chore(main): release hve-core 3.0.0

[hve-core-release-please]

🤖 I have created a release beep boop

3.0.0 (2026-02-06)

⚠ BREAKING CHANGES

• agents: add Task Reviewer and expand RPI to 4-phase workflow (#277)

✨ Features

• .devcontainer: add development container configuration (#24) (45debf5)
• .github: add github metadata and mcp configuration (#23) (1cb898d)
• add incident response prompt template (#386) (0adb35c)
• add PowerShell script to validate copyright headers (#370) (92fce72)
• add Skills and VS Code Extension categories to issue/PR templates (#410) (108e160)
• agent: Add automated installation via hve-core-installer agent (#82) (a2716d5)
• agents: add brd-builder.agent.md for building BRDs (#122) (bfdc9f3)
• agents: add hve-core-installer agent to extension package (#297) (c0e48c6)
• agents: add Task Reviewer and expand RPI to 4-phase workflow (#277) (ae76cab)
• agents: redesign installer with Codespaces support and method documentation (#123) (6329fc0)
• ai: Establish AI-Assisted Development Framework (#48) (f5199a4)
• build: add code coverage reporting to Pester workflow (#230) (a34822a)
• build: implement automated release management with release-please (#86) (90150e2)
• chatmodes: add architecture diagram builder agent (#145) (db24637)
• config: add development tools configuration files (#19) (9f97522)
• config: add npm package configuration and dependencies (#20) (fcba198)
• copilot: add GitHub Copilot instruction files (#22) (4927284)
• copilot: add specialized chat modes for development workflows (#21) (ae8495f)
• docs: add comprehensive AI artifact contribution documentation (#76) (d81cf96)
• docs: add getting started guide for project configuration (#57) (3b864fa)
• docs: add GOVERNANCE.md for OSSF Silver Badge compliance (#235) (b0e752c)
• docs: add repository foundation and documentation files (#18) (ad7efb6), closes #2
• docs: add ROADMAP.md for OSSF Silver badge compliance (#238) (4a41c16)
• docs: add RPI workflow documentation and restructure docs folder (#102) (c3af708)
• docs: Replace deprecated chat.modeFilesLocations with chat.agentFilesLocations (#413) (67fb2ab)
• extension: hve core vs code extension (#149) (041a1fd)
• extension: implement pre-release versioning with agent maturity filtering (#179) (fb38233)
• hve-core-guidance-instructions: update guidance artifacts and MCP config (#402) (25b34de)
• instructions: add authoring standards for prompt engineering artifacts (#177) (5de3af9)
• instructions: add extension quick install and enhance installer agent (#176) (48e3d58)
• instructions: add VS Code variant prompt and gitignore recommendation to installer (#185) (b400493)
• instructions: add writing style guide for markdown content (#151) (02df6a8)
• instructions: consolidate C# guidelines and update prompt agent fields (#158) (65342d4)
• instructions: provide guidance on using safe commands to reduce interactive prompting (#117) (1268580)
• linting: add linting and validation scripts (#26) (66be136)
• mcp: add MCP server configuration guidance and installer enhancements (#225) (0bce418)
• prompt-builder: enhance prompt engineering instructions and validation protocols (#155) (bc5004f)
• prompts: add ADR placement planning and update template paths (#69) (380885f)
• prompts: add git workflow prompts from edge-ai (#84) (56d66b6)
• prompts: add github-add-issue prompt and github-issue-manager chatmode with delegation pattern (#55) (d0e1789)
• prompts: add PR template discovery and integration to pull-request prompt (#141) (b8a4c7a)
• prompts: add task research initiation prompt and rpi agent(#124) (5113e3b)
• release: implement release management strategy (#161) (6164c3b)
• Risk Register Prompt (#146) (843982c)
• scripts: add CIHelpers module for CI platform abstraction (#348) (23e7a7e)
• scripts: add SecurityHelpers and CIHelpers modules (#354) (b93d990)
• scripts: add YAML linting with actionlint (#234) (d9301f9)
• scripts: enhanced JSON Schema validation for markdown frontmatter (#59) (aba152c)
• security: add action version consistency validation (#423) (f3bb787)
• security: add checksum validation infrastructure (#106) (07528fb)
• security: add OpenSSF Scorecard workflow and badge (#271) (7c6d788)
• security: add security scanning scripts (#25) (82de5a1)
• skills: add video-to-gif conversion skill with FFmpeg two-pass optimization (#247) (8d65c42)
• tests: add Pester tests for LintingHelpers and Validate-MarkdownFrontmatter (#197, #198) (#205) (51ae563)
• workflow: add copilot-setup-steps.yml for Coding Agent environment (#398) (085a38b)
• workflows: add CodeQL security analysis to PR validation (#132) (e5b6e8f)
• workflows: add copyright header validation CI workflow (#429) (c53de22)
• workflows: add orchestration workflows and documentation (#29) (de442e0)
• workflows: add security reusable workflows (#28) (2c74399)
• workflows: add validation reusable workflows (#27) (f52352d)

