Skip to content

Update AI Team Orchestration with risk-based delivery v2 🤖🤖🤖#2279

Open
denis-a-evdokimov wants to merge 2 commits into
github:mainfrom
denis-a-evdokimov:feature/ai-team-orchestration-risk-delivery-v2
Open

Update AI Team Orchestration with risk-based delivery v2 🤖🤖🤖#2279
denis-a-evdokimov wants to merge 2 commits into
github:mainfrom
denis-a-evdokimov:feature/ai-team-orchestration-risk-delivery-v2

Conversation

@denis-a-evdokimov

@denis-a-evdokimov denis-a-evdokimov commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Pull Request Checklist

  • I have read and followed the CONTRIBUTING.md guidelines.
  • I have read and followed the Guidance for submissions involving paid services. (No paid service is introduced.)
  • My contribution adds or updates agent, skill, and plugin files in the correct directories.
  • The files follow the required naming conventions.
  • The content is clearly structured and follows the existing plugin format.
  • The workflow content was exercised and independently reviewed with GitHub Copilot.
  • I ran npm start and verified the generated marketplace/docs outputs are up to date.
  • I am targeting the main branch for this pull request.

Description

Updates the existing AI Team Orchestration plugin to the canonical v2 risk-based delivery workflow:

  • freezes the application candidate at push and binds all selected evidence to its full commit ID
  • lets projects select independent review, QA, and post-merge checks in proportion to risk while requiring concrete checks for every code/configuration change
  • routes blocked findings through a Producer-owned Delivery Ledger and scoped Branch Reopen Packet
  • makes merge authorization atomic with the Candidate ID (expected-head merge or equivalent protected queue revalidation)
  • adds explicit capability-vs-authority and untrusted-content boundaries for inherited built-in, MCP, and extension tools
  • adds Safe Git value grammar, verified endpoints, fixed command forms, destination confirmation, and one remote-add action per distinct missing mapping
  • keeps the stable ai-team-dev, ai-team-producer, and ai-team-qa IDs while intentionally omitting tools and model
  • adds canonical delivery-workflow and safe-git reference files
  • updates the Awesome-owned marketplace README and generated marketplace/docs indexes

The managed content was exported one way from the merged canonical repository using its verified non-mutating patch-preparation flow.


Type of Contribution

  • New instruction file.
  • New prompt file.
  • New agent file.
  • New plugin.
  • New skill reference files.
  • New agentic workflow.
  • New canvas extension.
  • Update to existing agent, plugin, and skill content.
  • Other (please specify):

Validation


Additional Notes

This supersedes closed PR #2275 with a fresh branch based directly on current upstream/main. The plugin version remains 2.0.0 because v2 was not published by the closed PR. Independent review, QA, and smoke checks are intentionally risk-selected rather than universally mandatory; high-risk changes still require applicable security evidence or explicit maintainer risk acceptance.

By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.

Copilot AI review requested due to automatic review settings July 12, 2026 17:13
@github-actions github-actions Bot added agent PR touches agents plugin PR touches plugins skills PR touches skills labels Jul 12, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🔒 PR Risk Scan Results

Scanned 16 changed file(s).

Severity Count
🔴 High 0
🟠 Medium 1
ℹ️ Info 0
Severity Rule File Line Match
🟠 package-exec-command docs/README.skills.md 31 | [acreadiness-assess](../skills/acreadiness-assess/SKILL.md)<br />`gh skills install github/awesome-copilot acreadiness-assess` | Run the AgentRC readiness assessment on the curre

This is an automated soft-gate report. Findings indicate review targets and do not block merge by themselves.

@github-actions

Copy link
Copy Markdown
Contributor

🔍 Vally Lint Results

⚠️ Warnings or advisories found

Scope Checked
Skills 1
Agents 3
Total 4
Severity Count
❌ Errors 0
⚠️ Warnings 0
ℹ️ Advisories 1

Summary

Level Finding
ℹ️ Vally currently lints SKILL.md content. Agent files were detected but skipped:
Full linter output
### Linting skills/ai-team-orchestration
npm warn EBADENGINE Unsupported engine {
npm warn EBADENGINE   package: 'commander@15.0.0',
npm warn EBADENGINE   required: { node: '>=22.12.0' },
npm warn EBADENGINE   current: { node: 'v20.20.2', npm: '10.8.2' }
npm warn EBADENGINE }
npm warn deprecated prebuild-install@7.1.3: No longer maintained. Please contact the author of the relevant native addon; alternatives are available.
✅ ai-team-orchestration (2/2 checks passed)
    ✓ [spec-compliance] All 1 skill(s) are spec-compliant.
        ✓ spec-compliance: All spec checks passed.
    ✓ [valid-refs] All file references across 1 skill(s) are valid.
        ✓ valid-refs: All file references resolve to existing files within the skill directory.

