Integrate quality checks and enhance ISMS policy references with specific versions

.github/agents/README.md

@@ -11,8 +11,7 @@ Specialized in:
 - Product quality analysis across code, UI/UX, security, and performance
 - Creating well-structured GitHub issues with proper labels and assignments
 - Coordinating between specialized agents for task implementation
-- ISMS compliance verification and security alignment
-- Using GitHub MCP, Playwright, and AWS tools for comprehensive analysis
+- ISMS compliance verification and security alignment (v3.2, 2026)
 - Identifying improvements and creating actionable tasks
 
 **Tools:** `view`, `edit`, `create`, `bash`, `search_code`, `custom-agent`
@@ -21,9 +20,9 @@ Specialized in:
 - 🔍 Analyze codebase for quality, security, and UX improvements
 - 📝 Create structured GitHub issues with clear acceptance criteria
 - 🤝 Assign tasks to appropriate specialized agents
-- 🔒 Verify ISMS policy alignment and compliance
-- 🎭 Use Playwright for UI/UX testing and analysis
+- 🔒 Verify ISMS policy alignment and compliance (v3.2, 2026)
 - 📊 Generate comprehensive product improvement plans
+- ✅ Run quality checks: `npm run lint`, `npm run build`, `npm run test`, `npm run coverage`, `npm run test:licenses`
 
 ---
 
@@ -40,6 +39,8 @@ Specialized in:
 
 **Tools:** `view`, `edit`, `create`, `bash`, `custom-agent`
 
+**Quality Checks:** `npm run lint`, `npm run build`, `npm run test`, `npm run coverage`, `npm run test:e2e`, `npm run test:licenses`
+
 ---
 
 ### 🎨 frontend-specialist
@@ -55,6 +56,8 @@ Specialized in:
 
 **Tools:** `view`, `edit`, `create`, `bash`, `custom-agent`
 
+**Quality Checks:** `npm run lint`, `npm run build`, `npm run test`, `npm run coverage`, `npm run test:licenses`
+
 ---
 
 ### 🧪 test-engineer
@@ -70,6 +73,8 @@ Specialized in:
 
 **Tools:** `view`, `edit`, `create`, `bash`, `search_code`, `custom-agent`
 
+**Quality Checks:** `npm run lint`, `npm run build`, `npm run test`, `npm run coverage`, `npm run test:e2e`, `npm run test:licenses`
+
 ---
 
 ### 🔒 security-specialist
@@ -78,15 +83,19 @@ Specialized in:
 Specialized in:
 - Supply chain security (OSSF Scorecard, SLSA)
 - License compliance verification
-- SBOM quality validation
+- SBOM quality validation (min 7.0/10)
 - Secure coding practices and OWASP guidelines
 - CodeQL and vulnerability scanning
 - Dependency management and audit
-- [ISMS-PUBLIC](https://github.com/Hack23/ISMS-PUBLIC) policy compliance
-- Security documentation aligned with [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)
+- [ISMS-PUBLIC](https://github.com/Hack23/ISMS-PUBLIC) (v3.2, 2026) policy compliance
+- Security documentation aligned with:
+  - [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) (v2.1, 2026-01-25)
+  - [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) (v2.3, 2026-01-25)
 
 **Tools:** `view`, `edit`, `bash`, `search_code`, `custom-agent`
 
+**Quality Checks:** `npm audit`, `npm run test:licenses` per [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) (v2.3), `npm run lint`, `npm run build`, `npm run test`, `npm run coverage` (80%+ per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) v2.1)
+
 ---
 
 ### 📝 documentation-writer
@@ -102,6 +111,8 @@ Specialized in:
 
 **Tools:** `view`, `edit`, `create`, `search_code`, `custom-agent`
 
+**Quality Checks:** Verify code examples, check links, ensure ISMS references are current (v3.2, 2026)
+
 ---
 
