<!-- markdownlint-disable-file -->
# HVE Core All
Full bundle of all stable HVE Core agents, prompts, instructions, and skills
## Overview
HVE Core provides the complete collection of AI chat agents, prompts, instructions, and skills for VS Code with GitHub Copilot. This edition includes every artifact across all domains: development workflows, architecture, Azure DevOps, GitHub and Jira backlog workflows, data science, design thinking, security, and more.
Use this edition when you want access to everything without choosing a focused collection.
> [!CAUTION]
> This collection includes security, responsible AI, and supply chain security agents and prompts that are **assistive tools only**.
> They do not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review.
> All AI-generated security and compliance artifacts **must** be reviewed and validated by qualified professionals before use.
> AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment.
## Included Artifacts
<!-- BEGIN AUTO-GENERATED ARTIFACTS -->
### Chat Agents
| Name | Description |
|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **accessibility-planner** | Phase-based accessibility planner that guides users through structured planning for WCAG 2.2, ARIA APG, Cognitive Accessibility, Section 508, and EN 301 549, producing framework selections, control mappings, evidence-register entries, plan-risk classifications, and dual-format backlog handoff. Brought to you by microsoft/hve-core. |
| **accessibility-reviewer** | Accessibility skill assessment orchestrator for codebase profiling and accessibility findings reporting |
| **accessibility-skill-assessor** | Assesses a single accessibility knowledge skill against the codebase, reading success-criterion references and returning structured findings |
| **ado-backlog-manager** | Azure DevOps backlog orchestrator for triage, discovery, sprint planning, PRD-to-work-item conversion, and execution |
| **ado-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies |
| **adr-creation** | ADR Creator: phase-gated creator producing standards-aligned Architecture Decision Records (Frame, Decide, Govern), with state recovery, Researcher Subagent delegation, and dual-format backlog handoff |
| **agile-coach** | Creates and refines goal-oriented user stories with clear acceptance criteria for any tracking tool |
| **arch-diagram-builder** | Architecture diagram builder that produces high-quality ASCII-art diagrams |
| **brd-builder** | Business Requirements Document builder with guided Q&A and reference integration |
| **brd-quality-reviewer** | Read-only BRD quality reviewer that emits both BRD_STANDARD_FINDINGS_V1 and BRD_QUALITY_REPORT_V1 payloads |
| **code-review-accessibility** | Pre-PR branch diff reviewer for accessibility conformance across web, mobile, and document UI surfaces using WCAG, ARIA, COGA, Section 508, and EN 301 549 skills |
| **code-review-full** | Orchestrator that runs functional, standards, and accessibility code reviews via subagents and produces a merged report |
| **code-review-functional** | Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps |
| **code-review-standards** | Skills-based code reviewer applying project-defined coding standards to local changes and PRs |
| **codebase-profiler** | Scans the repository to build a technology profile and select applicable security skills |
| **doc-ops** | Documentation operations agent for pattern compliance, accuracy verification, and gap detection |
| **dt-coach** | Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy |
| **dt-learning-tutor** | Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing |
| **eval-dataset-creator** | Creates evaluation datasets and documentation for AI agent testing using interview-driven data curation |
| **experiment-designer** | Coach for designing a Minimum Viable Experiment (MVE) with hypothesis formation, vetting, and experiment planning |
| **finding-deep-verifier** | Deep adversarial verification of FAIL and PARTIAL findings for a single security skill |
| **gen-data-spec** | Generate data dictionaries, machine-readable data profiles, and summaries for downstream EDA notebooks and dashboards |
| **gen-jupyter-notebook** | Create exploratory data analysis (EDA) Jupyter notebooks from data sources and data dictionaries |
| **gen-streamlit-dashboard** | Develop a multi-page Streamlit dashboard |
| **github-backlog-manager** | GitHub backlog orchestrator for triage, discovery, sprint planning, and execution |
| **implementation-validator** | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings |
| **jira-backlog-manager** | Jira backlog orchestrator for discovery, triage, execution, and single-issue actions |
| **jira-prd-to-wit** | Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira |
| **meeting-analyst** | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp |
| **memory** | Conversation memory persistence for session continuity |
| **network-isa95-planner** | ISA-95-aligned network planning for secure edge Kubernetes to Azure connectivity and remediation roadmaps |
| **phase-implementor** | Executes a single implementation phase from a plan with full codebase access and change tracking |
| **plan-validator** | Validates implementation plans against research documents with severity-graded findings |
| **pptx** | Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx |
| **pptx-subagent** | Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation |
| **pr-review** | Pull Request review assistant for code quality, security, and convention compliance |
| **prd-builder** | Product Requirements Document builder with guided Q&A and reference integration |
| **prd-quality-reviewer** | Read-only PRD quality reviewer that emits both PRD_STANDARD_FINDINGS_V1 and PRD_QUALITY_REPORT_V1 payloads |
| **product-manager-advisor** | Product management advisor for requirements discovery, validation, and issue creation |
| **prompt-builder** | Prompt engineering assistant for creating and validating prompts, agents, and instructions |
| **prompt-evaluator** | Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and remediation guidance |
| **prompt-tester** | Tests prompt files by following them literally in a sandbox, without interpreting beyond face value |
| **prompt-updater** | Creates and modifies prompts, instructions, agents, and skills following prompt engineering conventions |
| **rai-planner** | Responsible AI assessment planner evaluating against NIST AI RMF 1.0, producing an RAI security model, impact assessment, control surface catalog, and backlog handoff |
| **report-generator** | Collates verified security or accessibility skill assessment findings and generates a comprehensive report written to the domain-appropriate reports directory |
| **researcher-subagent** | Research subagent using search, read, web-fetch, GitHub repo, and MCP tools |
| **rpi-agent** | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases with specialized subagents |
| **rpi-validator** | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase |
| **security-planner** | Phase-based security planner producing security models, standards mappings, and backlog handoffs with AI/ML detection and RAI Planner integration |
| **security-reviewer** | Security skill assessment orchestrator for codebase profiling and vulnerability reporting |
| **skill-assessor** | Assesses a single security skill against the codebase and returns structured findings |
| **sssc-planner** | Six-phase repository supply chain security assessment against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog of reusable workflows. |
| **system-architecture-reviewer** | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment |
| **task-challenger** | Adversarial questioning agent that interrogates implementations with What/Why/How questions: no suggestions, no hints, no leading |
| **task-implementor** | Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records |
| **task-planner** | Implementation planner that creates actionable, step-by-step plans |
| **task-researcher** | Task research specialist for comprehensive project analysis |
| **task-reviewer** | Reviews completed implementation work for accuracy, completeness, and convention compliance |
| **test-streamlit-dashboard** | Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting |
| **ux-ui-designer** | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements |
### Prompts
| Name | Description |
|-------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|
| **ado-add-work-item** | Create a single Azure DevOps work item with conversational field collection and parent validation |
| **ado-create-pull-request** | Create an Azure DevOps pull request with generated description, linked work items, and reviewers |
| **ado-discover-work-items** | Discover Azure DevOps work items via user queries, artifact analysis, or search |
| **ado-get-build-info** | Retrieve Azure DevOps build status and logs for a pull request or build number |
| **ado-get-my-work-items** | Retrieve your assigned Azure DevOps work items into a planning file |
| **ado-process-my-work-items-for-task-planning** | Process retrieved work items for task planning and generate task-planning-logs.md handoff file |
