Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
7b53564
feat(agents): consolidate code-review agents into single human-gated …
WilliamBerryiii Jun 19, 2026
f15fc93
Merge remote-tracking branch 'origin/main' into feature/code-review-c…
WilliamBerryiii Jun 20, 2026
315d0d9
Merge remote-tracking branch 'origin/main' into feature/code-review-c…
WilliamBerryiii Jun 20, 2026
ed2b76d
feat(agents): orientation-first review integration (Scenario D loop)
WilliamBerryiii Jun 21, 2026
057528a
style(agents): format markdown tables for table-format check
WilliamBerryiii Jun 21, 2026
0041303
refactor(agents): enhance subagent response contracts for clarity and…
WilliamBerryiii Jun 21, 2026
a0ffa41
Merge remote-tracking branch 'origin/main' into feature/code-review-c…
WilliamBerryiii Jun 23, 2026
d1585dc
feat(agents): harden code review closeout, emission gating, and discl…
WilliamBerryiii Jun 26, 2026
f3023e1
Merge remote-tracking branch 'origin/main' into feature/code-review-c…
WilliamBerryiii Jun 26, 2026
954ba13
Merge remote-tracking branch 'origin/main' into feature/code-review-c…
WilliamBerryiii Jun 26, 2026
6dc54bf
Merge remote-tracking branch 'origin/main' into feature/code-review-c…
WilliamBerryiii Jun 26, 2026
cd7726a
fix(skills): drop en-us locale path from code-review sustainability URLs
WilliamBerryiii Jun 26, 2026
4eecbae
fix(agents): reword abuse to exploitation and reformat sustainability…
WilliamBerryiii Jun 26, 2026
8af84bd
test(evals): add eval coverage for consolidated code-review components
WilliamBerryiii Jun 26, 2026
0ff815b
test(evals): use full words in code-review grader patterns for spell …
WilliamBerryiii Jun 26, 2026
ab3d34b
Merge branch 'main' into feature/code-review-consolidation
WilliamBerryiii Jun 26, 2026
0621db2
Merge remote-tracking branch 'origin/main' into feature/code-review-c…
WilliamBerryiii Jun 26, 2026
aee5871
Merge remote-tracking branch 'origin/feature/code-review-consolidatio…
WilliamBerryiii Jun 26, 2026
51a8379
build(collections): regenerate plugin outputs after merge integration
WilliamBerryiii Jun 26, 2026
88b68d9
test(evals): add eval coverage for supply-chain-skill-assessor subagent
WilliamBerryiii Jun 26, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .cspell.json
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
"activedescendant",
"agentic",
"aoda",
"ASEC",
"atheris",
"cursored",
"networkidle",
Expand Down
2 changes: 2 additions & 0 deletions .cspell/general-technical.txt
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,7 @@ git
gitops
helm
Holo
hotspot
hotspots
Fulcio
gitsign
Expand Down Expand Up @@ -1148,6 +1149,7 @@ vums
vwan
vxlan
wafs
walkback
walkthrough
wans
webgui
Expand Down
64 changes: 15 additions & 49 deletions .github/CUSTOM-AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,15 +73,11 @@ Each phase has two entry points: the `/task-*` prompt commands (`/task-research`

### Code and Review Agents

| Agent | Purpose | Key Constraint |
|----------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------|
| **pr-review** | 4-phase PR review with tracking artifacts | Review-only; never modifies code |
| **pr-walkthrough** | Narrative PR orientation that builds a reviewer's mental model | Orientation-only; never renders judgments; experimental |
| **prompt-builder** | Engineers and validates instruction/prompt files | Dual-persona system with auto-testing |
| **security-reviewer** | OWASP vulnerability assessment with subagent-driven verification | Delegates all reference reading to subagents |
| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness and logic gaps | Review-only; five focus areas; optional artifact save |
| **code-review-full** | Orchestrator running functional + standards reviews via subagents | Merges both reports; delegates to subagents; experimental |
| **code-review-standards** | Skills-based standards reviewer for local changes and PRs | Findings must trace to a loaded skill; experimental |
| Agent | Purpose | Key Constraint |
|-----------------------|------------------------------------------------------------------------|---------------------------------------------------------------|
| **prompt-builder** | Engineers and validates instruction/prompt files | Dual-persona system with auto-testing |
| **security-reviewer** | OWASP vulnerability assessment with subagent-driven verification | Delegates all reference reading to subagents |
| **code-review** | Human-gated review orchestrator dispatching five perspective subagents | Operator confirms scope, perspectives, and depth; review-only |

### Generator Agents

Expand Down Expand Up @@ -175,18 +171,6 @@ Each phase has two entry points: the `/task-*` prompt commands (`/task-research`

**Critical:** Dual-persona system with execution and evaluation subagents. Uses sandbox environment for testing. Links to authoritative sources.

