feat(agents): add meeting analyst agent for transcript analysis using work-iq#502
feat(agents): add meeting analyst agent for transcript analysis using work-iq#502agreaves-ms wants to merge 1 commit intomainfrom
Conversation
- implement workflow for extracting product requirements from meeting transcripts - define handoff structure for PRD creation - document usage and error handling for the new agent 🔍 - Generated by Copilot
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #502 +/- ##
==========================================
- Coverage 83.43% 83.40% -0.03%
==========================================
Files 20 20
Lines 3507 3507
==========================================
- Hits 2926 2925 -1
- Misses 581 582 +1
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Adds a new experimental meeting-analyst custom agent to analyze Microsoft 365 meeting transcripts via work-iq MCP tooling and generate structured handoff artifacts for prd-builder.
Changes:
- Added a new
.github/agents/meeting-analyst.agent.mdagent with a 4-phase workflow (Discover, Extract, Synthesize, Handoff) and session-state guidance. - Registered
meeting-analystin the custom agents catalog documentation. - Added a
workiqMCP server entry in.vscode/mcp.jsonto enable the required MCP tools.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .vscode/mcp.json | Adds workiq MCP server configuration to support transcript retrieval. |
| .github/agents/meeting-analyst.agent.md | New agent definition and workflow for transcript analysis + PRD handoff. |
| .github/CUSTOM-AGENTS.md | Documents and registers the new agent in the agent catalog. |
| "type": "http", | ||
| "url": "https://api.githubcopilot.com/mcp/" | ||
| }, | ||
| "workiq": { |
There was a problem hiding this comment.
The new workiq MCP server entry is missing a type field. In this repo’s MCP config templates, servers launched via command/args must specify "type": "stdio" (e.g., docs/getting-started/mcp-configuration.md), otherwise VS Code may treat the server config as invalid and fail to start it.
| "workiq": { | |
| "workiq": { | |
| "type": "stdio", |
| send: false | ||
| --- | ||
|
|
||
| # Meeting Analyst Instructions |
There was a problem hiding this comment.
The top-level heading uses # Meeting Analyst Instructions, but other agent files consistently use the agent name as the H1 (for example, # Prompt Builder, # Memory Agent, # GitHub Backlog Manager). Consider renaming the H1 to just Meeting Analyst for consistency and easier scanning in rendered views.
| # Meeting Analyst Instructions | |
| # Meeting Analyst |
|
|
||
| Each session allows approximately 30 queries before throttling. Conserve queries by batching related questions, asking targeted questions rather than broad requests, and tracking the running count. Warn the user when the count reaches 20 and again at 25. | ||
|
|
||
| When the budget is exhausted, stop making queries. Present the user with a summary of what has been collected so far and what remains unprocessed. Offer to synthesize available findings or to continue in a new session. |
There was a problem hiding this comment.
Should this include things like timecode markers for tracking progress through the meeting and how far processing has gotten?
|
|
||
| ### Effective Query Patterns | ||
|
|
||
| Focused queries yield better results than open-ended ones: |
There was a problem hiding this comment.
Probably too hard to figure out ... but is there some amount of anlyzing who the stakeholders are so that potentially authoritative statements from non-core stakeholders can be filtered or couched in terms of who said them?
|
|
||
| Update the state file after each phase transition and at natural breakpoints during extraction. | ||
|
|
||
| ### Session Continuity |
There was a problem hiding this comment.
Again is there timecode element here?
katriendg
left a comment
katriendg
left a comment
There was a problem hiding this comment.
Super nice work. I do believe this is the first agent and MCP addition that impacts our security posture for the solution, and we should take a moment to reflect if we are taking the required warnings and RAI notes.
This new agent is very useful to non-technical users, the more reason for ensuring we have some warnings or at least documented potential risks, especially with accidentally committing content to git repos.
- the agent should understand its sensitivity
- enhance the threat-model doc
- document warnings
I've added a few comments around these hopefully they are easy to add for you.
| ## Core Mission | ||
|
|
||
| Meeting discussions contain valuable product requirements, decisions, and action items that often remain unstructured. The workflow guides users from meeting discovery through transcript analysis, organizing findings into a structured handoff that the *prd-builder* agent consumes directly. | ||
|
|
There was a problem hiding this comment.
