Skip to content

feat: Add Repo Guardian templates to gh-aw-adoption skill#2402

Merged
rysweet merged 3 commits intomainfrom
feat/gh-aw-setup-repo-guardian
Feb 18, 2026
Merged

feat: Add Repo Guardian templates to gh-aw-adoption skill#2402
rysweet merged 3 commits intomainfrom
feat/gh-aw-setup-repo-guardian

Conversation

@rysweet
Copy link
Owner

@rysweet rysweet commented Feb 18, 2026
edited
Loading

Summary

  • Adds repo-guardian.md and repo-guardian-gate.yml template files to the existing gh-aw-adoption skill
  • Updates SKILL.md with a featured "Repo Guardian" section including quick setup instructions (4 steps)
  • Adds Repo Guardian to the Security & Compliance workflow list

What's Changed

.claude/skills/gh-aw-adoption/repo-guardian.md (new)

  • gh-aw agentic workflow template (the AI agent prompt)
  • Reviews PRs for ephemeral content: meeting notes, temp scripts, point-in-time docs
  • Uses safe-outputs with max 1 comment; read-only GitHub access
  • Adapted from cybergym production workflow

.claude/skills/gh-aw-adoption/repo-guardian-gate.yml (new)

  • Standard GitHub Actions workflow that enforces Repo Guardian as a blocking CI check
  • Triggers on PR events and PR comment events (to re-run after override)
  • Requires no secrets; reads PR comments to determine pass/fail

.claude/skills/gh-aw-adoption/SKILL.md (updated)

  • Added "Repo Guardian: Featured First Workflow" section before the workflow catalog
  • Includes quick 4-step setup: copy templates → compile → add secret → commit
  • References template file locations within the skill directory

Two-Workflow Architecture

PR opened
  → repo-guardian.lock.yml (compiled from .md)
    → AI agent reads changed files (read-only)
    → Posts ONE comment: "Passed" or "Action Required"
  
  → repo-guardian-gate.yml
    → Waits 60s for agent comment
    → Fails CI if "Action Required" without override
    → Override: PR comment "repo-guardian:override <reason>"

Test plan

  • Copy repo-guardian.md to a test repo and compile with gh aw compile repo-guardian
  • Verify the compiled .lock.yml matches the cybergym production version structure
  • Confirm repo-guardian-gate.yml is valid GitHub Actions YAML
  • Test override mechanism with a flagged PR

🤖 Generated with Claude Code

@claude
feat: Add gh-aw-setup skill with Repo Guardian workflow templates
d85ccfa 
Adds a new `gh-aw-setup` skill that guides users through setting up
GitHub Agentic Workflows (gh-aw) in any repository, focusing on the
Repo Guardian workflow.

## What's Included

**Skill** (`.claude/skills/gh-aw-setup/`):
- `SKILL.md` — Setup guide with prerequisites, 3-step quick start,
  secrets configuration, branch protection, override mechanism,
  troubleshooting, and comparison to gh-aw-adoption skill
- `repo-guardian.md` — gh-aw workflow template (AI agent prompt that
  reviews PRs for ephemeral content: meeting notes, temp scripts,
  point-in-time documents)
- `repo-guardian-gate.yml` — Standard GitHub Actions workflow that
  enforces Repo Guardian findings as a blocking CI check

## What Repo Guardian Does

AI-powered PR reviewer that detects and blocks:
- Meeting notes, sprint retrospectives, status updates
- Temporary/one-off scripts (fix-thing.sh, debug-auth.sh)
- Point-in-time documents that will become stale
- Files with date prefixes suggesting snapshots

Uses gh-aw with GitHub Copilot CLI engine, safe-outputs (max 1 comment),
read-only GitHub access, and an override mechanism for legitimate exceptions.

Source: Adapted from cybergym repo's production repo-guardian workflow.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Contributor

github-actions bot commented Feb 18, 2026

🤖 Auto-fixed version bump

The version in pyproject.toml has been automatically bumped to the next patch version.

If you need a minor or major version bump instead, please update pyproject.toml manually and push the change.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 18, 2026

Repo Guardian - Passed

All 4 changed files have been reviewed:

  • .claude/skills/gh-aw-setup/SKILL.md - Durable skill documentation ✅
  • .claude/skills/gh-aw-setup/repo-guardian-gate.yml - GitHub Actions workflow configuration ✅
  • .claude/skills/gh-aw-setup/repo-guardian.md - Reusable workflow template ✅
  • pyproject.toml - Standard project configuration (version bump) ✅

No ephemeral content detected. All files are permanent, reusable project components.

AI generated by Repo Guardian

@claude
feat: Add Repo Guardian templates to gh-aw-adoption skill
0712195 
Adds ready-to-copy Repo Guardian workflow templates to the existing
gh-aw-adoption skill, and updates SKILL.md with setup instructions.

## Changes

**New files in `.claude/skills/gh-aw-adoption/`:**
- `repo-guardian.md` — gh-aw agentic workflow template (AI agent prompt
  that reviews PRs for ephemeral content: meeting notes, temp scripts,
  point-in-time documents). Adapted from cybergym production workflow.
- `repo-guardian-gate.yml` — Standard GitHub Actions enforcement gate
  that makes Repo Guardian a blocking CI check

**Updated `.claude/skills/gh-aw-adoption/SKILL.md`:**
- Added "Repo Guardian: Featured First Workflow" section with what it
  does, template locations, and quick 4-step setup instructions
- Added `repo-guardian.md` to the Security & Compliance workflow list

## What Repo Guardian Does

Reviews every PR for ephemeral content that doesn't belong in the repo:
- Meeting notes, sprint retrospectives, status updates
- Temporary scripts (fix-thing.sh, one-off-migration.py)
- Point-in-time documents that will become stale

Two-workflow architecture:
1. repo-guardian.md: AI agent reviews PR, posts one comment (safe-outputs max:1)
2. repo-guardian-gate.yml: Enforces findings as blocking CI check

Requires COPILOT_GITHUB_TOKEN secret (PAT with read:org + repo scopes).
Override: add PR comment `repo-guardian:override <reason>`.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@rysweet rysweet force-pushed the feat/gh-aw-setup-repo-guardian branch from b4451e8 to 0712195 Compare February 18, 2026 00:51
@rysweet rysweet changed the title feat: Add gh-aw-setup skill with Repo Guardian workflow templates feat: Add Repo Guardian templates to gh-aw-adoption skill Feb 18, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 18, 2026

🤖 Auto-fixed version bump

The version in pyproject.toml has been automatically bumped to the next patch version.

If you need a minor or major version bump instead, please update pyproject.toml manually and push the change.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 18, 2026

Repo Guardian - Passed

All 4 changed files have been reviewed:

  • .claude/skills/gh-aw-adoption/SKILL.md - Durable skill documentation ✅
  • .claude/skills/gh-aw-adoption/repo-guardian-gate.yml - GitHub Actions workflow configuration ✅
  • .claude/skills/gh-aw-adoption/repo-guardian.md - Reusable agentic workflow template ✅
  • pyproject.toml - Standard project configuration (version bump) ✅

No ephemeral content detected. All files are permanent, reusable project components.

AI generated by Repo Guardian

AI generated by Repo Guardian

@rysweet rysweet merged commit 1967972 into main Feb 18, 2026
1 check passed
@rysweet rysweet deleted the feat/gh-aw-setup-repo-guardian branch February 18, 2026 01:02
@nlscng
Copy link
Collaborator

nlscng commented Feb 19, 2026

I restarted my session on my attempt to port repo guardian to amplihack with pre commit hook this afternoon, and somehow i've driven it into deterministic pattern matching and grep-like checks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rysweet @nlscng

Comments