From 5ae55500e0679bf7974916ebfce14674ab77ba4e Mon Sep 17 00:00:00 2001 From: Mauro Druwel Date: Thu, 23 Apr 2026 18:30:00 +0000 Subject: [PATCH] feat(collections): standardize maturity field across all 14 collection manifests (#1319) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add collection-level maturity: field to 11 collection YAMLs that were missing it - Move maturity: field in design-thinking.collection.yml to consistent position after description: - Placement is after description: and before notice:/tags:/items: across all manifests Proposed maturity assignments (Docusaurus as source of truth): - ado, coding-standards, data-science, github, hve-core, hve-core-all, installer, project-planning: stable - design-thinking: preview (already set, position corrected) - experimental, gitlab, jira, rai-planning, security: experimental Note on coding-standards, data-science, project-planning: Docusaurus assigns these as Stable at the collection level even though individual plugin items carry experimental maturity. Collection maturity represents the collection's distribution readiness, not the stability of every individual artifact it contains. Note on hve-core-all, installer: not in Docusaurus; both wrap stable packaging so stable is the appropriate default. - Update Validate-Collections.ps1 to enforce maturity: presence as a required field (previously optional — missing values passed silently) - Update Validate-Collections.Tests.ps1: change "Passes validation for collection with omitted maturity" to "Fails validation for collection with omitted maturity" and add maturity: stable to all other test manifests that were created without it Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- collections/ado.collection.md | 54 +- collections/ado.collection.yml | 1 + collections/coding-standards.collection.md | 58 +-- collections/coding-standards.collection.yml | 1 + collections/data-science.collection.md | 48 +- collections/data-science.collection.yml | 1 + collections/design-thinking.collection.md | 134 ++--- collections/design-thinking.collection.yml | 2 +- collections/experimental.collection.md | 28 +- collections/github.collection.md | 34 +- collections/github.collection.yml | 1 + collections/gitlab.collection.md | 8 +- collections/gitlab.collection.yml | 1 + collections/hve-core-all.collection.md | 492 +++++++++--------- collections/hve-core.collection.md | 92 ++-- collections/hve-core.collection.yml | 1 + collections/installer.collection.md | 8 +- collections/installer.collection.yml | 1 + collections/jira.collection.md | 36 +- collections/jira.collection.yml | 1 + collections/project-planning.collection.md | 106 ++-- collections/project-planning.collection.yml | 1 + collections/rai-planning.collection.md | 34 +- collections/security.collection.md | 118 ++--- collections/security.collection.yml | 1 + plugins/ado/README.md | 54 +- plugins/coding-standards/README.md | 58 +-- plugins/data-science/README.md | 48 +- plugins/design-thinking/README.md | 134 ++--- plugins/experimental/README.md | 28 +- plugins/github/README.md | 34 +- plugins/gitlab/README.md | 10 +- plugins/hve-core-all/README.md | 492 +++++++++--------- plugins/hve-core/README.md | 92 ++-- plugins/installer/README.md | 8 +- plugins/jira/README.md | 38 +- plugins/project-planning/README.md | 106 ++-- plugins/rai-planning/README.md | 34 +- plugins/security/README.md | 120 ++--- scripts/collections/Validate-Collections.ps1 | 12 +- .../Validate-Collections.Tests.ps1 | 53 +- 41 files changed, 1324 insertions(+), 1259 deletions(-) diff --git a/collections/ado.collection.md b/collections/ado.collection.md index ebcbaed7c..bc8ec9532 100644 --- a/collections/ado.collection.md +++ b/collections/ado.collection.md @@ -4,43 +4,43 @@ Manage Azure DevOps work items, monitor builds, create pull requests, and conver ### Chat Agents -| Name | Description | -|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | -| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | +| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | ### Prompts -| Name | Description | -|-------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| -| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | -| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | -| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | -| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | -| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | -| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | -| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | -| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | -| **ado-update-wit-items** | Prompt to update work items based on planning files | +| Name | Description | +|------|-------------| +| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | +| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | +| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | +| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | +| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | +| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | +| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | +| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado-update-wit-items** | Prompt to update work items based on planning files | ### Instructions -| Name | Description | -|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | -| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | -| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | -| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | -| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | -| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | -| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | -| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | +| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | +| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | +| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | +| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | +| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | +| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | diff --git a/collections/ado.collection.yml b/collections/ado.collection.yml index 8e9a97d0a..47424aac5 100644 --- a/collections/ado.collection.yml +++ b/collections/ado.collection.yml @@ -1,6 +1,7 @@ id: ado name: Azure DevOps Integration description: Azure DevOps work item management, build monitoring, and pull request creation +maturity: stable tags: - azure-devops - ado diff --git a/collections/coding-standards.collection.md b/collections/coding-standards.collection.md index 87d5b50e4..04ba54e3e 100644 --- a/collections/coding-standards.collection.md +++ b/collections/coding-standards.collection.md @@ -4,44 +4,44 @@ Enforce language-specific coding conventions and best practices across your proj ### Chat Agents -| Name | Description | -|----------------------------|---------------------------------------------------------------------------------------------------------------------------| -| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | -| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | -| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | +| Name | Description | +|------|-------------| +| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | +| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | +| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | ### Prompts -| Name | Description | -|----------------------------|----------------------------------------------------------------------------------------------------| -| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | +| Name | Description | +|------|-------------| +| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | | **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | ### Instructions -| Name | Description | -|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **coding-standards/bash/bash** | Instructions for bash script implementation | -| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | -| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | -| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | -| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | -| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | -| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | -| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | -| **coding-standards/python-script** | Instructions for Python scripting implementation | -| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | -| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | -| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | -| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | -| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **coding-standards/bash/bash** | Instructions for bash script implementation | +| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | +| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | +| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | +| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | +| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | +| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | +| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | +| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | -| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | +| Name | Description | +|------|-------------| +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | diff --git a/collections/coding-standards.collection.yml b/collections/coding-standards.collection.yml index ecd6cc092..6e6382e65 100644 --- a/collections/coding-standards.collection.yml +++ b/collections/coding-standards.collection.yml @@ -1,6 +1,7 @@ id: coding-standards name: Coding Standards description: Language-specific coding instructions and pre-PR code review agents for bash, Bicep, C#, PowerShell, Python, Rust, and Terraform projects +maturity: stable tags: - coding-standards - code-review diff --git a/collections/data-science.collection.md b/collections/data-science.collection.md index 97a01155b..08a23c7e0 100644 --- a/collections/data-science.collection.md +++ b/collections/data-science.collection.md @@ -7,36 +7,36 @@ Generate data specifications, Jupyter notebooks, and Streamlit dashboards from n ### Chat Agents -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | -| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | -| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | +| Name | Description | +|------|-------------| +| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | +| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | +| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | ### Prompts -| Name | Description | -|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| Name | Description | +|------|-------------| +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | | **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | -| **synth-data-generate** | Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships | +| **synth-data-generate** | Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships | ### Instructions -| Name | Description | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **coding-standards/python-script** | Instructions for Python scripting implementation | -| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/collections/data-science.collection.yml b/collections/data-science.collection.yml index bc3e33bba..98ffc65df 100644 --- a/collections/data-science.collection.yml +++ b/collections/data-science.collection.yml @@ -1,6 +1,7 @@ id: data-science name: Data Science description: Data specification generation, Jupyter notebooks, and Streamlit dashboards +maturity: stable notice: | > [!CAUTION] > This collection includes RAI (Responsible AI) agents and prompts that are **assistive tools only**. They do not replace qualified responsible AI review, ethics board oversight, or established organizational RAI governance processes. All AI-generated RAI assessments, impact analyses, and recommendations **must** be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical risk categories, or produce recommendations that are incomplete or inappropriate for your context. diff --git a/collections/design-thinking.collection.md b/collections/design-thinking.collection.md index fbc63e5d3..d625815e7 100644 --- a/collections/design-thinking.collection.md +++ b/collections/design-thinking.collection.md @@ -6,78 +6,78 @@ Coaching identity, quality constraints, and methodology instructions for AI-enha ### Chat Agents -| Name | Description | -|-----------------------|------------------------------------------------------------------------------------------------------------| -| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | -| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | +| Name | Description | +|------|-------------| +| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | +| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | ### Prompts -| Name | Description | -|-------------------------------------|----------------------------------------------------------------------------------------------------------------------------| -| **dt-canonical-deck** | Unified canonical deck workflow for opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build | -| **dt-figma-export** | Export Design Thinking artifacts to a collaborative FigJam board or Figma Design file using the official Figma MCP server | -| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | -| **dt-handoff-problem-space** | Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | -| **dt-handoff-solution-space** | Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | -| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | -| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | -| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | -| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | -| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | -| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | -| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | -| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | -| **dt-resume-coaching** | Resume a Design Thinking coaching session — reads coaching state and re-establishes context | -| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | +| Name | Description | +|------|-------------| +| **dt-canonical-deck** | Unified canonical deck workflow for opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build | +| **dt-figma-export** | Export Design Thinking artifacts to a collaborative FigJam board or Figma Design file using the official Figma MCP server | +| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | +| **dt-handoff-problem-space** | Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-handoff-solution-space** | Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | +| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | +| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | +| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | +| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | +| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | +| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | +| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | +| **dt-resume-coaching** | Resume a Design Thinking coaching session — reads coaching state and re-establishes context | +| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | ### Instructions -| Name | Description | -|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **design-thinking/dt-canonical-deck** | Opt-in canonical deck and customer-card workflow for DT coaching | -| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | -| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | -| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules | -| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | -| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | -| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | -| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | -| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | -| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation | -| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | -| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | -| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks | -| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | -| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | -| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | -| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | -| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | -| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | -| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation | -| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | -| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement | -| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment | -| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | -| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | -| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | -| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | -| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | -| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | -| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | -| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **design-thinking/dt-canonical-deck** | Opt-in canonical deck and customer-card workflow for DT coaching | +| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | +| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | +| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules | +| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | +| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | +| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | +| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | +| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | +| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation | +| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | +| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | +| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks | +| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | +| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | +| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | +| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | +| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | +| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | +| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation | +| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | +| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement | +| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment | +| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | +| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | +| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | +| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | +| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | +| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | +| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | +| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/collections/design-thinking.collection.yml b/collections/design-thinking.collection.yml index f9cedd74e..68619bb0e 100644 --- a/collections/design-thinking.collection.yml +++ b/collections/design-thinking.collection.yml @@ -1,12 +1,12 @@ id: design-thinking name: Design Thinking description: Design Thinking coaching identity, quality constraints, and methodology instructions for AI-enhanced design thinking across nine methods +maturity: preview tags: - design-thinking - coaching - methodology - ux -maturity: preview items: # Agents - path: .github/agents/design-thinking/dt-coach.agent.md diff --git a/collections/experimental.collection.md b/collections/experimental.collection.md index 48f4d2feb..83bf202d7 100644 --- a/collections/experimental.collection.md +++ b/collections/experimental.collection.md @@ -4,27 +4,27 @@ Experimental and preview artifacts not yet promoted to stable collections. Items ### Chat Agents -| Name | Description | -|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | -| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | -| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | +| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | +| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | ### Instructions -| Name | Description | -|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | -| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | +| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|--------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **customer-card-render** | Generate customer-card PowerPoint content YAML from Design Thinking canonical artifacts and build using the shared PowerPoint skill pipeline | -| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | -| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | -| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | +| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | +| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | +| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | diff --git a/collections/github.collection.md b/collections/github.collection.md index 0403f490f..d3e540125 100644 --- a/collections/github.collection.md +++ b/collections/github.collection.md @@ -4,30 +4,30 @@ Manage GitHub issue backlogs with agents for discovery, triage, sprint planning, ### Chat Agents -| Name | Description | -|----------------------------|------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | ### Prompts -| Name | Description | -|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| -| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | +| Name | Description | +|------|-------------| +| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | | **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | -| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | -| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | -| **github-suggest** | Resume GitHub backlog management workflow after session restore | -| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | +| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | +| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | +| **github-suggest** | Resume GitHub backlog management workflow after session restore | +| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | ### Instructions -| Name | Description | -|-------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | -| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | -| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | -| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | -| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | +| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | +| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | +| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | +| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/collections/github.collection.yml b/collections/github.collection.yml index de054c8a5..00d88fe74 100644 --- a/collections/github.collection.yml +++ b/collections/github.collection.yml @@ -1,6 +1,7 @@ id: github name: GitHub Backlog Management description: GitHub issue discovery, triage, sprint planning, and backlog execution agents and prompts +maturity: stable tags: - github - issues diff --git a/collections/gitlab.collection.md b/collections/gitlab.collection.md index ecd2da536..16e6038d8 100644 --- a/collections/gitlab.collection.md +++ b/collections/gitlab.collection.md @@ -4,14 +4,14 @@ Use GitLab merge request and pipeline workflows from VS Code through a focused P ### Instructions -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|------------|--------------------------------------------------------------| +| Name | Description | +|------|-------------| | **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | diff --git a/collections/gitlab.collection.yml b/collections/gitlab.collection.yml index 1150eeccc..9f1b3c3c3 100644 --- a/collections/gitlab.collection.yml +++ b/collections/gitlab.collection.yml @@ -1,6 +1,7 @@ id: gitlab name: GitLab Integration description: GitLab merge request and pipeline workflows through a Python skill +maturity: experimental tags: - gitlab - merge-requests diff --git a/collections/hve-core-all.collection.md b/collections/hve-core-all.collection.md index af4781796..bca0d19fc 100644 --- a/collections/hve-core-all.collection.md +++ b/collections/hve-core-all.collection.md @@ -9,260 +9,260 @@ Use this edition when you want access to everything without choosing a focused c ### Chat Agents -| Name | Description | -|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | -| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | -| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | -| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | -| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | -| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | -| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | -| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | -| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | -| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | -| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | -| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | -| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | -| **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | -| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | -| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | -| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | -| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | -| **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | -| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | -| **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | -| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | -| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | -| **memory** | Conversation memory persistence for session continuity | -| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | -| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | -| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | -| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | -| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | -| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | -| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | -| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | -| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | -| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | -| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | -| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | -| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | -| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | -| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | -| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | -| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | -| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | -| **task-planner** | Implementation planner for creating actionable implementation plans | -| **task-researcher** | Task research specialist for comprehensive project analysis | -| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | -| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | -| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | +| Name | Description | +|------|-------------| +| **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | +| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | +| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | +| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | +| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | +| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | +| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | +| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | +| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | +| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | +| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | +| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | +| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | +| **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | +| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | +| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | +| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | +| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | +| **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | +| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | +| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | +| **memory** | Conversation memory persistence for session continuity | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | +| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | +| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | +| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | +| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | +| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | +| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | +| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | +| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | +| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | +| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | +| **task-planner** | Implementation planner for creating actionable implementation plans | +| **task-researcher** | Task research specialist for comprehensive project analysis | +| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | +| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | +| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | ### Prompts -| Name | Description | -|-------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| -| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | -| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | -| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | -| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | -| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | -| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | -| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | -| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | -| **ado-update-wit-items** | Prompt to update work items based on planning files | -| **checkpoint** | Save or restore conversation context using memory files | -| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | -| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | -| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | -| **dt-canonical-deck** | Unified canonical deck workflow for opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build | -| **dt-figma-export** | Export Design Thinking artifacts to a collaborative FigJam board or Figma Design file using the official Figma MCP server | -| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | -| **dt-handoff-problem-space** | Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | -| **dt-handoff-solution-space** | Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | -| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | -| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | -| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | -| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | -| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | -| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | -| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | -| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | -| **dt-resume-coaching** | Resume a Design Thinking coaching session — reads coaching state and re-establishes context | -| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | -| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | -| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | -| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | -| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | -| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | -| **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | -| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | -| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | -| **github-suggest** | Resume GitHub backlog management workflow after session restore | -| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | -| **incident-response** | Incident response workflow for Azure operations scenarios | -| **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | -| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | -| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | -| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | -| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | -| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | -| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | -| **pull-request** | Generates pull request descriptions from branch diffs | -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | -| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | -| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | -| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | -| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | -| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | -| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | -| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | -| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | -| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | -| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | -| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | -| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | -| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | -| **synth-data-generate** | Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships | -| **task-implement** | Locates and executes implementation plans using Task Implementor | -| **task-plan** | Initiates implementation planning based on user context or research documents | -| **task-research** | Initiates research for implementation planning based on user requirements | -| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | +| Name | Description | +|------|-------------| +| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | +| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | +| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | +| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | +| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | +| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | +| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | +| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado-update-wit-items** | Prompt to update work items based on planning files | +| **checkpoint** | Save or restore conversation context using memory files | +| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | +| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | +| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | +| **dt-canonical-deck** | Unified canonical deck workflow for opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build | +| **dt-figma-export** | Export Design Thinking artifacts to a collaborative FigJam board or Figma Design file using the official Figma MCP server | +| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | +| **dt-handoff-problem-space** | Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-handoff-solution-space** | Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | +| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | +| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | +| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | +| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | +| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | +| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | +| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | +| **dt-resume-coaching** | Resume a Design Thinking coaching session — reads coaching state and re-establishes context | +| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | +| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | +| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | +| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | +| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | +| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | +| **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | +| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | +| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | +| **github-suggest** | Resume GitHub backlog management workflow after session restore | +| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | +| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | +| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | +| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | +| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | +| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | +| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | +| **pull-request** | Generates pull request descriptions from branch diffs | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | +| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | +| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | +| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | +| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | +| **synth-data-generate** | Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships | +| **task-implement** | Locates and executes implementation plans using Task Implementor | +| **task-plan** | Initiates implementation planning based on user context or research documents | +| **task-research** | Initiates research for implementation planning based on user requirements | +| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | ### Instructions -| Name | Description | -|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | -| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | -| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | -| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | -| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | -| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | -| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | -| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | -| **coding-standards/bash/bash** | Instructions for bash script implementation | -| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | -| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | -| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | -| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | -| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | -| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | -| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | -| **coding-standards/python-script** | Instructions for Python scripting implementation | -| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | -| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | -| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | -| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | -| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | -| **design-thinking/dt-canonical-deck** | Opt-in canonical deck and customer-card workflow for DT coaching | -| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | -| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | -| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules | -| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | -| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | -| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | -| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | -| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | -| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation | -| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | -| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | -| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks | -| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | -| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | -| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | -| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | -| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | -| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | -| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation | -| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | -| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement | -| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment | -| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | -| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | -| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | -| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | -| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | -| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | -| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | -| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | -| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | -| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | -| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | -| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | -| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | -| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | -| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | -| **hve-core/commit-message** | Required instructions for creating all commit messages | -| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | -| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | -| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | -| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | -| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | -| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | -| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | -| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | -| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | -| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | -| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | -| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | -| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | -| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | -| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | -| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | -| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | -| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | -| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | -| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | -| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | +| Name | Description | +|------|-------------| +| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | +| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | +| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | +| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | +| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | +| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | +| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | +| **coding-standards/bash/bash** | Instructions for bash script implementation | +| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | +| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | +| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | +| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | +| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | +| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | +| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | +| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **design-thinking/dt-canonical-deck** | Opt-in canonical deck and customer-card workflow for DT coaching | +| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | +| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | +| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules | +| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | +| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | +| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | +| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | +| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | +| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation | +| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | +| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | +| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks | +| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | +| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | +| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | +| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | +| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | +| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | +| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation | +| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | +| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement | +| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment | +| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | +| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | +| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | +| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | +| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | +| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | +| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | +| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | +| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | +| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | +| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | +| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | +| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | +| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | +| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | +| **hve-core/commit-message** | Required instructions for creating all commit messages | +| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | +| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | +| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | +| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | +| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | +| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | +| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | +| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | +| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | +| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | ### Skills -| Name | Description | -|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **customer-card-render** | Generate customer-card PowerPoint content YAML from Design Thinking canonical artifacts and build using the shared PowerPoint skill pipeline | -| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | -| **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | -| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | -| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | -| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | -| **owasp-docker** | OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to you by microsoft/hve-core. | -| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | -| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | -| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | -| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | -| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | -| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | -| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | -| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | -| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | -| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | -| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | +| Name | Description | +|------|-------------| +| **customer-card-render** | Generate customer-card PowerPoint content YAML from Design Thinking canonical artifacts and build using the shared PowerPoint skill pipeline | +| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | +| **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | +| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | +| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | +| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | +| **owasp-docker** | OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to you by microsoft/hve-core. | +| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | +| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | +| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | +| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | +| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | +| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | +| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | +| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | +| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | diff --git a/collections/hve-core.collection.md b/collections/hve-core.collection.md index ce06884de..dd05b6ab3 100644 --- a/collections/hve-core.collection.md +++ b/collections/hve-core.collection.md @@ -4,62 +4,62 @@ HVE Core provides the flagship RPI (Research, Plan, Implement, Review) workflow ### Chat Agents -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | -| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | -| **memory** | Conversation memory persistence for session continuity | -| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | -| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | -| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | -| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | -| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | -| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | -| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | -| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | -| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | -| **task-planner** | Implementation planner for creating actionable implementation plans | -| **task-researcher** | Task research specialist for comprehensive project analysis | -| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | +| Name | Description | +|------|-------------| +| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **memory** | Conversation memory persistence for session continuity | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | +| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | +| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | +| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | +| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | +| **task-planner** | Implementation planner for creating actionable implementation plans | +| **task-researcher** | Task research specialist for comprehensive project analysis | +| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | ### Prompts -| Name | Description | -|------------------------|--------------------------------------------------------------------------------------------------------------------------| -| **checkpoint** | Save or restore conversation context using memory files | -| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | -| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | -| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | -| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | -| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | -| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | -| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | -| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | -| **pull-request** | Generates pull request descriptions from branch diffs | -| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | -| **task-implement** | Locates and executes implementation plans using Task Implementor | -| **task-plan** | Initiates implementation planning based on user context or research documents | -| **task-research** | Initiates research for implementation planning based on user requirements | -| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | +| Name | Description | +|------|-------------| +| **checkpoint** | Save or restore conversation context using memory files | +| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | +| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | +| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | +| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | +| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | +| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | +| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | +| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | +| **pull-request** | Generates pull request descriptions from branch diffs | +| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | +| **task-implement** | Locates and executes implementation plans using Task Implementor | +| **task-plan** | Initiates implementation planning based on user context or research documents | +| **task-research** | Initiates research for implementation planning based on user requirements | +| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | ### Instructions -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **hve-core/commit-message** | Required instructions for creating all commit messages | -| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | -| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | -| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | -| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | -| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | +| Name | Description | +|------|-------------| +| **hve-core/commit-message** | Required instructions for creating all commit messages | +| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | +| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | +| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | +| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | +| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | | **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | diff --git a/collections/hve-core.collection.yml b/collections/hve-core.collection.yml index 6a247d46f..697414333 100644 --- a/collections/hve-core.collection.yml +++ b/collections/hve-core.collection.yml @@ -1,6 +1,7 @@ id: hve-core name: HVE Core Workflow description: HVE Core RPI (Research, Plan, Implement, Review) workflow with Git commit, merge, setup, and pull request prompts +maturity: stable tags: - workflow - hve-core diff --git a/collections/installer.collection.md b/collections/installer.collection.md index f34c2fb43..cd0aace63 100644 --- a/collections/installer.collection.md +++ b/collections/installer.collection.md @@ -4,14 +4,14 @@ Deploy HVE Core artifacts across workspace configurations with the hve-core-inst ### Instructions -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | diff --git a/collections/installer.collection.yml b/collections/installer.collection.yml index 680c5b4ee..9f0c2a485 100644 --- a/collections/installer.collection.yml +++ b/collections/installer.collection.yml @@ -1,6 +1,7 @@ id: installer name: HVE Core Installer description: Decision-driven installer skill for deploying HVE Core artifacts across workspace configurations +maturity: stable tags: - installer - setup diff --git a/collections/jira.collection.md b/collections/jira.collection.md index 12d1c1f82..357d82cbc 100644 --- a/collections/jira.collection.md +++ b/collections/jira.collection.md @@ -4,35 +4,35 @@ Manage Jira backlog workflows and PRD-driven issue planning from VS Code. This c ### Chat Agents -| Name | Description | -|--------------------------|---------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | -| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | +| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | ### Prompts -| Name | Description | -|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | -| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | -| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | -| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | +| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | +| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | +| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | ### Instructions -| Name | Description | -|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | -| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | -| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | -| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | -| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | +| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | +| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | +| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | +| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | diff --git a/collections/jira.collection.yml b/collections/jira.collection.yml index 2cae57d04..32de5a8ee 100644 --- a/collections/jira.collection.yml +++ b/collections/jira.collection.yml @@ -1,6 +1,7 @@ id: jira name: Jira Integration description: Jira backlog management, PRD issue planning, and issue operations through agents, prompts, instructions, and a Python skill +maturity: experimental tags: - jira - issue-tracking diff --git a/collections/project-planning.collection.md b/collections/project-planning.collection.md index 63c557195..b0fb51bbb 100644 --- a/collections/project-planning.collection.md +++ b/collections/project-planning.collection.md @@ -4,65 +4,65 @@ Create architecture decision records, requirements documents, and diagrams — a ### Chat Agents -| Name | Description | -|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | -| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | -| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | -| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | -| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | -| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | -| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | -| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | -| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | -| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | -| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | -| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | -| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | -| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | -| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | +| Name | Description | +|------|-------------| +| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | +| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | +| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | +| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | +| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | +| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | ### Prompts -| Name | Description | -|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| -| **incident-response** | Incident response workflow for Azure operations scenarios | -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| Name | Description | +|------|-------------| +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | | **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | -| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | -| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | -| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | -| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | -| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | -| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | -| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | ### Instructions -| Name | Description | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | -| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | -| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | -| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | -| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | -| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | -| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | -| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | -| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | -| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | -| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | -| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | +| Name | Description | +|------|-------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | diff --git a/collections/project-planning.collection.yml b/collections/project-planning.collection.yml index 3c8c62028..f26879dff 100644 --- a/collections/project-planning.collection.yml +++ b/collections/project-planning.collection.yml @@ -1,6 +1,7 @@ id: project-planning name: Project Planning description: PRDs, BRDs, ADRs, and architecture diagrams +maturity: stable tags: - documentation - architecture diff --git a/collections/rai-planning.collection.md b/collections/rai-planning.collection.md index 31a448486..513dd5080 100644 --- a/collections/rai-planning.collection.md +++ b/collections/rai-planning.collection.md @@ -7,30 +7,30 @@ Assess AI systems for responsible AI risks using structured standards-aligned an ### Chat Agents -| Name | Description | -|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| Name | Description | +|------|-------------| +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | ### Prompts -| Name | Description | -|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| Name | Description | +|------|-------------| +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | | **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | ### Instructions -| Name | Description | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/collections/security.collection.md b/collections/security.collection.md index 127c16c34..847e84a23 100644 --- a/collections/security.collection.md +++ b/collections/security.collection.md @@ -7,74 +7,74 @@ Security review, planning, incident response, risk assessment, vulnerability ana ### Chat Agents -| Name | Description | -|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | -| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | -| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | -| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | -| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| Name | Description | +|------|-------------| +| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | +| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | +| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | ### Prompts -| Name | Description | -|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| -| **incident-response** | Incident response workflow for Azure operations scenarios | -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| Name | Description | +|------|-------------| +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | | **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | -| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | -| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | -| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | -| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | -| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | -| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | -| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | -| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | -| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | -| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | -| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | +| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | +| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | +| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | ### Instructions -| Name | Description | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | -| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | -| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | -| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | -| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | -| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | -| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | -| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | -| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | -| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | -| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | -| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | -| **owasp-docker** | OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to you by microsoft/hve-core. | -| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | -| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | -| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | -| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | -| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | -| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | -| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | +| Name | Description | +|------|-------------| +| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | +| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | +| **owasp-docker** | OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to you by microsoft/hve-core. | +| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | +| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | +| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | +| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | +| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | diff --git a/collections/security.collection.yml b/collections/security.collection.yml index 3f6fc6e02..9ceb8ce73 100644 --- a/collections/security.collection.yml +++ b/collections/security.collection.yml @@ -1,6 +1,7 @@ id: security name: Security description: Security review, planning, incident response, risk assessment, and vulnerability analysis +maturity: experimental notice: | > [!CAUTION] > The security agents and prompts in this collection are **assistive tools only**. They do not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated security artifacts **must** be reviewed and validated by qualified security professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment. diff --git a/plugins/ado/README.md b/plugins/ado/README.md index 0872f25b7..11e8712d5 100644 --- a/plugins/ado/README.md +++ b/plugins/ado/README.md @@ -11,43 +11,43 @@ Manage Azure DevOps work items, monitor builds, create pull requests, and conver ### Chat Agents -| Name | Description | -|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | -| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | +| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | ### Prompts -| Name | Description | -|-------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| -| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | -| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | -| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | -| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | -| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | -| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | -| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | -| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | -| **ado-update-wit-items** | Prompt to update work items based on planning files | +| Name | Description | +|------|-------------| +| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | +| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | +| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | +| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | +| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | +| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | +| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | +| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado-update-wit-items** | Prompt to update work items based on planning files | ### Instructions -| Name | Description | -|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | -| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | -| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | -| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | -| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | -| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | -| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | -| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | +| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | +| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | +| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | +| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | +| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | +| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | diff --git a/plugins/coding-standards/README.md b/plugins/coding-standards/README.md index 5302b2343..1071149d0 100644 --- a/plugins/coding-standards/README.md +++ b/plugins/coding-standards/README.md @@ -11,45 +11,45 @@ Enforce language-specific coding conventions and best practices across your proj ### Chat Agents -| Name | Description | -|----------------------------|---------------------------------------------------------------------------------------------------------------------------| -| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | -| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | -| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | +| Name | Description | +|------|-------------| +| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | +| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | +| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | ### Prompts -| Name | Description | -|----------------------------|----------------------------------------------------------------------------------------------------| -| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | +| Name | Description | +|------|-------------| +| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | | **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | ### Instructions -| Name | Description | -|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **coding-standards/bash/bash** | Instructions for bash script implementation | -| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | -| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | -| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | -| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | -| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | -| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | -| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | -| **coding-standards/python-script** | Instructions for Python scripting implementation | -| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | -| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | -| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | -| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | -| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **coding-standards/bash/bash** | Instructions for bash script implementation | +| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | +| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | +| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | +| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | +| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | +| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | +| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | +| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | -| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | +| Name | Description | +|------|-------------| +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | diff --git a/plugins/data-science/README.md b/plugins/data-science/README.md index 6c4f69bb1..c46b2dea9 100644 --- a/plugins/data-science/README.md +++ b/plugins/data-science/README.md @@ -17,37 +17,37 @@ Generate data specifications, Jupyter notebooks, and Streamlit dashboards from n ### Chat Agents -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | -| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | -| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | +| Name | Description | +|------|-------------| +| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | +| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | +| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | ### Prompts -| Name | Description | -|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| Name | Description | +|------|-------------| +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | | **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | -| **synth-data-generate** | Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships | +| **synth-data-generate** | Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships | ### Instructions -| Name | Description | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **coding-standards/python-script** | Instructions for Python scripting implementation | -| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/plugins/design-thinking/README.md b/plugins/design-thinking/README.md index 306e05081..3e9c9ef17 100644 --- a/plugins/design-thinking/README.md +++ b/plugins/design-thinking/README.md @@ -15,79 +15,79 @@ Coaching identity, quality constraints, and methodology instructions for AI-enha ### Chat Agents -| Name | Description | -|-----------------------|------------------------------------------------------------------------------------------------------------| -| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | -| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | +| Name | Description | +|------|-------------| +| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | +| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | ### Prompts -| Name | Description | -|-------------------------------------|----------------------------------------------------------------------------------------------------------------------------| -| **dt-canonical-deck** | Unified canonical deck workflow for opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build | -| **dt-figma-export** | Export Design Thinking artifacts to a collaborative FigJam board or Figma Design file using the official Figma MCP server | -| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | -| **dt-handoff-problem-space** | Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | -| **dt-handoff-solution-space** | Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | -| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | -| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | -| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | -| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | -| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | -| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | -| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | -| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | -| **dt-resume-coaching** | Resume a Design Thinking coaching session — reads coaching state and re-establishes context | -| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | +| Name | Description | +|------|-------------| +| **dt-canonical-deck** | Unified canonical deck workflow for opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build | +| **dt-figma-export** | Export Design Thinking artifacts to a collaborative FigJam board or Figma Design file using the official Figma MCP server | +| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | +| **dt-handoff-problem-space** | Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-handoff-solution-space** | Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | +| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | +| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | +| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | +| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | +| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | +| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | +| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | +| **dt-resume-coaching** | Resume a Design Thinking coaching session — reads coaching state and re-establishes context | +| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | ### Instructions -| Name | Description | -|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **design-thinking/dt-canonical-deck** | Opt-in canonical deck and customer-card workflow for DT coaching | -| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | -| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | -| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules | -| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | -| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | -| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | -| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | -| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | -| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation | -| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | -| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | -| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks | -| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | -| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | -| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | -| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | -| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | -| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | -| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation | -| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | -| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement | -| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment | -| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | -| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | -| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | -| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | -| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | -| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | -| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | -| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **design-thinking/dt-canonical-deck** | Opt-in canonical deck and customer-card workflow for DT coaching | +| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | +| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | +| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules | +| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | +| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | +| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | +| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | +| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | +| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation | +| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | +| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | +| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks | +| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | +| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | +| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | +| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | +| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | +| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | +| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation | +| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | +| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement | +| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment | +| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | +| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | +| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | +| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | +| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | +| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | +| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | +| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/plugins/experimental/README.md b/plugins/experimental/README.md index 42c50be35..fa2740ec2 100644 --- a/plugins/experimental/README.md +++ b/plugins/experimental/README.md @@ -13,28 +13,28 @@ Experimental and preview artifacts not yet promoted to stable collections. Items ### Chat Agents -| Name | Description | -|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | -| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | -| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | +| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | +| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | ### Instructions -| Name | Description | -|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | -| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | +| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|--------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **customer-card-render** | Generate customer-card PowerPoint content YAML from Design Thinking canonical artifacts and build using the shared PowerPoint skill pipeline | -| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | -| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | -| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | +| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | +| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | +| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | diff --git a/plugins/github/README.md b/plugins/github/README.md index 3521c2417..e9d19327f 100644 --- a/plugins/github/README.md +++ b/plugins/github/README.md @@ -11,31 +11,31 @@ Manage GitHub issue backlogs with agents for discovery, triage, sprint planning, ### Chat Agents -| Name | Description | -|----------------------------|------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | ### Prompts -| Name | Description | -|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| -| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | +| Name | Description | +|------|-------------| +| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | | **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | -| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | -| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | -| **github-suggest** | Resume GitHub backlog management workflow after session restore | -| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | +| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | +| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | +| **github-suggest** | Resume GitHub backlog management workflow after session restore | +| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | ### Instructions -| Name | Description | -|-------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | -| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | -| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | -| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | -| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | +| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | +| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | +| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | +| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/plugins/gitlab/README.md b/plugins/gitlab/README.md index fd19126bf..f833fe3db 100644 --- a/plugins/gitlab/README.md +++ b/plugins/gitlab/README.md @@ -3,6 +3,8 @@ GitLab merge request and pipeline workflows through a Python skill +> **⚠️ Experimental** — This collection is experimental. Contents and behavior may change or be removed without notice. + ## Overview Use GitLab merge request and pipeline workflows from VS Code through a focused Python skill for inspecting merge requests, posting notes, triggering pipelines, and reading job logs. @@ -11,14 +13,14 @@ Use GitLab merge request and pipeline workflows from VS Code through a focused P ### Instructions -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|------------|--------------------------------------------------------------| +| Name | Description | +|------|-------------| | **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | diff --git a/plugins/hve-core-all/README.md b/plugins/hve-core-all/README.md index 8689ae8c1..0eb4309f8 100644 --- a/plugins/hve-core-all/README.md +++ b/plugins/hve-core-all/README.md @@ -16,261 +16,261 @@ Use this edition when you want access to everything without choosing a focused c ### Chat Agents -| Name | Description | -|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | -| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | -| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | -| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | -| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | -| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | -| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | -| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | -| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | -| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | -| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | -| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | -| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | -| **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | -| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | -| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | -| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | -| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | -| **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | -| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | -| **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | -| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | -| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | -| **memory** | Conversation memory persistence for session continuity | -| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | -| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | -| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | -| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | -| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | -| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | -| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | -| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | -| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | -| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | -| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | -| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | -| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | -| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | -| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | -| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | -| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | -| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | -| **task-planner** | Implementation planner for creating actionable implementation plans | -| **task-researcher** | Task research specialist for comprehensive project analysis | -| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | -| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | -| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | +| Name | Description | +|------|-------------| +| **ado-backlog-manager** | Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution | +| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies | +| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | +| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | +| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | +| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | +| **code-review-full** | Orchestrator that runs functional and standards code reviews via subagents and produces a merged report | +| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps | +| **code-review-standards** | Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading | +| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | +| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | +| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy | +| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing | +| **experiment-designer** | Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning | +| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | +| **gen-data-spec** | Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery | +| **gen-jupyter-notebook** | Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries | +| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard | +| **github-backlog-manager** | Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | +| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | +| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | +| **memory** | Conversation memory persistence for session continuity | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx | +| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation | +| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | +| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | +| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | +| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | +| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | +| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | +| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | +| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | +| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | +| **task-planner** | Implementation planner for creating actionable implementation plans | +| **task-researcher** | Task research specialist for comprehensive project analysis | +| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | +| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting | +| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | ### Prompts -| Name | Description | -|-------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| -| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | -| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | -| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | -| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | -| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | -| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | -| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | -| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | -| **ado-update-wit-items** | Prompt to update work items based on planning files | -| **checkpoint** | Save or restore conversation context using memory files | -| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | -| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | -| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | -| **dt-canonical-deck** | Unified canonical deck workflow for opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build | -| **dt-figma-export** | Export Design Thinking artifacts to a collaborative FigJam board or Figma Design file using the official Figma MCP server | -| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | -| **dt-handoff-problem-space** | Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | -| **dt-handoff-solution-space** | Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | -| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | -| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | -| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | -| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | -| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | -| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | -| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | -| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | -| **dt-resume-coaching** | Resume a Design Thinking coaching session — reads coaching state and re-establishes context | -| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | -| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | -| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | -| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | -| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | -| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | -| **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | -| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | -| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | -| **github-suggest** | Resume GitHub backlog management workflow after session restore | -| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | -| **incident-response** | Incident response workflow for Azure operations scenarios | -| **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | -| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | -| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | -| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | -| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | -| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | -| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | -| **pull-request** | Generates