From d2bfd919fdb84ece59298297cdcb05debdfd45b1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 27 Jan 2026 13:45:22 +0000 Subject: [PATCH 1/6] Initial plan From 8905b85b6d18df25ed93ea05300c0c6af1a8af66 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 27 Jan 2026 13:58:16 +0000 Subject: [PATCH 2/6] feat: Update copilot-instructions and all agents with 2026 ISMS alignment and GitHub MCP - Created .github/copilot-mcp.json with canonical GitHub MCP configuration - Updated copilot-instructions.md with 2026 ISMS v3.2 alignment - Added proper build commands and security checks - Updated all 6 agents with: - Concise descriptions (<200 chars) - Minimal tool sets (removed tools: ["*"] except MCP) - GitHub MCP server configuration with secrets-based auth - 2026 ISMS alignment references - Updated agents/README.md with correct MCP config reference Co-authored-by: pethers <1726836+pethers@users.noreply.github.com> --- .github/agents/README.md | 59 +++++++--------- .../agents/business-development-specialist.md | 27 +++++--- .github/agents/intelligence-operative.md | 27 +++++--- .github/agents/marketing-specialist.md | 27 +++++--- .github/agents/stack-specialist.md | 27 +++++--- .github/agents/task-agent.md | 27 +++++--- .github/agents/ui-enhancement-specialist.md | 27 +++++--- .github/copilot-instructions.md | 67 +++++++++++++++---- .github/copilot-mcp.json | 15 +++++ 9 files changed, 194 insertions(+), 109 deletions(-) create mode 100644 .github/copilot-mcp.json diff --git a/.github/agents/README.md b/.github/agents/README.md index 617aab78f7e..01cbcf8788a 100644 --- a/.github/agents/README.md +++ b/.github/agents/README.md @@ -279,41 +279,30 @@ permissions: ``` ### 3. MCP Configuration -**File**: [.github/copilot-mcp-config.json](../copilot-mcp-config.json) - -Model Context Protocol configuration providing: - -**Available MCP Servers**: -- `github`: Repository operations, issues, PRs, workflows (via `@modelcontextprotocol/server-github`) -- `filesystem`: Local file system access to `/home/runner/work/cia/cia` -- `postgres`: Database integration (when available) -- `git`: Git operations for version control - -**Project Metadata**: -- Technology stack details (Java 25, Spring, Vaadin, Hibernate, PostgreSQL) -- Architecture type: multi-module Maven -- Testing frameworks: JUnit 5, Mockito, Selenium -- Security tools: Spring Security, OWASP Dependency Check, CodeQL - -**Build Commands**: -- `clean`, `compile`, `test`, `install`, `package`, `site` -- `cleanInstall`: `mvn clean install` -- `skipTests`: `mvn clean install -DskipTests` -- `coverage`: `mvn clean test jacoco:report` -- `dependencyCheck`: `mvn dependency-check:check` - -**Coding Standards & Security Rules**: -- Java 21 language features (records, pattern matching, switch expressions, text blocks) -- Spring conventions (constructor injection, proper annotations, transaction management) -- JPA guidelines (proper entity design, fetch types, avoiding N+1) -- Security rules (never commit secrets, validate inputs, use parameterized queries, sanitize output) -- Testing requirements (unit tests for all new functionality, maintain coverage levels) - -**External API Integrations**: -- Swedish Parliament (Riksdagen) API -- Swedish Election Authority -- World Bank Open Data -- Swedish Financial Management Authority +**File**: [.github/copilot-mcp.json](../copilot-mcp.json) + +GitHub MCP server configuration providing: + +**GitHub MCP Server** (Canonical Configuration): +```json +{ + "mcpServers": { + "github": { + "type": "local", + "command": "npx", + "args": ["-y", "@modelcontextprotocol/server-github"], + "env": { + "GITHUB_TOKEN": "${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}", + "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}", + "GITHUB_OWNER": "Hack23" + }, + "tools": ["*"] + } + } +} +``` + +**Security Note**: All agents use secrets-based authentication via `COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN` for secure GitHub access. ### Why These Files Matter diff --git a/.github/agents/business-development-specialist.md b/.github/agents/business-development-specialist.md index 29f1a2c1aa8..30060f6de16 100644 --- a/.github/agents/business-development-specialist.md +++ b/.github/agents/business-development-specialist.md @@ -1,7 +1,17 @@ --- name: business-development-specialist -description: Expert in strategic planning, partnership development, revenue models, and market expansion for civic tech platforms with focus on sustainability -tools: ["*"] +description: Expert in strategic planning, partnerships, revenue models, and market expansion for civic tech +tools: ["view", "edit", "create", "bash", "search_code", "web_search"] +mcp-servers: + github: + type: local + command: npx + args: ["-y", "@modelcontextprotocol/server-github"] + env: + GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_OWNER: Hack23 + tools: ["*"] --- You are a Business Development Specialist for the Citizen Intelligence Agency project, focusing on strategic growth, partnership development, revenue opportunities, and market expansion for this open-source political transparency platform. @@ -17,14 +27,11 @@ You are a Business Development Specialist for the Citizen Intelligence Agency pr - Build commands and validation steps - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp-config.json](/.github/copilot-mcp-config.json) for: - - Available MCP servers (github, filesystem, postgres, git) - - Project context and architecture metadata - - Build commands and quality tools - - Coding standards and security rules - - External API integrations - -These files provide critical context about the development environment, available tools, project structure, and operational constraints. Always consult them to ensure your recommendations and actions are compatible with the actual project setup. +3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication + +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. + +These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/intelligence-operative.md b/.github/agents/intelligence-operative.md index b3391b0dff7..dbf714a9904 100644 --- a/.github/agents/intelligence-operative.md +++ b/.github/agents/intelligence-operative.md @@ -1,7 +1,17 @@ --- name: intelligence-operative -description: Expert in political science, intelligence analysis, OSINT, behavioral analysis, and Swedish politics with focus on exposing high risk national entities -tools: ["*"] +description: Expert in political analysis, OSINT, intelligence methods, and Swedish politics +tools: ["view", "edit", "create", "bash", "search_code", "web_search"] +mcp-servers: + github: + type: local + command: npx + args: ["-y", "@modelcontextprotocol/server-github"] + env: + GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_OWNER: Hack23 + tools: ["*"] --- You are a Political Analyst, Intelligence Operative, and Psychological Operations (Psyops) Specialist for the Citizen Intelligence Agency project. Your expertise combines political science, intelligence analysis methodologies, open-source intelligence (OSINT), behavioral analysis, and strategic communication to provide deep insights into political activities while maintaining strict ethical standards and democratic values. @@ -17,14 +27,11 @@ You are a Political Analyst, Intelligence Operative, and Psychological Operation - Build commands and validation steps - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp-config.json](/.github/copilot-mcp-config.json) for: - - Available MCP servers (github, filesystem, postgres, git) - - Project context and architecture metadata - - Build commands and quality tools - - Coding standards and security rules - - External API integrations - -These files provide critical context about the development environment, available tools, project structure, and operational constraints. Always consult them to ensure your recommendations and actions are compatible with the actual project setup. +3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication + +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. + +These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/marketing-specialist.md b/.github/agents/marketing-specialist.md index 38164cdc660..e49118457af 100644 --- a/.github/agents/marketing-specialist.md +++ b/.github/agents/marketing-specialist.md @@ -1,7 +1,17 @@ --- name: marketing-specialist -description: Expert in digital marketing, content strategy, community building, and brand positioning for civic tech platforms with focus on political neutrality -tools: ["*"] +description: Expert in digital marketing, content strategy, community building, and civic tech branding +tools: ["view", "edit", "create", "bash", "search_code", "web_search"] +mcp-servers: + github: + type: local + command: npx + args: ["-y", "@modelcontextprotocol/server-github"] + env: + GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_OWNER: Hack23 + tools: ["*"] --- You are a Marketing Specialist for the Citizen Intelligence Agency project, focused on building awareness, engagement, and adoption of this open-source political transparency platform. @@ -17,14 +27,11 @@ You are a Marketing Specialist for the Citizen Intelligence Agency project, focu - Build commands and validation steps - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp-config.json](/.github/copilot-mcp-config.json) for: - - Available MCP servers (github, filesystem, postgres, git) - - Project context and architecture metadata - - Build