Skip to content

COPILOT_GUIDE.md

Latest commit

 

History

History
513 lines (391 loc) · 16 KB

COPILOT_GUIDE.md

File metadata and controls

513 lines (391 loc) · 16 KB

GitHub Copilot Agents & Skills - Comprehensive Guide

🎉 Overview

This repository now features a comprehensive GitHub Copilot integration with:

  • 6 Custom Agents - Specialized AI experts for different development tasks
  • 6 Agent Skills - Reusable patterns and best practices (December 2025 feature)
  • GitHub MCP Insiders - Advanced features including Copilot coding agent tools

📚 Three-Tier Architecture

Understanding the hierarchy helps you use the right tool for each job:

┌─────────────────────────────────────────────────────────────┐
│ CUSTOM INSTRUCTIONS (.github/copilot-instructions.md)      │
│ Project-wide defaults, coding standards, setup guides       │
└─────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────┐
│ CUSTOM AGENTS (.github/agents/*.md)                         │
│ Specialized experts with domain knowledge and tools         │
└─────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────┐
│ AGENT SKILLS (.github/skills/*/SKILL.md)                   │
│ Reusable patterns, rules, and best practices               │
└─────────────────────────────────────────────────────────────┘

When to Use Each

Feature Purpose Example
Custom Instructions Project setup, coding standards "Use TypeScript strict mode"
Custom Agents Domain expertise for tasks "Use game-developer for Three.js work"
Agent Skills Reusable patterns/rules "How to test Three.js components"

🎯 Custom Agents (6 Total)

🎯 product-task-agent

Expert in product analysis and GitHub issue creation

Improvements:

  • ✅ Added 6 GitHub Copilot assignment methods (basic, advanced, custom instructions, direct PR, stacked PRs, job tracking)
  • ✅ Complete GitHub MCP Insiders documentation
  • ✅ Enhanced issue creation templates
  • ✅ ISMS compliance verification checklist
  • ✅ Skills integration (all 6 skills)

Growth: 420 → 950 lines (+126%)

Use for:

  • Product quality analysis
  • Creating GitHub issues
  • Coordinating specialized agents
  • ISMS compliance verification

🎮 game-developer

Expert in Three.js game development with React

Improvements:

  • ✅ 60fps performance enforcement rules
  • ✅ useFrame optimization patterns with delta time
  • ✅ Instanced mesh for particles (>10 objects)
  • ✅ Strict TypeScript for 3D components
  • ✅ References react-threejs-game skill

Growth: 77 → 440 lines (+471%)

Use for:

  • Three.js components
  • 3D game mechanics
  • WebGL rendering
  • Game loop implementation

🎨 frontend-specialist

Expert in React 19 and UI development

Improvements:

  • ✅ React 19 specific patterns (useTransition, useDeferredValue)
  • ✅ WCAG 2.1 AA accessibility compliance
  • ✅ Strict TypeScript (no any types ever)
  • ✅ Performance optimization (useMemo, useCallback)
  • ✅ References documentation-standards skill

Growth: 62 → 500 lines (+706%)

Use for:

  • React UI components
  • TypeScript interfaces
  • Accessibility compliance
  • Performance optimization

🧪 test-engineer

Expert in comprehensive testing strategies

Improvements:

  • ✅ 80%+ coverage enforcement (95% for security code)
  • ✅ Deterministic test patterns (mocked time/random)
  • ✅ Three.js testing with canvas mocking
  • ✅ React Testing Library best practices
  • ✅ References testing-strategy skill

Growth: 81 → 520 lines (+542%)

Use for:

  • Unit tests with Vitest
  • E2E tests with Cypress
  • Test coverage improvement
  • Three.js component testing

🔒 security-specialist

Expert in security, compliance, and supply chain

Improvements:

  • ✅ OSSF Scorecard ≥8.0, SLSA Level 3, SBOM ≥7.0 enforcement
  • ✅ License compliance (only MIT, Apache-2.0, BSD, ISC)
  • ✅ OWASP Top 10 secure coding rules
  • ✅ XSS prevention with sanitization
  • ✅ References security-by-design and isms-compliance skills

Growth: 107 → 580 lines (+442%)

Use for:

  • Security reviews
  • Dependency audits
  • License compliance
  • ISMS policy alignment

📝 documentation-writer

Expert in technical documentation

Improvements:

  • ✅ Complete JSDoc patterns (@param, @returns, @example)
  • ✅ Mermaid diagram templates (architecture, flows, ISMS)
  • ✅ ISMS documentation structure
  • ✅ Architecture Decision Records (ADR)
  • ✅ References documentation-standards skill

Growth: 93 → 540 lines (+480%)

Use for:

