement, scaling patterns, and organizational deployment | +| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | +| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | +| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | +| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | +| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | +| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | +| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | +| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/collections/experimental.collection.md b/collections/experimental.collection.md index dc624657f..7b5603a48 100644 --- a/collections/experimental.collection.md +++ b/collections/experimental.collection.md @@ -2,10 +2,27 @@ Experimental and preview artifacts not yet promoted to stable collections. Items -This collection includes agents, skills, and instructions for: +### Chat Agents -- **Experiment Designer** ā€” Guides users through designing Minimum Viable Experiments (MVEs) with hypothesis formation, vetting, and structured experiment plans -- **PowerPoint Builder** ā€” Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx -- **Video to GIF** ā€” Convert video files to animated GIF format +| Name | Description | +|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | +| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | +| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | + +### Instructions + +| Name | Description | +|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | +| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|------------------|--------------------------------------------------------------------------------------------------------| +| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | +| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | diff --git a/collections/github.collection.md b/collections/github.collection.md index 9f3df97d1..0403f490f 100644 --- a/collections/github.collection.md +++ b/collections/github.collection.md @@ -2,11 +2,32 @@ Manage GitHub issue backlogs with agents for discovery, triage, sprint planning, -This collection includes agents and prompts for: +### Chat Agents -- **Issue Discovery** ā€” Find and analyze issues across repositories with duplicate detection -- **Triage** ā€” Automated label suggestion, milestone assignment, and priority assessment -- **Sprint Planning** ā€” Organize issues into sprints with effort estimation -- **Backlog Execution** ā€” Execute planned operations against issue backlogs +| Name | Description | +|----------------------------|------------------------------------------------------------------------------------------------------------------------| +| **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | + +### Prompts + +| Name | Description | +|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| +| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | +| **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | +| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | +| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | +| **github-suggest** | Resume GitHub backlog management workflow after session restore | +| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | + +### Instructions + +| Name | Description | +|-------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | +| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | +| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | +| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | +| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/collections/gitlab.collection.md b/collections/gitlab.collection.md index 29403a201..ecd2da536 100644 --- a/collections/gitlab.collection.md +++ b/collections/gitlab.collection.md @@ -2,8 +2,16 @@ Use GitLab merge request and pipeline workflows from VS Code through a focused P -This collection includes: +### Instructions -- **GitLab Skill** - List and inspect merge requests, create or update merge requests, add notes, inspect pipelines, list jobs, and fetch job logs +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | - \ No newline at end of file +### Skills + +| Name | Description | +|------------|--------------------------------------------------------------| +| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | + + diff --git a/collections/hve-core-all.collection.md b/collections/hve-core-all.collection.md index 5c28f86ac..893751c49 100644 --- a/collections/hve-core-all.collection.md +++ b/collections/hve-core-all.collection.md @@ -7,33 +7,256 @@ Use this edition when you want access to everything without choosing a focused c -Code review agents included (via coding-standards collection): +### Chat Agents -- **Code Review Functional** ā€” Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps -- **Code Review Standards** ā€” Skills-based code reviewer that enforces project-defined coding standards via dynamic skill loading -- **Code Review Full** ā€” Orchestrates both functional and standards reviews in a single pass +| Name | Description | +|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | +| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | +| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | +| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | +| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | +| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | +| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | +| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | +| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | +| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | +| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | +| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | +| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | +| **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | +| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | +| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | +| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | +| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | +| **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | +| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | +| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | +| **memory** | Conversation memory persistence for session continuity | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | +| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | +| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | +| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | +| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | +| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | +| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | +| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | +| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research ā†’ Plan ā†’ Implement ā†’ Review ā†’ Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | +| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | +| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | +| **task-planner** | Implementation planner for creating actionable implementation plans | +| **task-researcher** | Task research specialist for comprehensive project analysis | +| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | +| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | +| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | -Security and planning agents included (via security collection): +### Prompts -- **Security Planner** ā€” STRIDE-based security model analysis with operational bucket classification, standards mapping, and automated backlog generation -- **SSSC Planner** ā€” Supply chain security assessment against OpenSSF Scorecard, SLSA, and SBOM standards -- **RAI Planner** ā€” Responsible AI assessment with impact assessment and dual-format backlog handoff +| Name | Description | +|-------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | +| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | +| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | +| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | +| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | +| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | +| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | +| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado-update-wit-items** | Prompt to update work items based on planning files | +| **checkpoint** | Save or restore conversation context using memory files | +| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | +| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | +| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | +| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | +| **dt-handoff-problem-space** | Problem Space exit handoff ā€” compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-handoff-solution-space** | Solution Space exit handoff ā€” compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | +| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | +| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | +| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | +| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | +| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | +| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | +| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | +| **dt-resume-coaching** | Resume a Design Thinking coaching session ā€” reads coaching state and re-establishes context | +| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | +| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | +| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | +| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | +| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | +| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | +| **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | +| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | +| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | +| **github-suggest** | Resume GitHub backlog management workflow after session restore | +| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | +| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | +| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | +| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | +| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | +| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | +| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | +| **pull-request** | Generates pull request descriptions from