Enterprise-grade shared repository for GitHub Copilot customizations.
BaseCoat provides a curated library of agents, skills, instructions, and prompts that teams adopt across repositories through a single sync command. Instead of every team writing Copilot customizations from scratch, BaseCoat gives you production-ready assets that enforce consistent standards, accelerate development workflows, and scale across an entire GitHub Enterprise organization.
82 agents · 59 skills · 71 instruction files · 5 prompt starters
# Download latest release
curl -L https://github.com/IBuySpy-Shared/basecoat/releases/latest/download/basecoat-ghcp.zip -o basecoat.zip
unzip basecoat.zip -d .github/base-coat/
# Copy Copilot-discoverable files
cp -r .github/base-coat/agents .github/agents
cp -r .github/base-coat/instructions .github/instructions
cp -r .github/base-coat/prompts .github/promptsmacOS / Linux:
BASECOAT_REPO=https://github.com/IBuySpy-Shared/basecoat.git ./sync.shWindows PowerShell:
$env:BASECOAT_REPO = 'https://github.com/IBuySpy-Shared/basecoat.git'; .\sync.ps1Pin to a release tag (recommended for production):
$env:BASECOAT_REPO = 'https://github.com/IBuySpy-Shared/basecoat.git'
$env:BASECOAT_REF = 'v1.0.0'
irm https://raw.githubusercontent.com/IBuySpy-Shared/basecoat/$env:BASECOAT_REF/sync.ps1 | iexThe sync script clones BaseCoat, copies the standard assets into .github/base-coat/, then copies agents, instructions, and prompts to .github/agents/, .github/instructions/, and .github/prompts/ so that GitHub Copilot auto-discovers them. The whole process takes under a minute.
| Variable | Default | Description |
|---|---|---|
BASECOAT_REPO |
https://github.com/YOUR-ORG/basecoat.git |
Source repository URL |
BASECOAT_REF |
main |
Branch or tag to sync from |
BASECOAT_TARGET_DIR |
.github/base-coat |
Target directory inside your repo (relative to repo root) |
The sync script copies these items into BASECOAT_TARGET_DIR:
README.md · CHANGELOG.md · INVENTORY.md · version.json · instructions/ · skills/ · prompts/ · agents/
Everything else (tests, scripts, CI workflows, examples) stays in the source repo and is not copied into consumers.
Always use sync.ps1 or sync.sh. Manual copying leads to stale assets, missing files, and incorrect target paths. The scripts handle cloning, copying, and cleanup in a single idempotent operation.
BaseCoat uses a consistent label taxonomy for issue triage, discovery, and sprint management.
| Category | Labels | Purpose |
|---|---|---|
| Asset Type | agent, skill, instruction, prompt |
Identifies the type of customization asset for filtering and discovery |
| Issue Type | bug, enhancement, documentation, question, chore, security |
Classifies the issue by its primary type |
| Priority | priority:high, priority:medium, priority:low |
Indicates urgency and SLA (high = 1hr, medium = 4hr, low = 1 week) |
| Sprint | sprint-1, sprint-2, sprint-3, sprint-4 |
Assigns issue to a sprint milestone |
| Status | blocked, spec-required, governance |
Indicates blocking conditions or special handling |
| Technology | azure, dotnet, kubernetes, python, terraform, etc. |
Domain or technology focus |
| Approval | approved, copilot-agent |
Applied when issue is approved for agent implementation |
- Find all agents:
is:issue label:agent - Find Sprint 3 skills:
is:issue label:sprint-3 label:skill - Find high-priority bugs:
is:issue label:priority:high label:bug - Find blocked issues:
is:issue label:blocked
For complete label reference: docs/reference/LABEL_TAXONOMY.md · GOVERNANCE.md
BaseCoat is built on four GitHub Copilot customization primitives:
┌─────────────────────────────────────────────────────┐
│ BaseCoat │
├──────────┬──────────┬───────────────┬───────────────┤
│ Agents │ Skills │ Instructions │ Prompts │
│ (73) │ (55) │ (56) │ (8) │
│ │ │ │ │
│ Multi- │ Reusable │ Coding │ Quick task │
│ step │ workflow │ standards & │ entry points │
│ flows │ recipes │ guardrails │ │
└──────────┴──────────┴───────────────┴───────────────┘
▲ ▲
│ Agents reference │ Instructions are
│ skills for │ auto-loaded by
│ templates │ Copilot in every
└────────────────────┘ conversation
- Agents (
agents/) — Multi-step workflow definitions for complex tasks like backend development, code review, sprint planning, and security analysis. Each agent has a defined role, instructions, and often references paired skills. - Skills (
skills/) — Reusable workflow recipes with templates. A skill contains aSKILL.mdworkflow definition plus template files (checklists, specs, scaffolds) that agents and users invoke during work. - Instructions (
instructions/) — Coding standards and guardrails that Copilot loads automatically. These govern how code is written, reviewed, tested, and deployed across every conversation. - Prompts (
prompts/) — Quick-start entry points for common tasks like architecture planning, code review, and bugfixing.
