Add agent governance policy and CI workflow with artifact scanning#2186
Closed
toptiersalespro wants to merge 2 commits into
Closed
Add agent governance policy and CI workflow with artifact scanning#2186toptiersalespro wants to merge 2 commits into
toptiersalespro wants to merge 2 commits into
Conversation
…acts (OODA plan) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds initial governance and CI scaffolding intended to evaluate agent-related changes and produce scan artifacts for the awesome-copilot repository.
Changes:
- Adds a repository governance policy YAML describing allowed/blocked skills and enforcement expectations.
- Introduces a new PR-triggered GitHub Actions workflow to run “agentic evaluation” (currently via a PowerShell stub runner).
- Adds a PowerShell script to run the
acquire-codebase-knowledgescan and write a JSON report.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
scripts/scan-repo.ps1 |
Adds a repo scan script that writes acquire-codebase-knowledge output to reports/. |
governance/agent-policy.yaml |
Defines an initial allow/block policy for agent skills and tool/secrets constraints. |
.github/workflows/agentic-eval.yml |
Adds a PR workflow to run skill validation and then a stub “agentic eval” runner. |
.github/scripts/run-agentic-eval.ps1 |
Adds a stub runner that tries to locate an eval runner script and otherwise exits successfully. |
| @@ -0,0 +1,20 @@ | |||
| # Stub runner: try known paths for an agentic-eval runner; fall back to skill validate | |||
| $repoRoot = (Resolve-Path "..\..").Path | |||
Comment on lines
+16
to
+19
| } else { | ||
| Write-Output "No agentic-eval runner found. Falling back to skill:validate (already run in workflow)." | ||
| Write-Output "This workflow is a draft/stub. Implement agentic-eval runner under skills/agentic-eval/scripts or eng/ to enable full evaluation." | ||
| exit 0 |
Comment on lines
+16
to
+19
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '18' |
Comment on lines
+9
to
+10
| python .\skills\acquire-codebase-knowledge\scripts\scan.py | Out-File -Encoding utf8 reports\acquire_scan.json | ||
| if ($?) { Write-Output "Scan complete: reports\acquire_scan.json" } else { Write-Error "Scan failed" } |
Comment on lines
+16
to
+17
| blocked_skills: | ||
| - auto-apply-code-changes-unreviewed |
Author
|
Requesting review from CODEOWNERS and maintainers: this PR adds agent governance policy, agentic-eval CI workflow stub, and scan artifacts as part of the OODA M1 rollout. Please review and approve or provide feedback. See session plan at path: C:/Users/kylet/.copilot/session-state/a5e15630-5ec8-4de8-8905-a46f60bb89b7/plan.md |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Comment on lines
+16
to
+20
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '18' | ||
|
|
Comment on lines
+27
to
+28
| - name: Run agentic-eval (stub runner) | ||
| run: pwsh -File .github/scripts/run-agentic-eval.ps1 |
Comment on lines
+2
to
+6
| $repoRoot = (Resolve-Path "..\..").Path | ||
| Write-Output "Repo root: $repoRoot" | ||
|
|
||
| $pyRunner = Join-Path $repoRoot "skills\agentic-eval\scripts\run.py" | ||
| $nodeRunner = Join-Path $repoRoot "eng\run-agentic-eval.mjs" |
Comment on lines
+16
to
+20
| } else { | ||
| Write-Output "No agentic-eval runner found. Falling back to skill:validate (already run in workflow)." | ||
| Write-Output "This workflow is a draft/stub. Implement agentic-eval runner under skills/agentic-eval/scripts or eng/ to enable full evaluation." | ||
| exit 0 | ||
| } |
Comment on lines
+5
to
+12
| Push-Location $RepoPath | ||
| if (!(Test-Path reports)) { New-Item -ItemType Directory -Path reports > $null } | ||
|
|
||
| # Run the built-in acquire-codebase-knowledge scan and save JSON output | ||
| python .\skills\acquire-codebase-knowledge\scripts\scan.py | Out-File -Encoding utf8 reports\acquire_scan.json | ||
| if ($?) { Write-Output "Scan complete: reports\acquire_scan.json" } else { Write-Error "Scan failed" } | ||
|
|
||
| Pop-Location |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…acts (OODA plan)
Pull Request Checklist
npm startand verified thatREADME.mdis up to date.mainbranch for this pull request.Description
Type of Contribution
Additional Notes
By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.