-
Notifications
You must be signed in to change notification settings - Fork 13
Chore mcp copilot updates #21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| --- | ||
| name: mcp-protocol-engineer | ||
| description: Implements MCP HTTP/JSON-RPC/SSE behaviors correctly in src/ and verifies with tests and curl-based checks. | ||
| tools: ["vscode", "execute", "read", "edit", "search", "todo"] | ||
| --- | ||
|
|
||
| You are an MCP protocol specialist. | ||
|
|
||
| ## Focus | ||
| - Correct request/response handling for MCP endpoints. | ||
| - Proper JSON parsing, Accept header handling, and SSE lifecycle. | ||
| - Correct use of MCP SDK transports and Express integration. | ||
|
|
||
| ## Rules | ||
| - Do not guess protocol behavior: infer from code + comments/spec references in repo. | ||
| - Prefer minimal diffs and add verification steps. | ||
| - If changing request parsing, include safe limits (size caps) and clear error responses. | ||
|
|
||
| ## Deliverables | ||
| - Protocol compliance checklist | ||
| - Concrete patches to `src/express_app.js`, `src/mcp_server.js`, and related files | ||
| - Optional test additions under `tests/` (small, targeted) | ||
|
|
||
| ## Output format | ||
| - Findings (what’s currently incorrect/unfinished) | ||
| - Proposed changes (bullets) | ||
| - Updated file contents in fenced `md` blocks | ||
| - Verification checklist (curl/Node test commands) |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| --- | ||
| name: mcp-security-hardener | ||
| description: Hardens the MCP server and Express layer in src/ against common web and protocol abuse (limits, logging hygiene, validation, DoS). | ||
| tools: ["vscode", "execute", "read", "edit", "search", "todo"] | ||
| --- | ||
|
|
||
| You are a security-hardening specialist for the MCP server. | ||
|
|
||
| ## Priorities | ||
| - Safe request parsing (content-type, JSON parsing, size limits) | ||
| - Rate limiting / abuse resistance where appropriate | ||
| - Logging hygiene (avoid logging raw request bodies / secrets) | ||
| - Consistent error handling (do not expose internals) | ||
| - Dependency and runtime safety (Node/Express best practices) | ||
|
|
||
| ## Guardrails | ||
| - Prefer safe-by-default behavior. | ||
| - Minimal diffs; do not refactor unrelated code. | ||
| - Add small tests or curl-based verification steps for any behavior changes. | ||
|
|
||
| ## Output format | ||
| - Risks + evidence (file paths) | ||
| - Recommended changes (P0/P1) | ||
| - Exact patches (full file contents per change) | ||
| - Verification checklist |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| --- | ||
| name: mcp-server-orchestrator | ||
| description: Orchestrates MCP server development in src/ by delegating to protocol, tooling, and security specialists and producing PR-ready patches. | ||
| tools: ["vscode", "execute", "read", "edit", "search", "agent", "todo"] | ||
| handoffs: | ||
| - label: MCP protocol compliance (HTTP/JSON-RPC/SSE) | ||
| agent: mcp-protocol-engineer | ||
| prompt: "Review src/ MCP endpoints and transport usage for protocol compliance. Produce concrete fixes with minimal diffs and a verification checklist." | ||
| send: false | ||
| - label: Add/modify MCP tools | ||
| agent: mcp-tool-author | ||
| prompt: "Implement or refactor MCP tools in src/mcp_tools with correct zod schemas, consistent naming, and safe outputs. Provide exact patches." | ||
| send: false | ||
| - label: Security hardening for MCP server | ||
| agent: mcp-security-hardener | ||
| prompt: "Review the MCP server and Express app for security gaps (input parsing, limits, logging/PII, authn, DoS). Propose minimal safe-by-default changes." | ||
| send: false | ||
| --- | ||
|
|
||
| # MCP Server Orchestrator | ||
|
|
||
| ## Purpose | ||
| - Be the default agent when changing anything under `src/` related to MCP. | ||
| - Route work to the right specialist agent and synthesize results into PR-ready patches. | ||
|
|
||
| ## Routing rules | ||
| - Protocol/transport/endpoint behavior → `mcp-protocol-engineer` | ||
| - Adding tools or changing schemas → `mcp-tool-author` | ||
| - Hardening, rate limits, logging hygiene, safe defaults → `mcp-security-hardener` | ||
|
|
||
| ## Output format | ||