| **ado-sprint-plan** | Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps |
| **ado-triage-work-items** | Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection |
| **ado-update-wit-items** | Update Azure DevOps work items from planning files |
| **checkpoint** | Save or restore conversation context using memory files |
| **code-review-full** | Run both functional and standards code reviews on the current branch in a single pass |
| **code-review-functional** | Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps |
| **cspell-config** | Create or update the project cspell configuration with project words and ignores |
| **doc-ops-update** | Run the doc-ops agent for documentation quality assurance and updates |
| **dt-canonical-deck** | Canonical deck workflow: opt-in offer, snapshot generation/refresh, and optional customer-card PowerPoint build |
| **dt-figma-export** | Export Design Thinking artifacts to a FigJam board or Figma Design file via the Figma MCP server |
| **dt-handoff-implementation-space** | Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher |
| **dt-handoff-problem-space** | Problem Space exit handoff - compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher |
| **dt-handoff-solution-space** | Solution Space exit handoff - compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher |
| **dt-method-04-convergence** | Theme discovery for Design Thinking Method 4c through philosophy-based clustering |
| **dt-method-04-ideation** | Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation |
| **dt-method-05-concepts** | Concept articulation for Design Thinking Method 5b from brainstorming themes |
| **dt-method-05-evaluation** | Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c |
| **dt-method-06-building** | Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b |
| **dt-method-06-planning** | Concept analysis and prototype approach design for Design Thinking Method 6a |
| **dt-method-06-testing** | Hypothesis-driven testing and constraint validation for Design Thinking Method 6c |
| **dt-method-next** | Assess DT project state and recommend next method with sequencing validation |
| **dt-resume-coaching** | Resume a Design Thinking coaching session - reads coaching state and re-establishes context |
| **dt-start-project** | Start a new Design Thinking coaching project with state initialization and first coaching interaction |
| **git-commit** | Stage all changes, generate a conventional commit message, and commit |
| **git-commit-message** | Generate a conventional commit message from all branch changes |
| **git-merge** | Coordinate Git merge, rebase, and rebase --onto workflows with conflict handling |
| **git-setup** | Interactive, verification-first Git configuration assistant (non-destructive) |
| **github-add-issue** | Create a GitHub issue using discovered repository templates and conversational field collection |
| **github-discover-issues** | Discover GitHub issues via user queries, artifact analysis, or search and produce planning files |
| **github-execute-backlog** | Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file |
| **github-sprint-plan** | Plan a GitHub milestone sprint by analyzing issue coverage, gaps, and prioritized backlog |
| **github-suggest** | Resume GitHub backlog management workflow after session restore |
| **github-triage-issues** | Triage untriaged GitHub issues with label suggestions, milestone assignment, and duplicate detection |
| **graph-research** | Research a codebase using an existing graphify knowledge graph, with audit-tagged evidence reporting |
| **incident-response** | Run an incident response workflow for Azure operations scenarios |
| **jira-discover-issues** | Discover Jira issues via user queries, artifact analysis, or JQL search and produce planning files |
| **jira-execute-backlog** | Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file |
| **jira-prd-to-wit** | Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira |
| **jira-setup** | Interactive, verification-first Jira credential configuration assistant (non-destructive) |
| **jira-triage-issues** | Triage Jira issues with field recommendations, duplicate detection, and optional updates |
| **prompt-analyze** | Evaluate prompt engineering artifacts against quality criteria and report findings |
| **prompt-build** | Build or improve prompt engineering artifacts following quality criteria |
| **prompt-refactor** | Refactor and clean up prompt engineering artifacts through iterative improvement |
| **pull-request** | Generate pull request descriptions from branch diffs |
| **rai-capture** | Start responsible AI assessment planning from existing knowledge using the RAI Planner agent in capture mode |
