HVE Core - RAI Planning
Responsible AI assessment, sensitive uses screening, and standards-aligned impact analysis
⚠️ Experimental — This collection is experimental and available only in the Pre-Release channel. Contents may change or be removed without notice.
Assess AI systems for responsible AI risks using structured standards-aligned analysis, sensitive uses screening, and impact assessment.
[!CAUTION]
The RAI agents and prompts in this collection are assistive tools only. They do not replace qualified human review, organizational RAI review boards, or regulatory compliance programs. All AI-generated RAI artifacts must be reviewed and validated by qualified professionals before use. AI outputs may contain inaccuracies, miss critical risks, or produce recommendations that are incomplete or inappropriate for your context.
This collection includes agents and prompts for:
- RAI Assessment — Conduct structured responsible AI assessments aligned to Microsoft RAI Standard v2 and NIST AI RMF
- Sensitive Uses Screening — Screen AI systems against 8 sensitive use categories and restricted use gates
- Impact Analysis — Evaluate fairness, reliability, privacy, security, inclusiveness, transparency, and accountability impacts
- Security Model Analysis — Identify AI-specific threats using extended STRIDE methodology with ML-specific attack patterns
- Backlog Handoff — Generate prioritized RAI work items in ADO or GitHub formats
Prerequisites
The RAI Planner works as a standalone agent but produces the best results when paired with the Security Planner collection. Running a security assessment first provides threat context that enriches RAI impact analysis.
Interaction Model
The RAI Planner follows a Sequential interaction model (Model A) with the Security Planner:
- Security Planner runs first and detects AI components during Phase 1
- Security Planner completes its security assessment and hands off to the RAI Planner
- RAI Planner inherits threat context and performs RAI-specific analysis
The RAI Planner can also run independently using capture, prd, or resume entry modes.
Included Artifacts
Chat Agents
| Name |
Description |
| rai-planner |
Responsible AI assessment agent with 6-phase conversational workflow. Evaluates AI systems against Microsoft RAI Standard v2 and NIST AI RMF 1.0. Produces sensitive uses screening, RAI security model, impact assessment, control surface catalog, and dual-format backlog handoff. |
| researcher-subagent |
Research subagent using search tools, read tools, fetch web page, github repo, and mcp tools |
Prompts
| Name |
Description |
| rai-capture |
Initiate a responsible AI assessment from existing knowledge using the RAI Planner agent in capture mode |
| rai-plan-from-prd |
Initiate a responsible AI assessment from PRD/BRD artifacts using the RAI Planner agent in from-prd mode |
| rai-plan-from-security-plan |
Initiate a responsible AI assessment from a completed Security Plan using the RAI Planner agent in from-security-plan mode (recommended) |
Instructions
| Name |
Description |
| rai-planning/rai-backlog-handoff |
RAI review and backlog handoff for Phase 6: review rubric, RAI scorecard, dual-format backlog generation |
| rai-planning/rai-capture-coaching |
Exploration-first questioning techniques for RAI capture mode adapted from Design Thinking research methods |
| rai-planning/rai-identity |
RAI Planner identity, 6-phase orchestration, state management, and session recovery |
| rai-planning/rai-impact-assessment |
RAI impact assessment for Phase 5: control surface taxonomy, evidence register, tradeoff documentation, and work item generation |
| rai-planning/rai-security-model |
RAI security model analysis for Phase 4: AI STRIDE extensions, dual threat IDs, ML STRIDE matrix, and security model merge protocol |
| rai-planning/rai-sensitive-uses |
Sensitive Uses assessment for Phase 2: screening categories, restricted uses gate, and depth tier assignment |
| rai-planning/rai-standards |
Embedded RAI standards for Phase 3: Microsoft RAI Standard v2 principles and NIST AI RMF subcategory mappings |
| shared/hve-core-location |
Important: hve-core is the repository containing this instruction file; Guidance: if a referenced prompt, instructions, agent, or script is missing in the current directory, fall back to this hve-core location by walking up this file's directory tree. |
Getting Started
After installing this extension, the chat agents are available in GitHub Copilot Chat:
- Use custom agents by selecting the custom agent from the agent picker drop-down list in Copilot Chat
- Apply prompts through the Copilot Chat interface
- Reference instructions: they are automatically applied based on file patterns
Post-Installation Setup
Some chat agents create workflow artifacts in your project directory. See the installation guide for recommended .gitignore configuration and other setup details.
Pre-release Channel
HVE Core offers two installation channels:
| Channel |
Description |
Maturity Levels |
| Stable |
Production-ready artifacts only |
stable |
| Pre-release |
Early access to new features and experimental artifacts |
stable, preview, experimental |
To install the pre-release version, select Install Pre-Release Version from the extension page in VS Code.
Full Edition
Looking for more agents covering additional domains? Check out the full HVE Core extension.
Requirements
- VS Code version 1.106.1 or higher
- GitHub Copilot extension
License
MIT License - see LICENSE for details
Support
For issues, questions, or contributions, visit the GitHub repository.
Brought to you by Microsoft ISE HVE Essentials
