Add Copilot instructions for blockchain security codebase

[Copilot]

Establishes development context and patterns for AI-assisted coding in the Kairos blockchain security and audit system.

Changes

• .github/copilot-instructions.md: Comprehensive guidance covering:
  • CosmosSDK modular architecture (Blockchain, Audit, Alerts, Security modules)
  • Security-first development patterns for blockchain audit bot
  • Extension patterns for threat levels and audit types
  • Access control and response method conventions

Key Patterns Documented

Adding new threat response:

# In cosmosSDK/security.py
class Security:
    NewThreatLevel = "new_threat_level"

# In kairos.py
self.autoResponse = {
    Security.Critical: self.lockdown,
    Security.NewThreatLevel: self.new_response
}

Threat response signature:

def new_response(self):
    """Description of the response action"""
    print("🚨 ACTION: Description")
    print("   - Step 1")
    return "status_string"

Enables Copilot to maintain consistency with existing patterns for permissions, audit types, and automated security responses.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• gh.io
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[Copilot]

Pull request overview

Adds a repository-level Copilot instruction guide intended to capture Kairos’ architecture, security-first patterns, and contribution/testing conventions so AI-assisted changes follow existing patterns.

Changes:

• Introduces .github/copilot-instructions.md describing the project structure, security guidelines, and extension patterns.
• Documents conventions for adding audit types, threat levels, and auto-response handlers.
• Captures testing workflow expectations (unittest, test_*.py, how to run tests).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The "Method names: snake_case" guidance conflicts with the current codebase: Kairos defines autoPatch/scheduledPatch (camelCase) rather than auto_patch/scheduled_patch (see kairos.py:44-58). To avoid Copilot generating inconsistent APIs, either update these instructions to match the existing method naming, or rename the existing methods/tests to snake_case and document that convention here.

Suggested change

	- Method names: snake_case (e.g., `lockdown`, `auto_patch`)
	- Method names: camelCase, matching existing Kairos methods (e.g., `autoPatch`, `scheduledPatch`)

[Copilot]

The response-method example uses def new_response(self): (snake_case), but autoResponse currently maps to lockdown, autoPatch, and scheduledPatch (mixed naming). Consider updating this example to use the same naming style as the existing response methods, otherwise new responses will look inconsistent and may not match how contributors extend the Kairos class today.