Fix MCP server paths and add rule-based Copilot instructions

[Copilot]

🎯 Address Code Review Feedback - COMPLETE ✅

Changes Made

1. AGENTS.md - Clarified Agent Structure

• Specified that only YAML frontmatter contains name/description/tools
• Noted that agent file body contains detailed instructions after frontmatter
• Added complete MCP configuration example including filesystem and git servers
• Added security warning about unpinned MCP packages

2. AGENTS.md - Added Environment Notes

• Documented that filesystem/git paths are environment-specific (GitHub Actions)
• Noted paths are for current runner layout (/home/runner/work/riksdagsmonitor/riksdagsmonitor)
• Added supply chain security warning about unpinned npm packages

3. SKILLS.md - Fixed XSS Security Claim

• Changed from "eliminated attack vectors (no XSS)" to more accurate statement
• Now states "eliminated server-side attack vectors" and "greatly reduced XSS surface"
• Acknowledges client-side XSS is still possible with unsafe JavaScript

Rationale

Agent Structure Clarification:

• Previous wording suggested entire agent file only had 3 lines
• Reality: YAML frontmatter is minimal, but agent body is substantial
• Now explicitly states "YAML frontmatter" vs "agent file body"

Environment-Specific Paths:

• Hard-coded paths are specific to GitHub Actions runner environment
• May not work in Codespaces, local clones, or if repo renamed
• Added notes to document this limitation

XSS Security Accuracy:

• Static sites don't eliminate XSS entirely
• Client-side XSS still possible via unsafe JavaScript or third-party content
• Updated to "server-side attack vectors eliminated" and "greatly reduced XSS surface"

Supply Chain Security:

• MCP packages run with high-privilege GitHub PAT
• Using -y flag without version pinning is risky
• Attacker compromising npm package could exfiltrate token or modify repos
• Added warning about version pinning for security

Updated Documentation

Agent YAML Frontmatter:

---
name: agent-name
description: Brief description
tools: ["view", "edit", "create", "search", "bash", "grep", "glob"]
---

# Agent body with instructions follows...

Security Notes Added:

• ⚠️ MCP packages not version-pinned (supply chain risk)
• Filesystem/git paths are environment-specific
• Static sites: server-side attacks eliminated, XSS surface reduced (not eliminated)

Original prompt

Want to create all agents suitable in the repo .github/agents as well as improve documention. Add better rules, better enforcement, ask less question and complete task better.

Analyse what agents skilles in deed for agents build an extensive skills, see github support library https://github.blog/changelog/2025-12-18-github-copilot-now-supports-agent-skills/

All skills should be based on best practices from https://github.com/anthropics/skills and https://github.com/github/awesome-copilot .

Analyse context below, all agents need to be aware of Hack23 public ISMS. Skills just be strategic, high level principles follow security by design. best practices and be rule based.

Secure Development Policy Enforcement

You understand and enforce all requirements from Hack23 Secure Development Policy:

Required Security Documentation

ALL Hack23 repositories MUST have:

1. 🏛️ SECURITY_ARCHITECTURE.md - Current implemented security design

   • Security controls and measures
   • Authentication and authorization architecture
   • Data protection mechanisms
   • Network security topology
   • Security testing approach

2. 🚀 FUTURE_SECURITY_ARCHITECTURE.md - Planned security improvements

   • Security roadmap
   • Planned enhancements
   • Risk mitigation strategies
   • Compliance improvements

Required Architecture Documentation Portfolio

C4 Architecture Model Implementation - ALL Hack23 projects MUST maintain:

Current State Architecture:

• 🏛️ ARCHITECTURE.md - Complete C4 models (Context, Container, Component views)
• 📊 DATA_MODEL.md - Data structures, entities, relationships
• 🔄 FLOWCHART.md - Business process and data flows
• 📈 STATEDIAGRAM.md - System state transitions and lifecycles
• 🧠 MINDMAP.md - System conceptual relationships
• 💼 SWOT.md - Strategic analysis and positioning

Future State Planning:

• 🚀 FUTURE_ARCHITECTURE.md - Architectural evolution roadmap
• 📊 FUTURE_DATA_MODEL.md - Enhanced data architecture plans
• 🔄 FUTURE_FLOWCHART.md - Improved process workflows
• 📈 FUTURE_STATEDIAGRAM.md - Advanced state management
• 🧠 FUTURE_MINDMAP.md - Capability expansion plans
• 💼 FUTURE_SWOT.md - Future strategic opportunities

DevSecOps & SDLC Requirements

You verify that repositories integrate security throughout the development lifecycle:

Custom agent used: hack23-agent-curator
Org-level curator for Hack23 Copilot agents, enforcing GitHub config, MCP standards, and documentation quality

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This PR formalizes GitHub Copilot integration for the riksdagsmonitor static site by adding structured agent/skill documentation, per-agent configuration, and repo-wide Copilot operating instructions, while fixing the MCP server paths for the GitHub Actions environment.

