Load PRs from the active workspace repo instead of the extension directory, surface PR load errors in the canvas UI, and add MediaPipe CDN fallbacks for better runtime reliability.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add automations learning hub guide and integrate into docs
- Create new learning hub article: "Using Automations in the GitHub Copilot app"
- Covers practical approach to getting started with automations
- Includes templates, work-surface audit technique, and real examples
- Features the in-app "Awesome Copilot daily PR summary" automation as concrete reference
- Integrates Ashley's Slack guidance on iterative refinement and discovery
- Link from main Learning Hub index and GitHub Copilot app article
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* docs: add canvas extensions learning hub guide
Add a new Learning Hub page for creating and iterating canvas extensions with /create-canvas, including examples and best practices for storage scope and joinSession/createCanvas handlers.
Wire the article into Fundamentals navigation and related Learning Hub pages, and add stable extension card anchors so docs can deep-link to specific entries in the Canvas Extensions listing.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Add keyword display to extension cards on website
- Add .resource-keywords and .keyword-tag CSS styles for rendering keyword badges
- Update renderExtensionsHtml() to display keywords below extension description
- Keywords now visible on the website extensions page with styled badges
- Regenerate website data to include keyword metadata
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Canvas manifest implementation for all extensions
Add per-extension canvas manifests with:
- Structured canvas metadata (name, description, version, keywords)
- Screenshot definitions (icon and gallery with path/type)
- Relative paths for images within each extension directory
Enhance extension metadata:
- Generate meaningful descriptions from source analysis
- Extract and assign keywords for discoverability
- Store metadata in package.json and extension source files
Update website rendering and data generation:
- Include keywords in extension cards and search index
- Add per-extension canvas.json files for independent evolution
- Support screenshot metadata in manifest structure
- Generate extensions.json with full canonical paths for website
All 9 local canvas extensions now have complete manifests with descriptions, keywords, and screenshot references.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Tweaking some descriptions
* Fix description priority to prefer package.json over in-source metadata
Reverse the priority in canvasDescription so that package.json descriptions
(which contain the enhanced, manually-curated descriptions) take precedence
over older in-source descriptions extracted from createCanvas(...) calls.
This prevents regression when npm run website:data regenerates outputs,
ensuring that committed canvas.json files maintain the current descriptions.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix canvas validation to skip external.json file
The validation script was treating extensions/external.json as if it were
a directory, causing false validation failures. Added check to skip files
(identified by presence of dot in filename) and only validate actual
canvas extension directories.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add a new 'Launching Sessions from the Terminal with Deep Links' section to the
GitHub Copilot app overview documentation. This section covers:
- Supported URL schemes (ghapp://, github-app://, gh://)
- session/new route with all supported parameters (repo, branch, pr, prompt, mode)
- Practical examples for common workflows
- Other useful deep links (chats, mywork, workflows, issues, PRs)
- Important limitations (repo-centric focus, local folder restrictions)
This addresses the request from the #github-app Slack channel discussion about
opening ghapp from the terminal for a better development experience.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Update .NET Copilot SDK cookbook for GitHub.Copilot.SDK 1.0
Align the dotnet copilot-sdk cookbook recipes and docs with the 1.0.1 release:
- Namespace GitHub.Copilot.SDK -> GitHub.Copilot
- MCP config uses Dictionary<string, McpServerConfig> + McpStdioServerConfig (drop Type discriminator)
- StopAsync no longer returns an error list; wrap graceful shutdown in try/catch
- GetMessagesAsync -> GetEventsAsync with event pattern matching
- LogLevel string -> CopilotLogLevel.Error enum
* Address PR review: clarify package/namespace, default event case, MCP stdio wording
- Note that the GitHub.Copilot.SDK package exposes the GitHub.Copilot namespace in each recipe
- Add a default case + note to the GetEventsAsync history example so other event kinds are not silently dropped
- Refine accessibility-report docs to describe a local stdio MCP server (McpStdioServerConfig via npx)
* Address re-review: add using for event types, note StopAsync throw behavior
* fix: Allow label operations on pull requests in external plugin approval workflow
The sync-merged-pr-labels job needs pull-requests: write permission to
add/remove labels on merged PRs. Previously it only had issues: write which
is for issues, not pull requests. This fixes the permission error when
workflows try to modify PR labels from a non-contributor account.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: Handle 403 permission errors when creating external plugin intake labels
When running on PRs from fork contributors, the GitHub token may not have
permission to create labels in the repository. This is expected and should
not cause the workflow to fail. Allow the ensureLabel function to gracefully
handle 403 Forbidden errors in addition to 422 (label already exists) errors.
