Chore mcp copilot updates#21
Conversation
- Add MCP-focused agent profiles (protocol, tools, security, orchestrator) - Add MCP server development instructions and helper prompts - Ignore VS Code workspace settings in git - Set Docker default server.ssl=false - Remove insecure sample test snippets
- Add new prompt templates for CSP rollout and CSP review - Add a prompts index README and update the main prompt catalogue - Clarify Node.js secure guidance: prefer contextual output encoding over sanitization - Normalize skill docs with top-level headings for consistent rendering
There was a problem hiding this comment.
Pull request overview
This PR enhances the repository's security-focused Copilot/MCP capabilities by adding MCP-specific agent profiles, prompt templates, and Content Security Policy (CSP) tooling, while also performing repository cleanup.
Changes:
- Added MCP-focused agents and prompts for server development, tooling, and security hardening
- Introduced CSP authoring and review prompt templates
- Removed intentionally insecure test fixture files
- Updated documentation for consistency and discoverability
Reviewed changes
Copilot reviewed 30 out of 31 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/weak-auth-flow.ts | Removed insecure test fixture demonstrating JWT and CSRF vulnerabilities |
| tests/unsafe-deserialization.py | Removed insecure test fixture showing unsafe deserialization patterns |
| tests/secret-hardcode.js | Removed insecure test fixture with hardcoded credentials |
| tests/overtrusted-genai-snippet.js | Removed insecure test fixture demonstrating AI hallucination risks |
| tests/logs-sensitive-data.go | Removed insecure test fixture logging sensitive data |
| tests/insecure-api.cs | Removed insecure test fixture using deprecated crypto |
| skills/*/SKILL.md | Added H1 heading for consistency across skill documentation |
| prompts/csp-review.prompt.md | Added CSP review prompt with comprehensive evaluation criteria |
| prompts/add-content-security-policy.prompt.md | Added CSP implementation prompt with rollout guidance |
| prompts/README.md | Created prompt catalog documentation |
| copilot-instructions.md | Clarified XSS prevention guidance to emphasize output encoding over sanitization |
| README.md | Updated with CSP prompts and added context about prompt location |
| Dockerfile | Added server.ssl environment variable configuration |
| .github/prompts/*.prompt.md | Added MCP-specific prompts for tooling, auditing, and testing |
| .github/instructions/mcp-server.development.instructions.md | Added path-specific development rules for MCP server code |
| .github/agents/*.agent.md | Added MCP agent profiles for orchestration, protocol, tooling, and security |
|
|
||
| - Use JSON Schema validation for all structured input — prefer libraries like `ajv` or `zod`. | ||
| - Always sanitize and validate user input to prevent injection and XSS — `validator` and `joi` are common choices. | ||
| - Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults; sanitize only when rendering user-controlled HTML is explicitly required. |
There was a problem hiding this comment.
The updated guidance correctly emphasizes contextual output encoding as the primary XSS defense, which is a significant improvement. However, consider adding a brief example or reference to what "safe templating defaults" means in practice (e.g., auto-escaping in template engines like EJS, Handlebars, or React). This would make the guidance more actionable for developers unfamiliar with the concept.
| - Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults; sanitize only when rendering user-controlled HTML is explicitly required. | |
| - Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults (e.g., auto-escaping in EJS/Handlebars templates or React JSX by default); sanitize only when rendering user-controlled HTML is explicitly required. |
| @@ -2,6 +2,7 @@ FROM node:lts-bullseye-slim | |||
|
|
|||
| ENV NODE_ENV=production | |||
| ENV server.port=8080 | |||
There was a problem hiding this comment.
Setting server.ssl=false as a default environment variable in the Dockerfile creates an insecure default configuration. Even for development/demo purposes, this promotes deploying without TLS. Consider either removing this line to require explicit configuration, setting it to true by default with a comment explaining how to override for local development, or adding a prominent comment warning that this must be changed for production deployments.
| ENV server.port=8080 | |
| ENV server.port=8080 | |
| # WARNING: TLS is disabled by default for this image. | |
| # This setting is ONLY appropriate for local development or when TLS is | |
| # terminated by a trusted reverse proxy/load balancer in front of this service. | |
| # For any production deployment, you MUST override this value to `true`, e.g.: | |
| # docker run -e server.ssl=true ... |
Summary
This PR expands the repo’s Copilot/MCP security content by adding new MCP-focused agent profiles and prompt templates, plus new Content-Security-Policy (CSP) prompts and supporting documentation updates.
Why
What changed
Risk
Low. Primarily new documentation/prompts and organizational scaffolding; also removes insecure test fixtures.