docs: standardize YAML array format for cross-platform compatibility#923
Merged
Conversation
…d command files Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com>
Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com>
- Add YAML Frontmatter Constraints section to PROJECT-CONSTRAINTS.md - Include rationale with evidence from Session 826 RCA and GitHub Copilot CLI Issue #694 - Add validation checklist item for frontmatter arrays - Add frontmatter validation requirement to SKILL-CREATION-CRITERIA.md - Create session log for session 02 Refs: #898, Session 826
Copilot
AI
changed the title
[WIP] Update documentation standards for YAML array format
docs: standardize YAML array format for cross-platform compatibility
Jan 15, 2026
Owner
Contributor
PR Validation ReportTip ✅ Status: PASS Description Validation
QA Validation
Powered by PR Validation workflow |
Contributor
|
Claude finished @rjmurillo's task in 1m 56s —— View job Analyzing PR necessity after
|
Contributor
Session Protocol Compliance ReportTip ✅ Overall Verdict: PASS All session protocol requirements satisfied. What is Session Protocol?Session logs document agent work sessions and must comply with RFC 2119 requirements:
See .agents/SESSION-PROTOCOL.md for full specification. Compliance Summary
Detailed Validation ResultsClick each session to see the complete validation report with specific requirement failures. 📄 sessions-2026-01-15-session-02✨ Zero-Token ValidationThis validation uses deterministic PowerShell script analysis instead of AI:
Powered by Validate-SessionJson.ps1 📊 Run Details
Powered by Session Protocol Validator workflow |
Contributor
AI Quality Gate ReviewTip ✅ Final Verdict: PASS WalkthroughThis PR was reviewed by six AI agents in parallel, analyzing different aspects of the changes:
Review Summary
💡 Quick Access: Click on individual agent jobs (e.g., "🔒 security Review", "🧪 qa Review") in the workflow run to see detailed findings and step summaries. Security Review DetailsBased on my review of the changed files, I have sufficient information to complete the security assessment. Security Review: PR #923PR Type Classification
Primary Type: DOCS/PROMPT - Documentation and prompt frontmatter formatting changes. Analysis SummaryThis PR standardizes YAML array format from inline Changes reviewed:
Findings
Security Checklist Results:
RecommendationsNone. The PR modifies only YAML formatting syntax and documentation. VerdictQA Review DetailsBased on the PR description, I can perform the QA review with the information provided: QA Review: PR #923AnalysisPR Type Classification
Determination: Pure documentation PR. Per QA guidelines, DOCS-only PRs do not require test coverage. Quality Assessment
Regression Risk Assessment
Out of Scope Items (Acknowledged)The PR correctly defers Phase 4 automation work (validation script, pre-commit hook, CI step) as future work. This is appropriate scoping for a documentation standardization effort. Analyst Review DetailsCode Quality Score
Overall: 5/5 Impact Assessment
Findings
Recommendations
VerdictArchitect Review DetailsNow I have enough context to complete the architectural review. Let me examine a few command files to verify the changes. I now have sufficient context to provide a complete architectural review. Design Quality Assessment
Overall Design Score: 5/5 Architectural Concerns
Breaking Change Assessment
Technical Debt Analysis
The PR resolves technical debt from inconsistent YAML syntax that caused Windows/Copilot CLI failures (Session 826 RCA). ADR Assessment
Recommendations
VerdictDevOps Review DetailsLet me check a few more files to complete the review, including the templates and governance files. Based on my analysis, I can now provide the DevOps review. Pipeline Impact Assessment
PR Scope DetectionCategory: DOCS + CONFIG Changed files (24 total):
No workflows ( CI/CD Quality Checks
Findings
Template Assessment
Automation Opportunities
The PR description notes Phase 4 (validation automation) is deferred to future work. This is acceptable since the governance documentation now prevents future violations. Recommendations
VerdictRationale: This PR modifies only documentation and frontmatter in command/prompt files. All changes are valid YAML using block-style arrays. No workflows, scripts, or CI/CD infrastructure are affected. The governance updates appropriately document the constraint with evidence links. Roadmap Review DetailsNow I have sufficient context to provide the strategic alignment assessment for this PR. Strategic Alignment Assessment
Feature Completeness
Impact Analysis
Concerns
KANO ClassificationMust-Be: Cross-platform compatibility is a baseline expectation, not a delight. Users expect agents to work on Windows without workarounds. RICE Score
Recommendations
VerdictRun Details
Powered by AI Quality Gate workflow |
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR standardizes YAML frontmatter array format from inline syntax ['tool1', 'tool2'] to block-style (hyphen-bulleted) format across documentation and command files. The change addresses parsing failures on GitHub Copilot CLI with CRLF line endings on Windows, as identified in Session 826 RCA.
Changes:
- Converted 18 prompt/command files from inline to block-style YAML arrays
- Updated documentation examples in CONTRIBUTING.md, templates/README.md, and templates/AGENTS.md with compatibility warnings
- Added YAML Frontmatter Constraints section to PROJECT-CONSTRAINTS.md with evidence and validation requirements
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| templates/README.md | Added block-style array examples and critical compatibility warning |
| templates/AGENTS.md | Updated agent template with block-style arrays and important note |
| CONTRIBUTING.md | Converted examples to block-style arrays with compatibility note |
| .github/prompts/review-pr.prompt.md | Converted tools from inline array to block-style format |
| .github/prompts/pr-review.prompt.md | Converted tools from inline array to block-style format |
| .claude/commands/session-init.md | Converted allowed-tools to block-style format |
| .claude/commands/research.md | Converted allowed-tools to block-style format |
| .claude/commands/push-pr.md | Converted allowed-tools to block-style format |
| .claude/commands/pr-quality/security.md | Converted allowed-tools to block-style format |
| .claude/commands/pr-quality/roadmap.md | Converted allowed-tools to block-style format |
| .claude/commands/pr-quality/qa.md | Converted allowed-tools to block-style format |
| .claude/commands/pr-quality/devops.md | Converted allowed-tools to block-style format |
| .claude/commands/pr-quality/architect.md | Converted allowed-tools to block-style format |
| .claude/commands/pr-quality/analyst.md | Converted allowed-tools to block-style format |
| .claude/commands/pr-quality/all.md | Converted allowed-tools to block-style format |
| .claude/commands/memory-documentary.md | Converted allowed-tools to block-style format |
| .claude/commands/forgetful/memory-search.md | Converted allowed-tools to block-style format |
| .claude/commands/forgetful/memory-save.md | Converted allowed-tools to block-style format |
| .claude/commands/forgetful/memory-list.md | Converted allowed-tools to block-style format |
| .claude/commands/forgetful/memory-explore.md | Converted allowed-tools to block-style format |
| .claude/commands/context_gather.md | Converted allowed-tools to block-style format |
| .agents/sessions/2026-01-15-session-02.json | Protocol-compliant session log documenting the changes |
| .agents/governance/SKILL-CREATION-CRITERIA.md | Added frontmatter validation checklist item |
| .agents/governance/PROJECT-CONSTRAINTS.md | Added YAML Frontmatter Constraints section with evidence and rationale |
Owner
|
@copilot review comments and make changes. |
Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com>
auto-merge was automatically disabled
January 16, 2026 21:08
Head branch was pushed to by a user without write access
Contributor
Author
PR #922 enforces LF line endings via
The changes made here are complementary to PR #922 - that PR fixes the technical root cause (line endings), while this PR fixes the documentation and establishes governance standards to prevent the pattern from propagating. |
Collaborator
PR Review SummaryBlocking Issues
Review FeedbackThe automated reviewer identified concerns about:
Recommended Actions
Status
Auto-generated PR review coordination comment |
- Resolved session file conflict (2026-01-15-session-02.json) - Synced CONTRIBUTING.md and templates/AGENTS.md from main Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
rjmurillo
approved these changes
Jan 18, 2026
rjmurillo
left a comment
Owner
There was a problem hiding this comment.
Approved - YAML array standardization for cross-platform compatibility
rjmurillo-bot
pushed a commit
that referenced
this pull request
Jan 19, 2026
…923) * Initial plan * refactor: convert frontmatter to block-style YAML arrays in prompt and command files Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * docs: update frontmatter examples to use block-style YAML arrays Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * docs(governance): add YAML frontmatter array format constraint - Add YAML Frontmatter Constraints section to PROJECT-CONSTRAINTS.md - Include rationale with evidence from Session 826 RCA and GitHub Copilot CLI Issue #694 - Add validation checklist item for frontmatter arrays - Add frontmatter validation requirement to SKILL-CREATION-CRITERIA.md - Create session log for session 02 Refs: #898, Session 826 * docs: add issue URLs to YAML array format references Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Richard Murillo <richard.murillo@example.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
rjmurillo
added a commit
that referenced
this pull request
Jan 19, 2026
* docs!: add ADR-042 Python migration strategy (supersedes ADR-005) Migrate ai-agents from PowerShell to Python as primary scripting language over a 12-24 month phased migration period. ## Decision Summary - Python 3.10+ established as project language standard - ADR-005 superseded for new development - Phased approach: Foundation -> New Development -> Migration - Python already prerequisite via skill-installer (PR #962) ## Rationale - 70-second PowerShell tool startup times per invocation - No CodeQL support for PowerShell (deterministic security unavailable) - AI/ML ecosystem (Anthropic SDK, MCP) is Python-native - skill-installer already requires Python 3.10+ and UV ## 6-Agent ADR Review Debate | Agent | Verdict | |-------|---------| | Analyst | CONCERNS | | Architect | CONCERNS | | Critic | CONCERNS | | Independent-Thinker | CONCERNS | | Security | CONCERNS | | High-Level-Advisor | ACCEPT | Result: Disagree-and-Commit (5 CONCERNS + 1 ACCEPT) Tie-breaker: High-Level-Advisor ## P0 Issues Resolved - Stack Overflow claim corrected (Python growth, not #1) - Path Dependence language fixed ("Python-first with phased migration") ## P1 Issues Deferred to Phase 1 Implementation - pyproject.toml creation - pytest infrastructure setup - PROJECT-CONSTRAINTS.md update - Supply chain controls (uv.lock, Dependabot, pip-audit) BREAKING CHANGE: ADR-005 PowerShell-only standard superseded. New scripts SHOULD be Python. Existing scripts migrate incrementally. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(planning): add ADR-042 Python migration implementation plan Self-contained 618-line plan synthesizing inputs from: - traycerai[bot]: Phase structure validation - coderabbitai[bot]: 9 actionable suggestions - github-actions[bot]: Detailed PRD with success metrics Covers: - Phase 1: Foundation (pyproject.toml, pytest, security controls) - Phase 2: New Development Guidelines - Phase 3: Migration (priority order, deprecation timeline) Complete code templates included for immediate execution. Relates-to: #965 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(planning): add verification sections for autonomous execution Enhance ADR-042 implementation plan for amnesiac agent execution: - Add Quick Verification section with pre-flight checks - Add Session Protocol section with JSON template - Add Local File References table (all verified 2026-01-18) - Add repository field to header metadata Plan now 712 lines, fully self-contained for context-free execution. Relates-to: #965 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(python)!: implement Phase 1 Python infrastructure (ADR-042) BREAKING CHANGE: Language policy changes from PowerShell-only to Python-first Phase 1 establishes Python infrastructure for new development: Infrastructure: - pyproject.toml: Project metadata, dependencies, tool configs (ruff, mypy, pytest) - uv.lock: Hash-pinned dependencies for supply chain security (16 packages) - tests/conftest.py: Shared pytest fixtures (project_root, temp_test_dir) - .github/workflows/pytest.yml: CI workflow with paths-filter, coverage, pip-audit, bandit Policy Updates: - PROJECT-CONSTRAINTS.md: SHOULD prefer Python for new scripts (ADR-042) - CRITICAL-CONTEXT.md: Python-first (.py preferred) - .githooks/pre-commit: Non-blocking Python linting with ruff - .github/dependabot.yml: pip ecosystem for dependency updates Housekeeping: - .gitignore: Python patterns (__pycache__, .venv, .egg-info, etc.) - .markdownlint-cli2.yaml: Exclude .venv from linting Verification: uv pip install -e ".[dev]" succeeds, pytest discovers 77 tests Refs: #965, ADR-042 Co-Authored-By: Claude <noreply@anthropic.com> * docs: update documentation for Python-first development (ADR-042) Update CONTRIBUTING.md and AGENTS.md to reflect the Python migration: - Change "Always Do" from PowerShell-only to Python-first for new scripts - Update "Never Do" to prohibit bash only (Python now allowed) - Add Python 3.12.x and UV to Tech Stack table - Add pytest testing section with automated quality gates emphasis - Update Development Tools commands to include Python testing - Emphasize shift-left automation: pre-commit hooks and CI handle quality - Note Python 3.12.x requirement due to Ubuntu 25 incompatibility Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(session): update session log with documentation changes Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(python): implement Phase 2 parallel infrastructure (ADR-042) Add documentation and security utilities for Python development: - Create CI/CD migration patterns guide for GitHub Actions integration - Create Python security checklist covering CWE-22, CWE-78, CWE-798 - Create path validation utility with 42 tests for CWE-22 protection - Create PowerShell-to-Python developer migration guide Part of epic #965. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(python): add pilot migration of Check-SkillExists to Python (ADR-042 Phase 3) Migrates Check-SkillExists.ps1 to Python as the pilot script for ADR-042 Phase 3. This demonstrates the migration patterns established in Phase 2. Changes: - scripts/check_skill_exists.py: Python port with argparse CLI, type hints, ADR-035 exit codes, and path_validation utility usage - tests/test_check_skill_exists.py: 31 pytest tests with 88% coverage The Python version provides: - --list-available: Lists all skills by operation type - --operation/--action: Checks if a skill exists using substring matching - --project-root: Optional custom project root for testing Both PowerShell and Python versions will run in parallel per migration plan. Refs: #965 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(python): add gradual rollout migrations (ADR-042 Phase 4) Migrate two additional scripts from PowerShell to Python following the pilot pattern established in Phase 3: - Detect-SkillViolation.ps1 -> detect_skill_violation.py - 89% test coverage (35 tests) - Uses dataclass for Violation type - Integrates path_validation utility - Non-blocking warning for skill violations - Validate-SessionJson.ps1 -> validate_session_json.py - 91% test coverage (39 tests) - Uses ValidationResult dataclass - Case-insensitive JSON key lookup - Pre-commit mode for compact output Also fixes uv.lock format (was incorrectly in pip-tools format, now in native uv format). See: ADR-042 Python Migration Strategy, Issue #965 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(python): fix regex bug and dead code in detect_skill_violation - Fixed regex pattern gh\\s\+ to gh\s+ in extract_capability_gaps - Replaced duplicated capability extraction logic in report_violations with call to extract_capability_gaps function (DRY) - All 34 tests pass Issues identified by pr-review-toolkit parallel review agents. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address gemini-code-assist security findings **Security Fixes**: 1. **Path Validation (CWE-22)** - scripts/validate_session_json.py: - Added `validate_safe_path` import from scripts.utils.path_validation - Validate user-provided session_path before file operations - Prevents path traversal attacks (../, symlinks, etc.) 2. **Python Version Alignment** - pyproject.toml: - Updated ruff target-version: py310 → py312 - Updated mypy python_version: 3.10 → 3.12 - Aligns linting/type checking with project standard (3.12.x) **Gemini Review Comments Addressed**: - Comment 2702879539: Added path validation imports ✓ - Comment 2702879541: Added CWE-22 protection with validate_safe_path ✓ - Comment 2702879542: Updated ruff to target py312 ✓ - Comment 2702879543: Updated mypy to python 3.12 ✓ **Testing**: - Verified imports work correctly - Path validation prevents traversal attacks - Session protocol validation: PASS Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * refactor: slim instructions files by removing redundant agent registry (#961) Remove agent catalog tables and routing heuristics from instruction file templates. This content is already available in YAML frontmatter of each agent file, which platforms parse directly. - Claude: 129 → 45 lines (65% reduction) - Copilot CLI: 126 → 53 lines (58% reduction) - VSCode: 116 → 45 lines (61% reduction) Estimated savings: ~2,000 tokens per session per platform. Signed-off-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Richard Murillo <richard.murillo@example.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com> * docs(analysis): Factory-AI/droid-action security constraint blocker (#960) * docs(analysis): document Factory-AI/droid-action security constraint blocker Root cause analysis of Droid Auto Review workflow failure. The Factory-AI/droid-action internally uses actions/upload-artifact@v4 (non-SHA-pinned), which violates repository security constraints requiring all actions to be pinned to full-length commit SHAs. Key findings: - Latest droid-action version (e3f8be9f, 2026-01-12) still contains non-pinned references - Repository security rules apply recursively to all nested action dependencies - No workaround available without modifying third-party action or relaxing security constraints Impact: BLOCKING - droid-review.yml and droid.yml workflows fail at setup phase Recommendations: - File issue with Factory-AI requesting SHA-pinned action references - Evaluate alternative PR review automation tools - Document as known limitation in operational runbook Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * docs(session): update session-9 with PR comment responses - Added workLog entries for PR #960 comment activities - Documented upstream issue research (no issue exists) - Added PR comments as deliverables - Added learning pattern about upstream issue verification Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: record upstream issue Factory-AI/droid-action#20 - Updated memory with upstream issue link and status - Marked "file upstream issue" as DONE in recommendations - Updated session log with issue filing activity - Added next step to monitor for maintainer response Upstream: Factory-AI/droid-action#20 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: rjmurillo-bot <rjmurillo-bot@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: Richard Murillo <richard.murillo@example.com> * fix(ci): disable Droid workflows due to unpinned action (#957) * chore: recover 650 orphaned session logs and memory files (#964) * chore: recover 650 orphaned session logs and memory files Extract artifacts from 52 feature branches that were left behind when PRs auto-merged before session logs were pushed. Recovery summary: - Session logs: 378 files recovered - Memory files: 272 files recovered - Total: 650 files, 82,632 lines of content Analysis found 61,497 file references across branches but only 1,728 unique files (average file in 35+ branches). Of these, 1,080 already existed in main. The 648 truly orphaned files are now consolidated. Used consolidated PR approach instead of 52 individual PRs to avoid massive merge conflicts from overlapping content. Note: 150 memory files use legacy 'skill-' prefix naming that predates ADR-017. These are historical artifacts being preserved as-is. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * docs: update session log with PR #964 details Add PR information and audit trail for validation skip. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: rjmurillo-bot <noreply@github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> * feat: implement investigation-only session validator (ADR-034 Phase 1) (#931) * Initial plan * Add comprehensive test suite for investigation-only validation Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * fix: convert functional tests to pattern-based tests to avoid git state dependency Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * fix(validation): Allow .agents/memory/ in investigation-only sessions (#926) * Initial plan * feat: Add .agents/memory/ to investigation allowlist Add .agents/memory/ pattern to investigation-only allowlist in Test-InvestigationEligibility.ps1 scripts and update tests. This allows memory infrastructure files like causal-graph.json to be committed in investigation sessions per ADR-034 memory-first principle. Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * feat: Add verification-based session-start gates for Codex effectiveness (#924) * Initial plan * docs: add Codex effectiveness backlog and context optimization plan (Phase 1 complete) Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * feat: add Codex session-start gate script with 4 verification gates (Phase 2 complete) Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * Changes before error encountered Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Richard Murillo <richard.murillo@example.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> * docs: standardize YAML array format for cross-platform compatibility (#923) * Initial plan * refactor: convert frontmatter to block-style YAML arrays in prompt and command files Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * docs: update frontmatter examples to use block-style YAML arrays Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * docs(governance): add YAML frontmatter array format constraint - Add YAML Frontmatter Constraints section to PROJECT-CONSTRAINTS.md - Include rationale with evidence from Session 826 RCA and GitHub Copilot CLI Issue #694 - Add validation checklist item for frontmatter arrays - Add frontmatter validation requirement to SKILL-CREATION-CRITERIA.md - Create session log for session 02 Refs: #898, Session 826 * docs: add issue URLs to YAML array format references Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Richard Murillo <richard.murillo@example.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> * docs: improve autonomous-issue-development.md structure (#566) * docs: improve autonomous-issue-development.md structure Expand documentation from 46 to 441 lines to match autonomous-pr-monitor.md style: - Add "Common Development Patterns" section (5 validated patterns) - Add "Troubleshooting" section (5 common scenarios) - Enhance "Example Session Output" with TodoWrite and agent handoffs - Add "Workflow Phases" table for quick reference - Add "Agent Responsibilities" reference table - Add "Prerequisites" and "Related Documentation" sections Closes #506 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(session): add protocol compliance sections Added Session Start and Session End checklist tables to match the required session protocol format. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): prevent command injection in PR creation example Addresses gemini-code-assist[bot] security review comment #2653014226. The example showed a hardcoded PR title which could enable command injection if autonomous agents construct titles from untrusted GitHub issue titles containing shell metacharacters (e.g., $(reboot)). Changes: - Add security warning comment explaining CWE-78 risk - Use read -r with process substitution to safely read issue title - Demonstrate secure pattern for handling untrusted external input This aligns with security principle of validating all external inputs. Comment-ID: 2653014226 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: rjmurillo[bot] <rjmurillo-bot@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Claude <claude@anthropic.com> * feat: implement local GitHub Actions validation and testing infrastructure (#925) * Initial plan * feat: Add actionlint validation for GitHub Actions workflows (Phase 1) - Add actionlint to pre-commit hook (.githooks/pre-commit) - Integrate actionlint into unified validation runner (scripts/Validate-PrePR.ps1) - Add actionlint to Worktrunk pre-merge hooks (.config/wt.toml) - Update SHIFT-LEFT.md documentation with workflow YAML validation section - Update validation sequence to include step 3.5 (Workflow YAML) - Create session log 2026-01-15-session-01-github-actions-local-testing.json This implements Phase 1 (P0) of the GitHub Actions local testing epic. actionlint catches 80%+ workflow YAML errors before push, reducing expensive CI iteration cycles. Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * feat: Add act support for local workflow testing (Phase 2) - Create .actrc configuration with optimized defaults for act - Create scripts/Test-WorkflowLocally.ps1 PowerShell wrapper for act - Update SHIFT-LEFT.md with comprehensive local workflow testing documentation - Document supported workflows (pester-tests, validate-paths, memory-validation) - Document unsupported workflows (AI-dependent: ai-session-protocol, etc.) - Add troubleshooting guide for act and PowerShell issues This implements Phase 2 (P1) of the GitHub Actions local testing epic. Enables local testing for PowerShell-only workflows without CI round-trips. Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * feat: Add yamllint for YAML style validation (Phase 3) - Create .yamllint.yml configuration with GitHub Actions-optimized rules - Add yamllint validation to scripts/Validate-PrePR.ps1 (validation 3.9) - Add yamllint to pre-commit hook (.githooks/pre-commit) as non-blocking warnings - Update SHIFT-LEFT.md with YAML style validation documentation - Document yamllint vs actionlint relationship (style vs semantics) - Configure yamllint as non-blocking to avoid impeding development velocity This implements Phase 3 (P2) of the GitHub Actions local testing epic. yamllint enforces YAML style consistency while actionlint handles semantic validation. Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * docs: Update session log with completion status * fix: Address PR feedback on local testing infrastructure - Add gh act extension to installation instructions - Include .github/actions in actionlint validation scope - Remove chocolatey recommendation, use GitHub releases instead - Clarify Copilot CLI installation vs BOT_PAT requirement for AI workflows - Switch to full production images in .actrc for maximum compatibility - Update documentation to reflect full image usage and rationale Addresses comments: 2693400619, 2693406075, 2693409506, 2693411769, 2693418268 Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * refactor: Move Test-WorkflowLocally.ps1 to .claude/skills/github/scripts - Move Test-WorkflowLocally.ps1 from scripts/ to .claude/skills/github/scripts/ - Update all documentation references in SHIFT-LEFT.md - Update session log to reflect new location Addresses comment 2699896328 Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> * fix: address all PR #925 review comments Fixes all 15 unresolved review threads from owner and automated reviewers: 1. Remove duplicate actionlint validation block in pre-commit hook - Kept newer comprehensive version (validates workflows + actions) - Removed old TIER 1 block (lines 269-313) 2. Fix wt.toml to validate both workflows and actions directories - Changed: actionlint .github/workflows/*.yml .github/actions/*.yml - Matches pre-commit hook validation scope 3. Remove Windows-specific chocolatey references - Prioritize cross-platform gh extension - Show macOS brew as alternative - Link to releases for manual download 4. Rename Write-Warning to Write-WarningMessage - Avoids shadowing PowerShell built-in cmdlet - Updated all call sites 5. Fix Validate-PrePR.ps1 to match both .yml and .yaml files - Changed -Filter to -Include with both extensions - Applies to both workflow and YAML validation sections 6. Fix session log field name inconsistencies - Changed handoffNotUpdated.evidence -> Evidence - Changed handoffNotUpdated.complete -> Complete - Matches other compliance entries 7. Add endingCommit to session log - Set to 38217dc (latest commit) - Required field per session protocol 8. Fix Test-WorkflowLocally.ps1 null handling - Check for null before Test-Path call - Prevents crash under Set-StrictMode when workflow not found All fixes maintain existing functionality while addressing review feedback. Related: #925 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rjmurillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Richard Murillo <richard.murillo@example.