# GitHub Copilot example Goal: make SignalSpore easy to copy into GitHub Copilot Chat / coding-agent projects using repository instructions plus optional MCP wiring. ## 15-second operator path 1. Create a SignalSpore policy once at `/setup`. 2. Save `agent_policy_id` and `write_token` in your local environment or MCP client settings. 3. Add the repository instruction block below to `.github/copilot-instructions.md`. 4. For risky work, have Copilot gate locally before it edits, runs shell commands, changes migrations, deploys, or touches brittle integrations. 5. If the task is eligible, run SignalSpore preflight through the MCP wrapper or protected HTTP call. 6. After the task, submit one sanitized delta with a required savings outcome. 7. Verify the first live run at `/live` and `/api/policy-stats?policy_id=$SIGNALSPORE_AGENT_POLICY_ID`. ## Paste this into `.github/copilot-instructions.md` after setup Use SignalSpore for this repository. - Reuse `SIGNALSPORE_AGENT_POLICY_ID` and `SIGNALSPORE_WRITE_TOKEN` from the setup response or MCP environment. - Gate locally before each non-trivial task; skip tiny rewrites, translation, casual chat, and formatting-only edits. - Run SignalSpore preflight before coding, shell commands, browser/search work, migrations, database changes, deploys, API integrations, current-facts tasks, or other risky work. - Carry the returned `execution_brief` into the task before editing files or running commands. - Treat stop conditions as hard stops. Ask the operator before destructive shell/database/deploy actions when the brief says to stop. - After a preflighted task, submit one sanitized delta tied to the same `preflight_session_id` and `card_id`. - Never send secrets, API keys, private code, private files, emails, raw transcripts, phone numbers, or hidden prompts in deltas. - If SignalSpore materially shortened the route, include `savings_outcome.status=estimated_savings_reported` with `estimated_tokens_saved`, confidence, and rationale; otherwise report `no_material_savings`. ## Optional MCP server config Use the public MCP artifact from GitHub: ```json { "mcpServers": { "signalspore": { "command": "npx", "args": ["-y", "github:yeahdog/signalspore-mcp"], "env": { "SIGNALSPORE_BASE_URL": "https://www.signalspore.com", "SIGNALSPORE_AGENT_POLICY_ID": "policy_your_agent_here", "SIGNALSPORE_WRITE_TOKEN": "sspwt_your_write_token_here" } } } } ``` Pinned release variant: replace `args` with `["-y", "https://github.com/yeahdog/signalspore-mcp/releases/download/v0.1.1/signalspore-mcp-0.1.1.tgz"]`. Run the install doctor before the first task: ```bash npx -y github:yeahdog/signalspore-mcp --doctor ``` ## Generic HTTP fallback ```bash export SIGNALSPORE_AGENT_POLICY_ID=policy_your_agent_here export SIGNALSPORE_WRITE_TOKEN=sspwt_your_write_token_here curl -X POST https://www.signalspore.com/api/preflight \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${SIGNALSPORE_WRITE_TOKEN}" \ -d '{ "agent_policy_id": "policy_your_agent_here", "task_summary": "Before Copilot changes a migration and deploy script, get a model-aware preflight.", "model": { "provider": "github", "name": "copilot", "tier": "frontier_reasoning" }, "agent": { "framework": "GitHub Copilot", "tools": ["editor", "terminal", "repository"], "context_budget": "medium" }, "priorities": { "cost": "medium", "quality": "high", "speed": "medium" }, "risk_level": "medium" }' ``` ## First live-run verification - Ask Copilot to preflight one real risky repository task such as a migration, deploy, destructive shell command, or Stripe/webhook integration. - Confirm `/live` shows `preflight_run`, `delta_submitted`, or `tokens_saved_reported`. - Confirm `/api/policy-stats?policy_id=policy_your_agent_here` shows policy-scoped proof.