Copilot Coding Agent — Repository Instructions (Onboard this repo)
Repo: CVE Matter-Analysis OS (defense-only)
Language/stack: Python 3.11, CUDA (optional), Docker, K8s (GKE/gVisor), Argo, Terraform, GitHub Actions
Mission: Build and maintain the CVE matter-analysis pipeline with Bayesian evidence, positional alignment, reverse-adversarial refractors, and a black-box arbiter.
Non-negotiables: Private repo; defense-only; no cryptographic-breaking, no offensive payloads.
- Agent Operating Rules
Act from files, not guesswork. Prefer repo artifacts over improvisation.
Defense-only guardrails. Refuse crypto-breaking or exploit authoring.
Idempotent PRs. Every change must be reproducible via scripts/CI.
Citations & logs. Reference edited files; emit structured logs where applicable.
Never commit secrets. Read keys via env/Secrets. Fail closed if missing.
- File Anchors (read these first)
.copilot/AGENT_GUIDE.md — operating guide
.copilot/tasks/ — atomic tasks with acceptance criteria
config/matter.yaml — mode=cve, thresholds, alignment, refractors, arbiter
src/ — modules: ingest/, alignment/, models/, refractors/, evaluation/, orchestrate/
k8s/ — CRD+webhook, runtime classes, GPU job specs, policies
argo/ — WorkflowTemplate, CronWorkflow, Events
terraform/ — GKE cluster, GPU node pool, GCS capsules bucket
prompts/ & capsules/ — LID-LIFT prompt/capsule artifacts (link-pack)
- Default Task Order (finish each before moving on)
NVD ingest
Edit: src/ingest/nvd_client.py, tests/test_ingest.py
Criteria: Delta sync, ETag/backoff, JSONL out, tests pass
Positional alignment
Edit: src/alignment/procrustes.py, src/alignment/cca.py, tests/test_alignment.py
Criteria: alignment_R2 ≥ 0.85, re-register on fail
Arbiter (stacked) + Pareto knee
Edit: src/models/arbiter.py
Criteria: choose knee over {accuracy,f1,robust_auc_ε} vs {latency_ms,energy_J,cost_$}
Refractor grid (ε & axes)
Edit: src/refractors/epsilon.py, src/refractors/shifts.py
Criteria: grid runs; outputs robust AUC & CVaR@95
Evidence & decision
Edit: src/evaluation/evidence.py
Criteria: BIC/WAIC log-evidence; Bayes factor + Jeffreys class
Legendary prompt sync (Notion)
Run: scripts/register_prompt_notion.sh
Criteria: SHA in Notion matches prompts/legendary_lidlift_v14.md
Capsule publish
Run: scripts/publish_capsules.sh (on tag)
Criteria: capsules/*.json reachable at configured bucket/domain
GPU enablement (optional)
Files: terraform/gpu.tf, k8s/gpu-job.yaml, docker/Dockerfile (CUDA)
Criteria: GPU pod requests succeed; tests marked Marco Hutter (@gpu) pass
Admission webhook & triggers
Files: k8s/crd-policytrigger.yaml, k8s/deploy-webhook.yaml, k8s/webhook-config.yaml
Criteria: Pods labeled macrosegment: code receive sedation init; suspicious binaries rejected
Argo ε-sweep
Files: argo/workflowtemplate-tensor-macrosegments.yaml, argo/cronworkflow-nightly.yaml
Criteria: nightly sweep executes and stores artifacts
- CI/CD & Quality Gates (must pass on every PR)
CI: lint (flake8), tests (pytest), Python 3.11
Security: CodeQL (Python), Trivy image scan (fail on HIGH/CRITICAL)
Branch protection: required status checks, at least 1 review, linear history
No-secret check: block PRs containing keys or tokens
Container: build Docker image; rootless, read-only filesystem, no privilege escalation
- Environment & Secrets
Use GitHub Secrets / Environments only:
NVD_API_KEY, GCP_PROJECT_ID, GCP_SA_JSON (if needed), NOTION_API_TOKEN, NOTION_PROMPTS_DB_ID
Local/dev runs must read from env; CI injects via env: or secrets:.
- K8s/GKE Runtime Rules
Workload Identity: map KSA→GSA; no node-level keys
RuntimeClass (gVisor) for default pods; GPUs limited to macrosegment: code
AdmissionWebhook applies: inject-sleep-init, reject-suspicious-binary, freeze-image-pull as configured by PolicyTrigger CRDs
- Argo Orchestration
Run ε-grid with tensor-macrosegments WorkflowTemplate; CronWorkflow nightly at 03:00 UTC
Label all compute pods macrosegment: code for webhook policies
- Definition of Done (per task/PR)
Tests + linters pass; CI security gates green
No secrets in diff; changelog & docs updated
For K8s/Argo changes: kubectl diff or dry-run manifests attached
For Terraform: terraform plan output attached (redacted)
- Failure Handling (what Copilot must do)
If a task fails due to missing tools/perm: print exact simulated steps and mark SIMULATED in the PR body.
If prompt/spec is unclear: re-template the failing prompt and propose a single follow-up question as code comments, not as commits.
If latency/energy budgets breach: propose rollback to last stable config and open a separate “perf-budget” issue.
- One-shot bootstrap prompt (for Copilot PR generator)
Build/maintain a private, defense-only CVE Matter-Analysis OS: NVD ingest → positional alignment (Procrustes/CCA) → stacked arbiter (Pareto knee) → ε-refractors → Bayesian evidence. Provide tests, Docker (+CUDA optional), K8s (gVisor + AdmissionWebhook + PolicyTrigger CRD), Argo ε-sweep, Terraform (GKE/GPU), CI (lint, pytest, CodeQL, Trivy), SECURITY.md (CVD), .copilot/tasks/*, and config/matter.yaml. No offensive/crypto-breaking. Use env secrets.