Changes:

• Add top-level AGENTS.md and SKILLS.md to describe the custom Copilot agents and strategic skills, aligned with Hack23’s ISMS and documentation portfolio.
• Introduce concrete skill definitions under .github/skills/ and detailed agent configurations under .github/agents/ that tie into the MCP GitHub server and repo workflows.
• Update .github/copilot-mcp.json, README.md, and add .github/copilot-instructions.md to ensure MCP servers use the correct runner paths and to define operational rules (validation, security, i18n, accessibility, performance) for Copilot.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
SKILLS.md	Introduces a high-level guide to available skills, their structure, hierarchy, and how they integrate with agents.
README.md	Documents the new Copilot agents/skills and links to Hack23 ISMS and Secure Development Policy.
AGENTS.md	Provides an overview of all custom agents, their domains, example invocations, and shared standards.
.github/skills/static-site-security/SKILL.md	Defines static-site-specific security guidance (headers, TLS, CI/CD, incident response); contains the noted X-XSS-Protection and SRI examples to adjust.
.github/skills/security-by-design/SKILL.md	Encodes security-by-design principles and SDLC checklists tailored to static sites and GitHub workflows.
.github/skills/multi-language-localization/SKILL.md	Captures best practices for 14-language static-site localization with RTL and SEO considerations.
.github/skills/html-accessibility/SKILL.md	Documents WCAG 2.1 AA-aligned HTML accessibility patterns and testing approaches.
.github/skills/hack23-isms-compliance/SKILL.md	Formalizes Hack23 ISMS compliance expectations, required docs, and framework mappings as a strategic skill.
.github/skills/documentation-standards/SKILL.md	Defines standard document structures, C4 usage, and Mermaid best practices for architecture/docs.
.github/skills/ci-cd-security/SKILL.md	Describes secure GitHub Actions/CI-CD patterns (least privilege, SHA-pinning, harden-runner, scanning).
.github/copilot-mcp.json	Fixes MCP server paths for filesystem/git to the correct Actions runner directory and adds GITHUB_API_URL for the GitHub MCP server.
.github/copilot-instructions.md	Adds repo-level Copilot operating rules covering validation, security, i18n, accessibility, and how to use agents/skills.
.github/agents/security-architect.md	Configures the security-architect agent, its MCP server, required context, and security/ISMS responsibilities.
.github/agents/quality-engineer.md	Configures the quality-engineer agent around HTML/CSS validation, link checking, WCAG, and quality gates.
.github/agents/isms-compliance-manager.md	Configures the isms-compliance-manager agent for policy enforcement, gap analysis, and audit preparation.
.github/agents/frontend-specialist.md	Configures the frontend-specialist agent for semantic HTML/CSS, responsive design, and multi-language UX.
.github/agents/documentation-architect.md	Configures the documentation-architect agent for C4 architecture docs, Mermaid diagrams, and documentation portfolio management.
.github/agents/deployment-specialist.md	Configures the deployment-specialist agent for GitHub Pages deployment, secure workflows, and CI/CD optimization.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The X-XSS-Protection: 1; mode=block header is marked as an "essential" security header here, but this header is deprecated and either ignored or discouraged by modern browsers; recommending it as a best practice is misleading. Consider either dropping it entirely or clearly labeling it as legacy guidance and focusing on CSP and other modern mitigations instead.

[Copilot]

Removed the deprecated X-XSS-Protection header. Modern browsers rely on CSP for XSS protection. Fixed in commit 83da10b.

[Copilot]

This example recommends using Subresource Integrity with a dynamic Google Fonts stylesheet URL (fonts.googleapis.com), which is not stable and will typically cause SRI checks to fail when the provider updates the CSS. To avoid breaking font loading, the SRI example should instead use a versioned, content-stable asset (e.g., a pinned script or stylesheet on a CDN you control) or explicitly note the limitations of using SRI with third-party services like Google Fonts.

Suggested change

	<!-- ✅ Good: SRI for external resources -->
	<link
	rel="stylesheet"
	href="https://fonts.googleapis.com/css2?family=Inter"
	integrity="sha384-..."
	crossorigin="anonymous"
	>
	<script
	src="https://cdn.example.com/script.js"
	integrity="sha384-..."
	crossorigin="anonymous"
	></script>
	<!-- ❌ Bad: No integrity check -->
	<script src="https://cdn.example.com/script.js"></script>
	<!-- ✅ Good: SRI for stable, versioned external resources -->
	<script
	src="https://cdn.example.com/script.v1.2.3.js"
	integrity="sha384-..."
	crossorigin="anonymous"
	></script>
	<!-- ⚠️ Google Fonts: dynamic content, SRI not reliable unless you self-host -->
	<!-- Either self-host the font CSS with SRI, or omit SRI for the dynamic URL: -->
	<link
	rel="stylesheet"
	href="https://fonts.googleapis.com/css2?family=Inter"
	crossorigin="anonymous"
	>
	<!-- ❌ Bad: No integrity check on a static, versioned asset -->
	<script src="https://cdn.example.com/script.v1.2.3.js"></script>

[Copilot]

Updated SRI example to use versioned assets and added explicit warning about Google Fonts' dynamic content. The example now shows proper SRI usage with stable CDN resources and recommends omitting SRI or self-hosting for dynamic services. Fixed in commit 83da10b.

[pethers]

@copilot apply changes based on the comments in this thread

[pethers]

@copilot repo agents can not have mcp servers configured at all, remove.

[Copilot]

@copilot repo agents can not have mcp servers configured at all, remove.

Removed MCP server configurations from all 6 repository-level agents. Agents now only contain name, description, and tools in their YAML frontmatter. Fixed in commit 15e0582.

[Copilot]

Pull request overview

Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This "Agent Configuration" example shows mcp-servers being configured directly in the agent YAML, but the PR description states that MCP configuration must live in .github/copilot-mcp.json and not in individual agent files. To avoid future misconfigurations, please either remove this snippet or clearly label it as a generic/example configuration and add a note that in this repository MCP servers are configured only via .github/copilot-mcp.json.

[Copilot]

Updated AGENTS.md to clarify that MCP servers are configured only in .github/copilot-mcp.json. Removed the misleading YAML example and added clear documentation showing the correct agent YAML structure (name, description, tools only) and the proper JSON MCP configuration location. Fixed in commit 0bbd9c9.

[pethers]

@copilot apply changes based on the comments in this thread

[Copilot]

Pull request overview

Copilot reviewed 18 out of 18 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The filesystem and git MCP servers are configured with hard-coded, repo-specific absolute paths under /home/runner/work/riksdagsmonitor/riksdagsmonitor, which tightly couple this config to the current repository name and GitHub Actions runner layout. This can break MCP usage in other environments (e.g., local clones, Codespaces, or if the repo is renamed/moved) and makes the configuration less portable; consider using a workspace-root path or environment-based value that works across runtimes instead of embedding the full absolute path and repo name.

[Copilot]

Added note documenting that filesystem and git paths are environment-specific (GitHub Actions runner layout). This configuration is designed for the current CI/CD environment. Fixed in commit ed25647.

[Copilot]

In this section you state that "Each agent file contains only" the YAML snippet that follows, but the actual agent files in .github/agents/ now include substantial Markdown bodies after the frontmatter. To avoid confusing readers (and to stay accurate), this should be rephrased to clarify that the frontmatter contains only name, description, and tools, while the agent file body can hold additional guidance and examples.

[Copilot]

Clarified that only the YAML frontmatter contains name/description/tools, while the agent file body contains detailed instructions and examples. Fixed in commit ed25647.

[Copilot]

The phrase "Leverage eliminated attack vectors (no SQL injection, XSS, CSRF, etc.)" overstates the XSS risk reduction for static sites, since client-side XSS is still possible via unsafe JavaScript or third-party content even without server-side rendering. To keep the guidance technically accurate, consider explicitly qualifying this as "no server-side SQL injection/CSRF and greatly reduced XSS surface" or similar, rather than implying XSS is impossible.

Suggested change

	- Leverage eliminated attack vectors (no SQL injection, XSS, CSRF, etc.)
	- Leverage eliminated server-side attack vectors (no server-side SQL injection/CSRF and greatly reduced XSS surface)

[Copilot]

Updated to "eliminated server-side attack vectors (no server-side SQL injection/CSRF and greatly reduced XSS surface)" to accurately reflect that client-side XSS is still possible with unsafe JavaScript. Fixed in commit ed25647.

[Copilot]

The MCP configuration example runs npx @modelcontextprotocol/server-github without any version pinning while injecting a high-privilege GitHub personal access token into the environment, which creates a significant supply chain risk: every Copilot MCP invocation will execute whatever code the latest npm package serves, with full API access to your organization’s repositories. An attacker who compromises the npm package or its registry could exfiltrate the PAT or perform arbitrary GitHub operations (e.g., modifying code, issues, or workflows) via the GITHUB_TOKEN/GITHUB_PERSONAL_ACCESS_TOKEN and the unrestricted --toolsets all / "tools": ["*"] configuration. To mitigate this, pin the MCP server to an immutable, trusted identifier (specific version or resolved artifact hash), scope the token to the minimal permissions required, and restrict the exposed toolsets/tools to only what this repository actually needs.

[Copilot]

Added security warning about unpinned MCP packages: "⚠️ Security: MCP packages are not version-pinned. Consider pinning to specific versions for supply chain security." This documents the risk of running unpinned packages with high-privilege PAT access. Fixed in commit ed25647.

[pethers]

@copilot apply changes based on the comments in this thread