🤖 Model Context Protocol Setup
🎯 Enhancing GitHub Copilot with specialized context
📋 Document Owner: CEO | 📄 Version: 1.0 | 📅 Last Updated: 2025-11-10 (UTC)
🔄 Review Cycle: Quarterly | ⏰ Next Review: 2026-02-10
This document explains how Model Context Protocol (MCP) servers enhance GitHub Copilot's capabilities for this game development project.
Model Context Protocol (MCP) servers provide specialized tools and context to AI assistants like GitHub Copilot. They enable Copilot to:
- Access file systems and repositories
- Search documentation and best practices
- Interact with external services
- Maintain conversation context
- Execute specialized tools
Package: @modelcontextprotocol/server-filesystem
Provides secure filesystem access for reading and editing project files.
Capabilities:
- Read and write files in allowed directories
- List directory contents
- Create and delete files
- Search for files
Configuration:
{
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/workspaces/game"]
}Allowed Directories:
src/- Source codepublic/- Static assetscypress/- E2E testsdocs/- Documentation.github/- GitHub configuration
Package: @modelcontextprotocol/server-github
Provides access to GitHub repository data, issues, PRs, and workflows.
Capabilities:
- Read issues and pull requests
- Access repository metadata
- View workflow runs
- Search code and discussions
Configuration:
{
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_TOKEN": "${GITHUB_TOKEN}",
"GITHUB_OWNER": "Hack23",
"GITHUB_REPO": "game"
}
}Requirements:
GITHUB_TOKENenvironment variable with repo access
Package: @modelcontextprotocol/server-git
Provides Git operations and repository history context.
Capabilities:
- View commit history
- Read branch information
- Access file changes
- Understand code evolution
Configuration:
{
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-git", "--repository", "/workspaces/game"]
}Package: @modelcontextprotocol/server-memory
Maintains conversation history and context between agent sessions.
Capabilities:
- Store conversation context
- Recall previous interactions
- Maintain user preferences
- Track session history
Configuration:
{
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-memory"]
}Package: @modelcontextprotocol/server-brave-search
Enables searching documentation for React, TypeScript, Three.js, and Vite.
Capabilities:
- Search web documentation
- Find best practices
- Locate API references
- Discover code examples
Configuration:
{
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-brave-search"],
"env": {
"BRAVE_API_KEY": "${BRAVE_API_KEY}"
},
"disabled": true
}Requirements:
- Brave Search API key from https://brave.com/search/api/
- Set
BRAVE_API_KEYenvironment variable to enable
Recommended Search Domains:
- react.dev - React documentation
- threejs.org - Three.js website
- threejs.org/docs - Three.js API docs
- vitejs.dev - Vite documentation
- vitest.dev - Vitest documentation
- typescriptlang.org - TypeScript docs
- docs.cypress.io - Cypress documentation
- testing-library.com - Testing Library
- developer.mozilla.org - MDN Web Docs
Package: @modelcontextprotocol/server-playwright
Browser automation for testing and debugging web applications.
Capabilities:
- Automate browser interactions
- Take screenshots
- Test UI components
- Debug rendering issues
Configuration:
{
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-playwright"]
}- Open the repository in Codespaces
- MCP servers are automatically configured
- Use Copilot Chat to interact with them
- Example: "Use the filesystem server to find all React components"
- Install GitHub Copilot extension
- MCP servers load automatically with Copilot context
- Use Copilot Chat with enhanced context
- Example: "Search documentation for Three.js mesh anchors"
- Install GitHub CLI:
gh extension install github/gh-copilot - Configure MCP servers in your environment
- Use:
gh copilot suggest "create a new game component"
Provides coding guidelines and project context to Copilot:
- TypeScript strict mode usage
- React and Three.js patterns
- Testing requirements
- Security practices
- Component generation with proper TypeScript types
- Hook usage patterns
- State management best practices
- Performance optimization tips
- Strict null checking support
- Interface and type generation
- Generic type usage
- Utility type suggestions
- Sprite and container patterns
- Game loop implementation
- Event handling
- Performance optimization
- Vitest test generation
- Cypress E2E test creation
- Mock and stub patterns
- Coverage improvement suggestions
- Filesystem server restricted to project directories
- Read-only access to
node_modulesanddist - GitHub token uses minimal required permissions
- No secrets stored in configuration files
All sensitive data uses environment variables:
GITHUB_TOKEN- GitHub API accessBRAVE_API_KEY- Search API access (optional)
- Never commit API keys or tokens
- Use GitHub Secrets for CI/CD
- Regularly update MCP server packages
- Review server logs for unusual activity
- Verify environment variables are set (especially
GITHUB_TOKEN) - Ensure npm can access the package
- Restart VS Code or Codespace
- Check Copilot output panel for errors
- Disable unused MCP servers in Copilot settings
- Limit filesystem server to specific directories
- Use caching where available
- Monitor resource usage
- Check network connectivity
- Verify API keys are valid
- Check firewall settings
- Review server logs
Test MCP servers locally:
# Install an MCP server
npx @modelcontextprotocol/server-filesystem /path/to/project
# Test GitHub server
npx @modelcontextprotocol/server-github
# Test Git server
npx @modelcontextprotocol/server-git --repository .Note: MCP servers are automatically configured in GitHub Codespaces and VS Code with Copilot.
When configuring MCP servers that require API keys (e.g., Brave Search):
- Never commit API keys to the repository
- Store keys in environment variables per Access Control Policy
- Use GitHub Codespaces secrets for secure storage
- Rotate keys regularly following security best practices
- Reference Information Security Policy for credential management
This project follows Hack23 AB's ISMS:
- MCP servers operate in a hardened development environment
- All configurations follow Secure Development Policy
- For security questions, consult the 🔒 security-specialist agent
To add new MCP servers:
- Research available MCP servers for your use case
- Document the server capabilities in this guide
- Update Copilot configuration as needed
- Test the server integration
- Submit a pull request
Note: MCP servers are configured through Copilot's environment rather than separate config files.
- 🏗️ MCP Architecture - Architecture diagrams and design
- 🚀 Copilot Quick Start - Getting started guide
- 🤖 Copilot Instructions - Coding guidelines
- 📊 ISMS Policy Mapping - Feature-to-policy alignment
- 🔐 Information Security Policy - Overall security governance
- 🛠️ Secure Development Policy - SDLC and CI/CD requirements
- 🔑 Access Control Policy - Authentication and authorization controls
- 🏷️ Classification Framework - CIA triad and impact levels
- MCP Specification - Official MCP protocol documentation
- GitHub Copilot Documentation - Official Copilot documentation
- MCP Servers Repository - Official MCP server implementations
📋 Document Control:
✅ Approved by: James Pether Sörling, CEO
📤 Distribution: Public
🏷️ Classification:
📅 Effective Date: 2025-11-10
⏰ Next Review: 2026-02-10
🎯 Framework Compliance: 
