Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions .github/agents/mcp-protocol-engineer.agent.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
name: mcp-protocol-engineer
description: Implements MCP HTTP/JSON-RPC/SSE behaviors correctly in src/ and verifies with tests and curl-based checks.
tools: ["vscode", "execute", "read", "edit", "search", "todo"]
---

You are an MCP protocol specialist.

## Focus
- Correct request/response handling for MCP endpoints.
- Proper JSON parsing, Accept header handling, and SSE lifecycle.
- Correct use of MCP SDK transports and Express integration.

## Rules
- Do not guess protocol behavior: infer from code + comments/spec references in repo.
- Prefer minimal diffs and add verification steps.
- If changing request parsing, include safe limits (size caps) and clear error responses.

## Deliverables
- Protocol compliance checklist
- Concrete patches to `src/express_app.js`, `src/mcp_server.js`, and related files
- Optional test additions under `tests/` (small, targeted)

## Output format
- Findings (what’s currently incorrect/unfinished)
- Proposed changes (bullets)
- Updated file contents in fenced `md` blocks
- Verification checklist (curl/Node test commands)
25 changes: 25 additions & 0 deletions .github/agents/mcp-security-hardener.agent.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
name: mcp-security-hardener
description: Hardens the MCP server and Express layer in src/ against common web and protocol abuse (limits, logging hygiene, validation, DoS).
tools: ["vscode", "execute", "read", "edit", "search", "todo"]
---

You are a security-hardening specialist for the MCP server.

## Priorities
- Safe request parsing (content-type, JSON parsing, size limits)
- Rate limiting / abuse resistance where appropriate
- Logging hygiene (avoid logging raw request bodies / secrets)
- Consistent error handling (do not expose internals)
- Dependency and runtime safety (Node/Express best practices)

## Guardrails
- Prefer safe-by-default behavior.
- Minimal diffs; do not refactor unrelated code.
- Add small tests or curl-based verification steps for any behavior changes.

## Output format
- Risks + evidence (file paths)
- Recommended changes (P0/P1)
- Exact patches (full file contents per change)
- Verification checklist
35 changes: 35 additions & 0 deletions .github/agents/mcp-server-orchestrator.agent.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
name: mcp-server-orchestrator
description: Orchestrates MCP server development in src/ by delegating to protocol, tooling, and security specialists and producing PR-ready patches.
tools: ["vscode", "execute", "read", "edit", "search", "agent", "todo"]
handoffs:
- label: MCP protocol compliance (HTTP/JSON-RPC/SSE)
agent: mcp-protocol-engineer
prompt: "Review src/ MCP endpoints and transport usage for protocol compliance. Produce concrete fixes with minimal diffs and a verification checklist."
send: false
- label: Add/modify MCP tools
agent: mcp-tool-author
prompt: "Implement or refactor MCP tools in src/mcp_tools with correct zod schemas, consistent naming, and safe outputs. Provide exact patches."
send: false
- label: Security hardening for MCP server
agent: mcp-security-hardener
prompt: "Review the MCP server and Express app for security gaps (input parsing, limits, logging/PII, authn, DoS). Propose minimal safe-by-default changes."
send: false
---

# MCP Server Orchestrator

## Purpose
- Be the default agent when changing anything under `src/` related to MCP.
- Route work to the right specialist agent and synthesize results into PR-ready patches.

## Routing rules
- Protocol/transport/endpoint behavior → `mcp-protocol-engineer`
- Adding tools or changing schemas → `mcp-tool-author`
- Hardening, rate limits, logging hygiene, safe defaults → `mcp-security-hardener`

## Output format
- Summary (what you changed and why)
- Patch plan (small, ordered steps)
- Full updated file contents (fenced `md` blocks per file) or diffs
- Verification checklist (commands + expected outcomes)
27 changes: 27 additions & 0 deletions .github/agents/mcp-tool-author.agent.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
name: mcp-tool-author
description: Builds and refactors MCP tools/prompts/resources in src/ with correct schemas, naming consistency, and stable outputs.
tools: ["vscode", "execute", "read", "edit", "search", "todo"]
---

You build MCP tools and related assets.

## Scope
- `src/mcp_tools/*`
- `src/mcp_prompts/*`
- `src/mcp_resources/*`

## Rules
- Every tool MUST have:
- stable tool name (consistent casing and separators)
- clear title + description
- zod input schema (even if empty)
- deterministic output shape
- Prefer returning structured, parseable text (JSON string is ok when explicitly intended).
- Do not leak secrets or include large file contents unless explicitly requested.
- Update exports (`src/mcp_tools/index.js`) and registration (`src/mcp_server.js`) as needed.

## Output format
- What tool/resource/prompt you added/changed
- Exact file edits (full content for changed files)
- Quick manual test steps (example tool call payloads)
47 changes: 47 additions & 0 deletions .github/instructions/mcp-server.development.instructions.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
applyTo: "src/**/*.js,tests/**/*.js,package.json"
---

# MCP server development rules (this repo)

These rules apply to changes under `src/` and related MCP server tests.

## Core standards
- Prefer **minimal diffs** and incremental improvements.
- Avoid breaking existing tool names/behaviors unless explicitly intended.
- Every behavior change MUST include a verification step (test or curl reproduction).

## Express / HTTP handling
- Request bodies MUST be parsed safely:
- use explicit JSON parsing middleware
- set a reasonable size limit for JSON bodies
- Validate content negotiation:
- MCP endpoints should check `Accept` headers as appropriate for the endpoint behavior.
- Error handling MUST be consistent:
- do not expose internal stack traces to clients
- return clear status codes and brief error messages

## MCP tools
- Every MCP tool MUST have:
- stable tool name (choose and keep a consistent naming convention across tools)
- title + description
- zod input schema (even if empty)
- deterministic output shape
- Do not return raw secrets or dump large file contents by default.

## Logging hygiene
- Do not log raw request bodies.
- If logging headers, redact authorization-like fields.
- Prefer structured logs with `source` and request id (when available).

## Testing
- Add or update tests when:
- endpoint behavior changes
- new tools are added
- error handling changes
- Tests MUST be deterministic and fast.

## Output requirements for Copilot edits
When generating patches:
- Output full file contents for modified files in fenced `md` blocks.
- Include a short verification checklist (commands + expected results).
21 changes: 21 additions & 0 deletions .github/prompts/add-mcp-tests.prompt.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
agent: "mcp-security-hardener"
name: add-mcp-tests
description: "Add minimal tests for MCP endpoint behavior and tool registration to prevent regressions."
---

Goal: Add a minimal test suite for the MCP server under `tests/` to prevent regressions.

Coverage targets (minimal):
- `/health` returns 200
- `/mcp` GET returns 405 (or SSE if implemented)
- `/mcp` POST rejects invalid Accept / invalid JSON with clear errors
- Tool registration sanity: list tools / list prompts returns expected shape

Output:
- Test plan
- Full new/updated test files
- How to run tests locally (commands)
Constraints:
- Keep tests fast and deterministic
- No network calls beyond localhost
28 changes: 28 additions & 0 deletions .github/prompts/add-mcp-tool.prompt.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
agent: "mcp-tool-author"
name: add-mcp-tool
description: "Add a new MCP tool in src/mcp_tools with zod schema, deterministic outputs, and proper registration."
---

Goal: Add a new MCP tool to the server.

Inputs:
- Tool name (string): ${input:tool_name:Example: "search-prompts"}
- Title: ${input:title:Human-readable title}
- Description: ${input:description:One-line description}
- Inputs (fields): ${input:inputs:List input fields + types + descriptions}
- Output format: ${input:output:Describe the output shape (text/json string)}

Procedure:
1) Create `src/mcp_tools/<tool_name>.js` that registers the tool with:
- stable `registerTool` name
- zod input schema
- consistent error handling
2) Export it from `src/mcp_tools/index.js`
3) Register it in `src/mcp_server.js`
4) Add a short manual test snippet showing how to call it.

Output:
- Brief change summary
- Full contents of all changed/new files in fenced `md` code blocks
- Manual verification steps
36 changes: 36 additions & 0 deletions .github/prompts/audit-mcp-server.prompt.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
agent: "mcp-server-orchestrator"
name: audit-mcp-server
description: "Audit src/ MCP server implementation for protocol compliance, stability, and security; propose prioritized patches."
---

Goal: Review the MCP server implementation under `src/` and propose concrete improvements.

Scope:
- `src/express_app.js`
- `src/mcp_server.js`
- `src/mcp_tools/*`
- `src/mcp_prompts/*`
- `src/middlewares/*`
- tests if present

Process:
1) Protocol & transport: request parsing, Accept headers, SSE behavior, JSON-RPC correctness, lifecycle.
2) Tooling: naming consistency, schemas, output stability, error paths.
3) Security: body limits, logging hygiene, DoS considerations, safe defaults.
4) Provide prioritized improvements: P0/P1/P2.

Output format:
- `## Summary`
- `## P0 fixes` (must-do)
- `## P1 improvements`
- `## P2 nice-to-haves`
- For each fix:
- Problem + evidence (file path)
- Proposed change
- Patch (full updated file contents in fenced `md` blocks)
- `## Verification checklist` (commands + expected results)

Constraints:
- Minimal diffs, focused changes.
- Don’t invent new architecture unless necessary; propose incremental steps.
21 changes: 21 additions & 0 deletions .github/prompts/implement-mcp-http-basics.prompt.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
agent: "mcp-protocol-engineer"
name: implement-mcp-http-basics
description: "Implement baseline MCP HTTP request parsing/handling in src/express_app.js with safe defaults and verification steps."
---

Goal: Improve the MCP HTTP endpoint implementation in `src/express_app.js`:
- Parse JSON safely (correct middleware + size limit)
- Validate required Accept headers for MCP POST
- Return appropriate status codes for invalid inputs
- Ensure transport handling receives the correct request body

Output:
- Proposed minimal changes
- Full updated file content for `src/express_app.js` (and any other necessary file)
- Verification checklist:
- curl examples (good + bad requests)
- expected status codes and content-types
Constraints:
- Minimal diffs and safe-by-default behavior
- Avoid logging raw request bodies
20 changes: 20 additions & 0 deletions .github/prompts/refactor-mcp-tools-consistency.prompt.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
agent: "mcp-tool-author"
name: refactor-mcp-tools-consistency
description: "Normalize MCP tool naming, schemas, and outputs across src/mcp_tools without changing behavior."
---

Goal: Make MCP tools consistent without changing their external behavior.

Checks:
- Tool names: consistent separator/casing (choose a convention and apply consistently)
- Titles/descriptions: clear and action-oriented
- Input schemas: use zod; avoid untyped/implicit inputs
- Output: deterministic formatting; avoid ad-hoc strings when JSON is intended
- Logging: consistent fields; avoid logging raw bodies/secrets

Output:
- Proposed convention
- List of tools that need updates
- Patches (full file contents) for each changed file
- Verification checklist
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
.env
node_modules/
*.pfx
*.pfx
.vscode
1 change: 1 addition & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ FROM node:lts-bullseye-slim

ENV NODE_ENV=production
ENV server.port=8080

Copilot AI Jan 27, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting server.ssl=false as a default environment variable in the Dockerfile creates an insecure default configuration. Even for development/demo purposes, this promotes deploying without TLS. Consider either removing this line to require explicit configuration, setting it to true by default with a comment explaining how to override for local development, or adding a prominent comment warning that this must be changed for production deployments.

Suggested change
ENV server.port=8080
ENV server.port=8080
# WARNING: TLS is disabled by default for this image.
# This setting is ONLY appropriate for local development or when TLS is
# terminated by a trusted reverse proxy/load balancer in front of this service.
# For any production deployment, you MUST override this value to `true`, e.g.:
# docker run -e server.ssl=true ...

Copilot uses AI. Check for mistakes.
ENV server.ssl=false
ENV server.hostname=localhost
ENV logger.transports.console.enabled=true
ENV logger.transports.console.level=info
Expand Down
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ This project offers:

Explore the available prompts and their intended use cases:

These prompt files live under `prompts/` in this repo and are intended to be copied into a consuming repository’s `.github/prompts/`.

**Recommended workflow:** start with the `application-security-orchestrator` agent (see `agents/application-security-orchestrator.agent.md`).
It standardizes intake, then hands off to specialist agents (Analyst/Architect/Engineer) depending on whether you want findings, a threat model, or implemented fixes.

Expand All @@ -40,6 +42,8 @@ It standardizes intake, then hands off to specialist agents (Analyst/Architect/E
| [check-access-controls.prompt.md](prompts/check-access-controls.prompt.md) | Audit authorization and access control weaknesses. | Ensure RBAC/ABAC enforcement and consistent permission checks. |
| [check-for-secrets.prompt.md](prompts/check-for-secrets.prompt.md) | Detect hardcoded secrets and credentials. | Locate embedded keys or tokens and suggest secure storage. |
| [check-for-unvalidated-genai-acceptances.prompt.md](prompts/check-for-unvalidated-genai-acceptances.prompt.md) | Find unvalidated AI-generated code or hallucinated assets. | Verify that AI suggestions are real, tested, and documented. |
| [add-content-security-policy.prompt.md](prompts/add-content-security-policy.prompt.md) | Design, implement, and roll out a new Content Security Policy (CSP) safely. | Add CSP to a web app with a deployable policy string, rollout plan, and verification steps. |
| [csp-review.prompt.md](prompts/csp-review.prompt.md) | Review a web application’s Content-Security-Policy (CSP) for XSS resistance, safe third-party usage, and deployability. | Evaluate an existing CSP policy and recommend hardening + rollout steps. |
| [dependency-cve-triage.prompt.md](prompts/dependency-cve-triage.prompt.md) | Triage a known CVE against a project's dependency: explain the exploit, assess reachability and configuration, and produce a structured Dependency Tracker report. | Analyze a specific CVE's impact on local code, determine exploitability, and generate a concise triage report. |
| [review-auth-flows.prompt.md](prompts/review-auth-flows.prompt.md) | Evaluate authentication logic and session handling. | Review login flows for common risks and best practices. |
| [scan-for-insecure-apis.prompt.md](prompts/scan-for-insecure-apis.prompt.md) | Spot deprecated or insecure API usage. | Replace risky APIs with modern, safer alternatives. |
Expand Down
3 changes: 2 additions & 1 deletion copilot-instructions.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ These instructions guide GitHub Copilot to suggest secure, intentional code patt
### 🟩 Node.js

- Use JSON Schema validation for all structured input — prefer libraries like `ajv` or `zod`.
- Always sanitize and validate user input to prevent injection and XSS — `validator` and `joi` are common choices.
- Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults; sanitize only when rendering user-controlled HTML is explicitly required.

Copilot AI Jan 27, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The updated guidance correctly emphasizes contextual output encoding as the primary XSS defense, which is a significant improvement. However, consider adding a brief example or reference to what "safe templating defaults" means in practice (e.g., auto-escaping in template engines like EJS, Handlebars, or React). This would make the guidance more actionable for developers unfamiliar with the concept.

Suggested change
- Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults; sanitize only when rendering user-controlled HTML is explicitly required.
- Prevent XSS primarily via **contextual output encoding** (HTML/attribute/JS/URL) and safe templating defaults (e.g., auto-escaping in EJS/Handlebars templates or React JSX by default); sanitize only when rendering user-controlled HTML is explicitly required.

Copilot uses AI. Check for mistakes.
- Use libraries like `validator` for strict string validation/canonicalization (e.g., emails, URLs) and `joi`/`zod`/`ajv` for schema validation.
- Use parameterized queries with database clients (e.g. `pg`, `mongoose`) — never concat SQL or query strings.
- Default to using `helmet` in Express to set secure HTTP headers.
- Use `dotenv` only in local dev — use secret managers (e.g. AWS Secrets Manager, Azure Key Vault) in prod.
Expand Down
31 changes: 31 additions & 0 deletions prompts/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Prompts

This folder contains **GitHub Copilot prompt files** (`*.prompt.md`) for repeatable AppSec “shift-left” workflows.

These prompts are designed to be copied into a consuming repository at:

- `.github/prompts/`

Each prompt is a Markdown file with YAML frontmatter (typically `agent`, `name`, `description`) followed by the prompt body.

## Included prompts

- [add-content-security-policy.prompt.md](add-content-security-policy.prompt.md) — design and roll out a new CSP
- [assess-logging.prompt.md](assess-logging.prompt.md) — audit logs for sensitive data exposure
- [business-logic-review.prompt.md](business-logic-review.prompt.md) — map business logic flows and identify abuse risks
- [check-access-controls.prompt.md](check-access-controls.prompt.md) — review authorization enforcement and IDOR risk
- [check-for-secrets.prompt.md](check-for-secrets.prompt.md) — scan for hardcoded secrets and credential leaks
- [check-for-unvalidated-genai-acceptances.prompt.md](check-for-unvalidated-genai-acceptances.prompt.md) — detect unvalidated AI-generated code/dependencies
- [csp-review.prompt.md](csp-review.prompt.md) — review an existing CSP for deployability and XSS resistance
- [dependency-cve-triage.prompt.md](dependency-cve-triage.prompt.md) — triage a dependency CVE with reachability and remediation
- [review-auth-flows.prompt.md](review-auth-flows.prompt.md) — review authentication/session/token flows
- [scan-for-insecure-apis.prompt.md](scan-for-insecure-apis.prompt.md) — locate insecure/deprecated API usage
- [secure-code-review.prompt.md](secure-code-review.prompt.md) — end-to-end secure code review findings template
- [threat-model.prompt.md](threat-model.prompt.md) — 4Q threat model with mitigations and validation plan
- [validate-input-handling.prompt.md](validate-input-handling.prompt.md) — audit input validation boundaries and risky sinks

## Recommended usage

- Start with the `application-security-orchestrator` agent to route to the right workflow.
- Prefer evidence-first outputs (file paths and line ranges when possible).
- Keep outputs deterministic and reusable (tables/templates).
Loading