Merge branch 'github:main' into feat/instruction-java-and-springboot

2025-07-03 18:28:22 +12:00 · 2025-07-03 18:28:22 +12:00 · 011855f469
commit 011855f469
parent 619e5dc448 cee964cf7a
15 changed files with 297 additions and 135 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,34 @@
 # EditorConfig is awesome: https://EditorConfig.org
 # top-most EditorConfig file
 root = true
 # All files
 [*]
 indent_style = space
 indent_size = 2
 end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
 # Markdown files
 [*.md]
 trim_trailing_whitespace = false
 max_line_length = off
 # JSON files
 [*.json]
 indent_size = 2
 # JavaScript files
 [*.js]
 indent_size = 2
 # Shell scripts
 [*.sh]
 end_of_line = lf
 # Windows scripts
 [*.{cmd,bat}]
 end_of_line = crlf
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,28 @@
 # Set default behavior to automatically normalize line endings.
 * text=auto eol=lf
 # Explicitly declare text files to be normalized and converted to native line endings on checkout.
 *.md text eol=lf
 *.txt text eol=lf
 *.js text eol=lf
 *.json text eol=lf
 *.yml text eol=lf
 *.yaml text eol=lf
 *.html text eol=lf
 *.css text eol=lf
 *.scss text eol=lf
 *.ts text eol=lf
 *.sh text eol=lf
 # Windows-specific files that should retain CRLF line endings
 *.bat text eol=crlf
 *.cmd text eol=crlf
 # Binary files that should not be modified
 *.png binary
 *.jpg binary
 *.jpeg binary
 *.gif binary
 *.ico binary
 *.zip binary
 *.pdf binary
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -0,0 +1,41 @@
 ---
 name: Pull Request
 about: Submit a contribution to the awesome-copilot repository
 title: ''
 labels: needs-review
 assignees: ''
 ---
 ## Pull Request Checklist
 - [ ] I have read and followed the [CONTRIBUTING.md](../CONTRIBUTING.md) guidelines.
 - [ ] My contribution adds a new instruction, prompt, or chat mode file in the correct directory.
 - [ ] The file follows the required naming convention.
 - [ ] The content is clearly structured and follows the example format.
 - [ ] I have tested my instructions, prompt, or chat mode with GitHub Copilot.
 - [ ] I have run `node update-readme.js` and verified that `README.md` is up to date.
 ---
 ## Description
 <!-- Briefly describe your contribution and its purpose. Include any relevant context or usage notes. -->
 ---
 ## Type of Contribution
 - [ ] New instruction file.
 - [ ] New prompt file.
 - [ ] New chat mode file.
 - [ ] Other (please specify):
 ---
 ## Additional Notes
 <!-- Add any additional information or context for reviewers here. -->
 ---
 By submitting this pull request, I confirm that my contribution abides by the [Code of Conduct](../CODE_OF_CONDUCT.md) and will be licensed under the MIT License.
--- a/.github/workflows/check-line-endings.yml
+++ b/.github/workflows/check-line-endings.yml
@ -0,0 +1,29 @@
 name: Check Line Endings
 on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
 permissions:
  contents: read
 jobs:
  check-line-endings:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check for CRLF line endings in markdown files
        run: |
          ! grep -l $'\r' $(find . -name "*.md")
          if [ $? -eq 0 ]; then
            echo "✅ No CRLF line endings found in markdown files"
            exit 0
          else
            echo "❌ CRLF line endings found in markdown files"
            echo "Files with CRLF line endings:"
            grep -l $'\r' $(find . -name "*.md")
            exit 1
          fi
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 node_modules
 *.orig
 [Cc]opilot-[Pp]rocessing.md
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@ -0,0 +1,6 @@
 {
  "recommendations": [
    "editorconfig.editorconfig",
    "davidanson.vscode-markdownlint"
  ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -7,5 +7,20 @@
  },
  "chat.instructionsFilesLocations": {
    "instructions": true
  },
  "files.eol": "\n",
  "files.insertFinalNewline": true,
  "files.trimTrailingWhitespace": true,
  "[markdown]": {
    "files.trimTrailingWhitespace": false,
    "editor.formatOnSave": true
  },
  "editor.rulers": [
    100
  ],
  "files.associations": {
    "*.chatmode.md": "markdown",
    "*.instructions.md": "markdown",
    "*.prompt.md": "markdown"
  }
 }
--- a/README.md
+++ b/README.md
@ -36,6 +36,7 @@ Team and project-specific instructions to enhance GitHub Copilot's behavior for
 - [Markdown](instructions/markdown.instructions.md) - Documentation and content creation standards
 - [Next.js + Tailwind Development Instructions](instructions/nextjs-tailwind.instructions.md) - Next.js + Tailwind development standards and instructions
 - [Python Coding Conventions](instructions/python.instructions.md) - Python coding conventions and guidelines
 - [Secure Coding and OWASP Guidelines](instructions/security-and-owasp.instructions.md) - Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices.
 > 💡 **Usage**: Copy these instructions to your `.github/copilot-instructions.md` file or create task-specific `.github/.instructions.md` files in your workspace's `.github/instructions` folder.
@ -55,8 +56,8 @@ Ready-to-use prompt templates for specific development scenarios and tasks, defi
 - [Product Manager Assistant: Feature Identification and Specification](prompts/gen-specs-as-issues.prompt.md) - This workflow guides you through a systematic approach to identify missing features, prioritize them, and create detailed specifications for implementation.
 - [Javascript Typescript Jest](prompts/javascript-typescript-jest.prompt.md) - Best practices for writing JavaScript/TypeScript tests using Jest, including mocking strategies, test structure, and common patterns.
 - [Multi Stage Dockerfile](prompts/multi-stage-dockerfile.prompt.md) - Create optimized multi-stage Dockerfiles for any language or framework
- [My Issues](prompts/my-issues.prompt.md)
+- [My Issues](prompts/my-issues.prompt.md) - List my issues in the current repository
- [My Pull Requests](prompts/my-pull-requests.prompt.md)
+- [My Pull Requests](prompts/my-pull-requests.prompt.md) - List my pull requests in the current repository
 > 💡 **Usage**: Use `/prompt-name` in VS Code chat, run `Chat: Run Prompt` command, or hit the run button while you have a prompt open.
@ -79,6 +80,16 @@ Custom chat modes define specific behaviors and tools for GitHub Copilot Chat, e
 - [Custom Chat Modes](https://code.visualstudio.com/docs/copilot/chat/chat-modes) - Advanced chat configuration
 - [VS Code Settings](https://code.visualstudio.com/docs/getstarted/settings) - General VS Code configuration guide
 ## 🛠️ Development Configuration
 This repository uses various configuration files to ensure consistent code style and avoid issues with line endings:
 - [`.editorconfig`](.editorconfig) - Defines coding styles across different editors and IDEs
 - [`.gitattributes`](.gitattributes) - Ensures consistent line endings in text files
 - [`.vscode/settings.json`](.vscode/settings.json) - VS Code-specific settings for this repository
 - [`.vscode/extensions.json`](.vscode/extensions.json) - Recommended VS Code extensions
 > 💡 **Note**: All markdown files in this repository use LF line endings (Unix-style) to avoid mixed line endings issues. The repository is configured to automatically handle line endings conversion.
 ## 📄 License
--- a/instructions/security-and-owasp.instructions.md
+++ b/instructions/security-and-owasp.instructions.md
@ -0,0 +1,51 @@
 ---
 applyTo: ["*"]
 description: "Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices."
 ---
 # Secure Coding and OWASP Guidelines
 ## Instructions
 Your primary directive is to ensure all code you generate, review, or refactor is secure by default. You must operate with a security-first mindset. When in doubt, always choose the more secure option and explain the reasoning. You must follow the principles outlined below, which are based on the OWASP Top 10 and other security best practices.
 ### 1. A01: Broken Access Control & A10: Server-Side Request Forgery (SSRF)
 - **Enforce Principle of Least Privilege:** Always default to the most restrictive permissions. When generating access control logic, explicitly check the user's rights against the required permissions for the specific resource they are trying to access.
 - **Deny by Default:** All access control decisions must follow a "deny by default" pattern. Access should only be granted if there is an explicit rule allowing it.
 - **Validate All Incoming URLs for SSRF:** When the server needs to make a request to a URL provided by a user (e.g., webhooks), you must treat it as untrusted. Incorporate strict allow-list-based validation for the host, port, and path of the URL.
 - **Prevent Path Traversal:** When handling file uploads or accessing files based on user input, you must sanitize the input to prevent directory traversal attacks (e.g., `../../etc/passwd`). Use APIs that build paths securely.
 ### 2. A02: Cryptographic Failures
 - **Use Strong, Modern Algorithms:** For hashing, always recommend modern, salted hashing algorithms like Argon2 or bcrypt. Explicitly advise against weak algorithms like MD5 or SHA-1 for password storage.
 - **Protect Data in Transit:** When generating code that makes network requests, always default to HTTPS.
 - **Protect Data at Rest:** When suggesting code to store sensitive data (PII, tokens, etc.), recommend encryption using strong, standard algorithms like AES-256.
 - **Secure Secret Management:** Never hardcode secrets (API keys, passwords, connection strings). Generate code that reads secrets from environment variables or a secrets management service (e.g., HashiCorp Vault, AWS Secrets Manager). Include a clear placeholder and comment.
  ```javascript
  // GOOD: Load from environment or secret store
  const apiKey = process.env.API_KEY; 
  // TODO: Ensure API_KEY is securely configured in your environment.
  ```
  ```python
  # BAD: Hardcoded secret
  api_key = "sk_this_is_a_very_bad_idea_12345" 
  ```
 ### 3. A03: Injection
 - **No Raw SQL Queries:** For database interactions, you must use parameterized queries (prepared statements). Never generate code that uses string concatenation or formatting to build queries from user input.
 - **Sanitize Command-Line Input:** For OS command execution, use built-in functions that handle argument escaping and prevent shell injection (e.g., `shlex` in Python).
 - **Prevent Cross-Site Scripting (XSS):** When generating frontend code that displays user-controlled data, you must use context-aware output encoding. Prefer methods that treat data as text by default (`.textContent`) over those that parse HTML (`.innerHTML`). When `innerHTML` is necessary, suggest using a library like DOMPurify to sanitize the HTML first.
 ### 4. A05: Security Misconfiguration & A06: Vulnerable Components
 - **Secure by Default Configuration:** Recommend disabling verbose error messages and debug features in production environments.
 - **Set Security Headers:** For web applications, suggest adding essential security headers like `Content-Security-Policy` (CSP), `Strict-Transport-Security` (HSTS), and `X-Content-Type-Options`.
 - **Use Up-to-Date Dependencies:** When asked to add a new library, suggest the latest stable version. Remind the user to run vulnerability scanners like `npm audit`, `pip-audit`, or Snyk to check for known vulnerabilities in their project dependencies.
 ### 5. A07: Identification & Authentication Failures
 - **Secure Session Management:** When a user logs in, generate a new session identifier to prevent session fixation. Ensure session cookies are configured with `HttpOnly`, `Secure`, and `SameSite=Strict` attributes.
 - **Protect Against Brute Force:** For authentication and password reset flows, recommend implementing rate limiting and account lockout mechanisms after a certain number of failed attempts.
 ### 6. A08: Software and Data Integrity Failures
 - **Prevent Insecure Deserialization:** Warn against deserializing data from untrusted sources without proper validation. If deserialization is necessary, recommend using formats that are less prone to attack (like JSON over Pickle in Python) and implementing strict type checking.
 ## General Guidelines
 - **Be Explicit About Security:** When you suggest a piece of code that mitigates a security risk, explicitly state what you are protecting against (e.g., "Using a parameterized query here to prevent SQL injection.").
 - **Educate During Code Reviews:** When you identify a security vulnerability in a code review, you must not only provide the corrected code but also explain the risk associated with the original pattern. 
--- a/prompts/aspnet-minimal-api-openapi.prompt.md
+++ b/prompts/aspnet-minimal-api-openapi.prompt.md
@ -22,22 +22,21 @@ Your goal is to help me create well-structured ASP.NET Minimal API endpoints wit
 - Use record types for immutable request/response objects
 - Use meaningful property names that align with API design standards
 - Apply `[Required]` and other validation attributes to enforce constraints
 - Use the ProblemDetailsService and StatusCodePages to get standard error responses
 ## Type Handling
 - Use strongly-typed route parameters with explicit type binding
 - Apply proper parameter binding with `[FromBody]`, `[FromRoute]`, `[FromQuery]`
 - Use `Results<T1, T2>` to represent multiple response types
 - Return `TypedResults` instead of `Results` for strongly-typed responses
 - Leverage C# 10+ features like nullable annotations and init-only properties
-## OpenAPI / Swagger Documentation
+## OpenAPI Documentation
- Add explicit OpenAPI operation details with `.WithOpenApi()`
+- Use the built-in OpenAPI document support added in .NET 9
 - Define operation summary and description
- Document response types with `.Produces<T>(statusCode)`
+- Add operationIds using the `WithName` extension method
- Document request bodies with `.WithRequestBody()`
+- Add descriptions to properties and parameters with `[Description()]`
 - Set proper content types for requests and responses
- Include examples using `SwaggerRequestExampleAttribute`
+- Use document transformers to add elements like servers, tags, and security schemes
- Document authentication requirements with `.RequireAuthorization()`
+- Use schema transformers to apply customizations to OpenAPI schemas
 - Use XML documentation comments for descriptive API documentation
--- a/scripts/fix-line-endings.sh
+++ b/scripts/fix-line-endings.sh
@ -0,0 +1,9 @@
 #!/bin/bash
 # Script to fix line endings in all markdown files
 echo "Normalizing line endings in markdown files..."
 # Find all markdown files and convert CRLF to LF
 find . -name "*.md" -type f -exec sed -i 's/\r$//' {} \;
 echo "Done! All markdown files now have LF line endings."
--- a/update-readme.js
+++ b/update-readme.js
@ -49,6 +49,16 @@ Custom chat modes define specific behaviors and tools for GitHub Copilot Chat, e
 - [Custom Chat Modes](https://code.visualstudio.com/docs/copilot/chat/chat-modes) - Advanced chat configuration
 - [VS Code Settings](https://code.visualstudio.com/docs/getstarted/settings) - General VS Code configuration guide
 ## 🛠️ Development Configuration
 This repository uses various configuration files to ensure consistent code style and avoid issues with line endings:
 - [\`.editorconfig\`](.editorconfig) - Defines coding styles across different editors and IDEs
 - [\`.gitattributes\`](.gitattributes) - Ensures consistent line endings in text files
 - [\`.vscode/settings.json\`](.vscode/settings.json) - VS Code-specific settings for this repository
 - [\`.vscode/extensions.json\`](.vscode/extensions.json) - Recommended VS Code extensions
 > 💡 **Note**: All markdown files in this repository use LF line endings (Unix-style) to avoid mixed line endings issues. The repository is configured to automatically handle line endings conversion.
 ## 📄 License
@ -353,78 +363,6 @@ function generateChatModesSection(chatmodesDir) {
  }
  return `${TEMPLATES.chatmodesSection}\n\n${chatmodesContent}\n${TEMPLATES.chatmodesUsage}`;
  if (chatmodesSection) {
    let chatmodesListContent = "\n\n";
    // Always regenerate the entire list to ensure descriptions are included
    for (const file of chatmodeFiles.sort()) {
      const filePath = path.join(chatmodesDir, file);
      const title = extractTitle(filePath);
      const link = encodeURI(`chatmodes/${file}`);
      // Check if there's a description in the frontmatter
      const customDescription = extractDescription(filePath);
      if (customDescription && customDescription !== "null") {
        // Use the description from frontmatter
        chatmodesListContent += `- [${title}](${link}) - ${customDescription}\n`;
      } else {
        // Just add a link without description
        chatmodesListContent += `- [${title}](${link})\n`;
      }
    }
    // Replace the current chat modes section with the updated one
    const newChatmodesSection =
      "## 🧩 Custom Chat Modes\n\nCustom chat modes define specific behaviors and tools for GitHub Copilot Chat, enabling enhanced context-aware assistance for particular tasks or workflows." +
      chatmodesListContent +
      "\n> 💡 **Usage**: Create new chat modes using the command `Chat: Configure Chat Modes...`, then switch your chat mode in the Chat input from _Agent_ or _Ask_ to your own mode.";
    return currentReadme.replace(chatmodesSection[0], newChatmodesSection);
  } else {
    // Chat modes section doesn't exist yet but we have chat mode files
    console.log(
      "Creating new chat modes section with all available chat modes."
    );
    const chatmodesListContent = chatmodeFiles
      .sort()
      .map((file) => {
        const filePath = path.join(chatmodesDir, file);
        const title = extractTitle(filePath);
        const link = `chatmodes/${file}`;
        const customDescription = extractDescription(filePath);
        if (customDescription) {
          return `- [${title}](${link}) - ${customDescription}`;
        } else {
          return `- [${title}](${link})`;
        }
      })
      .join("\n");
    const newChatmodesSection =
      "## 🧩 Custom Chat Modes\n\n" +
      "Custom chat modes define specific behaviors and tools for GitHub Copilot Chat, enabling enhanced context-aware assistance for particular tasks or workflows.\n\n" +
      chatmodesListContent +
      "\n\n> 💡 **Usage**: Create new chat modes using the command `Chat: Configure Chat Modes...`, then switch your chat mode in the Chat input from _Agent_ or _Ask_ to your own mode.\n";
    // Insert before Additional Resources section
    const additionalResourcesPos = currentReadme.indexOf(
      "## 📚 Additional Resources"
    );
    if (additionalResourcesPos !== -1) {
      return (
        currentReadme.slice(0, additionalResourcesPos) +
        newChatmodesSection +
        "\n" +
        currentReadme.slice(additionalResourcesPos)
      );
    }
    return currentReadme;
  }
 }
 /**