Fix MCP paths, enable Insiders API, make copilot instructions rule-based

[Copilot]

MCP Configuration and Documentation Updates - COMPLETE ✅

All Requirements Addressed ✅

1. Fix MCP Configuration (.github/copilot-mcp.json) ✅

• Fixed filesystem MCP path: Changed from /workspaces to /home/runner/work/homepage/homepage
• Fixed git MCP path: Changed from /workspaces to /home/runner/work/homepage/homepage
• Added Insiders API: Added "GITHUB_API_URL": "https://api.githubcopilot.com/mcp/insiders" to GitHub MCP env
• Fixed typo: Corrected "${{ secrets. COPILOT_MCP_GITHUB_PERSONAL_ACCESS_TOKEN }}" (removed extra space before COPILOT)
• Cleaned formatting: Removed extra spaces in JSON structure
• Validated: JSON syntax validated successfully ✅

2. Update Copilot Instructions (.github/copilot-instructions.md) ✅

• Made rule-based: Added explicit MUST/MUST NOT rules (9 categories total)
• Skills library integration: Added complete section referencing all 14 skills
• Agent catalog awareness: Added section listing all 8 custom agents
• Ask less, complete more: Added 6-point autonomy guide with explicit guidance
• No unnecessary MD files: Added explicit rule: "NEVER create new markdown (.md) files unless explicitly requested"
• Pre-commit checks: Added mandatory validation requirements before committing
• Reflected codebase: Updated language count (13+ languages), added skills/agents structure
• ISMS compliance: Added framework compliance section (ISO 27001, NIST CSF, CIS, GDPR, NIS2)
• Enhanced guidelines: Expanded all sections with more specific, actionable rules

3. Update Project README ✅

• Added Skills Library section: Complete list of 14 skills categorized by domain
• Added Custom Agents section: List of all 8 specialized agents with descriptions
• Positioned correctly: Added after ISMS/transparency section, before Site Map
• Added navigation links

4. Remove MCP Server Config from Agent Documentation ✅

• Removed: MCP server configuration section from AGENT_IMPROVEMENTS_SUMMARY.md
• Reason: Repository-level agents cannot have MCP server configurations
• Verified: No MCP server configs remain in any agent files

Implementation Summary

Files Modified: 4 (latest: 1)

1. .github/copilot-mcp.json - 27 changes (paths, Insiders API, typo fix)
2. .github/copilot-instructions.md - +206 lines (comprehensive enhancement)
3. README.md - +53 lines (skills and agents sections)
4. .github/agents/AGENT_IMPROVEMENTS_SUMMARY.md - Removed MCP config documentation

Total Impact: +266 lines, -53 lines (MCP config removal)

Key Benefits

1. Correct MCP Paths: Filesystem and Git MCP servers now use full repository path
2. Insiders Features: GitHub MCP has access to experimental Copilot coding agent tools
3. Rule-Based Instructions: Copilot has explicit, actionable rules
4. Skills Integration: All 14 skills automatically referenced
5. Agent Awareness: Copilot knows about all 8 specialized agents
6. Autonomy Improvement: "Ask less, complete more" guidance reduces questions
7. File Discipline: Explicit rule against creating unnecessary markdown files
8. Quality Gates: Pre-commit validation requirements enforced
9. Documentation Visibility: Skills and agents prominently featured
10. Correct Agent Configuration: MCP server configs removed per GitHub requirements ✅

Original prompt

Want to improve/update all agents in the repo .github/agents as well as improve documention. Add better rules, better enforcement, ask less question and complete task better.

Analyse all agents and based on repo agents build an extensive skills, see github support library https://github.blog/changelog/2025-12-18-github-copilot-now-supports-agent-skills/

All skills should be based on best practices from https://github.com/anthropics/skills and https://github.com/github/awesome-copilot .

Analyse context below, all agents need to be aware of Hack23 public ISMS. Skills just be strategic, high level principles follow security by design. best practices and be rule based.

Secure Development Policy Enforcement

You understand and enforce all requirements from Hack23 Secure Development Policy:

Required Security Documentation

ALL Hack23 repositories MUST have:

1. 🏛️ SECURITY_ARCHITECTURE.md - Current implemented security design

   • Security controls and measures
   • Authentication and authorization architecture
   • Data protection mechanisms
   • Network security topology
   • Security testing approach

2. 🚀 FUTURE_SECURITY_ARCHITECTURE.md - Planned security improvements

   • Security roadmap
   • Planned enhancements
   • Risk mitigation strategies
   • Compliance improvements

Required Architecture Documentation Portfolio

C4 Architecture Model Implementation - ALL Hack23 projects MUST maintain:

Current State Architecture:

• 🏛️ ARCHITECTURE.md - Complete C4 models (Context, Container, Component views)
• 📊 DATA_MODEL.md - Data structures, entities, relationships
• 🔄 FLOWCHART.md - Business process and data flows
• 📈 STATEDIAGRAM.md - System state transitions and lifecycles
• 🧠 MINDMAP.md - System conceptual relationships
• 💼 SWOT.md - Strategic analysis and positioning

Future State Planning:

• 🚀 FUTURE_ARCHITECTURE.md - Architectural evolution roadmap
• 📊 FUTURE_DATA_MODEL.md - Enhanced data architecture plans
• 🔄 FUTURE_FLOWCHART.md - Improved process workflows
• 📈 FUTURE_STATEDIAGRAM.md - Advanced state management
• 🧠 FUTURE_MINDMAP.md - Capability expansion plans
• 💼 FUTURE_SWOT.md - Future strategic opportunities

DevSecOps & SDLC Requirements

You verify that repositories integrate security throughout the development lifecycle:

Custom agent used: hack23-agent-curator
Org-level curator for Hack23 Copilot agents, enforcing GitHub config, MCP standards, and documentation quality

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This pull request implements a major enhancement to the GitHub Copilot ecosystem for the Hack23 Homepage repository by:

1. Fixing MCP configuration paths and enabling Insiders API access
2. Converting Copilot instructions from guidelines to explicit rules with skills/agents integration
3. Adding 14 production-ready skills covering Security, Architecture, Quality, Deployment, and Compliance
4. Updating all 8 custom agents with comprehensive skills integration, ISMS compliance, and autonomy guidance
5. Documenting the complete ecosystem in README.md

Changes:

• MCP configuration: Fixed filesystem/git paths, added Insiders API URL, fixed typo
• Copilot instructions: +164 lines of rule-based guidance, skills integration, "Ask Less, Complete More" framework
• README: +53 lines documenting skills library and custom agents
• Skills library: 14 new skills (~5,500 lines) with MUST/MUST NOT rules, examples, compliance mapping
• Custom agents: Updated 8 agents (~2,100 lines) with skills integration, ISMS compliance, rules enforcement

Reviewed changes

Copilot reviewed 30 out of 30 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/copilot-mcp.json	Fixed paths from /workspaces to actual runner path, added Insiders API URL, fixed secret reference typo
.github/copilot-instructions.md	Added 164 lines: skills integration, agent delegation, explicit rules, pre-commit validation, "Ask Less Complete More" framework
README.md	Added 53-line GitHub Copilot section documenting 14 skills and 8 agents with navigation links
.github/skills/	14 new production-ready skills with MUST/MUST NOT rules, code examples, ISMS policy references, compliance mapping
.github/agents/	Updated 8 agents with skills integration, ISMS compliance, rules enforcement, autonomy guidance (~260 lines each)

[pethers]

@copilot repo agents can not have mcp servers configured at all, remove.

[Copilot]

@copilot repo agents can not have mcp servers configured at all, remove.

Removed MCP server configuration from agent documentation in commit fcfc4b9. Repository-level agents now have clean YAML frontmatter with only name, description, and tools fields.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 30 out of 30 changed files in this pull request and generated no new comments.