pull request descriptions from branch diffs | -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | -| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | -| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | -| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | -| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | -| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | -| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | -| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | -| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | -| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | -| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | -| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | -| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | -| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | -| **synth-data-generate** | Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships | -| **task-implement** | Locates and executes implementation plans using Task Implementor | -| **task-plan** | Initiates implementation planning based on user context or research documents | -| **task-research** | Initiates research for implementation planning based on user requirements | -| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | +| Name | Description | +|------|-------------| +| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation | +| **ado-create-pull-request** | Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. | +| **ado-discover-work-items** | Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration | +| **ado-get-build-info** | Retrieve Azure DevOps build information for a Pull Request or specific Build Number. | +| **ado-get-my-work-items** | Retrieve user's current Azure DevOps work items and organize them into planning file definitions | +| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file | +| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps | +| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado-update-wit-items** | Prompt to update work items based on planning files | +| **checkpoint** | Save or restore conversation context using memory files | +| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass | +| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps | +| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | +| **dt-canonical-deck** | Unified canonical deck workflow for opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build | +| **dt-figma-export** | Export Design Thinking artifacts to a collaborative FigJam board or Figma Design file using the official Figma MCP server | +| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher | +| **dt-handoff-problem-space** | Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-handoff-solution-space** | Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher | +| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering | +| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation | +| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes | +| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c | +| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b | +| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a | +| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c | +| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation | +| **dt-resume-coaching** | Resume a Design Thinking coaching session — reads coaching state and re-establishes context | +| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction | +| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | +| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | +| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | +| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | +| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection | +| **github-discover-issues** | Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review | +| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file | +| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog | +| **github-suggest** | Resume GitHub backlog management workflow after session restore | +| **github-triage-issues** | Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection | +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | +| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | +| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | +| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | +| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | +| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | +| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | +| **pull-request** | Generates pull request descriptions from branch diffs | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | +| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | +| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | +| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | +| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | +| **synth-data-generate** | Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships | +| **task-implement** | Locates and executes implementation plans using Task Implementor | +| **task-plan** | Initiates implementation planning based on user context or research documents | +| **task-research** | Initiates research for implementation planning based on user requirements | +| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | ### Instructions -| Name | Description | -|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | -| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | -| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | -| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | -| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | -| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | -| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | -| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | -| **coding-standards/bash/bash** | Instructions for bash script implementation | -| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | -| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | -| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | -| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | -| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | -| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | -| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | -| **coding-standards/python-script** | Instructions for Python scripting implementation | -| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | -| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | -| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | -| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | -| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | -| **design-thinking/dt-canonical-deck** | Opt-in canonical deck and customer-card workflow for DT coaching | -| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | -| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | -| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises | -| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules | -| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | -| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | -| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | -| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | -| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | -| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | -| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation | -| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | -| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | -| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks | -| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | -| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | -| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | -| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | -| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | -| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | -| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation | -| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | -| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement | -| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment | -| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | -| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | -| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | -| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | -| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | -| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | -| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | -| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | -| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | -| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | -| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | -| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | -| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | -| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | -| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | -| **hve-core/commit-message** | Required instructions for creating all commit messages | -| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | -| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | -| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | -| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | -| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | -| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | -| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | -| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | -| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | -| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | -| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | -| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | -| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | -| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | -| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | -| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | -| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | -| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | -| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | -| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | -| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | +| Name | Description | +|------|-------------| +| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection | +| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection | +| **ado/ado-create-pull-request** | Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. | +| **ado/ado-get-build-info** | Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. | +| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting | +| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking | +| **ado/ado-wit-discovery** | Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output | +| **ado/ado-wit-planning** | Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols | +| **coding-standards/bash/bash** | Instructions for bash script implementation | +| **coding-standards/bicep/bicep** | Instructions for Bicep infrastructure as code implementation | +| **coding-standards/code-review/diff-computation** | Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering | +| **coding-standards/code-review/review-artifacts** | Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules | +| **coding-standards/csharp/csharp** | Required instructions for C# (CSharp) research, planning, implementation, editing, or creating | +| **coding-standards/csharp/csharp-tests** | Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating | +| **coding-standards/powershell/pester** | Instructions for Pester testing conventions | +| **coding-standards/powershell/powershell** | Instructions for PowerShell scripting implementation | +| **coding-standards/python-script** | Instructions for Python scripting implementation | +| **coding-standards/python-tests** | Required instructions for Python test code research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust** | Required instructions for Rust research, planning, implementation, editing, or creating | +| **coding-standards/rust/rust-tests** | Required instructions for Rust test code research, planning, implementation, editing, or creating | +| **coding-standards/terraform/terraform** | Instructions for Terraform infrastructure as code implementation | +| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands | +| **design-thinking/dt-canonical-deck** | Opt-in canonical deck and customer-card workflow for DT coaching | +| **design-thinking/dt-coaching-identity** | Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. | +| **design-thinking/dt-coaching-state** | Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery | +| **design-thinking/dt-curriculum-01-scoping** | DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-02-research** | DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-03-synthesis** | DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-04-brainstorming** | DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-05-concepts** | DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-06-prototypes** | DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-07-testing** | DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-08-iteration** | DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-09-handoff** | DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises | +| **design-thinking/dt-curriculum-scenario-manufacturing** | Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules | +| **design-thinking/dt-image-prompt-generation** | M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement | +| **design-thinking/dt-industry-energy** | Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-healthcare** | Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-industry-manufacturing** | Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios | +| **design-thinking/dt-method-01-deep** | Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation | +| **design-thinking/dt-method-01-scope** | Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation | +| **design-thinking/dt-method-02-deep** | Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation | +| **design-thinking/dt-method-02-research** | Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns | +| **design-thinking/dt-method-03-deep** | Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation | +| **design-thinking/dt-method-03-synthesis** | Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness | +| **design-thinking/dt-method-04-brainstorming** | Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry | +| **design-thinking/dt-method-04-deep** | Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks | +| **design-thinking/dt-method-05-concepts** | Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development | +| **design-thinking/dt-method-05-deep** | Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management | +| **design-thinking/dt-method-06-deep** | Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping | +| **design-thinking/dt-method-06-lofi-prototypes** | Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit | +| **design-thinking/dt-method-07-deep** | Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing | +| **design-thinking/dt-method-07-hifi-prototypes** | Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications | +| **design-thinking/dt-method-08-deep** | Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation | +| **design-thinking/dt-method-08-testing** | Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support | +| **design-thinking/dt-method-09-deep** | Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement | +| **design-thinking/dt-method-09-iteration** | Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment | +| **design-thinking/dt-method-sequencing** | Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching | +| **design-thinking/dt-quality-constraints** | Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods | +| **design-thinking/dt-rpi-handoff-contract** | DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow | +| **design-thinking/dt-rpi-implement-context** | DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support | +| **design-thinking/dt-rpi-planning-context** | DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts | +| **design-thinking/dt-rpi-research-context** | DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry | +| **design-thinking/dt-rpi-review-context** | DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts | +| **design-thinking/dt-subagent-handoff** | DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch | +| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent | +| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill | +| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts | +| **github/github-backlog-discovery** | Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery | +| **github/github-backlog-planning** | Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence | +| **github/github-backlog-triage** | Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection | +| **github/github-backlog-update** | Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations | +| **hve-core/commit-message** | Required instructions for creating all commit messages | +| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | +| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | +| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | +| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | +| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | +| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | +| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | +| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | +| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | +| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | ### Skills -| Name | Description | -|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **customer-card-render** | Generate customer-card PowerPoint content YAML from Design Thinking canonical artifacts and build using the shared PowerPoint skill pipeline | -| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | -| **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | -| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | -| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | -| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | -| **owasp-docker** | OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to you by microsoft/hve-core. | -| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | -| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | -| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | -| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | -| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | -| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | -| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | -| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | -| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | -| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | -| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | +| Name | Description | +|------|-------------| +| **customer-card-render** | Generate customer-card PowerPoint content YAML from Design Thinking canonical artifacts and build using the shared PowerPoint skill pipeline | +| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI | +| **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | +| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | +| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | +| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | +| **owasp-docker** | OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to you by microsoft/hve-core. | +| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | +| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | +| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | +| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | +| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling | +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals | +| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | +| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | +| **video-to-gif** | Video-to-GIF conversion skill with FFmpeg two-pass optimization | +| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation | diff --git a/plugins/hve-core/README.md b/plugins/hve-core/README.md index eb2dca76d..f461e21ff 100644 --- a/plugins/hve-core/README.md +++ b/plugins/hve-core/README.md @@ -11,62 +11,62 @@ HVE Core provides the flagship RPI (Research, Plan, Implement, Review) workflow ### Chat Agents -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | -| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | -| **memory** | Conversation memory persistence for session continuity | -| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | -| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | -| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | -| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | -| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | -| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | -| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | -| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | -| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | -| **task-planner** | Implementation planner for creating actionable implementation plans | -| **task-researcher** | Task research specialist for comprehensive project analysis | -| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | +| Name | Description | +|------|-------------| +| **doc-ops** | Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **memory** | Conversation memory persistence for session continuity | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **pr-review** | Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance | +| **prompt-builder** | Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files | +| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance | +| **prompt-tester** | Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value | +| **prompt-updater** | Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records | +| **task-planner** | Implementation planner for creating actionable implementation plans | +| **task-researcher** | Task research specialist for comprehensive project analysis | +| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance | ### Prompts -| Name | Description | -|------------------------|--------------------------------------------------------------------------------------------------------------------------| -| **checkpoint** | Save or restore conversation context using memory files | -| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | -| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | -| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | -| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | -| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | -| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | -| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | -| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | -| **pull-request** | Generates pull request descriptions from branch diffs | -| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | -| **task-implement** | Locates and executes implementation plans using Task Implementor | -| **task-plan** | Initiates implementation planning based on user context or research documents | -| **task-research** | Initiates research for implementation planning based on user requirements | -| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | +| Name | Description | +|------|-------------| +| **checkpoint** | Save or restore conversation context using memory files | +| **doc-ops-update** | Invoke doc-ops agent for documentation quality assurance and updates | +| **git-commit** | Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit | +| **git-commit-message** | Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch | +| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. | +| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) | +| **prompt-analyze** | Evaluates prompt engineering artifacts against quality criteria and reports findings | +| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria | +| **prompt-refactor** | Refactors and cleans up prompt engineering artifacts through iterative improvement | +| **pull-request** | Generates pull request descriptions from branch diffs | +| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks | +| **task-implement** | Locates and executes implementation plans using Task Implementor | +| **task-plan** | Initiates implementation planning based on user context or research documents | +| **task-research** | Initiates research for implementation planning based on user requirements | +| **task-review** | Initiates implementation review based on user context or automatic artifact discovery | ### Instructions -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **hve-core/commit-message** | Required instructions for creating all commit messages | -| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | -| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | -| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | -| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | -| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | +| Name | Description | +|------|-------------| +| **hve-core/commit-message** | Required instructions for creating all commit messages | +| **hve-core/git-merge** | Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. | +| **hve-core/markdown** | Required instructions for creating or editing any Markdown (.md) files | +| **hve-core/prompt-builder** | Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills | +| **hve-core/pull-request** | Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools | +| **hve-core/writing-style** | Required writing style conventions for voice, tone, and language in all markdown content | | **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | diff --git a/plugins/installer/README.md b/plugins/installer/README.md index bdb6c7ebe..088796f91 100644 --- a/plugins/installer/README.md +++ b/plugins/installer/README.md @@ -11,14 +11,14 @@ Deploy HVE Core artifacts across workspace configurations with the hve-core-inst ### Instructions -| Name | Description | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **hve-core-installer** | Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows | diff --git a/plugins/jira/README.md b/plugins/jira/README.md index cad583e67..d6eca6c79 100644 --- a/plugins/jira/README.md +++ b/plugins/jira/README.md @@ -3,6 +3,8 @@ Jira backlog management, PRD issue planning, and issue operations through agents, prompts, instructions, and a Python skill +> **⚠️ Experimental** — This collection is experimental. Contents and behavior may change or be removed without notice. + ## Overview Manage Jira backlog workflows and PRD-driven issue planning from VS Code. This collection adds dedicated Jira agents, prompts, and instructions on top of the Jira skill so discovery, triage, execution, and planning workflows use the same tracking and handoff patterns as the rest of HVE Core. @@ -11,35 +13,35 @@ Manage Jira backlog workflows and PRD-driven issue planning from VS Code. This c ### Chat Agents -| Name | Description | -|--------------------------|---------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **jira-backlog-manager** | Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions | -| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | +| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira | ### Prompts -| Name | Description | -|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **jira-discover-issues** | Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review | -| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | -| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | -| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | +| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file | +| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira | +| **jira-triage-issues** | Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates | ### Instructions -| Name | Description | -|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | -| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | -| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | -| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | -| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **jira/jira-backlog-discovery** | Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery | +| **jira/jira-backlog-planning** | Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence | +| **jira/jira-backlog-triage** | Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution | +| **jira/jira-backlog-update** | Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations | +| **jira/jira-wit-planning** | Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Name | Description | +|------|-------------| | **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. | diff --git a/plugins/project-planning/README.md b/plugins/project-planning/README.md index d0295f124..218587381 100644 --- a/plugins/project-planning/README.md +++ b/plugins/project-planning/README.md @@ -11,66 +11,66 @@ Create architecture decision records, requirements documents, and diagrams — a ### Chat Agents -| Name | Description | -|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | -| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | -| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | -| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | -| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | -| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | -| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | -| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | -| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | -| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | -| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | -| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | -| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | -| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | -| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | +| Name | Description | +|------|-------------| +| **adr-creation** | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | +| **agile-coach** | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool | +| **arch-diagram-builder** | Architecture diagram builder agent that builds high quality ASCII-art diagrams | +| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration | +| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings | +| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp | +| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking | +| **plan-validator** | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings | +| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration | +| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them | +| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment | +| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | ### Prompts -| Name | Description | -|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| -| **incident-response** | Incident response workflow for Azure operations scenarios | -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| Name | Description | +|------|-------------| +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | | **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | -| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | -| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | -| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | -| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | -| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | -| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | -| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | ### Instructions -| Name | Description | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | -| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | -| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | -| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | -| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | -| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | -| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | -| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | -| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | -| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | -| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | -| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | +| Name | Description | +|------|-------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows | diff --git a/plugins/rai-planning/README.md b/plugins/rai-planning/README.md index 5677d5c1b..49dde0551 100644 --- a/plugins/rai-planning/README.md +++ b/plugins/rai-planning/README.md @@ -19,30 +19,30 @@ Assess AI systems for responsible AI risks using structured standards-aligned an ### Chat Agents -| Name | Description | -|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| Name | Description | +|------|-------------| +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | ### Prompts -| Name | Description | -|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| Name | Description | +|------|-------------| +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | | **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | ### Instructions -| Name | Description | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | diff --git a/plugins/security/README.md b/plugins/security/README.md index 5e2d7c64d..f1086e00e 100644 --- a/plugins/security/README.md +++ b/plugins/security/README.md @@ -3,6 +3,8 @@ Security review, planning, incident response, risk assessment, and vulnerability analysis +> **⚠️ Experimental** — This collection is experimental. Contents and behavior may change or be removed without notice. + > [!CAUTION] > The security agents and prompts in this collection are **assistive tools only**. They do not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated security artifacts **must** be reviewed and validated by qualified security professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment. @@ -17,75 +19,75 @@ Security review, planning, incident response, risk assessment, vulnerability ana ### Chat Agents -| Name | Description | -|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | -| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | -| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | -| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | -| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | -| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | -| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | -| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | -| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | +| Name | Description | +|------|-------------| +| **codebase-profiler** | Scans the repository to build a technology profile and identify which security skills apply to the codebase | +| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill | +| **rai-planner** | Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. | +| **report-generator** | Collates verified security skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ | +| **researcher-subagent** | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | +| **security-planner** | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | +| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting | +| **skill-assessor** | Assesses a single security knowledge skill against the codebase, reading vulnerability references and returning structured findings | +| **sssc-planner** | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | ### Prompts -| Name | Description | -|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------| -| **incident-response** | Incident response workflow for Azure operations scenarios | -| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | -| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | +| Name | Description | +|------|-------------| +| **incident-response** | Incident response workflow for Azure operations scenarios | +| **rai-capture** | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | +| **rai-plan-from-prd** | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | | **rai-plan-from-security-plan** | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | -| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | -| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | -| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | -| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | -| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | -| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | -| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | -| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | -| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | -| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | -| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | +| **risk-register** | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | +| **security-capture** | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | +| **security-plan-from-prd** | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | +| **security-review** | Runs an OWASP vulnerability assessment against the current codebase | +| **security-review-llm** | Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context | +| **security-review-sbd** | Runs a Secure by Design principles assessment based on UK and Australian government guidance | +| **security-review-web** | Runs an OWASP Top 10 web vulnerability assessment without codebase profiling | +| **sssc-capture** | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | +| **sssc-from-brd** | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | +| **sssc-from-prd** | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | +| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | ### Instructions -| Name | Description | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | -| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | -| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | -| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | -| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | -| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | -| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | -| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | -| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | -| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | -| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | -| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | -| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | -| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | -| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | -| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | -| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | -| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | +| Name | Description | +|------|-------------| +| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | +| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods | +| **rai-planning/rai-identity** | RAI Planner identity, 5-phase orchestration, state management, and session recovery | +| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | +| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | +| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | +| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates | +| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols | +| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns | +| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis | +| **security/sssc-assessment** | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | +| **security/sssc-backlog** | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | +| **security/sssc-gap-analysis** | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | +| **security/sssc-handoff** | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | +| **security/sssc-identity** | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | +| **security/sssc-standards** | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | +| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups | +| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | ### Skills -| Name | Description | -|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | -| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | -| **owasp-docker** | OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to you by microsoft/hve-core. | -| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | -| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | -| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | -| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | -| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | -| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | -| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | +| Name | Description | +|------|-------------| +| **owasp-agentic** | OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. | +| **owasp-cicd** | OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core. | +| **owasp-docker** | OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments - Brought to you by microsoft/hve-core. | +| **owasp-infrastructure** | OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core. | +| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. | +| **owasp-mcp** | OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core. | +| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. | +| **pr-reference** | Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. | +| **secure-by-design** | Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core. | +| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. | diff --git a/scripts/collections/Validate-Collections.ps1 b/scripts/collections/Validate-Collections.ps1 index e9f98a1e3..d61b021e0 100644 --- a/scripts/collections/Validate-Collections.ps1 +++ b/scripts/collections/Validate-Collections.ps1 @@ -231,12 +231,12 @@ function Invoke-CollectionValidation { $seenIds[$id] = $file.Name } - # Validate collection-level maturity if present - if ($manifest.ContainsKey('maturity') -and -not [string]::IsNullOrWhiteSpace([string]$manifest.maturity)) { - $collMaturity = [string]$manifest.maturity - if ($allowedMaturities -notcontains $collMaturity) { - $fileErrors += "invalid collection maturity '$collMaturity' (allowed: $($allowedMaturities -join ', '))" - } + # Validate collection-level maturity (required) + if (-not $manifest.ContainsKey('maturity') -or [string]::IsNullOrWhiteSpace([string]$manifest.maturity)) { + $fileErrors += "missing required field 'maturity'" + } + elseif ($allowedMaturities -notcontains ([string]$manifest.maturity)) { + $fileErrors += "invalid collection maturity '$([string]$manifest.maturity)' (allowed: $($allowedMaturities -join ', '))" } # Validate each item diff --git a/scripts/tests/collections/Validate-Collections.Tests.ps1 b/scripts/tests/collections/Validate-Collections.Tests.ps1 index 53675a8ef..72f731085 100644 --- a/scripts/tests/collections/Validate-Collections.Tests.ps1 +++ b/scripts/tests/collections/Validate-Collections.Tests.ps1 @@ -102,6 +102,7 @@ Describe 'Invoke-CollectionValidation - repo-specific path rejection' { id = 'test-reject-instr' name = 'Test Reject Instruction' description = 'Tests repo-specific instruction rejection' + maturity = 'stable' items = @( [ordered]@{ path = '.github/instructions/workflows.instructions.md' @@ -122,6 +123,7 @@ Describe 'Invoke-CollectionValidation - repo-specific path rejection' { id = 'test-allow-location' name = 'Test Allow Location' description = 'Tests that subdirectory instructions are allowed' + maturity = 'stable' items = @( [ordered]@{ path = '.github/instructions/shared/hve-core-location.instructions.md' @@ -141,6 +143,7 @@ Describe 'Invoke-CollectionValidation - repo-specific path rejection' { id = 'test-reject-agent' name = 'Test Reject Agent' description = 'Tests repo-specific agent rejection' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/internal.agent.md' @@ -161,6 +164,7 @@ Describe 'Invoke-CollectionValidation - repo-specific path rejection' { id = 'test-allow-agent' name = 'Test Allow Agent' description = 'Tests that subdirectory agents pass' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/hve-core/rpi-agent.agent.md' @@ -297,7 +301,7 @@ Describe 'Invoke-CollectionValidation - collection-level maturity' { $result.ErrorCount | Should -BeGreaterOrEqual 1 } - It 'Passes validation for collection with omitted maturity' { + It 'Fails validation for collection with omitted maturity' { $manifest = [ordered]@{ id = 'test-maturity-omitted' name = 'Test' @@ -313,7 +317,8 @@ Describe 'Invoke-CollectionValidation - collection-level maturity' { Set-Content -Path (Join-Path $script:collectionsDir 'test-maturity-omitted.collection.yml') -Value $yaml $result = Invoke-CollectionValidation -RepoRoot $script:repoRoot - $result.Success | Should -BeTrue + $result.Success | Should -BeFalse + $result.ErrorCount | Should -BeGreaterOrEqual 1 } } @@ -359,6 +364,7 @@ Describe 'Invoke-CollectionValidation - collection-to-folder name consistency' { id = 'my-collection' name = 'My Collection' description = 'Collection with matching folder' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/my-collection/match.agent.md' @@ -384,6 +390,7 @@ Describe 'Invoke-CollectionValidation - collection-to-folder name consistency' { id = 'my-collection' name = 'My Collection' description = 'Collection with mismatched folder' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/wrong-folder/mismatch.agent.md' @@ -409,6 +416,7 @@ Describe 'Invoke-CollectionValidation - collection-to-folder name consistency' { id = 'my-collection' name = 'My Collection' description = 'Collection referencing hve-core item' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/hve-core/core.agent.md' @@ -424,6 +432,7 @@ Describe 'Invoke-CollectionValidation - collection-to-folder name consistency' { id = 'hve-core' name = 'HVE Core' description = 'HVE Core collection' + maturity = 'stable' items = @() } $hveYaml = ConvertTo-Yaml -Data $hveCoreManifest @@ -445,6 +454,7 @@ Describe 'Invoke-CollectionValidation - collection-to-folder name consistency' { id = 'my-collection' name = 'My Collection' description = 'Collection referencing shared item' + maturity = 'stable' items = @( [ordered]@{ path = '.github/instructions/shared/shared.instructions.md' @@ -470,6 +480,7 @@ Describe 'Invoke-CollectionValidation - collection-to-folder name consistency' { id = 'hve-core-all' name = 'HVE Core All' description = 'Aggregate collection' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/my-collection/match.agent.md' @@ -508,6 +519,7 @@ Describe 'Invoke-CollectionValidation - collection-to-folder name consistency' { id = 'my-collection' name = 'My Collection' description = 'Mismatch for warning output test' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/wrong-folder/mismatch.agent.md' @@ -578,6 +590,7 @@ items: id = 'INVALID_ID!' name = 'Bad ID' description = 'Invalid id format' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -597,6 +610,7 @@ items: id = 'dup-id' name = 'First' description = 'First collection' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -617,6 +631,7 @@ items: id = 'missing-path' name = 'Missing' description = 'Item path missing' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/nonexistent.agent.md' @@ -650,6 +665,7 @@ items: id = 'bad-item-mat' name = 'Bad Item Maturity' description = 'Item with invalid maturity' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -670,6 +686,7 @@ items: id = 'suffix-mismatch' name = 'Suffix Mismatch' description = 'Agent path with wrong suffix' + maturity = 'stable' items = @( [ordered]@{ path = '.github/instructions/test/test.instructions.md' @@ -689,6 +706,7 @@ items: id = 'instr-suffix' name = 'Instruction Suffix' description = 'Instruction item with agent suffix' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -713,6 +731,7 @@ items: id = 'dup-artifact' name = 'Dup Artifact' description = 'Same artifact key from different paths' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -738,6 +757,7 @@ items: id = 'share-one' name = 'Share One' description = 'First sharer' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -749,6 +769,7 @@ items: id = 'share-two' name = 'Share Two' description = 'Second sharer' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -760,6 +781,7 @@ items: id = 'hve-core-all' name = 'All' description = 'Canonical - missing a.agent.md' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/b.agent.md' @@ -789,6 +811,7 @@ items: id = 'hve-core-all' name = 'All' description = 'Canonical collection' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -801,6 +824,7 @@ items: id = 'conflict-col' name = 'Conflict' description = 'Conflicting maturity' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md' @@ -855,11 +879,13 @@ Describe 'Invoke-CollectionValidation - new checks' { It 'Warns but passes when .collection.md companion is missing' { $manifest = [ordered]@{ id = 'no-companion'; name = 'No Companion'; description = 'Missing companion md' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'no-companion.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } @@ -876,12 +902,14 @@ Describe 'Invoke-CollectionValidation - new checks' { It 'Passes cleanly when .collection.md companion is present' { $manifest = [ordered]@{ id = 'has-companion'; name = 'Has Companion'; description = 'With md' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'has-companion.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) Set-Content -Path (Join-Path $script:collectionsDir 'has-companion.collection.md') -Value '# Has Companion' $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } @@ -899,6 +927,7 @@ Describe 'Invoke-CollectionValidation - new checks' { It 'Fails when the same item appears twice in one collection' { $manifest = [ordered]@{ id = 'intra-dup'; name = 'Intra Dup'; description = 'Dup item' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' } @@ -918,6 +947,7 @@ Describe 'Invoke-CollectionValidation - new checks' { $manifest = [ordered]@{ id = 'distinct-items'; name = 'Distinct'; description = 'Distinct items' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/test2/b.agent.md'; kind = 'agent' } @@ -925,6 +955,7 @@ Describe 'Invoke-CollectionValidation - new checks' { } $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/test2/b.agent.md'; kind = 'agent' }, @@ -945,11 +976,13 @@ Describe 'Invoke-CollectionValidation - new checks' { It 'Fails when a themed collection item is absent from hve-core-all' { $manifest = [ordered]@{ id = 'themed-only'; name = 'Themed Only'; description = 'Item not in hve-core-all' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } # Canonical exists but does NOT include a.agent.md - only orphan - so Check 4 fires $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical - missing themed item' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'themed-only.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) @@ -965,10 +998,12 @@ Describe 'Invoke-CollectionValidation - new checks' { It 'Passes when all themed items are present in hve-core-all' { $themed = [ordered]@{ id = 'themed-covered'; name = 'Themed Covered'; description = 'Covered by canonical' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } @@ -989,10 +1024,12 @@ Describe 'Invoke-CollectionValidation - new checks' { # manifest and canonical cover a.agent.md but NOT orphan/orphan.agent.md $manifest = [ordered]@{ id = 'partial-coverage'; name = 'Partial'; description = 'Missing orphan' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical - missing orphan' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'partial-coverage.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) @@ -1009,10 +1046,12 @@ Describe 'Invoke-CollectionValidation - new checks' { # Themed covers only a.agent.md; canonical covers both - orphan is canonical-only $themed = [ordered]@{ id = 'themed-partial'; name = 'Themed Partial'; description = 'Missing orphan in themed' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical - covers orphan' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } @@ -1052,6 +1091,7 @@ Describe 'Invoke-CollectionValidation - marker validation' -Tag 'Unit' { It 'Passes when collection.md has valid matched marker pairs' { $manifest = [ordered]@{ id = 'valid-markers'; name = 'Valid Markers'; description = 'Matched markers' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'valid-markers.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) @@ -1065,6 +1105,7 @@ Generated content. Set-Content -Path (Join-Path $script:collectionsDir 'valid-markers.collection.md') -Value $mdContent $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } @@ -1081,6 +1122,7 @@ Generated content. It 'Warns but passes when begin marker exists without end marker' { $manifest = [ordered]@{ id = 'begin-only'; name = 'Begin Only'; description = 'Missing end' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'begin-only.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) @@ -1093,6 +1135,7 @@ Content without end marker. Set-Content -Path (Join-Path $script:collectionsDir 'begin-only.collection.md') -Value $mdContent $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } @@ -1109,6 +1152,7 @@ Content without end marker. It 'Warns but passes when end marker exists without begin marker' { $manifest = [ordered]@{ id = 'end-only'; name = 'End Only'; description = 'Missing begin' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'end-only.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) @@ -1121,6 +1165,7 @@ Content without begin marker. Set-Content -Path (Join-Path $script:collectionsDir 'end-only.collection.md') -Value $mdContent $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } @@ -1137,12 +1182,14 @@ Content without begin marker. It 'Does not warn when collection.md has no markers (backward compat)' { $manifest = [ordered]@{ id = 'no-markers'; name = 'No Markers'; description = 'Legacy no markers' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'no-markers.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) Set-Content -Path (Join-Path $script:collectionsDir 'no-markers.collection.md') -Value '# No Markers - legacy content without any markers' $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' } @@ -1159,6 +1206,7 @@ Content without begin marker. It 'Warns but passes when markers appear in wrong order' { $manifest = [ordered]@{ id = 'reversed'; name = 'Reversed'; description = 'Wrong order' + maturity = 'stable' items = @([ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }) } Set-Content -Path (Join-Path $script:collectionsDir 'reversed.collection.yml') -Value (ConvertTo-Yaml -Data $manifest) @@ -1172,6 +1220,7 @@ Content. Set-Content -Path (Join-Path $script:collectionsDir 'reversed.collection.md') -Value $mdContent $canonical = [ordered]@{ id = 'hve-core-all'; name = 'All'; description = 'Canonical' + maturity = 'stable' items = @( [ordered]@{ path = '.github/agents/test/a.agent.md'; kind = 'agent' }, [ordered]@{ path = '.github/agents/orphan/orphan.agent.md'; kind = 'agent' }