branch diffs | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability Ɨ Impact (PƗI) risk matrix. | +| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | +| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | +| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | +| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | +| **task-implement** | Locates and executes implementation plans using Task Implementor | +| **task-plan** | Initiates implementation planning based on user context or research documents | +| **task-research** | Initiates research for implementation planning based on user requirements | +| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | -Supporting subagents included: +### Instructions -- **Codebase Researcher** ā€” Searches workspace for code patterns, conventions, and implementations -- **External Researcher** ā€” Retrieves external documentation, SDK references, and code samples -- **Phase Implementor** ā€” Executes single implementation phases with change tracking -- **Artifact Validator** ā€” Validates implementation work against plans and conventions -- **Prompt Tester** ā€” Tests prompt files by following them literally in a sandbox -- **Prompt Evaluator** ā€” Evaluates prompt execution results against quality criteria +| Name | Description | +|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | +| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | +| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | +| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | +| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | +| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | +| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | +| **coding-standards/bash/bash** | Instructions for bash script implementation | +| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | +| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | +| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | +| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | +| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | +| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | +| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | +| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | +| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | +| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning ā€” factory floor improvement project used across all 9 curriculum modules | +| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | +| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | +| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | +| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | +| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | +| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis ā€” advanced affinity analysis, insight frameworks, and problem statement articulation | +| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | +| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | +| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming ā€” advanced facilitation techniques, creative block recovery, and convergence frameworks | +| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | +| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | +| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | +| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | +| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | +| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | +| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate ā€” advanced test design, small-sample analysis, iteration triggers, and bias mitigation | +| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | +| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale ā€” change management, scaling, and adoption measurement | +| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale ā€” systematic refinement, scaling patterns, and organizational deployment | +| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | +| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | +| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | +| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | +| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | +| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | +| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | +| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | +| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | +| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | +| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | +| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | +| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | +| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | +| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | +| **hve-core/commit-message** | Required instructions for creating all commit messages | +| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | +| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | +| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | +| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | +| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | +| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | +| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | +| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | +| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | +| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | -Skills included: +### Skills -- **HVE Core Installer** ā€” Decision-driven installer skill for deploying HVE Core across workspace configurations -- **GitLab Integration** ā€” GitLab merge request and pipeline workflows through a Python skill -- **Jira Integration** ā€” Jira backlog discovery, triage, execution, and PRD planning workflows backed by Jira issue operations and field discovery -- **PR Reference** ā€” Generates PR reference XML files with commit history and diffs for pull request workflows -- **Video to GIF** ā€” Converts video files to optimized GIF animations using FFmpeg two-pass palette optimization +| Name | Description | +|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | +| **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | +| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | +| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | +| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | +| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | +| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | +| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | +| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | +| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | +| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | +| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | +| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | +| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | diff --git a/collections/hve-core.collection.md b/collections/hve-core.collection.md index e24bb4439..ce06884de 100644 --- a/collections/hve-core.collection.md +++ b/collections/hve-core.collection.md @@ -2,33 +2,64 @@ HVE Core provides the flagship RPI (Research, Plan, Implement, Review) workflow -This collection includes agents for: +### Chat Agents -- **RPI Agent** ā€” Autonomous orchestrator that drives the full four-phase workflow -- **Task Researcher** ā€” Gathers context, discovers patterns, and produces research documents -- **Task Planner** ā€” Creates detailed implementation plans from research findings -- **Task Implementor** ā€” Executes plans with progressive tracking and change records -- **Task Reviewer** ā€” Validates implementations against plans and project conventions -- **PR Review** ā€” Comprehensive pull request review ensuring code quality and convention compliance +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **memory** | Conversation memory persistence for session continuity | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | +| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | +| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | +| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | +| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research ā†’ Plan ā†’ Implement ā†’ Review ā†’ Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | +| **task-planner** | Implementation planner for creating actionable implementation plans | +| **task-researcher** | Task research specialist for comprehensive project analysis | +| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | -Git workflow prompts for: +### Prompts -- **Commit Messages** ā€” Generate conventional commit messages following project standards -- **Merge Operations** ā€” Handle merges, rebases, and conflict resolution workflows -- **Repository Setup** ā€” Initialize repositories with recommended configuration -- **Pull Requests** ā€” Create and manage pull requests with linked context +| Name | Description | +|------------------------|--------------------------------------------------------------------------------------------------------------------------| +| **checkpoint** | Save or restore conversation context using memory files | +| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | +| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | +| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | +| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | +| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | +| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | +| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | +| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | +| **pull-request** | Generates pull request descriptions from branch diffs | +| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | +| **task-implement** | Locates and executes implementation plans using Task Implementor | +| **task-plan** | Initiates implementation planning based on user context or research documents | +| **task-research** | Initiates research for implementation planning based on user requirements | +| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | -Supporting subagents included: +### Instructions -- **Codebase Researcher** ā€” Searches workspace for code patterns, conventions, and implementations -- **External Researcher** ā€” Retrieves external documentation, SDK references, and code samples -- **Phase Implementor** ā€” Executes single implementation phases with change tracking -- **Artifact Validator** ā€” Validates implementation work against plans and conventions -- **Prompt Tester** ā€” Tests prompt files by following them literally in a sandbox -- **Prompt Evaluator** ā€” Evaluates prompt execution results against quality criteria +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **hve-core/commit-message** | Required instructions for creating all commit messages | +| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | +| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | +| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | +| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | +| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | -Skills included: +### Skills -- **PR Reference** ā€” Generates PR reference XML files with commit history and diffs for pull request workflows +| Name | Description | +|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | diff --git a/collections/installer.collection.md b/collections/installer.collection.md index 09eba2799..f34c2fb43 100644 --- a/collections/installer.collection.md +++ b/collections/installer.collection.md @@ -2,8 +2,16 @@ Deploy HVE Core artifacts across workspace configurations with the hve-core-inst -This collection includes skills for: +### Instructions -- **HVE Core Installer** ā€” Decision-driven installer that deploys selected HVE Core artifacts into target workspaces +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | diff --git a/collections/jira.collection.md b/collections/jira.collection.md index a48d32b73..12d1c1f82 100644 --- a/collections/jira.collection.md +++ b/collections/jira.collection.md @@ -2,12 +2,37 @@ Manage Jira backlog workflows and PRD-driven issue planning from VS Code. This c -This collection includes: +### Chat Agents -- A Jira Backlog Manager agent for discovery, triage, execution, and single-issue backlog actions -- A Jira PRD to WIT planning agent for converting requirements documents into Jira-ready issue hierarchies -- Jira prompts for backlog discovery, triage, execution, and PRD planning workflows -- Jira planning instructions for discovery, triage, execution, and PRD handoff artifacts -- The Jira skill for JQL search, issue inspection, creation, updates, transitions, comments, and field discovery +| Name | Description | +|--------------------------|---------------------------------------------------------------------------------------------------------------------------| +| **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | +| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | - \ No newline at end of file +### Prompts + +| Name | Description | +|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| +| **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | +| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | +| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | +| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | + +### Instructions + +| Name | Description | +|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | +| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | +| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | +| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | +| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | + + diff --git a/collections/project-planning.collection.md b/collections/project-planning.collection.md index db189c2ee..63c557195 100644 --- a/collections/project-planning.collection.md +++ b/collections/project-planning.collection.md @@ -2,27 +2,67 @@ Create architecture decision records, requirements documents, and diagrams ā€” a -This collection includes agents for: - -- **Agile Coach** ā€” Create or refine goal-oriented user stories with clear acceptance criteria -- **Product Manager Advisor** ā€” Product management advisor for requirements discovery, validation, and issue creation -- **UX/UI Designer** ā€” UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements -- **Architecture Decision Records** ā€” Create structured ADRs with solution comparison matrices -- **Architecture Diagrams** ā€” Generate ASCII-art architecture diagrams from descriptions -- **Business Requirements Documents** ā€” Build BRDs through guided Q&A sessions -- **System Architecture Reviewer** ā€” System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment -- **RPI Agent** ā€” Autonomous RPI orchestrator running specialized subagents through Research, Plan, Implement, and Review phases -- **Product Requirements Documents** ā€” Build PRDs with stakeholder-driven refinement -- **RAI Planner** ā€” Responsible AI assessment with security model analysis, impact assessment, and dual-format backlog handoff -- **Security Planner** ā€” STRIDE-based security model analysis with operational bucket classification, standards mapping, and automated backlog generation -- **SSSC Planner** ā€” Software supply-chain security assessment with gap analysis, standards mapping, and automated backlog generation - -Supporting subagents included: - -- **Researcher Subagent** ā€” Research subagent using search tools, read tools, fetch web page, github repo, and MCP tools -- **Plan Validator** ā€” Validates implementation plans against research documents with severity-graded findings -- **Phase Implementor** ā€” Executes a single implementation phase from a plan with full codebase access and change tracking -- **RPI Validator** ā€” Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents -- **Implementation Validator** ā€” Validates implementation quality against architectural requirements, design principles, and code standards +### Chat Agents + +| Name | Description | +|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | +| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | +| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | +| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | +| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research ā†’ Plan ā†’ Implement ā†’ Review ā†’ Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | +| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | + +### Prompts + +| Name | Description | +|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability Ɨ Impact (PƗI) risk matrix. | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | + +### Instructions + +| Name | Description | +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | diff --git a/collections/rai-planning.collection.md b/collections/rai-planning.collection.md index 497c27182..31a448486 100644 --- a/collections/rai-planning.collection.md +++ b/collections/rai-planning.collection.md @@ -5,12 +5,32 @@ Assess AI systems for responsible AI risks using structured standards-aligned an -This collection includes agents and prompts for: - -- **RAI Assessment** ā€” Conduct structured responsible AI assessments aligned to Microsoft RAI Standard v2 and NIST AI RMF -- **Impact Analysis** ā€” Evaluate fairness, reliability, privacy, security, inclusiveness, transparency, and accountability impacts -- **Security Model Analysis** ā€” Identify AI-specific threats using extended STRIDE methodology with ML-specific attack patterns -- **Backlog Handoff** ā€” Generate prioritized RAI work items in ADO or GitHub formats +### Chat Agents + +| Name | Description | +|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | + +### Prompts + +| Name | Description | +|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | + +### Instructions + +| Name | Description | +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/collections/security.collection.md b/collections/security.collection.md index 8b360022d..dffbb2ff7 100644 --- a/collections/security.collection.md +++ b/collections/security.collection.md @@ -5,33 +5,75 @@ Security review, planning, incident response, risk assessment, vulnerability ana -This collection includes agents and prompts for: - -- **Security Plan Creation** - Generate threat models and security architecture documents -- **Security Review** - Evaluate code and architecture for security vulnerabilities -- **Incident Response** - Build incident response runbooks and playbooks -- **Risk Assessment** - Evaluate security risks with structured assessment frameworks -- **Vulnerability Analysis** - Identify and prioritize security vulnerabilities -- **Root Cause Analysis** - Structured RCA templates and guided analysis workflows -- **SSSC Planning** - Supply chain security assessment and backlog generation against OpenSSF standards -- **RAI Planning** - Responsible AI impact assessment and RAI backlog generation - -Supporting subagents included: - -- **Researcher Subagent** - Research subagent using search tools, read tools, fetch web page, github repo, and MCP tools -- **Codebase Profiler** - Scans the repository to build a technology profile and identify which OWASP skills apply -- **Finding Deep Verifier** - Deep adversarial verification of FAIL and PARTIAL findings for a single OWASP skill -- **Report Generator** - Collates verified OWASP skill assessment findings and generates a comprehensive vulnerability report -- **Skill Assessor** - Assesses a single OWASP skill against the codebase, reading vulnerability references and returning structured findings - -Skills included: - -- **OWASP Top 10** ā€” OWASP Top 10 for Web Applications (2025) vulnerability knowledge base -- **OWASP LLM Top 10** ā€” OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base -- **OWASP Agentic Top 10** ā€” OWASP Agentic Security Top 10 vulnerability knowledge base for AI agent systems -- **OWASP MCP Top 10** ā€” OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments -- **OWASP Infrastructure Top 10** ā€” OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments -- **OWASP CI/CD Top 10** ā€” OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments -- **Security Reviewer Formats** ā€” Format specifications and data contracts for the security reviewer orchestrator and its subagents +### Chat Agents + +| Name | Description | +|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | +| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | +| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | + +### Prompts + +| Name | Description | +|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability Ɨ Impact (PƗI) risk matrix. | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | +| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | +| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | +| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | + +### Instructions + +| Name | Description | +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | +| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | +| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | +| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | +| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | +| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | +| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | diff --git a/plugins/ado/README.md b/plugins/ado/README.md index 3826c691b..0872f25b7 100644 --- a/plugins/ado/README.md +++ b/plugins/ado/README.md @@ -9,13 +9,46 @@ Manage Azure DevOps work items, monitor builds, create pull requests, and conver -This collection includes agents and prompts for: - -- **Work Item Management** ā€” Discover, create, update, and plan work items across ADO projects -- **Build Monitoring** ā€” Query build status, review logs, and diagnose failures -- **Pull Request Creation** ā€” Generate PRs with linked work items and reviewer identification -- **PRD-to-Work-Item Conversion** ā€” Transform Product Requirements Documents into ADO feature/user-story/task hierarchies -- **Backlog Management** ā€” Orchestrated triage, discovery, sprint planning, and work item creation workflows through a central ADO Backlog Manager agent +### Chat Agents + +| Name | Description | +|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | +| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | + +### Prompts + +| Name | Description | +|-------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| +| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | +| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | +| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | +| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | +| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | +| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | +| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | +| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado-update-wit-items** | Prompt to update work items based on planning files | + +### Instructions + +| Name | Description | +|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | +| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | +| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | +| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | +| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | +| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | +| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | diff --git a/plugins/coding-standards/README.md b/plugins/coding-standards/README.md index 072ef72e9..5302b2343 100644 --- a/plugins/coding-standards/README.md +++ b/plugins/coding-standards/README.md @@ -9,21 +9,47 @@ Enforce language-specific coding conventions and best practices across your proj -This collection includes: - -- **Code Review Functional** ā€” Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps -- **Code Review Standards** ā€” Skills-based code reviewer that enforces project-defined coding standards via dynamic skill loading -- **Code Review Full** ā€” Orchestrates both functional and standards reviews in a single pass - -Instructions for: - -- **Bash** ā€” Shell scripting conventions and best practices -- **Bicep** ā€” Infrastructure as code implementation standards -- **C#** ā€” Code and test conventions including nullable reference types, async patterns, and xUnit testing -- **PowerShell** ā€” Script and module conventions including comment-based help, CmdletBinding, PSScriptAnalyzer compliance, and copyright headers -- **Python** ā€” Scripting implementation with type hints, docstrings, uv project management, and pytest testing -- **Rust** ā€” Rust development conventions targeting the 2021 edition -- **Terraform** ā€” Infrastructure as code with provider configuration and module structure +### Chat Agents + +| Name | Description | +|----------------------------|---------------------------------------------------------------------------------------------------------------------------| +| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | +| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | +| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | + +### Prompts + +| Name | Description | +|----------------------------|----------------------------------------------------------------------------------------------------| +| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | +| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | + +### Instructions + +| Name | Description | +|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **coding-standards/bash/bash** | Instructions for bash script implementation | +| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | +| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | +| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | +| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | +| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | +| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | +| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | +| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | diff --git a/plugins/data-science/README.md b/plugins/data-science/README.md index 5d0067483..4f8e111b0 100644 --- a/plugins/data-science/README.md +++ b/plugins/data-science/README.md @@ -15,13 +15,38 @@ Generate data specifications, Jupyter notebooks, and Streamlit dashboards from n -This collection includes agents for: - -- **Data Specification Generation** ā€” Create structured data schemas and specifications from requirements -- **Jupyter Notebook Generation** ā€” Build data analysis notebooks with visualizations and documentation -- **Streamlit Dashboard Generation** ā€” Create interactive dashboards from data sources -- **Dashboard Testing** ā€” Comprehensive test suites for Streamlit applications -- **RAI Planner** ā€” Responsible AI assessment with security model analysis, impact assessment, and dual-format backlog handoff +### Chat Agents + +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | +| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | +| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | + +### Prompts + +| Name | Description | +|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | + +### Instructions + +| Name | Description | +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/plugins/design-thinking/README.md b/plugins/design-thinking/README.md index ac03cd04f..e18ab1750 100644 --- a/plugins/design-thinking/README.md +++ b/plugins/design-thinking/README.md @@ -13,56 +13,78 @@ Coaching identity, quality constraints, and methodology instructions for AI-enha -This collection includes agents, prompts, and instructions for: - -- **DT Start Project** ā€” Initializes a new Design Thinking coaching project with state file creation, frozen/fluid classification, and first Method 1 coaching interaction -- **DT Resume Coaching** ā€” Resumes an existing coaching session from saved state, restoring context from the project's coaching state file -- **DT Method Next** ā€” Assesses current coaching state and recommends the next method with sequencing validation, handling edge cases for no project, all methods complete, and iteration loops -- **DT Handoff Implementation Space** ā€” Implementation Space exit handoff that compiles DT Methods 7-9 outputs into an RPI-ready artifact with tiered routing to task-planner or task-implementor, handoff lineage from all nine methods, content sanitization, and a completion ceremony -- **DT Handoff Problem Space** ā€” Problem Space exit handoff that compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting task-researcher, with readiness assessment and quality markers -- **DT Method 4: Ideation** ā€” Divergent idea generation with constraint-informed creativity for Method 4b brainstorming -- **DT Method 4: Convergence** ā€” Theme discovery through philosophy-based clustering for Method 4c brainstorming -- **DT Method 5: Concepts** ā€” Concept articulation from brainstorming themes for Method 5b user concepts -- **DT Method 5: Evaluation** ā€” Stakeholder alignment and three-lens evaluation for Method 5c user concepts -- **DT Method 6: Planning** ā€” Concept analysis and prototype approach design for Method 6a lo-fi prototyping -- **DT Method 6: Building** ā€” Scrappy prototype building with fidelity enforcement for Method 6b -- **DT Method 6: Testing** ā€” Hypothesis-driven testing and constraint validation for Method 6c -- **DT Coaching Identity** ā€” Defines the coach's interaction philosophy (Think, Speak, Empower), progressive hint engine, psychological safety patterns, and hat-switching framework for consistent behavior across all nine methods -- **DT Coach**: Conversational coaching agent that guides teams through all 9 methods with Think/Speak/Empower philosophy -- **DT Coaching State** ā€” Session persistence schema, method progress tracking, and session recovery protocol enabling the coach to resume seamlessly across conversations -- **DT Method Sequencing** ā€” Governs the nine-method sequence across three spaces, space boundary transition protocols with readiness signals, non-linear iteration patterns, method routing logic, and coaching state tracking -- **DT Quality Constraints** ā€” Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods -- **DT Method 01: Scope Conversations** ā€” Frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation for transforming initial customer requests into genuine understanding of business challenges -- **DT Method 01 Deep** ā€” Advanced stakeholder analysis, power dynamics, and scope negotiation expertise loaded on-demand for complex Method 1 coaching scenarios -- **DT Method 02: Design Research** ā€” Interview techniques, research planning, environmental observation, and insight extraction patterns for systematic discovery of end-user needs through direct engagement across three phases: planning, execution, and documentation -- **DT Method 02 Deep: Advanced Design Research** ā€” On-demand deep reference covering advanced interview techniques, ethnographic observation methods, evidence triangulation, and manufacturing research patterns; loaded by the coach for complex research scenarios requiring specialist guidance -- **DT Method 03: Input Synthesis** ā€” Pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness for transforming fragmented research data into unified problem understanding -- **DT Method 03 Deep** ā€” Advanced affinity analysis with multi-pass clustering, insight frameworks with observation-inference-insight formula, HMW question scaffolding, problem statement articulation, and manufacturing synthesis patterns -- **DT Method 04 Deep: Advanced Brainstorming Techniques** ā€” Advanced facilitation techniques (brainwriting, morphological analysis, provocation), creative block recovery, convergence frameworks (impact/effort matrix, weighted D/F/V scoring), and cross-pollination from analogous industries loaded on-demand for complex Method 4 coaching scenarios -- **DT Industry: Healthcare** ā€” Healthcare-specific vocabulary mapping, constraints (HIPAA, patient safety, clinical workflow), empathy tools (patient journey mapping, clinician shadow), and an ED wait-time reference scenario for on-demand industry context loading -- **DTā†’RPI Handoff Contract** ā€” Exit-point definitions, artifact schemas, per-agent input contracts, graduation awareness behavior, and quality markers for lateral transitions from Design Thinking coaching into the RPI workflow -- **DT RPI Implementation Context** ā€” DT-aware task-implementor augmentation that enforces space-appropriate fidelity constraints, stakeholder validation against handoff maps, confidence-marker handling, and return path triggers when operating on DT artifacts -- **DT RPI Planning Context** ā€” DT-aware task-planner augmentation that shapes implementation planning around fidelity constraints, iteration support, confidence-informed risk assessment, and stakeholder-segmented success criteria when operating on DT artifacts -- **DT RPI Research Context** ā€” DT-aware task-researcher augmentation that frames research around stakeholder needs, quality-marked findings, assumption validation, and return path triggers when operating on DT artifacts -- **DT RPI Review Context** ā€” DT-aware task-reviewer augmentation that defines quality criteria per artifact type (coaching, method, deep, industry, handoff, agent, output), review checklist additions for coaching tone and fidelity enforcement, anti-patterns to flag, and severity mapping for Design Thinking artifacts -- **DT Method 07: High-Fidelity Prototypes** ā€” Technical translation, functional prototypes, and specifications for Implementation Space entry with three-hat architecture and progressive fidelity modeling -- **DT Method 07: Deep Expertise** ā€” On-demand fidelity translation, architecture trade-off analysis, specification writing patterns, and manufacturing-specific prototyping guidance for complex Method 7 coaching scenarios -- **DT Method 08: User Testing** ā€” Evidence-based evaluation, test protocols, and non-linear iteration support for structured user testing of hi-fi prototypes with leap-enabling questioning and loop decision coaching -- **DT Method 08 Deep** ā€” Advanced test design, small-sample analysis, iteration triggers, and bias mitigation expertise loaded on-demand for complex Method 8 coaching scenarios -- **DT Method 09: Iteration at Scale** ā€” Continuous optimization through telemetry-driven enhancement, systematic refinement cycles, and organizational deployment planning covering change management, training, and adoption metrics -- **DT Method 09 Deep** ā€” Advanced organizational change management (ADKAR framework), scaling patterns, adoption measurement systems, scaling anti-patterns, and manufacturing deployment strategies loaded on-demand for complex Method 9 coaching scenarios -- **DT Industry: Manufacturing** ā€” On-demand industry context providing manufacturing vocabulary mapping, operational constraints (safety culture, shift patterns, union dynamics), empathy tools (gemba walk, shift-handoff observation, operator shadow), and a reference scenario for contextualizing Design Thinking coaching in manufacturing environments -- **DT Industry: Energy** ā€” On-demand energy-sector context providing vocabulary mapping (NERC/FERC/SCADA terminology), critical infrastructure constraints (regulatory weight, long asset lifecycles, security classification), empathy tools (control room observation, field ride-along, regulatory timeline mapping), and a renewable integration reference scenario -- **DT Curriculum Module 1: Scope Conversations** ā€” Key concepts (frozen vs fluid requests, stakeholder mapping, constraint discovery), progressive questioning techniques, comprehension checks, and manufacturing practice exercises for teaching Method 1 -- **DT Curriculum Module 2: Design Research** ā€” Key concepts (genuine need discovery, environmental context, universal discovery sequence), contextual inquiry techniques, comprehension checks, and manufacturing practice exercises for teaching Method 2 -- **DT Curriculum Module 3: Synthesis** ā€” Key concepts (multi-source pattern recognition, theme development, context preservation), affinity clustering techniques, comprehension checks, and manufacturing practice exercises for teaching Method 3 -- **DT Curriculum Module 4: Brainstorming** ā€” Key concepts (divergent vs convergent phases, constraint-driven creativity, philosophy-based clustering), AI spring-boarding techniques, comprehension checks, and manufacturing practice exercises for teaching Method 4 -- **DT Curriculum Module 5: User Concepts** ā€” Key concepts (minimum viable visuals, understanding speed, interaction vs value concepts), stick figure approach and silent review techniques, comprehension checks, and manufacturing practice exercises for teaching Method 5 -- **DT Curriculum Module 6: Low-Fidelity Prototypes** ā€” Key concepts (scrappy principle, instant failure as instant win, single-assumption testing), simple material prototyping techniques, comprehension checks, and manufacturing practice exercises for teaching Method 6 -- **DT Curriculum Module 7: High-Fidelity Prototypes** ā€” Key concepts (technical feasibility validation, stripped-down functional focus, multiple implementation comparison), hardware and integration testing techniques, comprehension checks, and manufacturing practice exercises for teaching Method 7 -- **DT Curriculum Module 8: User Testing** ā€” Key concepts (leap-enabling vs leap-killing questions, non-linear iteration loops, behavior over opinions), task-based testing techniques, comprehension checks, and manufacturing practice exercises for teaching Method 8 -- **DT Curriculum Module 9: Iteration at Scale** ā€” Key concepts (telemetry-driven enhancement, high-frequency pattern focus, incremental enhancement), production telemetry techniques, comprehension checks, and manufacturing practice exercises for teaching Method 9 -- **DT Curriculum Scenario: Manufacturing** ā€” Factory floor improvement reference scenario (Meridian Components) with interview excerpts, observation data points, and test results used across all 9 curriculum modules for progressive learning exercises +### Chat Agents + +| Name | Description | +|-----------------------|------------------------------------------------------------------------------------------------------------| +| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | +| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | + +### Prompts + +| Name | Description | +|-------------------------------------|--------------------------------------------------------------------------------------------------------------------| +| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | +| **dt-handoff-problem-space** | Problem Space exit handoff ā€” compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-handoff-solution-space** | Solution Space exit handoff ā€” compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | +| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | +| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | +| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | +| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | +| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | +| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | +| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | +| **dt-resume-coaching** | Resume a Design Thinking coaching session ā€” reads coaching state and re-establishes context | +| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | + +### Instructions + +| Name | Description | +|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | +| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | +| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning ā€” factory floor improvement project used across all 9 curriculum modules | +| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | +| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | +| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | +| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | +| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | +| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis ā€” advanced affinity analysis, insight frameworks, and problem statement articulation | +| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | +| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | +| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming ā€” advanced facilitation techniques, creative block recovery, and convergence frameworks | +| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | +| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | +| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | +| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | +| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | +| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | +| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate ā€” advanced test design, small-sample analysis, iteration triggers, and bias mitigation | +| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | +| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale ā€” change management, scaling, and adoption measurement | +| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale ā€” systematic refinement, scaling patterns, and organizational deployment | +| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | +| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | +| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | +| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | +| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | +| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | +| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | +| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/plugins/experimental/README.md b/plugins/experimental/README.md index a59aa43fc..89b178ebb 100644 --- a/plugins/experimental/README.md +++ b/plugins/experimental/README.md @@ -11,11 +11,28 @@ Experimental and preview