Add automatic code review instructions to copilot-instructions.md#15
Conversation
Co-authored-by: SureshKViswanathan <257696045+SureshKViswanathan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR adds instructions for Copilot agents to use automated code review and security scanning tools as part of their workflow. It introduces a new "Automatic Code Review" section and updates the existing "Code Review Checklist" to include verification steps for these automated tools.
Changes:
- Added new "Automatic Code Review" section with 6-step workflow for using
code_reviewandcodeql_checkertools - Extended "Code Review Checklist" with two new items (7 and 8) for automated code review and security scanning
| Before finalizing any task, **always run the `code_review` tool** to get automated feedback on your changes: | ||
|
|
||
| 1. Use the `code_review` tool before completing any task, even for documentation-only changes. | ||
| 2. Provide a clear PR title and description when calling the tool. | ||
| 3. Review all comments returned by the code review tool carefully. | ||
| 4. Address relevant feedback - use your judgment as the tool may occasionally make incorrect suggestions. | ||
| 5. If you make significant changes after a code review, run the `code_review` tool again. | ||
| 6. After addressing code review feedback, run the `codeql_checker` tool to scan for security vulnerabilities. |
There was a problem hiding this comment.
The instructions reference code_review and codeql_checker tools that do not appear to be standard GitHub Copilot tools available to coding agents. Before adding these instructions, verify that these tools actually exist and are accessible in the context where Copilot agents will be executing. If these are custom tools, they need to be implemented first. If they are meant to represent GitHub Actions workflows or other external tools, the instructions should be clarified to explain how agents should interact with them.
| @@ -88,3 +99,5 @@ Before submitting or approving a PR, verify: | |||
| 4. MILESTONES.md is updated if milestone progress changed. | |||
| 5. All public APIs have documentation comments. | |||
| 6. Code follows Swift 6.2+ best practices and concurrency model. | |||
| 7. Automatic code review has been run and feedback addressed. | |||
| 8. Security scan (`codeql_checker`) has been run with no unaddressed vulnerabilities. | |||
There was a problem hiding this comment.
According to the project's own "Documentation Requirements" section (lines 36-38), README.md and MILESTONES.md should be updated when changes are made. While this PR only modifies documentation, it introduces a significant new workflow requirement (automated code review and security scanning) that may warrant updating these files to reflect this new practice. Consider whether README.md should mention this workflow and whether MILESTONES.md needs any updates.
|
|
||
| Before finalizing any task, **always run the `code_review` tool** to get automated feedback on your changes: | ||
|
|
||
| 1. Use the `code_review` tool before completing any task, even for documentation-only changes. |
There was a problem hiding this comment.
The instruction "even for documentation-only changes" on line 85 may create unnecessary overhead. Code review tools are typically designed to analyze code logic, not documentation prose. Consider clarifying whether this applies to all documentation changes or only to documentation that describes APIs, configurations, or other technical specifications where automated review could add value.
| 1. Use the `code_review` tool before completing any task, even for documentation-only changes. | |
| 1. Use the `code_review` tool before completing any task that includes code changes or documentation that describes APIs, configurations, or other technical specifications (it is optional for purely editorial documentation changes). |
Adds guidance for Copilot agents to use automated code review and security scanning tools before finalizing tasks.
Changes
code_reviewtool: when to run it, how to handle feedback, and when to re-run after significant changescodeql_checkeras a follow-up step after code review💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.