Add path-specific Copilot instructions, code-reviewer agent, skill prompts, and setup workflow

[Copilot]

Bootstraps the repo's Copilot context layer with scoped instruction files, a code-review agent, reusable skill prompts sourced from github/awesome-copilot, and a Copilot coding-agent setup workflow.

.github/instructions/ — six new applyTo-scoped files

File	applyTo	Enforces
java.instructions.md	backend/**/*.java	No wildcard imports (hard rule), constructor DI, DTOs only in API layer, SLF4J, @Transactional, BIAN via circuit breaker
java-testing.instructions.md	backend/src/test/**/*.java	AAA pattern, methodName_should_expectedBehavior_when_scenario naming, @WebMvcTest/@DataJpaTest slices, WireMock for BIAN
react.instructions.md	frontend/src/**/*.{jsx,js}	React Query for all server state, MUI + Three Rivers Bank theme, functional components, directory conventions
docker.instructions.md	docker/**	Multi-stage builds, pinned base images, non-root users, HEALTHCHECK, threeriversbank/{backend|frontend} naming
code-review.instructions.md	**	PR-focused: wildcard import rejection, no exposed JPA entities, no hardcoded BIAN URLs, System.out flagging, test coverage gates
documentation.instructions.md	backend/src/main/**/*.java	Javadoc on all public/protected members, @param/@return/@throws, {@code} for inline references

.github/agents/code-reviewer.agent.md

New specialist agent (Claude Sonnet 4, tools: codebase, search, changes) with a tiered checklist:

• 🔴 Critical — wildcard imports, exposed entities, hardcoded secrets, System.out, direct BIAN calls
• 🟡 Warning — DI patterns, @Transactional, React Query usage, test slice selection
• 🟢 Suggestion — Javadoc completeness, assertAll, theme color consistency

.github/prompts/ — four new prompt files

• java-springboot.prompt.md — Full Spring Boot best practices adapted from awesome-copilot, extended with BIAN circuit-breaker and caching rules
• java-junit.prompt.md — JUnit 5 best practices with WireMock and test-slice guidance
• java-docs.prompt.md — Javadoc best practices with a worked findById example
• code-review.prompt.md — Reusable review prompt that delegates to the instruction files above

.github/copilot-setup-steps.yml

workflow_dispatch workflow that provisions the Copilot coding-agent environment: JDK 17 (Temurin) + Maven build (-DskipTests) + Node 18 + npm install.

Original prompt

Goal

Initialize the agentic-devops-demo repo to provide better context to GitHub Copilot. The repo already has .github/copilot-instructions.md and several agents (coder, planner, orchestrator, designer, enterprise-architect). We need to add path-specific instruction files, a code-review custom agent, and relevant agent skills sourced from the awesome-copilot repo.

Repo context

This is a full-stack Three Rivers Bank credit card comparison platform:

• Backend: Java 17+ / Spring Boot 3.x / Maven / H2 / Resilience4j / OpenFeign / JPA
• Frontend: React 18+ / Vite / Material-UI / React Query / React Router v6
• Testing: JUnit 5 + Mockito (backend), Playwright (E2E)
• Infra: Docker, GitHub Actions CI/CD, Azure Container Apps
• Package structure: com.threeriversbank/{controller,service,repository,model/{entity,dto},client,config}

Files to create

1. Path-specific instruction files in .github/instructions/

Per the guidance in https://github.blog/ai-and-ml/unlocking-the-full-power-of-copilot-code-review-master-your-instructions-files, instruction files work best with Copilot code reviews when they:

• Use applyTo frontmatter with glob patterns to target specific file types
• Are focused and specific (one concern per file)
• Include clear "do/don't" patterns
• Are concise (Copilot code review works best with short, focused instructions)

Create the following instruction files:

a. .github/instructions/java.instructions.md

---
description: 'Java coding standards for the Three Rivers Bank Spring Boot backend'
applyTo: 'backend/**/*.java'
---

Include rules from the java-springboot skill adapted for this project:

• MUST never use Java wildcard imports (e.g., import java.util.*). Always use explicit imports for each class. This is a hard rule from enterprise standards.
• Use constructor-based dependency injection with private final fields
• Use @Service, @Repository, @RestController stereotypes appropriately
• Use DTOs — never expose JPA entities directly to controllers
• Encapsulate business logic in @Service classes, keep controllers thin
• Use @Transactional on service methods
• Use SLF4J for logging with parameterized messages
• Use application.yml for configuration, @ConfigurationProperties for type-safe binding
• Java Bean Validation (@Valid, @NotNull, @Size) on DTOs
• Global exception handling with @ControllerAdvice

b. .github/instructions/java-testing.instructions.md

---
description: 'JUnit 5 testing standards for the Spring Boot backend'
applyTo: 'backend/src/test/**/*.java'
---

Include rules from the java-junit skill:

• Follow Arrange-Act-Assert (AAA) pattern
• Test naming: methodName_should_expectedBehavior_when_scenario
• Test class naming: {Class}Test.java
• Use @WebMvcTest for controller tests, @DataJpaTest for repository tests
• Use Mockito for mocking (@Mock, @InjectMocks)
• Use WireMock for external API (BIAN) integration testing
• Use @DisplayName for readable test names
• One assertion per test when practical; use assertAll for grouping related assertions
• Never use wildcard imports in test files either

c. .github/instructions/react.instructions.md

---
description: 'React coding standards for the Three Rivers Bank frontend'
applyTo: 'frontend/src/**/*.{jsx,js}'
---

Include:

• Use React Query (TanStack Query) for server state — NOT Redux or raw fetch/axios
• Use Material-UI components with the custom theme from frontend/src/theme.js
• Use React Router v6 for navigation
• Use functional components with hooks exclusively
• Page components go in /pages/, reusable components in /components/{cards,common,layout}
• Prop types should be documented or use TypeScript-style JSDoc
• Use Three Rivers Bank theme colors (Navy #003366, Teal #008080)

d. .github/instructions/docker.instructions.md

---
description: 'Dockerfile and Docker best practices'
applyTo: 'docker/**'
---

Include:

• Use multi-stage builds to minimize image size
• Pin base image versions (don't use :latest in production)
• Use non-root users in containers
• Follow naming convention: threeriversbank/{backend|frontend}:latest
• Backend: Java 17+ runtime, H2 embedded
• Frontend: Nginx serving static Vite build
• Add health check instructions

e. .github/instructions/code-review.instructions.md

---
description: 'Standards that Copilot should enforce during pull request code reviews'
applyTo: '**'
---

This file is specifically for Copilot Code Review. Per the blog post guidance, include:

• Review for security issues (hardcoded secrets, SQL injection, XSS)
• Check for proper error handling and logging
• Verify no wildcard ...

This pull request was created from Copilot chat.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Bootstraps a Copilot “context layer” for this repo by adding scoped instruction files, reusable agent prompt templates, and a dedicated code-review agent to enforce project conventions across backend/frontend/testing/Docker.

Changes:

• Added applyTo-scoped instruction files under .github/instructions/ for Java, JUnit tests, React, Docker, documentation, and code review.
• Added reusable agent prompt files under .github/prompts/ for Spring Boot, JUnit, Javadoc, and PR code review.
• Added a custom code-reviewer agent definition and a Copilot setup steps workflow/config.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/prompts/java-springboot.prompt.md	Adds Spring Boot best-practices prompt aligned to repo architecture (DTOs, circuit breaker, caching).
.github/prompts/java-junit.prompt.md	Adds JUnit 5 prompt covering AAA, slices, Mockito/WireMock, and naming conventions.
.github/prompts/java-docs.prompt.md	Adds Javadoc best-practices prompt and example.
.github/prompts/code-review.prompt.md	Adds reusable PR review prompt that delegates to scoped instruction files.
.github/instructions/react.instructions.md	Enforces React Query + MUI theme + directory conventions for frontend JS/JSX.
.github/instructions/java.instructions.md	Enforces backend Java standards (no wildcard imports, DTO boundaries, SLF4J, circuit breaker).
.github/instructions/java-testing.instructions.md	Enforces JUnit standards for backend tests (AAA, slices, naming, no wildcard imports).
.github/instructions/documentation.instructions.md	Enforces Javadoc coverage/format for backend main Java sources.
.github/instructions/docker.instructions.md	Enforces Docker best practices (multi-stage, pinned base images, non-root, healthchecks).
.github/instructions/code-review.instructions.md	Establishes review gate checklist (security, DTOs, circuit breaker, React Query, Docker).
.github/copilot-setup-steps.yml	Adds an environment provisioning workflow/config for backend/frontend dependencies.
.github/agents/code-reviewer.agent.md	Adds a dedicated code-review agent with severity-tiered checklist.

[Copilot]

.github/copilot-setup-steps.yml is written as a GitHub Actions workflow (on: workflow_dispatch, jobs:), but it’s not located under .github/workflows/, so GitHub will not load or allow dispatching it. Either move it to .github/workflows/ (and keep the workflow syntax), or (if this file is intended for Copilot coding-agent setup steps) switch it to the Copilot setup-steps file format and remove the Actions-specific on/jobs keys.

[Copilot]

The setup steps pin Node.js to 18, but the repo’s existing CI workflow (.github/workflows/deploy.yml) uses Node 20. To avoid “works in CI but not in Copilot setup” drift (or vice versa), align the Node version here with the version used by the main workflow.

Suggested change

	node-version: '18'
	node-version: '20'