…es (#410)

## Implementation Plan

- [x] Update bug-report.yml to add "Skills" and "VS Code Extension" to
Component dropdown
- [x] Create new skill-request.yml template following the pattern of
existing request templates
- [x] Update PULL_REQUEST_TEMPLATE.md to add Skills checkbox and
reference link
- [x] Remove single-platform options from skill-request.yml (only
cross-platform allowed)
- [x] Remove platform requirements section entirely (doesn't add value)
- [x] Update AI artifact checklist to include "skill" in the comment
- [x] Add PR template to frontmatter validation exclusion list to
prevent CI failures
- [x] Sync package.json frontmatter exclusions with workflow for
consistent dev/CI experience
- [x] Run validation (lint:yaml, lint:md, lint:frontmatter) to ensure
templates pass all checks
- [x] Verify all changes are correctly implemented

<!-- START COPILOT ORIGINAL PROMPT -->



<details>

<summary>Original prompt</summary>

> 
> ----
> 
> *This section details on the original issue you should resolve*
> 
> <issue_title>[Issue]: add VS Code Extension and Skills categories to
issue and PR templates</issue_title>
> <issue_description>### Issue Description
> 
> ## Background
> 
> The repository recently added Skills as a new AI artifact type
(`.github/skills/*/SKILL.md`) alongside agents, prompts, and
instructions. The `video-to-gif` skill exists and is documented at
`docs/contributing/skills.md`, but the issue templates and PR template
do not recognize Skills as a contribution type.
> 
> Additionally, the VS Code Extension (`extension/`) is a core
deliverable but is missing from the bug report component list,
preventing users from categorizing extension-specific bugs correctly.
> 
> ## Current State
> 
> | Template | Issue |
> |----------|-------|
> | `.github/ISSUE_TEMPLATE/bug-report.yml` | Missing "Skills" and "VS
Code Extension" in Component dropdown |
> | `.github/ISSUE_TEMPLATE/skill-request.yml` | Does not exist |
> | `.github/PULL_REQUEST_TEMPLATE.md` | Missing Skills checkbox in AI
Artifacts section |
> 
> ## Work Required
> 
> ### 1. Update Bug Report Template
> 
> **File:** `.github/ISSUE_TEMPLATE/bug-report.yml`
> 
> Add two new options to the Component dropdown:
> 
> ```yaml
> options:
>   - Instruction Files
>   - Prompts
>   - Custom Agents
>   - Skills              # ADD
>   - VS Code Extension   # ADD
>   - Scripts
>   - Documentation
>   - Other
> ```
> 
> ### 2. Create Skill Request Issue Template
> 
> **File:** `.github/ISSUE_TEMPLATE/skill-request.yml` (new file)
> 
> Create template with:
> 
> - **name:** `Skill Request`
> - **description:** `Request a new skill package`
> - **title:** `[Skill]: `
> - **labels:** `skill`, `needs-triage`
> - **Fields:**
>   - Skill Name (input, required)
>   - Purpose (textarea, required)
> - Platform Requirements (dropdown: Both bash and PowerShell, Bash
only, PowerShell only)
>   - Prerequisites (textarea, optional) - external tools needed
>   - Requirements (textarea, optional)
> 
> ### 3. Update PR Template
> 
> **File:** `.github/PULL_REQUEST_TEMPLATE.md`
> 
> Add Skills checkbox to AI Artifacts section:
> 
> ```markdown
> **AI Artifacts:**
> 
> - [ ] Reviewed contribution with `prompt-builder` agent and addressed
all feedback
> - [ ] Copilot instructions (`.github/instructions/*.instructions.md`)
> - [ ] Copilot prompt (`.github/prompts/*.prompt.md`)
> - [ ] Copilot agent (`.github/agents/*.agent.md`)
> - [ ] Copilot skill (`.github/skills/*/SKILL.md`)   # ADD
> ```
> 
> Add Skills reference to the note section:
> 
> ```markdown
> > - **Skills**: Must include both bash and PowerShell scripts. See
[Skills](../docs/contributing/skills.md).
> ```
> 
> ## Acceptance Criteria
> 
> - [ ] Bug report template includes Skills and VS Code Extension
options
> - [ ] New `skill-request.yml` template exists and matches pattern of
other request templates
> - [ ] PR template includes Skills checkbox and reference link
> - [ ] All templates pass `npm run lint:yaml` validation
> 
> 
> ### Additional Context
> 
> _No response_</issue_description>
> 
> <agent_instructions>Start implementation, ensure you run the available
validation tools like `npm run lint:md``, and `npm run lint:frontmatter`
or other applicable ones to the types of files changed. Only finish and
report back once validation passes.</agent_instructions>
> 
> ## Comments on the Issue (you are @copilot in this section)
> 
> <comments>
> </comments>
> 


