This directory contains specialized GitHub Copilot custom agent profiles for Black Trigram development. Each agent is an expert in a specific domain, providing focused assistance for particular development tasks.
New in 2026: Black Trigram now includes GitHub Copilot Agent Skills - strategic, high-level principles that are automatically enforced across all development work.
| Skills (๐ View All) | Agents (This Directory) |
|---|---|
| Strategic principles and rules | Task-specific implementers |
| Automatically activated by context | Explicitly invoked |
| Enforce standards and patterns | Execute specific workflows |
| High-level, declarative | Detailed, procedural |
Example:
- Skill: "All security changes must update SECURITY_ARCHITECTURE.md" โ Automatic
- Agent: "I will implement JWT authentication in
src/auth/jwt.ts" ๐ค On-demand
Black Trigram now ships 29 strategic skills organized across Security & Compliance, Architecture & Documentation, Visual & Cultural, Testing & Quality, Performance, Three.js, Game Development, AI Governance, and Agentic Workflows. See the Skills catalog for the full list and activation triggers.
Highlights (security & compliance core):
- security-architecture-validation โ ISMS security-by-design enforcement
- secure-development-lifecycle โ all 7 SDLC phases + DevSecOps
- isms-compliance-checking โ ISO 27001, NIST CSF 2.0, CIS v8.1
- compliance-framework-alignment โ multi-framework traceability
- classification-framework-enforcement โ C/I/A/P classification + BIA
- open-source-governance โ Hack23 Open Source Policy enforcement
- threat-modeling-enforcement โ STRIDE + MITRE ATT&CK + attack trees
- vulnerability-management โ CVE remediation SLAs, OSSF โฅ 8, SBOM
- incident-response โ severity SLAs, rotation, lessons learned
- secrets-management โ credential hygiene, GitHub Secrets
- data-protection โ classification, TLS, CSP, SRI
- input-validation โ Zod / type guards at boundaries
- risk-assessment-frameworks โ ISO 31000 / ID.RA
- gdpr-compliance โ GDPR / NIS2 / EU CRA
- ai-governance โ EU AI Act, NIST AI RMF, AI transparency
- github-agentic-workflows โ defense-in-depth workflow security
Architecture & Docs: c4-architecture-documentation ยท documentation-standards
Quality & Testing: testing-strategy-enforcement ยท code-quality-excellence ยท typescript-strict-patterns ยท accessibility-wcag-patterns
Performance & Three.js: performance-optimization ยท threejs-best-practices
Game & Cultural: game-development-patterns ยท korean-martial-arts-authenticity ยท 3d-combat-systems ยท audio-game-integration ยท korean-theming-standards
All agents leverage these skills for automatic quality enforcement. Learn more โ
Every repo agent encodes links to the applicable Hack23 ISMS policies so that code changes, reviews, tests, and documentation trace back to a governed source of truth:
| Domain | Policy |
|---|---|
| Governance baseline | Information Security Policy |
| SDLC / secure coding | Secure Development Policy |
| OSS supply chain | Open Source Policy |
| CVE response | Vulnerability Management |
| Crypto | Cryptography Policy |
| Access / identity | Access Control Policy |
| Incidents | Incident Response Plan |
| Data handling | Data Classification Policy |
| AI | AI Governance Policy |
| Threat analysis | Threat Modeling Policy |
| Change control | Change Management |
| Continuity / DR | Business Continuity Plan |
| Compliance | Compliance Checklist (ISO 27001 ยท NIST CSF 2.0 ยท CIS v8.1) |
All agents reference these key files to understand the project environment and configuration:
File: .github/workflows/copilot-setup-steps.yml
- Node.js 26, npm, TypeScript toolchain
- Build and test environment setup
- Cache configuration for dependencies
- Workflow permissions (read/write access levels)
File: .github/copilot-mcp.json
- GitHub MCP: Repository operations, issues, PRs, releases
- Filesystem MCP: Secure file access for the workspace
- Git MCP: Git operations and repository history
- Memory MCP: Conversation context between sessions
- Playwright MCP: Browser automation for UI testing
- AWS MCP: Cloud infrastructure operations (disabled by default)
- Brave Search MCP: Web search for documentation (disabled by default)
File: README.md (root)
- Project overview and mission
- Korean martial arts philosophy (ๅ ซๅฆ - Eight Trigrams)
- Technology stack (React 19, Three.js, TypeScript)
- Combat mechanics and player archetypes
- Development guidelines and documentation
GitHub Copilot custom agents are AI assistants with specialized knowledge. When working with Black Trigram, select the agent that matches your current task for context-aware assistance following project patterns.
๐ New: Agent Capabilities Matrix - Comprehensive guide to all agents, their capabilities, and coordination patterns.
All agents have access to essential project configuration files that define the development environment, available tools, and project context:
| File | Purpose | What Agents Find Here |
|---|---|---|
README.md |
Main Project Context | Project overview, tech stack, ISMS compliance framework, combat mechanics, Korean martial arts philosophy |
.github/workflows/copilot-setup-steps.yml |
Environment Setup | Node.js 26 configuration, npm dependencies, build/test commands, GitHub Actions permissions |
.github/copilot-mcp.json |
MCP Server Configuration | Available MCP servers (filesystem, github, git, memory, sequential-thinking, playwright, brave-search, aws), tool capabilities, integration patterns |
See .github/copilot-mcp.json for the authoritative list. Repository-level agents do not embed MCP config in their frontmatter โ session-level MCP applies uniformly. Core servers: github (Insiders with Copilot coding-agent tools), filesystem, memory, sequential-thinking, playwright.
The setup workflow (.github/workflows/copilot-setup-steps.yml) defines:
- Node.js Version: 26 (current)
- Package Manager: npm with
npm cifor reproducible builds - Build Tool: Vite for fast development and optimized production builds
- Test Frameworks: Vitest (unit/integration), Cypress (E2E)
- TypeScript: Strict mode enabled for type safety
Permissions Available in CI:
contents: read # Read repository contents
actions: read # Read workflow runs
attestations: read # Read attestations
checks: read # Read check runs
deployments: read # Read deployment status
issues: write # Create and update issues
models: read # Read AI models (Copilot)
discussions: read # Read discussions
pages: read # Read GitHub Pages
pull-requests: write # Create and update PRs
security-events: read # Read security alerts
statuses: read # Read commit statusesgraph LR
A[Development Task] --> B{Task Type?}
B -->|Product Analysis| K["๐ฏ Task Agent"]
B -->|Create Issues| K
B -->|Quality Check| K
B -->|Feature/Bug| C["๐ ๏ธ Coding Agent"]
B -->|UI/React| D["โ๏ธ Frontend Specialist"]
B -->|Game Logic| E["๐ฎ Game Developer"]
B -->|Combat/Martial Arts| L["๐ฅ Korean Martial Arts Expert"]
B -->|Testing| F["๐งช Testing Agent"]
B -->|Documentation| G["๐ Documentation Writer"]
B -->|Security| H["๐ก๏ธ Security Specialist"]
B -->|Review| I["๐ Code Review Agent"]
B -->|Test Strategy| J["๐ฌ Test Engineer"]
K -.Delegates.-> C
K -.Delegates.-> D
K -.Delegates.-> E
K -.Delegates.-> L
K -.Delegates.-> F
K -.Delegates.-> G
K -.Delegates.-> H
K -.Delegates.-> J
style K fill:#8BC34A,stroke:#558B2F,stroke-width:3px,color:#fff
style C fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#fff
style D fill:#2196F3,stroke:#1565C0,stroke-width:2px,color:#fff
style E fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#fff
style L fill:#673AB7,stroke:#4527A0,stroke-width:2px,color:#fff
style F fill:#9C27B0,stroke:#6A1B9A,stroke-width:2px,color:#fff
style G fill:#00BCD4,stroke:#00838F,stroke-width:2px,color:#fff
style H fill:#F44336,stroke:#C62828,stroke-width:2px,color:#fff
style I fill:#FFC107,stroke:#F57F17,stroke-width:2px,color:#000
style J fill:#E91E63,stroke:#AD1457,stroke-width:2px,color:#fff
๐ฏ Task Agent
Primary Role: Product Quality Orchestrator & Issue Manager
When to Use:
- โ Analyzing product quality holistically
- โ Creating GitHub issues with clear acceptance criteria
- โ Assigning work to appropriate specialized agents
- โ Ensuring ISMS compliance and security alignment
- โ Evaluating UI/UX against Korean theming standards
- โ Monitoring test coverage and quality metrics
- โ Performance analysis and optimization tracking
Tools Available: ["*"] (all tools allowed โ no MCP server config at repo level; session-level MCP from .github/copilot-mcp.json applies)
MCP (session-level only): GitHub, filesystem, memory, sequential-thinking, playwright โ configured in .github/copilot-mcp.json, not in individual agent frontmatter
Expertise:
- Product management and issue orchestration
- Quality assurance across all dimensions
- UI/UX evaluation and accessibility
- ISMS alignment (ISO 27001, NIST CSF, CIS Controls, Information Security Policy)
- Performance monitoring (60fps, bundle size)
- Agent coordination and delegation
- GitHub issue creation and management
- Copilot coding agent orchestration with
base_ref,custom_instructions, stacked PRs
๐ ๏ธ Coding Agent
Primary Role: Full-Stack TypeScript/React/Three.js Development
When to Use:
- โ Implementing new game features
- โ Creating UI components with Korean theming
- โ Fixing bugs in React/Three.js code
- โ Refactoring existing code
- โ Integrating @react-three/fiber components
- โ Implementing combat mechanics
Tools Available: ["*"] (all tools allowed)
Expertise:
- React + Three.js integration patterns
- Korean theming and bilingual text
- @react-three/fiber and @react-three/drei
- Combat system implementation
- Type-safe development with strict TypeScript
โ๏ธ Frontend Specialist
Primary Role: React 19 & Strict TypeScript Expert
When to Use:
- โ Building type-safe React components
- โ Implementing React 19 features
- โ Component architecture design
- โ State management patterns
- โ React Testing Library tests
- โ Performance optimization
Tools Available: ["*"] (all tools allowed)
Expertise:
- React 19 best practices
- Strict TypeScript configuration
- Component composition
- Testing with RTL
- Performance profiling
๐ฎ Game Developer
Primary Role: Three.js/@react-three/fiber Game Systems Engineer
When to Use:
- โ Implementing game loops
- โ Optimizing rendering (60fps target)
- โ Audio system integration
- โ Collision detection
- โ 3D scene and resource management
- โ Object pooling
Tools Available: ["*"] (all tools allowed)
Expertise:
- Three.js / @react-three/fiber integration
- Game loop architecture
- Howler.js audio management
- Performance optimization
- WebGL rendering
๐งช Testing Agent
Primary Role: Vitest & Cypress Testing Specialist
When to Use:
- โ Writing unit tests
- โ Creating integration tests
- โ Developing E2E tests with Cypress
- โ Debugging test failures
- โ Testing Three.js components
- โ Testing Korean UI elements
Tools Available: ["*"] (all tools allowed)
Expertise:
- Vitest unit testing
- Cypress E2E testing
- Component testing
- Mock strategies
- Test coverage
๐ฌ Test Engineer
Primary Role: Test Strategy & CI Integration Specialist
When to Use:
- โ Designing comprehensive test strategies
- โ Enforcing coverage standards (>90%)
- โ Integrating tests into CI/CD
- โ Setting up test parallelization
- โ Performance and accessibility testing
- โ Test metrics and reporting
Tools Available: ["*"] (all tools allowed)
Expertise:
- Test suite architecture
- Coverage enforcement
- GitHub Actions integration
- Visual regression testing
- Mutation testing
๐ Documentation Writer
Primary Role: Technical Documentation Specialist
When to Use:
- โ Writing JSDoc/TSDoc comments
- โ Creating API documentation
- โ Writing user guides and tutorials
- โ Documenting Korean martial arts concepts
- โ Security policy documentation (SECURITY.md)
- โ Bilingual content (Korean/English)
Tools Available: ["*"] (all tools allowed)
Expertise:
- Code documentation
- Technical writing
- Korean cultural context
- API references
- Security policies
๐ Code Review Agent
Primary Role: Code Quality & Standards Reviewer
When to Use:
- โ Reviewing pull requests
- โ Checking code quality and standards
- โ Verifying Korean theming compliance
- โ Validating test coverage
- โ Security assessment
- โ Performance review
Tools Available: ["*"] (all tools allowed; by convention this agent treats edits as suggestions)
Expertise:
- Code quality assessment
- Korean theming validation
- Testing coverage verification
- Security best practices
- Accessibility standards
๐ก๏ธ Security Specialist
Primary Role: Supply Chain & Compliance Security Expert
When to Use:
- โ OSSF Scorecard compliance
- โ SBOM generation (CycloneDX)
- โ Vulnerability scanning
- โ License compliance checking
- โ Dependency security audits
- โ Security automation
Tools Available: ["*"] (all tools allowed)
Expertise:
- Supply chain security
- OSSF best practices
- Software Bill of Materials
- License compliance
- Automated security workflows
flowchart TD
Start([Need Help?]) --> Type{What are you doing?}
Type -->|Product Management| Management{Management Type?}
Management -->|Create Issues| TaskAgent["๐ฏ Task Agent"]
Management -->|Quality Analysis| TaskAgent
Management -->|ISMS Compliance| TaskAgent
Management -->|Agent Coordination| TaskAgent
Type -->|Writing Code| Code{Code Type?}
Code -->|UI Components| Frontend["โ๏ธ Frontend Specialist"]
Code -->|Game Logic| Game["๐ฎ Game Developer"]
Code -->|Combat/Martial Arts| MartialArts["๐ฅ Korean Martial Arts Expert"]
Code -->|General Feature| Coding["๐ ๏ธ Coding Agent"]
Type -->|Writing Tests| TestType{Test Type?}
TestType -->|Unit/E2E Tests| Testing["๐งช Testing Agent"]
TestType -->|Test Strategy| TestEng["๐ฌ Test Engineer"]
Type -->|Documentation| Docs["๐ Documentation Writer"]
Type -->|Code Review| Review["๐ Code Review Agent"]
Type -->|Security| Security["๐ก๏ธ Security Specialist"]
TaskAgent --> Action[Get Agent Help]
Frontend --> Action
Game --> Action
MartialArts --> Action
Coding --> Action
Testing --> Action
TestEng --> Action
Docs --> Action
Review --> Action
Security --> Action
style Start fill:#E0E0E0,stroke:#757575,stroke-width:2px,color:#000
style Type fill:#FFEB3B,stroke:#F57F17,stroke-width:2px,color:#000
style Management fill:#FFEB3B,stroke:#F57F17,stroke-width:2px,color:#000
style Code fill:#FFEB3B,stroke:#F57F17,stroke-width:2px,color:#000
style TestType fill:#FFEB3B,stroke:#F57F17,stroke-width:2px,color:#000
style TaskAgent fill:#8BC34A,stroke:#558B2F,stroke-width:3px,color:#fff
style Frontend fill:#2196F3,stroke:#1565C0,stroke-width:2px,color:#fff
style Game fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#fff
style MartialArts fill:#673AB7,stroke:#4527A0,stroke-width:2px,color:#fff
style Coding fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#fff
style Testing fill:#9C27B0,stroke:#6A1B9A,stroke-width:2px,color:#fff
style TestEng fill:#E91E63,stroke:#AD1457,stroke-width:2px,color:#fff
style Docs fill:#00BCD4,stroke:#00838F,stroke-width:2px,color:#fff
style Review fill:#FFC107,stroke:#F57F17,stroke-width:2px,color:#000
style Security fill:#F44336,stroke:#C62828,stroke-width:2px,color:#fff
style Action fill:#8BC34A,stroke:#558B2F,stroke-width:3px,color:#fff
All agents have access to appropriate GitHub Copilot tools:
| Tool Category | Tools | Purpose |
|---|---|---|
| File Operations | view, edit, create |
Read, modify, and create files |
| Code Search | search_code |
Search codebase for patterns and references |
| Shell Access | bash |
Execute build, test, and automation commands |
| Agent Delegation | custom-agent |
Invoke other specialized agents |
| Browser Automation | playwright-browser_snapshot |
Capture DOM state for testing |
playwright-browser_take_screenshot |
Visual regression testing | |
playwright-browser_navigate |
Navigate to URLs for E2E testing | |
playwright-browser_click |
Interact with UI elements | |
playwright-browser_type |
Input text for testing | |
playwright-browser_evaluate |
Execute JavaScript in browser context |
Important: Repository-level agents (the ones in this directory) do not embed MCP server configuration in their frontmatter. MCP servers are configured once at the repository level in
.github/copilot-mcp.jsonand are available to every agent session. This keeps agent definitions focused on capability and prompt engineering.
Servers configured for Black Trigram sessions:
| MCP Server | Purpose | Operations |
|---|---|---|
| GitHub MCP (Insiders) | Repository and issue management | Issues, PRs, Actions, Copilot coding agent tools (assign_copilot_to_issue, create_pull_request_with_copilot with base_ref / custom_instructions / custom_agent), get_copilot_job_status |
| Filesystem MCP | File-system operations | Read, list, search within allowed directories |
| Memory MCP | Cross-session memory | Entity/observation graph for persistent facts |
| Sequential-thinking MCP | Structured reasoning | Step-by-step problem decomposition |
| Playwright MCP | Browser automation | Navigate, screenshot, DOM interaction, network capture |
Benefits of session-level MCP:
- ๐ฏ Uniform capability across all agents (no drift)
- ๐ Central secret management (PAT injected from environment)
- ๐ Live browser automation for UI / E2E
- ๐ Seamless Copilot coding-agent orchestration with Insiders experimental features
- ๐ Real-time GitHub metrics and history
All agents read Essential Context Files (copilot-setup-steps.yml, copilot-mcp.json, README.md) at session start and have access to File Operations and GitHub API. Task Agent additionally uses Browser Automation and AWS Operations.
All repository-level agents declare tools: ["*"] in frontmatter โ no per-agent tool restrictions. MCP capability is session-level (see .github/copilot-mcp.json).
| Agent | Access Level | Notes |
|---|---|---|
| ๐ฏ Task Agent | ["*"] |
Orchestrator โ leans on GitHub MCP Copilot coding-agent tools |
| ๐ ๏ธ Coding Agent | ["*"] |
General implementation |
| โ๏ธ Frontend Specialist | ["*"] |
React 19 + strict TS |
| ๐ฎ Game Developer | ["*"] |
Three.js / R3F / physics / audio |
| ๐งช Testing Agent | ["*"] |
Vitest + Cypress + security tests |
| ๐ฌ Test Engineer | ["*"] |
Strategy + CI gates + SAST/DAST/SCA |
| ๐ Documentation Writer | ["*"] |
TSDoc + C4 + ISMS docs |
| ๐ Code Review Agent | ["*"] |
By convention treats edits as suggestions |
| ๐ก๏ธ Security Specialist | ["*"] |
Supply chain + ISMS + vulnerability |
| ๐ฅ Korean Martial Arts Expert | ["*"] |
Authenticity + cultural accuracy |
- Performance testing
- Accessibility testing
Key Responsibilities:
- Test suite organization
- Coverage threshold enforcement
- GitHub Actions integration
- Visual regression testing
- Test metrics and reporting
- Mutation testing
๐ Documentation Writer
Specialization: Technical Docs + Security Policies
Use for:
- TSDoc/JSDoc code documentation
- User guides and tutorials
- Security policy documentation
- API reference documentation
- Korean cultural context
- Bilingual content creation
Key Responsibilities:
- Comprehensive code documentation
- User guide creation
- Security policy writing (SECURITY.md)
- API reference generation
- Korean martial arts explanations
- Bilingual technical writing
๐ Code Review Agent
Specialization: Code Quality & Standards
Use for:
- Reviewing pull requests
- Checking code quality
- Verifying Korean theming compliance
- Validating test coverage
- Ensuring accessibility
- Performance review
Key Responsibilities:
- Code quality assessment
- Korean theming compliance
- Testing coverage verification
- Performance review
- Security assessment
- Accessibility validation
๐ก๏ธ Security Specialist
Specialization: Supply Chain + Compliance
Use for:
- Supply chain security
- OSSF Scorecard compliance
- SBOM generation
- License compliance
- Vulnerability management
- Security automation
Key Responsibilities:
- Dependency security scanning
- OSSF Scorecard optimization
- Software Bill of Materials (SBOM)
- License compatibility checking
- Automated security workflows
- Security policy enforcement
Specialization: Korean Martial Arts Combat Systems & Vital Point Targeting
Use for:
- Extending the 70 vital point system
- Implementing Hapkido, Taekwondo, Taekyon techniques
- Anatomical targeting accuracy
- Combat realism and applications
- Eight Trigram stance integration
- Player archetype combat specializations
- Korean martial arts authenticity
- Bilingual technique documentation
Key Responsibilities:
- Vital point system extension and maintenance
- Korean martial arts technique design
- Anatomical accuracy in targeting
- Combat effectiveness calculations
- Trigram stance technique mapping
- Archetype combat specialization
- Cultural authenticity and respect
- Bilingual Korean-English documentation
Martial Arts Expertise:
- ํฉ๊ธฐ๋ (Hapkido) - Joint locks, pressure points, throws
- ํ๊ถ๋ (Taekwondo) - High kicks, speed techniques, power strikes
- ํ๊ฒฌ (Taekyon) - Fluid movements, sweeping kicks, rhythmic footwork
- ๊ธฐํ ํ๊ตญ ๋ฌด์ - Ssireum, Kumdo, traditional Korean military arts
Combat System Integration:
- 70 anatomical target points across head, torso, and limbs
- Eight Trigram stance system (ํ๊ด)
- Five player archetypes (๋ฌด์ฌ, ์์ด์, ํด์ปค, ์ ๋ณด์์, ์กฐ์งํญ๋ ฅ๋ฐฐ)
- Real combat applications with anatomical precision
- Realistic injury and incapacitation mechanics
When using GitHub Copilot in your IDE, you can reference these agents:
@workspace /explain this component following the patterns in .github/agents/coding-agent.md
@workspace Help me write tests for this component using patterns from .github/agents/testing-agent.md
These agents help Copilot provide better code review feedback when reviewing PRs.
gh copilot suggest "Create a new combat component following .github/agents/coding-agent.md"All agents should:
โ
Reference the main .github/copilot-instructions.md file
โ
Provide specific, actionable guidance
โ
Include code examples
โ
Follow the project's Korean theming requirements
โ
Emphasize testing and quality standards
โ
Be focused on their specific domain
โ
Include anti-patterns to avoid
โ
Provide checklists where applicable
These agent files are complementary to the main .github/copilot-instructions.md file:
- Main Instructions: Comprehensive coding guidelines for all developers and Copilot
- Agent Files: Specialized, task-focused instructions for specific activities
Always consult both:
- The agent file for specialized, task-specific guidance
- The main instructions for comprehensive patterns and standards
All agents respect Black Trigram's core philosophy:
ํ๊ด์ ๊ธธ์ ๊ฑธ์ด๋ผ - Walk the Path of the Black Trigram
- Traditional Korean martial arts wisdom
- Modern interactive technology
- Cyberpunk Korean aesthetic
- Bilingual support (Korean | English)
- Cultural authenticity and respect
When updating agent instructions:
- Ensure consistency with main
.github/copilot-instructions.md - Add relevant code examples
- Update checklists and anti-patterns
- Test with actual Copilot interactions
- Keep focus on the agent's specialization
- Maintain Korean cultural context
When adding new agents:
- Identify a clear, focused specialization
- Create comprehensive instructions
- Include practical examples
- Add to this README
- Link to related documentation
- Ensure Korean theming integration
Effective agents should:
โ Reduce development time โ Improve code quality โ Ensure consistent patterns โ Maintain Korean theming โ Increase test coverage โ Enhance documentation quality โ Improve security posture โ Optimize performance
The Task Agent is your entry point for comprehensive product quality management. Use it for quality analysis, issue creation, ISMS compliance checks, UI/UX audits, performance reviews, and agent coordination. See task-agent.md for full details.
- Review
.github/copilot-instructions.mdfor comprehensive guidelines - Check existing codebase for established patterns
- Consult game design docs:
game-design.md,COMBAT_ARCHITECTURE.md - See architectural docs:
ARCHITECTURE.md
Project: Black Trigram (ํ๊ด) Description: A realistic combat simulator inspired by Korean martial arts Tech Stack: React, TypeScript, Three.js, Vite, Vitest, Cypress
ํ๊ด์ ๊ธธ์ ๊ฑธ์ด๋ผ - Walk the Path of the Black Trigram