Files
Ayan Gupta 65ba0b3922 Add Java Modernization Studio canvas extension (#2156)
* Add Java Modernization Studio canvas extension

A canvas extension that drives the GitHub Copilot App Modernization for Java workflow from an interactive dashboard: environment readiness checks, repo assessment, prioritized plan/progress, validation gates (CVE scan, test generation), and one-click predefined-task runs — all grounded in the repo's real artifacts (.appmod/assessment.json, plan.md, progress.md). Includes a node:test suite (109 tests) for the grounding logic.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>

* Secure cockpit loopback server with a per-instance token

Address Copilot review feedback on the Java Modernization Studio canvas:

- Mint a per-instance secret in createInstanceServer, embed it in the
  iframe URL, and validate it on every loopback request (/, /state,
  /events, /action). Other local processes can no longer read repo
  state or dispatch agent actions just by guessing the random port.
  Mirrors the existing diagram-viewer token pattern; the client echoes
  the token from its boot payload. The guard is a no-op when no token is
  set, so direct makeHandler unit tests are unaffected.
- Handle async request-handler rejections in createServer with a .catch
  that returns 500 and logs, instead of leaking an unhandled rejection
  that could destabilize the extension process.
- Tests: token guard 403s unauthenticated /, /state, /events and
  /action and allows valid-token requests; the end-to-end test asserts
  the tokenized URL and a tokenless 403.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix CI: add preview screenshot and clear codespell hits

Add the required assets/preview.png screenshot for the canvas-extension
validator, and resolve two codespell findings in the cockpit:
rename the planSim helper's `nd` variable to `notDone` and reword a
catalog comment to avoid the `invokable`/`invocable` flag.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Harden cockpit loopback server per Copilot review

Address the second-round Copilot review comments on the loopback server:

- broadcast(): drop an SSE client whose write() throws instead of keeping
  it in the Set, so a uncleanly-disconnected client can't cause repeated
  exceptions or leak dead entries on every subsequent broadcast.
- POST /action: treat a malformed JSON body or a missing/invalid "kind"
  as a 400 client error (with an application/json body) instead of a 200
  carrying { ok:false, error:"Unknown action: undefined" }.
- Handler catch: set Content-Type: application/json on the 500 error
  response so it is consistent with the other JSON routes.

Adds four tests covering dead-client eviction, the two 400 paths, and the
JSON-typed 500. Full suite: 115 passing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>

* Add canvas.json gallery metadata for Java Modernization Studio

Aaron requested a canvas.json so the awesome-copilot website/gallery can
list this extension. Generated via `npm run website:data`
(writePerExtensionCanvasManifests), which derives id/name/description/
version/keywords/screenshots from package.json + the createCanvas source +
assets, and carries the author through. Output committed verbatim so a CI
regeneration produces no diff.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>

* Add author tag to package.json

Declare the author in the package manifest (object form, matching the
author already carried in canvas.json so it includes the profile URL).
The published gallery sources author from canvas.json; this adds the
conventional npm author tag to package.json for completeness. Verified
`npm run website:data` still emits the author on the extensions record
and leaves canvas.json byte-identical.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>

---------

Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-01 11:10:53 +10:00

5.2 KiB

Java Modernization Studio

An interactive GitHub Copilot canvas that turns the GitHub Copilot App Modernization for Java CLI workflow into a visible, steerable dashboard — assess a legacy Java app, drive a prioritized remediation plan, run validation gates, and dispatch Microsoft predefined tasks, all grounded in the repo's real artifacts.

The Copilot App Modernization for Java tooling stays the engine. This canvas is the cockpit on top of it: it reads what the workflow produces and turns each step into an agent-driving button.

