From f207e37a05734d6eca66b7583d7cab9a49ef7b0b Mon Sep 17 00:00:00 2001
From: Nikolai Emil Damm <ned@devantler.tech>
Date: Fri, 5 Jun 2026 05:15:56 +0200
Subject: [PATCH 1/2] docs: add Copilot code-review instructions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

> 🤖 Generated by the Daily AI Assistant
---
 .github/copilot-instructions.md | 54 +++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 .github/copilot-instructions.md

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
new file mode 100644
index 0000000..e9bf770
--- /dev/null
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,54 @@
+# Copilot code review — devantler-tech/plugins
+
+A tool-neutral **agent-plugin marketplace** that bundles curated skills from
+[`devantler-tech/skills`](https://github.com/devantler-tech/skills) into category-based plugins for
+**VS Code**, **GitHub Copilot CLI**, and **Claude Code**. Canonical conventions live in
+[`AGENTS.md`](../AGENTS.md); this is the concise review checklist — flag violations of the rules below.
+
+## Always (every PR)
+
+- **Conventional-Commit PR title** (`feat:`/`fix:`/`docs:`/`ci:`/`chore:`/`refactor:`). The repo is
+  consumed directly as a marketplace (no release pipeline), so the type drives changelog/intent — a
+  non-conventional or bracket-prefixed title is a defect.
+- **Root-cause fixes only.** Flag anything that masks a failure: a CI check skipped or set
+  `continue-on-error` to dodge red, a weakened validation, `--no-verify`, silenced linters.
+- **No secrets in plaintext** — flag committed tokens, keys, or kubeconfigs.
+- PRs from the Daily AI Assistant carry a `> 🤖 Generated by the Daily AI Assistant` line — expected,
+  not a finding.
+
+## The two manifests are the contract
+
+- The marketplace ships **two manifests that must stay byte-for-byte in sync** (modulo key order):
+  `.github/plugin/marketplace.json` (Copilot / VS Code) and `.claude-plugin/marketplace.json` (Claude
+  Code). CI diffs them (`jq -S`) and fails on drift — **any change to the plugin set edits both in the
+  same PR**. Flag a PR that touches one manifest but not the other.
+- Each entry's `source` is a **relative path** (`./plugins/<name>`) so moves stay link-safe — flag an
+  absolute or URL `source`.
+- Keep manifest `name`s and descriptions **tool-neutral** (cross-tool: VS Code / Copilot CLI / Claude
+  Code); flag Copilot-only framing where the capability isn't tool-specific.
+- The **README plugin table mirrors the manifests** — flag a plugin-set change that doesn't update the
+  README in lockstep.
+
+## Plugins & bundled skills
+
+- A plugin is a dir under `plugins/` with a `plugin.json` (kebab-case `name` matching `^[a-z0-9-]+$`, a
+  `description`, a `version`, and `"skills": "skills/"`) plus a `skills/` subdir. Skill dirs sit at
+  `plugins/<plugin>/skills/<skill>/` (CI discovers `SKILL.md` at depth 4) — flag a misplaced layout or
+  a non-kebab plugin name.
+- **Skills come from upstream — no lockfile.** Each bundled `SKILL.md` is installed with
+  `gh skill install` and validates against the [agentskills.io](https://agentskills.io) spec. **Never
+  hand-edit a bundled `SKILL.md` to diverge from its upstream** — fix it in `devantler-tech/skills` and
+  let the daily `update-agent-skills` PR pull it through. Flag a hand-authored or spec-invalid `SKILL.md`.
+
+## CI & security
+
+- **Pin third-party actions** (non-`actions/*`, non-`github/*`, non-`devantler-tech/*`) to a full commit
+  SHA with a `# v<version>` comment — flag unpinned or tag-pinned refs.
+- **Least privilege:** `permissions: {}` at the workflow top level, grant the minimum per job; set
+  `persist-credentials: false` on `actions/checkout` unless a job must push. Keep workflows
+  `actionlint`-clean.
+- Bundle Dependabot `github_actions` bumps; call out **major** bumps. Never weaken a security control or
+  a check to make CI pass.
+
+Copilot code review reads this file + `.github/instructions/**/*.instructions.md` at **≤4000 chars**
+and does **not** read `AGENTS.md` — when unsure, defer to [`AGENTS.md`](../AGENTS.md).

From 0d668621c43e1c055b0cb9d25f118e5321edea1a Mon Sep 17 00:00:00 2001
From: Nikolai Emil Damm <nikolaiemildamm@icloud.com>
Date: Fri, 5 Jun 2026 08:24:09 +0200
Subject: [PATCH 2/2] docs(copilot-instructions): align CI/security rules with
 repo conventions

Address Copilot review threads on #16:
- Pin *every* external action (repo SHA-pins all uses:, incl. actions/*), not just third-party
- Permissions: reflect that update-agent-skills legitimately needs top-level write
- Qualify .github/instructions/ as 'if present'; make the closing line self-contained

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .github/copilot-instructions.md | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index e9bf770..e376a03 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -42,13 +42,15 @@ A tool-neutral **agent-plugin marketplace** that bundles curated skills from
 
 ## CI & security
 
-- **Pin third-party actions** (non-`actions/*`, non-`github/*`, non-`devantler-tech/*`) to a full commit
-  SHA with a `# v<version>` comment — flag unpinned or tag-pinned refs.
-- **Least privilege:** `permissions: {}` at the workflow top level, grant the minimum per job; set
-  `persist-credentials: false` on `actions/checkout` unless a job must push. Keep workflows
-  `actionlint`-clean.
+- **Pin every external action** to a full commit SHA with a `# v<version>` comment — this repo SHA-pins
+  all `uses:` refs (including `actions/*`), so flag any unpinned or tag-pinned ref.
+- **Least privilege:** give each workflow the minimum `permissions` it needs — prefer `{}` at the top
+  level and grant per job; a workflow that genuinely needs write (e.g. the PR-opening
+  `update-agent-skills`) scopes it explicitly. Set `persist-credentials: false` on `actions/checkout`
+  unless a job must push. Keep workflows `actionlint`-clean.
 - Bundle Dependabot `github_actions` bumps; call out **major** bumps. Never weaken a security control or
   a check to make CI pass.
 
-Copilot code review reads this file + `.github/instructions/**/*.instructions.md` at **≤4000 chars**
-and does **not** read `AGENTS.md` — when unsure, defer to [`AGENTS.md`](../AGENTS.md).
+Copilot code review reads this file (and any `.github/instructions/**/*.instructions.md`, if present)
+at **≤4000 chars** and does **not** read [`AGENTS.md`](../AGENTS.md). When a rule here is ambiguous,
+flag it and request human clarification rather than assuming.