* Add Java Modernization Studio canvas extension A canvas extension that drives the GitHub Copilot App Modernization for Java workflow from an interactive dashboard: environment readiness checks, repo assessment, prioritized plan/progress, validation gates (CVE scan, test generation), and one-click predefined-task runs — all grounded in the repo's real artifacts (.appmod/assessment.json, plan.md, progress.md). Includes a node:test suite (109 tests) for the grounding logic. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com> * Secure cockpit loopback server with a per-instance token Address Copilot review feedback on the Java Modernization Studio canvas: - Mint a per-instance secret in createInstanceServer, embed it in the iframe URL, and validate it on every loopback request (/, /state, /events, /action). Other local processes can no longer read repo state or dispatch agent actions just by guessing the random port. Mirrors the existing diagram-viewer token pattern; the client echoes the token from its boot payload. The guard is a no-op when no token is set, so direct makeHandler unit tests are unaffected. - Handle async request-handler rejections in createServer with a .catch that returns 500 and logs, instead of leaking an unhandled rejection that could destabilize the extension process. - Tests: token guard 403s unauthenticated /, /state, /events and /action and allows valid-token requests; the end-to-end test asserts the tokenized URL and a tokenless 403. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix CI: add preview screenshot and clear codespell hits Add the required assets/preview.png screenshot for the canvas-extension validator, and resolve two codespell findings in the cockpit: rename the planSim helper's `nd` variable to `notDone` and reword a catalog comment to avoid the `invokable`/`invocable` flag. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Harden cockpit loopback server per Copilot review Address the second-round Copilot review comments on the loopback server: - broadcast(): drop an SSE client whose write() throws instead of keeping it in the Set, so a uncleanly-disconnected client can't cause repeated exceptions or leak dead entries on every subsequent broadcast. - POST /action: treat a malformed JSON body or a missing/invalid "kind" as a 400 client error (with an application/json body) instead of a 200 carrying { ok:false, error:"Unknown action: undefined" }. - Handler catch: set Content-Type: application/json on the 500 error response so it is consistent with the other JSON routes. Adds four tests covering dead-client eviction, the two 400 paths, and the JSON-typed 500. Full suite: 115 passing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com> * Add canvas.json gallery metadata for Java Modernization Studio Aaron requested a canvas.json so the awesome-copilot website/gallery can list this extension. Generated via `npm run website:data` (writePerExtensionCanvasManifests), which derives id/name/description/ version/keywords/screenshots from package.json + the createCanvas source + assets, and carries the author through. Output committed verbatim so a CI regeneration produces no diff. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com> * Add author tag to package.json Declare the author in the package manifest (object form, matching the author already carried in canvas.json so it includes the profile URL). The published gallery sources author from canvas.json; this adds the conventional npm author tag to package.json for completeness. Verified `npm run website:data` still emits the author on the extensions record and leaves canvas.json byte-identical. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com> --------- Signed-off-by: Ayan Gupta <74832088+ayangupt@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Java Modernization Studio
An interactive GitHub Copilot canvas that turns the GitHub Copilot App Modernization for Java CLI workflow into a visible, steerable dashboard — assess a legacy Java app, drive a prioritized remediation plan, run validation gates, and dispatch Microsoft predefined tasks, all grounded in the repo's real artifacts.
The Copilot App Modernization for Java tooling stays the engine. This canvas is the cockpit on top of it: it reads what the workflow produces and turns each step into an agent-driving button.
What it does
- Overview — at-a-glance modernization status (phase, % complete, finding counts) scanned from the repo.
- Readiness (Environment Doctor) — checks JDK, Maven (or
./mvnw), Git, Docker, and Azure CLI on PATH and flags what's missing before you start. - Assessment — renders structured findings from
.appmod/assessment.json(stack summary, severity-ordered findings, strengths), each with a one-click action. - Plan & Progress — renders
plan.md/progress.mdas live checklists (- [ ]/- [x]). - Validation — runs the workflow's quality gates (CVE validation, test generation) before and after changes.
- Tasks — dispatches Microsoft predefined modernization tasks (managed identity for DB, secrets → Key Vault, message-broker → Service Bus, S3 → Blob, cache → Redis, Entra ID auth, and more) relevant to the detected stack.
- Summary — surfaces
summary.mdwhen the run is complete. - Autopilot — an optional phase-ordered, hands-free loop that advances assessment → remediation → validation and updates the dashboard as the agent makes progress.
Buttons don't execute logic in the canvas — they dispatch a grounded prompt to your Copilot agent (action kinds: run_task, generate_plan, run_cve, generate_tests, fix_finding). The agent does the work; the canvas reflects the result.
Prerequisites
- GitHub Copilot app (the canvas host).
- GitHub Copilot App Modernization for Java tooling — the underlying workflow this canvas drives.
- JDK 17+ and Maven (or a
./mvnwwrapper) for the Java project you're modernizing. - Optional: Azure CLI (
az) for cloud-readiness and Azure migration tasks; Docker for container checks.
Install
This is an in-repo canvas extension. Copy the java-modernization-studio/ folder into one of:
~/.copilot/extensions/— user scope (just you), or.github/extensions/— project scope (shared with your repo's team).
Then reload extensions (or restart the app) so Copilot discovers it. No build step is required — the Copilot CLI resolves @github/copilot-sdk automatically.
Usage
Point the canvas at a Java repository and let the agent drive it:
Open the Java Modernization Studio canvas for /path/to/my-java-app and run a readiness check.
The canvas resolves the target repo from its repoPath input, falling back to the session's working directory. From there:
- Readiness first — resolve any missing JDK/Maven/Azure CLI the Doctor flags.
- Assess — generate
.appmod/assessment.json+ a prioritizedplan.md/progress.md. - Remediate — work findings in severity order (P0 first), using task buttons and "Help me fix this".
- Validate — run the CVE and test-generation gates.
- Ship — when the work is genuinely complete, write
summary.md.
Suggested agent instructions
When a user modernizes a Java project with the Java Modernization Studio canvas:
1) Open the canvas pointed at the repo (repoPath) and run the Environment Doctor first.
2) Run an assessment; write findings to .appmod/assessment.json and a prioritized plan.md / progress.md.
Start plan.md, progress.md, and summary.md with the exact first line <!-- appmod-cockpit --> so the
canvas recognizes them as modernization artifacts.
3) Work findings in severity order (P0 first); run the validation gates (CVE scan, test generation)
before and after code changes.
4) Keep plan.md / progress.md updated as - [ ] / - [x] checklists. Only write summary.md when the
work is truly complete.
How it stays grounded
The canvas renders real repo state, never invented status:
- Structured findings come from
.appmod/assessment.json. - Plan/progress/summary come from root
plan.md/progress.md/summary.md. - To avoid mistaking an unrelated repo's
plan.mdfor modernization output, root markdown is trusted only when.appmod/exists or the file's first line is the provenance marker<!-- appmod-cockpit -->. - Stack detection (build tool, Java version, framework, container) is parsed from
pom.xml/ Gradle / Dockerfile and drives which tasks are shown.
Agent-callable actions
| Action | Description |
|---|---|
get_state |
Return the current modernization snapshot scanned from the repo (assessment, plan/progress, gates, tasks). |
refresh |
Re-scan the repo and push a fresh snapshot to the open canvas. |
Development
The grounding/parsing logic is pure and unit-tested independently of the canvas runtime:
node --test test/cockpit.test.mjs
License
MIT