Skip to content

feat: add 10 AI-powered GitHub Actions workflows#294

Merged
imran-siddique merged 1 commit intomicrosoft:mainfrom
imran-siddique:feature/ai-agent-workflows
Mar 18, 2026
Merged

feat: add 10 AI-powered GitHub Actions workflows#294
imran-siddique merged 1 commit intomicrosoft:mainfrom
imran-siddique:feature/ai-agent-workflows

Conversation

@imran-siddique
Copy link
Member

@imran-siddique imran-siddique commented Mar 18, 2026

Summary

Adds 10 AI-powered GitHub Actions workflows to complement the existing CI/CD pipeline with intelligent, LLM-driven automation.

Why

The toolkit already has excellent traditional CI (15 workflows covering lint, test, CodeQL, fuzzing, SBOM, etc.). These new workflows add AI-powered analysis that catches issues static tools miss — especially important for a security-focused governance toolkit.

New Workflows

Category Workflow Trigger What It Does
PR Quality \�i-code-review\ PR opened/sync Deep review for policy engine, trust/identity, sandbox code
PR Quality \�i-security-scan\ PR + weekly cron Security analysis focused on OWASP Agentic Top 10 risks
PR Quality \�i-breaking-change-detector\ PR (packages/*/src/**) Detect removed/renamed public APIs, changed signatures
PR Quality \�i-docs-sync\ PR (packages/*/src/**) Flag code changes without corresponding doc updates
PR Quality \�i-test-generator\ PR (packages/*/src/**) Suggest test cases for untested governance/security code
Scheduled \�i-repo-health\ Weekly Mon 9am UTC OSS health dashboard (contributor activity, issue triage, PR backlog)
Scheduled \�i-owasp-compliance\ Weekly + dispatch Verify 10/10 OWASP Agentic Top 10 coverage with implementation + tests
Release \�i-release-notes\ Release created Monorepo-aware changelog grouped by package
Community \�i-contributor-guide\ First-time issues/PRs Welcome and guide first-time contributors
Issue \�i-spec-drafter\ Issue labeled \
eeds-spec\ Generate engineering spec as PR

Design Decisions

  • Pinned action SHAs — All action references use commit SHAs per OSS security best practices
  • Non-blocking — All PR-triggered AI jobs use \continue-on-error: true\
  • No secrets needed — Uses \GITHUB_TOKEN\ with \models: read\ for GitHub Models API
  • Shared composite action — .github/actions/ai-agent-runner/\ handles LLM integration
  • Fork-safe — Uses \pull_request\ (not \pull_request_target) for security

Unique to This Repo

  • OWASP Compliance Audit — Verifies the toolkit's own claim of 10/10 OWASP Agentic Top 10 coverage
  • Breaking Change Detector — Critical for published PyPI packages with downstream users
  • Monorepo Release Notes — Groups changes by package (agent-os, agent-mesh, agent-sre, etc.)

@imran-siddique
feat: add 10 AI-powered GitHub Actions workflows
b2c1c76 
Add AI agent workflows for the governance toolkit:

PR Quality:
- ai-code-review.yml — Deep review for policy/trust/sandbox code
- ai-security-scan.yml — Security analysis (OWASP Agentic Top 10)
- ai-test-generator.yml — Test coverage advisor for 8 packages
- ai-breaking-change-detector.yml — Public API compatibility check
- ai-docs-sync.yml — Documentation freshness check

Scheduled:
- ai-repo-health.yml — Weekly OSS health dashboard
- ai-owasp-compliance.yml — Weekly OWASP Agentic Top 10 audit

Release:
- ai-release-notes.yml — Monorepo-aware changelog by package

Community:
- ai-contributor-guide.yml — First-time contributor helper
- ai-spec-drafter.yml — Engineering spec from issues

All workflows use GitHub Models API (gpt-4o) via GITHUB_TOKEN
with models:read permission. Action SHAs are pinned per OSS
security best practices. PR-triggered AI jobs are non-blocking.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot added ci/cd CI/CD and workflows size/XL Extra large PR (500+ lines) labels Mar 18, 2026
@imran-siddique imran-siddique merged commit 0a60c86 into microsoft:main Mar 18, 2026
51 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ci/cd CI/CD and workflows size/XL Extra large PR (500+ lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@imran-siddique