</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes #409

<!-- START COPILOT CODING AGENT TIPS -->
---

✨ Let Copilot coding agent [set things up for
you](https://github.com/microsoft/hve-core/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: katriendg <[email protected]>
Co-authored-by: Katrien De Graeve <[email protected]>
Co-authored-by: Bill Berry <[email protected]>

…ions (#419)

## Description

This PR addresses markdown footer compliance warnings by adding the
standard Copilot footer to 8 documentation files and consolidating
exclusion path definitions into `Validate-MarkdownFrontmatter.ps1` as
parameter defaults. This establishes a single source of truth for
validation exclusions, simplifying both the GitHub workflow and npm
script invocations.

- Added standard Copilot footer to `GOVERNANCE.md`, `docs/README.md`,
`docs/architecture/README.md`, `docs/architecture/ai-artifacts.md`,
`docs/architecture/testing.md`, `docs/architecture/workflows.md`,
`docs/contributing/ROADMAP.md`, and
`docs/templates/security-plan-template.md`
- Consolidated `ExcludePaths` default in script:
`scripts/tests/Fixtures/**`, `extension/README.md`, `pr.md`,
`.github/PULL_REQUEST_TEMPLATE.md`
- Consolidated `FooterExcludePaths` default in script: `CHANGELOG.md`,
`dependency-pinning-artifacts/**`
- Simplified `frontmatter-validation.yml` workflow by removing hardcoded
ExcludePaths
- Simplified `package.json` lint:frontmatter script to use script
defaults
- Fixed `docs/architecture/workflows.md` ms.topic from `architecture` to
`overview`

## Related Issue(s)

Closes #415

## Type of Change

Select all that apply:

**Code & Documentation:**

- [x] Bug fix (non-breaking change fixing an issue)
- [ ] New feature (non-breaking change adding functionality)
- [ ] Breaking change (fix or feature causing existing functionality to
change)
- [x] Documentation update

**Infrastructure & Configuration:**

- [x] GitHub Actions workflow
- [ ] Linting configuration (markdown, PowerShell, etc.)
- [ ] Security configuration
- [ ] DevContainer configuration
- [ ] Dependency update

**AI Artifacts:**

- [ ] Reviewed contribution with `prompt-builder` agent and addressed
all feedback
- [ ] Copilot instructions (`.github/instructions/*.instructions.md`)
- [ ] Copilot prompt (`.github/prompts/*.prompt.md`)
- [ ] Copilot agent (`.github/agents/*.agent.md`)
- [ ] Copilot skill (`.github/skills/*/SKILL.md`)

**Other:**

- [x] Script/automation (`.ps1`, `.sh`, `.py`)
- [ ] Other (please describe):

## Testing

- Ran `npm run lint:frontmatter` - 116 files validated, 0 errors, 0
warnings
- Ran `npm run test:ps` - 850 tests passed, 0 failed
- Ran `npm run lint:md` - 120 files validated, no errors
- Ran `npm run spell-check` - 89 files validated, no issues

## Checklist

### Required Checks

- [x] Documentation is updated (if applicable)
- [x] Files follow existing naming conventions
- [x] Changes are backwards compatible (if applicable)
- [ ] Tests added for new functionality (if applicable)

### Required Automated Checks

The following validation commands must pass before merging:

- [x] Markdown linting: `npm run lint:md`
- [x] Spell checking: `npm run spell-check`
- [x] Frontmatter validation: `npm run lint:frontmatter`
- [ ] Link validation: `npm run lint:md-links`
- [x] PowerShell analysis: `npm run lint:ps`

## Security Considerations

- [x] This PR does not contain any sensitive or NDA information
- [ ] Any new dependencies have been reviewed for security issues
- [x] Security-related scripts follow the principle of least privilege

## Additional Notes

The exclusion path consolidation establishes
`Validate-MarkdownFrontmatter.ps1` as the single source of truth for
validation exclusions. Callers (workflow and npm script) no longer need
to specify exclusions unless overriding the defaults.