I love this addition and looking forward to trying this out, it's going to add a valuable toolchain simplification from manually copying stuff or getting copilot to download transcripts for us.
My main note however is we should make sure to add a few notices around data sensitivity and RAI. I have a few suggestions across, so sharing a few.
| ## Data Sensitivity | |
| Meeting transcripts frequently contain sensitive material that participants may not intend for broad distribution. The agent follows these data handling requirements: | |
| * Display a data sensitivity notice at the start of every session (see below). | |
| * Never include raw transcript excerpts containing names, email addresses, or customer-identifying details in analysis files. Summarize and anonymize. | |
| * Strip verbatim customer quotes unless the user explicitly confirms inclusion. | |
| * Remind the user to delete `.copilot-tracking/prd-sessions/` files after the PRD handoff is complete. | |
| * Do not reference analysis file paths in commit messages, PR descriptions, or any content that enters version control. | |
| ### Session Start Notice | |
| Display this notice verbatim at the beginning of every session, before any queries: | |
| > **Data Sensitivity Notice**: This workflow retrieves meeting transcripts from your Microsoft 365 account. Transcripts may contain customer confidential information, PII, or proprietary data. Analysis files are saved to `.copilot-tracking/` (gitignored) but exist unencrypted on disk. Verify that your usage complies with your organization's data handling policies. Delete analysis files after completing the PRD handoff. | |
| ### Data Retention | |
| Analysis files and state files in `.copilot-tracking/prd-sessions/` are working artifacts, not permanent records. After the PRD handoff completes successfully, remind the user to delete them. If the user confirms, delete the files. |
There was a problem hiding this comment.
This is great, I'll incorprate it
|
|
||
| ## Handoff Format | ||
|
|
||
| The transcript analysis file follows this structure: |
There was a problem hiding this comment.
Should we add either frontmatter (if relevant) or a note data-classification: confidential so these files get tagged accordingly?
There was a problem hiding this comment.
We can't add non-compliant frontmatter to any of the Copilot prompt files since Copilot CLI crashes out on it...
| ## Process Overview | ||
|
|
||
| The transcript analysis workflow progresses through these stages: | ||
|
|
There was a problem hiding this comment.
Think about adding this?
Pre-flight data classification prompt — Add a step in Phase 1 (Discover) where the agent asks the user to confirm the data classification level of the meetings they intend to analyze (e.g., Public, Internal, Confidential, Highly Confidential) and refuses to proceed for Highly Confidential without explicit acknowledgment.
| "type": "http", | ||
| "url": "https://api.githubcopilot.com/mcp/" | ||
| }, | ||
| "workiq": { |
There was a problem hiding this comment.
Based on this addition, could we add a RAI data privacy note about transcripts.
In this document: docs/security/threat-model.md
Here is a suggestion by copilot, which seems relevant:
#### RAI-3a: Privacy - M365 Transcript Data Materialization
| Field | Value |
|-------------------|-----------------------------------------------------------------------------------------------------------|
| **Category** | Privacy & Security (Microsoft RAI Standard) |
| **Asset** | Meeting transcripts, customer confidential data, PII |
| **Threat** | The meeting-analyst agent retrieves M365 transcripts containing sensitive data and writes them to local files in `.copilot-tracking/`. Data may be exposed through accidental commits (`git add -f`), gitignore misconfiguration, shared Codespaces, CI/CD logs, or unencrypted disk access. |
| **Likelihood** | Medium (users may not recognize transcript sensitivity; gitignore is the only barrier) |
| **Impact** | High (customer confidential data, PII, trade secrets) |
| **Mitigations** | Gitignore for `.copilot-tracking/`, agent-level data sensitivity notice, anonymization guidance in agent instructions, post-session cleanup reminders, documentation in threat model and agent catalog |
| **Residual Risk** | Medium (gitignore is not a security control; user awareness is behavioral) |
| **Status** | Partially Mitigated with Documentation |
| **Workflow:** Discover → Extract → Synthesize → Handoff | ||
|
|
||
| **Critical:** Experimental. Requires `mcp_workiq_accept_eula` call before querying. Uses `mcp_workiq_ask_work_iq` for Microsoft 365 meeting data. Query budget of approximately 30 per session. Hands off to **prd-builder** for PRD creation. | ||
|
|
There was a problem hiding this comment.