artifacts not yet promoted to stable collections. Items -This collection includes agents, skills, and instructions for: +### Chat Agents -- **Experiment Designer** ā€” Guides users through designing Minimum Viable Experiments (MVEs) with hypothesis formation, vetting, and structured experiment plans -- **PowerPoint Builder** ā€” Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx -- **Video to GIF** ā€” Convert video files to animated GIF format +| Name | Description | +|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | +| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | +| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | + +### Instructions + +| Name | Description | +|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | +| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|------------------|--------------------------------------------------------------------------------------------------------| +| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | +| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | diff --git a/plugins/github/README.md b/plugins/github/README.md index df28bb521..3521c2417 100644 --- a/plugins/github/README.md +++ b/plugins/github/README.md @@ -9,12 +9,33 @@ Manage GitHub issue backlogs with agents for discovery, triage, sprint planning, -This collection includes agents and prompts for: - -- **Issue Discovery** ā€” Find and analyze issues across repositories with duplicate detection -- **Triage** ā€” Automated label suggestion, milestone assignment, and priority assessment -- **Sprint Planning** ā€” Organize issues into sprints with effort estimation -- **Backlog Execution** ā€” Execute planned operations against issue backlogs +### Chat Agents + +| Name | Description | +|----------------------------|------------------------------------------------------------------------------------------------------------------------| +| **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | + +### Prompts + +| Name | Description | +|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| +| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | +| **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | +| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | +| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | +| **github-suggest** | Resume GitHub backlog management workflow after session restore | +| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | + +### Instructions + +| Name | Description | +|-------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | +| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | +| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | +| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | +| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/plugins/gitlab/README.md b/plugins/gitlab/README.md index a8563a267..fd19126bf 100644 --- a/plugins/gitlab/README.md +++ b/plugins/gitlab/README.md @@ -9,9 +9,17 @@ Use GitLab merge request and pipeline workflows from VS Code through a focused P -This collection includes: +### Instructions -- **GitLab Skill** - List and inspect merge requests, create or update merge requests, add notes, inspect pipelines, list jobs, and fetch job logs +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|------------|--------------------------------------------------------------| +| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | diff --git a/plugins/hve-core-all/README.md b/plugins/hve-core-all/README.md index 54c79b0d9..9d6fbe855 100644 --- a/plugins/hve-core-all/README.md +++ b/plugins/hve-core-all/README.md @@ -14,34 +14,254 @@ Use this edition when you want access to everything without choosing a focused c -Code review agents included (via coding-standards collection): +### Chat Agents -- **Code Review Functional** ā€” Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps -- **Code Review Standards** ā€” Skills-based code reviewer that enforces project-defined coding standards via dynamic skill loading -- **Code Review Full** ā€” Orchestrates both functional and standards reviews in a single pass +| Name | Description | +|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | +| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | +| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | +| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | +| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | +| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | +| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | +| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | +| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | +| **codebase-profiler** | Scans the repository to build a technology profile and identify which OWASP skills apply to the codebase | +| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | +| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | +| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | +| **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | +| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single OWASP skill | +| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | +| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | +| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | +| **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | +| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | +| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | +| **memory** | Conversation memory persistence for session continuity | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | +| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | +| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | +| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | +| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | +| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | +| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | +| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | +| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **report-generator** | Collates verified OWASP skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research ā†’ Plan ā†’ Implement ā†’ Review ā†’ Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **security-reviewer** | OWASP assessment orchestrator for codebase profiling and vulnerability reporting | +| **skill-assessor** | Assesses a single OWASP skill against the codebase, reading vulnerability references and returning structured findings | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | +| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | +| **task-planner** | Implementation planner for creating actionable implementation plans | +| **task-researcher** | Task research specialist for comprehensive project analysis | +| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | +| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | +| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | -Security and planning agents included (via security collection): +### Prompts -- **Security Planner** ā€” STRIDE-based security model analysis with operational bucket classification, standards mapping, and automated backlog generation -- **SSSC Planner** ā€” Supply chain security assessment against OpenSSF Scorecard, SLSA, and SBOM standards -- **RAI Planner** ā€” Responsible AI assessment with impact assessment and dual-format backlog handoff +| Name | Description | +|-------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | +| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | +| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | +| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | +| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | +| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | +| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | +| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado-update-wit-items** | Prompt to update work items based on planning files | +| **checkpoint** | Save or restore conversation context using memory files | +| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | +| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | +| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | +| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | +| **dt-handoff-problem-space** | Problem Space exit handoff ā€” compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-handoff-solution-space** | Solution Space exit handoff ā€” compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | +| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | +| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | +| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | +| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | +| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | +| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | +| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | +| **dt-resume-coaching** | Resume a Design Thinking coaching session ā€” reads coaching state and re-establishes context | +| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | +| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | +| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | +| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | +| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | +| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | +| **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | +| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | +| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | +| **github-suggest** | Resume GitHub backlog management workflow after session restore | +| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | +| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | +| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | +| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | +| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | +| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | +| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | +| **pull-request** | Generates pull request descriptions from branch diffs | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability Ɨ Impact (PƗI) risk matrix. | +| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | +| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | +| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | +| **task-implement** | Locates and executes implementation plans using Task Implementor | +| **task-plan** | Initiates implementation planning based on user context or research documents | +| **task-research** | Initiates research for implementation planning based on user requirements | +| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | -Supporting subagents included: +### Instructions -- **Codebase Researcher** ā€” Searches workspace for code patterns, conventions, and implementations -- **External Researcher** ā€” Retrieves external documentation, SDK references, and code samples -- **Phase Implementor** ā€” Executes single implementation phases with change tracking -- **Artifact Validator** ā€” Validates implementation work against plans and conventions -- **Prompt Tester** ā€” Tests prompt files by following them literally in a sandbox -- **Prompt Evaluator** ā€” Evaluates prompt execution results against quality criteria +| Name | Description | +|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | +| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | +| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | +| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | +| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | +| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | +| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | +| **coding-standards/bash/bash** | Instructions for bash script implementation | +| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | +| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | +| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | +| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | +| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | +| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | +| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | +| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | +| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | +| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale ā€” concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning ā€” factory floor improvement project used across all 9 curriculum modules | +| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | +| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching ā€” vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | +| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | +| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | +| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | +| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis ā€” advanced affinity analysis, insight frameworks, and problem statement articulation | +| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | +| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | +| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming ā€” advanced facilitation techniques, creative block recovery, and convergence frameworks | +| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | +| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | +| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | +| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | +| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | +| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | +| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate ā€” advanced test design, small-sample analysis, iteration triggers, and bias mitigation | +| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | +| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale ā€” change management, scaling, and adoption measurement | +| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale ā€” systematic refinement, scaling patterns, and organizational deployment | +| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | +| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | +| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | +| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | +| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | +| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | +| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | +| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | +| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | +| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | +| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | +| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | +| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | +| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | +| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | +| **hve-core/commit-message** | Required instructions for creating all commit messages | +| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | +| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | +| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | +| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | +| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | +| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | +| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | +| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | +| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | +| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | -Skills included: +### Skills -- **HVE Core Installer** ā€” Decision-driven installer skill for deploying HVE Core across workspace configurations -- **GitLab Integration** ā€” GitLab merge request and pipeline workflows through a Python skill -- **Jira Integration** ā€” Jira backlog discovery, triage, execution, and PRD planning workflows backed by Jira issue operations and field discovery -- **PR Reference** ā€” Generates PR reference XML files with commit history and diffs for pull request workflows -- **Video to GIF** ā€” Converts video files to optimized GIF animations using FFmpeg two-pass palette optimization +| Name | Description | +|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | +| **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | +| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | +| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | +| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | +| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | +| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | +| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | +| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | +| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | +| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | +| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | diff --git a/plugins/hve-core/README.md b/plugins/hve-core/README.md index 1a2e26c53..eb2dca76d 100644 --- a/plugins/hve-core/README.md +++ b/plugins/hve-core/README.md @@ -9,34 +9,65 @@ HVE Core provides the flagship RPI (Research, Plan, Implement, Review) workflow -This collection includes agents for: - -- **RPI Agent** ā€” Autonomous orchestrator that drives the full four-phase workflow -- **Task Researcher** ā€” Gathers context, discovers patterns, and produces research documents -- **Task Planner** ā€” Creates detailed implementation plans from research findings -- **Task Implementor** ā€” Executes plans with progressive tracking and change records -- **Task Reviewer** ā€” Validates implementations against plans and project conventions -- **PR Review** ā€” Comprehensive pull request review ensuring code quality and convention compliance - -Git workflow prompts for: - -- **Commit Messages** ā€” Generate conventional commit messages following project standards -- **Merge Operations** ā€” Handle merges, rebases, and conflict resolution workflows -- **Repository Setup** ā€” Initialize repositories with recommended configuration -- **Pull Requests** ā€” Create and manage pull requests with linked context - -Supporting subagents included: - -- **Codebase Researcher** ā€” Searches workspace for code patterns, conventions, and implementations -- **External Researcher** ā€” Retrieves external documentation, SDK references, and code samples -- **Phase Implementor** ā€” Executes single implementation phases with change tracking -- **Artifact Validator** ā€” Validates implementation work against plans and conventions -- **Prompt Tester** ā€” Tests prompt files by following them literally in a sandbox -- **Prompt Evaluator** ā€” Evaluates prompt execution results against quality criteria - -Skills included: - -- **PR Reference** ā€” Generates PR reference XML files with commit history and diffs for pull request workflows +### Chat Agents + +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **memory** | Conversation memory persistence for session continuity | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | +| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | +| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | +| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | +| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research ā†’ Plan ā†’ Implement ā†’ Review ā†’ Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | +| **task-planner** | Implementation planner for creating actionable implementation plans | +| **task-researcher** | Task research specialist for comprehensive project analysis | +| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | + +### Prompts + +| Name | Description | +|------------------------|--------------------------------------------------------------------------------------------------------------------------| +| **checkpoint** | Save or restore conversation context using memory files | +| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | +| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | +| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | +| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | +| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | +| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | +| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | +| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | +| **pull-request** | Generates pull request descriptions from branch diffs | +| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | +| **task-implement** | Locates and executes implementation plans using Task Implementor | +| **task-plan** | Initiates implementation planning based on user context or research documents | +| **task-research** | Initiates research for implementation planning based on user requirements | +| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | + +### Instructions + +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **hve-core/commit-message** | Required instructions for creating all commit messages | +| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | +| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | +| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | +| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | +| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | diff --git a/plugins/installer/README.md b/plugins/installer/README.md index b71577a38..bdb6c7ebe 100644 --- a/plugins/installer/README.md +++ b/plugins/installer/README.md @@ -9,9 +9,17 @@ Deploy HVE Core artifacts across workspace configurations with the hve-core-inst -This collection includes skills for: +### Instructions -- **HVE Core Installer** ā€” Decision-driven installer that deploys selected HVE Core artifacts into target workspaces +| Name | Description | +|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | diff --git a/plugins/jira/README.md b/plugins/jira/README.md index fe7339fc6..cad583e67 100644 --- a/plugins/jira/README.md +++ b/plugins/jira/README.md @@ -9,13 +9,38 @@ Manage Jira backlog workflows and PRD-driven issue planning from VS Code. This c -This collection includes: - -- A Jira Backlog Manager agent for discovery, triage, execution, and single-issue backlog actions -- A Jira PRD to WIT planning agent for converting requirements documents into Jira-ready issue hierarchies -- Jira prompts for backlog discovery, triage, execution, and PRD planning workflows -- Jira planning instructions for discovery, triage, execution, and PRD handoff artifacts -- The Jira skill for JQL search, issue inspection, creation, updates, transitions, comments, and field discovery +### Chat Agents + +| Name | Description | +|--------------------------|---------------------------------------------------------------------------------------------------------------------------| +| **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | +| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | + +### Prompts + +| Name | Description | +|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| +| **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | +| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | +| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | +| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | + +### Instructions + +| Name | Description | +|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | +| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | +| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | +| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | +| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | diff --git a/plugins/project-planning/README.md b/plugins/project-planning/README.md index 2f622b905..d0295f124 100644 --- a/plugins/project-planning/README.md +++ b/plugins/project-planning/README.md @@ -9,28 +9,68 @@ Create architecture decision records, requirements documents, and diagrams ā€” a -This collection includes agents for: - -- **Agile Coach** ā€” Create or refine goal-oriented user stories with clear acceptance criteria -- **Product Manager Advisor** ā€” Product management advisor for requirements discovery, validation, and issue creation -- **UX/UI Designer** ā€” UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements -- **Architecture Decision Records** ā€” Create structured ADRs with solution comparison matrices -- **Architecture Diagrams** ā€” Generate ASCII-art architecture diagrams from descriptions -- **Business Requirements Documents** ā€” Build BRDs through guided Q&A sessions -- **System Architecture Reviewer** ā€” System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment -- **RPI Agent** ā€” Autonomous RPI orchestrator running specialized subagents through Research, Plan, Implement, and Review phases -- **Product Requirements Documents** ā€” Build PRDs with stakeholder-driven refinement -- **RAI Planner** ā€” Responsible AI assessment with security model analysis, impact assessment, and dual-format backlog handoff -- **Security Planner** ā€” STRIDE-based security model analysis with operational bucket classification, standards mapping, and automated backlog generation -- **SSSC Planner** ā€” Software supply-chain security assessment with gap analysis, standards mapping, and automated backlog generation - -Supporting subagents included: - -- **Researcher Subagent** ā€” Research subagent using search tools, read tools, fetch web page, github repo, and MCP tools -- **Plan Validator** ā€” Validates implementation plans against research documents with severity-graded findings -- **Phase Implementor** ā€” Executes a single implementation phase from a plan with full codebase access and change tracking -- **RPI Validator** ā€” Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents -- **Implementation Validator** ā€” Validates implementation quality against architectural requirements, design principles, and code standards +### Chat Agents + +| Name | Description | +|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | +| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | +| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | +| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | +| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research ā†’ Plan ā†’ Implement ā†’ Review ā†’ Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | +| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | + +### Prompts + +| Name | Description | +|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability Ɨ Impact (PƗI) risk matrix. | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | + +### Instructions + +| Name | Description | +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | diff --git a/plugins/rai-planning/README.md b/plugins/rai-planning/README.md index f658a10b7..5677d5c1b 100644 --- a/plugins/rai-planning/README.md +++ b/plugins/rai-planning/README.md @@ -17,12 +17,32 @@ Assess AI systems for responsible AI risks using structured standards-aligned an -This collection includes agents and prompts for: - -- **RAI Assessment** ā€” Conduct structured responsible AI assessments aligned to Microsoft RAI Standard v2 and NIST AI RMF -- **Impact Analysis** ā€” Evaluate fairness, reliability, privacy, security, inclusiveness, transparency, and accountability impacts -- **Security Model Analysis** ā€” Identify AI-specific threats using extended STRIDE methodology with ML-specific attack patterns -- **Backlog Handoff** ā€” Generate prioritized RAI work items in ADO or GitHub formats +### Chat Agents + +| Name | Description | +|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | + +### Prompts + +| Name | Description | +|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | + +### Instructions + +| Name | Description | +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/plugins/security/README.md b/plugins/security/README.md index c666e51b7..5890fda7a 100644 --- a/plugins/security/README.md +++ b/plugins/security/README.md @@ -15,34 +15,73 @@ Security review, planning, incident response, risk assessment, vulnerability ana -This collection includes agents and prompts for: - -- **Security Plan Creation** - Generate threat models and security architecture documents -- **Security Review** - Evaluate code and architecture for security vulnerabilities -- **Incident Response** - Build incident response runbooks and playbooks -- **Risk Assessment** - Evaluate security risks with structured assessment frameworks -- **Vulnerability Analysis** - Identify and prioritize security vulnerabilities -- **Root Cause Analysis** - Structured RCA templates and guided analysis workflows -- **SSSC Planning** - Supply chain security assessment and backlog generation against OpenSSF standards -- **RAI Planning** - Responsible AI impact assessment and RAI backlog generation - -Supporting subagents included: - -- **Researcher Subagent** - Research subagent using search tools, read tools, fetch web page, github repo, and MCP tools -- **Codebase Profiler** - Scans the repository to build a technology profile and identify which OWASP skills apply -- **Finding Deep Verifier** - Deep adversarial verification of FAIL and PARTIAL findings for a single OWASP skill -- **Report Generator** - Collates verified OWASP skill assessment findings and generates a comprehensive vulnerability report -- **Skill Assessor** - Assesses a single OWASP skill against the codebase, reading vulnerability references and returning structured findings - -Skills included: - -- **OWASP Top 10** - OWASP Top 10 for Web Applications (2025) vulnerability knowledge base -- **OWASP LLM Top 10** - OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base -- **OWASP Agentic Top 10** - OWASP Agentic Security Top 10 vulnerability knowledge base for AI agent systems -- **OWASP MCP Top 10** - OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments -- **OWASP Infrastructure Top 10** - OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments -- **OWASP CI/CD Top 10** - OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments -- **Security Reviewer Formats** - Format specifications and data contracts for the security reviewer orchestrator and its subagents +### Chat Agents + +| Name | Description | +|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **codebase-profiler** | Scans the repository to build a technology profile and identify which OWASP skills apply to the codebase | +| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single OWASP skill | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **report-generator** | Collates verified OWASP skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **security-reviewer** | OWASP assessment orchestrator for codebase profiling and vulnerability reporting | +| **skill-assessor** | Assesses a single OWASP skill against the codebase, reading vulnerability references and returning structured findings | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | + +### Prompts + +| Name | Description | +|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability Ɨ Impact (PƗI) risk matrix. | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | +| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | +| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | + +### Instructions + +| Name | Description | +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | + +### Skills + +| Name | Description | +|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | +| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | +| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | +| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | +| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. |