Azure SRE Agent template, tools, schedules, and docs

.github/plugin/marketplace.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "https://json.schemastore.org/github-copilot-cli-marketplace.json",
+  "name": "finops-toolkit",
+  "description": "Microsoft FinOps Toolkit plugins for AI-powered cloud financial management.",
+  "owner": {
+    "name": "Microsoft"
+  },
+  "metadata": {
+    "version": "13.0.0"
+  },
+  "plugins": [
+    {
+      "name": "microsoft-finops-toolkit",
+      "version": "13.0.0",
+      "source": "./src/templates/copilot-plugin",
+      "description": "AI-powered cloud financial management for Azure. Analyze costs with KQL queries against FinOps hubs, get CFO-level reporting, and access Azure Cost Management insights.",
+      "category": "finops",
+      "homepage": "https://learn.microsoft.com/en-us/cloud-computing/finops/toolkit/finops-toolkit-overview"
+    },
+    {
+      "name": "microsoft-learn",
+      "source": {
+        "source": "url",
+        "url": "https://github.com/microsoftdocs/mcp.git"
+      },
+      "description": "Access official Microsoft documentation, API references, and code samples for Azure, .NET, Windows, and more.",
+      "category": "documentation",
+      "homepage": "https://learn.microsoft.com"
+    }
+  ]
+}

.gitignore

@@ -374,6 +374,7 @@ env/
 # AI
 .claude/settings.local.json
 .claude/scheduled_tasks.lock
+.mcp.json
 
 # Internal planning docs
 /TODO.md
@@ -384,6 +385,29 @@ env/
 # Auto-generated build artifacts
 src/templates/finops-hub-copilot-studio/knowledge/query-catalog.md
 .gate/
-todo/
-done/
+
+# Gate pipeline files (runtime, not source)
+/todo/
+/done/
+
+# Ralph autonomous iteration loop
+/ralph.sh
+/ralph-meta.sh
+/ralph/
+
+# SRE agent training deck — local working artifacts
+src/templates/sre-agent/training/release-deck/renders/
+src/templates/sre-agent/training/release-deck/__pycache__/
+src/templates/sre-agent/training/release-deck/~$*.pptx
+src/templates/sre-agent/training/release-deck/finops-toolkit-sre-agent-release-training copy.pptx
+src/templates/sre-agent/training/release-deck/finops-toolkit-sre-agent-release-training.pdf
+src/templates/sre-agent/training/release-deck/qa4-*.jpg
+src/templates/sre-agent/training/release-deck/charts/svg/*.rasterized.png
+src/templates/sre-agent/training/release-deck/assets/*.rasterized.png
+
+# Working PNGs from playwright/CDP captures at repo root
+.playwright-mcp/
+cdp-fullpage*.png
+cdp-shot*.png
+src/templates/sre-agent/training/release-deck/finops-toolkit-sre-agent-release-training.rebuild-*.pptx
 release/scloud-occurrence-report.md

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "src/templates/sre-agent/submodules/azcapman"]
+	path = src/templates/sre-agent/submodules/azcapman
+	url = https://github.com/microsoft/azcapman.git

.plugin

@@ -0,0 +1 @@
+src/templates/copilot-plugin

AGENTS.md

@@ -1,5 +1,19 @@
 # Agent Instructions
 
+## P0 Git Safety Rule
+
+AI agents must never directly mutate `main` or `dev` in this repository or in any submodule. This includes direct commits, pushes, merges, reverts, cherry-picks, resets, branch updates, or any refspec that targets `main` or `dev`.
+
+AI agents must never run `git push origin HEAD:main`, `git push origin HEAD:dev`, `git push origin <anything>:main`, `git push origin <anything>:dev`, or equivalent commands against any remote.
+
+AI agents must never use privileged credentials, maintainer permissions, administrator permissions, branch-protection bypass permissions, ruleset bypass permissions, or GitHub's "bypass rule violations" path to update a protected branch.
+
+If GitHub reports that a push would "bypass rule violations" or that "changes must be made through a pull request", the agent must stop immediately and report a P0 policy violation. Do not continue with the push, and do not attempt a workaround.
+
+The only allowed path for changes intended for `main` or `dev` is: create or update a feature branch, push only that feature branch after explicit approval, and open a pull request. Humans and required repository automation own protected-branch integration.
+
+Reverting, remediating, or "cleaning up" an unauthorized protected-branch change is also a protected-branch mutation. AI agents must not do it without explicit user approval for the exact branch, commit, and command.
+
 This file provides guidance to AI Agents when working with code in this repository.
 
 ## Repository Overview
@@ -169,10 +183,12 @@ The PowerShell-based build system:
 
 This repository supports production infrastructure managing significant revenue. All git operations must be non-destructive and preserve full commit history.
 
+The P0 Git Safety Rule at the top of this file is authoritative and overrides every permitted operation listed below.
+
 **Permitted operations:**
 
-- `git add`, `git commit`, `git push` (standard push only)
-- `git merge` (merge commits to integrate branches — the only permitted way to sync with `dev` or resolve conflicts)
+- `git add`, `git commit`, `git push` on non-protected feature branches only (standard push only, after explicit approval)
+- `git merge` into non-protected feature branches only (merge commits to integrate from `dev` — the only permitted way to sync with `dev` or resolve conflicts, after explicit approval)
 - `git checkout`, `git switch`, `git branch` (branch creation and switching)
 - `git worktree add`, `git worktree remove`, `git worktree prune` (worktree lifecycle)
 - `git fetch`, `git pull` (with merge, not rebase)
@@ -181,6 +197,9 @@ This repository supports production infrastructure managing significant revenue.
 
 **Prohibited operations:**
 
+- Any direct mutation of `main` or `dev`, including direct pushes, commits, merges, reverts, or branch ref updates.
+- Any use of protected branch, ruleset, or administrator bypass capabilities to update `main` or `dev`.
+- Any attempt to land changes on `main` or `dev` without a pull request.
 - `git rebase` — rewrites commit history. Never permitted on shared branches. Not permitted as a conflict resolution strategy.
 - `git push --force` / `git push --force-with-lease` — destructive remote update. Never permitted.
 - `git reset --hard` to a state behind the remote (discarding pushed commits)
@@ -196,7 +215,7 @@ This repository supports production infrastructure managing significant revenue.
 - **`src/scripts/Update-Version.ps1`** — This script has multiple independent version-update blocks (PowerShell, Bicep, plugin.json, survey IDs, etc.). When both sides add new blocks, keep both — they operate on different file sets and do not conflict logically.
 - **`docs-mslearn/toolkit/changelog.md`** — Both sides may add entries under the same version heading. Keep entries from both sides in logical order (plugin entries, then component entries).
 
-**AI agents must ask for explicit approval** before executing any git write operation (`commit`, `push`, `merge`). Read-only git commands (`status`, `log`, `diff`, `branch --list`, `worktree list`) do not require approval.
+**AI agents must ask for explicit approval** before executing any git write operation (`commit`, `push`, `merge`, `revert`, `cherry-pick`, branch deletion, tag creation, or worktree state mutation). Read-only git commands (`status`, `log`, `diff`, `show`, `branch --list`, `worktree list`, `ls-remote`, `fetch`) do not require approval. Approval to perform a task, deploy, unblock a test, or fix an incident is not approval to write to git; approval must name the git action.
 
 ### File Organization
 

docs-mslearn/.openpublishing.redirection.finops.json

@@ -130,6 +130,11 @@
       "redirect_url": "/cloud-computing/finops/toolkit/workbooks/customize-workbooks",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/finops/finops/toolkit/hubs/configure-sre.md",
+      "redirect_url": "/cloud-computing/finops/toolkit/sre-agent/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/finops/finops/framework/manage/culture.md",
       "redirect_url": "/cloud-computing/finops/framework/manage/education",

docs-mslearn/TOC.yml

@@ -54,7 +54,7 @@
                   href: framework/optimize/optimize-cloud-usage-cost.md
                 - name: Architecting for cloud
                   href: framework/optimize/architecting.md
-                - name: Workload optimization
+                - name: Usage optimization
                   href: framework/optimize/workloads.md
                 - name: Rate optimization
                   href: framework/optimize/rates.md
@@ -154,6 +154,26 @@
           href: toolkit/hubs/upgrade.md
         - name: Compatibility guide
           href: toolkit/hubs/compatibility.md
+    - name: FinOps toolkit SRE Agent
+      items:
+        - name: Overview
+          href: toolkit/sre-agent/overview.md
+        - name: Deploy
+          href: toolkit/sre-agent/deploy.md
+        - name: Agents and skills
+          href: toolkit/sre-agent/agents.md
+        - name: Tools
+          href: toolkit/sre-agent/tools.md
+        - name: Scheduled tasks
+          href: toolkit/sre-agent/scheduled-tasks.md
+        - name: Knowledge and memory
+          href: toolkit/sre-agent/knowledge.md
+        - name: Security and permissions
+          href: toolkit/sre-agent/security.md
+        - name: Troubleshooting
+          href: toolkit/sre-agent/troubleshooting.md
+        - name: Template reference
+          href: toolkit/sre-agent/template.md
     - name: Power BI
       items:
         - name: Overview
@@ -170,7 +190,7 @@
           href: toolkit/power-bi/invoicing.md
         - name: Rate optimization report
           href: toolkit/power-bi/rate-optimization.md
-        - name: Workload optimization report
+        - name: Usage optimization report
           href: toolkit/power-bi/workload-optimization.md
         - name: Data ingestion report
           href: toolkit/power-bi/data-ingestion.md

docs-mslearn/conduct-iteration.md

@@ -3,7 +3,7 @@ title: Tutorial - Conduct an iteration
 description: This tutorial helps you learn how to take an iterative approach to FinOps adoption.
 author: flanakin
 ms.author: micflan
-ms.date: 04/01/2026
+ms.date: 05/25/2026
 ms.topic: tutorial
 ms.service: finops
 ms.subservice: finops-learning-resources
@@ -46,7 +46,7 @@ Use the following information as a guide to select the right FinOps capabilities
    1. Reporting and analytics
    2. Forecasting
    3. Budgeting
-   4. Workload optimization
+   4. Usage optimization
    5. Anomaly management
 2. If you're building a new FinOps team or interested in driving awareness and adoption of FinOps, start with:
    1. FinOps practice operations
@@ -69,11 +69,11 @@ Use the following information as a guide to select the right FinOps capabilities
    4. Reporting and analytics
 6. If your team has a solid understanding of the basics and wants to focus on deeper optimization through advanced automation, consider:
    1. Architecting for the cloud
-   2. Workload optimization
+   2. Usage optimization
    3. Rate optimization
    4. Licensing and SaaS
    5. Cloud sustainability
-   6. Policy and governance
+   6. Governance, Policy & Risk
 7. If your team has a solid understanding of the basics and needs to map cloud investments back to business value, consider:
    1. Unit economics
    2. Allocation

docs-mslearn/framework/capabilities.md

@@ -3,7 +3,7 @@ title: FinOps capabilities
 description: Learn about what the fundamental building blocks of the FinOps Framework that enable you to maximize business value through the cloud.
 author: flanakin
 ms.author: micflan
-ms.date: 04/01/2026
+ms.date: 05/25/2026
 ms.topic: conceptual
 ms.service: finops
 ms.subservice: finops-learning-resources
@@ -16,9 +16,9 @@ The FinOps Framework includes capabilities that cover everything you need to per
 
 <br>
 
-## Understand usage and cost
+## Understand Usage & Cost
 
-The **Understand usage and cost** domain is focused on data acquisition, reporting, analysis, and alerting on top of your cost, usage, and carbon consumption. This domain is all about observability and business intelligence. It brings the data that stakeholders need together (ingestion) into a meaningful breakdown for the organization (allocation). Then it can be reported on (reporting) and monitored to proactively identify and react to issues (anomalies).
+The **Understand Usage & Cost** domain is focused on data acquisition, reporting, analysis, and alerting on top of your cost, usage, and carbon consumption. This domain is all about observability and business intelligence. It brings the data that stakeholders need together (ingestion) into a meaningful breakdown for the organization (allocation). Then it can be reported on (reporting) and monitored to proactively identify and react to issues (anomalies).
 
 - [Data ingestion](./understand/ingestion.md)
 - [Allocation](./understand/allocation.md)
@@ -44,7 +44,7 @@ The **Quantify business value** domain is focused on identifying and breaking do
 The **Optimize usage and cost** domain is focused on designing and optimizing solutions for efficiency to ensure you get the most out of your cloud investments.
 
 - [Architecting for the cloud](./optimize/architecting.md)
-- [Workload optimization](./optimize/workloads.md)
+- [Usage optimization](./optimize/workloads.md)
 - [Rate optimization](./optimize/rates.md)
 - [Licensing and SaaS](./optimize/licensing.md)
 - [Cloud sustainability](./optimize/sustainability.md)
@@ -58,7 +58,7 @@ The **Manage the FinOps practice** domain is focused on establishing a clear and
 - [FinOps education and enablement](./manage/education.md)
 - [FinOps practice operations](./manage/operations.md)
 - [Onboarding workloads](./manage/onboarding.md)
-- [Policy and governance](./manage/governance.md)
+- [Governance, Policy & Risk](./manage/governance.md)
 - [Invoicing and chargeback](./manage/invoicing-chargeback.md)
 - [FinOps assessment](./manage/assessment.md)
 - [FinOps tools and services](./manage/tools-services.md)

docs-mslearn/framework/finops-framework.md

@@ -3,7 +3,7 @@ title: FinOps Framework overview
 description: 'Learn about what the FinOps Framework is and how you can use it to accelerate your cost management and optimization goals.'
 author: flanakin
 ms.author: micflan
-ms.date: 04/01/2026
+ms.date: 05/25/2026
 ms.topic: concept-article
 ms.service: finops
 ms.subservice: finops-learning-resources
@@ -115,7 +115,7 @@ The FinOps Framework defines a simple lifecycle with three phases:
 
 The FinOps Framework includes capabilities that cover everything you need to perform FinOps tasks and manage a FinOps practice. Capabilities are organized into a set of related domains based on the goals of the capabilities. Each capability defines a functional area of activity and a set of tasks to support your FinOps practice.
 
-- Understand usage and cost
+- Understand Usage & Cost
 
   - [Data ingestion](./understand/ingestion.md)
   - [Allocation](./understand/allocation.md)
@@ -133,7 +133,7 @@ The FinOps Framework includes capabilities that cover everything you need to per
 - Optimize usage and cost
 
   - [Architecting for the cloud](./optimize/architecting.md)
-  - [Workload optimization](./optimize/workloads.md)
+  - [Usage optimization](./optimize/workloads.md)
   - [Rate optimization](./optimize/rates.md)
   - [Licensing and SaaS](./optimize/licensing.md)
   - [Cloud sustainability](./optimize/sustainability.md)
@@ -143,7 +143,7 @@ The FinOps Framework includes capabilities that cover everything you need to per
   - [FinOps education and enablement](./manage/education.md)
   - [FinOps practice operations](./manage/operations.md)
   - [Onboarding workloads](./manage/onboarding.md)
-  - [Policy and governance](./manage/governance.md)
+  - [Governance, Policy & Risk](./manage/governance.md)
   - [Invoicing and chargeback](./manage/invoicing-chargeback.md)
   - [FinOps assessment](./manage/assessment.md)
   - [FinOps tools and services](./manage/tools-services.md)

