Summary

The copyright header validation script (scripts/linting/Test-CopyrightHeaders.ps1) contains a critical bug that silently excludes all files under .github/ from scanning. This means every skill added to the repo (which live under .github/skills/) bypasses copyright and SPDX header enforcement entirely — both locally and in CI.

Root Cause

In the Get-FilesToCheck function (Test-CopyrightHeaders.ps1 line ~152), the exclusion logic uses:

if ($filePath -like "*$excludePath*") {
    $excluded = $true
    break
}

The default ExcludePaths includes .git, which produces the wildcard pattern *.git*. This matches both .git/ (intended) and .github/ (unintended), since .github contains the substring .git.

Proof: "C:\repo\.github\skills\test.py" -like "*.git*" → True

Impact

• 29 Python files in .github/skills/experimental/powerpoint/ (14 in scripts/, 15 in tests/) are missing both copyright and SPDX headers.
• The validation report (logs/copyright-header-results.json) shows 70 files passing with zero Python skill files appearing in results — they are completely invisible.
• CI runs this check on every PR via pr-validation.yml → copyright-headers.yml with -FailOnMissing, but the gate is ineffective for skill files because they're silently excluded.
• Any future skill files added under .github/skills/ would also be silently excluded.

Required Fixes

1. Fix the .git exclusion pattern (Critical)

Change the .git entry in ExcludePaths to use a boundary-aware pattern that excludes .git/ and .git\ but not .github/. Options:

• Use a separator-bounded pattern like checking for $excludePath followed by a path separator or end of string
• Change the default entry from .git to a more precise value (e.g., \.git\, .git/, or a regex-based approach)
• Switch from -like wildcard matching to -match regex matching for path exclusion

2. Add missing exclusion paths

Add these to the default ExcludePaths:

3. Add missing headers to all 29 Python skill files

All files under .github/skills/experimental/powerpoint/scripts/ and .github/skills/experimental/powerpoint/tests/ need:

# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: MIT

4. Add test coverage for the exclusion logic

The Pester test file (scripts/tests/linting/Test-CopyrightHeaders.Tests.ps1) has no test cases verifying that:

• .github/ paths are not excluded by the .git exclusion rule
• .venv/ and __pycache__/ paths are excluded
• The exclusion logic correctly differentiates .git (the directory) from .github (not excluded)

5. Verify CI enforcement end-to-end

After fixes, run the full validation to confirm:

• All 29 previously-invisible Python files now appear in results
• The -FailOnMissing flag in copyright-headers.yml would catch missing headers
• No false positives from .copilot-tracking/ or .venv/ directories

Acceptance Criteria

• .git exclusion pattern no longer matches .github/ paths
• ExcludePaths defaults include .venv, __pycache__, and .copilot-tracking
• All 29 Python files in .github/skills/experimental/powerpoint/ have copyright and SPDX headers
• Pester tests cover the .git vs .github exclusion boundary case
• npm run validate:copyright reports all skill files and shows 100% compliance
• CI pipeline (pr-validation.yml → copyright-headers.yml) catches missing headers in .github/skills/

Files to Modify