feat(agents): align sssc planner with rai parity, add signing and validation#1497
Conversation
…idation Bring the SSSC Planner to feature parity with the RAI Planner across identity, disclaimers, footers, phase prompts, handoff signing, validation, and docs. Changes by RAI #1287 category: 1. Identity and state — Update sssc-identity.instructions.md to add signingRequested, signingManifestPath, and disclaimer acknowledgment fields in the state schema; add a JSON schema (sssc-state.schema.json) for validation; align session recovery and orchestration language with RAI. 2. Disclaimer infrastructure — Register sssc-full-disclaimer in .github/config/disclaimers.yml so the SSSC handoff renders the same professional-review notice tier RAI uses. 3. Footer tier — Add sssc-handoff-with-disclaimer to .github/config/footer-with-review.yml (Tier 1 + checkbox + Tier 2 disclaimer, scoped to .github/instructions/security/sssc-*); rename the companion RAI tier human-facing-with-disclaimer to rai-handoff-with-disclaimer for naming symmetry. 4. Phase instructions and prompts — Refresh sssc-{assessment,gap-analysis, standards,backlog,handoff}.instructions.md and sssc-{capture,from-brd, from-prd,from-security-plan}.prompt.md for the parity flow, signing prompts, and disclaimer wiring. 5. Handoff signing — Update sssc-handoff.instructions.md Phase 6 to invoke pwsh scripts/security/Sign-PlannerArtifacts.ps1 with the SSSC manifest and to record signingRequested / signingManifestPath in state. 6. Signing script and tests — Add scripts/security/Sign-PlannerArtifacts.ps1 (planner-agnostic cosign wrapper) plus scripts/tests/security/Sign-PlannerArtifacts.Tests.ps1. 7. Validation — Extend scripts/tests/linting/Validate-PlannerArtifacts.Tests.ps1 to cover the new SSSC tier, the renamed RAI tier, and the JSON schema. 8. Documentation and generated outputs — Update sssc-planner.agent.md, the docs/agents/sssc-planning overview, collection markdown for hve-core-all, project-planning, and security, regenerate the matching plugins/ READMEs, and add SSSC terms to .cspell.json. Validation: targeted Pester suite Validate-PlannerArtifacts.Tests.ps1 = 31/31 PASS; lint:yaml, lint:md, lint:ps, lint:frontmatter, lint:collections-metadata, lint:marketplace, lint:version-consistency, lint:permissions, lint:dependency-pinning, lint:py, spell-check, plugin:validate all PASS. 🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.
…ction descriptions 🔧 - Generated by Copilot
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1497 +/- ##
==========================================
- Coverage 85.74% 85.51% -0.23%
==========================================
Files 81 82 +1
Lines 11783 11831 +48
==========================================
+ Hits 10103 10117 +14
- Misses 1680 1714 +34
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Advisory review, this PR is from a maintainer. Findings are informational only.
Review Summary
This PR delivers a well-structured parity update that brings the SSSC Planner in line with the RAI Planner's architecture: consistent disclaimer tier handling, the new BySessionPath cosign-signing flow, a formal JSON Schema for state.json, and full prompt rewrites for all five entry modes. The overall design and implementation quality is high.
Six informational findings are noted below; the two schema-alignment issues are the most worth addressing before merge since they could cause runtime validation failures.
Issue Alignment
The PR description states "N/A" for Related Issue(s). No GitHub issue is linked. While acceptable for maintainer-driven changes, linking an issue (even a tracking issue) is recommended so change intent is traceable over time.
PR Template Compliance
- ✅ Description is filled in with clear intent and file-level changes.
- ✅ Type of Change checkboxes are checked and match the actual diff (Copilot agent, prompt, instructions, script, schema).
⚠️ Related Issue(s) is "N/A" — no linked issue.- ✅ Testing section references
npm run test:ps. - ✅ Checklist items are checked.
Coding Standards
PowerShell (Sign-PlannerArtifacts.ps1)
The new BySessionPath parameter set follows existing patterns correctly: copyright header, #Requires, CmdletBinding, [OutputType()], $ErrorActionPreference = 'Stop', and comment-based help are all in order. One path-separator edge case is noted in the inline comment at line 183.
