Add release-monitoring-report skill

[shahzaibj]

Summary

First check-in of the release-monitoring-report skill — an agent skill that produces a version-over-version release-health report for the Android Broker and Authenticator as a single self-contained HTML file. For each app it answers two questions — what changed this release (KPIs + tables vs a baseline) and why (error-code movers, per-scenario deltas, crash analysis) — and ends in a clear SAFE / WATCH / HOLD verdict.

This is a tooling/automation-only change: everything lands under .github/skills/ and ships no product code.

What's included (27 files under .github/skills/release-monitoring-report/)

Area	Files	Purpose
Entry point	SKILL.md	Workflow: bootstrap → resolve versions → pull queries → diagnose → fill report → validate
Queries	assets/queries/*.kql + README.md	18 validated Broker + Authenticator KQL templates (adoption, reliability, error rate, top errors, latency, per-host-app, scenario success, crash denominator)
Scripts	assets/scripts/	run-kql.ps1, bootstrap-report.ps1, validate-report.ps1, compare-versions.js, find-suspect-prs.ps1, fetch-appcenter-crashes.js (App Center crash pull: groups/diff/enrich/newcrashes/signature)
Docs	assets/docs/	Diagnostic-pattern methodology, App Center crash-source reference, Kusto cheatsheet
Template	assets/templates/report-template.html	Canonical report layout (filled reference example)

Highlights

• Diagnostic methodology, not just dashboards — a KPI delta is treated as a question: count-vs-rate normalization, version-attribution vs rollout-substitution, code-frozen control, benign-vs-real classification, and crash version-attribution before anything is called a regression.
• Crash version-attribution — newcrashes (genuinely-new java-frame signatures via anti-join against a union of priors) + signature (cross-version presence) reliably separate real new crashes from pre-existing/environmental ones and from native-frame false positives.

Secrets / cleanliness

• No tokens, keys, passwords, emails, or user paths. App Center token is read at runtime from outside the repo (~/.android-release-reports/appcenter.token); only internal Kusto cluster/DB names (AAD-accessed) appear.
• Scoped to the skill only — unrelated untracked .pr-patches/, AD-MFA-phonefactor-phoneApp-android/, and a local .gitignore edit were deliberately excluded.

Risk

Low — .github/skills/ only, no app/build/runtime impact. Helpers require az login (Kusto) and an optional App Center token; nothing runs automatically.

Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

[github-actions]

❌ Work item link check failed. Description does not contain AB#{ID}.

Click here to Learn more.