Add comprehensive GitHub Copilot configuration files for Three Rivers Bank

[Copilot]

Sets up path-scoped Copilot instruction files, a custom code review agent, coding agent setup workflow, and reusable prompt skills tailored to the Spring Boot + React stack.

Instruction Files (.github/instructions/)

Auto-applied by Copilot via applyTo frontmatter globs:

• java.instructions.md (**/*.java) — No wildcard imports, constructor DI, DTOs in API responses, SLF4J parameterized logging, @ControllerAdvice, @Transactional at service layer
• react.instructions.md (frontend/**/*.{jsx,js}) — Functional components only, React Query for server state, MUI components via theme.js, React Router v6
• testing.instructions.md (**/*Test.java,**/*.spec.ts) — JUnit 5 AAA pattern with methodName_should_X_when_scenario naming, WireMock for BIAN API, Playwright multi-browser/viewport
• code-review.instructions.md (**/*.{java,jsx,js,ts}) — Actionable checklist covering wildcard imports, circuit breaker enforcement, React Query usage, no hardcoded secrets, XSS/SQL injection, test coverage
• docker.instructions.md (**/Dockerfile,docker/**) — Multi-stage builds, threeriversbank/{backend|frontend}:latest naming, no secrets in images

Code Review Agent (.github/agents/code-reviewer.agent.md)

GPT-4.1 agent with 🔴/🟡/🔵 severity tiers covering Java Spring Boot patterns, React/MUI standards, BIAN circuit breaker compliance, and security checks (hardcoded creds, SQL injection, XSS).

Copilot Setup Workflow (.github/workflows/copilot-setup-steps.yml)

Job named copilot-setup-steps (required by Copilot coding agent spec) with contents: read permissions:

• JDK 17 (temurin) → mvn compile + mvn test
• Node.js 20 → npm ci → npm run lint --if-present

Prompt Skills (.github/prompts/)

• java-springboot.prompt.md — Spring Boot patterns with project-specific H2/Resilience4j/OpenFeign context and code examples
• java-junit.prompt.md — JUnit 5 + Mockito with @WebMvcTest, @DataJpaTest, and WireMock examples
• code-review.prompt.md — Reusable prompt that triggers a structured review against the code-review instructions

.github/copilot-instructions.md is unchanged.

Original prompt

Overview

Set up comprehensive GitHub Copilot configuration files to provide better context for Copilot across chat, code completions, code review, and the coding agent. This follows guidance from the GitHub blog on Copilot code review instructions, the awesome-copilot repo, and the project's specific tech stack (React/Vite frontend + Spring Boot/Java 17+ backend, Docker, Azure deployment).

Project Context

This is a full-stack credit card comparison platform for Three Rivers Bank:

• Backend: Spring Boot 3.x, Java 17+, H2 database, Resilience4j, OpenFeign, Maven
• Frontend: React 18+ with Vite, React Router v6, React Query (TanStack Query), Material-UI
• Testing: JUnit 5 + Mockito (backend), Playwright (E2E)
• Infrastructure: Docker, Azure Container Apps, GitHub Actions CI/CD
• Package structure: com.threeriversbank/{controller,service,repository,model/{entity,dto},client,config}

The repo already has:

• .github/copilot-instructions.md — project-wide instructions (keep as-is, do not modify)
• .github/prompts/ — existing prompts directory
• .github/agents/ — existing agents directory
• .github/workflows/deploy.yml — existing CI/CD workflow

Files to Create

1. Path-scoped instruction files in .github/instructions/

These use applyTo frontmatter glob patterns so Copilot applies them automatically to the right files. Following the blog guidance on Copilot code review, each instruction file should have clear, actionable rules.

.github/instructions/java.instructions.md — Apply to **/*.java

• MUST include: Never use Java wildcard imports (e.g., import java.util.*). Always use explicit imports for each class (e.g., import java.util.List)
• Use constructor-based dependency injection with private final fields
• Use @Service, @Repository, @RestController stereotypes appropriately
• Use DTOs for API responses; never expose JPA entities directly
• Prefer application.yml over .properties
• Use @ConfigurationProperties for type-safe configuration
• Use SLF4J for logging with parameterized messages
• Implement global exception handling with @ControllerAdvice
• Use Java Bean Validation (@Valid, @NotNull, @Size) on DTOs
• Encapsulate business logic in @Service classes; keep controllers thin
• Use @Transactional on service methods at the most granular level

.github/instructions/react.instructions.md — Apply to **/*.jsx,**/*.js (in frontend/)

• Use functional components with hooks (no class components)
• Use React Query (TanStack Query) for server state, not Redux or raw fetch/axios
• Use Material-UI components with the Three Rivers Bank theme from frontend/src/theme.js
• Use React Router v6 for navigation
• Keep components small and focused; place reusable ones in components/{cards,common,layout}
• Page components go in pages/ directory

.github/instructions/testing.instructions.md — Apply to **/*Test.java,**/*Tests.java,**/*.spec.ts

• Backend: Use JUnit 5 with Mockito; follow Arrange-Act-Assert (AAA) pattern
• Name test methods: methodName_should_expectedBehavior_when_scenario
• Use @WebMvcTest for controller tests, @DataJpaTest for repository tests
• Use WireMock for BIAN API mocking in integration tests
• Frontend: Playwright E2E tests in tests/e2e/ with fixtures in tests/fixtures/
• Test across Chromium and WebKit, at 3 viewports (desktop, tablet, mobile)

.github/instructions/code-review.instructions.md — Apply to **/*.java,**/*.jsx,**/*.js,**/*.ts

This is the key file for Copilot code review. Following https://github.blog/ai-and-ml/unlocking-the-full-power-of-copilot-code-review-master-your-instructions-files — make rules specific and actionable:

• Verify no wildcard imports in Java files
• Verify DTOs are used for API responses, not JPA entities
• Check that all BIAN API calls go through Resilience4j circuit breaker
• Verify React Query is used for data fetching, not raw fetch/axios/Redux
• Check for hardcoded secrets or credentials
• Verify proper error handling (try-catch in services, @ControllerAdvice globally)
• Ensure test coverage for new public methods
• Check that Material-UI theme is used consistently (not custom colors/styling bypassing theme)
• Verify Docker images follow the naming convention threeriversbank/{backend|frontend}

.github/instructions/docker.instructions.md — Apply to **/Dockerfile,**/docker-compose*.yml,docker/**

• Use multi-stage builds for smaller images
• Backend: Java 17+ base image with H2 embedded
• Frontend: Nginx serving static Vite build
• Image naming: threeriversbank/{backend|frontend}:latest
• Never include secrets or credentials in Docker images

2. Code Review Agent in .github/agents/

.github/agents/code-reviewer.agent.md

Create a custom code review agent speci...

This pull request was created from Copilot chat.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.