Prompt Files (sssc-capture.prompt.md, sssc-from-prd.prompt.md, sssc-from-brd.prompt.md, sssc-from-security-plan.prompt.md)
All four entry-mode prompts reference outputPreferences as a state.json key. This field does not exist in the new sssc-state.schema.json, which uses "additionalProperties": false. The correct path is userPreferences.targetSystem. See inline comments on sssc-capture.prompt.md:43 and sssc-from-prd.prompt.md:52; the same correction applies to the BRD and security-plan variants.
Instructions Files
sssc-handoff.instructions.md:105referencesuserPreferences.signingRequested, butsigningRequestedis a top-level field in the schema, not nested underuserPreferences. See inline comment.sssc-identity.instructions.md:120shows auserPreferencestemplate with onlyautonomyTier; the schema now requires five fields. See inline comment.
Code Quality
sssc-state.schema.json: Well-formed JSON Schema draft 2020-12. The 16 required fields,entryModeenum, anduserPreferencessub-schema with five required fields are consistent with the agent file's sample state.disclaimerShownAtandsigningManifestPathare correctly omitted fromrequired(nullable). No issues found.- Test files: Both
Validate-PlannerArtifacts.Tests.ps1andSign-PlannerArtifacts.Tests.ps1follow Pester 5 conventions. The rename fromhuman-facing-with-disclaimertorai-handoff-with-disclaimerand the newsssc-handoff-with-disclaimertier are covered by the updated tests. - Footer config files: The tiered footer design (
sssc-*.instructions.mdscoped to bothagenticandhuman-facing) mirrors the established RAI pattern. The configuration looks intentional and correct.
Action Items
| # | File | Line | Severity | Summary |
|---|---|---|---|---|
| 1 | sssc-capture.prompt.md |
43 | Medium | outputPreferences key doesn't exist in schema; use userPreferences.targetSystem |
| 2 | sssc-from-prd.prompt.md |
52 | Medium | Same outputPreferences schema mismatch |
| 3 | sssc-from-brd.prompt.md |
~52 | Medium | Same outputPreferences schema mismatch (not separately commented) |
| 4 | sssc-from-security-plan.prompt.md |
~52 | Medium | Same outputPreferences schema mismatch (not separately commented) |
| 5 | sssc-handoff.instructions.md |
105 | Medium | userPreferences.signingRequested → top-level signingRequested |
| 6 | sssc-identity.instructions.md |
120 | Low | Stale userPreferences example missing 4 required fields |
| 7 | sssc-capture.prompt.md |
55 | Low | "up to 5 questions" but 8 topics listed — ambiguous grouping intent |
| 8 | Sign-PlannerArtifacts.ps1 |
183 | Low | Windows path-separator edge case in StartsWith comparison |
…able-formatter 🎨 - Generated by Copilot
There was a problem hiding this comment.
Advisory review, this PR is from a maintainer. Findings are informational only.
Review Overview
This PR delivers a solid parity pass for the SSSC planner — the new JSON schema, signing script improvements, and four-prompt alignment are all well-structured additions. The inline comments flag a schema/documentation drift that would cause runtime validation failures if left unaddressed, and a gap in test coverage for the new BySessionPath parameter set.
Issue Alignment
No issue is linked (Related Issue(s): N/A). Not blocking in advisory mode, but linking an issue would help trace the RAI parity motivation for this work.
PR Template Compliance
✅ Description is thorough and accurate.
✅ Type of Change checkboxes correctly reflect the diff (instructions, prompts, agent, script/automation).
✅ Testing section is comprehensive.
✅ Required Automated Checks all marked.
Coding Standards
No violations found against the matched instruction files (powershell.instructions.md, pester.instructions.md, prompt-builder.instructions.md). Script structure, copyright headers, CmdletBinding, ErrorActionPreference, and comment-based help all comply.
Code Quality Findings
⚠️ HIGH — Schema/doc drift: wrong includeOptionalArtifacts field names in agent example
.github/agents/security/sssc-planner.agent.md lines 144–146 document adoptionPlaybook and executiveSummary inside includeOptionalArtifacts. The new sssc-state.schema.json defines this object with additionalProperties: false and requires sbom, scorecardProjection, and artifactSigning. An agent following the embedded example would produce a state.json that fails schema validation. See inline comment on line 146.
⚠️ HIGH — outputPreferences not a valid root state.json key (all four entry prompts)
All four entry-mode prompts instruct the agent to write outputPreferences to state.json. The schema has additionalProperties: false at the root with no outputPreferences property. Every state write following these prompts would fail validation. The correct target is userPreferences.targetSystem. See inline comments on each prompt file.