What it does

  • Overview — at-a-glance modernization status (phase, % complete, finding counts) scanned from the repo.
  • Readiness (Environment Doctor) — checks JDK, Maven (or ./mvnw), Git, Docker, and Azure CLI on PATH and flags what's missing before you start.
  • Assessment — renders structured findings from .appmod/assessment.json (stack summary, severity-ordered findings, strengths), each with a one-click action.
  • Plan & Progress — renders plan.md / progress.md as live checklists (- [ ] / - [x]).
  • Validation — runs the workflow's quality gates (CVE validation, test generation) before and after changes.
  • Tasks — dispatches Microsoft predefined modernization tasks (managed identity for DB, secrets → Key Vault, message-broker → Service Bus, S3 → Blob, cache → Redis, Entra ID auth, and more) relevant to the detected stack.
  • Summary — surfaces summary.md when the run is complete.
  • Autopilot — an optional phase-ordered, hands-free loop that advances assessment → remediation → validation and updates the dashboard as the agent makes progress.

Buttons don't execute logic in the canvas — they dispatch a grounded prompt to your Copilot agent (action kinds: run_task, generate_plan, run_cve, generate_tests, fix_finding). The agent does the work; the canvas reflects the result.

Prerequisites

  • GitHub Copilot app (the canvas host).
  • GitHub Copilot App Modernization for Java tooling — the underlying workflow this canvas drives.
  • JDK 17+ and Maven (or a ./mvnw wrapper) for the Java project you're modernizing.
  • Optional: Azure CLI (az) for cloud-readiness and Azure migration tasks; Docker for container checks.

Install

This is an in-repo canvas extension. Copy the java-modernization-studio/ folder into one of:

  • ~/.copilot/extensions/user scope (just you), or
  • .github/extensions/project scope (shared with your repo's team).

Then reload extensions (or restart the app) so Copilot discovers it. No build step is required — the Copilot CLI resolves @github/copilot-sdk automatically.

Usage

Point the canvas at a Java repository and let the agent drive it:

Open the Java Modernization Studio canvas for /path/to/my-java-app and run a readiness check.

The canvas resolves the target repo from its repoPath input, falling back to the session's working directory. From there:

  1. Readiness first — resolve any missing JDK/Maven/Azure CLI the Doctor flags.
  2. Assess — generate .appmod/assessment.json + a prioritized plan.md / progress.md.
  3. Remediate — work findings in severity order (P0 first), using task buttons and "Help me fix this".
  4. Validate — run the CVE and test-generation gates.
  5. Ship — when the work is genuinely complete, write summary.md.

Suggested agent instructions

When a user modernizes a Java project with the Java Modernization Studio canvas:
1) Open the canvas pointed at the repo (repoPath) and run the Environment Doctor first.
2) Run an assessment; write findings to .appmod/assessment.json and a prioritized plan.md / progress.md.
   Start plan.md, progress.md, and summary.md with the exact first line <!-- appmod-cockpit --> so the
   canvas recognizes them as modernization artifacts.
3) Work findings in severity order (P0 first); run the validation gates (CVE scan, test generation)
   before and after code changes.
4) Keep plan.md / progress.md updated as - [ ] / - [x] checklists. Only write summary.md when the
   work is truly complete.

How it stays grounded

The canvas renders real repo state, never invented status:

  • Structured findings come from .appmod/assessment.json.
  • Plan/progress/summary come from root plan.md / progress.md / summary.md.
  • To avoid mistaking an unrelated repo's plan.md for modernization output, root markdown is trusted only when .appmod/ exists or the file's first line is the provenance marker <!-- appmod-cockpit -->.
  • Stack detection (build tool, Java version, framework, container) is parsed from pom.xml / Gradle / Dockerfile and drives which tasks are shown.

Agent-callable actions

Action Description
get_state Return the current modernization snapshot scanned from the repo (assessment, plan/progress, gates, tasks).
refresh Re-scan the repo and push a fresh snapshot to the open canvas.

Development

The grounding/parsing logic is pure and unit-tested independently of the canvas runtime:

node --test test/cockpit.test.mjs

License

MIT