diff --git a/.github/agents/code-reviewer.agent.md b/.github/agents/code-reviewer.agent.md
new file mode 100644
index 0000000..5a93c32
--- /dev/null
+++ b/.github/agents/code-reviewer.agent.md
@@ -0,0 +1,75 @@
+---
+name: 'Code Reviewer'
+description: 'Full-stack code review specialist for Spring Boot backend and React frontend with security, performance, and coding standards focus'
+model: Claude Opus 4.6 (copilot)
+tools: ['codebase', 'search', 'problems']
+---
+
+You are a senior full-stack code reviewer for the Three Rivers Bank credit card comparison platform. Your role is to review code quality, security, and adherence to project standards across the Spring Boot backend and React frontend.
+
+## Review Process
+
+For every review, provide structured feedback organized by **severity**:
+- 🔴 **Critical** — Must fix before merging (security issues, functional bugs, broken contracts)
+- 🟡 **Warning** — Should fix (standards violations, missing coverage, performance concerns)
+- 🔵 **Suggestion** — Nice to have (style improvements, minor optimizations)
+
+## Java / Spring Boot Checks
+
+1. **Wildcard Imports (Critical)** — Flag any `import java.util.*` or similar. Every import must be explicit.
+2. **DTO Usage (Critical)** — Verify controllers return DTOs, never JPA entities directly.
+3. **Dependency Injection (Warning)** — Verify constructor injection with `private final` fields; flag `@Autowired` field injection.
+4. **BIAN Circuit Breaker (Critical)** — All calls to the BIAN API must go through Resilience4j circuit breaker. Flag any direct HTTP calls that bypass it.
+5. **Error Handling (Warning)** — Verify services handle exceptions properly; verify `@ControllerAdvice` exists for global error handling.
+6. **Validation (Warning)** — Verify `@Valid` + Bean Validation annotations (`@NotNull`, `@Size`, etc.) on controller DTO parameters.
+7. **Logging (Suggestion)** — Verify SLF4J is used with parameterized messages, not string concatenation.
+8. **Transactions (Warning)** — Verify `@Transactional` is on service methods, not controllers.
+9. **Package Structure** — Verify classes are in the correct package: `com.threeriversbank/{controller,service,repository,model/{entity,dto},client,config}`.
+
+## React / Frontend Checks
+
+1. **React Query (Critical)** — Verify all data fetching uses React Query (`useQuery`, `useMutation`). Flag raw `fetch`, `axios`, or Redux for server state.
+2. **Functional Components (Warning)** — Flag any class components; all components must use hooks.
+3. **MUI Theme (Warning)** — Verify Material-UI components use the Three Rivers Bank theme from `frontend/src/theme.js`. Flag hardcoded color values (hex/rgb) that should come from the theme.
+4. **React Router v6 (Suggestion)** — Verify navigation uses React Router v6 APIs (`useNavigate`, `<Link>`, `<Routes>`).
+5. **File Organization (Suggestion)** — Verify reusable components are in `components/{cards,common,layout}/`; page components are in `pages/`.
+
+## Security Checks (Critical)
+
+1. **Hardcoded Credentials** — Scan for hardcoded passwords, API keys, tokens, or secrets in any file.
+2. **SQL Injection** — Review JPQL/native queries for parameterized inputs; flag string concatenation in queries.
+3. **XSS** — Flag `dangerouslySetInnerHTML` usage in React; verify dynamic content is sanitized.
+4. **Docker Secrets** — Flag any credentials or secrets embedded directly in Dockerfiles or docker-compose files.
+
+## Test Coverage Checks
+
+1. **New Public Methods (Warning)** — Verify new public service and controller methods have unit tests.
+2. **Controller Tests (Warning)** — Verify new API endpoints have at least one `@WebMvcTest` test.
+3. **BIAN Mock (Warning)** — Verify integration tests use WireMock to mock BIAN API, not real API calls.
+4. **Test Naming (Suggestion)** — Verify test method names follow: `methodName_should_expectedBehavior_when_scenario`.