💡 MEDIUM — disclaimerShownAt and signingManifestPath absent from required
Both fields are always initialised at state creation but are not listed in required. A state file missing these keys still passes schema validation, which could silently surface undefined to agent logic that expects at least null. See inline comment on sssc-state.schema.json line 24.
💡 MEDIUM — BySessionPath parameter set has no test coverage
Sign-PlannerArtifacts.Tests.ps1 was updated to expect sessionPath in the manifest but no tests exercise the new BySessionPath invocation path, its absolute/relative path resolution, or sessionLabel derivation. See inline comment on line 215.
Action Items
- Fix
includeOptionalArtifactsexample insssc-planner.agent.mdto usesbom,scorecardProjection,artifactSigning. - Replace
outputPreferencesinstructions in all four prompts withuserPreferences.targetSystem. - Consider adding
disclaimerShownAtandsigningManifestPathto the schemarequiredarray. - Consider adding
BySessionPathtest scenarios toSign-PlannerArtifacts.Tests.ps1.
…th Pester coverage - replace npm script with pwsh wrapper at scripts/linting/Format-MarkdownTables.ps1 - add 13 Pester tests covering empty repo, no-git, formatted/unformatted tables, dot-prefixed dirs, verbose mode - guard PS7 Start-Process flush race with WaitForExit + size-check retry + ReadAllText - surface stdout/stderr byte counts via Should -Because for diagnosability 🧪 - Generated by Copilot
- regenerate vulnerability and principle indexes across owasp-* and secure-by-design skill references - reformat tables in CUSTOM-AGENTS, instructions README, pull-request instructions - reformat skill READMEs (powerpoint corpus, video-to-gif examples, jql-reference, pr-reference REFERENCE) - reformat workflow README and doc-update-check tables 📐 - Generated by Copilot
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
There was a problem hiding this comment.
Advisory review, this PR is from a maintainer. Findings are informational only.
Review Summary
This run reviews the two new commits added since the previous automated reviews — the Format-MarkdownTables.ps1 wrapper script and the table-reformatting pass — and confirms the current state of all findings from prior runs.
The two HIGH schema-drift issues flagged in earlier reviews remain unresolved and are the most important items to address before merge, as they will cause state.json files written by the agent to fail schema validation at runtime.
Issue Alignment
Related Issue(s): N/A. No linked issue. Not blocking in advisory mode, but linking a tracking issue would help trace the motivation over time.
PR Template Compliance
✅ Description is thorough and accurate.
✅ Type of Change checkboxes match the diff.
✅ Testing section is comprehensive and all checks are marked.
✅ AI Artifact Contributions checklist is present; prompt-builder review items are left unchecked per author's choice.
Coding Standards
Format-MarkdownTables.ps1 (new file)
The script follows copyright headers, #Requires, CmdletBinding, and $ErrorActionPreference = 'Stop' conventions. Two minor deviations from powershell.instructions.md are noted in the inline comment (line 99): missing main execution guard and missing #region/#endregion markers. Low risk.
Code Quality — Persistent Schema Drift
⚠️ HIGH — outputPreferences key invalid in all four entry-mode prompts
sssc-capture.prompt.md (line 43), sssc-from-prd.prompt.md (line 52), sssc-from-brd.prompt.md (line 52), and sssc-from-security-plan.prompt.md (line 48) all instruct the agent to write outputPreferences into state.json. The schema defines "additionalProperties": false at the root with no such property. Every state write following these prompts produces an invalid document. Correct key: userPreferences.targetSystem.
⚠️ HIGH — includeOptionalArtifacts example in sssc-planner.agent.md uses wrong field names
Lines 144–146 use adoptionPlaybook and executiveSummary. The schema's includeOptionalArtifacts sub-object requires exactly sbom, scorecardProjection, and artifactSigning with "additionalProperties": false. The stale example will cause schema validation failure.
💡 MEDIUM — userPreferences.signingRequested should be top-level signingRequested
sssc-handoff.instructions.md line 105 references a non-existent nested path. signingRequested is a root-level field.
💡 MEDIUM — BySessionPath parameter set has no test coverage
Sign-PlannerArtifacts.Tests.ps1 verifies the sessionPath manifest field appears but no test exercises the BySessionPath code path, absolute/relative path resolution, or sessionLabel derivation.
