HVE Core - All
Full bundle of all stable HVE Core agents, prompts, instructions, and skills
HVE Core provides the complete collection of AI chat agents, prompts, instructions, and skills for VS Code with GitHub Copilot. This edition includes every artifact across all domains: development workflows, architecture, Azure DevOps, GitHub and Jira backlog workflows, data science, design thinking, security, and more.
Use this edition when you want access to everything without choosing a focused collection.
[!CAUTION]
This collection includes security, responsible AI, and supply chain security agents and prompts that are assistive tools only. They do not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated security and compliance artifacts must be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment.
Code review agents included (via coding-standards collection):
- Code Review Functional — Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps
- Code Review Standards — Skills-based code reviewer that enforces project-defined coding standards via dynamic skill loading
- Code Review Full — Orchestrates both functional and standards reviews in a single pass
Security and planning agents included (via security collection):
- Security Planner — STRIDE-based security model analysis with operational bucket classification, standards mapping, and automated backlog generation
- SSSC Planner — Supply chain security assessment against OpenSSF Scorecard, SLSA, and SBOM standards
- RAI Planner — Responsible AI assessment with impact assessment and dual-format backlog handoff
Supporting subagents included:
- Codebase Researcher — Searches workspace for code patterns, conventions, and implementations
- External Researcher — Retrieves external documentation, SDK references, and code samples
- Phase Implementor — Executes single implementation phases with change tracking
- Artifact Validator — Validates implementation work against plans and conventions
- Prompt Tester — Tests prompt files by following them literally in a sandbox
- Prompt Evaluator — Evaluates prompt execution results against quality criteria
Skills included:
- HVE Core Installer — Decision-driven installer skill for deploying HVE Core across workspace configurations
- GitLab Integration — GitLab merge request and pipeline workflows through a Python skill
- Jira Integration — Jira backlog discovery, triage, execution, and PRD planning workflows backed by Jira issue operations and field discovery
- PR Reference — Generates PR reference XML files with commit history and diffs for pull request workflows
- Video to GIF — Converts video files to optimized GIF animations using FFmpeg two-pass palette optimization
Included Artifacts
Chat Agents
| Name |
Description |
| ado-backlog-manager |
Orchestrator agent for Azure DevOps backlog management workflows including triage, discovery, sprint planning, PRD-to-work-item conversion, and execution |
| ado-prd-to-wit |
Product Manager expert for analyzing PRDs and planning Azure DevOps work item hierarchies |
| adr-creation |
Interactive AI coaching for collaborative architectural decision record creation with guided discovery, research integration, and progressive documentation building - Brought to you by microsoft/edge-ai |
| agile-coach |
Conversational agent that helps create or refine goal-oriented user stories with clear acceptance criteria for any tracking tool |
| arch-diagram-builder |
Architecture diagram builder agent that builds high quality ASCII-art diagrams |
| brd-builder |
Business Requirements Document builder with guided Q&A and reference integration |
| code-review-full |
Orchestrator that runs functional and standards code reviews via subagents and produces a merged report |
| code-review-functional |
Pre-PR branch diff reviewer for functional correctness, error handling, edge cases, and testing gaps |
| code-review-standards |
Skills-based code reviewer for local changes and PRs - applies project-defined coding standards via dynamic skill loading |
| codebase-profiler |
Scans the repository to build a technology profile and identify which OWASP skills apply to the codebase |
| doc-ops |
Autonomous documentation operations agent for pattern compliance, accuracy verification, and gap detection |
| dt-coach |
Design Thinking coach guiding teams through the 9-method HVE framework with Think/Speak/Empower philosophy |
| dt-learning-tutor |
Design Thinking learning tutor providing structured curriculum, comprehension checks, and adaptive pacing |
| experiment-designer |
Conversational coach that guides users through designing a Minimum Viable Experiment (MVE) with structured hypothesis formation, vetting, and experiment planning |
| finding-deep-verifier |
Deep adversarial verification of FAIL and PARTIAL findings for a single OWASP skill |
| gen-data-spec |
Generate comprehensive data dictionaries, machine-readable data profiles, and objective summaries for downstream analysis (EDA notebooks, dashboards) through guided discovery |
| gen-jupyter-notebook |
Create structured exploratory data analysis Jupyter notebooks from available data sources and generated data dictionaries |
| gen-streamlit-dashboard |
Develop a multi-page Streamlit dashboard |
| github-backlog-manager |
Orchestrator agent for GitHub backlog management workflows including triage, discovery, sprint planning, and execution |
| implementation-validator |
Validates implementation quality against architectural requirements, design principles, and code standards with severity-graded findings |
| jira-backlog-manager |
Orchestrator agent for Jira backlog management workflows including discovery, triage, execution, and single-issue actions |
| jira-prd-to-wit |
Product Manager expert for analyzing PRDs and planning Jira issue hierarchies without mutating Jira |
| meeting-analyst |
Meeting transcript analyzer that extracts product requirements for PRD creation via work-iq-mcp |
| memory |
Conversation memory persistence for session continuity |
| phase-implementor |
Executes a single implementation phase from a plan with full codebase access and change tracking |
| plan-validator |
Validates implementation plans against research documents, updating the Planning Log Discrepancy Log section with severity-graded findings |
| pptx |
Creates, updates, and manages PowerPoint slide decks using YAML-driven content with python-pptx |
| pptx-subagent |
Executes PowerPoint skill operations including content extraction, YAML creation, deck building, and visual validation |
| pr-review |
Comprehensive Pull Request review assistant ensuring code quality, security, and convention compliance |
| prd-builder |
Product Requirements Document builder with guided Q&A and reference integration |
| product-manager-advisor |
Product management advisor for requirements discovery, validation, and issue creation |
| prompt-builder |
Prompt engineering assistant with phase-based workflow for creating and validating prompts, agents, and instructions files |
| prompt-evaluator |
Evaluates prompt execution results against Prompt Quality Criteria with severity-graded findings and categorized remediation guidance |
| prompt-tester |
Tests prompt files by following them literally in a sandbox environment when creating or improving prompts, instructions, agents, or skills without improving or interpreting beyond face value |
| prompt-updater |
Modifies or creates prompts, instructions or rules, agents, skills following prompt engineering conventions and standards based on prompt evaluation and research |
| rai-planner |
Responsible AI assessment agent with 5-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. |
| report-generator |
Collates verified OWASP skill assessment findings and generates a comprehensive vulnerability report written to .copilot-tracking/security/ |
| researcher-subagent |
Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools |
| rpi-agent |
Autonomous RPI orchestrator running Research → Plan → Implement → Review → Discover phases, using specialized subagents when task difficulty warrants them |
| rpi-validator |
Validates a Changes Log against the Implementation Plan, Planning Log, and Research Documents for a specific plan phase |
| security-planner |
Phase-based security planner that produces security models, standards mappings, and backlog handoff artifacts with AI/ML component detection and RAI Planner integration |
| security-reviewer |
OWASP assessment orchestrator for codebase profiling and vulnerability reporting |
| skill-assessor |
Assesses a single OWASP skill against the codebase, reading vulnerability references and returning structured findings |
| sssc-planner |
Guides users through a six-phase assessment of their repository's supply chain security posture against OpenSSF Scorecard, SLSA, Sigstore, and SBOM standards, producing a prioritized backlog referencing reusable workflows from hve-core and microsoft/physical-ai-toolchain. |
| system-architecture-reviewer |
System architecture reviewer for design trade-offs, ADR creation, and well-architected alignment |
| task-implementor |
Executes implementation plans from .copilot-tracking/plans with progressive tracking and change records |
| task-planner |
Implementation planner for creating actionable implementation plans |
| task-researcher |
Task research specialist for comprehensive project analysis |
| task-reviewer |
Reviews completed implementation work for accuracy, completeness, and convention compliance |
| test-streamlit-dashboard |
Automated testing for Streamlit dashboards using Playwright with issue tracking and reporting |
| ux-ui-designer |
UX research specialist for Jobs-to-be-Done analysis, user journey mapping, and accessibility requirements |
Prompts
| Name |
Description |
| ado-add-work-item |
Create a single Azure DevOps work item with conversational field collection and parent validation |
| ado-create-pull-request |
Generate pull request description, discover related work items, identify reviewers, and create Azure DevOps pull request with all linkages. |
| ado-discover-work-items |
Discover Azure DevOps work items through user-centric queries, artifact-driven analysis, or search-based exploration |
| ado-get-build-info |
Retrieve Azure DevOps build information for a Pull Request or specific Build Number. |
| ado-get-my-work-items |
Retrieve user's current Azure DevOps work items and organize them into planning file definitions |
| ado-process-my-work-items-for-task-planning |
Process retrieved work items for task planning and generate task-planning-logs.md handoff file |
| ado-sprint-plan |
Plan an Azure DevOps sprint by analyzing iteration coverage, capacity, dependencies, and backlog gaps |
| ado-triage-work-items |
Triage untriaged Azure DevOps work items with field classification, iteration assignment, and duplicate detection |
| ado-update-wit-items |
Prompt to update work items based on planning files |
| checkpoint |
Save or restore conversation context using memory files |
| code-review-full |
Run both functional and standards code reviews on the current branch in a single pass |
| code-review-functional |
Pre-PR branch diff review for functional correctness, error handling, edge cases, and testing gaps |
| doc-ops-update |
Invoke doc-ops agent for documentation quality assurance and updates |
| dt-handoff-implementation-space |
Compiles DT Methods 7-9 outputs into an RPI-ready handoff artifact targeting Task Researcher |
| dt-handoff-problem-space |
Problem Space exit handoff — compiles DT Methods 1-3 outputs into an RPI-ready artifact targeting Task Researcher |
| dt-handoff-solution-space |
Solution Space exit handoff — compiles DT Methods 4-6 outputs into an RPI-ready artifact targeting Task Researcher |
| dt-method-04-convergence |
Theme discovery for Design Thinking Method 4c through philosophy-based clustering |
| dt-method-04-ideation |
Divergent ideation for Design Thinking Method 4b with constraint-informed solution generation |
| dt-method-05-concepts |
Concept articulation for Design Thinking Method 5b from brainstorming themes |
| dt-method-05-evaluation |
Stakeholder alignment and three-lens evaluation for Design Thinking Method 5c |
| dt-method-06-building |
Scrappy prototype building with fidelity enforcement for Design Thinking Method 6b |
| dt-method-06-planning |
Concept analysis and prototype approach design for Design Thinking Method 6a |
| dt-method-06-testing |
Hypothesis-driven testing and constraint validation for Design Thinking Method 6c |
| dt-method-next |
Assess DT project state and recommend next method with sequencing validation |
| dt-resume-coaching |
Resume a Design Thinking coaching session — reads coaching state and re-establishes context |
| dt-start-project |
Start a new Design Thinking coaching project with state initialization and first coaching interaction |
| git-commit |
Stages all changes, generates a conventional commit message, shows it to the user, and commits using only git add/commit |
| git-commit-message |
Generates a commit message following the commit-message.instructions.md rules based on all changes in the branch |
| git-merge |
Coordinate Git merge, rebase, and rebase --onto workflows with consistent conflict handling. |
| git-setup |
Interactive, verification-first Git configuration assistant (non-destructive) |
| github-add-issue |
Create a GitHub issue using discovered repository templates and conversational field collection |
| github-discover-issues |
Discover GitHub issues through user-centric queries, artifact-driven analysis, or search-based exploration and produce planning files for review |
| github-execute-backlog |
Execute a GitHub backlog plan by creating, updating, linking, closing, and commenting on issues from a handoff file |
| github-sprint-plan |
Plan a GitHub milestone sprint by analyzing issue coverage, identifying gaps, and organizing work into a prioritized sprint backlog |
| github-suggest |
Resume GitHub backlog management workflow after session restore |
| github-triage-issues |
Triage GitHub issues not yet triaged with automated label suggestions, milestone assignment, and duplicate detection |
| incident-response |
Incident response workflow for Azure operations scenarios |
| jira-discover-issues |
Discover Jira issues through user-centric queries, artifact-driven analysis, or JQL-based exploration and produce planning files for review |
| jira-execute-backlog |
Execute a Jira backlog plan by creating, updating, transitioning, and commenting on issues from a handoff file |
| jira-prd-to-wit |
Analyze PRD artifacts and plan Jira issue hierarchies without mutating Jira |
| jira-triage-issues |
Triage Jira issues with bounded JQL, field recommendations, duplicate detection, and optional execution of confirmed updates |
| prompt-analyze |
Evaluates prompt engineering artifacts against quality criteria and reports findings |
| prompt-build |
Build or improve prompt engineering artifacts following quality criteria |
| prompt-refactor |
Refactors and cleans up prompt engineering artifacts through iterative improvement |
| pull-request |
Generates pull request descriptions from branch diffs |
| rai-capture |
Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode |
| rai-plan-from-prd |
Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode |
| rai-plan-from-security-plan |
Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) |
| risk-register |
Creates a concise and well-structured qualitative risk register using a Probability × Impact (P×I) risk matrix. |
| rpi |
Autonomous Research-Plan-Implement-Review-Discover workflow for completing tasks |
| security-capture |
Initiate security planning from existing notes or knowledge using the Security Planner agent in capture mode |
| security-plan-from-prd |
Initiate security planning from PRD/BRD artifacts using the Security Planner agent in from-prd mode |
| security-review |
Runs an OWASP vulnerability assessment against the current codebase |
| security-review-llm |
Runs OWASP LLM and Agentic vulnerability assessments with codebase profiling for context |
| security-review-web |
Runs an OWASP Top 10 web vulnerability assessment without codebase profiling |
| sssc-capture |
Start a new SSSC assessment via guided conversation using the SSSC Planner agent in capture mode |
| sssc-from-brd |
Start an SSSC assessment from existing BRD artifacts using the SSSC Planner agent |
| sssc-from-prd |
Start an SSSC assessment from existing PRD artifacts using the SSSC Planner agent |
| sssc-from-security-plan |
Extend a Security Planner assessment with supply chain coverage using the SSSC Planner agent |
| task-implement |
Locates and executes implementation plans using Task Implementor |
| task-plan |
Initiates implementation planning based on user context or research documents |
| task-research |
Initiates research for implementation planning based on user requirements |
| task-review |
Initiates implementation review based on user context or automatic artifact discovery |
Instructions
| Name |
Description |
| ado/ado-backlog-sprint |
Sprint planning workflow for Azure DevOps iterations with coverage analysis, capacity tracking, and gap detection |
| ado/ado-backlog-triage |
Triage workflow for Azure DevOps work items with field classification, iteration assignment, and duplicate detection |
| ado/ado-create-pull-request |
Required protocol for creating Azure DevOps pull requests with work item discovery, reviewer identification, and automated linking. |
| ado/ado-get-build-info |
Required instructions for anything related to Azure Devops or ado build information including status, logs, or details from provided pullrequest (PR), build Id, or branch name. |
| ado/ado-interaction-templates |
Work item description and comment templates for consistent Azure DevOps content formatting |
| ado/ado-update-wit-items |
Work item creation and update protocol using MCP ADO tools with handoff tracking |
| ado/ado-wit-discovery |
Protocol for discovering Azure DevOps work items via user assignment or artifact analysis with planning file output |
| ado/ado-wit-planning |
Reference specification for Azure DevOps work item planning files, templates, field definitions, and search protocols |
| coding-standards/bash/bash |
Instructions for bash script implementation |
| coding-standards/bicep/bicep |
Instructions for Bicep infrastructure as code implementation |
| coding-standards/code-review/diff-computation |
Shared diff computation protocol for code review agents - branch detection, scope locking, large diff handling, and non-source artifact filtering |
| coding-standards/code-review/review-artifacts |
Shared review artifact persistence protocol for code review agents - folder structure, metadata schema, verdict normalization, and writing rules |
| coding-standards/csharp/csharp |
Required instructions for C# (CSharp) research, planning, implementation, editing, or creating |
| coding-standards/csharp/csharp-tests |
Required instructions for C# (CSharp) test code research, planning, implementation, editing, or creating |
| coding-standards/powershell/pester |
Instructions for Pester testing conventions |
| coding-standards/powershell/powershell |
Instructions for PowerShell scripting implementation |
| coding-standards/python-script |
Instructions for Python scripting implementation |
| coding-standards/python-tests |
Required instructions for Python test code research, planning, implementation, editing, or creating |
| coding-standards/rust/rust |
Required instructions for Rust research, planning, implementation, editing, or creating |
| coding-standards/rust/rust-tests |
Required instructions for Rust test code research, planning, implementation, editing, or creating |
| coding-standards/terraform/terraform |
Instructions for Terraform infrastructure as code implementation |
| coding-standards/uv-projects |
Create and manage Python virtual environments using uv commands |
| design-thinking/dt-coaching-identity |
Required instructions when working with or doing any Design Thinking (DT); Contains instructions for the Design Thinking coach identity, philosophy, and user interaction and communication requirements for consistent coaching behavior. |
| design-thinking/dt-coaching-state |
Coaching state schema for Design Thinking session persistence, method progress tracking, and session recovery |
| design-thinking/dt-curriculum-01-scoping |
DT Curriculum Module 1: Scope Conversations — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-02-research |
DT Curriculum Module 2: Design Research — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-03-synthesis |
DT Curriculum Module 3: Synthesis — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-04-brainstorming |
DT Curriculum Module 4: Brainstorming — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-05-concepts |
DT Curriculum Module 5: User Concepts — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-06-prototypes |
DT Curriculum Module 6: Low-Fidelity Prototypes — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-07-testing |
DT Curriculum Module 7: High-Fidelity Prototypes — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-08-iteration |
DT Curriculum Module 8: User Testing — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-09-handoff |
DT Curriculum Module 9: Iteration at Scale — concepts, techniques, checks, and exercises |
| design-thinking/dt-curriculum-scenario-manufacturing |
Manufacturing reference scenario for DT learning — factory floor improvement project used across all 9 curriculum modules |
| design-thinking/dt-image-prompt-generation |
M365 Copilot image prompt generation techniques for Design Thinking Method 5 concept visualization with lo-fi enforcement |
| design-thinking/dt-industry-energy |
Energy industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios |
| design-thinking/dt-industry-healthcare |
Healthcare industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios |
| design-thinking/dt-industry-manufacturing |
Manufacturing industry context for DT coaching — vocabulary, constraints, empathy tools, and reference scenarios |
| design-thinking/dt-method-01-deep |
Deep expertise for Method 1: Scope Conversations, covering advanced stakeholder analysis, power dynamics, and scope negotiation |
| design-thinking/dt-method-01-scope |
Method 1 Scope Conversations coaching knowledge for Design Thinking: frozen vs fluid assessment, stakeholder discovery, constraint patterns, and conversation navigation |
| design-thinking/dt-method-02-deep |
Deep expertise for Method 2: Design Research, covering advanced interview techniques, ethnographic observation, and evidence triangulation |
| design-thinking/dt-method-02-research |
Method 2 Design Research coaching knowledge: interview techniques, research planning, environmental observation, and insight extraction patterns |
| design-thinking/dt-method-03-deep |
Deep expertise for Method 3: Input Synthesis — advanced affinity analysis, insight frameworks, and problem statement articulation |
| design-thinking/dt-method-03-synthesis |
Method 3 Input Synthesis coaching knowledge: pattern recognition, theme development, synthesis validation, and Problem-to-Solution Space transition readiness |
| design-thinking/dt-method-04-brainstorming |
Design Thinking Method 4: AI-assisted brainstorming with divergent ideation and convergent clustering for solution space entry |
| design-thinking/dt-method-04-deep |
Deep expertise for Method 4: Brainstorming — advanced facilitation techniques, creative block recovery, and convergence frameworks |
| design-thinking/dt-method-05-concepts |
Design Thinking Method 5: User Concepts coaching with concept articulation, three-lens evaluation, and stakeholder alignment for Solution Space development |
| design-thinking/dt-method-05-deep |
Deep expertise for Method 5: User Concepts, covering advanced D/F/V analysis, image prompt crafting, concept stress-testing, and portfolio management |
| design-thinking/dt-method-06-deep |
Deep expertise for Method 6: Low-Fidelity Prototypes; advanced paper prototyping, service blueprinting, and experience prototyping |
| design-thinking/dt-method-06-lofi-prototypes |
Design Thinking Method 6: Lo-fi prototyping techniques, scrappy enforcement, feedback planning, and constraint discovery for Solution Space exit |
| design-thinking/dt-method-07-deep |
Deep expertise for Method 7: High-Fidelity Prototypes; fidelity translation, architecture, and specification writing |
| design-thinking/dt-method-07-hifi-prototypes |
Design Thinking Method 7: High-Fidelity Prototypes; technical translation, functional prototypes, and specifications |
| design-thinking/dt-method-08-deep |
Deep expertise for Method 8: Test and Validate — advanced test design, small-sample analysis, iteration triggers, and bias mitigation |
| design-thinking/dt-method-08-testing |
Design Thinking Method 8: User Testing - evidence-based evaluation, test protocols, and non-linear iteration support |
| design-thinking/dt-method-09-deep |
Deep expertise for Method 9: Iteration at Scale — change management, scaling, and adoption measurement |
| design-thinking/dt-method-09-iteration |
Design Thinking Method 9: Iteration at Scale — systematic refinement, scaling patterns, and organizational deployment |
| design-thinking/dt-method-sequencing |
Method transition rules, nine-method sequence, space boundaries, and non-linear iteration support for Design Thinking coaching |
| design-thinking/dt-quality-constraints |
Quality constraints, fidelity rules, and output standards for Design Thinking coaching across all nine methods |
| design-thinking/dt-rpi-handoff-contract |
DT-to-RPI handoff contract defining exit points, artifact schemas, and per-agent input requirements for lateral transitions from Design Thinking to RPI workflow |
| design-thinking/dt-rpi-implement-context |
DT-aware Task Implementor context: fidelity constraints, stakeholder validation, and iteration support |
| design-thinking/dt-rpi-planning-context |
DT-aware Task Planner context: fidelity constraints, iteration support, and confidence-informed planning for DT artifacts |
| design-thinking/dt-rpi-research-context |
DT-aware Task Researcher context: frames research around DT methods, stakeholder needs, and empathy-driven inquiry |
| design-thinking/dt-rpi-review-context |
DT-aware Task Reviewer context: quality criteria for Design Thinking artifacts |
| design-thinking/dt-subagent-handoff |
DT subagent handoff workflow: readiness assessment, artifact compilation, and handoff validation via subagent dispatch |
| experimental/experiment-designer |
MVE domain knowledge and coaching conventions for the Experiment Designer agent |
| experimental/pptx |
Shared conventions for PowerPoint Builder agent, subagent, and powerpoint skill |
| github/community-interaction |
Community interaction voice, tone, and response templates for GitHub-facing agents and prompts |
| github/github-backlog-discovery |
Discovery protocol for GitHub backlog management - artifact-driven, user-centric, and search-based issue discovery |
| github/github-backlog-planning |
Reference specification for GitHub backlog management tooling - planning files, search protocols, similarity assessment, and state persistence |
| github/github-backlog-triage |
Triage workflow for GitHub issue backlog management - automated label suggestion, milestone assignment, and duplicate detection |
| github/github-backlog-update |
Execution workflow for GitHub issue backlog management - consumes planning handoffs and executes issue operations |
| hve-core/commit-message |
Required instructions for creating all commit messages |
| hve-core/git-merge |
Required protocol for Git merge, rebase, and rebase --onto workflows with conflict handling and stop controls. |
| hve-core/markdown |
Required instructions for creating or editing any Markdown (.md) files |
| hve-core/prompt-builder |
Authoring standards for prompt engineering artifacts including prompts, agents, instructions, and skills |
| hve-core/pull-request |
Required instructions for pull request description generation and optional PR creation using diff analysis, subagent review, and MCP tools |
| hve-core/writing-style |
Required writing style conventions for voice, tone, and language in all markdown content |
| jira/jira-backlog-discovery |
Discovery protocol for Jira backlog management with user-centric, artifact-driven, and JQL-based issue discovery |
| jira/jira-backlog-planning |
Reference specification for Jira backlog management tooling, planning files, search conventions, similarity assessment, and state persistence |
| jira/jira-backlog-triage |
Triage workflow for Jira backlog management with field recommendations, duplicate detection, and controlled execution |
| jira/jira-backlog-update |
Execution workflow for Jira backlog management that consumes planning handoffs and applies sequential Jira operations |
| jira/jira-wit-planning |
Reference specification for Jira PRD work item planning files, hierarchy mapping, field validation, and handoff contracts |
| rai-planning/rai-backlog-handoff |
RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation |
| rai-planning/rai-capture-coaching |
Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods |
| rai-planning/rai-identity |
RAI Planner identity, 5-phase orchestration, state management, and session recovery |
| rai-planning/rai-impact-assessment |
RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation |
| rai-planning/rai-security-model |
RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol |
| rai-planning/rai-standards |
Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings |
| security/backlog-handoff |
Dual-format backlog handoff for ADO and GitHub with content sanitization, autonomy tiers, and work item templates |
| security/identity |
Security Planner identity, six-phase orchestration, state management, and session recovery protocols |
| security/operational-buckets |
Operational bucket definitions with component classification guidance and cross-cutting security concerns |
| security/security-model |
STRIDE-based security model analysis per operational bucket with threat table format and data flow analysis |
| security/sssc-assessment |
Phase 2 supply chain assessment protocol with the 27 combined capabilities inventory for SSSC Planner. |
| security/sssc-backlog |
Phase 5 dual-format work item generation with templates and priority derivation for SSSC Planner. |
| security/sssc-gap-analysis |
Phase 4 gap comparison, adoption categorization, and effort sizing for SSSC Planner. |
| security/sssc-handoff |
Phase 6 backlog handoff protocol with Scorecard projections and dual-format output for SSSC Planner. |
| security/sssc-identity |
Identity and orchestration instructions for the SSSC Planner agent. Contains six-phase workflow, state.json schema, session recovery, and question cadence. |
| security/sssc-standards |
Phase 3 OpenSSF Scorecard, SLSA, Best Practices Badge, Sigstore, and SBOM standards mapping for SSSC Planner. |
| security/standards-mapping |
Embedded OWASP, NIST, and CIS security standards with researcher subagent delegation for WAF/CAF runtime lookups |
| shared/hve-core-location |
Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. |
| shared/story-quality |
Shared story quality conventions for work item creation and evaluation across agents and workflows |
Skills
| Name |
Description |
| gitlab |
Manage GitLab merge requests and pipelines with a Python CLI |
| hve-core-installer |
Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows |
| jira |
Jira issue workflows for search, issue updates, transitions, comments, and field discovery via the Jira REST API. Use when you need to search with JQL, inspect an issue, create or update work items, move an issue between statuses, post comments, or discover required fields for issue creation. |
| owasp-agentic |
OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core. |
| owasp-llm |
OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. |
| owasp-top-10 |
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core. |
| powerpoint |
PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling |
| pr-reference |
Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. |
| python-foundational |
Foundational Python best practices, idioms, and code quality fundamentals |
| security-reviewer-formats |
Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core. |
| video-to-gif |
Video-to-GIF conversion skill with FFmpeg two-pass optimization |
| vscode-playwright |
VS Code screenshot capture using Playwright MCP with serve-web for slide decks and documentation |
Getting Started
After installing this extension, the chat agents are available in GitHub Copilot Chat:
- Use custom agents by selecting the custom agent from the agent picker drop-down list in Copilot Chat
- Apply prompts through the Copilot Chat interface
- Reference instructions: they are automatically applied based on file patterns
Post-Installation Setup
Some chat agents create workflow artifacts in your project directory. See the installation guide for recommended .gitignore configuration and other setup details.
Pre-release Channel
HVE Core offers two installation channels:
| Channel |
Description |
Maturity Levels |
| Stable |
Production-ready artifacts only |
stable |
| Pre-release |
Early access to new features and experimental artifacts |
stable, preview, experimental |
To install the pre-release version, select Install Pre-Release Version from the extension page in VS Code.
Requirements
- VS Code version 1.106.1 or higher
- GitHub Copilot extension
License
MIT License - see LICENSE for details
Support
For issues, questions, or contributions, visit the GitHub repository.
Brought to you by Microsoft ISE HVE Essentials
| |
