microsoft/hve-core
Publicmirrored fromhttps://github.com/microsoft/hve-coreAvailable
plugins/project-planning/README.md
106lines · modecode
| 1 | <!-- markdownlint-disable-file --> |
| 2 | # Project Planning |
| 3 | |
| 4 | PRDs, BRDs, ADRs, and architecture diagrams |
| 5 | |
| 6 | ## Overview |
| 7 | |
| 8 | Create architecture decision records, requirements documents, and diagrams — all through guided AI workflows. Evaluate AI-powered systems against Responsible AI standards and conduct STRIDE-based security model analysis with automated backlog generation. |
| 9 | |
| 10 | This collection includes agents for: |
| 11 | |
| 12 | - **Agile Coach** — Create or refine goal-oriented user stories with clear acceptance criteria |
| 13 | - **Product Manager Advisor** — Product management advisor for requirements discovery, validation, and issue creation |
| 14 | - **UX/UI Designer** — UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements |
| 15 | - **Architecture Decision Records** — Create structured ADRs with solution comparison matrices |
| 16 | - **Architecture Diagrams** — Generate ASCII-art architecture diagrams from descriptions |
| 17 | - **Business Requirements Documents** — Build BRDs through guided Q&A sessions |
| 18 | - **System Architecture Reviewer** — System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment |
| 19 | - **RPI Agent** — Autonomous RPI orchestrator running specialized subagents through Research, Plan, Implement, and Review phases |
| 20 | - **Product Requirements Documents** — Build PRDs with stakeholder-driven refinement |
| 21 | - **RAI Planner** — Responsible AI assessment with sensitive uses screening, security model analysis, impact assessment, and dual-format backlog handoff |
| 22 | - **Security Planner** — STRIDE-based security model analysis with operational bucket classification, standards mapping, and automated backlog generation |
| 23 | - **SSSC Planner** — Software supply-chain security assessment with gap analysis, standards mapping, and automated backlog generation |
| 24 | |
| 25 | Supporting subagents included: |
| 26 | |
| 27 | - **Researcher Subagent** — Research subagent using search tools, read tools, fetch web page, github repo, and MCP tools |
| 28 | - **Plan Validator** — Validates implementation plans against research documents with severity-graded findings |
| 29 | - **Phase Implementor** — Executes a single implementation phase from a plan with full codebase access and change tracking |
| 30 | - **RPI Validator** — Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents |
| 31 | - **Implementation Validator** — Validates implementation quality against architectural requirements, design principles, and code standards |
| 32 | |
| 33 | ## Install |
| 34 | |
| 35 | ```bash |
| 36 | copilot plugin install project-planning@hve-core |
| 37 | ``` |
| 38 | |
| 39 | ## Agents |
| 40 | |
| 41 | | Agent | Description | |
| 42 | |------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |
| 43 | | agile-coach | Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool - Brought to you by microsoft/hve-core | |
| 44 | | product-manager-advisor | Product management advisor for requirements discovery, validation, and issue creation | |
| 45 | | ux-ui-designer | UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements | |
| 46 | | adr-creation | Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai | |
| 47 | | arch-diagram-builder | Architecture diagram builder agent that builds high quality ASCII-art diagrams - Brought to you by microsoft/hve-core | |
| 48 | | brd-builder | Business Requirements Document builder with guided Q&A and reference integration | |
| 49 | | system-architecture-reviewer | System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment - Brought to you by microsoft/hve-core | |
| 50 | | rpi-agent | Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them - Brought to you by microsoft/hve-core | |
| 51 | | prd-builder | Product Requirements Document builder with guided Q&A and reference integration | |
| 52 | | meeting-analyst | Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp - Brought to you by microsoft/hve-core | |
| 53 | | rai-planner | Responsible AI assessment agent with 6-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces sensitive uses screening, RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. - Brought to you by microsoft/hve-core | |
| 54 | | security-planner | Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration | |
| 55 | | sssc-planner | Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. | |
| 56 | | researcher-subagent | Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools | |
| 57 | | plan-validator | Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings - Brought to you by microsoft/hve-core | |
| 58 | | phase-implementor | Executes a single implementation phase from a plan with full codebase access and change tracking - Brought to you by microsoft/hve-core | |
| 59 | | rpi-validator | Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase - Brought to you by microsoft/hve-core | |
| 60 | | implementation-validator | Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings - Brought to you by microsoft/hve-core | |
| 61 | |
| 62 | ## Commands |
| 63 | |
| 64 | | Command | Description | |
| 65 | |-----------------------------|------------------------------------------------------------------------------------------------------------------------------------------| |
| 66 | | security-plan-from-prd | Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode | |
| 67 | | security-capture | Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode | |
| 68 | | incident-response | Incident response workflow for Azure operations scenarios - Brought to you by microsoft/hve-core | |
| 69 | | risk-register | Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. | |
| 70 | | rai-capture | Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode | |
| 71 | | rai-plan-from-prd | Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode | |
| 72 | | rai-plan-from-security-plan | Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) | |
| 73 | | sssc-capture | Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode | |
| 74 | | sssc-from-prd | Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent | |
| 75 | | sssc-from-brd | Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent | |
| 76 | | sssc-from-security-plan | Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent | |
| 77 | |
| 78 | ## Instructions |
| 79 | |
| 80 | | Instruction | Description | |
| 81 | |-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |
| 82 | | rai-backlog-handoff | RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation | |
| 83 | | rai-identity | RAI Planner identity, 6-phase orchestration, state management, and session recovery - Brought to you by microsoft/hve-core | |
| 84 | | rai-impact-assessment | RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation | |
| 85 | | rai-security-model | RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol | |
| 86 | | rai-sensitive-uses | Sensitive Uses assessment for Phase 2: screening categories, restricted uses gate, and depth tier assignment | |
| 87 | | rai-standards | Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings | |
| 88 | | rai-capture-coaching | Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods - Brought to you by microsoft/hve-core | |
| 89 | | identity | Security Planner identity, six-phase orchestration, state management, and session recovery protocols - Brought to you by microsoft/hve-core | |
| 90 | | operational-buckets | Operational bucket definitions with component classification guidance and cross-cutting security concerns - Brought to you by microsoft/hve-core | |
| 91 | | standards-mapping | Embedded OWASP, NIST, and CIS security standards with researcher subagent delegation for WAF/CAF runtime lookups - Brought to you by microsoft/hve-core | |
| 92 | | security-model | STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis - Brought to you by microsoft/hve-core | |
| 93 | | backlog-handoff | Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates - Brought to you by microsoft/hve-core | |
| 94 | | sssc-identity | Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. | |
| 95 | | sssc-assessment | Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. | |
| 96 | | sssc-standards | Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. | |
| 97 | | sssc-gap-analysis | Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. | |
| 98 | | sssc-backlog | Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. | |
| 99 | | sssc-handoff | Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. | |
| 100 | | hve-core-location | Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. | |
| 101 | | story-quality | Shared story quality conventions for work item creation and evaluation across agents and workflows | |
| 102 | |
| 103 | --- |
| 104 | |
| 105 | > Source: [microsoft/hve-core](https://github.com/microsoft/hve-core) |
| 106 | |
| 107 | |