From b6ea6b0d9972cc132510a5173966b3ef8c1a3256 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 22:43:25 +0000 Subject: [PATCH] feat: add agent-shield.yml workflow for compliance Closes #40 Co-authored-by: don-petry --- .github/workflows/agent-shield.yml | 33 ++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/agent-shield.yml diff --git a/.github/workflows/agent-shield.yml b/.github/workflows/agent-shield.yml new file mode 100644 index 00000000..8704981d --- /dev/null +++ b/.github/workflows/agent-shield.yml @@ -0,0 +1,33 @@ +# ───────────────────────────────────────────────────────────────────────────── +# SOURCE OF TRUTH: petry-projects/.github/standards/workflows/agent-shield.yml +# Standard: petry-projects/.github/standards/agent-standards.md +# Reusable: petry-projects/.github/.github/workflows/agent-shield-reusable.yml +# +# AGENTS — READ BEFORE EDITING: +# • This file is a THIN CALLER STUB. The AgentShield CLI scan and the +# org-specific structural checks live in the reusable workflow above. +# • You MAY change: the `with:` inputs (min-severity, agentshield-version, +# required-files, org-standards-ref) — only if your repo genuinely needs +# a different policy. +# • You MUST NOT change: trigger events, the `uses:` line, or the job name +# (used as a required status check). +# • If you need different behaviour beyond the inputs, open a PR against +# the reusable in the central repo. +# ───────────────────────────────────────────────────────────────────────────── +# +# AgentShield — thin caller for the org-level reusable. +# To adopt: copy this file to .github/workflows/agent-shield.yml in your repo. +name: AgentShield + +on: + push: + branches: [main] + pull_request: + branches: [main] + +permissions: + contents: read + +jobs: + agent-shield: + uses: petry-projects/.github/.github/workflows/agent-shield-reusable.yml@v1