| **rai-plan-from-prd** | Start responsible AI assessment planning from PRD/BRD artifacts using the RAI Planner agent in from-prd mode |
| **rai-plan-from-security-plan** | Start responsible AI assessment planning from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) |
| **risk-register** | Create a qualitative risk register using a Probability × Impact (P×I) matrix |
| **rpi** | Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks |
| **security-capture** | Start security planning from existing notes using the Security Planner agent (capture mode) |
| **security-plan-from-prd** | Start security planning from PRD/BRD artifacts using the Security Planner agent (from-prd mode) |
| **security-review** | Run an OWASP vulnerability assessment against the current codebase |
| **security-review-llm** | Run OWASP LLM and Agentic vulnerability assessments with codebase profiling |
| **security-review-sbd** | Run a Secure by Design principles assessment per UK and Australian government guidance |
| **security-review-web** | Run an OWASP Top 10 web vulnerability assessment without codebase profiling |
| **sssc-capture** | Start supply chain security planning from existing knowledge using the SSSC Planner agent in capture mode |
| **sssc-from-brd** | Start supply chain security planning from BRD artifacts using the SSSC Planner agent in from-brd mode |
| **sssc-from-prd** | Start supply chain security planning from PRD artifacts using the SSSC Planner agent in from-prd mode |
| **sssc-from-security-plan** | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent in from-security-plan mode |
| **synth-data-generate** | Generate synthetic data for any subject with realistic patterns and relationships |
| **task-challenge** | Adversarial What/Why/How interrogation of completed implementation artifacts |
| **task-implement** | Locate and execute implementation plans using Task Implementor |
| **task-plan** | Initiate implementation planning from user context or research documents |
| **task-research** | Initiate research for implementation planning from user requirements |
| **task-review** | Initiate implementation review from user context or artifact discovery |
### Instructions
| Name | Description |
|-----------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **.github/skills/design-thinking/dt-methods/references/dt-coach-telemetry** | Design Thinking Coach telemetry overlay applying telemetry-foundations vocabulary to DT session artifacts |
| **accessibility/accessibility-identity** | Identity and orchestration instructions for the Accessibility Planner agent. Contains six-phase workflow, state.json schema reference, session recovery, and question cadence. |
| **accessibility/accessibility-license-posture** | Required posture for licensing and reproduction of accessibility standards reference text |
| **ado/ado-backlog-sprint** | Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection |
| **ado/ado-backlog-triage** | Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection |
| **ado/ado-create-pull-request** | Azure DevOps pull request creation with work item discovery, reviewer identification, and automated linking |
| **ado/ado-get-build-info** | Azure DevOps build information: status, logs, and details from a PR, build ID, or branch name |
| **ado/ado-interaction-templates** | Work item description and comment templates for consistent Azure DevOps content formatting |
| **ado/ado-update-wit-items** | Work item creation and update protocol using MCP ADO tools with handoff tracking |
| **ado/ado-wit-discovery** | Azure DevOps work item discovery via user assignment or artifact analysis with planning file output |
| **ado/ado-wit-planning** | Azure DevOps work item planning files, templates, field definitions, and search protocols |
| **coding-standards/bash/bash** | Bash script authoring conventions |
| **coding-standards/bicep/bicep** | Bicep infrastructure-as-code authoring conventions |
| **coding-standards/code-review/diff-computation** | Code review diff computation: branch detection, scope locking, large-diff handling, and non-source filtering |
| **coding-standards/code-review/review-artifacts** | Code review artifact persistence: folder structure, metadata schema, verdict normalization, and writing rules |
| **coding-standards/csharp/csharp** | C# (CSharp) code authoring conventions |
| **coding-standards/csharp/csharp-tests** | C# (CSharp) test code authoring conventions |
| **coding-standards/powershell/pester** | Instructions for Pester testing conventions |
| **coding-standards/powershell/powershell** | PowerShell scripting conventions |