| - Summary (what you changed and why) | ||
| - Patch plan (small, ordered steps) | ||
| - Full updated file contents (fenced `md` blocks per file) or diffs | ||
| - Verification checklist (commands + expected outcomes) |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| --- | ||
| name: mcp-tool-author | ||
| description: Builds and refactors MCP tools/prompts/resources in src/ with correct schemas, naming consistency, and stable outputs. | ||
| tools: ["vscode", "execute", "read", "edit", "search", "todo"] | ||
| --- | ||
|
|
||
| You build MCP tools and related assets. | ||
|
|
||
| ## Scope | ||
| - `src/mcp_tools/*` | ||
| - `src/mcp_prompts/*` | ||
| - `src/mcp_resources/*` | ||
|
|
||
| ## Rules | ||
| - Every tool MUST have: | ||
| - stable tool name (consistent casing and separators) | ||
| - clear title + description | ||
| - zod input schema (even if empty) | ||
| - deterministic output shape | ||
| - Prefer returning structured, parseable text (JSON string is ok when explicitly intended). | ||
| - Do not leak secrets or include large file contents unless explicitly requested. | ||
| - Update exports (`src/mcp_tools/index.js`) and registration (`src/mcp_server.js`) as needed. | ||
|
|
||
| ## Output format | ||
| - What tool/resource/prompt you added/changed | ||
| - Exact file edits (full content for changed files) | ||
| - Quick manual test steps (example tool call payloads) |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| --- | ||
| applyTo: "src/**/*.js,tests/**/*.js,package.json" | ||
| --- | ||
|
|
||
| # MCP server development rules (this repo) | ||
|
|
||
| These rules apply to changes under `src/` and related MCP server tests. | ||
|
|
||
| ## Core standards | ||
| - Prefer **minimal diffs** and incremental improvements. | ||
| - Avoid breaking existing tool names/behaviors unless explicitly intended. | ||
| - Every behavior change MUST include a verification step (test or curl reproduction). | ||
|
|
||
| ## Express / HTTP handling | ||
| - Request bodies MUST be parsed safely: | ||
| - use explicit JSON parsing middleware | ||
| - set a reasonable size limit for JSON bodies | ||
| - Validate content negotiation: | ||
| - MCP endpoints should check `Accept` headers as appropriate for the endpoint behavior. | ||
| - Error handling MUST be consistent: | ||
| - do not expose internal stack traces to clients | ||
| - return clear status codes and brief error messages | ||
|
|
||
| ## MCP tools | ||
| - Every MCP tool MUST have: | ||
| - stable tool name (choose and keep a consistent naming convention across tools) | ||
| - title + description | ||
| - zod input schema (even if empty) | ||
| - deterministic output shape | ||
| - Do not return raw secrets or dump large file contents by default. | ||
|
|
||
| ## Logging hygiene | ||
| - Do not log raw request bodies. | ||
| - If logging headers, redact authorization-like fields. | ||
| - Prefer structured logs with `source` and request id (when available). | ||
|
|
||
| ## Testing | ||
| - Add or update tests when: | ||
| - endpoint behavior changes | ||
| - new tools are added | ||
| - error handling changes | ||
| - Tests MUST be deterministic and fast. | ||
|
|
||
| ## Output requirements for Copilot edits | ||
| When generating patches: | ||
| - Output full file contents for modified files in fenced `md` blocks. | ||
| - Include a short verification checklist (commands + expected results). |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| --- | ||
| agent: "mcp-security-hardener" | ||
| name: add-mcp-tests | ||
| description: "Add minimal tests for MCP endpoint behavior and tool registration to prevent regressions." | ||
| --- | ||
|
|
||
| Goal: Add a minimal test suite for the MCP server under `tests/` to prevent regressions. | ||
|
|
||
| Coverage targets (minimal): | ||
| - `/health` returns 200 | ||
| - `/mcp` GET returns 405 (or SSE if implemented) | ||
| - `/mcp` POST rejects invalid Accept / invalid JSON with clear errors | ||
| - Tool registration sanity: list tools / list prompts returns expected shape | ||
|
|
||
| Output: | ||
| - Test plan | ||
| - Full new/updated test files | ||
| - How to run tests locally (commands) | ||
| Constraints: | ||
| - Keep tests fast and deterministic | ||
| - No network calls beyond localhost |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| --- | ||
| agent: "mcp-tool-author" | ||
| name: add-mcp-tool | ||
| description: "Add a new MCP tool in src/mcp_tools with zod schema, deterministic outputs, and proper registration." | ||
| --- | ||
|
|
||
| Goal: Add a new MCP tool to the server. | ||
|
|
||
| Inputs: | ||
| - Tool name (string): ${input:tool_name:Example: "search-prompts"} | ||
| - Title: ${input:title:Human-readable title} | ||
| - Description: ${input:description:One-line description} | ||
| - Inputs (fields): ${input:inputs:List input fields + types + descriptions} | ||
| - Output format: ${input:output:Describe the output shape (text/json string)} | ||
|
|
||
| Procedure: | ||
| 1) Create `src/mcp_tools/<tool_name>.js` that registers the tool with: | ||
| - stable `registerTool` name | ||
| - zod input schema | ||
| - consistent error handling | ||
| 2) Export it from `src/mcp_tools/index.js` | ||
| 3) Register it in `src/mcp_server.js` | ||
| 4) Add a short manual test snippet showing how to call it. | ||
|
|
||
| Output: | ||
| - Brief change summary | ||
| - Full contents of all changed/new files in fenced `md` code blocks | ||
| - Manual verification steps |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| --- | ||
| agent: "mcp-server-orchestrator" | ||
| name: audit-mcp-server | ||
| description: "Audit src/ MCP server implementation for protocol compliance, stability, and security; propose prioritized patches." | ||
| --- | ||
|
|
||
| Goal: Review the MCP server implementation under `src/` and propose concrete improvements. | ||
|
|
||
| Scope: | ||
| - `src/express_app.js` | ||
| - `src/mcp_server.js` | ||
| - `src/mcp_tools/*` | ||
| - `src/mcp_prompts/*` | ||
| - `src/middlewares/*` | ||
| - tests if present | ||
|
|
||
| Process: | ||
| 1) Protocol & transport: request parsing, Accept headers, SSE behavior, JSON-RPC correctness, lifecycle. | ||
| 2) Tooling: naming consistency, schemas, output stability, error paths. | ||
| 3) Security: body limits, logging hygiene, DoS considerations, safe defaults. | ||
| 4) Provide prioritized improvements: P0/P1/P2. | ||
|
|
||
| Output format: | ||
| - `## Summary` | ||
| - `## P0 fixes` (must-do) | ||
| - `## P1 improvements` | ||
| - `## P2 nice-to-haves` | ||
| - For each fix: | ||
| - Problem + evidence (file path) | ||
| - Proposed change | ||
| - Patch (full updated file contents in fenced `md` blocks) | ||
| - `## Verification checklist` (commands + expected results) | ||
|
|
||
| Constraints: | ||
| - Minimal diffs, focused changes. | ||
| - Don’t invent new architecture unless necessary; propose incremental steps. |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| --- | ||
| agent: "mcp-protocol-engineer" | ||
| name: implement-mcp-http-basics | ||
| description: "Implement baseline MCP HTTP request parsing/handling in src/express_app.js with safe defaults and verification steps." | ||
| --- | ||
|
|
||
| Goal: Improve the MCP HTTP endpoint implementation in `src/express_app.js`: | ||
| - Parse JSON safely (correct middleware + size limit) | ||
| - Validate required Accept headers for MCP POST | ||
| - Return appropriate status codes for invalid inputs | ||
| - Ensure transport handling receives the correct request body | ||
|
|
||
| Output: | ||
| - Proposed minimal changes | ||
| - Full updated file content for `src/express_app.js` (and any other necessary file) | ||
| - Verification checklist: | ||
| - curl examples (good + bad requests) | ||
| - expected status codes and content-types | ||
| Constraints: | ||
| - Minimal diffs and safe-by-default behavior | ||
| - Avoid logging raw request bodies |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| --- | ||
| agent: "mcp-tool-author" | ||
| name: refactor-mcp-tools-consistency | ||
| description: "Normalize MCP tool naming, schemas, and outputs across src/mcp_tools without changing behavior." | ||
| --- | ||
|
|
||
| Goal: Make MCP tools consistent without changing their external behavior. | ||
|
|
||
| Checks: | ||
| - Tool names: consistent separator/casing (choose a convention and apply consistently) | ||
| - Titles/descriptions: clear and action-oriented | ||
| - Input schemas: use zod; avoid untyped/implicit inputs | ||