🐛 Bug Fixes

• build: add token parameter to release-please action (#166) (c9189ec)
• build: detect table formatting changes via git diff (#261) (985eee0)
• build: disable MD012 lint rule in CHANGELOG for release-please compatibility (#173) (54502d8), closes #172
• build: disable MD024 lint rule in CHANGELOG for release-please (#220) (971df94)
• build: increase release-please search depths to prevent 250-commit window issue (#342) (4bb857d)
• build: patch @isaacs/brace-expansion critical vulnerability (#404) (292ef51)
• build: pin npm commands for OpenSSF Scorecard compliance (#181) (c29db54)
• build: quote shell variables and group redirects in workflow files (#299) (3372509)
• build: remediate GHSA-g9mf-h72j-4rw9 undici vulnerability (#188) (634bf36)
• build: resolve scorecard badge and workflow security issues (#301) (aeaed13)
• build: seed CHANGELOG.md with version entry for release-please frontmatter preservation (#170) (2b299ac)
• build: use draft releases for VSIX upload (#338) (f1d3ac6)
• build: use GitHub App token for release-please (#167) (070e042)
• build: use hashtable splatting for named parameters (#164) (02a965f)
• ci: disable errexit during spell check exit code capture (#356) (ed6ed46)
• ci: exclude extension/README.md from frontmatter validation (#362) (e0d7378)
• devcontainer: remove unused Python requirements check (#78) (f17a872), closes #77
• docs: add missing Copilot footers, consolidate validation exclusions (#419) (e40f960)
• docs: fix broken links and update validation for .vscode/README.md (#118) (160ae7a)
• docs: improve language consistency in Automated Installation section (#139) (a932918)
• docs: quote YAML frontmatter values in BRD template (#339) (ca988f2)
• docs: replace install button anchor with VS Code protocol handler (#111) (41a265e)
• docs: update install badges to use aka.ms redirect URLs (#114) (868f655)
• exclude test fixtures from markdown link checker (#345) (58147f9)
• extension: remove frontmatter from README and exclude from markdown linting (#223) (4272529)
• extension: resolve path resolution issues in Windows/WSL environments (#407) (8529725)
• instructions: quote applyTo glob pattern for YAML compatibility (#216) (085199c)
• linting: use cross-platform path separators in gitignore pattern matching (#121) (3f0aa1b)
• linting: use Write-Error instead of Write-Host for error output (#377) (2ca766b)
• scripts: accepts the token (YYYY-MM-dd) in frontmatter validation (#133) (2648215)
• scripts: add FooterExcludePaths parameter to frontmatter validation (#334) (64db98d)
• scripts: add GHSA word and logs/ exclusion to cspell config (#214) (5c99b3f)
• scripts: apply CI output escaping to infrastructure scripts (#369) (251021e)
• scripts: apply CI output escaping to linting scripts (#367) (fdd75ed)
• scripts: apply CI output escaping to security scripts (#368) (1237c9a)
• scripts: correct type assertions in Invoke-YamlLint.Tests.ps1 (#332) (af7050d)
• scripts: eliminate false positives in dependency pinning npm pattern (#273) (ccbdfa3)
• scripts: ensure reliable array count operations in linting and security scripts (#395) (de43e73)
• scripts: include CIHelpers module + packaging script testability (#420) (da26edf)
• scripts: standardize PowerShell requirements header block (#385) (6e26282)
• security: add artifact attestation for signed releases (#257) (c52d6e2)
• standardize markdown footers and complete frontmatter (#217) (b4e7556)
• tools: correct Method 5 path resolution in hve-core-installer (#129) (57ef20d)

📚 Documentation

• add comprehensive RPI workflow documentation (#153) (cbaa4a9)
• add doc-ops agent to CUSTOM-AGENTS reference (#358) (15f7185)
• add memory agent to CUSTOM-AGENTS.md (#359) (d92c4e1)
• add missing agents to extension README (#357) (d58541c)
• add OpenSSF Best Practices Passing badge to README (#239) (91bc529)
• add task-reviewer agent to CUSTOM-AGENTS.md (#363) (0efb722)
• architecture: add architecture documentation and value proposition (#252) (0e4b02f)
• contributing: add copyright header guidelines (#382) (881a567)
• contributing: add testing requirements for OSSF compliance (#254) (4db1a18)
• docs: add enterprise status badges to README header (#270) (ccb68a4)
• enhance README with contributing, responsible AI, and legal sections (#52) (a424adc)
• scripts: update README.md with missing directory sections (#355) (ac2966f)
• security: add security assurance case and threat model for OSSF Silver (#259) (a390e26)

♻️ Refactoring

• application: wrap execution with try blocks, ensure proper … (#296) (35c4417)
• instructions: consolidate and enhance AI artifact guidelines (#206) (54dd959)
• migrate chatmodes to agents architecture (#210) (712b0b7)
• migrate inline CI code to CIHelpers module (#393) (adf6a5f)
• scripts: align linting and tests with CIHelpers (#401) (3587e6a)
• scripts: extract frontmatter validation to testable module (#293) (4e8707e)
• scripts: extract Invoke-PackageExtension for testability (#343) (858a1be)
• scripts: extract orchestration function for Prepare-Extension testability (#344) (9fd4bd1)
• scripts: extract pure functions for Pester testability (#221) (d40e742)
• scripts: replace raw GITHUB_OUTPUT with Set-CIOutput in Package-Extension (#391) (74a30bb)
• security: move DependencyViolation and ComplianceReport to shared module (#378) (1dd31ad)

🔧 Maintenance

• add copyright headers to PowerShell scripts (#381) (d19c9b3)
• add copyright headers to shell scripts (#380) (284b456)
• build: clean up workflow permissions for Scorecard compliance (#183) (64686e7)
• deps-dev: bump cspell from 9.4.0 to 9.6.0 in the npm-dependencies group (#208) (855914b)
• deps-dev: bump cspell from 9.6.0 to 9.6.1 in the npm-dependencies group (#294) (1e45ad6)
• deps-dev: bump cspell from 9.6.1 to 9.6.2 in the npm-dependencies group (#387) (23c2b9f)
• deps-dev: bump cspell in the npm-dependencies group (#61) (38650eb)
• deps-dev: bump glob from 10.4.5 to 10.5.0 (#74) (b3ca9fd)
• deps-dev: bump markdownlint-cli2 from 0.19.1 to 0.20.0 in the npm-dependencies group (#134) (ebfbe84)
• deps-dev: bump the npm-dependencies group across 1 directory with 2 updates (#109) (936ab84)
• deps-dev: bump the npm-dependencies group with 2 updates (#30) (cf99cbf)
• deps: bump actions/setup-node from 6.1.0 to 6.2.0 in the github-actions group (#209) (c4c69e2)
• deps: bump actions/upload-artifact from 5.0.0 to 6.0.0 in the github-actions group (#142) (91eac8a)
• deps: bump js-yaml, markdown-link-check and markdownlint-cli2 (#75) (af03d0e)
• deps: bump the github-actions group with 2 updates (#108) (3e56313)
• deps: bump the github-actions group with 2 updates (#135) (4538a03)
• deps: bump the github-actions group with 2 updates (#62) (d1e0c09)
• deps: bump the github-actions group with 3 updates (#87) (ed550f4)
• deps: bump the github-actions group with 4 updates (#295) (d8337b8)
• deps: bump the github-actions group with 6 updates (#162) (ec5bb12)
• devcontainer: enhance gitleaks installation with checksum verification (#100) (5a8507d)
• devcontainer: refactor setup scripts for improved dependency management (#94) (f5f50d1), closes #98
• main: release hve-core 2.0.0 (#212) (672d36b)
• main: release hve-core 2.0.1 (#340) (4612929)
• main: release hve-core 2.1.0 (#347) (2ce6371)
• main: release hve-core 2.2.0 (#418) (a8cb549)
• remove step-security/harden-runner from workflows (#246) (c5708d8)
• security: configure GitHub branch protection for OpenSSF compliance (#191) (90aab1a)
• templates: align issue templates with conventional commit format (#427) (2d28702)
• workflows: simplify Copilot setup steps workflow triggers (#414) (492a7b1)

---

This PR was generated with Release Please. See documentation.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.19%. Comparing base (a8cb549) to head (6eeb680).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #441      +/-   ##
==========================================
- Coverage   76.22%   76.19%   -0.03%     
==========================================
  Files          20       20              
  Lines        3503     3503              
==========================================
- Hits         2670     2669       -1     
- Misses        833      834       +1     

Flag	Coverage Δ
pester	76.19% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.