📝 - Generated by Copilot

# Pull Request

## Description

Added a new PowerShell script to validate GitHub Actions version comment
consistency across workflow files. The script detects SHA-pinned actions
with mismatched or missing version comments, supporting SARIF output for
CI integration.

- Added `Test-ActionVersionConsistency.ps1` script with table, JSON, and
SARIF output formats
- Added `ViolationType` property to `DependencyViolation` class to
distinguish mismatch vs missing comment violations
- Added `lint:version-consistency` npm script and integrated into
`lint:all`
- Fixed incorrect version comments in workflow files (corrected v6.x
references to actual versions v4.x)

## Related Issue(s)

Fixes #282

## Type of Change

Select all that apply:

**Code & Documentation:**

- [ ] Bug fix (non-breaking change fixing an issue)
- [x] New feature (non-breaking change adding functionality)
- [ ] Breaking change (fix or feature causing existing functionality to
change)
- [ ] Documentation update

**Infrastructure & Configuration:**

- [x] GitHub Actions workflow
- [ ] Linting configuration (markdown, PowerShell, etc.)
- [x] Security configuration
- [ ] DevContainer configuration
- [ ] Dependency update

**AI Artifacts:**

- [ ] Reviewed contribution with `prompt-builder` agent and addressed
all feedback
- [ ] Copilot instructions (`.github/instructions/*.instructions.md`)
- [ ] Copilot prompt (`.github/prompts/*.prompt.md`)
- [ ] Copilot agent (`.github/agents/*.agent.md`)
- [ ] Copilot skill (`.github/skills/*/SKILL.md`)

**Other:**

- [x] Script/automation (`.ps1`, `.sh`, `.py`)
- [ ] Other (please describe):

## Testing

- Ran `npm run lint:version-consistency` - 66 actions scanned, 0
violations
- Ran `npm run lint:ps` - All 42 PowerShell files passed
PSScriptAnalyzer
- Verified SARIF output format matches v2.1.0 schema

## Checklist

### Required Checks

- [x] Documentation is updated (if applicable)
- [x] Files follow existing naming conventions
- [x] Changes are backwards compatible (if applicable)
- [ ] Tests added for new functionality (if applicable)

### Required Automated Checks

The following validation commands must pass before merging:

- [x] Markdown linting: `npm run lint:md`
- [x] Spell checking: `npm run spell-check`
- [x] Frontmatter validation: `npm run lint:frontmatter`
- [x] Link validation: `npm run lint:md-links`
- [x] PowerShell analysis: `npm run lint:ps`

## Security Considerations

- [x] This PR does not contain any sensitive or NDA information
- [x] Any new dependencies have been reviewed for security issues
- [x] Security-related scripts follow the principle of least privilege

## Additional Notes

The script follows existing patterns from `Test-DependencyPinning.ps1`
and `Test-SHAStaleness.ps1`, including SARIF export and the
`DependencyViolation` class. Future work includes Pester tests and
optional integration into `dependency-pinning-scan.yml` workflow.

🔒 - Generated by Copilot

---------

Co-authored-by: katriendg <[email protected]>

…#420)

# Pull Request

## Description

Add `CIHelpers.psm1` to the VS Code extension package so
`Generate-PrReference.ps1` can resolve its module import when run from
the installed extension. The script requires this module for Git
operations and fails when the module is missing from the package.