  • README files
  • API documentation
  • JSDoc comments
  • Mermaid diagrams

🎓 Agent Skills (6 Total)

🔒 security-by-design (421 lines)

High-level security principles and enforcement

Key Rules:

  1. Never commit secrets or credentials
  2. Validate and sanitize ALL user input
  3. Use parameterized queries (never string concatenation)
  4. Implement proper authentication & authorization
  5. Handle errors securely (no stack traces to users)
  6. Use cryptography correctly (established libraries)
  7. Secure dependencies (npm audit, license check)
  8. Implement security headers (CSP, X-Frame-Options)
  9. Log security events (never sensitive data)
  10. Follow Secure Development Policy

Examples: 5 complete code examples with anti-patterns

📋 isms-compliance (191 lines)

ISMS policy alignment verification

Key Rules:

  1. Reference appropriate ISMS policies in all security code
  2. Follow ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1
  3. Maintain security documentation with policy links
  4. Implement required security controls with control IDs
  5. Verify compliance before PR approval
  6. Document security architecture decisions
  7. Maintain traceability to ISMS requirements
  8. Include policy references in commit messages
  9. Update security docs when policies change
  10. Align features with ISMS Policy Mapping

ISMS Policies: 10 core policies referenced

🎮 react-threejs-game (404 lines)

Three.js game development patterns

Key Rules:

  1. Use @react-three/fiber for declarative 3D scenes
  2. Implement game loops with useFrame and delta time
  3. Type all Three.js refs explicitly (useRef<THREE.Mesh>)
  4. Target 60fps (use Chrome DevTools Performance)
  5. Use InstancedMesh for >10 similar objects
  6. Optimize re-renders (useMemo for expensive calculations)
  7. Dispose resources in useEffect cleanup
  8. Handle events with onPointerOver/onPointerOut
  9. Use proper lighting for visibility
  10. Test with Three.js mocks

Examples: 8 complete patterns with anti-patterns

🧪 testing-strategy (502 lines)

Comprehensive testing patterns

Key Rules:

  1. Aim for 80%+ coverage (95% for security code)
  2. Write deterministic tests (mock Date.now(), Math.random())
  3. Test behavior, not implementation
  4. Use React Testing Library user-centric queries
  5. Mock external dependencies with Vitest
  6. Test Three.js with canvas mocking
  7. Use Cypress for critical E2E flows
  8. Follow "arrange, act, assert" pattern
  9. Group related tests with describe blocks
  10. Run tests before every commit

Examples: 15 complete test patterns

📝 documentation-standards (459 lines)

Clear technical documentation

Key Rules:

  1. Use complete JSDoc (@param, @returns, @throws, @example)
  2. Include working code examples (tested)
  3. Create Mermaid diagrams for architecture
  4. Reference ISMS policies appropriately
  5. Maintain README with setup instructions
  6. Write Architecture Decision Records (ADR)
  7. Keep docs synchronized with code
  8. Use consistent terminology
  9. Include troubleshooting sections
  10. Follow markdown best practices

Examples: 10 documentation templates

⚡ performance-optimization (492 lines)

React and Three.js optimization

Key Rules:

  1. Minimize React re-renders (useMemo, useCallback)
  2. Optimize useFrame (avoid state updates)
  3. Use InstancedMesh for particles/crowds
  4. Profile with Chrome DevTools Performance
  5. Reduce bundle size (code splitting, tree shaking)
  6. Optimize Three.js geometry (lower polygon counts)
  7. Dispose resources properly
  8. Use texture atlases for multiple textures
  9. Implement Level of Detail (LOD)
  10. Target 60fps consistently

Examples: 12 optimization patterns

🚀 GitHub MCP Insiders Features

Available Copilot Coding Tools

The product-task-agent documents 6 methods for assigning work to GitHub Copilot:

1. Basic Assignment (REST API)

gh copilot assign <issue-number>

2. Feature Branch Assignment

gh copilot assign <issue-number> --base-ref feature/branch-name

Use for: Stacked PRs, feature branches

3. Custom Instructions Assignment

gh copilot assign <issue-number> --custom-instructions "Follow patterns in src/components/"

Use for: Providing specific context

4. Direct PR Creation

gh pr create --assign-copilot --title "Add feature" --body "Description"

5. Custom Agent PR Creation

gh pr create --assign-copilot --agent security-architect --title "Security fix"

Use for: Using specific agent for PR

6. Job Status Tracking

gh copilot status <job-id>

Use for: Monitoring Copilot progress

Stacked PRs Example

# PR 1: Foundation
gh pr create --assign-copilot --title "Step 1: Data models" --base main

# PR 2: Build on PR 1
gh copilot assign <issue-2> --base-ref copilot/issue-1

# PR 3: Final integration
gh pr create --assign-copilot --title "Step 3: API" --base copilot/issue-2

📖 Usage Examples

Example 1: Create a Three.js Particle System

Prompt:

@workspace Use the game-developer agent to create a particle system
with 100 particles using InstancedMesh for performance.