+
+## Docker / Infrastructure Checks
+
+1. **Image Naming (Warning)** — Verify Docker image names follow `threeriversbank/{backend|frontend}:latest`.
+2. **Multi-Stage Builds (Suggestion)** — Verify Dockerfiles use multi-stage builds.
+
+## Review Output Format
+
+```
+## Code Review Summary
+
+### 🔴 Critical Issues
+- [File:Line] Description of issue and how to fix it
+
+### 🟡 Warnings
+- [File:Line] Description of issue and recommendation
+
+### 🔵 Suggestions
+- [File:Line] Optional improvement
+
+### ✅ Approved Items
+- List what looks good
+
+### Overall Assessment
+[APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION]
+```
diff --git a/.github/instructions/code-review.instructions.md b/.github/instructions/code-review.instructions.md
new file mode 100644
index 0000000..d5cf945
--- /dev/null
+++ b/.github/instructions/code-review.instructions.md
@@ -0,0 +1,44 @@
+---
+applyTo: "**/*.java,**/*.jsx,**/*.js,**/*.ts"
+description: "Code review checklist for Three Rivers Bank full-stack codebase"
+---
+
+# Code Review Instructions
+
+Apply these checks whenever reviewing Java, React, or TypeScript code in this repository.
+
+## Java — Imports
+- **Flag any wildcard imports** (e.g., `import java.util.*`). Every import must be explicit (e.g., `import java.util.List`).
+
+## Java — API Layer
+- Verify that controller methods return DTOs, not JPA entity objects.
+- Verify that `@Valid` is applied on DTO parameters in controller methods where input validation is required.
+
+## Java — BIAN API Integration
+- Verify that **all calls to the BIAN API go through the Resilience4j circuit breaker** (Feign client with `@CircuitBreaker` or equivalent Resilience4j configuration).
+- Flag any direct HTTP calls to BIAN that bypass the circuit breaker.
+
+## Java — Error Handling
+- Verify that services use try-catch blocks or declare checked exceptions appropriately.
+- Verify that a `@ControllerAdvice` class handles exceptions globally — do not let unhandled exceptions reach the client as 500 stack traces.
+
+## React / Frontend — Data Fetching
+- Verify that **React Query** (`useQuery`, `useMutation`) is used for all data fetching.
+- Flag any use of raw `fetch`, `axios`, or Redux for server state management.
+
+## React / Frontend — Theming
+- Verify that Material-UI components use the Three Rivers Bank theme (imported from `frontend/src/theme.js`).
+- Flag hardcoded color values (e.g., `#003366`, `#008080`, or any other hex/rgb literals) that should come from the theme instead.
+
+## Security
+- Check for hardcoded secrets, API keys, passwords, or credentials in any file.
+- Check for potential SQL injection in JPQL/native queries — prefer Spring Data JPA method queries or parameterized queries.
+- Check for XSS risk in React code — avoid `dangerouslySetInnerHTML`; sanitize any dynamic HTML.
+
+## Test Coverage
+- Verify that new public methods in service and controller classes have corresponding unit tests.
+- Verify that new API endpoints have at least one `@WebMvcTest` controller test.
+
+## Docker
+- Verify that Docker image names follow the convention `threeriversbank/{backend|frontend}:latest`.
+- Flag any secrets or credentials embedded in `Dockerfile` or `docker-compose` files.
diff --git a/.github/instructions/docker.instructions.md b/.github/instructions/docker.instructions.md
new file mode 100644
index 0000000..748dd54
--- /dev/null
+++ b/.github/instructions/docker.instructions.md
@@ -0,0 +1,28 @@
+---
+applyTo: "**/Dockerfile,**/docker-compose*.yml,docker/**"
+description: "Docker and container standards for Three Rivers Bank"
+---
+
+# Docker Instructions
+
+## Multi-Stage Builds
+- Use multi-stage builds to produce smaller production images.
+- Keep build dependencies (e.g., Maven, Node.js) in build stages only; copy only the final artifact to the runtime stage.
