fix(agents): fix plugin compatibility and robustness for coding-standards code review agents#1289
Merged
WilliamBerryiii merged 6 commits intomicrosoft:mainfrom Apr 6, 2026
Conversation
…tep 4 The #file: reference was missing the coding-standards/ segment, pointing to instructions/code-review/ instead of instructions/coding-standards/code-review/.
…lution - Convert docs/templates references from relative paths to workspace-root prose pattern (matching adr-creation, brd-builder, system-architecture- reviewer convention) — ensures resolution works in both repo and plugin contexts where .github/ prefix stripping shifts relative depth - Fix Step 3b skill catalog path: try .github/skills/ first, fall back to skills/ for plugin/extension compatibility - Fix Step 3c skill discovery scope: search .github/skills/ if exists, otherwise skills/ — ensures consumer skill discovery works in plugin - Add pr-reference skill to coding-standards collection so diff-computation scripts are available to coding-standards-only plugin users - Delete orphaned foundational-coding-guidelines.md from python-foundational references/ (duplicate of design-principles.md; not in SKILL.md table)
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1289 +/- ##
==========================================
- Coverage 87.72% 87.71% -0.02%
==========================================
Files 61 61
Lines 9320 9320
==========================================
- Hits 8176 8175 -1
- Misses 1144 1145 +1
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
code-review-full: - Document disable-model-invocation / Step 4 interaction; add verbatim fallback with warning when transformation rules cannot be applied - Replace vague 'instruct it to skip' with prescribed skip phrases for both subagent invocations so skip behavior is deterministic - Define fallback sources for standards-exclusive report sections (metadata description, Recommended Actions, Risk Assessment) when the standards subagent is skipped - Add Error Recovery section covering diff failure, subagent failure, malformed output, persistence failure, and clarifying-question deadlock code-review-standards: - Change template references from passive 'Follow' to active 'Read and use' with missing-file recovery language for consumer workspaces where docs/ may be absent
…pr-reference skill
erikschlegel
changed the title
katriendg
approved these changes
Apr 3, 2026
Contributor
katriendg
left a comment
katriendg
left a comment
There was a problem hiding this comment.
Thanks for these updates, I left a few comments if we can still finetune the skills discovery to be left over at the platform level and not file location (which is how we expect this should work). Wdyt?
Note in the issue comment you mention you deleted the orphaned file but I don't seen any deletionn?
…Steps 3b and 3c Replace path-based skill resolution with platform-discoverable skill matching to ensure portability across repo, extension, and plugin install contexts.
Contributor
Author
This was related to a PR fix that was merged yesterday |
Contributor
Author
|
Good call @katriendg - I implemented your suggestions from the last review. LMK if those look good? |
auyidi1
approved these changes
Apr 3, 2026
Contributor
Author
|
This PR is now ready to be merged @katriendg |
This was referenced Apr 6, 2026
WilliamBerryiii
pushed a commit
that referenced
this pull request
Apr 24, 2026
## Pre-Release 3.3.101 ### ✨ Features - add removed maturity tier and retire owasp-docker (#1444) - add evaluation dataset creator (#1279) - align RAI planner with guide, remove scoring, improve UX (#1287) - add PSGallery staleness check and BOM cleanup (#1379) - ISA-95 network planner agent (#1177) - auto-generate collection.md with maturity filtering (#1316) - add folder-consistency check and standardize WARN outp… (#1350) - add synth-data-generate prompt to data-science collection (#1419) - add canonical deck workflow and customer-card rendering for design thinking (#1413) - add Figma MCP integration for DT artifact export (#1222) - introduce `owasp-docker` (#1245) - replace hve-core-specific references with portable discovery-based language (#1335) - introduce `owasp-cicd` (#1246) - add secure-by-design knowledge skill (#1223) - introduce `owasp-infrastructure` (#1244) - introduce `owasp-mcp` (#1207) - add OutputPath parameter to Invoke-LinkLanguageCheck.ps1 (#1229) - add -OutputPath parameter to