1 skill(s) linted, 1 passed

### Agent files detected (not linted by vally)
ℹ️ Vally currently lints SKILL.md content. Agent files were detected but skipped:
agents/ai-team-dev.agent.md
agents/ai-team-producer.agent.md
agents/ai-team-qa.agent.md

@denis-a-evdokimov

Copy link
Copy Markdown
Contributor Author

Automated risk-scan triage: the single medium package-exec-command match is an unchanged, pre-existing gh skills install entry for acreadiness-assess in generated docs/README.skills.md. This PR's generated hunk only updates the ai-team-orchestration row and adds its two reference links. No source or generated-file change is appropriate; all high-severity findings are zero and the soft gate is non-blocking.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates AI Team Orchestration to a risk-based v2 delivery workflow.

Changes:

  • Adds frozen-candidate, evidence-binding, and scoped-reopen processes.
  • Introduces canonical delivery and Safe Git references.
  • Updates agents, plugin metadata, and generated indexes.

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
agents/ai-team-dev.agent.md Defines Dev lifecycle and boundaries.
agents/ai-team-producer.agent.md Adds risk-based gate orchestration.
agents/ai-team-qa.agent.md Adds optional candidate-bound QA.
skills/ai-team-orchestration/SKILL.md Updates the skill workflow.
skills/ai-team-orchestration/references/anti-patterns.md Documents delivery anti-patterns.
skills/ai-team-orchestration/references/brainstorm-format.md Clarifies simulated perspectives.
skills/ai-team-orchestration/references/delivery-workflow.md Adds the canonical delivery lifecycle.
skills/ai-team-orchestration/references/project-brief-template.md Adds delivery governance sections.
skills/ai-team-orchestration/references/safe-git-values.md Adds validated Git procedures.
skills/ai-team-orchestration/references/sprint-plan-template.md Adds risk, gate, and evidence fields.
plugins/ai-team-orchestration/README.md Documents v2 usage.
plugins/ai-team-orchestration/.github/plugin/plugin.json Updates metadata to v2.0.0.
.github/plugin/marketplace.json Regenerates marketplace metadata.
docs/README.agents.md Updates generated agent entries.
docs/README.plugins.md Updates the plugin index.
docs/README.skills.md Updates the skill and reference index.

Comment thread skills/ai-team-orchestration/references/delivery-workflow.md Outdated
Comment thread skills/ai-team-orchestration/references/safe-git-values.md
Copilot AI review requested due to automatic review settings July 12, 2026 17:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 7 comments.

Comment on lines +48 to 52
│ │ │frozen /│ │planned │
│ <working-│ │candidate/│ │branch │
│ branch> │ │immutable│ └────────┘
│ │ │preview │
└──────────┘
>
> First: git pull origin main && git checkout -b feature/sprint-N
> Start with a branch preflight. Run each step separately:
> 1. Run `git status --short`. If it reports changes, stop and preserve them; do not reset or stash unknown work.
cd <folder-name>
git checkout -b <branch-name>
npm install
git status --short
### Validate names and branches

```text
git status --short
After every candidate file is committed and all final Dev checks pass, verify that the worktree is still clean, the effective destination and current branch still match the plan, and the branch ref is a commit. The `rev-parse` output is the full tested local Candidate ID; capture it before the immediately following push. Do not edit or commit between capture and push.

```text
git status --short
### Fetch and verify the base

```text
git fetch --prune BASE_REMOTE
git branch --show-current
git rev-parse --verify --end-of-options refs/heads/WORKING_BRANCH
git cat-file -t refs/heads/WORKING_BRANCH
git push --set-upstream PUSH_REMOTE refs/heads/WORKING_BRANCH:refs/heads/WORKING_BRANCH
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent PR touches agents plugin PR touches plugins skills PR touches skills

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants