* Add soft-gate PR risk scanning automation
Introduce a PR risk scanner script plus two workflows: one to scan changed files and upload findings, and one to upsert a sticky PR comment with a summary table and findings. This adds non-blocking supply-chain risk visibility for agentic contributions.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Harden path checks and reduce scanner false positives
Reject absolute paths, enforce repo-root containment after resolution, and tighten unpinned-version detection to dependency/version contexts to avoid markdown noise.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Harden soft-gate behavior and scanner coverage
Make PR risk scan workflows non-blocking on scanner/artifact edge cases, always upload artifacts, reduce required permissions, and extend scanner script detection to plugin skill paths.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* chore(deps, docs): bump marketplace version to 1.46.0
- Refine execution priority guidance in agent documentation
- Imrpvoe discovery guidance
- Improve context cache guidance
- Add script usage guidelines to agent documentation
- Simplify agent input references
* feat: bump marketplace version to 1.47.0 and enhance agent workflows
- Add Bug‑Fix Mode with validation gate for `debugger_diagnosis` tasks
- Expand allowed task types to include `research`
- Reduce subagent concurrency limit from 4 to 2
- Update design validation handling for flagged tasks
- Update marketplace plugin version reference to 1.47.0
* chore: bump marketplace version to 1.48.0 and refine agent context envelope workflow documentation
- Enhance the Init section in gem-browser-tester.agent.md, gem-code-simplifier.agent.md, and gem-critic.agent.md with detailed context envelope handling, active context treatment, and reuse_notes trust/verification logic.
- Add explicit steps for safe assumption, verification before use, and controlled re‑reading of context notes.
* chore: refine verification of symbol usages before modifying shared components
* chore(marketplace): bump version to 1.50.0; refactor(gem-browser-tester): simplify workflow steps
* chore(docs): simplify Phase 0 task classification and streamline initialization
* chore: Merges teps for batching
* feat: Enhcanc esuport for trivial/ low complex tasks
* chore: bump version to 1.56.0 and add config settings for visual regression, devops approvals, and orchestrator complexity
* chore: fix toc links
* chore: Remove emojis from headings
* chore: Update readme
* chore: Enforce orchestration
* chore: clarify orchestrator role and bump version to 1.59.0
* chore: bump version to 1.61.0 and refine agent documentation
* chore: bump version to 1.62.0 and refine agent documentation
* chore: bump version to 1.63.0 and add mandatory rules notice to all agent documentation files
* chore: Improve batching instructions
- bump version to 1.64.0
* chore: refactor gem-planner agent definition and JSON output to remove redundant fields and simplify structure
* chore: bump marketplace version to 1.66.0 and refactor gem-planner plan format, update agent documentation to clarify reuse_notes and simplify structures
* fix: reset bot review when PR base is changed off main
The check-pr-target workflow only ran on 'opened' events targeting main,
so it never re-ran after a submitter edited the base branch to 'staged'.
The REQUEST_CHANGES review was left in place, blocking merge and requiring
a manual maintainer override.
Changes:
- Broaden trigger to also fire on edited, reopened, and synchronize events,
and add 'staged' to the branches filter so the workflow runs after a
base-branch edit.
- Before posting REQUEST_CHANGES, check whether the bot already has an
active CHANGES_REQUESTED review to avoid duplicate reviews.
- After a base-branch edit: if the PR no longer targets main and the bot's
latest review state is CHANGES_REQUESTED, post an APPROVE review to
clear the block automatically.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: rerun PR target check for any base branch
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
* aws plugin and adding few more aws agents
* updating the agent def
* fixed around skill validator results.
---------
Co-authored-by: Preyas Prakasan <preyasprakasan@Preyass-MacBook-Pro.local>
* chore(deps, docs): bump marketplace version to 1.46.0
- Refine execution priority guidance in agent documentation
- Imrpvoe discovery guidance
- Improve context cache guidance
- Add script usage guidelines to agent documentation
- Simplify agent input references
* feat: bump marketplace version to 1.47.0 and enhance agent workflows
- Add Bug‑Fix Mode with validation gate for `debugger_diagnosis` tasks
- Expand allowed task types to include `research`
- Reduce subagent concurrency limit from 4 to 2
- Update design validation handling for flagged tasks
- Update marketplace plugin version reference to 1.47.0
* chore: bump marketplace version to 1.48.0 and refine agent context envelope workflow documentation
- Enhance the Init section in gem-browser-tester.agent.md, gem-code-simplifier.agent.md, and gem-critic.agent.md with detailed context envelope handling, active context treatment, and reuse_notes trust/verification logic.
- Add explicit steps for safe assumption, verification before use, and controlled re‑reading of context notes.
* chore: refine verification of symbol usages before modifying shared components
* chore(marketplace): bump version to 1.50.0; refactor(gem-browser-tester): simplify workflow steps
* chore(docs): simplify Phase 0 task classification and streamline initialization
* chore: Merges teps for batching
* feat: Enhcanc esuport for trivial/ low complex tasks
* chore: bump version to 1.56.0 and add config settings for visual regression, devops approvals, and orchestrator complexity
* chore: fix toc links
* chore: Remove emojis from headings
* chore: Update readme
* chore: Enforce orchestration
* chore: clarify orchestrator role and bump version to 1.59.0
* chore: bump version to 1.61.0 and refine agent documentation
* feat: Add external plugins Kanban board canvas extension
- Create interactive Kanban board showing external plugin submission issues
- Display issues in columns based on labels: 'requires-submitter-fixes', 'ready-for-review', 'approved', 'rejected'
- Support drag-and-drop state transitions between columns
- Show PR links for approved issues via [Generated PR](url) pattern in issue body
- Display issue summaries with numbers and titles
- Use app theme variables for visual integration
- Implement demo mode with example issues for consistent testing
The canvas includes:
- HTTP server with /api/issues endpoint for issue fetching
- Drag-and-drop UI with vanilla JavaScript
- Responsive HTML/CSS Kanban layout
- Auto-refresh on drag operations
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: Add issue detail modal to Kanban board canvas
- Click any issue card to view full details in a modal
- Modal shows issue description, creation/update dates, labels, and PR link
- Displays formatted dates and color-coded label badges
- Modal can be closed via X button or clicking outside
- Drag-and-drop still works on issue cards
- Added hover effects to issue cards for better interactivity
Demo data now includes issue body descriptions, created_at, and updated_at timestamps for realistic display.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: Integrate real external plugin issues from repository
- Replaced hard-coded demo data with live gh CLI integration
- Attempts to fetch actual issues using 'gh issue list --label external-plugin'
- Tries multiple gh installation paths for Windows compatibility
- Falls back to demo data if gh CLI isn't accessible from extension subprocess
- Demo data now contains real external plugin issue titles from repository
- Maintains full functionality (Kanban board, drag-drop, modal details, PR links)
Note: gh CLI integration may require environment configuration on Windows.
The extension gracefully degrades to accurate demo data when live integration unavailable.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Implement external plugins Kanban board canvas with GitHub API integration
- Created external-plugins-board canvas extension with HTTP loopback server
- 4-column Kanban board layout (requires-submitter-fixes, ready-for-review, approved, rejected)
- Fetches real issues from github/awesome-copilot repository via GitHub REST API
- Click issues to view full details in modal (title, description, dates, labels, PR links)
- Drag-and-drop support for state transitions (future: update labels via API)
- Responsive design with theme variable integration for light/dark mode
- No hard-coded demo data - displays actual repository data
Resolved subprocess execution limitation:
- Extension subprocess is sandboxed and cannot execute system binaries (gh, cmd.exe, powershell.exe)
- Solution: Use GitHub REST API directly instead of gh CLI subprocess execution
- API calls work perfectly from within restricted subprocess environment
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Render issue body as markdown in board modal
- add marked dependency for markdown parsing\n- render issue body HTML in the modal\n- style markdown elements for readable theme-aware output\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add workflow run link to external plugin intake comments
- Include a link to the GitHub Actions workflow run in intake comment
- Helps users trace which action run generated the intake report
- Works for both initial intake and re-run intake flows
- Link appears at bottom of comment for all intake states (passed/failed/quality gates)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR review feedback on intake comment formatting
- Remove leading spaces from runLink construction to preserve markdown formatting
- Remove unnecessary newline prefix before runLink in quality gates section
- Move workflow run link to the very end of all comment types (after warnings)
- For merged intake comments, append link as final element
- Remove unused runId parameter from applyExternalPluginIntakeEvaluation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(pm-skills): use plain tag name for ref, not refs/tags/
`apm install pm-skills@awesome-copilot` invokes `git clone --depth=1 --branch=<ref>` against the source repo. `git clone --branch` rejects `refs/tags/v2.1.0` ("Remote branch not found in upstream origin") and only accepts the plain tag name.
Matches the convention used by the other entries in this file - `chrome-devtools-plugin` uses `chrome-devtools-mcp-v1.0.1`, `ai-ready` uses a SHA. `pm-skills` was the only entry with the `refs/tags/` prefix, inherited from the placeholder example in the external-plugin issue form.
Tested locally: with the fix applied, `apm install pm-skills@awesome-copilot --target claude` resolves cleanly (12 skills + MCP server + 2 hooks integrated).
Original submission: github/awesome-copilot#1767 / github/awesome-copilot#1770
* fix: regenerate marketplace.json after pm-skills ref fix
The previous force-push (7fbf75a) updated plugins/external.json only.
.github/plugin/marketplace.json is a derived artifact regenerated by
`npm start` and must be kept in sync. The Validate README.md workflow
detected the mismatch and failed.
Ran `npm ci && npm start` locally; produces a single 1-line update to
marketplace.json matching the plugins/external.json change.
* Add visual-pr plugin: screenshot capture, annotation, PR embedding, and screen recording
Four skills that teach Copilot to capture UI screenshots (Playwright + PIL),
annotate them with algorithmic label placement, embed before/after images
in PR descriptions, and record animated GIF demos.
Includes demo images showing the annotation engine on GitHub Issues.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Update generated README tables and marketplace.json
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Embed annotate.py module in image-annotations skill
The full working module (annotate_image, grid_image, diff_images) is now
included as a code block so users can save it as annotate.py and import
directly. Scrubbed project-specific labels from examples.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: mss.mss() context manager, fix RECT struct, consistent placeholder
- Use mss.mss() context manager instead of mss.MSS() (ui-screenshots, screen-recording)
- Fix broken RECT struct in window+GIF combining example (screen-recording)
- Consistent projectId placeholder in AzDO upload example (pr-screenshots)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fixing path on chrome devtools external pluginPath is to the folder in the repo where the plugin structure starts, not where the plugin.json file lives.
* Updating validation scripts and guidance to avoid this mistake again
Adds a skill that lets users generate images (icons, sprites, textures,
mockups) directly from their coding workflow using OpenAI gpt-image-2 or
Google Gemini. BYO API key — the skill guides users through setup on
first use.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add explicit assumption rule and confidence metric to agent documentation
- Add `confidence` field (0‑1) to the output schema in `agents/gem-browser-tester.agent.md`
- Include `confidence` in the `extra` object of `agents/gem-devops.agent.md`
- Append the guideline “State assumptions explicitly; never guess silently” to all agent docs
- Update the “Bisect (Complex Only)” heading to reflect its gate condition
- Minor wording and formatting adjustments across the affected agent documents
* chore: update readme
* chore(release): Streamline agent documentation sections (remove self‑critique steps, renumber Handle Failure/Output)
* Add winui plugin from microsoft/win-dev-skills
Adds the Microsoft-maintained WinUI 3 development plugin as an external
plugin reference. This is a Microsoft-managed repository so it qualifies
for the external-plugin policy exception in CONTRIBUTING.md.
The plugin provides agents and skills for WinUI 3 app development:
new app scaffolding, framework migration (WPF, WinForms, Electron,
Tauri, Flutter to WinUI 3), MSIX packaging, code signing, UI
automation testing, and Windows App SDK guidance.
Source: https://github.com/microsoft/win-dev-skills
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Remove winui3-development plugin (replaced by external winui plugin)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Nikola Metulev <nmetulev@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove all bundled polyglot-test-agent content (8 agents, 1 skill,
plugin metadata) and add dotnet-test as an external plugin from
dotnet/skills. The external plugin is a superset (11 agents, 22 skills).
Marketplace and doc indexes regenerated via npm run build.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Aaron Powell
Muhammad Ubaid Raza
github-actions[bot]
Preyas Prakasan
Tim Mulholland
Sanyam Vipul Savla
Parth Sangani
Antonio Villanueva
Sophio Japharidze
Jakub Jareš
Copilot
Adam
Jaylyn Barbee
Antonio Villanueva
Nikola Metulev
Jakub Jareš