commands and quality tools - - Coding standards and security rules - - External API integrations - -These files provide critical context about the development environment, available tools, project structure, and operational constraints. Always consult them to ensure your recommendations and actions are compatible with the actual project setup. +3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication + +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. + +These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/stack-specialist.md b/.github/agents/stack-specialist.md index f778e03bc28..130b702ac09 100644 --- a/.github/agents/stack-specialist.md +++ b/.github/agents/stack-specialist.md @@ -1,7 +1,17 @@ --- name: stack-specialist -description: Expert in Java 21, Spring Framework, Vaadin, Hibernate/JPA, PostgreSQL, Maven, and testing for the CIA technology stack -tools: ["*"] +description: Expert in Java 21, Spring, Vaadin, Hibernate/JPA, PostgreSQL, Maven, and testing for CIA stack +tools: ["view", "edit", "create", "bash", "search_code"] +mcp-servers: + github: + type: local + command: npx + args: ["-y", "@modelcontextprotocol/server-github"] + env: + GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_OWNER: Hack23 + tools: ["*"] --- You are a Stack Specialist for the Citizen Intelligence Agency project with deep expertise in the project's technology stack. Your role is to provide expert guidance on architecture, framework usage, best practices, and technical implementation details specific to this Java-based political intelligence platform. @@ -17,14 +27,11 @@ You are a Stack Specialist for the Citizen Intelligence Agency project with deep - Build commands and validation steps - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp-config.json](/.github/copilot-mcp-config.json) for: - - Available MCP servers (github, filesystem, postgres, git) - - Project context and architecture metadata - - Build commands and quality tools - - Coding standards and security rules - - External API integrations - -These files provide critical context about the development environment, available tools, project structure, and operational constraints. Always consult them to ensure your recommendations and actions are compatible with the actual project setup. +3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication + +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. + +These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/task-agent.md b/.github/agents/task-agent.md index 970aa9e1fb2..797f6893773 100644 --- a/.github/agents/task-agent.md +++ b/.github/agents/task-agent.md @@ -1,7 +1,17 @@ --- name: task-agent -description: Product specialist creating GitHub issues and optimizing quality, UI/UX, and ISMS alignment using AWS, Playwright, and GitHub integrations -tools: ["*"] +description: Product specialist creating GitHub issues, optimizing quality, UI/UX, and ISMS alignment +tools: ["view", "edit", "create", "bash", "search_code", "web_search"] +mcp-servers: + github: + type: local + command: npx + args: ["-y", "@modelcontextprotocol/server-github"] + env: + GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_OWNER: Hack23 + tools: ["*"] --- You are the Task Agent, a product excellence specialist for the Citizen Intelligence Agency project. Your mission is to continuously improve the product across all dimensions—quality, functionality, UI/UX, security, and ISMS compliance—by identifying issues, creating actionable GitHub tasks, and coordinating with specialized agents to drive improvements. @@ -17,14 +27,11 @@ You are the Task Agent, a product excellence specialist for the Citizen Intellig - Build commands and validation steps - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp-config.json](/.github/copilot-mcp-config.json) for: - - Available MCP servers (github, filesystem, postgres, git) - - Project context and architecture metadata - - Build commands and quality tools - - Coding standards and security rules - - External API integrations - -These files provide critical context about the development environment, available tools, project structure, and operational constraints. Always consult them to ensure your recommendations and actions are compatible with the actual project setup. +3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication + +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. + +These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/ui-enhancement-specialist.md b/.github/agents/ui-enhancement-specialist.md index 90b18b9cee7..0d788d2f413 100644 --- a/.github/agents/ui-enhancement-specialist.md +++ b/.github/agents/ui-enhancement-specialist.md @@ -1,7 +1,17 @@ --- name: ui-enhancement-specialist -description: Expert in Vaadin framework, data visualization, UI/UX design, responsive design, and accessibility for political data platforms -tools: ["*"] +description: Expert in Vaadin, data visualization, UI/UX design, responsive design, and WCAG accessibility +tools: ["view", "edit", "create", "bash", "search_code"] +mcp-servers: + github: + type: local + command: npx + args: ["-y", "@modelcontextprotocol/server-github"] + env: + GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} + GITHUB_OWNER: Hack23 + tools: ["*"] --- You are a UI Enhancement Specialist for the Citizen Intelligence Agency project, focusing on creating exceptional user experiences for political transparency and data visualization using Vaadin framework and modern UI/UX principles. @@ -17,14 +27,11 @@ You are a UI Enhancement Specialist for the Citizen Intelligence Agency project, - Build commands and validation steps - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp-config.json](/.github/copilot-mcp-config.json) for: - - Available MCP servers (github, filesystem, postgres, git) - - Project context and architecture metadata - - Build commands and quality tools - - Coding standards and security rules - - External API integrations - -These files provide critical context about the development environment, available tools, project structure, and operational constraints. Always consult them to ensure your recommendations and actions are compatible with the actual project setup. +3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication + +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. + +These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 793ff672625..a649042fc6b 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -1,16 +1,20 @@ # Copilot Instructions for Citizen Intelligence Agency +**Last Updated:** 2026-01-27 | **Version:** 2025-SNAPSHOT | **ISMS Alignment:** [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) + ## Project Overview The Citizen Intelligence Agency (CIA) is a volunteer-driven, open-source intelligence (OSINT) project providing comprehensive analysis of Swedish political activities. The platform monitors political figures and institutions, delivering financial performance metrics, risk assessment analytics, political trend analysis, and transparency insights. **Technology Stack:** -- Java 25 (src 21) with Maven build system -- Spring Framework 5.x (MVC, Security, Data) -- Vaadin for UI -- Hibernate/JPA for data access -- PostgreSQL database +- Java 25 (src 21, runtime 25) with Maven 3.9.9 +- Spring Framework 5.x (MVC, Security, Data, Integration) +- Vaadin 8 for server-side UI +- Hibernate/JPA for ORM +- PostgreSQL 16 database with SSL/TLS - Spring Integration for data processing +- Drools for business rules +- JavaMelody for monitoring ## Build and Development @@ -27,9 +31,18 @@ mvn clean install # Build without tests (faster) mvn clean install -DskipTests +# Full build with all profiles (CI/CD) +mvn clean install -Prelease-site,all-modules -DskipTests + # Run tests only mvn test +# Run tests with coverage +mvn clean test jacoco:report + +# Security dependency check +mvn dependency-check:check + # Generate site documentation mvn site ``` @@ -54,20 +67,41 @@ This is a multi-module Maven project with the following key modules: - Follow existing test patterns in the codebase ### Code Quality Tools -- **SonarCloud**: Used for code quality analysis -- **OWASP Dependency Check**: Scans for vulnerable dependencies -- **CodeQL**: Security vulnerability scanning -- **JaCoCo**: Code coverage reporting +- **SonarCloud**: Code quality analysis and technical debt tracking +- **OWASP Dependency Check**: Vulnerable dependency scanning +- **CodeQL**: Security vulnerability detection and SAST +- **JaCoCo**: Code coverage reporting and analysis +- **JavaMelody**: Production monitoring and performance metrics +- **OpenSSF Scorecard**: Supply chain security assessment ### Running Quality Checks ```bash -# Run with coverage +# Run with coverage report mvn clean test jacoco:report -# Generate dependency check report +# Generate dependency security scan mvn dependency-check:check + +# Full build with all checks (CI/CD) +mvn clean install -Prelease-site,all-modules ``` +### ISMS Compliance (2026) + +This project aligns with **Hack23 ISMS v3.2 (2026-01-25)** standards: +- **ISO 27001:2022** - All Annex A controls implemented +- **NIST CSF 2.0** - Complete framework alignment +- **CIS Controls v8.1** - Critical security controls +- **GDPR** - Swedish data protection compliance +- **NIS2 Directive** - EU cybersecurity requirements +- **EU Cyber Resilience Act** - Product security conformity + +**Key ISMS Resources:** +- [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) +- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) +- [Compliance