| **coding-standards/python-script** | Python scripting conventions |
| **coding-standards/python-tests** | Python test code authoring conventions |
| **coding-standards/rust/rust** | Rust code authoring conventions |
| **coding-standards/rust/rust-tests** | Rust test code authoring conventions |
| **coding-standards/terraform/terraform** | Terraform infrastructure-as-code authoring conventions |
| **coding-standards/uv-projects** | Create and manage Python virtual environments using uv commands |
| **experimental/experiment-designer** | MVE domain knowledge and coaching conventions for the Experiment Designer agent |
| **experimental/graphify** | Conventions for consuming graphify-out/ knowledge-graph evidence inside the RPI workflow |
| **experimental/mural/mural-bootstrap** | Fresh-session Mural bootstrap requirements for doctor checks, credential backend selection, and safe escalation before Mural tool use. |
| **experimental/mural/mural-destinations** | Open destination registry for Mural extractor writeback: registered adapters, intent axis, and per-destination loop-closure metrics. |
| **experimental/mural/mural-human-record** | Mural is the durable record of human conversation; AI never silently authors decisions and AI contribution must remain visible somewhere durable. |
| **experimental/mural/mural-log-hygiene** | Operator log-hygiene contract for Mural customizations: never echo raw URLs, Azure SAS query strings, OAuth tokens, or Authorization headers; the skill _redact() is a defense-in-depth backstop, not a license to log. |
| **experimental/mural/mural-seeding-patterns** | Cross-cutting Mural seeding conventions: duplicate-then-populate, source-artifact-to-area binding, anchor inheritance, probe-before-bulk, z-order visibility (detection-only), layout primitives applied across DT, RAI, and UX/UI workflows. |
| **experimental/mural/mural-writeback-hygiene** | Writeback hygiene rules for Mural: tags, hyperlinks, and parentId are the only stable channels; reserved tags are protected; tag manifests are re-applied defensively. |
| **experimental/mural/mural-writing-style** | Asymmetric writing style for Mural: outbound (writing into Mural) is sticky-concise; inbound (extracting from Mural) is context-hydrated. |
| **experimental/pptx** | Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill |
| **github/community-interaction** | Community interaction voice, tone, and response templates for GitHub-facing agents and prompts |
| **github/github-backlog-discovery** | GitHub issue backlog discovery: artifact-driven, user-centric, search-based |
| **github/github-backlog-planning** | GitHub backlog management: planning files, search protocols, similarity assessment, and state persistence |
| **github/github-backlog-triage** | GitHub issue backlog triage: label suggestion, milestone assignment, and duplicate detection |
| **github/github-backlog-update** | GitHub issue backlog execution: consumes planning handoffs and runs issue operations |
| **hve-core/commit-message** | Commit message format and conventions |
| **hve-core/git-merge** | Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls |
| **hve-core/markdown** | Markdown authoring conventions for all .md files |
| **hve-core/prompt-builder** | Authoring standards for prompts, agents, instructions, and skills |
| **hve-core/pull-request** | Pull request description generation and creation via diff analysis, subagent review, and MCP tools |
| **hve-core/writing-style** | Writing style conventions for voice, tone, and language in markdown content |
| **jira/jira-backlog-discovery** | Jira issue backlog discovery: user-centric, artifact-driven, JQL-based |
| **jira/jira-backlog-planning** | Jira backlog management: planning files, search conventions, similarity assessment, and state persistence |
| **jira/jira-backlog-triage** | Jira issue backlog triage: field recommendations, duplicate detection, and controlled execution |
| **jira/jira-backlog-update** | Jira backlog execution: consumes planning handoffs and applies sequential Jira operations |
| **jira/jira-wit-planning** | Jira PRD work item planning: hierarchy mapping, field validation, and handoff contracts |
| **project-planning/adr-byo-template** | BYO ADR template contract: 2-layer config resolution, .adr-config.yml schema, template frontmatter contract, and adopt-template lifecycle for the ADR Creator |
| **project-planning/adr-handoff** | ADR Creator Govern-phase handoff protocol: compact summary template, peer-agent routing heuristics, and dual-format (ADO + GitHub) work item templates |