**Initial Bug Fix:**
- Add whitelist entry `!scripts/lib/Modules/CIHelpers.psm1` to
`.vscodeignore`
- Add copy logic in `Package-Extension.ps1` to include the module during
staging
- Fix vsce execution bug where PowerShell misinterpreted `@` in
`@vscode/vsce` as splatting operator by wrapping npx calls with `cmd /c`

**Scope Expansion: Packaging Script Testability**

During code review, Copilot identified that the CIHelpers validation
could fail silently. Investigation revealed broader testability issues
with `Invoke-PackageExtension`:

| Metric | Before | After |
|--------|--------|-------|
| Function length | ~200 lines | ~80 lines |
| Cyclomatic complexity | 18-22 | 8-10 |
| Test coverage | ~50% | 80%+ |

**Refactoring Changes:**
- Explicit error when CIHelpers.psm1 is missing during packaging
- Extract pure validation and specification functions
- Make platform-specific code injectable for testing
- Add individual Pester tests for extracted functions

Research document:
`.copilot-tracking/research/package-extension-testability.md`

## Related Issue(s)

Fixes #400

## Type of Change

Select all that apply:

**Code & Documentation:**

- [x] Bug fix (non-breaking change fixing an issue)
- [ ] New feature (non-breaking change adding functionality)
- [ ] Breaking change (fix or feature causing existing functionality to
change)
- [ ] Documentation update

**Infrastructure & Configuration:**

- [ ] GitHub Actions workflow
- [ ] Linting configuration (markdown, PowerShell, etc.)
- [ ] Security configuration
- [ ] DevContainer configuration
- [ ] Dependency update

**AI Artifacts:**

- [ ] Reviewed contribution with `prompt-builder` agent and addressed
all feedback
- [ ] Copilot instructions (`.github/instructions/*.instructions.md`)
- [ ] Copilot prompt (`.github/prompts/*.prompt.md`)
- [ ] Copilot agent (`.github/agents/*.agent.md`)
- [ ] Copilot skill (`.github/skills/*/SKILL.md`)

**Other:**

- [x] Script/automation (`.ps1`, `.sh`, `.py`)
- [ ] Other (please describe):

## Testing

- PSScriptAnalyzer linting passed (all 41 files)
- All Package-Extension.ps1 tests pass
- Extension packaging verified working (produces `hve-core-2.1.0.vsix`,
227.14 KB)
- CIHelpers.psm1 confirmed present in packaged extension
- Individual tests for extracted helper functions

## Checklist

### Required Checks

- [x] Documentation is updated (if applicable)
- [x] Files follow existing naming conventions
- [x] Changes are backwards compatible (if applicable)
- [x] Tests added for new functionality (if applicable)

### Required Automated Checks

The following validation commands must pass before merging:

- [x] Markdown linting: `npm run lint:md`
- [x] Spell checking: `npm run spell-check`
- [x] Frontmatter validation: `npm run lint:frontmatter`
- [x] Link validation: `npm run lint:md-links`
- [x] PowerShell analysis: `npm run lint:ps`

## Security Considerations

- [x] This PR does not contain any sensitive or NDA information
- [x] Any new dependencies have been reviewed for security issues
- [x] Security-related scripts follow the principle of least privilege

## Additional Notes

**Root cause of vsce execution fix:** PowerShell interprets `@` at the
start of arguments as splatting syntax. When `npx @vscode/vsce` was
invoked via `& $executable $args`, PowerShell tried to expand
`@vscode` as a variable. The fix uses `cmd /c` to pass arguments through
Windows command processor, bypassing PowerShell's parsing.

**Testability refactoring rationale:** The monolithic
`Invoke-PackageExtension` function has 13 distinct responsibilities and
cyclomatic complexity 18-22, making comprehensive testing difficult.
Extracting pure functions for validation and specifications enables unit
testing without filesystem mocking.

Fixes #287

## Summary
Migrate inline GitHub Actions and Azure DevOps CI code to use the
centralized `CIHelpers.psm1` module functions.