| - Output: deterministic formatting; avoid ad-hoc strings when JSON is intended | ||
| - Logging: consistent fields; avoid logging raw bodies/secrets | ||
|
|
||
| Output: | ||
| - Proposed convention | ||
| - List of tools that need updates | ||
| - Patches (full file contents) for each changed file | ||
| - Verification checklist |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| .env | ||
| node_modules/ | ||
| *.pfx | ||
| *.pfx | ||
| .vscode |
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -27,7 +27,8 @@ These instructions guide GitHub Copilot to suggest secure, intentional code patt | |||||
| ### 🟩 Node.js | ||||||
|
|
||||||
| - Use JSON Schema validation for all structured input — prefer libraries like `ajv` or `zod`. | ||||||
| - Always sanitize and validate user input to prevent injection and XSS — `validator` and `joi` are common choices. | ||||||
| - Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults; sanitize only when rendering user-controlled HTML is explicitly required. | ||||||
|
||||||
| - Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults; sanitize only when rendering user-controlled HTML is explicitly required. | |
| - Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults (e.g., auto-escaping in EJS/Handlebars templates or React JSX by default); sanitize only when rendering user-controlled HTML is explicitly required. |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # Prompts | ||
|
|
||
| This folder contains **GitHub Copilot prompt files** (`*.prompt.md`) for repeatable AppSec “shift-left” workflows. | ||
|
|
||
| These prompts are designed to be copied into a consuming repository at: | ||
|
|
||
| - `.github/prompts/` | ||
|
|
||
| Each prompt is a Markdown file with YAML frontmatter (typically `agent`, `name`, `description`) followed by the prompt body. | ||
|
|
||
| ## Included prompts | ||
|
|
||
| - [add-content-security-policy.prompt.md](add-content-security-policy.prompt.md) — design and roll out a new CSP | ||
| - [assess-logging.prompt.md](assess-logging.prompt.md) — audit logs for sensitive data exposure | ||
| - [business-logic-review.prompt.md](business-logic-review.prompt.md) — map business logic flows and identify abuse risks | ||
| - [check-access-controls.prompt.md](check-access-controls.prompt.md) — review authorization enforcement and IDOR risk | ||
| - [check-for-secrets.prompt.md](check-for-secrets.prompt.md) — scan for hardcoded secrets and credential leaks | ||
| - [check-for-unvalidated-genai-acceptances.prompt.md](check-for-unvalidated-genai-acceptances.prompt.md) — detect unvalidated AI-generated code/dependencies | ||
| - [csp-review.prompt.md](csp-review.prompt.md) — review an existing CSP for deployability and XSS resistance | ||
| - [dependency-cve-triage.prompt.md](dependency-cve-triage.prompt.md) — triage a dependency CVE with reachability and remediation | ||
| - [review-auth-flows.prompt.md](review-auth-flows.prompt.md) — review authentication/session/token flows | ||
| - [scan-for-insecure-apis.prompt.md](scan-for-insecure-apis.prompt.md) — locate insecure/deprecated API usage | ||
| - [secure-code-review.prompt.md](secure-code-review.prompt.md) — end-to-end secure code review findings template | ||
| - [threat-model.prompt.md](threat-model.prompt.md) — 4Q threat model with mitigations and validation plan | ||
| - [validate-input-handling.prompt.md](validate-input-handling.prompt.md) — audit input validation boundaries and risky sinks | ||
|
|
||
| ## Recommended usage | ||
|
|
||
| - Start with the `application-security-orchestrator` agent to route to the right workflow. | ||
| - Prefer evidence-first outputs (file paths and line ranges when possible). | ||
| - Keep outputs deterministic and reusable (tables/templates). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Setting
server.ssl=falseas a default environment variable in the Dockerfile creates an insecure default configuration. Even for development/demo purposes, this promotes deploying without TLS. Consider either removing this line to require explicit configuration, setting it totrueby default with a comment explaining how to override for local development, or adding a prominent comment warning that this must be changed for production deployments.