Checklist](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Compliance_Checklist.md) +- [Risk Register](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Register.md) + ## Coding Standards ### Java Code Style @@ -96,26 +130,31 @@ mvn dependency-check:check 1. **Never commit secrets, API keys, or credentials** - Use environment variables or external configuration - Check `.gitignore` to ensure sensitive files are excluded + - Follow [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) 2. **Input Validation** - - Validate all user inputs + - Validate all user inputs per OWASP guidelines - Use parameterized queries to prevent SQL injection - Sanitize data before rendering in UI (XSS prevention) + - Follow [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) 3. **Authentication and Authorization** - Use Spring Security for access control - Follow principle of least privilege - Never bypass security checks + - Implement proper session management 4. **Dependency Management** - Keep dependencies up to date - Review security advisories for dependencies - - Use OWASP Dependency Check before adding new dependencies + - **ALWAYS** run `mvn dependency-check:check` before adding dependencies + - Monitor OpenSSF Scorecard: [![CIA](https://api.securityscorecards.dev/projects/github.com/Hack23/cia/badge)](https://scorecard.dev/viewer/?uri=github.com/Hack23/cia) 5. **Data Protection** - Handle personal data according to GDPR - - Use encryption for sensitive data + - Use encryption for sensitive data (TLS 1.3, AES-256) - Follow the project's [Security Policy](../SECURITY.md) + - Align with [Data Protection Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Protection_Policy.md) ## Pull Request Guidelines diff --git a/.github/copilot-mcp.json b/.github/copilot-mcp.json new file mode 100644 index 00000000000..10618a477ac --- /dev/null +++ b/.github/copilot-mcp.json @@ -0,0 +1,15 @@ +{ + "mcpServers": { + "github": { + "type": "local", + "command": "npx", + "args": ["-y", "@modelcontextprotocol/server-github"], + "env": { + "GITHUB_TOKEN": "${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}", + "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}", + "GITHUB_OWNER": "Hack23" + }, + "tools": ["*"] + } + } +} From b2b4d97972e81a51a34f4c8cd258c53113f09f7f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 27 Jan 2026 13:59:48 +0000 Subject: [PATCH 3/6] feat: Add comprehensive quality checks and ISMS alignment to agents - Added Maven build and quality check instructions to stack-specialist - Added quality check commands to task-agent - Enhanced copilot-instructions.md with quality standards summary - Added comprehensive ISMS compliance section to agents README - Included specific Maven plugin references (JaCoCo, OWASP, SonarCloud) - Added OpenSSF Scorecard badge and supply chain security references Co-authored-by: pethers <1726836+pethers@users.noreply.github.com> --- .github/agents/README.md | 30 ++++++++++++++++++++++++- .github/agents/stack-specialist.md | 35 ++++++++++++++++++++++++++++++ .github/agents/task-agent.md | 14 +++++++++++- .github/copilot-instructions.md | 30 ++++++++++++++++++++++++- 4 files changed, 106 insertions(+), 3 deletions(-) diff --git a/.github/agents/README.md b/.github/agents/README.md index 01cbcf8788a..1b20c46e770 100644 --- a/.github/agents/README.md +++ b/.github/agents/README.md @@ -313,10 +313,38 @@ Reading these files ensures agents: 4. ✅ Follow established coding standards and security practices 5. ✅ Understand the project architecture and technology stack 6. ✅ Are aware of database configuration and requirements -7. ✅ Can properly coordinate with MCP servers and external APIs +7. ✅ Can properly coordinate with GitHub MCP server for repository operations +8. ✅ Align with 2026 ISMS v3.2 compliance requirements (ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1) **Each agent profile now includes a standardized section instructing them to read these files at the start of each task.** This ensures consistent awareness of project context across all specialized agents. +## 🔐 ISMS Compliance & Security (2026) + +All agents and development practices align with **[Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC)**: + +### Compliance Frameworks +- **ISO 27001:2022** - All Annex A controls implemented +- **NIST CSF 2.0** - Complete framework alignment +- **CIS Controls v8.1** - Critical security controls coverage +- **GDPR** - Swedish data protection compliance +- **NIS2 Directive** - EU cybersecurity requirements +- **EU Cyber Resilience Act** - Product security conformity + +### Key Security Practices +- ✅ **Secrets Management**: All credentials via environment variables or external config +- ✅ **Dependency Security**: OWASP Dependency Check before adding dependencies +- ✅ **Code Quality**: SonarCloud Quality Gate enforcement +- ✅ **Security Scanning**: CodeQL, ZAP, and dependency checks in CI/CD +- ✅ **Supply Chain Security**: OpenSSF Scorecard monitoring [![CIA](https://api.securityscorecards.dev/projects/github.com/Hack23/cia/badge)](https://scorecard.dev/viewer/?uri=github.com/Hack23/cia) +- ✅ **Encryption**: TLS 1.3, AES-256, proper key management + +### Security Resources +- [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) +- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) +- [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) +- [Compliance Checklist](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Compliance_Checklist.md) +- [Risk Register](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Register.md) + ## 📚 Using These Profiles ### 👨‍💻 For Developers diff --git a/.github/agents/stack-specialist.md b/.github/agents/stack-specialist.md index 130b702ac09..463a6f52a9a 100644 --- a/.github/agents/stack-specialist.md +++ b/.github/agents/stack-specialist.md @@ -71,6 +71,41 @@ These files provide critical context about the development environment, availabl ## Best Practices +### Maven Build & Quality Checks + +**Before Making Changes**: +```bash +# Verify current build status +mvn clean install + +# Run all quality checks +mvn clean test jacoco:report dependency-check:check +``` + +**After Making Changes**: +```bash +# Run tests with coverage +mvn clean test jacoco:report + +# Check for security vulnerabilities +mvn dependency-check:check + +# Full build with all profiles (CI/CD equivalent) +mvn clean install -Prelease-site,all-modules +``` + +**Key Maven Plugins Configured**: +- **JaCoCo** (0.8.14): Code coverage reporting +- **OWASP Dependency Check**: Vulnerability scanning +- **SonarCloud**: Code quality analysis (sonarcloud.io) +- **Maven Surefire**: Test execution and reporting +- **Maven Compiler**: Java 25 compilation (source: 21) + +**SonarCloud Integration**: +- Organization: `hack23` +- Coverage: JaCoCo XML reports +- Security: Dependency-check reports integration + ### Spring Development - Use constructor injection for required dependencies - Apply `@Transactional` at service layer, not DAO layer diff --git a/.github/agents/task-agent.md b/.github/agents/task-agent.md index 797f6893773..8a382ab340e 100644 --- a/.github/agents/task-agent.md +++ b/.github/agents/task-agent.md @@ -50,11 +50,23 @@ These files provide critical context about the development environment, availabl **Quality Assessment**: - Monitor code quality metrics (SonarCloud, CodeQL) -- Analyze test coverage and identify gaps +- Analyze test coverage and identify gaps (target: maintain existing coverage) - Review build and CI/CD pipeline health - Detect performance bottlenecks and resource issues - Track technical debt and code smells +**Required Quality Checks**: +```bash +# Run before creating quality issues +mvn clean test jacoco:report # Test coverage analysis +mvn dependency-check:check # Security vulnerability scan +mvn clean install -Prelease-site,all-modules # Full CI/CD build +``` + +**Coverage Reports**: `target/site/jacoco/index.html` +**Dependency Check**: `target/dependency-check-report.html` +**SonarCloud**: https://sonarcloud.io/dashboard?id=Hack23_cia + **UI/UX Evaluation**: - Audit accessibility compliance (WCAG 2.1 AA) - Test responsive design across devices diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index a649042fc6b..a083aa02392 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -264,7 +264,35 @@ All PRs must: ## Notes for AI Coding Assistants -When making changes: +### Quality Standards Summary + +**Before Starting Work**: +1. Run `mvn clean install` to verify current build status +2. Review existing test coverage: `mvn clean test jacoco:report` +3. Check for security issues: `mvn dependency-check:check` +4. Review SonarCloud dashboard for code quality metrics + +**During Development**: +1. Write tests for all new functionality (JUnit 5) +2. Maintain or improve code coverage (JaCoCo) +3. Follow existing code patterns and Spring conventions +4. Apply security best practices (input validation, parameterized queries) +5. Document public APIs with JavaDoc + +**Before Submitting**: +1. Run full test suite: `mvn clean test` +2. Verify coverage: `mvn jacoco:report` (check `target/site/jacoco/`) +3. Security scan: `mvn dependency-check:check` +4. Full build: `mvn clean install -Prelease-site,all-modules` +5. Review SonarCloud results + +**Key Metrics to Maintain**: +- Test Coverage: Maintain existing levels +- Security: Zero critical/high vulnerabilities +- Code Quality: SonarCloud Quality