| Agent | Description |
|---|---|
| agent-designer | Designs and authors Copilot agent definitions |
| agentops | Agent lifecycle, versioning, rollout, health monitoring, and rollback |
| api-designer | API design for OpenAPI, REST, GraphQL, and governance |
| app-inventory | Legacy app scanning for dependencies, tech stacks, and migration complexity |
| azure-landing-zone | Azure Landing Zone scaffolding following Cloud Adoption Framework |
| backend-dev | APIs, service layers, business logic, and data access |
| chaos-engineer | Fault injection, game days, resilience scoring, and recovery validation |
| code-review | Structured multi-step code review workflow |
| config-auditor | Scans for committed or unprotected config secrets |
| containerization-planner | Containerization readiness assessment and deployment configuration |
| data-tier | Schema design, migrations, query optimization, data access |
| dataops | Data quality, lineage, governance, orchestration, and drift detection |
| dependency-lifecycle | Dependency updates, breaking changes, upgrade paths, and migration guides |
| devops-engineer | CI/CD, IaC, deployment, rollback, and observability |
| exploratory-charter | Time-boxed exploratory testing charters with evidence capture |
| feedback-loop | User feedback collection, prompt effectiveness tracking, and A/B testing |
| frontend-dev | UI components, responsive layouts, state, accessibility |
| github-security-posture | GitHub org and repo security posture auditing: code security configs, rulesets, secret scanning, Dependabot, and branch protection |
| guardrail | Post-processing validation for safety, quality, compliance, and formatting |
| identity-architect | Azure RBAC, managed identities, Entra ID app registrations, conditional access, and workload identity federation |
| incident-responder | Incident classification, mitigation, communications, and post-incident learning |
| infrastructure-deploy | Azure infrastructure deployments using Bicep with rollback strategies |
| issue-triage | Triage, classify, label, and prioritize GitHub issues |
| legacy-modernization | Web Forms to Razor Pages migration using the strangler fig pattern |
| llmops | Prompt deployment pipelines, model gateway configuration, and inference monitoring |
| manual-test-strategy | Manual testing strategy with rubric, charter, checklist, and automation backlog |
| mcp-developer | MCP servers, tools, and integrations |
| memory-curator | Cross-session knowledge extraction, deduplication, and retrieval |
| merge-coordinator | Parallel branch merge coordination |
| middleware-dev | API gateways, integration layers, event-driven architectures |
| mlops | Model lifecycle, experiment tracking, deployment automation, and drift monitoring |
| new-customization | Creates or updates BaseCoat customization assets |
| performance-analyst | Profiling, load testing, and performance optimization |
| policy-as-code-compliance | Policy-as-code validation, exception management, and audit-ready compliance reports |
| product-manager | Requirements, user stories, acceptance criteria, roadmaps |
| project-onboarding | BaseCoat repository onboarding and setup |
| prompt-coach | Interactive prompt review, scoring, and refinement coaching |
| prompt-engineer | Prompt and system-prompt optimization |
| release-impact-advisor | Release readiness assessment, blast radius analysis, and rollback planning |
| release-manager | Versioned release workflow, changelog, tagging, and publishing |
| retro-facilitator | Sprint retrospective summary and improvement issue creation |
| rollout-basecoat | Enterprise BaseCoat onboarding and rollout |
| security-analyst | Vulnerability assessment, threat modeling, secure code review |
| self-healing-ci | CI failure analysis, log parsing, flaky test detection, and pipeline remediation |
| solution-architect | System design, C4 diagrams, ADRs, and technology selection |
| sprint-planner | Sprint goal-to-issues breakdown and wave planning |
| sprint-retrospective | Reconstructs repo history for sprint retrospectives with metrics and tips |
| sre-engineer | SLOs, error budgets, incident response, chaos engineering, and toil reduction |
| strategy-to-automation | Converts manual test paths into tiered automation candidates |
| tech-writer | Technical docs, runbooks, tutorials, and changelogs |
| ux-designer | Journey mapping, wireframes, and accessibility audits |
Full machine-readable catalog with skill pairings and model recommendations:
CATALOG.md
| Skill | Templates | Paired Agent(s) |
|---|---|---|
| agent-design | agent-template, instruction-template, skill-template | agent-designer |
| api-design | openapi-template, governance-checklist, breaking-change-checklist, versioning-decision-tree | api-designer |
| app-inventory | inventory-report-template, complexity-scoring-template | app-inventory |
| architecture | adr-template, c4-diagram-template, risk-register-template, tech-selection-matrix-template | solution-architect |
| azure-container-apps | SKILL.md workflow | devops-engineer |
| azure-identity | rbac-role-assignment-template, managed-identity-mapping-template, app-registration-checklist, workload-identity-federation-template, conditional-access-policy-template | identity-architect |
| azure-landing-zone | adr-template, hub-networking-template, landing-zone-vending-template, platform-subscription-template, policy-assignment-template, policy-exemption-template | azure-landing-zone |
| azure-networking | hub-spoke-topology, cidr-allocation, private-endpoint-dns-zones, nsg-rule-matrix | solution-architect, devops-engineer |
| azure-policy | policy-definition-template, initiative-definition-template, remediation-task-template, compliance-report-template | policy-as-code-compliance |
| azure-waf-review | waf-assessment-report-template, pillar-scoring-rubric, remediation-action-plan-template | solution-architect, security-analyst, devops-engineer |
| backend-dev | api-spec-template, error-catalog-template, repository-pattern-template, service-template | backend-dev |
| basecoat | SKILL.md workflow | — |
| code-review | SKILL.md workflow | code-review |
| create-instruction | SKILL.md workflow | new-customization |
| create-skill | SKILL.md workflow | new-customization |
| data-tier | schema-design-template, migration-template, query-review-checklist, data-dictionary-template | data-tier |
| devops | deployment-checklist, environment-promotion-template, github-actions-template, rollback-runbook-template | devops-engineer |
| documentation | readme-template, runbook-template, adr-template | tech-writer |
| environment-bootstrap | SKILL.md workflow | devops-engineer |
| frontend-dev | component-spec-template, accessibility-checklist, state-management-template | frontend-dev |
| handoff | handoff-template | — |
| human-in-the-loop | SKILL.md workflow | — |
| identity-migration | SKILL.md workflow | legacy-modernization |
| manual-test-strategy | charter-template, checklist-template, defect-template, rubric-template | manual-test-strategy, exploratory-charter |
| mcp-development | mcp-server-template, tool-definition-template, transport-config-template | mcp-developer |
| performance-profiling | SKILL.md workflow | performance-analyst |
| refactoring | SKILL.md workflow | — |
| security | owasp-checklist, stride-threat-model-template, vulnerability-report-template, dependency-audit-template | security-analyst |
| github-security-posture | posture-report-template | github-security-posture |
| service-bus-migration | SKILL.md workflow | middleware-dev |
| sprint-management | sprint-planning-template, backlog-grooming-template, retrospective-template | sprint-planner, retro-facilitator |
| ux | user-journey-template, wireframe-spec-template, component-spec-template, accessibility-audit-checklist | ux-designer |
Instructions are automatically loaded by GitHub Copilot to enforce standards across every conversation.