## Changes
- **Test-DependencyPinning.ps1**: Replace inline CI code with
`Set-CIOutput`, `Write-CIStepSummary`, `Publish-CIArtifact`,
`Write-CIAnnotation`
- **Test-SHAStaleness.ps1**: Replace inline annotations with
`Write-CIAnnotation`, `Set-CITaskResult`
- **Update-ActionSHAPinning.ps1**: Replace inline annotations with
`Write-CIAnnotation`, `Set-CITaskResult`

## Benefits
- Eliminates ~50 lines of duplicate CI platform detection code
- Centralizes security escaping (workflow command injection prevention)
- Consistent behavior across GitHub Actions and Azure DevOps
- Easier maintenance - CI output logic in one place

## Testing
- All 69 CIHelpers.Tests.ps1 tests pass
- No PSScriptAnalyzer errors on modified files
- All files end with newline (per contribution guidelines)

---------

Co-authored-by: Bill Berry <[email protected]>
Co-authored-by: Bill Berry <[email protected]>

…at (#427)

## Description

Converted all 6 issue template title prefixes from bracket-style (e.g.,
`[Bug]:`) to Conventional Commit format (e.g., `fix:`). Cleaned up scope
definitions in commit-message.instructions.md from 26 inherited scopes
to 12 project-relevant ones. Updated documentation examples in agent and
prompt files to match the new format and added contributing guidance for
issue title conventions.

- chore(templates): convert 6 issue template title prefixes to
conventional commit style
  - `bug-report.yml`: `[Bug]:` → `fix:`
  - `custom-agent-request.yml`: `[Custom Agent]:` → `feat(agents):`
  - `general-issue.yml`: `[Issue]:` → `feat:`
- `instruction-file-request.yml`: `[Instruction File]:` →
`feat(instructions):`
  - `prompt-request.yml`: `[Prompt]:` → `feat(prompts):`
  - `skill-request.yml`: `[Skill]:` → `feat(skills):`

- refactor(instructions): reduce commit-message.instructions.md scopes
from 26 to 12 project-relevant definitions
  - Added descriptions for each scope
- Removed irrelevant scopes inherited from microsoft/edge-ai (cloud,
iot-ops, terraform, bicep, etc.)
  - Updated attribution from microsoft/edge-ai to microsoft/hve-core

- docs(agents): update github-issue-manager.agent.md examples to use
conventional commit format

- docs(prompts): update github-add-issue.prompt.md examples to use
conventional commit format

- docs: add "GitHub Issue Title Conventions" section to
ai-artifacts-common.md with issue type mapping table

## Related Issue(s)

Closes #426

## Type of Change

Select all that apply:

**Code & Documentation:**

- [ ] Bug fix (non-breaking change fixing an issue)
- [ ] New feature (non-breaking change adding functionality)
- [ ] Breaking change (fix or feature causing existing functionality to
change)
- [x] Documentation update

**Infrastructure & Configuration:**

- [ ] GitHub Actions workflow
- [ ] Linting configuration (markdown, PowerShell, etc.)
- [ ] Security configuration
- [ ] DevContainer configuration
- [ ] Dependency update

**AI Artifacts:**

- [ ] Reviewed contribution with `prompt-builder` agent and addressed
all feedback
- [x] Copilot instructions (`.github/instructions/*.instructions.md`)
- [x] Copilot prompt (`.github/prompts/*.prompt.md`)
- [x] Copilot agent (`.github/agents/*.agent.md`)
- [ ] Copilot skill (`.github/skills/*/SKILL.md`)

**Other:**

- [ ] Script/automation (`.ps1`, `.sh`, `.py`)
- [ ] Other (please describe):

## Sample Prompts (for AI Artifact Contributions)

Not applicable - this PR updates existing artifacts to align with new
conventions rather than adding new functionality.

## Testing

- Verified all 6 issue templates have correct Conventional Commit title
prefixes
- Validated YAML syntax with `npm run lint:yaml`
- Validated markdown files with `npm run lint:md`
- Validated frontmatter with `npm run lint:frontmatter`

## Checklist

### Required Checks

- [x] Documentation is updated (if applicable)
- [x] Files follow existing naming conventions
- [x] Changes are backwards compatible (if applicable)
- [ ] Tests added for new functionality (if applicable)

### AI Artifact Contributions

- [ ] Used `/prompt-analyze` to review contribution
- [ ] Addressed all feedback from `prompt-builder` review
- [x] Verified contribution follows common standards and type-specific
requirements

### Required Automated Checks

The following validation commands must pass before merging:

- [x] Markdown linting: `npm run lint:md`
- [ ] Spell checking: `npm run spell-check`
- [x] Frontmatter validation: `npm run lint:frontmatter`
- [ ] Link validation: `npm run lint:md-links`
- [ ] PowerShell analysis: `npm run lint:ps`

## Security Considerations

- [x] This PR does not contain any sensitive or NDA information
- [ ] Any new dependencies have been reviewed for security issues
- [x] Security-related scripts follow the principle of least privilege

## Additional Notes

The scope cleanup removed 17 irrelevant scopes inherited from
microsoft/edge-ai that do not apply to hve-core (cloud, data, edge,
application, tools, resource-group, security-identity, observability,
fabric, messaging, vm-host, cncf-cluster, iot-ops, blueprints,
terraform, bicep, azureml). Five new scopes were added to cover hve-core
artifact categories (agents, skills, templates, workflows, extension).

📝 - Generated by Copilot

…CP config (#402)

# feat(hve-core-guidance-instructions): update guidance artifacts and
MCP config

## Description
This PR updated guidance artifacts for subagent behavior and location
fallback rules, and expanded MCP configuration inputs and servers.

- Added the `agent` frontmatter field to the pull request prompt
definition.
- Added HVE Core location guidance instructions for missing prompt,
instruction, agent, or script lookups.
- Clarified `runSubagent` limitations when dispatching subagents in the
RPI agent guidance.
- Expanded `.vscode/mcp.json` with Azure DevOps inputs and new MCP
servers for Terraform, Context7, Microsoft Docs, and Azure DevOps.

## Details

This works by abusing this part of the System Message for GitHub
Copilot:

<img width="1090" height="212" alt="image"
src="https://github.com/user-attachments/assets/b9bd7e51-f44a-41ba-b549-ffc001abe816"
/>

## Related Issue(s)
<!-- Link to the issue(s) this PR addresses using "Fixes #123" or
"Closes #123" -->
Fixes #428 

## Type of Change

Select all that apply:

**Code & Documentation:**

- [ ] Bug fix (non-breaking change fixing an issue)
- [x] New feature (non-breaking change adding functionality)
- [ ] Breaking change (fix or feature causing existing functionality to
change)
- [ ] Documentation update

**Infrastructure & Configuration:**

- [ ] GitHub Actions workflow
- [ ] Linting configuration (markdown, PowerShell, etc.)
- [ ] Security configuration
- [ ] DevContainer configuration
- [ ] Dependency update

**AI Artifacts:**

- [ ] Reviewed contribution with `prompt-builder` agent and addressed
all feedback
- [x] Copilot instructions (`.github/instructions/*.instructions.md`)
- [x] Copilot prompt (`.github/prompts/*.prompt.md`)
- [x] Copilot agent (`.github/agents/*.agent.md`)

> **Note for AI Artifact Contributors**:
>
> - **Agents**: Research, indexing/referencing other project (using
standard VS Code GitHub Copilot/MCP tools), planning, and general
implementation agents likely already exist. Review `.github/agents/`
before creating new ones.
> - **Model Versions**: Only contributions targeting the **latest
Anthropic and OpenAI models** will be accepted. Older model versions
(e.g., GPT-3.5, Claude 3) will be rejected.
> - See [Agents Not
Accepted](../docs/contributing/custom-agents.md#agents-not-accepted) and
[Model Version
Requirements](../docs/contributing/ai-artifacts-common.md#model-version-requirements).

**Other:**

- [ ] Script/automation (`.ps1`, `.sh`, `.py`)
- [ ] Other (please describe):

## Sample Prompts (for AI Artifact Contributions)

**User Request:**
Generate a PR description from `pr-reference.xml` and ensure it follows
the repository template.

**Execution Flow:**
- Read `pr-reference.xml` to capture commit history and diffs.
- Detect AI artifact changes and apply template checkboxes.
- Produce a complete PR description with the required sections.

**Output Artifacts:**
- `pr.md`

**Success Indicators:**
- The PR description uses the repository template and reflects all
significant changes from `pr-reference.xml`.

For detailed contribution requirements, see:

- **Common Standards**:
[docs/contributing/ai-artifacts-common.md](../docs/contributing/ai-artifacts-common.md)
- Shared standards for XML blocks, markdown quality, RFC 2119,
validation, and testing
- **Agents**:
[docs/contributing/custom-agents.md](../docs/contributing/custom-agents.md)
- Agent configurations with tools and behavior patterns
- **Prompts**:
[docs/contributing/prompts.md](../docs/contributing/prompts.md) -
Workflow-specific guidance with template variables
- **Instructions**:
[docs/contributing/instructions.md](../docs/contributing/instructions.md)
- Technology-specific standards with glob patterns

## Testing
Not run (not requested).

## Checklist

### Required Checks

- [ ] Documentation is updated (if applicable)
- [ ] Files follow existing naming conventions
- [ ] Changes are backwards compatible (if applicable)
- [ ] Tests added for new functionality (if applicable)

### AI Artifact Contributions
<!-- If contributing an agent, prompt, or instruction, complete these
checks -->
- [ ] Used `/prompt-analyze` to review contribution
- [ ] Addressed all feedback from `prompt-builder` review
- [ ] Verified contribution follows common standards and type-specific
requirements

### Required Automated Checks

The following validation commands must pass before merging:

- [ ] Markdown linting: `npm run lint:md`
- [ ] Spell checking: `npm run spell-check`
- [ ] Frontmatter validation: `npm run lint:frontmatter`
- [ ] Link validation: `npm run lint:md-links`
- [ ] PowerShell analysis: `npm run lint:ps`

## Security Considerations
<!-- ⚠️ WARNING: Do not commit sensitive information such as API keys,
passwords, or personal data -->
- [x] This PR does not contain any sensitive or NDA information
- [ ] Any new dependencies have been reviewed for security issues
- [ ] Security-related scripts follow the principle of least privilege

## Additional Notes
<!-- Any additional information that reviewers should know -->

Fixes #319

## Summary
Add incident response workflow prompt for Azure operations scenarios, as
outlined in the roadmap.

## Changes
- Created `.github/prompts/incident-response.prompt.md` with structured
prompts for:
  - **Initial Triage** - Rapid assessment of incident scope and severity
- **Diagnostic Queries** - KQL patterns for Azure Monitor, Log Analytics
  - **Impact Analysis** - Affected resources, services, and users
  - **Mitigation Actions** - Common remediation patterns
  - **RCA Preparation** - Root cause analysis documentation support

- Updated `.github/prompts/README.md` to include the new prompt

## Acceptance Criteria
- [x] File created at `.github/prompts/incident-response.prompt.md`
- [x] Frontmatter follows repository conventions
- [x] Prompt covers triage, diagnostics, mitigation, and RCA phases
- [x] Includes Azure-specific patterns (KQL, resource health, Activity
Log)
- [x] References Azure Monitor and Log Analytics documentation

## Testing
- ✅ Markdown lint: 0 errors
- ✅ Spell check: 0 errors
- ✅ Frontmatter validates against schema

---------

Co-authored-by: Bill Berry <[email protected]>

## Description

Added a reusable GitHub Actions workflow for copyright header validation
and integrated it into the PR validation pipeline. Documented the
`Test-CopyrightHeaders.ps1` script in the linting README and fixed two
files with missing SPDX license identifiers.

- **New workflow**: `.github/workflows/copyright-headers.yml` — reusable
`workflow_call` workflow with `soft-fail` boolean input, SHA-pinned
actions (`[email protected]`, `[email protected]`), artifact upload
for `copyright-header-results.json`, and a final check step that
respects the soft-fail setting
- **Pipeline integration**: Added `copyright-headers` job to
`.github/workflows/pr-validation.yml` between the `psscriptanalyzer` and
`yaml-lint` jobs with `soft-fail: false`
- **Documentation**: Added Copyright Header Validation section to
`scripts/linting/README.md` covering purpose, parameters, usage
examples, and GitHub Actions integration
- **Header fix**: Added missing `SPDX-License-Identifier: MIT` line to
`scripts/security/Modules/SecurityHelpers.psm1` and
`scripts/tests/security/SecurityHelpers.Tests.ps1`

## Related Issue(s)

Closes #307

## Type of Change

Select all that apply:

**Code & Documentation:**

- [ ] Bug fix (non-breaking change fixing an issue)
- [x] New feature (non-breaking change adding functionality)
- [ ] Breaking change (fix or feature causing existing functionality to
change)
- [x] Documentation update

