Guard the custom layer and flag stray top-level entries#58
Merged
Conversation
The /custom/ layer is a template: in upstream microsoft/BCQuality it stays empty by default and is meant to be populated only inside a fork or consumer clone. PR #55 both targeted /custom/ and leaked a new top-level folder. - skills/write.md: add a fork-precondition guard so authors (human or agent) confirm they are not in microsoft/BCQuality before scaffolding /custom/ content. - Guard custom layer workflow: auto-closes upstream PRs that add/modify /custom/ content beyond the template files, with a friendly redirect-to-fork comment. - Flag new top-level entries workflow: posts an advisory (non-blocking) comment when a PR introduces an unexpected top-level folder or file for maintainer review. Both workflows run only on microsoft/BCQuality (never on forks) and read the PR file list via the API without checking out or executing PR code. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
JesperSchulz
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
PR #55 exposed two gaps in how the upstream repo protects its structure:
/custom/layer — which is a template that should only ever be populated inside a fork, never upstream.This adds guardrails for both, plus an authoring-time guard in the WRITE skill.
Changes
skills/write.md— new "Writing to/custom/— fork precondition" subsection. Instructs any author (human or agent) to confirmoriginis notmicrosoft/BCQuality(viagit remote get-url origin) before scaffolding/custom/content, and to fork or re-target/community/otherwise..github/workflows/guard-custom-layer.yml+.github/custom-layer-autoclose.md— auto-closes upstream PRs that add/modify/custom/content beyond the template files (custom/README.mdand.gitkeepstay allowed). Posts a friendly redirect-to-fork comment (in Jeremy's voice from the PR #55 close)..github/workflows/flag-new-top-level.yml+.github/new-top-level-flag.md— non-blocking advisory: when a PR introduces an unexpected top-level folder/file (anything outside.github community custom microsoft skills tools+ the known root docs), it posts a single comment flagging it for a maintainer to eyeball. Does not close the PR. Idempotent acrosssynchronizeevents.Safety notes
if: github.repository == 'microsoft/BCQuality', so forks that legitimately populate/custom/are never affected.pull_request_targetonly to obtain a token that can comment/close fork PRs, and read the PR file list via the API — they never check out or execute PR code.For review
custom/README.md. Tighten to.gitkeep-only if you'd rather lock the template entirely.