| **project-planning/adr-identity** | ADR Creator identity, three-phase state machine, six-step per-turn protocol, autonomy tiers, and canonical state.json schema for Architecture Decision Record authoring sessions |
| **project-planning/adr-standards** | Embedded ADR standards: MADR v4.0.0 template (CC0), Y-Statement formula, status taxonomy, naming rules, ASR trigger schema, and Microsoft-attributed paraphrases for ADR Creator sessions |
| **rai-planning/rai-backlog-handoff** | RAI review and backlog handoff for Phase 6: review rubric, RAI review summary, dual-format backlog generation |
| **rai-planning/rai-capture-coaching** | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods |
| **rai-planning/rai-identity** | RAI Planner identity, 6-phase orchestration, state management, and session recovery |
| **rai-planning/rai-impact-assessment** | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation |
| **rai-planning/rai-risk-classification** | Risk classification screening for Phase 2: prohibited uses gate, risk indicator assessment, and depth tier assignment |
| **rai-planning/rai-security-model** | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol |
| **rai-planning/rai-standards** | Embedded RAI standards for Phase 3: NIST AI RMF 1.0 trustworthiness characteristics, subcategory mappings, and framework isolation architecture |
| **security/backlog-handoff** | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates |
| **security/identity** | Security Planner identity, six-phase orchestration, state management, and session recovery protocols |
| **security/operational-buckets** | Operational bucket definitions with component classification guidance and cross-cutting security concerns |
| **security/security-model** | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis |
| **security/sssc-planner** | SSSC Planner identity, six-phase orchestration, state schema, session recovery, and Phase 2-6 assessment protocols |
| **security/standards-mapping** | Embedded OWASP and NIST security standards with researcher subagent delegation for CIS, WAF, CAF, and other runtime lookups |
| **shared/coaching-patterns** | Shared exploration-first coaching patterns for planning agents (RAI, security, SSSC) adapted from Design Thinking research methods |
| **shared/disclaimer-language** | Centralized disclaimer language for AI-assisted planning agents requiring professional review acknowledgment |
| **shared/hve-core-location** | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. |
| **shared/planner-identity-base** | Shared identity scaffold for phase-based planning agents (SSSC, RAI, Security, Accessibility) covering state-file convention, six-phase orchestration template, state protocol, resume protocol, question cadence mechanics, optional disclaimer cadence, and error handling |
| **shared/story-quality** | Shared story quality conventions for work item creation and evaluation across agents and workflows |
| **shared/telemetry-overlay** | Shared telemetry overlay applying telemetry-foundations vocabulary across planner, ADR, PRD, accessibility, code-review, and implementation artifacts |
### Skills
| Name | Description |
|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **accessibility-planner-playbook** | On-demand accessibility planner reference pack for Phase 1 capture, Phase 2 framework selection, Phase 5 impact assessment, and Phase 6 review and backlog handoff. Read the matching reference when entering a phase boundary or when you need the detailed guidance for that phase. |
| **adr-author** | Authoring skill for Architecture Decision Records (ADRs) supporting capture, from-planner-handoff, and adopt-template entry modes with selectable Y-Statement or MADR v4.0.0 output templates, supersession lineage, and ASR trigger evaluation - Brought to you by microsoft/hve-core. |
| **aria-apg** | WAI-ARIA Authoring Practices Guide (APG) design pattern knowledge base for accessibility assessment |
| **backlog-templates** | Shared work-item templates and conventions for ADO and GitHub backlog handoff across the RAI, Security, SSSC, and Accessibility planners |
| **coga** | W3C Making Content Usable for People with Cognitive and Learning Disabilities (COGA) knowledge base for accessibility assessment |
| **customer-card-render** | Generate customer-card PowerPoint content YAML from Design Thinking canonical artifacts and build using the shared PowerPoint skill pipeline |
| **dt-coaching-foundation** | Design Thinking coaching foundation knowledge: coach identity and philosophy, quality and fidelity constraints, method sequencing, coaching state schema, and the canonical deck workflow |
| **dt-curriculum** | Design Thinking learning curriculum covering nine progressive modules across the full Problem, Solution, and Implementation Space methods plus a shared manufacturing reference scenario for teaching and practice |
| **dt-methods** | Design Thinking method coaching knowledge across all nine methods including per-method techniques, deep expertise, and industry context (energy, financial services, healthcare, manufacturing, nonprofit and social impact, pharmaceuticals and life sciences, professional services, public sector, retail and CPG) |
| **dt-rpi-integration** | Design Thinking to RPI handoff knowledge covering the DT-to-RPI handoff contract, DT-aware research/planning/implement/review contexts, subagent handoff workflow, and Method 5 image prompt generation |
| **en-301-549** | European EN 301 549 V3.2.1 ICT Accessibility Standard knowledge base for accessibility assessment |
| **gh-code-scanning** | Retrieves and groups GitHub code scanning alerts by rule and severity using the gh CLI |
| **gitlab** | Manage GitLab merge requests and pipelines with a Python CLI |
| **hve-core-installer** | Decision-driven HVE-Core installer with multiple clone-based and extension install methods, environment detection, and agent customization |
| **jira** | Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. |
| **mural** | Mural workspace, room, mural, and widget workflows via the Mural REST API exposed through a Python CLI. Use when you need to read or write Mural content or automate widget creation. |
| **owasp-agentic** | OWASP Agentic Security Top 10 knowledge base for identifying, assessing, and remediating AI agent system security risks. |
| **owasp-cicd** | OWASP CI/CD Top 10 knowledge base for identifying, assessing, and remediating CI/CD pipeline security risks. |
| **owasp-infrastructure** | OWASP Infrastructure Top 10 knowledge base for identifying, assessing, and remediating internal IT infrastructure security risks. |
| **owasp-llm** | OWASP Top 10 for LLM Applications (2025) knowledge base for identifying, assessing, and remediating large language model security risks. |
| **owasp-mcp** | OWASP MCP Top 10 knowledge base for identifying, assessing, and remediating Model Context Protocol security risks. |
| **owasp-top-10** | OWASP Top 10 for Web Applications (2025) knowledge base for identifying, assessing, and remediating web application security risks. |
| **powerpoint** | PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling |
| **pr-reference** | Generates PR reference XML with commit history and unified diffs between branches, with extension and path filtering. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. |
| **python-foundational** | Foundational Python best practices, idioms, and code quality fundamentals |
| **requirements-author** | Requirements authoring guide for BRD and PRD across Discover, Define, and Govern with canonical templates and handoff contracts |
| **section-508** | US Section 508 ICT Accessibility Standards (revised 2017) knowledge base for accessibility assessment |
| **secure-by-design** | Secure by Design principles knowledge base for assessing security-first design, development, and deployment across the software lifecycle. |
| **security-reviewer-formats** | Format specifications and data contracts for the security reviewer orchestrator and its subagents. |
| **supply-chain-security** | Software supply chain security reference for OpenSSF Scorecard, SLSA, Sigstore, SBOM, and posture/backlog taxonomies. |
| **telemetry-foundations** | Declarative OpenTelemetry-aligned telemetry vocabulary and instrumentation conventions for traces, metrics, logs, and PII handling |
| **tts-voiceover** | Text-to-speech voice-over generation from YAML speaker notes using Azure Speech SDK with SSML pronunciation control |
| **vally-tests** | Authors Vally conformance tests for prompts, instructions, agents, and skills, with explicit refusal of jailbreak, prompt-injection, harmful-elicitation, TOS, CoC, model-refusal-elicitation, and PII-extraction stimuli |
| **video-to-gif** | Video-to-GIF conversion with FFmpeg two-pass optimization |
| **vscode-playwright** | VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation |
| **wcag-22** | WCAG 2.2 success criteria knowledge base for accessibility assessment |
<!-- END AUTO-GENERATED ARTIFACTS -->
## Install
```bash
copilot plugin install hve-core-all@hve-core
```
---
> Source: [microsoft/hve-core](https://github.com/microsoft/hve-core)microsoft/hve-core
Publicmirrored from https://github.com/microsoft/hve-coreAvailable
plugins/hve-core-all/README.md
294lines · modepreview