**Infrastructure & Configuration:**

- [x] GitHub Actions workflow
- [ ] Linting configuration (markdown, PowerShell, etc.)
- [ ] Security configuration
- [ ] DevContainer configuration
- [ ] Dependency update

**AI Artifacts:**

- [ ] Reviewed contribution with `prompt-builder` agent and addressed
all feedback
- [ ] Copilot instructions (`.github/instructions/*.instructions.md`)
- [ ] Copilot prompt (`.github/prompts/*.prompt.md`)
- [ ] Copilot agent (`.github/agents/*.agent.md`)
- [ ] Copilot skill (`.github/skills/*/SKILL.md`)

> **Note for AI Artifact Contributors**:
>
> - **Agents**: Research, indexing/referencing other project (using
standard VS Code GitHub Copilot/MCP tools), planning, and general
implementation agents likely already exist. Review `.github/agents/`
before creating new ones.
> - **Skills**: Must include both bash and PowerShell scripts. See
[Skills](../docs/contributing/skills.md).
> - **Model Versions**: Only contributions targeting the **latest
Anthropic and OpenAI models** will be accepted. Older model versions
(e.g., GPT-3.5, Claude 3) will be rejected.
> - See [Agents Not
Accepted](../docs/contributing/custom-agents.md#agents-not-accepted) and
[Model Version
Requirements](../docs/contributing/ai-artifacts-common.md#model-version-requirements).

**Other:**

- [x] Script/automation (`.ps1`, `.sh`, `.py`)
- [ ] Other (please describe):

## Testing

- `npm run lint:md` — 0 errors across 120 files
- `npm run lint:yaml` — all 23 workflows passed
- `npm run validate:copyright` — 46/46 files, 100% compliance

## Checklist

### Required Checks

- [x] Documentation is updated (if applicable)
- [x] Files follow existing naming conventions
- [x] Changes are backwards compatible (if applicable)
- [ ] Tests added for new functionality (if applicable)

### Required Automated Checks

The following validation commands must pass before merging:

- [x] Markdown linting: `npm run lint:md`
- [ ] Spell checking: `npm run spell-check`
- [ ] Frontmatter validation: `npm run lint:frontmatter`
- [ ] Link validation: `npm run lint:md-links`
- [ ] PowerShell analysis: `npm run lint:ps`

## Security Considerations

- [x] This PR does not contain any sensitive or NDA information
- [ ] Any new dependencies have been reviewed for security issues
- [x] Security-related scripts follow the principle of least privilege

## Additional Notes

The workflow follows the established reusable workflow pattern from
`ps-script-analyzer.yml`, using `workflow_call` triggers and SHA-pinned
actions. The two SPDX header fixes were pre-existing omissions on `main`
discovered during validation — both files already had the copyright line
but were missing the `SPDX-License-Identifier: MIT` line.

🤖 I have created a release *beep* *boop*
---


##
[2.2.0](hve-core-v2.1.0...hve-core-v2.2.0)
(2026-02-06)


### ✨ Features

* add incident response prompt template
([#386](#386))
([0adb35c](0adb35c))
* add Skills and VS Code Extension categories to issue/PR templates
([#410](#410))
([108e160](108e160))
* **hve-core-guidance-instructions:** update guidance artifacts and MCP
config ([#402](#402))
([25b34de](25b34de))
* **security:** add action version consistency validation
([#423](#423))
([f3bb787](f3bb787))
* **workflows:** add copyright header validation CI workflow
([#429](#429))
([c53de22](c53de22))


### 🐛 Bug Fixes

* **docs:** add missing Copilot footers, consolidate validation
exclusions ([#419](#419))
([e40f960](e40f960))
* **scripts:** include CIHelpers module + packaging script testability
([#420](#420))
([da26edf](da26edf))


### ♻️ Refactoring

* migrate inline CI code to CIHelpers module
([#393](#393))
([adf6a5f](adf6a5f))


### 🔧 Maintenance

* **templates:** align issue templates with conventional commit format
([#427](#427))
([2d28702](2d28702))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: hve-core-release-please[bot] <254602402+hve-core-release-please[bot]@users.noreply.github.com>