mit einem Klick
github-secops-agent
github-secops-agent enthält 13 gesammelte Skills von yu-iskw, mit Repository-Berufsabdeckung und Skill-Detailseiten auf SkillsMP.
Skills in diesem Repository
Run pnpm build from the repo root and fix compile or build errors until the workspace build passes. Use after edits, when CI is red on build, or before opening a PR. Keywords: pnpm, build, TypeScript, monorepo, workspace.
Run pnpm format then pnpm lint from the repo root and fix issues until both pass. Use after edits, when CI is red on lint/format, or before opening a PR. Keywords: pnpm, format, lint, trunk, monorepo, code style.
Manage Architecture Decision Records (ADRs). Use this to initialize, create, list, and link ADRs to document architectural evolution. Requires 'adr-tools' to be installed.
Run pnpm test from the repo root and fix failing tests or implementation until the suite passes. Use after edits, when CI is red on tests, or before opening a PR. Keywords: pnpm, test, vitest, unit tests, monorepo.
Use at the end of a coding session to summarize outcomes, failures, inefficiencies, and root causes, then output a concise postmortem report with ranked improvements for next time. Output only in chat; do not edit project files unless the user explicitly asks. Skip nit-picks and one-off mistakes.
Assign @copilot on an existing SecOps remediation issue after policy guard—use when Project link or org policy requires Issue → Project before assignee. Uses gh issue edit; does not push branch code.
One-shot PR status check with gh—structured JSON outcome and exit codes; classify green vs failing vs pending vs blocked. Read-only on the repo. Does not loop; re-invoke on a schedule (human, Claude, or optional sub-agent). No issue comments—use secops-post-ci-nudge-comment to nudge.
Create a SecOps remediation issue on the target repo (after policy guard). Link a GitHub Project at create time via --project (gh issue create -p); optional @copilot assign. For assign-after-Project, use secops-assign-copilot-to-issue. Uses gh issue create; does not push branch code.
Discover candidate repos for SecOps dependency remediation using policy (.github-secops-agent.json) and gh api. Scripts under scripts/ for Dependabot org alerts, stale repos (pushed_at), and recent activity; combine with optional jq and config. Triggers: open Dependabot alerts, repos not updated in N days, most recently pushed repos. Always github-secops-guard validate-repo before creating issues. No ghclt batch queue emitter.
Structured interview with multiple-choice options and plain-English field context: create or update .github-secops-agent.json and optional repo-root project-config.json from operator answers; then run github-secops-guard validate-config and optionally config-schema for JSON Schema. Use when bootstrapping SecOps policy, GitHub Project binding, or onboarding a repo to this orchestration layout.
List or view Copilot coding agent task sessions via gh agent-task (preview CLI)—not PR merge health; use secops-check-pr-checks for PR checks. Not issue assignee @copilot; use secops-assign-copilot-to-issue. Policy guard before gh.
Post a nudge comment on the SecOps issue when PR checks fail or stall—continuation policy, round caps, validate-repo before gh issue comment. Does not run PR checks; use secops-check-pr-checks for one-shot status (re-invoke when needed).
Post remediation closeout / evidence on the SecOps issue—MVP links-only or structured summary plus orchestrator run log (format per skill conventions; not configured in JSON). Uses gh issue comment and gh api.