💡 LOW — userPreferences example in sssc-identity.instructions.md is incomplete
Line 120 shows only autonomyTier; the schema requires all five userPreferences fields.
Action Items
| # | File | Line | Severity | Status |
|---|---|---|---|---|
| 1 | sssc-capture.prompt.md (+ 3 sibling prompts) |
43/52/52/48 | Unresolved | |
| 2 | sssc-planner.agent.md |
144–146 | Unresolved | |
| 3 | sssc-handoff.instructions.md |
105 | 💡 MEDIUM | Unresolved |
| 4 | Sign-PlannerArtifacts.Tests.ps1 |
215 | 💡 MEDIUM | Unresolved |
| 5 | sssc-identity.instructions.md |
120 | 💡 LOW | Unresolved |
| 6 | Format-MarkdownTables.ps1 |
99 | 💡 LOW | New |
- Replace removed outputPreferences references with userPreferences.targetSystem to match sssc-state.schema.json 🔒 - Generated by Copilot
…orecardProjection) - Replace removed adoptionPlaybook/executiveSummary references with the current sbom and scorecardProjection state slots 🔒 - Generated by Copilot
…-state schema - Move signingRequested under state and expand userPreferences to the five fields defined by sssc-state.schema.json 🔒 - Generated by Copilot
…ce test cleanup catch - Anchor repo-root boundary check on the OS directory separator to avoid prefix matches across sibling paths - Replace empty catch in Test-Format-MarkdownTables junction cleanup with Write-Verbose to satisfy PSAvoidUsingEmptyCatchBlock 🔒 - Generated by Copilot
- Add Node 24 setup with npm cache and npm ci so the Pester job has the toolchain expected by the test fixtures 🔒 - Generated by Copilot
…ADMEs - Bump ms.date to 2026-05-01 to clear freshness check warnings on these long-stable docs 🔒 - Generated by Copilot
There was a problem hiding this comment.
Advisory review, this PR is from a maintainer. Findings are informational only.
Review Summary: feat/sssc-planner-rai-parity
This PR aligns the SSSC Planner with the RAI Planner feature-set parity: disclaimer gating, session signing, structured state schema, and consistent prompt structure. The overall shape of the change is sound and the implementation is detailed. Five advisory observations are noted below.
Issue Alignment
- No linked issue: The PR correctly states "Related Issue(s): N/A". No substantive misalignment concerns follow from this.
PR Template Compliance
- AI Artifact review checkboxes unchecked: The PR modifies
.agent.md,.prompt.md, and.instructions.mdfiles. The template's AI Artifact Contributions checklist ("Used/prompt-analyzeto review contribution" and "Addressed all feedback fromprompt-builderreview") is unchecked. These are manual attestation items that require human action before merging.
Coding Standards
Format-MarkdownTables.ps1 — Missing invocation guard and region blocks
Per powershell.instructions.md, the main execution block must be wrapped in if ($MyInvocation.InvocationName -ne '.') and organized with #region/#endregion. The script currently puts all execution directly at module scope. See inline comment at line 42.
Test-Format-MarkdownTables.Tests.ps1 — Two observations
throwinBeforeAll(line 11): Throws abort the suite as an error rather than a skip, giving cryptic failures for contributors who haven't runnpm install. See inline comment.-Tag 'Unit'(line 151): The tests launch subprocesses, requirenode_modules, and mutate the filesystem—integration-test characteristics. The tag should reflect that. See inline comment.
Code Quality
Sign-PlannerArtifacts.Tests.ps1 — Missing coverage for BySessionPath
The new BySessionPath parameter set introduces path-resolution logic, manifest naming, and parameter-set mutual exclusivity—all untested. For a signing script that produces security attestation manifests, coverage gaps here are worth closing. See inline comment at line 215.
disclaimers.yml — Shared applies-to artifact names
Both rai-planner and sssc-planner disclaimers map to handoff-summary and compact-handoff-summary. Disambiguation relies on the validation tool cross-referencing tier scopes from footer-with-review.yml. If the lookup is artifact-name-only, both disclaimers apply simultaneously. Adding an explicit scope field to disclaimer entries would make the intent self-documenting. See inline comment at line 33.
What Looks Good
pester-tests.ymlcorrectly pinsactions/setup-nodeto a full commit SHA with a version comment — fully compliant with workflow conventions.Sign-PlannerArtifacts.ps1session-path computation handles absolute paths, trailing separators, and repo-root edge cases cleanly.sssc-state.schema.jsonusesadditionalProperties: falseconsistently throughout and correctly models nullable fields (disclaimerShownAt,signingManifestPath) using["string", "null"].- The four SSSC prompt files have been restructured consistently with parallel startup/scope/phase-entry sections matching RAI parity.
Action items for the author:
- Check the AI Artifact Contributions checklist items in the PR description.
- Consider wrapping main execution in
Format-MarkdownTables.ps1with an invocation guard and region blocks. - Replace
throwinTest-Format-MarkdownTables.Tests.ps1 BeforeAllwith a skip-friendly guard. - Reconsider
-Tag 'Unit'on theFormat-MarkdownTablesdescribe block given its integration-test dependencies. - Add
BySessionPathparameter set tests toSign-PlannerArtifacts.Tests.ps1. - Evaluate whether
disclaimers.ymlentries need ascopefield for explicit disambiguation.
katriendg
left a comment
katriendg
left a comment
There was a problem hiding this comment.
Reviewed for cross-agent consistency, packaging sync, schema accuracy, and prompt-builder repetition rules. Detailed inline comments above; high-level summary below.
Findings
| ID | Severity | Theme |
|---|---|---|
| RI-1 | High | Four prompts cross-reference a Disclaimer and Attribution Protocol section that does not exist in sssc-identity.instructions.md |
| RI-2 | High | Resume Protocol step counts diverge between sssc-planner.agent.md (5/6) and sssc-identity.instructions.md (still 4/5) |
| RI-3 | Medium | Startup, Output Preferences, Pre-Scan supporting context, and one Phase 1 question are duplicated verbatim across the four entry-mode prompts (~150 lines), violating prompt-builder.instructions.md line 37 |
| RI-4 | Medium | sssc-state.schema.json requires signingRequested but not signingManifestPath or disclaimerShownAt, although the agent always writes them on init |
| RI-5 | Low | docs/agents/sssc-planning/agent-overview.md userPreferences row is stale (manual autonomy tier no longer exists; structured object not described) |
| RI-6 | Trivia | PR description says the footer-with-review file lives under .github/instructions/shared/; actual path is .github/config/footer-with-review.yml |
| RI-7 | Low | sssc-state.schema.json is referenced via $schema only — no validator runs against produced state.json files. Same is true of rai-state.schema.json, so parity is preserved; flagging as a follow-up |
Strengths
- Footer-with-review rename (
human-facing-with-disclaimer→rai-handoff-with-disclaimer) is clean — zero stale references repo-wide, tests and config updated together. Sign-PlannerArtifacts.ps1parameter sets (ByProjectSlugvsBySessionPath) are backward-compatible; the newsessionPathmanifest field uses an OS-agnostic forward-slash relative path.pester-tests.ymlcorrectly addsactions/setup-node+npm cibecause the newFormat-MarkdownTables.ps1depends onnode_modules. Action SHA pinning with version comment respected.- SSSC standards rename (SLSA v1.0, NTIA SBOM minimum elements, Sigstore (cosign)) propagates consistently through frontmatter, three collection manifests, and three plugin READMEs.
sssc-full-disclaimerwording correctly substitutes "OpenSSF Scorecard evaluators / SLSA auditors / supply chain security review boards" for the RAI legal/compliance equivalents.- Tests cover the new SSSC handoff tier (pass + fail) and the
sessionPathmanifest field.
|
/review |
|
✅ PR Review completed successfully! |
There was a problem hiding this comment.
Advisory review — this PR is from a maintainer. Findings are informational only.
Overview
This PR brings the SSSC Planner to parity with the RAI Planner by adding disclaimer gating, a formal JSON Schema for state.json, BySessionPath signing support, footer-with-review classification, and restructured entry-mode prompts. The scope is well-described, testing evidence is thorough, and the implementation is consistent with existing RAI Planner patterns.
Issue Alignment
PR Template Compliance
/prompt-analyze to review contribution" and "Addressed all feedback from prompt-builder review" — are both unchecked. The PR description doesn't explain why these were skipped. Per the template, contributions checking AI artifact boxes should complete this workflow.
Coding Standards
✅ PowerShell follows powershell.instructions.md conventions (copyright header, #Requires -Version 7.0, CmdletBinding, [OutputType], comment-based help).
