Skip to content

[P2] Build GitHub Copilot Extension for governance code review #261

New issue
New issue
Open
Open
[P2] Build GitHub Copilot Extension for governance code review#261
Assignees
imran-siddiquecopilot-swe-agent
Labels
enhancementNew feature or request
@imran-siddique

Description

@imran-siddique
imran-siddique
opened on Mar 15, 2026

Problem

Our governance toolkit is a library that developers add to their code. But the most natural touchpoint is where they already work: their IDE + Copilot. A Copilot extension would put governance review in every PR.

Proposed Fix

Build a GitHub Copilot Extension that:

  1. Reviews agent code for governance gaps (missing policy checks, unguarded tool calls, no audit logging)
  2. Suggests adding governance middleware to agent frameworks
  3. Validates policy YAML files for correctness
  4. Links to relevant OWASP Agentic Top 10 risks

Why

  • Reaches developers where they already are (GitHub + VS Code)
  • Low friction: no install, no config — just enable the extension
  • Creates organic feedback loop: extension suggests toolkit → developer installs toolkit

Priority

P2 — do this quarter. Multiplier for developer reach.

Related: Issue #45

Labels

priority: medium, area: tooling

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions