Skip to content

Add the AzureLocal PMO board standard#26

Closed
kristopherjturner wants to merge 2 commits into
mainfrom
feature/pmo-board-standard
Closed

Add the AzureLocal PMO board standard#26
kristopherjturner wants to merge 2 commits into
mainfrom
feature/pmo-board-standard

Conversation

@kristopherjturner

@kristopherjturner kristopherjturner commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Closed because the source branch included unrelated historical changes from a stale local base. Replaced by a clean PMO-only pull request.

Copilot AI review requested due to automatic review settings July 16, 2026 17:22

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 36bb5fcff1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .claude/settings.json
"Read(//mnt/c/Windows/**)",
"Bash(export PATH=\"$PATH:/mnt/c/Program Files/GitHub CLI\")"
"Bash(git add:*)",
"Bash(git commit -m \':*)",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Remove invalid JSON escapes from permission patterns

The \' sequence in this permission entry is not a valid JSON escape; parsing the reviewed .claude/settings.json fails at this line, and the same invalid sequence appears in several PowerShell entries below it. Claude Code therefore cannot load any of these repository settings, including the newly added permissions and hooks.

Useful? React with 👍 / 👎.

Comment thread .claude/settings.json
Comment on lines +10 to +11
{ "type": "command", "command": "pwsh -NonInteractive -File D:/git/azurelocal/platform/.claude/hooks/block-secrets.ps1" },
{ "type": "command", "command": "pwsh -NonInteractive -File D:/git/azurelocal/platform/.claude/hooks/validate-path.ps1" }

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Resolve hook paths relative to the active checkout

In the inspected /workspace/platform checkout, these absolute D:/git/azurelocal/platform paths do not exist, so the checked-out secret and protected-path hooks cannot execute; the logging and stop hooks below have the same problem. Any clone outside this one author-specific directory loses the configured controls, or could execute scripts from an unrelated checkout if that directory happens to exist.

Useful? React with 👍 / 👎.

@@ -0,0 +1,33 @@
# PreToolUse hook — blocks writes containing secret patterns

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add the mandatory PowerShell prologue to every hook

This and all five other newly added .claude/hooks/*.ps1 scripts omit #Requires -Version 7.0, Set-StrictMode -Version Latest, and $ErrorActionPreference = 'Stop', despite the explicit hard rule in AGENTS.md:45. Besides violating the repository standard, missing strict/error behavior allows property and I/O failures in these security and audit hooks to continue or exit successfully rather than being surfaced.

Useful? React with 👍 / 👎.


## Publication

Generated snapshots stay under ignored `.artifacts/pmo/`. Scheduled automation publishes an

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Actually ignore generated PMO snapshots

The documented claim that .artifacts/pmo/ is ignored is false: a repo-wide search finds no matching ignore rule, and git check-ignore --no-index .artifacts/pmo/snapshot.html returns no match. When authenticated automation generates a board and an operator uses a broad git add, the snapshot can therefore be committed and potentially expose restricted project data.

Useful? React with 👍 / 👎.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an AzureLocal overlay for the project-management standard and introduces repo-local multi-model agent scaffolding (AGENTS/Claude/Codex/Copilot + MCP wiring + session-workspace placeholders) to align tooling with the tracker-authoritative PMO board approach.

Changes:

  • Added AzureLocal Project Management standard overlay page and linked it from the standards index.
  • Introduced AGENTS.md as the canonical cross-tool instruction entrypoint and converted CLAUDE.md into a thin shim.
  • Added MCP server config plus Claude/Codex/Copilot configuration and scaffolding (.claude/, .ai/, ignores).

Reviewed changes

Copilot reviewed 23 out of 24 changed files in this pull request and generated 9 comments.

Show a summary per file
File Description
docs/standards/project-management.md New AzureLocal overlay guidance for tracker-authoritative planning + read-only PMO snapshots
docs/standards/index.md Adds Project Management to the standards table
CLAUDE.md Replaced full doc with a shim that imports AGENTS.md and keeps Claude-Code-specific notes
AGENTS.md New canonical cross-tool repo instructions + offline fallback + session protocol
.mcp.json Adds repo-level MCP server wiring for hcs-governance
.gitignore Ignores Claude local logs directory
.github/copilot-instructions.md Points Copilot to AGENTS.md and the .ai/ session protocol
.codex/config.toml Adds Codex MCP server configuration for hcs-governance
.claude/settings.json Adds Claude Code hooks + permissions allowlist
.claude/hooks/validate-path.ps1 PreToolUse hook to block writes to protected paths
.claude/hooks/summarize-session.ps1 Stop hook to log session end events
.claude/hooks/log-tokens.ps1 PostToolUse hook to log tool usage
.claude/hooks/format-on-write.ps1 Optional (currently mostly disabled) format-on-write hook template
.claude/hooks/check-context.ps1 Optional context watcher hook script template (install guidance)
.claude/hooks/block-secrets.ps1 PreToolUse hook to block writes that match common secret patterns
.claude/agents/azurelocal-platform-engineer.md Adds a repo-specific Claude subagent definition
.ai/state/OPEN_QUESTIONS.md Initializes session “open questions” state file
.ai/state/HANDOFF.md Initializes session handoff file with scaffold notes
.ai/state/CURRENT_TASK.md Initializes current task state file
.ai/memory/PROJECT_CONTEXT.md Initializes durable project context placeholder
.ai/memory/GOTCHAS.md Initializes gotchas placeholder
.ai/memory/DECISIONS.md Initializes decisions placeholder
.ai/memory/COMMANDS.md Initializes commands placeholder
.ai/mcp/mcp-servers.md Documents MCP server inventory and bootstrap instructions

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +23 to +25
AzureLocal uses the per-repository project model unless `registry.yaml` explicitly assigns a
shared project. A board SHOULD represent one repository. A cross-repository portfolio board MAY
use the organization Project when its configuration names that scope explicitly.
Comment thread AGENTS.md
Comment on lines +77 to +78
| ADO project | N/A - see registry.yaml `ado_project` or ask the HCS Governance MCP `get_repo` for this repo's work-item tracking project |
| Area path | N/A - see registry.yaml or ask the HCS Governance MCP |
Comment on lines +6 to +20
$logDir = "D:\git\azurelocal\platform\.claude\logs"

$input_json = $input | Out-String
try { $payload = $input_json | ConvertFrom-Json } catch { exit 0 }

if (-not (Test-Path $logDir)) { New-Item -ItemType Directory -Path $logDir -Force | Out-Null }

$entry = @{
timestamp = (Get-Date -Format 'o')
tool_name = $payload.tool_name
file_path = $payload.tool_input.file_path
session_id = $env:CLAUDE_SESSION_ID
} | ConvertTo-Json -Compress

Add-Content -Path "$logDir\tokens.jsonl" -Value $entry -Encoding UTF8
Comment on lines +5 to +15
$logDir = "D:\git\azurelocal\platform\.claude\logs"

if (-not (Test-Path $logDir)) { New-Item -ItemType Directory -Path $logDir -Force | Out-Null }

$entry = @{
timestamp = (Get-Date -Format 'o')
event = "session_stop"
session_id = $env:CLAUDE_SESSION_ID
} | ConvertTo-Json -Compress

Add-Content -Path "$logDir\sessions.jsonl" -Value $entry -Encoding UTF8
- Primary language: Mixed
- Commit format: `type(scope): short description`
- No credentials, tokens, or subscription IDs committed to any file.
- Local path: D:/git/azurelocal/platform
Comment thread .claude/settings.json
Comment on lines +10 to +11
{ "type": "command", "command": "pwsh -NonInteractive -File D:/git/azurelocal/platform/.claude/hooks/block-secrets.ps1" },
{ "type": "command", "command": "pwsh -NonInteractive -File D:/git/azurelocal/platform/.claude/hooks/validate-path.ps1" }
Comment thread .claude/settings.json
{
"matcher": "Write|Edit",
"hooks": [
{ "type": "command", "command": "pwsh -NonInteractive -File D:/git/azurelocal/platform/.claude/hooks/log-tokens.ps1" }
Comment thread .claude/settings.json
"Stop": [
{
"hooks": [
{ "type": "command", "command": "pwsh -NonInteractive -File D:/git/azurelocal/platform/.claude/hooks/summarize-session.ps1" }

## Repo structure

- See CLAUDE.md in this repo for the current directory layout.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants