Enterprise Automation

Ecosystem Audit

67 repos. Microsoft OSS compliance.
One command.

● Active — v1.2.0

February 2026

The Problem

Compliance at scale is painful

Manual Checking

Open each repo. Check for CODE_OF_CONDUCT.md. Check for SECURITY.md. Check README sections. Repeat 67 times.

Inconsistent Fixes

Different people fix issues differently. Some add boilerplate, others copy from templates. Drift happens across dozens of repos.

PR Overhead

Creating 20+ compliance PRs manually? That's an afternoon gone. And you still have to track which ones merged.

The Reality

67

repos in the Amplifier ecosystem

35 cloned locally. 48 published packages. 67 unique components.
All need consistent compliance. All need monitoring.

Microsoft OSS Requirements

What the audit checks

Required Files

✓ CODE_OF_CONDUCT.md
✓ SECURITY.md
✓ SUPPORT.md
✓ LICENSE

README & Discoverability

✓ Contributing section
✓ Trademarks section
✓ Listed in MODULES.md
✓ GitHub Issues status

Each check validates presence AND content against reference templates

The Solution

One command.
Full ecosystem audit.

# From any Amplifier session:
"Run the ecosystem audit recipe"

# Or via CLI:
amplifier recipes execute amplifier-ecosystem-audit.yaml

# With auto-fix enabled:
amplifier recipes execute amplifier-ecosystem-audit.yaml \
  --context '{"create_fix_prs": "true"}'
        

Architecture

Three stages, parallel execution

Discovery
gh repo list microsoft

→

Audit each repo
20 steps, in parallel

→

Generate report
pass/fail matrix

            Smart deduplication: Skips repos that already have open compliance PRs. The repo-audit sub-recipe runs 20 steps per repo including reference file comparison against amplifier-core templates.
        

Output

Clear compliance matrix

amplifier-core

4/4

2/2

✓ Compliant

amplifier-foundation

4/4

2/2

✓ Compliant

amplifier-module-tool-web

3/4

2/2

✗ Missing SECURITY.md

amplifier-bundle-new

2/4

1/2

✗ Multiple issues

Example output. Actual results depend on current repo state. Bottom two rows are illustrative.

Auto-Fix Mode

Optional: Create PRs automatically

# Enable auto-fix:
amplifier recipes execute amplifier-ecosystem-audit.yaml \
  --context '{"create_fix_prs": "true"}'

# Preview without changes (dry run):
amplifier recipes execute amplifier-ecosystem-audit.yaml \
  --context '{"dry_run": "true"}'
        

Add missing SECURITY.md and SUPPORT.md compliance

amplifier-bot opened this pull request • Automated compliance fix

Add Contributing and Trademarks sections to README compliance

amplifier-bot opened this pull request • Automated compliance fix

Preserves existing content. Only adds what's missing. Compares against amplifier-core reference templates.

Estimated Impact

Time to audit 67 repos

Manual Process

~5.5

hours

Basis: ~5 min/repo × 67 repos
Open repo → Check files → Check README → Note issues → Repeat

With Amplifier

~10

minutes

Basis: parallel API calls + report generation
Run command → Review report → Approve PRs

Estimates based on task decomposition, not stopwatch measurements. Actual times vary with network speed and repo count.

Flexibility

Configurable to your needs

context:
  # Limit scope
  max_repos: 100               # Safety limit (default)
  repo_filter: "amplifier-*"    # Target specific repos
  include_community: true    # Include non-Microsoft repos

  # Control behavior
  dry_run: true              # Preview without changes
  create_fix_prs: false       # Just report, don't fix

  # Parallelization built in
  # Repos are audited concurrently
  # Rate-limited: 3 concurrent LLM calls, 500ms delay
        

The Bigger Picture

This pattern applies everywhere

License Audits

Scan all dependencies across repos for license compliance. Flag GPL in MIT projects.

Security Scans

Run security checks across your entire org. Aggregate findings. Prioritize fixes.

Standard Enforcement

Ensure all repos follow naming conventions, have CI configured, use approved templates.

            The recipe is a template. Fork it for your own org's requirements. The ecosystem-audit recipe composes with the repo-audit sub-recipe — same pattern, your rules.
        

Enterprise Value

Why this matters at scale

67

Repos in ecosystem

8

Checks per repo

536

Total validations

~10

Minutes (est.)

◆ Consistent standards across entire ecosystem
◆ Automated remediation reduces toil
◆ Audit trail for compliance reporting

Sources

Research Methodology

Data as of: February 20, 2026

Feature status: Active (recipe v1.2.0)

Repository: microsoft/amplifier — recipes/amplifier-ecosystem-audit.yaml

Research performed:

Local repo count: ls ~/dev/ANext/ | grep -i amplifier | wc -l → 35 repos
Cache package count: ls ~/.amplifier/cache/ → 48 packages
Union (deduplicated): sort -u across both sources → 68 total, 67 Microsoft org
Recipe inspection: cat amplifier-ecosystem-audit.yaml (v1.2.0, 3 stages)
Sub-recipe inspection: cat repo-audit.yaml (v1.2.0, 20 steps)

Gaps:

gh repo list microsoft returned 0 amplifier repos (auth/visibility limitation); count derived from local + cache union instead
Time estimates (~5.5h manual, ~10min automated) are calculated from task decomposition, not measured
Recipe development velocity (original author, timeline) not independently verified via git log

Primary contributor: Amplifier Team (per recipe metadata; individual attribution not available)

Compliance shouldn't be toil.

One command. Full visibility. Optional auto-fix.

# Try it now
amplifier recipes execute amplifier-ecosystem-audit.yaml
        

microsoft/amplifier
recipes/amplifier-ecosystem-audit.yaml