From c870432a0399e8d0060a240bf2e85f1500f7f081 Mon Sep 17 00:00:00 2001 From: judeper Date: Mon, 25 May 2026 23:12:07 -0400 Subject: [PATCH] =?UTF-8?q?docs:=20validation=20sweep=20=E2=80=94=206=20se?= =?UTF-8?q?curity=20&=20access=20solutions=20verified=202026-05-25?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Validates all documentation for accuracy against authoritative sources: - action-confirmation-auditor - agent-access-monitor - agent-communication-restriction-detector - agent-sharing-access-restriction-detector - credential-oversharing-detector - file-upload-security Adds Last Verified: 2026-05-25 dates to all 6 solution READMEs and key sub-docs (prerequisites, flow-configuration). Validation results: - All 11 Microsoft Learn URLs resolve (200 OK) - No FSI language rule violations found - No deprecated PowerShell cmdlets or legacy Azure AD branding - Microsoft Graph API usage is v1.0 (no beta endpoints) - Dataverse column names consistent with schema scripts - Cross-solution references valid - Manifest check passes Closes judeper/OceanSquad#58 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- action-confirmation-auditor/README.md | 1 + action-confirmation-auditor/docs/prerequisites.md | 2 +- agent-access-monitor/README.md | 1 + agent-communication-restriction-detector/README.md | 1 + .../docs/flow-configuration.md | 2 +- agent-sharing-access-restriction-detector/README.md | 1 + credential-oversharing-detector/README.md | 1 + file-upload-security/README.md | 1 + file-upload-security/docs/flow-setup.md | 2 +- file-upload-security/docs/prerequisites.md | 2 +- 10 files changed, 10 insertions(+), 4 deletions(-) diff --git a/action-confirmation-auditor/README.md b/action-confirmation-auditor/README.md index 2e3cbfe5..67a98ff1 100644 --- a/action-confirmation-auditor/README.md +++ b/action-confirmation-auditor/README.md @@ -11,6 +11,7 @@ coe_function: govern > **Version:** v1.2.1 > **Status:** Live > **Validated against framework version:** v1.6.0 +> **Last Verified:** 2026-05-25 Validates that Copilot Studio agent topics include user confirmation steps before executing actions (connector calls, cloud flows, plugins, HTTP requests), with zone-based policy enforcement for financial services governance. diff --git a/action-confirmation-auditor/docs/prerequisites.md b/action-confirmation-auditor/docs/prerequisites.md index 4881e40f..694c844f 100644 --- a/action-confirmation-auditor/docs/prerequisites.md +++ b/action-confirmation-auditor/docs/prerequisites.md @@ -148,4 +148,4 @@ If ELM is not deployed, zone classification defaults to Zone 3 (most restrictive --- -*Action Confirmation Auditor v1.2.1* +*Action Confirmation Auditor v1.2.1 — Last Verified: 2026-05-25* diff --git a/agent-access-monitor/README.md b/agent-access-monitor/README.md index 8c568d48..924ccec4 100644 --- a/agent-access-monitor/README.md +++ b/agent-access-monitor/README.md @@ -11,6 +11,7 @@ coe_function: optimize > **Version:** v1.1.2 > **Status:** Live > **Validated against framework version:** v1.6.0 +> **Last Verified:** 2026-05-25 Automated validation of Power Platform environment agent access settings against zone-specific governance requirements. diff --git a/agent-communication-restriction-detector/README.md b/agent-communication-restriction-detector/README.md index 81f58e0d..2e941918 100644 --- a/agent-communication-restriction-detector/README.md +++ b/agent-communication-restriction-detector/README.md @@ -11,6 +11,7 @@ coe_function: govern > **Version:** v1.2.1 > **Status:** Live > **Validated against framework version:** v1.6.0 +> **Last Verified:** 2026-05-25 Detects unauthorized agent-to-agent communication patterns, zone boundary violations, cross-tenant communication, and