Adding Microsoft SECURITY.MD#1
Closed
microsoft-github-policy-service[bot] wants to merge 1 commit into
Closed
Conversation
Contributor
🤖 Team Assistant TriageThis issue has been automatically analyzed and triaged. AI Decision Reasoning: Type: Classified as 'feature' because the issue proposes adding a new file that enhances the project's security documentation. Labels and assignee have been applied based on this analysis. |
sellakumaran
added a commit
that referenced
this pull request
Mar 11, 2026
- Delegate zip creation to ManifestTemplateService.CreateManifestZipAsync, removing duplicate inline implementation and aligning file list with the service's canonical set (fixes comments #1 and #2) - Move per-file zip log entries to LogDebug in ManifestTemplateService so the command output remains terse - Fix --dry-run option description: "without writing files or creating the zip" (fixes comment #3) - Handle null/empty displayName in name.short guidance with explicit warning instead of printing currently: "" (fixes comment #4) - Update test class summary to reflect current Console.In redirect approach (fixes comment #6) - Fix CHANGELOG: interactive prompts occur only in interactive terminals; stdin redirect suppresses them in scripts (fixes comment #7) - Comment #5 (PowerPlatformConstants summary) already resolved by prior rename Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sellakumaran
added a commit
that referenced
this pull request
Mar 11, 2026
… instructions (#315) * fix: strip publish command to zip-only and remove internal MOS constants - PublishCommand now only updates manifest files, creates manifest.zip, and prints manual upload instructions (Agents > All agents > Upload custom agent) - Removed MOS Titles upload, token acquisition, and Graph API steps from publish - Removed --mos-env, --mos-token, --skip-graph options - Deleted AgentPublishService, MosTokenService, PublishHelpers (dead code) - Stripped MosConstants to PowerPlatform-only; removed internal TPS/MOS Titles app IDs, scope GUIDs, and service URLs - Removed dead MOS error message helpers from ErrorMessages - Updated PublishCommandTests to match new simplified signature and added zip creation test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor: address code review issues in publish command cleanup - Remove unused agentBlueprintService parameter from CreateCommand signature and its callsite in Program.cs (CR-001) - Replace magic-number zip cap (4) and arbitrary file padding loop with a clean LINQ expression over known candidate filenames (CR-002) - Remove dead --verbose option binding in publish command handler; startup- level --verbose in Program.cs continues to work (CR-003) - Add CHANGELOG [Unreleased] entry for the breaking behavior change (CR-004) - Remove redundant Console.SetIn call inside zip creation test; constructor already sets it (CR-005) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve post-merge build errors from main refactoring - Update Program.cs to use AzureAuthValidator directly (replaces removed IAzureValidator/AzureValidator), remove AzureWebAppCreator resolution, and pass authValidator to CleanupCommand - Delete MosPrerequisitesRequirementCheck and its test — this check wraps the deleted PublishHelpers and is no longer needed after the publish command was stripped to zip-only Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor: clean up publish command output to follow az cli conventions - Replace verbose section headers and wall-of-text guidance with a terse column-aligned field list (version, name.short, name.full, descriptions, developer.*, icons) - Remove duplicate success messages; single 'Manifest updated: {path}' line - Move per-file zip log entries to LogDebug - Remove mixed Console.WriteLine / logger calls; output consistent through logger - Add blank line after interactive prompt block before 'Package created:' - Fix column alignment: replace 'color.png / outline.png' key with 'icons' - Add name.short > 30 char warning - Remove unused logger parameters from UpdateManifestFileAsync and UpdateAgenticUserManifestTemplateFileAsync - Update tests: remove Console.SetIn workarounds that are no longer needed for early-exit paths; add WithDisplayNameExceeding30Chars_LogsWarning test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * rename: MosConstants -> PowerPlatformConstants File and class name no longer reflect their contents after MOS upload infrastructure was removed. The remaining constants relate solely to the Power Platform API (CopilotStudio permissions), so rename to match. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: address PR #315 review comments - Delegate zip creation to ManifestTemplateService.CreateManifestZipAsync, removing duplicate inline implementation and aligning file list with the service's canonical set (fixes comments #1 and #2) - Move per-file zip log entries to LogDebug in ManifestTemplateService so the command output remains terse - Fix --dry-run option description: "without writing files or creating the zip" (fixes comment #3) - Handle null/empty displayName in name.short guidance with explicit warning instead of printing currently: "" (fixes comment #4) - Update test class summary to reflect current Console.In redirect approach (fixes comment #6) - Fix CHANGELOG: interactive prompts occur only in interactive terminals; stdin redirect suppresses them in scripts (fixes comment #7) - Comment #5 (PowerPlatformConstants summary) already resolved by prior rename Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Please accept this contribution adding the standard Microsoft SECURITY.MD 🔒 file to help the community understand the security policy and how to safely report security issues. GitHub uses the presence of this file to light-up security reminders and a link to the file. This pull request commits the latest official SECURITY.MD file from https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md.
Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.