원클릭으로 Manus에서 모든 스킬 실행

$pwd:

ai-augmented-sdlc

Name: Ai Augmented Sdlc
Author: Hack23

// AI-assisted development governance — Copilot custom agents, MCP servers, change control, audit trail — per Hack23 ISMS AI Policy

Manus에서 실행

$ git log --oneline --stat

stars:11

forks:4

updated:2026년 4월 17일 14:05

SKILL.md

readonly

name	ai-augmented-sdlc
description	AI-assisted development governance — Copilot custom agents, MCP servers, change control, audit trail — per Hack23 ISMS AI Policy
license	MIT

AI-Augmented SDLC Skill

Context

Applies whenever GitHub Copilot, custom agents, MCP servers, or any LLM-based tool participates in a code, docs, or configuration change.

Codifies the requirements from:

Rules

AI outputs are proposals, not authority — every AI-generated change needs human review before merge
No autonomous deployment — AI may not bypass CI gates, branch protection, signing, or approvals
Human accountability — the merging human owns the change regardless of AI assistance
Document AI assistance — PR descriptions note the agent/skill used (e.g., "assisted by Copilot frontend-specialist")
Security gates unchanged or tightened — AI may never weaken linting, CodeQL, tests, or branch protection
Least-privilege tooling — each agent uses tools appropriate to its role; widening is a governed change
Curator-agent changes are Normal Changes — edits to .github/agents/*.md, .github/skills/*/SKILL.md, .github/copilot-mcp*.json, and .github/workflows/copilot-setup-steps.yml require CEO or security-owner approval
MCP governance — MCP server config uses secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN (never hard-coded tokens) and is reviewed like other security-sensitive code
Audit trail — every agent action is captured in PRs, commits, CI runs, and issue history
Risk assessment for capability expansion — new MCP servers, new integrations, broader tool scopes need a documented risk note
Policy-cited commits — security-relevant AI-generated changes cite the applicable ISMS policy
No secret leakage through prompts — never paste credentials, tokens, PII, or production data into prompts or shared memory
Avoid data-dependency leaks — do not accept AI output that fabricates API signatures, options, URLs, or dependencies

Agent Tiers (per ISP §AI-First Operations)

Tier	Purpose
Curator-agent	Maintains agent + MCP + workflow configuration
Task agents	Product analysis, issue creation, ISMS mapping
Specialist agents	Domain-specific implementation (game / UI / test / security / docs)

Copilot Coding-Agent Tool Catalogue

Tool	Purpose
`assign_copilot_to_issue(owner, repo, issue_number, [base_ref], [custom_instructions])`	Start autonomous implementation on an issue
`create_pull_request_with_copilot(owner, repo, title, body, [base_ref], [custom_agent])`	Create a PR where Copilot implements changes
`get_copilot_job_status(owner, repo, id)`	Track agent job progress / completion

`base_ref` use cases

Scenario	`base_ref`
Feature branch	`feature/new-auth`
Stacked PR	`copilot/issue-123`
Release branch	`release/v2.0`

`custom_instructions` template

- Follow existing patterns in src/components/
- Add tests (≥ 80 % coverage, ≥ 95 % on security paths)
- Cite ISMS: Secure Development Policy §Phase 3 in the PR body
- Do not add new dependencies without `npm audit` + license check

Review Checklist for AI-Assisted Changes

PR description documents the agent/skill used
Diff reviewed for fabricated imports, APIs, URLs
No hardcoded secrets, tokens, or PII introduced
No weakening of validation, encoding, auth, or authorization
No new network calls or eval/Function usage without justification
Tests added; coverage thresholds met
ISMS policy cited where applicable
Dependencies audited + licensed; SBOM still valid
CodeQL / Scorecard / Dependabot remain green

Change Management for Agent / MCP / Workflow Edits

Open an issue describing the capability and risk
Draft the change on a dedicated branch
Reviewer verifies: least-privilege, secret wiring, policy citations, audit trail
CEO or designated security owner approves
Merge behind branch protection; monitor agent behavior after merge

Anti-Patterns

❌ Merging an AI PR without reading the diff
❌ Disabling a failing security test to make CI green
❌ Adding a new dependency the agent "said was fine"
❌ Pasting secrets or production data into a prompt or agent memory
❌ Silently widening a tool scope (e.g., tools: ["*"] for a specialist who previously had a narrow set) without review

Remember

AI accelerates delivery; humans remain accountable for security, quality, and compliance. Every change passes the same gates regardless of authorship. Policy citations, audit trail, and least-privilege are non-negotiable.

related-skills.json

같은 저장소

documentation-standards.md

from "Hack23/game"

Clear technical documentation — JSDoc, Mermaid, READMEs, ADRs, C4 diagrams, ISMS policy citations

2026-04-1711

isms-compliance.md

from "Hack23/game"

Hack23 ISMS alignment — ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1, GDPR, NIS2, EU CRA — with policy citations

2026-04-1711

performance-optimization.md

from "Hack23/game"

React re-render optimization, Three.js rendering performance, useMemo/useCallback, bundle size, 60 fps profiling, Lighthouse budgets

2026-04-1711

react-threejs-game.md

from "Hack23/game"

Three.js game development with React using @react-three/fiber and @react-three/drei — strict TypeScript, 60 fps, accessible

2026-04-1711

security-by-design.md

from "Hack23/game"

Defense-in-depth security principles — OWASP Top 10 prevention, input validation, secure error handling, encryption, least privilege

2026-04-1711

testing-strategy.md

from "Hack23/game"

Vitest + Cypress + RTL — deterministic tests, ≥80% line / ≥70% branch coverage, ≥95% on security code, Three.js component testing

2026-04-1711

package.json

"author": "Hack23"

"repository": "Hack23/game"

GitHub 저장소 열기 Creator 저장소 보기

$ install --global

$ download --local

Manus에서 실행

$ useful --forSOC

컴퓨터·정보 시스템 관리자관리직11-3021L4

name	ai-augmented-sdlc
description	AI-assisted development governance — Copilot custom agents, MCP servers, change control, audit trail — per Hack23 ISMS AI Policy
license	MIT

AI-Augmented SDLC Skill

Context

Applies whenever GitHub Copilot, custom agents, MCP servers, or any LLM-based tool participates in a code, docs, or configuration change.

Codifies the requirements from:

Rules

AI outputs are proposals, not authority — every AI-generated change needs human review before merge
No autonomous deployment — AI may not bypass CI gates, branch protection, signing, or approvals
Human accountability — the merging human owns the change regardless of AI assistance
Document AI assistance — PR descriptions note the agent/skill used (e.g., "assisted by Copilot frontend-specialist")
Security gates unchanged or tightened — AI may never weaken linting, CodeQL, tests, or branch protection
Least-privilege tooling — each agent uses tools appropriate to its role; widening is a governed change
Curator-agent changes are Normal Changes — edits to .github/agents/*.md, .github/skills/*/SKILL.md, .github/copilot-mcp*.json, and .github/workflows/copilot-setup-steps.yml require CEO or security-owner approval
MCP governance — MCP server config uses secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN (never hard-coded tokens) and is reviewed like other security-sensitive code
Audit trail — every agent action is captured in PRs, commits, CI runs, and issue history
Risk assessment for capability expansion — new MCP servers, new integrations, broader tool scopes need a documented risk note
Policy-cited commits — security-relevant AI-generated changes cite the applicable ISMS policy
No secret leakage through prompts — never paste credentials, tokens, PII, or production data into prompts or shared memory
Avoid data-dependency leaks — do not accept AI output that fabricates API signatures, options, URLs, or dependencies

Agent Tiers (per ISP §AI-First Operations)

Tier	Purpose
Curator-agent	Maintains agent + MCP + workflow configuration
Task agents	Product analysis, issue creation, ISMS mapping
Specialist agents	Domain-specific implementation (game / UI / test / security / docs)

Copilot Coding-Agent Tool Catalogue

Tool	Purpose
`assign_copilot_to_issue(owner, repo, issue_number, [base_ref], [custom_instructions])`	Start autonomous implementation on an issue
`create_pull_request_with_copilot(owner, repo, title, body, [base_ref], [custom_agent])`	Create a PR where Copilot implements changes
`get_copilot_job_status(owner, repo, id)`	Track agent job progress / completion

`base_ref` use cases

Scenario	`base_ref`
Feature branch	`feature/new-auth`
Stacked PR	`copilot/issue-123`
Release branch	`release/v2.0`

`custom_instructions` template

- Follow existing patterns in src/components/
- Add tests (≥ 80 % coverage, ≥ 95 % on security paths)
- Cite ISMS: Secure Development Policy §Phase 3 in the PR body
- Do not add new dependencies without `npm audit` + license check

Review Checklist for AI-Assisted Changes

PR description documents the agent/skill used
Diff reviewed for fabricated imports, APIs, URLs
No hardcoded secrets, tokens, or PII introduced
No weakening of validation, encoding, auth, or authorization
No new network calls or eval/Function usage without justification
Tests added; coverage thresholds met
ISMS policy cited where applicable
Dependencies audited + licensed; SBOM still valid
CodeQL / Scorecard / Dependabot remain green

Change Management for Agent / MCP / Workflow Edits

Open an issue describing the capability and risk
Draft the change on a dedicated branch
Reviewer verifies: least-privilege, secret wiring, policy citations, audit trail
CEO or designated security owner approves
Merge behind branch protection; monitor agent behavior after merge

Anti-Patterns

❌ Merging an AI PR without reading the diff
❌ Disabling a failing security test to make CI green
❌ Adding a new dependency the agent "said was fine"
❌ Pasting secrets or production data into a prompt or agent memory
❌ Silently widening a tool scope (e.g., tools: ["*"] for a specialist who previously had a narrow set) without review

ai-augmented-sdlc

AI-Augmented SDLC Skill

Context

Rules

Agent Tiers (per ISP §AI-First Operations)

Copilot Coding-Agent Tool Catalogue

base_ref use cases

custom_instructions template

Review Checklist for AI-Assisted Changes

Change Management for Agent / MCP / Workflow Edits

Anti-Patterns

Remember

이 저장소의 다른 Skills

이 저장소의 다른 Skills

AI-Augmented SDLC Skill

Context

Rules

Agent Tiers (per ISP §AI-First Operations)

Copilot Coding-Agent Tool Catalogue

base_ref use cases

custom_instructions template

Review Checklist for AI-Assisted Changes

Change Management for Agent / MCP / Workflow Edits

Anti-Patterns

Remember

`base_ref` use cases

`custom_instructions` template

`base_ref` use cases

`custom_instructions` template