maker/checker violations in Copilot Studio multi-agent orchestration. diff --git a/agent-communication-restriction-detector/docs/flow-configuration.md b/agent-communication-restriction-detector/docs/flow-configuration.md index e26702d6..4ae7ca1a 100644 --- a/agent-communication-restriction-detector/docs/flow-configuration.md +++ b/agent-communication-restriction-detector/docs/flow-configuration.md @@ -439,4 +439,4 @@ After either branch (use a common action after the condition): --- -*Agent Communication Restriction Detector -- Flow Setup Guide v1.2.1* +*Agent Communication Restriction Detector — Flow Setup Guide v1.2.1 — Last Verified: 2026-05-25* diff --git a/agent-sharing-access-restriction-detector/README.md b/agent-sharing-access-restriction-detector/README.md index 4a80ff3b..03a8cd28 100644 --- a/agent-sharing-access-restriction-detector/README.md +++ b/agent-sharing-access-restriction-detector/README.md @@ -11,6 +11,7 @@ coe_function: govern > **Version:** v2.0.2 > **Status:** Live > **Validated against framework version:** v1.6.0 +> **Last Verified:** 2026-05-25 See [CHANGELOG](./CHANGELOG.md) for version history. diff --git a/credential-oversharing-detector/README.md b/credential-oversharing-detector/README.md index 340f70e0..de184680 100644 --- a/credential-oversharing-detector/README.md +++ b/credential-oversharing-detector/README.md @@ -12,6 +12,7 @@ coe_function: govern > **Status:** Live > **Validated against framework version:** v1.6.0 > **Upstream Microsoft dependency:** Preview — Copilot Studio credential-oversharing detection is currently listed by Microsoft for public preview and should be validated in a non-production tenant before regulated production use. +> **Last Verified:** 2026-05-25 > > ⚠️ **Preview Feature Dependency:** This solution tracks the Microsoft "Enforce safe sharing by detecting credential oversharing" capability, which the Microsoft release plan currently lists for public preview in July 2026 and general availability in September 2026. Verify current feature status at the [Microsoft release plan](https://learn.microsoft.com/en-us/power-platform/release-plan/2026wave1/microsoft-copilot-studio/enforce-safe-sharing-detecting-credential-oversharing) before production deployment. diff --git a/file-upload-security/README.md b/file-upload-security/README.md index 74f21e34..a486da40 100644 --- a/file-upload-security/README.md +++ b/file-upload-security/README.md @@ -11,6 +11,7 @@ coe_function: govern > **Version:** v1.1.2 > **Status:** Live > **Validated against framework version:** v1.6.0 +> **Last Verified:** 2026-05-25 Automated validation of Copilot Studio agent file upload settings against governance zone policies. Supports Control 1.14 (Data Minimization and Agent Scope Control) by detecting agents with file uploads enabled in zones where uploads should be restricted or disabled. diff --git a/file-upload-security/docs/flow-setup.md b/file-upload-security/docs/flow-setup.md index 827f1632..7ff79546 100644 --- a/file-upload-security/docs/flow-setup.md +++ b/file-upload-security/docs/flow-setup.md @@ -95,4 +95,4 @@ Recurrence (Daily 06:00 UTC) --- -*File Upload Security Configurator — Flow Setup Guide* +*File Upload Security Configurator — Flow Setup Guide — Last Verified: 2026-05-25* diff --git a/file-upload-security/docs/prerequisites.md b/file-upload-security/docs/prerequisites.md index 26b9e18f..bf396eae 100644 --- a/file-upload-security/docs/prerequisites.md +++ b/file-upload-security/docs/prerequisites.md @@ -107,4 +107,4 @@ Unclassifiable environments default to Zone 3 (most restrictive) for fail-safe g --- -*File Upload Security Configurator — Prerequisites* +*File Upload Security Configurator — Prerequisites — Last Verified: 2026-05-25*