✅ JSON Schema uses draft 2020-12 and is structurally correct. The additionalProperties: false on the root object and on $defs entries prevents schema drift.
✅ Prompt frontmatter uses description, agent fields correctly and the ${input:project-slug} variable syntax is consistent.
Code Quality
Three advisory observations are posted as inline comments:
-
disclaimerShownAtabsent from schemarequired(sssc-state.schema.json:23) —signingRequestedis required butdisclaimerShownAtis not, creating an asymmetry. Legacy sessions without the key may behave differently from sessions withnull, depending on LLM key-missing interpretation. -
git ls-files --othersincludes untracked files (Format-MarkdownTables.ps1:44) — undocumented behaviour; CI-Checkmode could flag drift on uncommitted drafts. -
BySessionPathparameter set lacks dedicated tests (Sign-PlannerArtifacts.Tests.ps1:215) — relative path resolution, absolute path branching, and customManifestNameare not exercised.
Action Items
None are blocking for a maintainer PR. If you'd like to address any of the inline observations:
- Add
disclaimerShownAtto the schemarequiredarray (or explicitly document the absent-vs-null equivalence in the schema description). - Drop
--othersin CI or document the untracked-file scope in.DESCRIPTION. - Add a
BySessionPathtest block toSign-PlannerArtifacts.Tests.ps1.
🔒 - Generated by Copilot
…-parity # Conflicts: # .cspell.json # package.json
🔒 - Generated by Copilot
bindsi
left a comment
bindsi
left a comment
There was a problem hiding this comment.
Read through the PR. Solid parity work overall — the Sign-PlannerArtifacts parameter-set split with the new sessionPath test coverage is clean, the footer-with-review tier rename (human-facing-with-disclaimer → rai-handoff-with-disclaimer plus the new sssc-handoff-with-disclaimer) is a clear taxonomy improvement, and the disclaimer protocol is now consistent across agent, identity and all four entry prompts.
A few things should be addressed before merge — inline comments cover the concrete defects:
- Schema parity gap on
sssc-state.schema.json(open root vs RAI's strict root; missingphaseGates). - Two duplications in
sssc-identity.instructions.md(H2 section, and a duplicate JSON key in the state example). - Redundant
Activate the SSSC Plannersentence in the threefrom-*prompts. agent:frontmatter inconsistency between the SSSC prompts and the rest of.github/prompts/security/.- Naming clarity on
Sign-PlannerArtifactsmanifestprojectSlugunder-SessionPath.
Meta — PR scope: the title says SSSC parity + signing + validation, but the diff also bundles:
- three new
gh-code-scanningworkflows +Get-CodeScanningAlerts.ps1deletion + skill migration, - a new
scripts/linting/Format-MarkdownTables.ps1(+131) and a 322-line Pester test for it, - the mass markdown-table reflow across eight OWASP indexes, secure-by-design, jql-reference and pr-reference references (presumably produced by that new formatter),
.cspell.json, README touches,pull-request.instructions.mdedits.
That is roughly a third of the 56 files and not in scope. Would prefer three separate PRs:
- Keep here: SSSC parity (agent, identity, schema, prompts, signing, footer, coaching-patterns).
- New PR:
gh-code-scanningworkflows + script-to-skill migration. - New PR:
Format-MarkdownTables.ps1followed by the reflow it produced (ideally tool first, reflow second, so the history is bisectable).
If a split is not feasible at this point, at minimum carve out the workflows — they are operationally the riskiest piece and want their own review by the workflows owner.
Two lower-severity notes I did not file inline:
userPreferences.*are allrequiredin the schema, so the agent must write the full block (with documented defaults) at state creation. The agent file documents this, just confirm the init path never writes a partial block.coaching-patterns.instructions.mdapplyTotargets.copilot-tracking/{rai,security,sssc}-plans/**— matches the existing convention used bydisclaimer-language.instructions.md, so consistent with the project. Worth revisiting in a future docs cleanup whether something likeappliesToAgents:would model the intent more directly, but no change for this PR.
Nothing blocking from my side once the schema gap, the two duplications and the scope conversation are settled. Thanks for the work.