| Instruction | Scope |
|---|---|
| agent-behavior | Retry loops, edit thrashing, and escalation guardrails |
| agents | Agent authoring standards |
| architecture | Architecture, API, and design-diagram guidance |
| azure | Azure service, SDK, and deployment guidance |
| backend | Backend APIs, services, workers, and data access |
| bicep | Azure Bicep authoring and validation |
| config | Config file safety and secrets prevention |
| development | Shared dev standards for all dev-core agents |
| documentation | Documentation and change-note expectations |
| drift-monitor | Infrastructure-as-Code drift detection and remediation |
| error-kb | Error knowledge base classification and pattern reuse |
| frontend | Frontend, UI, state management, and accessibility |
| governance | Repository-wide AI governance rules |
| mcp | MCP server, tooling, and trust-boundary guidance |
| naming | Naming conventions across repos, code, and infrastructure |
| nextjs-react19 | Next.js and React 19 Server Components and App Router patterns |
| npm-workspaces | npm workspaces and monorepo management |
| output-style | Concise agent responses with full-fidelity code output |
| plan-first | Explore-plan-implement-verify workflow for multi-step tasks |
| process | Delivery lifecycle, sprint, triage, and release process |
| quality | PR review, security, performance, and coverage gates |
| reliability | Retries, uptime, background work, and dependency failure |
| security | Secure coding, auth, authz, secrets, and input handling |
| session-hygiene | Context hygiene, session rotation, and clean-state practices |
| tailwind-v4 | Tailwind CSS v4 patterns and migration guidance |
| terraform | Terraform guidance for Azure-oriented IaC |
| testing | Testing best practices and validation expectations |
| token-economics | Cost-aware model routing and token budget discipline |
| tool-minimization | Selective tool enablement and MCP server discipline |
| ux | UX, accessibility, and design-system guidance |
| verification | Success criteria before coding and verification before done |
Guardrail policies in docs/reference/guardrails/ enforce non-negotiable standards:
| Guardrail | Purpose |
|---|---|
| caf-naming | CAF naming conventions for Azure resources |
| container-image-tags | Container image tags must include Git SHA |
| db-deployment-concurrency | Database deployment concurrency rules |
| env-example | .env.example required for every repo |
| oidc-federation | GitHub Actions to Azure OIDC federation |
| secrets-in-workflows | No hardcoded secrets in workflow files |
Additional security docs: docs/operations/security/BRANCH_PROTECTION.md · docs/operations/security/SECRET_SCANNING.md
BaseCoat operates under a lightweight enterprise governance framework:
- Issue-first: All changes must be backed by a logged GitHub issue.
- PRs only: Never commit directly to
main. Open a pull request; self-approval is permitted. - No secrets: Never commit credentials, tokens, API keys, or sensitive data.
- Branch naming:
feature/<issue-number>-<short-description>orfix/<issue-number>-<short-description>
Full reference: docs/reference/GOVERNANCE.md · Contributing: CONTRIBUTING.md
basecoat/
├── agents/ # 30 agent definitions
├── skills/ # 19 skill directories with templates
├── instructions/ # 19 instruction files (auto-loaded)
├── prompts/ # 3 prompt starters
├── docs/ # Governance, guardrails, security, guides
│ ├── guardrails/ # 6 guardrail policies
│ └── security/ # Branch protection, secret scanning
├── examples/ # IaC samples, workflows, repo templates
├── scripts/ # Packaging, validation, hook installers
├── tests/ # Smoke tests
├── .github/workflows/ # CI/CD pipelines
├── sync.ps1 # Windows sync script
├── sync.sh # macOS/Linux sync script
├── CATALOG.md # Machine-readable asset registry
├── CHANGELOG.md # Release history
├── CONTRIBUTING.md # Contribution guidelines
├── INVENTORY.md # Asset inventory
└── version.json # Current version metadata
# macOS / Linux
curl -fsSL https://raw.githubusercontent.com/YOUR-ORG/basecoat/main/sync.sh | bash
# Windows PowerShell
irm https://raw.githubusercontent.com/YOUR-ORG/basecoat/main/sync.ps1 | iextag=v1.0.0
curl -fsSL https://raw.githubusercontent.com/YOUR-ORG/basecoat/${tag}/sync.sh | bashgit submodule add https://github.com/YOUR-ORG/basecoat.git .github/base-coatAfter adding the submodule, copy the assets to the Copilot-discoverable paths:
# macOS / Linux
rm -rf .github/agents .github/instructions .github/prompts
cp -r .github/base-coat/agents .github/agents
cp -r .github/base-coat/instructions .github/instructions
cp -r .github/base-coat/prompts .github/prompts# Windows PowerShell
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue .github/agents, .github/instructions, .github/prompts
Copy-Item -Recurse .github/base-coat/agents .github/agents
Copy-Item -Recurse .github/base-coat/instructions .github/instructions
Copy-Item -Recurse .github/base-coat/prompts .github/promptsRepeat the copy step whenever you update the submodule, or use the sync scripts instead to automate this.
The basecoat CLI plugin routes natural-language commands to the best-matching Basecoat agent.
npx basecoat "review this code for security vulnerabilities"See plugins/copilot-cli-plugin/ for installation and usage.
For GitHub Enterprise onboarding, organization-level configuration, and custom agent development, see the Enterprise Setup Guide.
./tests/run-tests.ps1 # Windows
bash tests/run-tests.sh # macOS / LinuxSee CONTRIBUTING.md for guidelines on adding agents, skills, instructions, and prompts.
This project is for internal use. Contact your organization's open-source program office for licensing terms.