Validate-SkillStructure.ps1 (#1225) - add maintainer-only skip-review label guard (#1293) - add extension collections overview and integrate into getting started flow (#950) - add agentic workflows for automated issue triage, implementation, PR review, dependency review, and doc-staleness detection (#1219) - consolidate package-lock.json version sync into Update-VersionFiles.ps1 (#1240) - add standards code review agent and full review orchestrator (#1174) - standardize pytest-mock as Python mocking framework (#1170) - add Jira backlog workflows and Jira/GitLab skills (#978) - add centralized version bump script and supply-chain attestation (#1183) ### 🐛 Bug Fixes - pin PowerShell-Yaml to 0.4.7 across all install sites (#1378) - close fork-PR/workflow-file-PR secret-strip gap and normalize upload-artifact version (#1421) - replace stream-based lookahead with array indexing in list-changed-files.sh (#1376) - centralize ISO 8601 timestamp regex in CIHelpers (#1343) - update stale documentation date in release-process.md (#1363) - pin basic-ftp to 5.3.0 to resolve GHSA-rp42-5vxx-qpwr (#1374) - add bot filter to dependency PR review workflow (#1362) - resolve pip-audit findings in powerpoint, gitlab, and jira skill lock files (#1360) - standardize Timestamp JSON key casing across all lint result files (#1314) - add synchronize trigger to PR Review workflow (#1323) - standardize timestamp in Validate-SkillStructure.ps1 to use Get-StandardTimestamp (#1280) - add parallel subagent dispatch and structured JSON contracts to code-review-full (#1304) - standardize timestamp in SecurityHelpers.psm1 to use Get-StandardTimestamp (#1284) - standardize timestamps in Test-DependencyPinning.ps1 and SecurityClasses.psm1 (#1282) - derive collection artifact counts from YAML at build time (#1275) - standardize timestamp in FrontmatterValidation.psm1 to use Get-StandardTimestamp (#1285) - standardize timestamp in Markdown-Link-Check.ps1 to use Get-StandardTimestamp (#1283) - escape hyphens in Mermaid diagram on Collections page (#1262) - add summary timestamp to PSScriptAnalyzer output (#1211) - fix plugin compatibility and robustness for coding-standards code review agents (#1289) - standardize timestamp in Test-CopyrightHeaders.ps1 to use Get-StandardTimestamp (#1278) - standardize timestamp in Invoke-YamlLint.ps1 to use Get-StandardTimestamp (#1270) - standardize timestamp in Invoke-LinkLanguageCheck.ps1 to use Get-StandardTimestamp (#1264) - fix dependency-review path filters and sparse-checkout cone mode (#1259) - replace invalid bare tool names with official tool identifiers (#1198) - fix broken links and remove orphaned reference in code review docs (#1257) - exclude Python env dirs from skill validation warnings (#1255) - pin happy-dom and serialize-javascript to resolve Dependabot vulnerabilities (#1253) - remove Mermaid diagram and add missing collection cards (#1247) - disable MCP servers by default to prevent token limit errors (#1144) - sync package-lock.json after pre-release version bump (#1236) - separate mermaid node declarations and add dynamic diagram generation with tests (#1215) - replace anchor links in meeting-analyst with bold text references (#1201) - remove recursive symlinks in jira and gitlab skill directories (#1233) - validate-installation scripts now check .github/skills directory (#1010) (#1206) - resolve npm audit vulnerabilities via dependency overrides (#1200) - add post-release triggers to scorecard workflow (#1186) - add missing .md extensions to relative links in agent documentation (#1180) ### 📚 Documentation - broaden Security Review description beyond OWASP (#1385) - document maintainer advisory mode and skip-review label guard (#1386) - document ExcludePaths/OutputPath for Invoke-LinkLanguageCheck (#1383) - CLI getting-started: clarify plugin install commands as alternatives (-all vs base) (#1251) ### ♻️ Refactoring - align agent and prompt folder names to collection identifier (#1210) ### 🔧 Maintenance - pin PSScriptAnalyzer to 1.25.0 and sync stale workflow version comments (#1389) - bump lxml from 6.0.2 to 6.1.0 in /.github/skills/experimental/powerpoint (#1424) - bump @vscode/vsce from 3.7.1 to 3.9.1 in the npm-dependencies group (#1390) - bump the github-actions group across 1 directory with 7 updates (#1391) - bump follow-redirects from 1.15.11 to 1.16.0 in /docs/docusaurus (#1356) - upgrade Node.js from 20 