+
+## Backend Image
+- Use a Java 17+ base image (e.g., `eclipse-temurin:17-jre`) for the runtime stage.
+- H2 is embedded — no external database container is needed.
+- Backend Dockerfile: `docker/backend.Dockerfile`.
+
+## Frontend Image
+- Use Nginx to serve the static Vite build output in the runtime stage.
+- Frontend Dockerfile: `docker/frontend.Dockerfile`.
+
+## Image Naming
+- Name images following the convention: `threeriversbank/{backend|frontend}:latest`.
+- For CI/CD, also tag with branch name and commit SHA.
+
+## Security
+- **Never include secrets, credentials, API keys, or passwords** in Dockerfiles or docker-compose files.
+- Use environment variables or secrets management (e.g., GitHub Actions secrets, Azure Key Vault) for sensitive values.
+- Production environment variables: `BIAN_API_URL`, `H2_CONSOLE_ENABLED=false`, `LOGGING_LEVEL=INFO`.
diff --git a/.github/instructions/java.instructions.md b/.github/instructions/java.instructions.md
new file mode 100644
index 0000000..7a7135e
--- /dev/null
+++ b/.github/instructions/java.instructions.md
@@ -0,0 +1,42 @@
+---
+applyTo: "**/*.java"
+description: "Java and Spring Boot coding standards for Three Rivers Bank backend"
+---
+
+# Java / Spring Boot Instructions
+
+## Imports
+- **Never use wildcard imports** (e.g., `import java.util.*`). Always use explicit imports for each class (e.g., `import java.util.List`, `import java.util.Map`).
+
+## Dependency Injection
+- Use constructor-based dependency injection with `private final` fields.
+- Avoid field injection (`@Autowired` on fields).
+
+## Spring Stereotypes
+- Use `@RestController` for REST API controllers.
+- Use `@Service` for business logic classes.
+- Use `@Repository` for data access classes.
+
+## API Layer
+- Use DTOs for all API responses; never expose JPA entities directly in controller responses.
+- Use Java Bean Validation (`@Valid`, `@NotNull`, `@Size`, etc.) on DTO fields.
+- Keep controllers thin — delegate all business logic to `@Service` classes.
+
+## Configuration
+- Prefer `application.yml` over `application.properties`.
+- Use `@ConfigurationProperties` for type-safe, grouped configuration binding.
+
+## Logging
+- Use SLF4J (`private static final Logger log = LoggerFactory.getLogger(...)`) for logging.
+- Use parameterized messages (e.g., `log.info("Processing card id={}", id)`) — never string concatenation.
+
+## Error Handling
+- Implement global exception handling with `@ControllerAdvice` and `@ExceptionHandler`.
+- Do not swallow exceptions silently; always log with appropriate level.
+
+## Transactions
+- Apply `@Transactional` on service methods at the most granular level needed.
+- Do not place `@Transactional` on controller methods.
+
+## Package Structure
+Follow the project package structure: `com.threeriversbank/{controller,service,repository,model/{entity,dto},client,config}`.
diff --git a/.github/instructions/react.instructions.md b/.github/instructions/react.instructions.md
new file mode 100644
index 0000000..3cc0302
--- /dev/null
+++ b/.github/instructions/react.instructions.md
@@ -0,0 +1,30 @@
+---
+applyTo: "frontend/**/*.jsx,frontend/**/*.js"
+description: "React and frontend coding standards for Three Rivers Bank frontend"
+---
+
+# React / Frontend Instructions
+
+## Component Style
+- Use functional components with hooks only — no class components.
+- Keep components small and focused on a single responsibility.
+
+## State Management
+- Use React Query (TanStack Query) for all server state — do **not** use Redux, raw `fetch`, or raw `axios` for API calls.
+- Use local `useState`/`useReducer` only for purely local UI state.
+
+## Routing
+- Use React Router v6 for all navigation (`useNavigate`, `<Link>`, `<Routes>`, `<Route>`).
+
+## UI / Theming
+- Use Material-UI (MUI) components for all UI elements.
+- Always import and use the Three Rivers Bank theme from `frontend/src/theme.js`.
+- Do **not** hardcode colors or override theme values inline — use the theme's palette (Navy `#003366`, Teal `#008080`).
+
+## File Organization
+- Place reusable components in `frontend/src/components/{cards,common,layout}/`.
+- Place page-level components in `frontend/src/pages/` (e.g., `HomePage.jsx`, `CardComparisonPage.jsx`, `CardDetailsPage.jsx`).
+
+## API Integration
+- All API calls must go through React Query hooks (e.g., `useQuery`, `useMutation`).
+- Base path for backend API: `/api/cards`.
diff --git a/.github/instructions/testing.instructions.md b/.github/instructions/testing.instructions.md
new file mode 100644
index 0000000..0b3e1af
--- /dev/null
+++ b/.github/instructions/testing.instructions.md
@@ -0,0 +1,25 @@
+---
+applyTo: "**/*Test.java,**/*Tests.java,**/*.spec.ts"
+description: "Testing standards for Three Rivers Bank backend (JUnit 5) and E2E (Playwright)"
+---
+
+# Testing Instructions
+
+## Backend — JUnit 5 + Mockito
+
+- Use JUnit 5 (`@ExtendWith(MockitoExtension.class)`) with Mockito for unit tests.
+- Follow the **Arrange-Act-Assert (AAA)** pattern in every test method; separate each section with a blank line.
+- Name test methods using the pattern: `methodName_should_expectedBehavior_when_scenario`
+  - Example: `findById_should_returnCard_when_idExists`
+- Use `@WebMvcTest` for controller layer tests with `MockMvc`.
+- Use `@DataJpaTest` for repository layer tests backed by H2.
+- Use **WireMock** to mock BIAN API calls in integration tests — never call the real BIAN API in tests.
+- Use `@SpringBootTest` sparingly; prefer slice tests (`@WebMvcTest`, `@DataJpaTest`) for speed.
+
+## Frontend — Playwright E2E
+
+- Place E2E test files in `tests/e2e/` with the `.spec.ts` extension.
+- Store test fixtures in `tests/fixtures/` (e.g., `credit-cards.json`); fixtures must match H2 seed data.
+- Run tests across both **Chromium** and **WebKit** browsers.
+- Test at all three configured viewports: desktop (1920×1080), tablet (768×1024), and mobile (375×667).
+- Use page object patterns to keep test logic reusable and maintainable.
diff --git a/.github/prompts/code-review.prompt.md b/.github/prompts/code-review.prompt.md
new file mode 100644
index 0000000..5ac1057
--- /dev/null
+++ b/.github/prompts/code-review.prompt.md
@@ -0,0 +1,54 @@
+---
+description: "Reusable prompt for triggering comprehensive code reviews of Three Rivers Bank changes"
+---
+
+# Code Review Prompt
+
+Perform a comprehensive code review of the changed files, using the standards defined in `.github/instructions/code-review.instructions.md`.
+
+## Review Scope
+
+Check ALL of the following:
+
+### 🔴 Critical (Block merge if found)
+- [ ] Wildcard Java imports (e.g., `import java.util.*`) — must be explicit
+- [ ] JPA entities exposed directly in API responses — must use DTOs
+- [ ] BIAN API calls that bypass the Resilience4j circuit breaker
+- [ ] Hardcoded secrets, credentials, API keys, or passwords
+- [ ] SQL injection risk in JPQL/native queries
+- [ ] XSS risk (`dangerouslySetInnerHTML` without sanitization)
+
+### 🟡 Warnings (Should fix before merge)
+- [ ] Field injection (`@Autowired`) instead of constructor injection
+- [ ] Raw `fetch`/`axios`/Redux used instead of React Query for server state
+- [ ] Hardcoded Material-UI colors that bypass the Three Rivers Bank theme
+- [ ] Missing `@Valid` on controller DTO parameters
+- [ ] Missing error handling in service methods or missing `@ControllerAdvice`
+- [ ] New public methods without unit tests
+- [ ] New API endpoints without `@WebMvcTest` controller tests
+
+### 🔵 Suggestions (Nice to have)
+- [ ] SLF4J parameterized logging (not string concatenation)
+- [ ] Test method naming convention: `methodName_should_expectedBehavior_when_scenario`
+- [ ] Multi-stage Docker builds
+- [ ] Docker image naming: `threeriversbank/{backend|frontend}:latest`
+
+## Output Format
+
+```
+## Code Review Summary
+
+### 🔴 Critical Issues
+- [File:Line] Issue description — recommended fix
+
+### 🟡 Warnings  
+- [File:Line] Issue description — recommendation
+
+### 🔵 Suggestions
+- [File:Line] Optional improvement
+
+### ✅ What Looks Good
+- Summary of compliant areas
+
+### Overall: [APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION]
+```
diff --git a/.github/prompts/java-junit.prompt.md b/.github/prompts/java-junit.prompt.md
new file mode 100644
index 0000000..4223d6c
--- /dev/null
+++ b/.github/prompts/java-junit.prompt.md
@@ -0,0 +1,128 @@
+---
+description: "JUnit 5 + Mockito testing skill for Three Rivers Bank backend"
+---
+<!-- Adapted from https://github.com/github/awesome-copilot/blob/main/skills/java-junit/SKILL.md -->
+
+# JUnit 5 Best Practices — Three Rivers Bank
+
+Generate or review JUnit 5 tests following the conventions below.
+
+## Test Class Setup
+
+```java
+@ExtendWith(MockitoExtension.class)
+class CreditCardServiceTest {
+
+    @Mock
+    private CreditCardRepository creditCardRepository;
+
+    @InjectMocks
+    private CreditCardService creditCardService;
+}
+```
+
+## Test Naming Convention
+
+Use the pattern: `methodName_should_expectedBehavior_when_scenario`
+
+```java
+@Test
+void findById_should_returnCard_when_idExists() { ... }
+
+@Test
+void findById_should_throwException_when_idNotFound() { ... }
+```
+
+## Arrange-Act-Assert (AAA) Pattern
+
+Every test method must follow AAA with blank-line separation:
+
+```java
+@Test
+void findById_should_returnCardDto_when_idExists() {
+    // Arrange
+    CreditCard card = new CreditCard(1L, "Business Cash Rewards", "CASHBACK");
+    given(creditCardRepository.findById(1L)).willReturn(Optional.of(card));
+
+    // Act
+    CreditCardDto result = creditCardService.findById(1L);
+
+    // Assert
+    assertThat(result.id()).isEqualTo(1L);
+    assertThat(result.name()).isEqualTo("Business Cash Rewards");
+}
+```
+
+## Controller Tests — `@WebMvcTest`
+
+```java
+@WebMvcTest(CreditCardController.class)
+class CreditCardControllerTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @MockBean
+    private CreditCardService creditCardService;
+
+    @Test
+    void getCard_should_return200_when_idExists() throws Exception {
+        given(creditCardService.findById(1L))
+            .willReturn(new CreditCardDto(1L, "Business Cash Rewards", "CASHBACK"));
+
+        mockMvc.perform(get("/api/cards/1"))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$.id").value(1L))
+            .andExpect(jsonPath("$.name").value("Business Cash Rewards"));
+    }
+}
+```
+
+## Repository Tests — `@DataJpaTest`
+
+```java
+@DataJpaTest
+class CreditCardRepositoryTest {
+
+    @Autowired
+    private CreditCardRepository creditCardRepository;
+
+    @Test
+    void findByType_should_returnCards_when_typeExists() {
+        // H2 is pre-loaded via data.sql
+        List<CreditCard> cards = creditCardRepository.findByType("CASHBACK");
+        assertThat(cards).isNotEmpty();
+    }
+}
+```
+
+## WireMock for BIAN API Mocking
+
+Use WireMock to mock the BIAN API — never call the real API in tests:
+
+```java
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureWireMock(port = 0)
+class BianIntegrationTest {
+
+    @Test
+    void getTransactions_should_returnData_when_bianApiResponds() {
+        stubFor(get(urlEqualTo("/api/cards/1/transactions"))
+            .willReturn(aResponse()
+                .withStatus(200)
+                .withHeader("Content-Type", "application/json")
+                .withBodyFile("bian-transactions.json")));
+
+        // Act and Assert...
+    }
+}
+```
+
+## Import Rule
+
+Always use explicit JUnit/AssertJ imports:
+```java
+import org.junit.jupiter.api.Test;
+import org.assertj.core.api.Assertions.assertThat;
+// ❌ Never: import org.assertj.core.api.*;
+```
diff --git a/.github/prompts/java-springboot.prompt.md b/.github/prompts/java-springboot.prompt.md
new file mode 100644
index 0000000..74671cd
--- /dev/null
+++ b/.github/prompts/java-springboot.prompt.md
@@ -0,0 +1,122 @@
+---
+description: "Spring Boot best practices skill for Three Rivers Bank backend development"
+---
+<!-- Adapted from https://github.com/github/awesome-copilot/blob/main/skills/java-springboot/SKILL.md -->
+
+# Spring Boot Best Practices — Three Rivers Bank
+
+Generate or review Spring Boot code following the conventions below.
+
+## Project-Specific Context
+
+- **Package structure**: `com.threeriversbank/{controller,service,repository,model/{entity,dto},client,config}`
+- **Database**: H2 in-memory database is the PRIMARY data source; BIAN API is supplementary only
+- **Circuit Breaker**: Resilience4j wraps all BIAN API calls (via OpenFeign client)
+- **Configuration file**: `application.yml` (not `.properties`)
+
+## Dependency Injection
+
+Always use constructor injection with `private final` fields:
+
+```java
+@Service
+public class CreditCardService {
+    private final CreditCardRepository creditCardRepository;
+
+    public CreditCardService(CreditCardRepository creditCardRepository) {
+        this.creditCardRepository = creditCardRepository;
+    }
+}
+```
+
+## DTO Pattern
+
+Never expose JPA entities in API responses. Use dedicated DTO classes:
+
+```java
+// Entity (model/entity)
+@Entity
+public class CreditCard { ... }
+
+// DTO (model/dto)
+public record CreditCardDto(Long id, String name, String type) {}
+
+// Controller returns DTO
+@GetMapping("/{id}")
+public ResponseEntity<CreditCardDto> getCard(@PathVariable Long id) {
+    return ResponseEntity.ok(creditCardService.findById(id));
+}
+```
+
+## Validation
+
+Apply Bean Validation on DTO input parameters:
+
+```java
+public record CreateCardRequest(
+    @NotBlank String name,
+    @NotNull @Positive BigDecimal creditLimit
+) {}
+
+@PostMapping
+public ResponseEntity<CreditCardDto> create(@Valid @RequestBody CreateCardRequest request) { ... }
+```
+
+## Global Exception Handling
+
+```java
+@ControllerAdvice
+public class GlobalExceptionHandler {
+    @ExceptionHandler(EntityNotFoundException.class)
+    public ResponseEntity<ErrorResponse> handleNotFound(EntityNotFoundException ex) {
+        return ResponseEntity.status(HttpStatus.NOT_FOUND)
+            .body(new ErrorResponse(ex.getMessage()));
+    }
+}
+```
+
+## Resilience4j / BIAN Circuit Breaker
+
+All BIAN API calls must use the circuit breaker pattern:
+
+```java
+@CircuitBreaker(name = "bianApi", fallbackMethod = "fallbackTransactions")
+public List<TransactionDto> getTransactions(Long cardId) {
+    return bianApiClient.getTransactions(cardId);
+}
+
+public List<TransactionDto> fallbackTransactions(Long cardId, Exception ex) {
+    log.warn("BIAN API unavailable for cardId={}, using fallback: {}", cardId, ex.getMessage());
+    return Collections.emptyList();
+}
+```
+
+## Logging
+
+Use SLF4J with parameterized messages:
+
+```java
+private static final Logger log = LoggerFactory.getLogger(CreditCardService.class);
+
+log.info("Fetching credit card id={}", id);
+log.error("Failed to fetch card id={}: {}", id, ex.getMessage());
+```
+
+## Configuration Properties
+
+```java
+@ConfigurationProperties(prefix = "bian.api")
+public record BianApiProperties(String baseUrl, int timeout, int retries) {}
+```
+
+## Import Rule
+
+**Never use wildcard imports.** Always use explicit imports:
+```java
+// ✅ Correct
+import java.util.List;
+import java.util.Map;
+
+// ❌ Wrong
+import java.util.*;
+```
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
new file mode 100644
index 0000000..58860fd
--- /dev/null
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -0,0 +1,39 @@
+name: copilot-setup-steps
+
+on: workflow_dispatch
+
+jobs:
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: maven
+
+      - name: Build backend with Maven
+        run: cd backend && mvn compile
+
+      - name: Run backend tests
+        run: cd backend && mvn test
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Install frontend dependencies
+        run: cd frontend && npm ci
+
+      - name: Run frontend linter
+        run: cd frontend && npm run lint --if-present
diff --git a/backend/src/main/java/com/threeriversbank/controller/CreditCardController.java b/backend/src/main/java/com/threeriversbank/controller/CreditCardController.java
index 2bd1302..d429f9b 100644
--- a/backend/src/main/java/com/threeriversbank/controller/CreditCardController.java
+++ b/backend/src/main/java/com/threeriversbank/controller/CreditCardController.java
@@ -7,7 +7,11 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
 
diff --git a/backend/src/main/java/com/threeriversbank/model/entity/CreditCard.java b/backend/src/main/java/com/threeriversbank/model/entity/CreditCard.java
index a67ad9f..bde6b16 100644
--- a/backend/src/main/java/com/threeriversbank/model/entity/CreditCard.java
+++ b/backend/src/main/java/com/threeriversbank/model/entity/CreditCard.java
@@ -1,6 +1,13 @@
 package com.threeriversbank.model.entity;
 
-import jakarta.persistence.*;
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.Table;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
diff --git a/backend/src/main/java/com/threeriversbank/model/entity/FeeSchedule.java b/backend/src/main/java/com/threeriversbank/model/entity/FeeSchedule.java
index 45d40ca..e950463 100644
--- a/backend/src/main/java/com/threeriversbank/model/entity/FeeSchedule.java
+++ b/backend/src/main/java/com/threeriversbank/model/entity/FeeSchedule.java
@@ -1,6 +1,14 @@
 package com.threeriversbank.model.entity;
 
-import jakarta.persistence.*;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
diff --git a/backend/src/main/java/com/threeriversbank/model/entity/InterestRate.java b/backend/src/main/java/com/threeriversbank/model/entity/InterestRate.java
index 95d46cd..f3916ed 100644
--- a/backend/src/main/java/com/threeriversbank/model/entity/InterestRate.java
+++ b/backend/src/main/java/com/threeriversbank/model/entity/InterestRate.java
@@ -1,6 +1,14 @@
 package com.threeriversbank.model.entity;
 
-import jakarta.persistence.*;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
diff --git a/backend/src/test/java/com/threeriversbank/controller/CreditCardControllerTest.java b/backend/src/test/java/com/threeriversbank/controller/CreditCardControllerTest.java
index bf06e2f..47c436e 100644
--- a/backend/src/test/java/com/threeriversbank/controller/CreditCardControllerTest.java
+++ b/backend/src/test/java/com/threeriversbank/controller/CreditCardControllerTest.java
@@ -15,7 +15,8 @@
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.Mockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 @WebMvcTest(CreditCardController.class)
 class CreditCardControllerTest {