Add a warning note about PII and confidential data, files written to disk but gitnored, user is responsible for deleting the files, files are not encrypted (if the customer followed our guidance, they may not have done the .gitnore!). If not, then we are guarding ourselves based on documentation.
There was a problem hiding this comment.
That's a good idea
|
|
||
| Present discovered meetings for user confirmation before extracting transcripts. Respect the query budget: display the running count when it reaches notable thresholds and collaborate with the user on prioritization if the budget is tight. | ||
|
|
||
| Format file references as markdown links using workspace-relative paths. When referencing the analysis file, link to it directly so the user can open it from the conversation. |
There was a problem hiding this comment.
In future we could evaluate adding a skill that has to be called by the agent to delete the potentially confidential files on disk (and add a requires dependency from the agent to the skill within our collection setup).
There was a problem hiding this comment.
We're getting a hooks: frontmatter primitive in custom agents very soon for GHCP, cleanup would go there when we get it. I'll make an issue to add this.
4 participants
feat(agents): add meeting analyst agent for transcript analysis
Description
#501
Added a new experimental meeting analyst agent that retrieves meeting transcripts from Microsoft 365 via work-iq-mcp, extracts product requirements and decisions, and produces structured handoff documents for the PRD builder agent. Registered the agent in the custom agents catalog and configured the workiq MCP server.
meeting-analyst.agent.mdwith a four-phase workflow (Discover, Extract, Synthesize, Handoff) for analyzing meeting transcripts and extracting product requirements, decisions, action items, and open questions.copilot-tracking/prd-sessions/meeting-analystin the custom agents catalog with description, workflow summary, and critical usage notesworkiqMCP server entry to.vscode/mcp.jsonusingnpx -y @microsoft/workiq mcpWarning
This PR includes experimental GHCP artifacts that may have breaking changes.
.github/agents/meeting-analyst.agent.mdGHCP Artifact Maturity
.github/agents/meeting-analyst.agent.mdGHCP Maturity Acknowledgment
Related Issue(s)
Type of Change
Select all that apply:
Code & Documentation:
Infrastructure & Configuration:
AI Artifacts:
prompt-builderagent and addressed all feedback.github/instructions/*.instructions.md).github/prompts/*.prompt.md).github/agents/*.agent.md).github/skills/*/SKILL.md)Other:
.ps1,.sh,.py)Sample Prompts (for AI Artifact Contributions)
User Request:
meeting-analystselectedExecution Flow:
mcp_workiq_accept_eulawithhttps://github.com/microsoft/work-iq-mcp.mcp_workiq_ask_work_iqto find matching meetings. Presents a numbered list of discovered meetings with name, date, and participants. Waits for user confirmation.prd-buildersession.Output Artifacts:
.copilot-tracking/prd-sessions/customer-portal-redesign-transcript-analysis.md.copilot-tracking/prd-sessions/customer-portal-redesign-transcript.state.jsonSuccess Indicators:
prd-builder.For detailed contribution requirements, see:
Testing
Checklist
Required Checks
AI Artifact Contributions
/prompt-analyzeto review contributionprompt-builderreviewRequired Automated Checks
The following validation commands must pass before merging:
npm run lint:mdnpm run spell-checknpm run lint:frontmatternpm run lint:md-linksnpm run lint:psSecurity Considerations
Additional Notes
The
meeting-analystagent is marked as experimental (maturity: experimentalin frontmatter). It requires the work-iq-mcp EULA acceptance before querying and has a query budget of approximately 30 per session. The agent hands off to the prd-builder agent for PRD creation or update.🔍 - Generated by Copilot