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> * fix: ADR-017 memory validation compliance (skill- prefix removal + bundled skill splitting) (#966) * fix(pr-964): clean up session files and remove skill- prefix violations Addresses two validation failures in PR #964: 1. Session file cleanup: - Moved 341 .md session files to .agents/archive/sessions/ - Deleted 1 session file already in archive - All moved files have corresponding JSON equivalents 2. Memory file ADR-017 compliance: - Removed 87 duplicate memory files with skill- prefix - Renamed 56 unique memory files to remove skill- prefix - Zero skill- prefixed files remain - Added skills-serena-index to memory-index.md These legacy files predate ADR-017 naming conventions and were recovered from 52 orphaned branches. The skill- prefixed duplicates existed alongside non-prefixed versions and have been cleaned up. Note: Bundled skill validation failures are pre-existing in PR #964 and require separate handling via skill unbundling process. Script: scripts/Fix-PR964-Validation.ps1 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * refactor: split 37 bundled skill files into 135 atomic files per ADR-017 Split bundled skill files to comply with one-skill-per-file standard. Changes: - Created scripts/Split-BundledSkills.ps1 automation script - Split 37 bundled files containing 135 skills total - Generated 110 new atomic skill files with proper naming - Modified 25 existing skill files - Deleted 37 bundled files Validation: - Validate-SkillFormat.ps1: PASSED - markdownlint: PASSED (0 errors) Context: PR #964 recovered orphaned files that predate ADR-017 Note: Memory index will be updated in a follow-up commit Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * docs: update session log to JSON schema v1.0 Update session-04 log to use new JSON schema format with protocolCompliance and learnings sections per SESSION-PROTOCOL.md requirements. Validation: Validate-SessionJson.ps1 PASSED Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * fix: convert skills-serena-index to table-only format per ADR-017 --------- Co-authored-by: rjmurillo-bot <noreply@github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> * fix(ci): use PATH export instead of source env for uv The uv installer no longer creates an env file to source. Replace `source $HOME/.local/bin/env` with `export PATH="$HOME/.local/bin:$PATH"` to properly add uv to PATH in GitHub Actions workflows. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): add --system flag to uv pip install uv pip now requires either a virtual environment or the --system flag to install packages. Add --system flag for GitHub Actions workflows where we want to install directly to the system Python. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(ci): enable Python tooling for agent contributions - Add Python setup to setup-code-env composite action with: - enable-python and python-version inputs - Python version output - Python dependency installation via uv - Verification of ruff and pytest availability - Enable Python 3.12 in copilot-setup-steps workflow - Add Python dependency installation to bootstrap-vm.sh This enables agents to contribute Python code with proper tooling (ruff, pytest) available in the development environment. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): use pip-audit without --requirement flag The --requirement flag expects requirements.txt format, not pyproject.toml. Running pip-audit without arguments audits installed packages instead. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): patch SAFE_BASE_DIR for temp directory tests - Monkeypatch _PROJECT_ROOT in validate_session_json tests - Monkeypatch SAFE_BASE_DIR in invoke_skill_learning tests - Fix tests checking 'extracted_learning' to use 'source' key The path validation correctly rejects temp directories outside project root. Tests now patch the base directory to allow temp paths during testing while maintaining security in production. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(hooks): rename test_skill_context to check_skill_context Pytest was collecting the function as a test because it started with 'test_'. Renamed to 'check_skill_context' to prevent pytest from treating it as a test function. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add test exit code interpretation as blocking constraint - Add testing-exit-code-interpretation memory documenting that pytest "X passed, Y errors" output means test suite FAILED (non-zero exit) - Update AGENTS.md Testing section with BLOCKING Test Exit Code Interpretation subsection - Update CRITICAL-CONTEXT.md with explicit test exit code requirement - Update memory-index with new memory for discoverability Learning: "error" and "failed" are both non-pass outcomes in pytest. Both result in non-zero exit code and must block commits. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Signed-off-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: Test <test@test.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Richard Murillo <richard.murillo@example.com> Co-authored-by: Richard Murillo <6811113+rjmurillo@users.noreply.github.com> Co-authored-by: rjmurillo-bot <rjmurillo-bot@users.noreply.github.com> Co-authored-by: rjmurillo-bot <noreply@github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
YAML Array Format Standardization - Complete
Summary
Successfully standardized YAML array format across all documentation, prompt files, and slash commands to address GitHub Copilot CLI compatibility issues identified in Session 826 RCA.
Completed Work
Phase 1: Convert prompt and command files ✅
18 files converted from inline to block-style YAML arrays:
.github/prompts/*.prompt.md).claude/commands/*.md).claude/commands/forgetful/*.md).claude/commands/pr-quality/*.md)Phase 2: Update documentation examples ✅
3 files updated:
CONTRIBUTING.md- Updated agent creation examples with block-style arrays and compatibility warningtemplates/README.md- Updated template format with CRITICAL compatibility notetemplates/AGENTS.md- Updated frontmatter structure with IMPORTANT compatibility notePhase 3: Update governance documentation ✅
2 files updated:
.agents/governance/PROJECT-CONSTRAINTS.md.agents/governance/SKILL-CREATION-CRITERIA.mdPhase 4: Session Protocol Compliance ✅
Session log created:
.agents/sessions/2026-01-15-session-02.json- Complete protocol-compliant session logRecent Updates
Impact
Out of Scope
Phase 4 (P1 - Future Work): Validation automation deferred as current manual conversion and governance documentation achieve immediate cross-platform compatibility goals:
Validate-FrontmatterArrays.ps1scriptFiles Changed
24 files changed, 347 insertions(+), 26 deletions(-)
Original prompt
This section details on the original issue you should resolve
<issue_title>docs: standardize YAML array format across all documentation (RCA from Session 826)</issue_title>
<issue_description># Update Documentation Standards: YAML Array Format Compatibility
Executive Summary
Problem: Documentation across skills, ADRs, governance, and commands contains inconsistent and incomplete guidance on YAML frontmatter array syntax. Recent RCA (Session 826) revealed that inline array syntax
['tool1', 'tool2']fails on GitHub Copilot CLI due to parser strictness and CRLF line ending sensitivity, while block-style arrays work universally.Impact:
Proposed Solution: Standardize all documentation to mandate block-style YAML arrays and document the root cause analysis findings.
Root Cause Analysis Summary
Primary Finding
Both VSCode and Copilot CLI officially support inline arrays according to documentation, but Copilot CLI's stricter YAML parser fails on:
Evidence Chain
1. GitHub Copilot CLI Issue #694
Source: github/copilot-cli#694
Status: Open (Bug, Triage)
Error:
"failed to parse front matter: Unexpected scalar at node end at line 2, column 67"\r\n)\n)2. Local Issue #893
Source: #893
Reporter: @bcull
Error: Same "Unexpected scalar at node end"
Environment: Windows
Fix: Conversion to block-style arrays (Session 826, commit 96d88ac)
Validation: User confirmed resolution
3. ADR-040 Amendment (2026-01-13)
Source:
.agents/architecture/ADR-040-skill-frontmatter-standardization.md(lines 388-407)Decision: Standardize on block-style arrays for cross-platform compatibility
Files Updated: 88 files (18 templates + 54 generated + 16 infrastructure)
Test Coverage: 32 tests, 0 failures, 87.5% functional coverage
4. YAML Specification Research
Source: https://yaml.org/spec/1.2.2/
Findings:
5. Session 826 Retrospective
Source:
.agents/retrospective/2026-01-13-fix-tools-frontmatter-retrospective.mdOutcome: 87.5% success rate, 0 critical failures
Evidence:
Current State: Documentation Gaps
Locations Requiring Updates
1. Slash Commands (18 files -
.claude/commands/**/*.md)Evidence:
Files to Update:
.claude/commands/session-init.md.claude/commands/pr-quality/*.md(5 files).claude/commands/forgetful/*.md(4 files).claude/commands/memory-documentary.md.claude/commands/context_gather.md.claude/commands/research.md.claude/commands/push-pr.mdExample Fix:
2. Agent Prompts (4 files -
.claude/agents/*.md)Files to Update:
.claude/agents/technical-writer.md.claude/agents/prompt-builder.md.claude/agents/janitor.md.claude/agents/debug.md3. GitHub Prompts (2 files -
.github/prompts/*.md)Files to Update:
.github/prompts/pr-review.prompt.md.github/prompts/review-pr.prompt.md4. ADRs (1 file)
Files to Update:
ADR-040-skill-frontmatter-standardization.md: Add section linking to Copilot CLI Issue feat(validator): add investigation-only session QA skip validation #6945. Governance (3 files)
Files to Update:
SKILL-CREATION-CRITERIA.md: Add frontmatter format validation requirementPROJECT-CONSTRAINTS.md: Add "Block-style YAML arrays required" constraint6. Main Documentation (3 files)
Files to Update:
AGENTS.md: Add frontmatter standards sectiontemplates/AGENTS.md: Update agent template examplestemplates/README.md: Document block-style array requirementRecommended Updates
Phase 1: Core Do...
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.