Copilot Coding Agent — Repository Instructions (Onboard this repo)
Repo: CVE Matter-Analysis OS (defense-only)
Language/stack: Python 3.11, CUDA (optional), Docker, K8s (GKE/gVisor), Argo, Terraform, GitHub Actions
Mission: Build and maintain the CVE matter-analysis pipeline with Bayesian evidence, positional alignment, reverse-adversarial refractors, and a black-box arbiter.
Non-negotiables: Private repo; defense-only; no cryptographic-breaking, no offensive payloads.
Act from files, not guesswork. Prefer repo artifacts over improvisation.
Defense-only guardrails. Refuse crypto-breaking or exploit authoring.
Idempotent PRs. Every change must be reproducible via scripts/CI.
Citations & logs. Reference edited files; emit structured logs where applicable.
Never commit secrets. Read keys via env/Secrets. Fail closed if missing.
.copilot/AGENT_GUIDE.md — operating guide
.copilot/tasks/ — atomic tasks with acceptance criteria
config/matter.yaml — mode=cve, thresholds, alignment, refractors, arbiter
src/ — modules: ingest/, alignment/, models/, refractors/, evaluation/, orchestrate/
k8s/ — CRD+webhook, runtime classes, GPU job specs, policies
argo/ — WorkflowTemplate, CronWorkflow, Events
terraform/ — GKE cluster, GPU node pool, GCS capsules bucket
prompts/ & capsules/ — LID-LIFT prompt/capsule artifacts (link-pack)
NVD ingest
Edit: src/ingest/nvd_client.py, tests/test_ingest.py
Criteria: Delta sync, ETag/backoff, JSONL out, tests pass
Positional alignment
Edit: src/alignment/procrustes.py, src/alignment/cca.py, tests/test_alignment.py
Criteria: alignment_R2 ≥ 0.85, re-register on fail
Arbiter (stacked) + Pareto knee
Edit: src/models/arbiter.py
Criteria: choose knee over {accuracy,f1,robust_auc_ε} vs {latency_ms,energy_J,cost_$}
Refractor grid (ε & axes)
Edit: src/refractors/epsilon.py, src/refractors/shifts.py
Criteria: grid runs; outputs robust AUC & CVaR@95
Evidence & decision
Edit: src/evaluation/evidence.py
Criteria: BIC/WAIC log-evidence; Bayes factor + Jeffreys class
Legendary prompt sync (Notion)
Run: scripts/register_prompt_notion.sh
Criteria: SHA in Notion matches prompts/legendary_lidlift_v14.md
Capsule publish
Run: scripts/publish_capsules.sh (on tag)
Criteria: capsules/*.json reachable at configured bucket/domain
GPU enablement (optional)
Files: terraform/gpu.tf, k8s/gpu-job.yaml, docker/Dockerfile (CUDA)
Criteria: GPU pod requests succeed; tests marked Marco Hutter (@gpu) pass
Admission webhook & triggers
Files: k8s/crd-policytrigger.yaml, k8s/deploy-webhook.yaml, k8s/webhook-config.yaml
Criteria: Pods labeled macrosegment: code receive sedation init; suspicious binaries rejected
Argo ε-sweep
Files: argo/workflowtemplate-tensor-macrosegments.yaml, argo/cronworkflow-nightly.yaml
Criteria: nightly sweep executes and stores artifacts
CI: lint (flake8), tests (pytest), Python 3.11
Security: CodeQL (Python), Trivy image scan (fail on HIGH/CRITICAL)
Branch protection: required status checks, at least 1 review, linear history
No-secret check: block PRs containing keys or tokens
Container: build Docker image; rootless, read-only filesystem, no privilege escalation
Use GitHub Secrets / Environments only:
NVD_API_KEY, GCP_PROJECT_ID, GCP_SA_JSON (if needed), NOTION_API_TOKEN, NOTION_PROMPTS_DB_ID
Local/dev runs must read from env; CI injects via env: or secrets:.
Workload Identity: map KSA→GSA; no node-level keys
RuntimeClass (gVisor) for default pods; GPUs limited to macrosegment: code
AdmissionWebhook applies: inject-sleep-init, reject-suspicious-binary, freeze-image-pull as configured by PolicyTrigger CRDs
Run ε-grid with tensor-macrosegments WorkflowTemplate; CronWorkflow nightly at 03:00 UTC
Label all compute pods macrosegment: code for webhook policies
Tests + linters pass; CI security gates green
No secrets in diff; changelog & docs updated
For K8s/Argo changes: kubectl diff or dry-run manifests attached
For Terraform: terraform plan output attached (redacted)
If a task fails due to missing tools/perm: print exact simulated steps and mark SIMULATED in the PR body.
If prompt/spec is unclear: re-template the failing prompt and propose a single follow-up question as code comments, not as commits.
If latency/energy budgets breach: propose rollback to last stable config and open a separate “perf-budget” issue.
Build/maintain a private, defense-only CVE Matter-Analysis OS: NVD ingest → positional alignment (Procrustes/CCA) → stacked arbiter (Pareto knee) → ε-refractors → Bayesian evidence. Provide tests, Docker (+CUDA optional), K8s (gVisor + AdmissionWebhook + PolicyTrigger CRD), Argo ε-sweep, Terraform (GKE/GPU), CI (lint, pytest, CodeQL, Trivy), SECURITY.md (CVD), .copilot/tasks/*, and config/matter.yaml. No offensive/crypto-breaking. Use env secrets.