feat(agents): thin GHCP cloud-agent wrapper exposing hve-core RPI

[katriendg]

Description

This PR introduces a thin wrapper that surfaces the autonomous Research → Plan → Implement → Review workflow from microsoft/hve-core inside GitHub Copilot cloud-agent sessions for this repo Physical AI Toolchain. Two custom agent profiles plus one workflow step are all that is required: the umbrella Physical-AI RPI appears in the cloud-agent picker, while a hidden generic worker Physical-AI RPI Worker loads any upstream hve-core subagent body by name at dispatch time. The upstream personas are pulled fresh on every session boot by a new Bootstrap hve-core RPI persona step in copilot-setup-steps.yml, which runs outside the cloud-agent firewall and writes the bodies into the workspace before the agent starts.

The split between umbrella and hidden worker is a deliberate response to cloud-agent surface constraints: a single profile cannot be both picker-visible and content-neutral, cannot give the orchestrator github-write authority while keeping subagents read-only, and cannot decouple this repo from the hve-core subagent roster. The two-agent shape solves all four at once with no per-persona file proliferation.

This feature is in experimental stage, to be tested with a small number of RPI tasks before wider adoption, and learn how extensibility with HVE Core can also work for cloud based coding agents. The bootstrap step's continue-on-error: true ensures that a transient fetch failure does not block cloud-agent sessions entirely; the umbrella detects missing files and reports the failure as a PR comment so maintainers can retry.

Closes #609.

Type of Change

• 🐛 Bug fix (non-breaking change fixing an issue)
• ✨ New feature (non-breaking change adding functionality)
• 💥 Breaking change (fix or feature causing existing functionality to change)
• 📚 Documentation update
• 🏗️ Infrastructure change (Terraform/IaC)
• ♻️ Refactoring (no functional changes)

Component(s) Affected

• infrastructure/terraform/prerequisites/ - Azure subscription setup
• infrastructure/terraform/ - Terraform infrastructure
• infrastructure/setup/ - OSMO control plane / Helm
• workflows/ - Training and evaluation workflows
• training/ - Training pipelines and scripts
• docs/ - Documentation

Also touches .github/agents/, .github/workflows/copilot-setup-steps.yml, and .github/copilot-instructions.md (custom agent surface and bootstrap workflow).

Changes

New cloud-agent profiles

Both files target github-copilot only and stay well under the 30,000-character cloud-agent prompt cap.

• Added Physical-AI RPI umbrella at .github/agents/physical-ai-rpi.agent.md. Performs bootstrap verification against _audit.md, adopts the upstream RPI procedure, applies a physical-AI overlay (Isaac Sim ABI pin numpy>=1.26.0,<2.0.0, CUDA/cuDNN drift in evaluation/**/Dockerfile* and Dockerfile.lerobot-eval, terraform azurerm major-bump caution, dataviewer FastAPI/React surfaces), and dispatches subagents via the agent tool with a persona: <stem> payload. Holds the github/add_pull_request_comment and github/update_pull_request MCP tools so phase artifacts post directly to the PR.
• Added Physical-AI RPI Worker at .github/agents/physical-ai-rpi-worker.agent.md. Marked user-invocable: false and disable-model-invocation: true, so it is hidden from the picker and reachable only via the umbrella. Validates the persona name against ^[a-z][a-z0-9-]*$, resolves to .copilot-tracking/upstream/hve-core-rpi/subagents/<persona>.agent.md, and adopts that body verbatim. Read-only on github; never commits or dispatches further.

Always-latest-main bootstrap

• Added Bootstrap hve-core RPI persona step to .github/workflows/copilot-setup-steps.yml. Resolves microsoft/hve-core@main to a concrete SHA via gh api, downloads the umbrella rpi-agent.agent.md, enumerates the upstream subagents/ directory, downloads each *.agent.md, and writes an _audit.md recording the resolved SHA and discovered subagent list. The step runs outside the cloud-agent firewall (per the customize-the-agent-firewall docs) so it can reach raw.githubusercontent.com, which the cloud-agent itself cannot. continue-on-error: true keeps a transient upstream fetch failure from blocking session boot — the umbrella's Step 0 detects missing files and reports the failure as a PR comment.

Documentation and registry

• Updated .github/copilot-instructions.md with a new Cloud-Agent RPI Wrapper subsection summarising the bootstrap step and the umbrella/worker pair.
• Updated docs/reference/copilot-artifacts.md with two new rows in the agent registry table and a reference section explaining the four reasons the two-agent split is necessary on the cloud-agent surface.

Testing Performed

• Terraform plan reviewed (no unexpected changes)
• Terraform apply tested in dev environment
• Training scripts tested locally with Isaac Sim
• OSMO workflow submitted successfully
• Smoke tests passed (smoke_test_azure.py)

This PR ships only custom agent profiles, a setup-steps workflow step, and documentation. The standard test matrix above does not apply. Manual smoke test plan: after merge, assign a small task to the Physical-AI RPI agent in the cloud-agent picker and verify (a) the bootstrap step logs a resolved hve-core SHA, (b) _audit.md lists at least the researcher-subagent and phase-implementor personas, (c) Research / Plan / Implement / Review phases each post a <details>-wrapped PR comment, and (d) the PR description carries an "🧭 RPI Artifact Index" block linking to those comment URLs.

Documentation Impact

• No documentation changes needed
• Documentation updated in this PR
• Documentation issue filed

Bug Fix Checklist

Not applicable — this is a new feature, not a bug fix.

Checklist

• My code follows the project conventions
• Commit messages follow conventional commit format
• I have performed a self-review
• Documentation impact assessed above
• No new linting warnings introduced (npm run lint:md, npm run spell-check, npm run lint:yaml clean for changed files; the two pre-existing datasets/lerobot/README.md errors are unrelated to this PR)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 52e8e65.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

None

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.70%. Comparing base (6141db4) to head (52e8e65).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #610      +/-   ##
==========================================
+ Coverage   65.16%   67.70%   +2.53%     
==========================================
  Files         251      263      +12     
  Lines       15597    16827    +1230     
  Branches     2152     2290     +138     
==========================================
+ Hits        10164    11392    +1228     
  Misses       5142     5142              
- Partials      291      293       +2     

Flag	Coverage Δ		*Carryforward flag
pester	83.13% <ø> (ø)		Carriedforward from 2297be9
pytest-data-pipeline	100.00% <ø> (ø)		Carriedforward from 2297be9
pytest-dataviewer	66.92% <ø> (ø)		Carriedforward from 2297be9
pytest-dm-tools	100.00% <ø> (ø)		Carriedforward from 2297be9
pytest-evaluation	99.83% <ø> (?)
pytest-fuzz	4.90% <ø> (ø)		Carriedforward from 2297be9
pytest-inference	0.00% <ø> (ø)		Carriedforward from 2297be9
pytest-training	82.14% <ø> (ø)		Carriedforward from 2297be9
vitest	53.02% <ø> (ø)		Carriedforward from 2297be9

*This pull request uses carry forward flags. Click here to find out more.
see 12 files with indirect coverage changes

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[rezatnoMsirhC]

Thank you for this contribution! The two-agent split design is well-reasoned and the rationale is clearly documented. I'm interested in seeing how this works out so I can do something similar for other agents/workflows from hve-core in edge-ai and physical-ai-toolchain. Left a few minor comments.