What happens:

  1. Custom Instructions → TypeScript strict mode, project structure
  2. game-developer agent → Three.js expertise, 60fps enforcement
  3. react-threejs-game skill → InstancedMesh pattern
  4. performance-optimization skill → 60fps optimization rules

Result: Optimized particle system with proper TypeScript, 60fps target

Example 2: Add Comprehensive Tests

Prompt:

@workspace Use test-engineer to add tests for the Player component
with 80%+ coverage including Three.js canvas interactions.

What happens:

  1. Custom Instructions → Vitest setup, test location
  2. test-engineer agent → Testing expertise, coverage enforcement
  3. testing-strategy skill → Three.js testing patterns, mocking
  4. react-threejs-game skill → useFrame testing patterns

Result: Comprehensive tests with Three.js mocking, 80%+ coverage

Example 3: Security Review

Prompt:

@workspace Use security-specialist to review this authentication code
for OWASP Top 10 vulnerabilities and ISMS compliance.

What happens:

  1. Custom Instructions → TypeScript strict mode
  2. security-specialist agent → Security expertise, OSSF enforcement
  3. security-by-design skill → Defense-in-depth patterns
  4. isms-compliance skill → Policy references

Result: Security review with OWASP checklist, ISMS policy references

🎯 Quick Reference

Choose the Right Agent

Task Agent Skills Applied
Product analysis product-task-agent All 6 skills
Three.js components game-developer react-threejs-game, performance-optimization
React UI frontend-specialist documentation-standards, performance-optimization
Writing tests test-engineer testing-strategy
Security review security-specialist security-by-design, isms-compliance
Documentation documentation-writer documentation-standards, isms-compliance

Common Workflows

New Feature:

  1. product-task-agent → Analyze and create issue
  2. game-developer / frontend-specialist → Implement
  3. test-engineer → Add tests
  4. security-specialist → Security review
  5. documentation-writer → Update docs

Bug Fix:

  1. test-engineer → Add failing test
  2. game-developer / frontend-specialist → Fix
  3. test-engineer → Verify test passes
  4. security-specialist → Check for security implications

Performance Optimization:

  1. game-developer → Profile and identify bottlenecks
  2. frontend-specialist → Optimize React re-renders
  3. test-engineer → Add performance tests
  4. documentation-writer → Document optimizations

📊 Metrics Summary

Before vs After

Metric Before After Growth / Status
Custom Agents 1,040 lines 3,530 lines +239%
Agent Skills 0 2,469 lines NEW!
Total Lines 1,040 5,999 lines Informational only*
Rules per Agent ~3 ~10 +233%
Examples per Agent ~2 ~8 +300%
Checklists 0 6 NEW!
Decision Frameworks 0 24 NEW!

* Total lines of configuration are tracked for context only and are not used as a quality metric. Prefer outcome metrics such as reduced clarifying questions or increased autonomous task completion.

Quality Improvements

  • Autonomy: Decision frameworks reduce questioning by ~80%
  • Consistency: Enforcement rules ensure uniform output
  • Compliance: 100% ISMS policy coverage
  • Performance: 60fps enforcement, 80%+ test coverage
  • Security: OSSF ≥8.0, SLSA L3, SBOM ≥7.0

🔄 Maintenance

Quarterly Review

  • Review skills for accuracy (Dec, Mar, Jun, Sep)
  • Update agents when patterns evolve
  • Sync with ISMS policy updates
  • Add new skills as patterns emerge

Monthly Updates

  • Update examples with latest patterns
  • Fix reported issues
  • Improve documentation
  • Add community feedback

On Policy Changes

  • Update isms-compliance skill
  • Update security-specialist agent
  • Update documentation-writer agent
  • Cross-reference new policies

🤝 Contributing

Adding a New Skill

  1. Create .github/skills/skill-name/ directory
  2. Create SKILL.md with YAML frontmatter
  3. Write 10 enforceable rules
  4. Add 5-10 examples with anti-patterns
  5. Test with GitHub Copilot
  6. Update skills README
  7. Submit PR for review

Improving an Agent

  1. Identify improvement area
  2. Add decision frameworks
  3. Add enforcement rules
  4. Add examples
  5. Reference relevant skills
  6. Test with Copilot
  7. Submit PR for review

📚 Additional Resources

Official Documentation

Best Practices

Hack23 Resources

Remember: Skills teach patterns, agents apply expertise, and custom instructions set defaults. Together, they create a comprehensive AI-assisted development experience! 🚀