memory-journal-mcp 7.4.0 → 7.5.0

package/skills/github-commander/workflows/copilot-audit.md

@@ -0,0 +1,48 @@
+# GitHub Copilot CLI Pre-Push Audit Workflow
+
+This workflow orchestrates an AI-driven adversarial review using the GitHub Copilot CLI (`@github/copilot`). It acts as a strict secondary validation layer (a "second opinion") across both localized logic changes (PR reviews) and full repository inspections.
+
+## Phase 1: Environment Readiness & Authentication
+
+1. **Verify Copilot CLI Presence**:
+   Run `npm list -g @github/copilot`. 
+   If missing, install it automatically: `npm i -g @github/copilot`.
+
+2. **Verify Authentication**:
+   Ensure the CLI is authenticated via `copilot auth`. If the user has not authenticated, pause the agentic execution and prompt them to authorize via the browser endpoint.
+
+## Phase 2: Execution Targeting (The Audit Context)
+
+Determine whether this is a localized Feature Branch (Pre-Push PR) review or a whole Codebase Audit.
+
+### Path A: Pre-Push PR Review
+1. Diff the current working branch against the primary target (e.g., `main` or `master`).
+2. **Execute Single-Shot Evaluation Buffer**:
+   ```bash
+   git diff main | copilot "Act as an extremely strict, senior PR reviewer. Review this submitted git diff. Analyze edge cases, logic gaps, unhandled bounds, typescript compliance, and security flaws. Produce a Markdown-formatted table of defects."
+   ```
+
+### Path B: Comprehensive Codebase Review
+1. **Execute Single-Shot Codebase Buffer**:
+   ```bash
+   echo "Act as an adversarial security and performance auditor. Perform a comprehensive analysis of all files in this repository. Point out bad architectural couplings, injection vectors, unhandled error flows, and data boundaries that are not explicit. Output as a detailed Markdown report." | copilot
+   ```
+
+## Phase 3: Journal Archival (Verification Sync)
+
+1. Capture the exact Markdown payload generated by Copilot.
+2. Persist this via `memory-journal-mcp`:
+   - Tool: `create_entry` (or `team_create_entry` if shared).
+   - Type: `audit_finding` or `triage`.
+   - Title: "Copilot CLI Adversarial Review: [Topic]"
+   - Content: The generated JSON/Markdown from the terminal stdout.
+   - Tags: `copilot`, `review`, `github-commander`.
+
+## Phase 4: Human-in-the-Loop Gateway
+
+1. Analyze and summarize the Copilot payload.
+2. Present the summarized critique directly to the User.
+3. Pause and Wait. Do not commit or push the code.
+4. **Branching Action**:
+   - If User approves changes: Remediate the code directly based on Copilot's findings using local agent tool capabilities (`replace_file_content`, etc).
+   - If User rejects/ignores the findings: Proceed to standard commit and push pipelines.

package/skills/github-copilot-cli/SKILL.md

@@ -0,0 +1,64 @@
+---
+name: github-copilot-cli
+description: |
+  Documentation and instructions for integrating the GitHub Copilot CLI (`copilot`)
+  into agentic workflows. Use this skill when you need a "second opinion" adversarial
+  review of a local codebase, a pre-push PR review using alternative advanced models,
+  or shell suggestion capabilities from GitHub. Activates on "Copilot CLI", "local PR review",
+  or "codebase Copilot review".
+---
+
+# GitHub Copilot CLI
+
+The GitHub Copilot CLI (`@github/copilot`) acts as an interactive, terminal-native representation of the Copilot agentic ecosystem.
+
+When integrated into an AI workflow (AI evaluating AI), it acts as a robust secondary reviewer mapping against different context windows and potentially different foundational models than the primary agent, significantly reducing confirmation bias during PR or full-repository reviews.
+
+## Installation & Authentication Baseline
+
+Before using the CLI in automated pipelines, ensure the terminal environment is equipped and authenticated:
+
+```bash
+# 1. Verify availability
+npm list -g @github/copilot
+
+# 2. Install if missing
+npm i -g @github/copilot
+
+# 3. Authenticate (Requires human interaction/browser approval)
+copilot auth
+```
+
+## Agentic Interaction Strategies
+
+Because the Copilot CLI launches an interactive REPL (`? What would you like to do?`), standalone non-interactive agents cannot easily navigate its interactive curses UI natively.
+
+To effectively harness it during automated reviews, you must format non-interactive input buffers or leverage its single-shot explanation endpoints:
+
+### Non-Interactive Command Piping
+
+While primarily interactive, you can echo requests directly into the tool for one-shot evaluation loops.
+
+```bash
+# Full Repository Security Audit
+echo "Please perform a comprehensive security analysis of all files in this repository. Point out unchecked injections, logic flaws, and credential leaks. Present it in markdown." | copilot
+
+# Pre-Push PR Diff Review
+git diff main | copilot "Act as a strict PR reviewer. Here is my local diff against main. List specifically what will break, style issues, and any unhandled edge cases."
+```
+
+### Direct Tool Commands
+
+For precise shell suggestions or file explanations:
+
+```bash
+# Shell Suggestion (Evaluates context and produces command)
+gh copilot suggest "find all files over 5mb in the current directory"
+
+# File Explanation
+gh copilot explain "src/utils/crypto.ts"
+```
+
+## Workflows Integration
+
+This skill works synergistically with `github-commander`. Use the `copilot-audit` workflow via `github-commander` to execute a structured, auditable validation loop utilizing this CLI before generating PRs.

package/skills/package.json

@@ -15,6 +15,7 @@
         "docker/",
         "github-actions/",
         "github-commander/",
+        "github-copilot-cli/",
         "gitlab/",
         "golang/",
         "mysql/",