…d activation lines - remove redundant Disclaimer and Attribution Protocol H2 in sssc-identity - drop duplicate disclaimerShownAt key in state.json schema example - collapse two-line Activate sentence in sssc-from-* prompts 🔒 - Generated by Copilot
- clarify projectSlug field is populated from session directory leaf - note retention for back-compat with RAI manifest consumers - direct callers needing canonical slug to use sessionPath instead 🔒 - Generated by Copilot
…-state and rai-state - add $defs.hardGate and $defs.summaryGate to both state schemas - require phaseGates with phase1-phase6 mappings in both schemas - mirror phaseGates template in rai-identity state schema example - SSSC: phases 1/4/6 hard, 2/3/5 summary; RAI: 2/3/6 hard, 1/4/5 summary 🔒 - Generated by Copilot
bindsi
left a comment
bindsi
left a comment
There was a problem hiding this comment.
Thanks for the quick turnaround on the previous round — the schema parity (phaseGates in both states, additionalProperties: false, clean hardGate/summaryGate $defs), the duplicate disclaimer cleanup, the merged Activate sentences, and the new .NOTES block documenting projectSlug under -SessionPath all landed exactly as discussed. Really nice work.
One small nit left on the agent: frontmatter convention (see inline) — non-blocking, can absolutely be a follow-up. Approving. 🚀
auyidi1
left a comment
auyidi1
left a comment
There was a problem hiding this comment.
Looks good overall. Found a couple of high/medium issues that might need to be addressed.
…urce - add phaseGates block and reorder signing fields in inline state.json to match sssc-identity schema - extend Test-SsscContextPreservation to guard both identity and agent files - assert JSON validity, phaseGates, userPreferences, and handoffGenerated - resolves RI-1 and RI-3 from PR #1497 review 🔒 - Generated by Copilot
…th state schema enum - replace summary/comprehensive with minimal/detailed to match the outputDetailLevel enum shared by rai-state and sssc-state schemas - prevents schema validation failure or silent rewrite of user-confirmed preferences - resolves RI-2 from PR #1497 review 🔒 - Generated by Copilot
# Pull Request ## Description Pin transitive `tmp` dependency to `>=0.2.6` via the root `overrides` block to resolve [GHSA-ph9p-34f9-6g65](GHSA-ph9p-34f9-6g65) (CWE-22 arbitrary path traversal via symbolic link, high severity). `tmp@0.2.5` is pulled in transitively through `@vscode/vsce@3.9.1 → tmp`. Rather than bumping `@vscode/vsce` (which could carry unrelated breaking changes), the fix uses the repository's existing `overrides` pattern alongside other pinned transitive deps (`basic-ftp`, `undici`, `yauzl`, etc.). ## Related Issue(s) Resolves the `npm Security Audit` CI failure observed on recent PRs (e.g. #1497). ## Type of Change **Code & Documentation:** * [x] Bug fix (non-breaking change fixing an issue) **Infrastructure & Configuration:** * [x] Security configuration * [x] Dependency update ## Testing * `npm install` succeeded; `package-lock.json` regenerated. * `npm ls tmp --all` shows the override is active: ```text hve-core@3.3.101 └─┬ @vscode/vsce@3.9.1 └── tmp@0.2.6 overridden ``` * `npm run audit:npm` (audit-ci) → exit code 0, "Passed npm security audit", 0 vulnerabilities across all severities. ## Checklist ### Required Checks * [x] Files follow existing naming conventions * [x] Changes are backwards compatible ## Security Considerations * [x] This PR does not contain any sensitive or NDA information * [x] Any new dependencies have been reviewed for security issues — `tmp@0.2.6` is the upstream-published patched release for GHSA-ph9p-34f9-6g65. Co-authored-by: Marcel Bindseil <marcelbindseil@gmail.com>
5 participants
Description
Brings the SSSC Planner to parity with the RAI Planner across consent gating, footer-with-review enforcement, artifact signing, state persistence, and entry-mode prompt structure.
Highlights:
sssc-plannernow offers a first-turn disclaimer (sssc-full-disclaimer) and persistsdisclaimerShownAtinstate.json.scripts/linting/schemas/sssc-state.schema.json(JSON Schema draft 2020-12) formalizes 16 required fields,entryModeenum[capture, from-prd, from-brd, from-security-plan],currentPhase1–6, anduserPreferences(autonomy tier, output detail level, target system, audience profile, optional artifacts).17 → 20fields. AddedsigningRequested,signingManifestPath,disclaimerShownAt. Mirrored indocs/agents/agent-overview.md.scripts/security/Sign-PlannerArtifacts.ps1gains aBySessionPathparameter set with-SessionPathand-ManifestName, while preserving the existing-ProjectSlugbehavior. Manifest output now includessessionPath.human-facing-with-disclaimer→rai-handoff-with-disclaimer; addedsssc-handoff-with-disclaimerscoped to.github/instructions/security/sssc-*.instructions.md.capture,from-prd,from-brd,from-security-plan) restructured with consistent Startup → Pre-Scan → Output Preferences → Scope Extraction → Initialization → Phase 1 Entry. From-* modes fall back tocapturewhen zero artifacts are discovered. Switched bare{project-slug}→${input:project-slug}.Validate-PlannerArtifacts.Tests.ps1andSign-PlannerArtifacts.Tests.ps1updated for the rename, the new SSSC tier, and the newsessionPathmanifest field.hve-core-all,project-planning, andsecuritycollection manifests; regenerated plugin READMEs.Related Issue(s)
Closes #1683
Type of Change
Code & Documentation:
Infrastructure & Configuration:
AI Artifacts:
prompt-builderagent and addressed all feedback.github/instructions/*.instructions.md).github/prompts/*.prompt.md).github/agents/*.agent.md)Other:
.ps1,.sh,.py)Sample Prompts (for AI Artifact Contributions)
User Request:
Or, with an existing artifact:
Execution Flow:
@sssc-planner(or one of the entry-mode prompts:sssc-capture,sssc-from-prd,sssc-from-brd,sssc-from-security-plan).disclaimerShownAt. Standards announcement (OpenSSF Scorecard, SLSA v1.0, OpenSSF Best Practices Badge, Sigstore, NTIA SBOM) is shown..copilot-tracking/anddocs/for the relevant entry artifact (PRD, BRD, or Security Plan).from-*modes fall back tocapturewhen zero artifacts are found.state.jsonis written, conforming tosssc-state.schema.json, preservingdisclaimerShownAt.Sign-PlannerArtifacts.ps1 -SessionPath .copilot-tracking/sssc-plans/<slug>to sign artifacts via cosign; manifest path is recorded back tostate.json.Output Artifacts:
state.jsonexcerpt:{ "$schema": "../../../scripts/linting/schemas/sssc-state.schema.json", "projectSlug": "my-project", "entryMode": "from-prd", "currentPhase": 1, "disclaimerShownAt": "2025-01-15T10:30:00Z", "signingRequested": false, "signingManifestPath": null, "userPreferences": { "targetSystem": "github", "autonomyTier": "guided" } }Success Indicators:
state.jsonvalidates againstscripts/linting/schemas/sssc-state.schema.json.disclaimerShownAtis present and stable across re-entry.sssc-handoff-with-disclaimertier to all.github/instructions/security/sssc-*.instructions.mdoutputs.npm run test:ps -- -TestPath scripts/tests/linting/Validate-PlannerArtifacts.Tests.ps1passes the new SSSC cases.npm run test:ps -- -TestPath scripts/tests/security/Sign-PlannerArtifacts.Tests.ps1passes with the newsessionPathmanifest field.Testing
npm run lint:md— passnpm run spell-check— pass (new SSSC vocabulary added to.cspell.json)npm run lint:frontmatter— passnpm run validate:skills— pass (no skill changes)npm run lint:md-links— passnpm run lint:ps— passnpm run plugin:generate— regenerated; no driftnpm run test:ps -- -TestPath scripts/tests/linting/Validate-PlannerArtifacts.Tests.ps1— passnpm run test:ps -- -TestPath scripts/tests/security/Sign-PlannerArtifacts.Tests.ps1— passChecklist
Required Checks
agent-overview.md, plugin READMEs, collection markdown)sessionPathfield)AI Artifact Contributions
/prompt-analyzeto review contributionprompt-builderreviewRequired Automated Checks
npm run lint:mdnpm run spell-checknpm run lint:frontmatternpm run validate:skillsnpm run lint:md-linksnpm run lint:psnpm run plugin:generatenpm run docs:testSecurity Considerations
Sign-PlannerArtifacts.ps1only reads under the supplied session path and writes a single manifest fileAdditional Notes
sssc-plannerismaturity: experimentalincollections/security.collection.yml; no maturity tier change in this PR. The footer-with-review rename (human-facing-with-disclaimer→rai-handoff-with-disclaimer) is internal to.github/instructions/shared/footer-with-review.ymland the corresponding Pester fixture; no published artifact referenced the old classification key.