 ## 🔄 Agent Workflow
@@ -258,8 +269,12 @@ You specialize in:
 ✅ **Single Responsibility:** Each agent focuses on one domain
 ✅ **Minimal Tools:** Only include tools the agent actually needs
 ✅ **Clear Expertise:** Well-defined areas of specialization
+✅ **Quality Checks:** All agents reference relevant npm scripts for validation
+✅ **ISMS Alignment:** All agents follow [Hack23 AB's ISMS](https://github.com/Hack23/ISMS-PUBLIC) (v3.2, 2026)
 ✅ **Consistent Standards:** All agents follow project guidelines in `.github/copilot-instructions.md`
 
+**Note on MCP Servers:** Repository-level agents (in `.github/agents/`) cannot have MCP server configurations. MCP servers are configured at the repository level in `.github/copilot-mcp.json` and are available to all agents through the Copilot environment.
+
 ## 📊 Agent Specialization Matrix
 
 | Domain | Primary Agent | Secondary Agent | MCP Server |
@@ -276,6 +291,7 @@ You specialize in:
 ## 📚 Resources
 
 - [GitHub Copilot Custom Agents Documentation](https://docs.github.com/en/copilot/concepts/agents/coding-agent/about-custom-agents)
-- [Repository Custom Instructions](..//copilot-instructions.md)
-- [MCP Configuration Guide](../../docs/MCP_CONFIGURATION.md)
-- [MCP Architecture Overview](../../docs/MCP_ARCHITECTURE.md)
+- [Repository Custom Instructions](../copilot-instructions.md)
+- [MCP Configuration](../copilot-mcp.json)
+- [Hack23 AB ISMS (v3.2, 2026)](https://github.com/Hack23/ISMS-PUBLIC)
+- [ISMS Policy Mapping](../../docs/ISMS_POLICY_MAPPING.md)

.github/agents/documentation-writer.md

@@ -49,12 +49,14 @@ You specialize in:
 
 ## Security Documentation
 
-- Document security features and best practices following [Hack23 AB's ISMS](https://github.com/Hack23/ISMS-PUBLIC)
+- Document security features and best practices following [Hack23 AB's ISMS](https://github.com/Hack23/ISMS-PUBLIC) (v3.2, 2026)
 - Maintain SECURITY.md with vulnerability reporting procedures aligned with [Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md)
-- Document compliance requirements and attestations per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)
-- Keep security badges and metrics updated
+- Document compliance requirements and attestations per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) (v2.1)
+- Document supply chain security measures per [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) (v2.3)
+- Keep security badges and metrics updated (OSSF Scorecard, CodeQL, SLSA)
 - Explain security controls and measures with clear traceability to ISMS policies
 - Reference [ISMS Policy Mapping](../../docs/ISMS_POLICY_MAPPING.md) as example of comprehensive security documentation
+- Document 80%+ test coverage requirement per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)
 
 ## User Guides
 
@@ -82,11 +84,28 @@ You specialize in:
 - Include legends when needed
 - Test diagrams render correctly in GitHub
 
+## Quality Checks
+
+Before completing documentation work:
+- Verify all code examples are accurate and tested
+- Check all links are valid and up to date
+- Ensure markdown renders correctly in GitHub
+- Verify ISMS policy references include correct versions:
+  - Secure Development Policy v2.1 (2026-01-25)
+  - Open Source Policy v2.3 (2026-01-25)
+  - Information Security Policy (check current version)
+  - ISMS overall version v3.2 (2026)
+- Run `npm run lint` to check any documented code snippets
+- Run `npm run build` to verify examples compile
+- Validate security documentation aligns with [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)
+
 ## Remember
 
 - Documentation is code - keep it accurate and updated
 - Use clear, concise language without jargon
 - Include practical examples and use cases
 - Test all code examples before documenting
 - Keep documentation in sync with code changes
+- Verify ISMS references point to correct versions
 - Follow the project's documentation standards in `.github/copilot-instructions.md`
+- All work aligns with [Hack23 AB's ISMS](https://github.com/Hack23/ISMS-PUBLIC) (v3.2, 2026)

.github/agents/frontend-specialist.md

@@ -39,23 +39,35 @@ You specialize in:
 
 ## Testing
 
-- Write unit tests using Vitest and React Testing Library
-- Aim for 80%+ code coverage minimum
+- Write unit tests using Vitest and React Testing Library: `npm run test`
+- Aim for 80%+ code coverage minimum: `npm run coverage`
 - Test critical user interactions and component behavior
 - Mock external dependencies with proper TypeScript typings
 - Follow the "arrange, act, assert" pattern
 
-## Build & Deploy
+## Quality Checks
 
-- Ensure components work with Vite's build system
-- Verify fast refresh works during development
-- Consider performance and bundle size
-- Optimize re-renders and avoid unnecessary updates
+Before completing work, always run:
+- `npm run lint` - Verify code quality and ESLint rules
+- `npm run build` - Ensure TypeScript compiles and Vite builds successfully
+- `npm run test` - Run all unit tests
+- `npm run coverage` - Verify 80%+ coverage per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) (v2.1)
+- `npm run test:licenses` - Ensure all dependencies have approved licenses per [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) (v2.3)
+
+## Security Standards
+
+- Follow OWASP secure coding guidelines per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)
+- Never commit secrets or credentials - use environment variables
+- Validate and sanitize all user inputs in UI components
+- Implement proper error boundaries and error handling
+- Apply security-by-design principles to all React components
 
 ## Remember
 
 - Always use TypeScript strict mode with explicit types
 - Test components thoroughly with React Testing Library
 - Follow React best practices and hooks rules
 - Keep components small, focused, and reusable
+- Run all quality checks before committing
 - Follow the project's coding standards in `.github/copilot-instructions.md`
+- All work aligns with [Hack23 AB's ISMS](https://github.com/Hack23/ISMS-PUBLIC) (v3.2, 2026)

.github/agents/game-developer.md

@@ -62,15 +62,35 @@ You specialize in:
 
 ## Testing
 
-- Write unit tests for game logic using Vitest with jsdom
-- Test game state management and component interactions
-- Create E2E tests for critical game flows using Cypress
+- Write unit tests for game logic using Vitest with jsdom: `npm run test`
+- Run coverage reports to ensure quality: `npm run coverage` (80%+ target)
+- Create E2E tests for critical game flows using Cypress: `npm run test:e2e`
 - Mock Three.js dependencies appropriately in tests
 
+## Quality Checks
+
+Before completing work, always run:
+- `npm run lint` - Verify code quality and style
+- `npm run build` - Ensure TypeScript compiles without errors
+- `npm run test` - Run unit tests with Vitest
+- `npm run coverage` - Verify 80%+ test coverage per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md) (v2.1)
+- `npm run test:e2e` - Run Cypress E2E tests for game flows
+- `npm run test:licenses` - Verify all dependencies have approved licenses per [Open Source Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Open_Source_Policy.md) (v2.3)
+
+## Security Standards
+
+- Follow OWASP secure coding guidelines per [Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)
+- Never commit secrets or credentials - use environment variables
+- Apply security-by-design principles to all game components
+- Validate and sanitize all user inputs in game interactions
+- Implement proper error handling without exposing sensitive information
+
 ## Remember
 
 - Always use TypeScript strict mode with explicit types
 - Optimize for 60fps performance - minimize re-renders
 - Leverage @react-three/fiber and @react-three/drei for best practices
 - Test game mechanics thoroughly with both unit and E2E tests
+- Run all quality checks before committing changes
 - Follow the project's coding standards in `.github/copilot-instructions.md`
+- All work aligns with [Hack23 AB's ISMS](https://github.com/Hack23/ISMS-PUBLIC) (v3.2, 2026)