docs-mslearn/framework/manage/governance.md

@@ -1,31 +1,31 @@
 ---
-title: Policy and governance
-description: This article helps you understand the policy and governance capability within the FinOps Framework and how to implement that in the Microsoft Cloud.
+title: Governance, Policy & Risk
+description: This article helps you understand the governance, policy, and risk capability within the FinOps Framework and how to implement that in the Microsoft Cloud.
 author: flanakin
 ms.author: micflan
-ms.date: 04/01/2026
+ms.date: 05/25/2026
 ms.topic: concept-article
 ms.service: finops
 ms.subservice: finops-learning-resources
 ms.reviewer: kedelaro
-# customer intent: As a FinOps practitioner, I want to understand the policy and governance capability so that I can implement it in the Microsoft Cloud.
+# customer intent: As a FinOps practitioner, I want to understand the governance, policy, and risk capability so that I can implement it in the Microsoft Cloud.
 ---
 
-# Policy and governance
+# Governance, Policy & Risk
 
-This article helps you understand the policy and governance capability within the FinOps Framework and how to implement that in the Microsoft Cloud.
+This article helps you understand the governance, policy, and risk capability within the FinOps Framework and how to implement that in the Microsoft Cloud.
 
 <br>
 
 ## Definition
 
-**Policy and governance refers to the process of defining, implementing, and monitoring a framework of rules that guide an organization's FinOps efforts.**
+**Governance, Policy & Risk refers to the process of defining, implementing, and monitoring a framework of rules that guide an organization's FinOps efforts.**
 
 Define your governance goals and success metrics. Review and document how existing policies are updated to account for FinOps efforts. Review with all stakeholders to get buy-in and endorsement.
 
 Establish a rollout plan that starts with audit rules and slowly (and safely) expands coverage to drive compliance without negatively impacting engineering efforts.
 
-Implementing a policy and governance strategy enables organizations to sustainably implement FinOps at scale. Policy and governance can act as a multiplier to FinOps efforts by building them natively into day-to-day operations.
+Implementing a governance, policy, and risk strategy enables organizations to sustainably implement FinOps at scale. Governance, Policy & Risk can act as a multiplier to FinOps efforts by building them natively into day-to-day operations.
 
 <br>
 
@@ -59,14 +59,14 @@ At this point, you have a basic set of policies in place that are being managed
   - Map governance efforts to FinOps efficiencies that can be mapped back to more business value with less effort.
 - Expand coverage of more scenarios.
   - Consider evaluating ways to quantify the impact of each rule in cost and/or business value.
-- Integrate policy and governance into every conversation to establish a plan for how you want to automate the tracking and application of new policies.
+- Integrate governance, policy, and risk into every conversation to establish a plan for how you want to automate the tracking and application of new policies.
 - Consider advanced governance scenarios outside of Azure Policy. Build monitoring solutions using systems like [Power Automate](/power-automate/getting-started) or [Logic Apps](/azure/logic-apps/logic-apps-overview).
 
 <br>
 
 ## Learn more at the FinOps Foundation
 
-This capability is a part of the FinOps Framework by the FinOps Foundation, a non-profit organization dedicated to advancing cloud cost management and optimization. For more information about FinOps, including useful playbooks, training and certification programs, and more, see the [Policy and governance capability](https://www.finops.org/framework/capabilities/policy-governance/) article in the FinOps Framework documentation.
+This capability is a part of the FinOps Framework by the FinOps Foundation, a non-profit organization dedicated to advancing cloud cost management and optimization. For more information about FinOps, including useful playbooks, training and certification programs, and more, see the [Governance, Policy & Risk capability](https://www.finops.org/framework/capabilities/governance-policy-risk/) article in the FinOps Framework documentation.
 
 You can also find related videos on the FinOps Foundation YouTube channel:
 
@@ -97,7 +97,7 @@ If you're looking for something specific, vote for an existing or create a new i
 Related FinOps capabilities:
 
 - [FinOps practice operations](./operations.md)
-- [Workload optimization](../optimize/workloads.md)
+- [Usage optimization](../optimize/workloads.md)
 
 Related products: