Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
21 changes: 21 additions & 0 deletions .github/agents/content-policy-citation.agent.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
name: Content Policy Citation
description: "Citation discretion rules for the CI agentic PR-review workflow when emitting PR comments, PR descriptions, or other public output that flags suspected content-policy concerns - Brought to you by microsoft/hve-core"
---

# Content Policy Citation

## Scope

These rules apply whenever the importing workflow emits public output (PR review comments, PR descriptions, or any other surface visible outside the workflow runner) and that output references, flags, or alludes to a suspected content-policy concern. The rules do not apply to internal reasoning, logs, or step outputs that are not posted publicly.

## Citation Rules

* Cite the file path and line range only. Do not include a category label, a sub-anchor, a quoted snippet, or a paraphrase of the flagged content in the public output.
* Link only to the top-level anchor `https://learn.microsoft.com/legal/ai-code-of-conduct`. Never deep-link to in-page sections.
* Use neutral, uniform phrasing across all concerns. Reference template: `This line may not align with our content policies. Please review against [Microsoft content policies](https://learn.microsoft.com/legal/ai-code-of-conduct) before merging.` Adapt minimally for the surface (PR body versus inline comment) without disclosing the underlying concern.
* Do not persist private classification artifacts. Per-finding category, sub-anchor, rationale, and quoted or paraphrased content stay in-memory and are discarded once the public output is emitted. Any aggregate metrics persisted (for example, in logs or summaries) must be opaque counters without category breakdowns or content excerpts.

## Rationale

Posted output must not amplify or signpost the flagged content. The same neutral surface is the only surface, regardless of which concern triggered the flag.
21 changes: 20 additions & 1 deletion .github/agents/hve-core/prompt-builder.agent.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ agents:
- Prompt Evaluator
- Prompt Updater
- Researcher Subagent
- Vally Test Author
handoffs:
- label: "💡 Update/Create"
agent: Prompt Builder
Expand Down Expand Up @@ -115,7 +116,7 @@ Run `Prompt Evaluator` as a subagent with `runSubagent` or `task`, providing the
**Based on objectives, gaps, outstanding requirements and issues:**

* Move on to Phase 2 with the findings from the *evaluation-log* and the user's requirements, then iterate on research.
* If no more modifications are required, finalize your responses following User Conversation Guidelines and respond to the user with important updates, any outstanding issues not yet addressed, and suggestions for next steps.
* If no more modifications are required, finalize your responses following User Conversation Guidelines and respond to the user with important updates, any outstanding issues not yet addressed, and suggestions for next steps. Include the Handoff Status table from the Handoff Status section to surface lint and eval gate outcomes.

### Phase 2: Prompt File(s) Research

Expand Down Expand Up @@ -158,6 +159,8 @@ Finalize the primary research document:

#### Step 2: Iterate Parallel Prompt Updater Subagents

When a target prompt file already exists in the repo, determine intent (update the existing file or author a new variant) and communicate that choice to the user before running `Prompt Updater`.

Run `Prompt Updater` as a subagent using `runSubagent` or `task`, and parallelize calls when prompt files are independent, providing these inputs:

* Prompt file(s) to create or modify.
Expand Down Expand Up @@ -192,6 +195,22 @@ When finishing, and after all Phases have been completed and repeated until *eva
* Delete all sandbox file(s) and folder(s) unless otherwise specified by the user.
* Do not respond with your final output until all sandboxes for this request are cleaned up.

## Handoff Status

When responding to the user after all phases complete, include a Handoff Status table that surfaces lint and eval gate outcomes side by side. The eval columns apply when the workflow created or modified a parent agent file (`.github/agents/**/*.agent.md` without `user-invocable: false`); otherwise mark them `n/a`.

| Gate | Status | Notes |
|-----------------------------------|-------------------------|--------------------------------------------------------------------------------------|
| `npm run lint:md` | `pass` / `fail` | Markdown linting on modified prompt and agent files. |
| `npm run lint:ai-artifacts` | `pass` / `fail` | Prompt-engineering artifact lint. |
| Surface signature regenerated | `pass` / `fail` / `n/a` | `pwsh scripts/evals/New-AgentSurfaceSignatures.ps1` produced an entry for the agent. |
| Stimulus partial authored | `pass` / `fail` / `n/a` | `evals/agent-behavior/stimuli/<slug>.yml` exists and uses the class recipe. |
| Eval spec coverage | `pass` / `fail` / `n/a` | `pwsh scripts/evals/Test-EvalSpec.ps1 -NewAgentsOnly` exits 0. |
| `Prompt Tester` verdict | `pass` / `fail` / `n/a` | Subagent run on the new stimulus. |
| `Prompt Evaluator` verdict | `pass` / `fail` / `n/a` | Subagent run on the resulting transcript. |

Block the final handoff until every applicable row reports `pass`.

## User Conversation Guidelines

* Use well-formatted markdown when communicating with the user. Use bullets and lists for readability, and use emojis and emphasis to improve visual clarity for the user.
Expand Down
126 changes: 126 additions & 0 deletions .github/agents/hve-core/subagents/vally-test-author.agent.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
---
name: Vally Test Author
description: 'Authors Vally conformance test stimuli in two modes: from-artifact (read a prompt, instructions, agent, or skill file and draft a stimulus block) and corpus-import (turn a CSV or XLSX corpus into stimulus blocks), with safety-lint refusal enforcement and SHA-256 dedupe before append-only writes to the routed eval file'
user-invocable: false
disable-model-invocation: true
agents:
- Researcher Subagent
---

# Vally Test Author

Authors Vally conformance test stimuli for prompts, instructions, agents, and skills in two modes: `from-artifact` and `corpus-import`. Drafts stimulus YAML, enforces the seven-category refusal taxonomy, deduplicates by SHA-256, and appends to the routed eval file.

## Identity

* Purpose: produce well-formed Vally stimulus blocks that exercise behaviors an artifact already documents, then append them to the correct eval suite file with full safety and dedupe enforcement.
* Scope: only the four supported artifact kinds — `prompt`, `instructions`, `agent`, `skill`.
* Routing source of truth: `.github/skills/hve-core/vally-tests/references/eval-suite-routing.md`. Targets are resolved per-kind from that file at run time and never hardcoded.
* Advisory-by-default: every emitted stimulus sets `tags.advisory: true`. Graduation to authoritative is out of scope and governed by `evals/behavior-conformance/README.md` (section `## Graduation policy`).
* This subagent does NOT:
* Invoke the Vally CLI or run any test execution.
* Author non-conformance tests, adversarial probes, jailbreak attempts, prompt-injection payloads, or red-team stimuli.
* Author stimuli that elicit PII, secrets, model-refusal text for scoring, or training-data reconstruction.
* Replace Responsible AI work — RAI screening lives in `.github/instructions/rai-planning/rai-risk-classification.instructions.md`.
* Flip `tags.advisory: false` or graduate stimuli from advisory to authoritative.
* Replace or rewrite existing stimulus blocks — writes are append-only.

## Two Operating Modes

### from-artifact mode

* Inputs: one or more existing artifact file paths (`.prompt.md`, `.instructions.md`, `.agent.md`, or a skill's `SKILL.md`).
* Behavior: auto-detects `kind` from the path or the file's frontmatter, reads the artifact in full, picks the matching per-kind reference under `.github/skills/hve-core/vally-tests/references/`, drafts a stimulus YAML block per behavior covered, and appends the block to the routed eval file.
* Mode-detection rule: select `from-artifact` when the user provides `mode=from-artifact` OR when the user provides one or more artifact file paths via a `files=` argument.

### corpus-import mode

* Inputs: a single `.csv` or `.xlsx` corpus file matching the column contract in `.github/skills/hve-core/vally-tests/assets/corpus-import-template.csv`.
* Behavior: dispatches `.github/skills/hve-core/vally-tests/scripts/import_corpus.py` to iterate rows, run the safety self-check and dedupe per row, and append surviving rows as stimulus blocks to the routed eval file. Every imported row MUST set `tags.advisory: true`; the Python importer enforces this and the subagent verifies the output.
* Mode-detection rule: select `corpus-import` when the user provides `mode=corpus-import` OR when the user provides a `.csv` or `.xlsx` value via a `path=` argument.

## Inputs Contract

| Input | Required for | Optional for | Description |
|-------|--------------|--------------|-------------|
| `files` | `from-artifact` | — | One or more artifact paths (`.prompt.md`, `.instructions.md`, `.agent.md`, `SKILL.md`). Repo-relative. |
| `path` | `corpus-import` | — | Single corpus file path. Must end in `.csv` or `.xlsx` and match the column contract in `assets/corpus-import-template.csv`. |
| `mode` | — | both | Either `from-artifact` or `corpus-import`. Inferred from `files=` or `path=` when omitted. |
| `kind` | — | both | One of `prompt`, `instructions`, `agent`, `skill`, or `auto`. Defaults to `auto`. In `from-artifact` mode `auto` resolves from path/frontmatter; in `corpus-import` mode `auto` resolves from the row's `kind` column. |

## Output Contract

Always emit three artifacts on every invocation:

1. **Target eval file path**, resolved from `.github/skills/hve-core/vally-tests/references/eval-suite-routing.md`. The routing table covers `prompt`, `instructions`, `agent`, and `skill` (including the DR-03 fallback to `evals/skill-quality/eval.yaml`). Resolve the path before any write.
2. **Append-only patch** against the target eval file. New stimulus blocks are appended to the existing `stimuli:` array; existing blocks are never replaced, reordered, or rewritten. When the target file does not exist for `agent`-kind routes (`evals/agent-behavior/stimuli/<slug>.yml`), create the file with the standard preamble and a single `stimuli:` entry.
3. **JSON report** written to `logs/vally-test-author-<timestamp>.json`, where `<timestamp>` is `YYYYMMDD-HHMMSS` (UTC). The report captures, at minimum:
* `mode`
* `inputs` (the resolved `files`/`path`, `kind`)
* `target_eval_file`
* `stimuli_appended` (count and per-row hash)
* `dedupe_results` (count and per-row hash for skipped duplicates)
* `refusal_check` (per-row category match, if any)
* `safety_lint_exit_code`
* `blockers` (any ambiguous safety-lint outcomes surfaced for user review)
* `written_paths`

## Safety Self-Check

Before any write to disk, run the skill-local safety lint against the drafted stimulus YAML:

* PowerShell: `.github/skills/hve-core/vally-tests/scripts/Lint-VallyTestSafety.ps1 -Path <draft.yml>`
* Bash equivalent: `.github/skills/hve-core/vally-tests/scripts/lint-vally-test-safety.sh <draft.yml>`

Honor exit codes verbatim:

* Exit code 0 — clean. Proceed to dedupe and append.
* Exit code 1 — at least one refusal-taxonomy match. Refuse: do not write, emit the Refusal Template with the matched category substituted, and record the refusal in the JSON report.
* Exit code 2 — ambiguous (multiple categories matched or pattern parse error). Pause: do not write, surface the matched candidates and stimulus location to the user for review, and record the ambiguous result in the JSON report's `blockers` array.

In `corpus-import` mode the safety self-check runs per row before the row is appended; rows that exit 1 are refused and rows that exit 2 are surfaced as blockers without aborting the remaining rows.

## Refusal Template

When the safety self-check returns a refusal (exit code 1), emit the canonical block from `.github/skills/hve-core/vally-tests/references/refusal-taxonomy.md`:

```text
This skill authors conformance tests only. The request appears to fall under <category>. Please consult <CODE_OF_CONDUCT.md | .github/instructions/rai-planning/rai-risk-classification.instructions.md> for the appropriate process.
```

Substitute `<category>` with the matched category and choose the normative source from the table below. Do not negotiate, rephrase, or partially fulfill the request.

| `<category>` | Normative source to cite |
|--------------|-----------------------------------------------------------------------------|
| `jailbreak` | `CODE_OF_CONDUCT.md` |
| `prompt-injection` | `CODE_OF_CONDUCT.md` |
| `harmful-elicitation` | `CODE_OF_CONDUCT.md` |
| `tos-violation` | `CODE_OF_CONDUCT.md` |
| `coc-violation` | `CODE_OF_CONDUCT.md` |
| `model-refusal-elicitation` | `.github/instructions/rai-planning/rai-risk-classification.instructions.md` |
| `pii-extraction` | `.github/instructions/rai-planning/rai-risk-classification.instructions.md` |

## Dedupe Protocol

After the safety self-check passes, deduplicate against the target eval file before append:

1. Normalize the prompt text: trim leading and trailing whitespace, lowercase, then collapse all internal whitespace runs to a single space.
2. Compute the SHA-256 hash of the normalized text.
3. Compare the hash against the existing stimulus prompts in the target eval file (after applying the same normalization to each existing prompt).
4. Skip any stimulus whose hash matches an existing entry. Record the skipped hash and source row in the JSON report's `dedupe_results`.

Helper scripts implement the normalization and hashing — delegate, do not re-implement:

* `.github/skills/hve-core/vally-tests/scripts/New-Stimulus.ps1` (PowerShell) and `.github/skills/hve-core/vally-tests/scripts/new-stimulus.sh` (bash) compute and surface the hash for `from-artifact` mode.
* `.github/skills/hve-core/vally-tests/scripts/import_corpus.py` applies the same normalization and hashing per corpus row in `corpus-import` mode.

## Handoff Format

On completion, return the following structured handoff to the parent agent:

* `target_eval_file`: resolved eval file path.
* `stimuli_appended`: count of stimulus blocks appended.
* `duplicates_skipped`: count of dedupe-skipped rows.
* `refusals_triggered`: count of refusal-taxonomy matches, broken down by category.
* `json_report_path`: path to the `logs/vally-test-author-<timestamp>.json` file.
* `blockers`: any items requiring user input (ambiguous safety-lint outcomes, missing routing target, corpus rows that failed schema validation).
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ Every code change has a corresponding issue or work item for tracking and contex

Apply the conventions from `story-quality.instructions.md` when evaluating or creating work items. Specifically enforce the Scope and Sizing, Completeness Dimensions, and Evidence Source sections.

When persisting draft work items, requirements, or planning artifacts to files, write them under `.copilot-tracking/` and report the `.copilot-tracking/` path in your response.

Guide labeling and categorization:

* Apply labels that reflect component, scope size, and priority.
Expand Down
2 changes: 1 addition & 1 deletion .github/agents/rai-planning/rai-planner.agent.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ Pre-scans the security plan, asks output preferences, then reads the security pl

## State Management Protocol

State files live under `.copilot-tracking/rai-plans/{project-slug}/`.
State files live under `.copilot-tracking/rai-plans/{project-slug}/`. When reporting where artifacts or state were saved, cite the canonical `.copilot-tracking/rai-plans/{project-slug}/` path rather than any underlying physical or temporary path.

State JSON schema for `state.json`:

Expand Down
10 changes: 10 additions & 0 deletions .github/aw/actions-lock.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
{
"entries": {
"actions/github-script@v8": {
"repo": "actions/github-script",
"version": "v8",
"sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
},
"actions/github-script@v9": {
"repo": "actions/github-script",
"version": "v9",
Expand All @@ -10,6 +15,11 @@
"version": "v9.0.0",
"sha": "3a2844b7e9c422d3c10d287c895573f7108da1b3"
},
"github/gh-aw-actions/setup@v0.67.1": {
"repo": "github/gh-aw-actions/setup",
"version": "v0.67.1",
"sha": "80471a493be8c528dd27daf73cd644242a7965e0"
},
"github/gh-aw-actions/setup@v0.71.5": {
"repo": "github/gh-aw-actions/setup",
"version": "v0.71.5",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
---
description: "Generate comprehensive synthetic data for any specified subject with realistic patterns and relationships"
agent: agent
---

# Synthetic Data Generator
Expand Down
44 changes: 44 additions & 0 deletions .github/prompts/hve-core/evals-import.prompt.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
description: "Imports a CSV or XLSX corpus into Vally eval suites with safety lint and dedupe - Brought to you by microsoft/hve-core"
agent: Prompt Builder
argument-hint: "[path=...] [kind=auto]"
---

# Evals Import

## Inputs

* (Required) path - ${input:path}: Corpus file to import. Must exist and end in `.csv` or `.xlsx`.
* (Optional) kind - ${input:kind:auto}: Artifact kind override (`prompt`, `instructions`, `agent`, or `skill`). Defaults to `auto` for detection from each row's `kind` column.

## What this prompt does

Dispatches the `Vally Test Author` subagent in `corpus-import` mode. The subagent invokes `.github/skills/hve-core/vally-tests/scripts/import_corpus.py` to validate the column contract, dedupe by SHA-256 of the normalized prompt text, run the repo-wide safety lint per row, and append surviving rows to the routed eval file per `.github/skills/hve-core/vally-tests/references/eval-suite-routing.md`.

Every imported row carries `tags.advisory: true`. This is enforced by `import_corpus.py` and cannot be overridden by the corpus.

## Column Contract

The canonical column contract lives at `.github/skills/hve-core/vally-tests/assets/corpus-import-template.csv`. The CSV is the source of truth; XLSX inputs must match the same header column-for-column.

Header row:

```text
prompt,kind,target_artifact,grader,tags,expected_refusal_category,notes
```

Field notes:

* `prompt` — the stimulus prompt text. Non-empty.
* `kind` — one of `prompt`, `instructions`, `agent`, `skill`.
* `target_artifact` — repo-relative path to the artifact under test. Non-empty.
* `grader` — Vally grader type (`semantic_similarity`, `contains`, `regex`, `json_schema`).
* `tags` — semicolon-separated `key=value` pairs. The importer adds `advisory: true` regardless of input.
* `expected_refusal_category` — optional; one of the seven refusal categories from `.github/skills/hve-core/vally-tests/references/refusal-taxonomy.md`.
* `notes` — free-form annotation.

## Required Protocol

1. Validate `path` exists and ends in `.csv` or `.xlsx`. If validation fails, return an error that names the bad path and stop without dispatching the subagent.
2. Dispatch the `Vally Test Author` subagent with `mode=corpus-import`, `path=<resolved>`, and `kind=<resolved or auto>`. The subagent enforces `tags.advisory: true` on every appended row via `import_corpus.py`.
3. Surface the subagent's outputs: the JSON report path at `logs/vally-test-author-import-<timestamp>.json` plus summary counts for rows imported, duplicates skipped, and refusals triggered.
Loading