### pr-review

**Creates:** Review tracking files in normalized branch folders:

* `.copilot-tracking/pr/review/{normalized-branch}/in-progress-review.md` (living review document with findings)
* `.copilot-tracking/pr/review/{normalized-branch}/pr-reference.xml` (PR metadata and diff summary, generated via the `pr-reference` skill)
* `.copilot-tracking/pr/review/{normalized-branch}/handoff.md` (finalized comments for PR submission)

**Workflow:** 4 phases (Initialize → Analyze → Collaborative Review → Finalize)

**Critical:** Review-only. Never modifies code. Evaluates 8 dimensions: functional correctness, design, idioms, reusability, performance, reliability, security, documentation.

### product-manager-advisor

**Purpose:** Requirements discovery, story quality assurance, and prioritization guidance.
Expand Down Expand Up @@ -361,35 +345,17 @@ Users are responsible for verifying their repository's `.gitignore` configuratio

**Critical:** Orchestrator-only pattern. Delegates codebase profiling, skill assessment, adversarial finding verification, and report generation to specialized subagents. Uses OWASP skills (`owasp-agentic`, `owasp-llm`, `owasp-top-10`, `owasp-mcp`, `owasp-infrastructure`, `owasp-cicd`) and the `secure-by-design` skill for vulnerability and design principle references. Supports incremental comparison with prior scan reports.

### code-review-functional

**Creates:** Optional review artifact (user-prompted after report delivery):

* `.copilot-tracking/reviews/<YYYY-MM-DD>-<branch-name>.md` (full report with YAML frontmatter)

**Workflow:** Branch Analysis → Functional Review → Report Generation → Save Review

**Critical:** Review-only. Focuses on five areas: Logic, Edge Cases, Error Handling, Concurrency, and Contract. Accepts a configurable `baseBranch` input (default `origin/main`). Artifact save is optional and user-confirmed after the report is presented. Applies false-positive filters before recording any finding.

### code-review-full
### code-review

**Creates:** Merged review artifacts in a normalized branch folder:

* `.copilot-tracking/reviews/code-reviews/<sanitized-branch>/` (per the shared persistence protocol in `review-artifacts.instructions.md`)

**Workflow:** Compute Diff → Delegate to Functional + Standards subagents → Merge Reports → Persist Artifacts

**Critical:** Orchestrator-only. Delegates functional review to `code-review-functional` and standards review to `code-review-standards`, then merges both reports into a single output. Shares the computed diff with subagents to avoid duplicate git operations. Maturity: experimental.

### code-review-standards

**Creates:** Review artifacts in a normalized branch folder:

* `.copilot-tracking/reviews/code-reviews/<sanitized-branch>/` (per the shared persistence protocol in `review-artifacts.instructions.md`)
* `.copilot-tracking/reviews/code-reviews/<sanitized-branch>/review.md` (merged review document, per the shared persistence protocol in `review-artifacts.instructions.md`)
* `.copilot-tracking/reviews/code-reviews/<sanitized-branch>/metadata.json` (review metadata record)

**Workflow:** Understand IntentLock Scope → Apply Skills → Persist Artifacts
**Workflow:** Context BootstrapHuman Scope Confirmation → Perspective + Depth Selection → Prepare Dispatch State → Dispatch Selected Perspectives → Merge and Persist

**Critical:** Every finding must trace to a loaded skill; no invented categories. Loads at most 8 skills per review, preferring those whose domain appears most frequently in the diff. Accepts pre-computed diffs from orchestrators such as the `code-review-full` prompt. Skips artifact persistence for selected code and `#file` reviews that lack branch context. Maturity: experimental.
**Critical:** Human-gated orchestrator invoked from the agent picker. After computing the diff via the `pr-reference` skill, it confirms scope with the operator, then lets the operator choose any combination of five perspectives (`functional`, `standards`, `accessibility`, `security`, `pr`) or `full` to run all five, plus a depth tier (`basic`, `standard`, or `comprehensive`) applied independently of perspective.
It dispatches thin perspective subagents under `.github/agents/coding-standards/subagents/`, shares the computed diff to avoid duplicate git operations, and merges every report into a single output. Review-only; never modifies code. Maturity: experimental.

### gen-jupyter-notebook

Expand Down Expand Up @@ -502,10 +468,10 @@ Users are responsible for verifying their repository's `.gitignore` configuratio

### Code Review

1. Select **pr-review** from agent picker
2. Automatically runs 4-phase protocol
3. Collaborate during Phase 3 (review items)
4. Receive `handoff.md` with final PR comments
1. Select **code-review** from agent picker
2. Confirm the change scope when prompted
3. Choose perspectives (`functional`, `standards`, `accessibility`, `security`, `pr`, or `full`) and a depth tier
4. Receive a merged `review.md` under `.copilot-tracking/reviews/code-reviews/<branch>/`

### Creating Instructions

Expand Down
Loading
Loading