This fixes the sync-pr-state job failure in external-plugin-pr-quality-gates.yml
when run on PRs from external contributors.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* refactor: Centralize label management into a single workflow_dispatch workflow
Create a new 'setup-labels' workflow that is manually dispatched and handles
all label creation and updates. This workflow:
- Creates all labels used by the repository
- Updates descriptions if labels already exist
- Reports success/failure counts
- Fails if any labels cannot be created
All individual workflows now assume labels exist and will fail (loudly) if
they don't. This makes it clear to maintainers when the setup-labels workflow
needs to be dispatched:
- label-pr-intent.yml
- skill-check-comment.yml
- external-plugin-approval-command.yml
- external-plugin-command-router.yml
- external-plugin-rereview.yml
- external-plugin-rereview-command.yml
- eng/external-plugin-intake-state.mjs
This approach is better because:
- Single source of truth for label definitions
- Avoids permission issues with fork contributors
- Clear failure modes when labels are missing
- Easier to maintain consistent label configuration
- No more scattered label creation logic across workflows
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Remove unused ensureLabel methods and managedLabels constants
Labels are now centrally managed by the setup-labels workflow and
assumed to exist in all other workflows. Removed:
- ensureLabel() methods from all 6 workflows and 1 JS module
- managedLabels constants that were only used by ensureLabel
- Promise.all() calls that invoked ensureLabel for each label
- Updated syncManagedLabels in skill-check-comment.yml to remove ensureLabel call
All workflows now assume labels exist and will fail if they don't,
which is the desired behavior—it signals maintainers to dispatch the
setup-labels workflow when new labels need to be created.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Update PR template to include canvas extension as a contribution type
- Add 'canvas-extension' label (color: E4B9FF) to label-pr-intent workflow
with auto-detection for PRs touching extensions/**
- Add new validate-canvas-extensions.yml workflow that checks:
- extension.mjs is present in each changed extension folder
- assets/preview.png screenshot is present in each changed extension folder
- Posts a REQUEST_CHANGES review with a fix guide on failure
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add setup-my-iq skill
* Use forward-slash separators in setup-my-iq context pointers for cross-platform portability
* Fix stale step references (9c->10c, 9d->10d) in setup-my-iq SKILL.md
* Add soft-gate PR risk scanning automation
Introduce a PR risk scanner script plus two workflows: one to scan changed files and upload findings, and one to upsert a sticky PR comment with a summary table and findings. This adds non-blocking supply-chain risk visibility for agentic contributions.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Harden path checks and reduce scanner false positives
Reject absolute paths, enforce repo-root containment after resolution, and tighten unpinned-version detection to dependency/version contexts to avoid markdown noise.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Harden soft-gate behavior and scanner coverage
Make PR risk scan workflows non-blocking on scanner/artifact edge cases, always upload artifacts, reduce required permissions, and extend scanner script detection to plugin skill paths.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Add GitHub Copilot app learning hub page
- Create new learning hub page covering Copilot app basics, features, and use cases
- Include information about target audiences (developers, non-dev roles, teams with parallel work)
- Highlight key features: My Work view, isolated worktrees, canvases, Agent Merge
- Add installation and getting started instructions
- Update learning hub index to include app in Getting Started section
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Refine GitHub Copilot app learning hub page
- Add the app to the learning hub navigation
- Tighten the page copy around audiences, features, and getting started
- Keep canvases and automations high level as requested
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* chore(deps, docs): bump marketplace version to 1.46.0
- Refine execution priority guidance in agent documentation
- Imrpvoe discovery guidance
- Improve context cache guidance
- Add script usage guidelines to agent documentation
- Simplify agent input references
* feat: bump marketplace version to 1.47.0 and enhance agent workflows
- Add Bug‑Fix Mode with validation gate for `debugger_diagnosis` tasks
- Expand allowed task types to include `research`
- Reduce subagent concurrency limit from 4 to 2
- Update design validation handling for flagged tasks
- Update marketplace plugin version reference to 1.47.0
* chore: bump marketplace version to 1.48.0 and refine agent context envelope workflow documentation
- Enhance the Init section in gem-browser-tester.agent.md, gem-code-simplifier.agent.md, and gem-critic.agent.md with detailed context envelope handling, active context treatment, and reuse_notes trust/verification logic.
- Add explicit steps for safe assumption, verification before use, and controlled re‑reading of context notes.
* chore: refine verification of symbol usages before modifying shared components
* chore(marketplace): bump version to 1.50.0; refactor(gem-browser-tester): simplify workflow steps
* chore(docs): simplify Phase 0 task classification and streamline initialization
* chore: Merges teps for batching
* feat: Enhcanc esuport for trivial/ low complex tasks
* chore: bump version to 1.56.0 and add config settings for visual regression, devops approvals, and orchestrator complexity
* chore: fix toc links
* chore: Remove emojis from headings
* chore: Update readme
* chore: Enforce orchestration
* chore: clarify orchestrator role and bump version to 1.59.0
* chore: bump version to 1.61.0 and refine agent documentation
* chore: bump version to 1.62.0 and refine agent documentation
* chore: bump version to 1.63.0 and add mandatory rules notice to all agent documentation files
* chore: Improve batching instructions
- bump version to 1.64.0
* chore: refactor gem-planner agent definition and JSON output to remove redundant fields and simplify structure
* chore: bump marketplace version to 1.66.0 and refactor gem-planner plan format, update agent documentation to clarify reuse_notes and simplify structures
* fix: reset bot review when PR base is changed off main
The check-pr-target workflow only ran on 'opened' events targeting main,
so it never re-ran after a submitter edited the base branch to 'staged'.
The REQUEST_CHANGES review was left in place, blocking merge and requiring
a manual maintainer override.
Changes:
- Broaden trigger to also fire on edited, reopened, and synchronize events,
and add 'staged' to the branches filter so the workflow runs after a
base-branch edit.
- Before posting REQUEST_CHANGES, check whether the bot already has an
active CHANGES_REQUESTED review to avoid duplicate reviews.
- After a base-branch edit: if the PR no longer targets main and the bot's
latest review state is CHANGES_REQUESTED, post an APPROVE review to
clear the block automatically.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: rerun PR target check for any base branch
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
* fix(excalidraw-diagram-generator): force UTF-8 stdout in add-arrow / add-icon so the success print doesn't crash on Windows cp1252
* fix(excalidraw-diagram-generator): force UTF-8 stdout in add-arrow / add-icon so the success print doesn't crash on Windows cp1252
Adds og:image:width and og:image:height to the global head so LinkedIn
(and friends) reliably render the large preview card instead of a tiny
thumbnail. The image and the rest of the Open Graph tags were already in
good shape, so this is the missing piece. Also adds a website README
documenting how the cards work and the gotchas.
Co-authored-by: GeekTrainer <GeekTrainer@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* aws plugin and adding few more aws agents
* updating the agent def
* fixed around skill validator results.
---------
Co-authored-by: Preyas Prakasan <preyasprakasan@Preyass-MacBook-Pro.local>
* chore(deps, docs): bump marketplace version to 1.46.0
- Refine execution priority guidance in agent documentation
- Imrpvoe discovery guidance
- Improve context cache guidance
- Add script usage guidelines to agent documentation
- Simplify agent input references
* feat: bump marketplace version to 1.47.0 and enhance agent workflows
- Add Bug‑Fix Mode with validation gate for `debugger_diagnosis` tasks
- Expand allowed task types to include `research`
- Reduce subagent concurrency limit from 4 to 2
- Update design validation handling for flagged tasks
- Update marketplace plugin version reference to 1.47.0
* chore: bump marketplace version to 1.48.0 and refine agent context envelope workflow documentation
- Enhance the Init section in gem-browser-tester.agent.md, gem-code-simplifier.agent.md, and gem-critic.agent.md with detailed context envelope handling, active context treatment, and reuse_notes trust/verification logic.
- Add explicit steps for safe assumption, verification before use, and controlled re‑reading of context notes.
* chore: refine verification of symbol usages before modifying shared components
* chore(marketplace): bump version to 1.50.0; refactor(gem-browser-tester): simplify workflow steps
* chore(docs): simplify Phase 0 task classification and streamline initialization
* chore: Merges teps for batching
* feat: Enhcanc esuport for trivial/ low complex tasks
* chore: bump version to 1.56.0 and add config settings for visual regression, devops approvals, and orchestrator complexity
* chore: fix toc links
* chore: Remove emojis from headings
* chore: Update readme
* chore: Enforce orchestration
* chore: clarify orchestrator role and bump version to 1.59.0
* chore: bump version to 1.61.0 and refine agent documentation
The install smoke gate was hardcoding .github/plugin/plugin.json as the
expected manifest path after copilot plugin install, which caused a false
ail for plugins whose manifests live at plugin.json (root) or
.plugins/plugin.json instead of the Copilot CLI convention.
Replace the hardcoded path with a call to the existing indPluginJson()
helper that already probes all three candidate locations in priority order.
Separate the 'install directory missing' check from 'no manifest found' so
error messages surface the actual root cause.
Also fix a .plugin/ → .plugins/ typo in EXTERNAL_PLUGIN_ROOT_MANIFEST_PATHS
(external-plugin-validation.mjs) which caused the error message shown to
submitters to reference a path that indPluginJson never actually checks.
Add cross-reference comments on both constants so they stay in sync.
Closes: reported in issue #1837
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
James Montemagno
Dan Wahlin
Aaron Powell
Jon Galloway
sudeepghatak
Florian Vogt
Andrea Liliana Griffiths
LakshmiStoltz
Yuan
Amir
Burak Bayır
Sophio Japharidze
github-actions[bot]
Jiro Matsuzawa
Saleem Abdulrasool
Muhammad Ubaid Raza
Hatsumi Kikuchi
David Raygoza
OZK TOBACCO
Muhammad Furqan
Emile du Toit
Christopher Harrison
Preyas Prakasan
Kaps
Burak Kaygusuz