to 24 and bump cspell to v10 (#1353) - bump basic-ftp from 5.2.0 to 5.2.1 (#1324) - update github/gh-aw-actions requirement to 536ea1bad8c6715d098a9dc1afea8d403733acfe in the github-actions group across 1 directory (#1298) - update security instruction attributions and compliance (#1294) - bump the npm-dependencies group with 2 updates (#1297) - pre-release 3.3.41 (#1252) - streamline RAI Planner phase structure and documentation (#1273) - bump happy-dom from 20.8.8 to 20.8.9 in /docs/docusaurus (#1237) - pre-release 3.3.27 (#1191) - bump pygments from 2.19.2 to 2.20.0 in /.github/skills/gitlab/gitlab (#1234) - bump path-to-regexp from 0.1.12 to 0.1.13 in /docs/docusaurus (#1226) - bump the github-actions group with 4 updates (#1231) - add missing folders and alphabetize location lists (#1193) - bump brace-expansion (#1224) - bump handlebars from 4.7.8 to 4.7.9 in /docs/docusaurus (#1217) - bump brace-expansion from 5.0.3 to 5.0.5 in /docs/docusaurus (#1213) - pre-release 3.3.10 (#1187) - bump markdownlint-cli2 from 0.21.0 to 0.22.0 in the npm-dependencies group (#1175) - bump the github-actions group with 3 updates (#1176) - pre-release 3.3.1 (#1165) --- *Managed automatically by pre-release workflow.* Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issue(s)
Fixes #1286
Description
These changes were discovered while testing the
Code Review StandardsandCode Review Fullagents from the Coding Standards Plugin installation in VS Code. The plugin install surface exposed three categories of silent failure invisible when running the agents directly from the plugin.Three commits fix path resolution failures, reference correctness, and agent robustness.
Commit 1 — correct
review-artifactspath in Step 4The
#file:reference incode-review-standards.agent.mdStep 4 pointed to../../instructions/code-review/review-artifacts.instructions.md, missing thecoding-standards/path segment. Corrected to../../instructions/coding-standards/code-review/review-artifacts.instructions.md.Commit 2 — fix plugin compatibility for coding-standards skill resolution
The plugin generator strips the
.github/prefix from all artifact paths. An agent at.github/agents/coding-standards/(3 levels deep in the repo) becomesagents/coding-standards/(2 levels deep in the plugin), breaking any reference that assumed.github/depth.docs/templates/relative links escape the plugin root.#file:../../../docs/templates/worked in the repo but escaped the plugin root entirely. Converted to workspace-root prose (at `docs/templates/file.md`), consistent withadr-creation,brd-builder, andsystem-architecture-reviewer.Skill loading failed entirely in plugin context.
Steps 3b and 3c assumed
.github/skills/prefix. Skills live underskills/in the plugin. Both steps now use a dual path fallback: try.github/skills/...first, fall back toskills/....pr-referenceskill missing from thecoding-standardscollection.The diff computation protocol relies on scripts in
pr-reference, absent fromcoding-standards.collection.yml. Added so diff computation works for coding-standards-only plugin users.Commit 3 — improve robustness of code review agents
code-review-full.agent.md:disable-model-invocation/ Step 4 interaction: manual invocation retains full model reasoning; added verbatim-output fallback with⚠️warning when transformation rules cannot be applied## Error Recoverysection covering diff failure, subagent failure, malformed output, persistence failure, and clarifying-question deadlockcode-review-standards.agent.md:docs/may be absentRelated Issue(s)
Fixes #
Type of Change
Code & Documentation:
AI Artifacts:
.github/agents/*.agent.md).github/skills/*/SKILL.md)Sample Prompts (for AI Artifact Contributions)
User Request:
Execution Flow:
pr-referencescripts (now packaged in the collection)python-foundationalSKILL.md from.github/skills/...(repo) orskills/...(plugin).github/skills/orskills/depending on contextdocs/templates/standards-review-output-format.md; recovers gracefully if absentreview-artifacts.instructions.mdpathSuccess Indicators:
Skills are loaded and cited in findings. Report template is read from disk. Behavior is identical from repo or plugin install. No "skill unavailable" warnings for
python-foundational.Testing
greppr-referencesymlink atplugins/coding-standards/skills/shared/pr-referencenpm run plugin:generate,plugin:validate,lint:md, andlint:frontmatter— all passed with 0 errorsChecklist
Required Checks