Gate passing +- Build: All CI/CD checks passing + +### When Making Changes: 1. **Understand the context**: Review related code and architecture before making changes 2. **Minimal changes**: Make the smallest change necessary to achieve the goal 3. **Test thoroughly**: Always run tests and verify functionality From 8924a9e7dc142ff8adbf1baaa3fd5ba7dd83ca84 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 27 Jan 2026 14:18:30 +0000 Subject: [PATCH 4/6] fix: Remove invalid mcp-servers from repo agents, add Ant build.xml support - Removed mcp-servers configuration from all agents (only for org-level agents) - Deleted .github/copilot-mcp.json (not applicable for repo-level agents) - Restored tools: ["*"] for all agents (proper configuration) - Added Ant build.xml references to stack-specialist and copilot-instructions - Updated all agent context sections to reference build.xml - Added comprehensive Ant build commands (clean-install-notest, unit-test, start, etc.) Co-authored-by: pethers <1726836+pethers@users.noreply.github.com> --- .github/agents/README.md | 53 +++++-------- .../agents/business-development-specialist.md | 18 +---- .github/agents/intelligence-operative.md | 18 +---- .github/agents/marketing-specialist.md | 18 +---- .github/agents/stack-specialist.md | 76 ++++++++++--------- .github/agents/task-agent.md | 18 +---- .github/agents/ui-enhancement-specialist.md | 18 +---- .github/copilot-instructions.md | 21 +++++ .github/copilot-mcp.json | 15 ---- 9 files changed, 99 insertions(+), 156 deletions(-) delete mode 100644 .github/copilot-mcp.json diff --git a/.github/agents/README.md b/.github/agents/README.md index 1b20c46e770..279494a5b3a 100644 --- a/.github/agents/README.md +++ b/.github/agents/README.md @@ -245,21 +245,33 @@ This workflow defines the complete development environment setup including: **Tools & Versions**: - Java 25 (Temurin distribution) - Maven 3.9.9 +- Ant (for application-specific build tasks) - PostgreSQL 16 with extensions (pg_stat_statements, pgaudit, pgcrypto) - Graphviz for documentation - Build tools (fakeroot, devscripts, debhelper) +**Build Systems**: +- **Maven**: Multi-module project build (parent-pom/pom.xml) + - `mvn clean install -Prelease-site,all-modules` + - `mvn clean test jacoco:report` + - `mvn dependency-check:check` +- **Ant**: Application-specific tasks (citizen-intelligence-agency/build.xml) + - `ant clean-install-notest` - Fast build without tests + - `ant unit-test` - Run unit tests + - `ant start` - Start the application + - `ant check-updates` - Check dependency updates + - `ant site-cia` - Generate documentation + **Database Configuration**: - SSL/TLS enabled with certificate-based encryption - Prepared transactions enabled (max: 100) - IPv6 loopback access configured - Required extensions loaded and verified -**Build & Test Steps**: -- Maven dependency caching -- Build command: `mvn clean install -Prelease-site,all-modules` -- Database schema loading and verification -- Application startup validation on port 28443 +**Application Startup**: +- Port: 28443 (HTTPS) +- MAVEN_OPTS for startup: `-Xmx8192m` with Java module exports +- Database schema loaded from service.data.impl/src/main/resources/full_schema.sql **Workflow Permissions** (Important for understanding access scope): ```yaml @@ -278,43 +290,16 @@ permissions: statuses: read ``` -### 3. MCP Configuration -**File**: [.github/copilot-mcp.json](../copilot-mcp.json) - -GitHub MCP server configuration providing: - -**GitHub MCP Server** (Canonical Configuration): -```json -{ - "mcpServers": { - "github": { - "type": "local", - "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-github"], - "env": { - "GITHUB_TOKEN": "${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}", - "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}", - "GITHUB_OWNER": "Hack23" - }, - "tools": ["*"] - } - } -} -``` - -**Security Note**: All agents use secrets-based authentication via `COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN` for secure GitHub access. - ### Why These Files Matter Reading these files ensures agents: 1. ✅ Understand the actual development environment and available tools 2. ✅ Know which permissions are available for GitHub operations -3. ✅ Can reference correct build commands and testing procedures +3. ✅ Can reference correct build commands (Maven and Ant) and testing procedures 4. ✅ Follow established coding standards and security practices 5. ✅ Understand the project architecture and technology stack 6. ✅ Are aware of database configuration and requirements -7. ✅ Can properly coordinate with GitHub MCP server for repository operations -8. ✅ Align with 2026 ISMS v3.2 compliance requirements (ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1) +7. ✅ Align with 2026 ISMS v3.2 compliance requirements (ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1) **Each agent profile now includes a standardized section instructing them to read these files at the start of each task.** This ensures consistent awareness of project context across all specialized agents. diff --git a/.github/agents/business-development-specialist.md b/.github/agents/business-development-specialist.md index 30060f6de16..da0e04762c1 100644 --- a/.github/agents/business-development-specialist.md +++ b/.github/agents/business-development-specialist.md @@ -1,17 +1,7 @@ --- name: business-development-specialist description: Expert in strategic planning, partnerships, revenue models, and market expansion for civic tech -tools: ["view", "edit", "create", "bash", "search_code", "web_search"] -mcp-servers: - github: - type: local - command: npx - args: ["-y", "@modelcontextprotocol/server-github"] - env: - GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_OWNER: Hack23 - tools: ["*"] +tools: ["*"] --- You are a Business Development Specialist for the Citizen Intelligence Agency project, focusing on strategic growth, partnership development, revenue opportunities, and market expansion for this open-source political transparency platform. @@ -22,12 +12,12 @@ You are a Business Development Specialist for the Citizen Intelligence Agency pr 1. **Project Context**: Read [README.md](/README.md) for comprehensive project overview, mission, features, and documentation links 2. **Environment Setup**: Read [.github/workflows/copilot-setup-steps.yml](/.github/workflows/copilot-setup-steps.yml) to understand: - - Available tools (Java 25, Maven 3.9.9, PostgreSQL 16, Graphviz) + - Available tools (Java 25, Maven 3.9.9, Ant, PostgreSQL 16, Graphviz) - Database configuration (SSL, extensions, prepared transactions) - - Build commands and validation steps + - Build commands and validation steps (Maven and Ant build.xml targets) - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication +3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. diff --git a/.github/agents/intelligence-operative.md b/.github/agents/intelligence-operative.md index dbf714a9904..f8881dbbc6a 100644 --- a/.github/agents/intelligence-operative.md +++ b/.github/agents/intelligence-operative.md @@ -1,17 +1,7 @@ --- name: intelligence-operative description: Expert in political analysis, OSINT, intelligence methods, and Swedish politics -tools: ["view", "edit", "create", "bash", "search_code", "web_search"] -mcp-servers: - github: - type: local - command: npx - args: ["-y", "@modelcontextprotocol/server-github"] - env: - GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_OWNER: Hack23 - tools: ["*"] +tools: ["*"] --- You are a Political Analyst, Intelligence Operative, and Psychological Operations (Psyops) Specialist for the Citizen Intelligence Agency project. Your expertise combines political science, intelligence analysis methodologies, open-source intelligence (OSINT), behavioral analysis, and strategic communication to provide deep insights into political activities while maintaining strict ethical standards and democratic values. @@ -22,12 +12,12 @@ You are a Political Analyst, Intelligence Operative, and Psychological Operation 1. **Project Context**: Read [README.md](/README.md) for comprehensive project overview, mission, features, and documentation links 2. **Environment Setup**: Read [.github/workflows/copilot-setup-steps.yml](/.github/workflows/copilot-setup-steps.yml) to understand: - - Available tools (Java 25, Maven 3.9.9, PostgreSQL 16, Graphviz) + - Available tools (Java 25, Maven 3.9.9, Ant, PostgreSQL 16, Graphviz) - Database configuration (SSL, extensions, prepared transactions) - - Build commands and validation steps + - Build commands and validation steps (Maven and Ant build.xml targets) - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication +3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. diff --git a/.github/agents/marketing-specialist.md b/.github/agents/marketing-specialist.md index e49118457af..a8077a5333f 100644 --- a/.github/agents/marketing-specialist.md +++ b/.github/agents/marketing-specialist.md @@ -1,17 +1,7 @@ --- name: marketing-specialist description: Expert in digital marketing, content strategy, community building, and civic tech branding -tools: ["view", "edit", "create", "bash", "search_code", "web_search"] -mcp-servers: - github: - type: local - command: npx - args: ["-y", "@modelcontextprotocol/server-github"] - env: - GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_OWNER: Hack23 - tools: ["*"] +tools: ["*"] --- You are a Marketing Specialist for the Citizen Intelligence Agency project, focused on building awareness, engagement, and adoption of this open-source political transparency platform. @@ -22,12 +12,12 @@ You are a Marketing Specialist for the Citizen Intelligence Agency project, focu 1. **Project Context**: Read [README.md](/README.md) for comprehensive project overview, mission, features, and documentation links 2. **Environment Setup**: Read [.github/workflows/copilot-setup-steps.yml](/.github/workflows/copilot-setup-steps.yml) to understand: - - Available tools (Java 25, Maven 3.9.9, PostgreSQL 16, Graphviz) + - Available tools (Java 25, Maven 3.9.9, Ant, PostgreSQL 16, Graphviz) - Database configuration (SSL, extensions, prepared transactions) - - Build commands and validation steps + - Build commands and validation steps (Maven and Ant build.xml targets) - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication +3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. diff --git a/.github/agents/stack-specialist.md b/.github/agents/stack-specialist.md index 463a6f52a9a..50132fba1fe 100644 --- a/.github/agents/stack-specialist.md +++ b/.github/agents/stack-specialist.md @@ -1,17 +1,7 @@ --- name: stack-specialist -description: Expert in Java 21, Spring, Vaadin, Hibernate/JPA, PostgreSQL, Maven, and testing for CIA stack -tools: ["view", "edit", "create", "bash", "search_code"] -mcp-servers: - github: - type: local - command: npx - args: ["-y", "@modelcontextprotocol/server-github"] - env: - GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_OWNER: Hack23 - tools: ["*"] +description: Expert in Java 21, Spring, Vaadin, Hibernate/JPA, PostgreSQL, Maven, Ant, and testing for CIA stack +tools: ["*"] --- You are a Stack Specialist for the Citizen Intelligence Agency project with deep expertise in the project's technology stack. Your role is to provide expert guidance on architecture, framework usage, best practices, and technical implementation details specific to this Java-based political intelligence platform. @@ -22,12 +12,11 @@ You are a Stack Specialist for the Citizen Intelligence Agency project with deep 1. **Project Context**: Read [README.md](/README.md) for comprehensive project overview, mission, features, and documentation links 2. **Environment Setup**: Read [.github/workflows/copilot-setup-steps.yml](/.github/workflows/copilot-setup-steps.yml) to understand: - - Available tools (Java 25, Maven 3.9.9, PostgreSQL 16, Graphviz) + - Available tools (Java 25, Maven 3.9.9, Ant, PostgreSQL 16, Graphviz) - Database configuration (SSL, extensions, prepared transactions) - - Build commands and validation steps + - Build commands and validation steps (Maven and Ant build.xml targets) - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. @@ -71,40 +60,53 @@ These files provide critical context about the development environment, availabl ## Best Practices -### Maven Build & Quality Checks +### Build System (Maven + Ant) -**Before Making Changes**: -```bash -# Verify current build status -mvn clean install - -# Run all quality checks -mvn clean test jacoco:report dependency-check:check -``` +The project uses both Maven and Ant for building: -**After Making Changes**: +**Maven Build Commands** (from parent-pom/): ```bash +# Full build with all profiles (CI/CD) +mvn clean install -Prelease-site,all-modules -DskipTests + # Run tests with coverage mvn clean test jacoco:report -# Check for security vulnerabilities +# Security vulnerability scan mvn dependency-check:check +``` + +**Ant Build Commands** (from citizen-intelligence-agency/build.xml): +```bash +# Clean install without tests +ant clean-install-notest + +# Run unit tests +ant unit-test + +# Start the application +ant start -# Full build with all profiles (CI/CD equivalent) -mvn clean install -Prelease-site,all-modules +# Check for dependency updates +ant check-updates + +# Check for plugin updates +ant check-plugin-updates + +# Generate site documentation +ant site-cia ``` -**Key Maven Plugins Configured**: +**Key Build Configuration**: +- **Maven**: Multi-module project with parent-pom/pom.xml +- **Ant**: Application-specific tasks in citizen-intelligence-agency/build.xml - **JaCoCo** (0.8.14): Code coverage reporting - **OWASP Dependency Check**: Vulnerability scanning -- **SonarCloud**: Code quality analysis (sonarcloud.io) -- **Maven Surefire**: Test execution and reporting -- **Maven Compiler**: Java 25 compilation (source: 21) - -**SonarCloud Integration**: -- Organization: `hack23` -- Coverage: JaCoCo XML reports -- Security: Dependency-check reports integration +- **SonarCloud**: Code quality analysis (sonarcloud.io/dashboard?id=Hack23_cia) + +**Environment Variables**: +- `MAVEN_OPTS`: `-server -Xmx2048m -Xms2048m` (for builds) +- `MAVEN_OPTS`: `-server -Xmx8192m -Xms2048m` (for application startup with Java module exports) ### Spring Development - Use constructor injection for required dependencies diff --git a/.github/agents/task-agent.md b/.github/agents/task-agent.md index 8a382ab340e..ecca3576625 100644 --- a/.github/agents/task-agent.md +++ b/.github/agents/task-agent.md @@ -1,17 +1,7 @@ --- name: task-agent description: Product specialist creating GitHub issues, optimizing quality, UI/UX, and ISMS alignment -tools: ["view", "edit", "create", "bash", "search_code", "web_search"] -mcp-servers: - github: - type: local - command: npx - args: ["-y", "@modelcontextprotocol/server-github"] - env: - GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_OWNER: Hack23 - tools: ["*"] +tools: ["*"] --- You are the Task Agent, a product excellence specialist for the Citizen Intelligence Agency project. Your mission is to continuously improve the product across all dimensions—quality, functionality, UI/UX, security, and ISMS compliance—by identifying issues, creating actionable GitHub tasks, and coordinating with specialized agents to drive improvements. @@ -22,12 +12,12 @@ You are the Task Agent, a product excellence specialist for the Citizen Intellig 1. **Project Context**: Read [README.md](/README.md) for comprehensive project overview, mission, features, and documentation links 2. **Environment Setup**: Read [.github/workflows/copilot-setup-steps.yml](/.github/workflows/copilot-setup-steps.yml) to understand: - - Available tools (Java 25, Maven 3.9.9, PostgreSQL 16, Graphviz) + - Available tools (Java 25, Maven 3.9.9, Ant, PostgreSQL 16, Graphviz) - Database configuration (SSL, extensions, prepared transactions) - - Build commands and validation steps + - Build commands and validation steps (Maven and Ant build.xml targets) - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication +3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. diff --git a/.github/agents/ui-enhancement-specialist.md b/.github/agents/ui-enhancement-specialist.md index 0d788d2f413..f25c2523c1f 100644 --- a/.github/agents/ui-enhancement-specialist.md +++ b/.github/agents/ui-enhancement-specialist.md @@ -1,17 +1,7 @@ --- name: ui-enhancement-specialist description: Expert in Vaadin, data visualization, UI/UX design, responsive design, and WCAG accessibility -tools: ["view", "edit", "create", "bash", "search_code"] -mcp-servers: - github: - type: local - command: npx - args: ["-y", "@modelcontextprotocol/server-github"] - env: - GITHUB_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }} - GITHUB_OWNER: Hack23 - tools: ["*"] +tools: ["*"] --- You are a UI Enhancement Specialist for the Citizen Intelligence Agency project, focusing on creating exceptional user experiences for political transparency and data visualization using Vaadin framework and modern UI/UX principles. @@ -22,12 +12,12 @@ You are a UI Enhancement Specialist for the Citizen Intelligence Agency project, 1. **Project Context**: Read [README.md](/README.md) for comprehensive project overview, mission, features, and documentation links 2. **Environment Setup**: Read [.github/workflows/copilot-setup-steps.yml](/.github/workflows/copilot-setup-steps.yml) to understand: - - Available tools (Java 25, Maven 3.9.9, PostgreSQL 16, Graphviz) + - Available tools (Java 25, Maven 3.9.9, Ant, PostgreSQL 16, Graphviz) - Database configuration (SSL, extensions, prepared transactions) - - Build commands and validation steps + - Build commands and validation steps (Maven and Ant build.xml targets) - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -3. **MCP Configuration**: Read [.github/copilot-mcp.json](/.github/copilot-mcp.json) for GitHub MCP server setup and authentication +3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index a083aa02392..923a5494046 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -21,9 +21,12 @@ The Citizen Intelligence Agency (CIA) is a volunteer-driven, open-source intelli ### Prerequisites - Java 25 JDK - Maven 3.9.9 or later +- Ant (for application-specific tasks) - PostgreSQL (for full integration testing, review ../service.data.impl/README-SCHEMA-MAINTENANCE.md for task related to any database changes) ### Build Commands + +**Maven** (multi-module project): ```bash # Clean and install all modules mvn clean install @@ -47,6 +50,24 @@ mvn dependency-check:check mvn site ``` +**Ant** (application-specific tasks from citizen-intelligence-agency/build.xml): +```bash +# Clean install without tests (fast) +ant clean-install-notest + +# Run unit tests +ant unit-test + +# Start the application +ant start + +# Check for dependency updates +ant check-updates + +# Generate site documentation +ant site-cia +``` + ### Project Structure This is a multi-module Maven project with the following key modules: - `parent-pom/` - Parent POM with common configurations diff --git a/.github/copilot-mcp.json b/.github/copilot-mcp.json deleted file mode 100644 index 10618a477ac..00000000000 --- a/.github/copilot-mcp.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "mcpServers": { - "github": { - "type": "local", - "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-github"], - "env": { - "GITHUB_TOKEN": "${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}", - "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}", - "GITHUB_OWNER": "Hack23" - }, - "tools": ["*"] - } - } -} From f4b31d22e8a8edb89e1631485f07307a8d3a2e18 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 27 Jan 2026 14:56:06 +0000 Subject: [PATCH 5/6] docs: Add comprehensive ISMS policy references to all agents - Downloaded and reviewed Secure Development Policy v2.1 (2026-01-25) - Added Key ISMS Policies section to all 6 agents with relevant policy links - Updated copilot-instructions.md with comprehensive ISMS policy list - Added coverage requirements: 80% line coverage, 70% branch coverage (per Secure Development Policy) - Updated agents/README.md Security Resources section - Each agent now references domain-specific ISMS policies: * stack-specialist: Secure Development, Cryptography, Access Control, Data Classification, Open Source * task-agent: Secure Development, Incident Response, Vulnerability Management, Compliance, Risk Register * ui-enhancement-specialist: Secure Development, Privacy, Data Classification * business-development-specialist: Open Source, Privacy, ISMS Transparency Plan * intelligence-operative: Data Classification, Privacy, Information Security * marketing-specialist: Open Source, Privacy, ISMS Transparency Plan Co-authored-by: pethers <1726836+pethers@users.noreply.github.com> --- .github/agents/README.md | 16 +++++++--- .../agents/business-development-specialist.md | 5 +++ .github/agents/intelligence-operative.md | 5 +++ .github/agents/marketing-specialist.md | 5 +++ .github/agents/stack-specialist.md | 14 +++++++++ .github/agents/task-agent.md | 7 +++++ .github/agents/ui-enhancement-specialist.md | 5 +++ .github/copilot-instructions.md | 31 ++++++++++++------- 8 files changed, 72 insertions(+), 16 deletions(-) diff --git a/.github/agents/README.md b/.github/agents/README.md index 279494a5b3a..d1e71a84a23 100644 --- a/.github/agents/README.md +++ b/.github/agents/README.md @@ -324,11 +324,17 @@ All agents and development practices align with **[Hack23 ISMS v3.2 (2026-01-25) - ✅ **Encryption**: TLS 1.3, AES-256, proper key management ### Security Resources -- [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) -- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) -- [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) -- [Compliance Checklist](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Compliance_Checklist.md) -- [Risk Register](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Register.md) +- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage +- [Information Security Policy v2.0](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) - Overall security governance framework +- [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) - TLS 1.3, AES-256 encryption standards +- [Access Control Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Access_Control_Policy.md) - Zero-trust identity and authorization +- [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling requirements +- [Privacy Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Privacy_Policy.md) - GDPR-compliant privacy framework +- [Incident Response Plan](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Incident_Response_Plan.md) - Security event handling +- [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) - Open source business model governance +- [Compliance Checklist](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Compliance_Checklist.md) - Multi-framework compliance tracking +- [Risk Register](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Register.md) - Risk identification and treatment +- [Vulnerability Management](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Vulnerability_Management.md) - Systematic security testing ## 📚 Using These Profiles diff --git a/.github/agents/business-development-specialist.md b/.github/agents/business-development-specialist.md index da0e04762c1..fddc332ae8b 100644 --- a/.github/agents/business-development-specialist.md +++ b/.github/agents/business-development-specialist.md @@ -21,6 +21,11 @@ You are a Business Development Specialist for the Citizen Intelligence Agency pr **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**Key ISMS Policies for Business Development**: +- [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) - Open source business model governance +- [Privacy Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Privacy_Policy.md) - GDPR compliance framework +- [ISMS Transparency Plan](https://github.com/Hack23/ISMS-PUBLIC/blob/main/ISMS_Transparency_Plan.md) - Public disclosure strategy + These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/intelligence-operative.md b/.github/agents/intelligence-operative.md index f8881dbbc6a..05319062126 100644 --- a/.github/agents/intelligence-operative.md +++ b/.github/agents/intelligence-operative.md @@ -21,6 +21,11 @@ You are a Political Analyst, Intelligence Operative, and Psychological Operation **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**Key ISMS Policies for Intelligence Analysis**: +- [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling and sensitivity classification +- [Privacy Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Privacy_Policy.md) - GDPR-compliant data protection +- [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) - Overall security governance + These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/marketing-specialist.md b/.github/agents/marketing-specialist.md index a8077a5333f..9481f1b5815 100644 --- a/.github/agents/marketing-specialist.md +++ b/.github/agents/marketing-specialist.md @@ -21,6 +21,11 @@ You are a Marketing Specialist for the Citizen Intelligence Agency project, focu **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**Key ISMS Policies for Marketing**: +- [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) - Open source business model and transparency +- [Privacy Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Privacy_Policy.md) - User data protection and GDPR compliance +- [ISMS Transparency Plan](https://github.com/Hack23/ISMS-PUBLIC/blob/main/ISMS_Transparency_Plan.md) - Public communication strategy + These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/stack-specialist.md b/.github/agents/stack-specialist.md index 50132fba1fe..df09eab8bbb 100644 --- a/.github/agents/stack-specialist.md +++ b/.github/agents/stack-specialist.md @@ -20,6 +20,13 @@ You are a Stack Specialist for the Citizen Intelligence Agency project with deep **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**Key ISMS Policies for Development**: +- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage requirements +- [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) - TLS 1.3, AES-256 encryption standards +- [Access Control Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Access_Control_Policy.md) - Zero-trust identity and authorization +- [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling requirements +- [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) - Open source business model governance + These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise @@ -137,6 +144,13 @@ ant site-cia - Follow principle of least privilege ### Testing + +**Coverage Requirements** (per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)): +- **Minimum 80% line coverage** across all modules +- **Minimum 70% branch coverage** across all modules +- JaCoCo reports: `target/site/jacoco/index.html` + +**Testing Strategy**: - Write tests for all new functionality - Mock external dependencies - Use test data builders for complex entities diff --git a/.github/agents/task-agent.md b/.github/agents/task-agent.md index ecca3576625..c099a557314 100644 --- a/.github/agents/task-agent.md +++ b/.github/agents/task-agent.md @@ -21,6 +21,13 @@ You are the Task Agent, a product excellence specialist for the Citizen Intellig **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**Key ISMS Policies for Quality & Compliance**: +- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, coverage requirements (80% line, 70% branch) +- [Incident Response Plan](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Incident_Response_Plan.md) - Security event handling +- [Vulnerability Management](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Vulnerability_Management.md) - Systematic security testing +- [Compliance Checklist](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Compliance_Checklist.md) - ISO 27001, NIST CSF, CIS Controls tracking +- [Risk Register](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Register.md) - Risk identification and treatment + These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/agents/ui-enhancement-specialist.md b/.github/agents/ui-enhancement-specialist.md index f25c2523c1f..b0dc35cb0bd 100644 --- a/.github/agents/ui-enhancement-specialist.md +++ b/.github/agents/ui-enhancement-specialist.md @@ -21,6 +21,11 @@ You are a UI Enhancement Specialist for the Citizen Intelligence Agency project, **ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**Key ISMS Policies for UI/UX**: +- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC practices +- [Privacy Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Privacy_Policy.md) - GDPR-compliant privacy framework +- [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling requirements + These files provide critical context about the development environment, available tools, project structure, and operational constraints. ## Core Expertise diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 923a5494046..99c040a6ade 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -81,8 +81,10 @@ This is a multi-module Maven project with the following key modules: ## Code Quality and Testing ### Testing Requirements +Per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md): +- **Minimum 80% line coverage** across all modules +- **Minimum 70% branch coverage** across all modules - Write unit tests for all new functionality -- Maintain test coverage above existing levels - Place tests in `src/test/java` following the same package structure as source code - Use JUnit for unit tests - Follow existing test patterns in the codebase @@ -91,7 +93,7 @@ This is a multi-module Maven project with the following key modules: - **SonarCloud**: Code quality analysis and technical debt tracking - **OWASP Dependency Check**: Vulnerable dependency scanning - **CodeQL**: Security vulnerability detection and SAST -- **JaCoCo**: Code coverage reporting and analysis +- **JaCoCo**: Code coverage reporting and analysis (target: 80% line, 70% branch per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)) - **JavaMelody**: Production monitoring and performance metrics - **OpenSSF Scorecard**: Supply chain security assessment @@ -118,10 +120,17 @@ This project aligns with **Hack23 ISMS v3.2 (2026-01-25)** standards: - **EU Cyber Resilience Act** - Product security conformity **Key ISMS Resources:** -- [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) -- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) -- [Compliance Checklist](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Compliance_Checklist.md) -- [Risk Register](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Register.md) +- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage requirements +- [Information Security Policy v2.0](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) - Overall security governance framework +- [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) - TLS 1.3, AES-256 encryption standards +- [Access Control Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Access_Control_Policy.md) - Zero-trust identity and authorization +- [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling requirements +- [Privacy Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Privacy_Policy.md) - GDPR-compliant privacy framework +- [Incident Response Plan](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Incident_Response_Plan.md) - Security event handling +- [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) - Open source business model governance +- [Compliance Checklist](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Compliance_Checklist.md) - Multi-framework compliance tracking +- [Risk Register](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Risk_Register.md) - Risk identification and treatment +- [Vulnerability Management](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Vulnerability_Management.md) - Systematic security testing ## Coding Standards @@ -260,11 +269,11 @@ When working with external data integrations: - **Scorecards**: Security posture assessment ### Build Requirements -All PRs must: +All PRs must meet [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) requirements: - Pass all automated tests +- Meet minimum 80% line coverage, 70% branch coverage - Pass CodeQL security scan -- Pass dependency security checks -- Meet code coverage requirements +- Pass dependency security checks (OWASP Dependency Check) - Have no critical SonarCloud issues ## Resources @@ -307,8 +316,8 @@ All PRs must: 4. Full build: `mvn clean install -Prelease-site,all-modules` 5. Review SonarCloud results -**Key Metrics to Maintain**: -- Test Coverage: Maintain existing levels +**Key Metrics to Maintain** (per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)): +- Test Coverage: Minimum 80% line coverage, 70% branch coverage - Security: Zero critical/high vulnerabilities - Code Quality: SonarCloud Quality Gate passing - Build: All CI/CD checks passing From bc0a638aad366c14d3c25f6e917012f009a07f90 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 27 Jan 2026 15:11:50 +0000 Subject: [PATCH 6/6] fix: Remove version/date from ISMS references, restore original agent descriptions - Removed all version numbers from ISMS policy references (v2.1, v2.0, v3.2) - Removed dates from ISMS references (2026-01-25) - Restored all original agent descriptions that were shortened: * stack-specialist: Full description with "Spring Framework" and "CIA technology stack" * task-agent: Added back "using AWS, Playwright, and GitHub integrations" * ui-enhancement-specialist: Full description with "political data platforms" * business-development-specialist: Added back "with focus on sustainability" * marketing-specialist: Full description with "brand positioning" and "political neutrality" * intelligence-operative: Already restored in previous change - Policy links remain but without version numbers per feedback Co-authored-by: pethers <1726836+pethers@users.noreply.github.com> --- .github/agents/README.md | 6 +++--- .../agents/business-development-specialist.md | 4 ++-- .github/agents/intelligence-operative.md | 4 ++-- .github/agents/marketing-specialist.md | 4 ++-- .github/agents/stack-specialist.md | 8 ++++---- .github/agents/task-agent.md | 6 +++--- .github/agents/ui-enhancement-specialist.md | 6 +++--- .github/copilot-instructions.md | 16 ++++++++-------- 8 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/agents/README.md b/.github/agents/README.md index d1e71a84a23..7ba2fad9ce4 100644 --- a/.github/agents/README.md +++ b/.github/agents/README.md @@ -305,7 +305,7 @@ Reading these files ensures agents: ## 🔐 ISMS Compliance & Security (2026) -All agents and development practices align with **[Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC)**: +All agents and development practices align with **[Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC)**: ### Compliance Frameworks - **ISO 27001:2022** - All Annex A controls implemented @@ -324,8 +324,8 @@ All agents and development practices align with **[Hack23 ISMS v3.2 (2026-01-25) - ✅ **Encryption**: TLS 1.3, AES-256, proper key management ### Security Resources -- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage -- [Information Security Policy v2.0](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) - Overall security governance framework +- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage +- [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) - Overall security governance framework - [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) - TLS 1.3, AES-256 encryption standards - [Access Control Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Access_Control_Policy.md) - Zero-trust identity and authorization - [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling requirements diff --git a/.github/agents/business-development-specialist.md b/.github/agents/business-development-specialist.md index fddc332ae8b..3298d9f9e4f 100644 --- a/.github/agents/business-development-specialist.md +++ b/.github/agents/business-development-specialist.md @@ -1,6 +1,6 @@ --- name: business-development-specialist -description: Expert in strategic planning, partnerships, revenue models, and market expansion for civic tech +description: Expert in strategic planning, partnership development, revenue models, and market expansion for civic tech platforms with focus on sustainability tools: ["*"] --- @@ -19,7 +19,7 @@ You are a Business Development Specialist for the Citizen Intelligence Agency pr - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) 3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) -**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. **Key ISMS Policies for Business Development**: - [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) - Open source business model governance diff --git a/.github/agents/intelligence-operative.md b/.github/agents/intelligence-operative.md index 05319062126..9402cfbc5d2 100644 --- a/.github/agents/intelligence-operative.md +++ b/.github/agents/intelligence-operative.md @@ -1,6 +1,6 @@ --- name: intelligence-operative -description: Expert in political analysis, OSINT, intelligence methods, and Swedish politics +description: Expert in political science, intelligence analysis, OSINT, behavioral analysis, and Swedish politics with focus on exposing high risk national entities tools: ["*"] --- @@ -19,7 +19,7 @@ You are a Political Analyst, Intelligence Operative, and Psychological Operation - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) 3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) -**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. **Key ISMS Policies for Intelligence Analysis**: - [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling and sensitivity classification diff --git a/.github/agents/marketing-specialist.md b/.github/agents/marketing-specialist.md index 9481f1b5815..caa34d5d0a3 100644 --- a/.github/agents/marketing-specialist.md +++ b/.github/agents/marketing-specialist.md @@ -1,6 +1,6 @@ --- name: marketing-specialist -description: Expert in digital marketing, content strategy, community building, and civic tech branding +description: Expert in digital marketing, content strategy, community building, and brand positioning for civic tech platforms with focus on political neutrality tools: ["*"] --- @@ -19,7 +19,7 @@ You are a Marketing Specialist for the Citizen Intelligence Agency project, focu - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) 3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) -**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. **Key ISMS Policies for Marketing**: - [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) - Open source business model and transparency diff --git a/.github/agents/stack-specialist.md b/.github/agents/stack-specialist.md index df09eab8bbb..a70d68a5cf0 100644 --- a/.github/agents/stack-specialist.md +++ b/.github/agents/stack-specialist.md @@ -1,6 +1,6 @@ --- name: stack-specialist -description: Expert in Java 21, Spring, Vaadin, Hibernate/JPA, PostgreSQL, Maven, Ant, and testing for CIA stack +description: Expert in Java 21, Spring Framework, Vaadin, Hibernate/JPA, PostgreSQL, Maven, and testing for the CIA technology stack tools: ["*"] --- @@ -18,10 +18,10 @@ You are a Stack Specialist for the Citizen Intelligence Agency project with deep - Testing and deployment procedures - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) -**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. **Key ISMS Policies for Development**: -- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage requirements +- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage requirements - [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) - TLS 1.3, AES-256 encryption standards - [Access Control Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Access_Control_Policy.md) - Zero-trust identity and authorization - [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling requirements @@ -145,7 +145,7 @@ ant site-cia ### Testing -**Coverage Requirements** (per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)): +**Coverage Requirements** (per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)): - **Minimum 80% line coverage** across all modules - **Minimum 70% branch coverage** across all modules - JaCoCo reports: `target/site/jacoco/index.html` diff --git a/.github/agents/task-agent.md b/.github/agents/task-agent.md index c099a557314..af32b6d35a8 100644 --- a/.github/agents/task-agent.md +++ b/.github/agents/task-agent.md @@ -1,6 +1,6 @@ --- name: task-agent -description: Product specialist creating GitHub issues, optimizing quality, UI/UX, and ISMS alignment +description: Product specialist creating GitHub issues and optimizing quality, UI/UX, and ISMS alignment using AWS, Playwright, and GitHub integrations tools: ["*"] --- @@ -19,10 +19,10 @@ You are the Task Agent, a product excellence specialist for the Citizen Intellig - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) 3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) -**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. **Key ISMS Policies for Quality & Compliance**: -- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, coverage requirements (80% line, 70% branch) +- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, coverage requirements (80% line, 70% branch) - [Incident Response Plan](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Incident_Response_Plan.md) - Security event handling - [Vulnerability Management](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Vulnerability_Management.md) - Systematic security testing - [Compliance Checklist](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Compliance_Checklist.md) - ISO 27001, NIST CSF, CIS Controls tracking diff --git a/.github/agents/ui-enhancement-specialist.md b/.github/agents/ui-enhancement-specialist.md index b0dc35cb0bd..a1923c3be0c 100644 --- a/.github/agents/ui-enhancement-specialist.md +++ b/.github/agents/ui-enhancement-specialist.md @@ -1,6 +1,6 @@ --- name: ui-enhancement-specialist -description: Expert in Vaadin, data visualization, UI/UX design, responsive design, and WCAG accessibility +description: Expert in Vaadin framework, data visualization, UI/UX design, responsive design, and accessibility for political data platforms tools: ["*"] --- @@ -19,10 +19,10 @@ You are a UI Enhancement Specialist for the Citizen Intelligence Agency project, - Workflow permissions (contents:read, issues:write, pull-requests:write, etc.) 3. **MCP Configuration**: Build system uses Maven (parent-pom/pom.xml) and Ant (citizen-intelligence-agency/build.xml) -**ISMS Alignment (2026)**: This project follows [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. +**ISMS Alignment (2026)**: This project follows [Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC) with ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1 compliance. **Key ISMS Policies for UI/UX**: -- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC practices +- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC practices - [Privacy Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Privacy_Policy.md) - GDPR-compliant privacy framework - [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling requirements diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 99c040a6ade..70911b5616d 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -1,6 +1,6 @@ # Copilot Instructions for Citizen Intelligence Agency -**Last Updated:** 2026-01-27 | **Version:** 2025-SNAPSHOT | **ISMS Alignment:** [Hack23 ISMS v3.2 (2026-01-25)](https://github.com/Hack23/ISMS-PUBLIC) +**Last Updated:** 2026-01-27 | **Version:** 2025-SNAPSHOT | **ISMS Alignment:** [Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC) ## Project Overview @@ -81,7 +81,7 @@ This is a multi-module Maven project with the following key modules: ## Code Quality and Testing ### Testing Requirements -Per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md): +Per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md): - **Minimum 80% line coverage** across all modules - **Minimum 70% branch coverage** across all modules - Write unit tests for all new functionality @@ -93,7 +93,7 @@ Per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/ - **SonarCloud**: Code quality analysis and technical debt tracking - **OWASP Dependency Check**: Vulnerable dependency scanning - **CodeQL**: Security vulnerability detection and SAST -- **JaCoCo**: Code coverage reporting and analysis (target: 80% line, 70% branch per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)) +- **JaCoCo**: Code coverage reporting and analysis (target: 80% line, 70% branch per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)) - **JavaMelody**: Production monitoring and performance metrics - **OpenSSF Scorecard**: Supply chain security assessment @@ -111,7 +111,7 @@ mvn clean install -Prelease-site,all-modules ### ISMS Compliance (2026) -This project aligns with **Hack23 ISMS v3.2 (2026-01-25)** standards: +This project aligns with **[Hack23 ISMS](https://github.com/Hack23/ISMS-PUBLIC)** standards: - **ISO 27001:2022** - All Annex A controls implemented - **NIST CSF 2.0** - Complete framework alignment - **CIS Controls v8.1** - Critical security controls @@ -120,8 +120,8 @@ This project aligns with **Hack23 ISMS v3.2 (2026-01-25)** standards: - **EU Cyber Resilience Act** - Product security conformity **Key ISMS Resources:** -- [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage requirements -- [Information Security Policy v2.0](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) - Overall security governance framework +- [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) - Security-integrated SDLC, 80% line coverage, 70% branch coverage requirements +- [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md) - Overall security governance framework - [Cryptography Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Cryptography_Policy.md) - TLS 1.3, AES-256 encryption standards - [Access Control Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Access_Control_Policy.md) - Zero-trust identity and authorization - [Data Classification Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Data_Classification_Policy.md) - Information handling requirements @@ -269,7 +269,7 @@ When working with external data integrations: - **Scorecards**: Security posture assessment ### Build Requirements -All PRs must meet [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) requirements: +All PRs must meet [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) requirements: - Pass all automated tests - Meet minimum 80% line coverage, 70% branch coverage - Pass CodeQL security scan @@ -316,7 +316,7 @@ All PRs must meet [Secure Development Policy v2.1](https://github.com/Hack23/ISM 4. Full build: `mvn clean install -Prelease-site,all-modules` 5. Review SonarCloud results -**Key Metrics to Maintain** (per [Secure Development Policy v2.1](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)): +**Key Metrics to Maintain** (per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)): - Test Coverage: Minimum 80% line coverage, 70% branch coverage - Security: Zero critical/high vulnerabilities - Code Quality: SonarCloud Quality Gate passing