Instruction Files & Agents
The guardrail system: what each file covers, when it activates, and how agents review your code.
How Auto-Loading Works
Each instruction file has an applyTo glob pattern in its YAML frontmatter. When you edit a file matching that pattern, the instruction auto-loads into the AI's context. No manual action needed — it's the difference between drowning the AI in every rule you have and having the right guidance whisper only when it's relevant. (For full details on writing your own applyTo patterns, see Chapter 8.)
---
description: Security best practices — input validation, auth, secrets
applyTo: "**/auth/**,**/security/**,**/middleware/**"
---
# Security Rules
- Parameterized queries only — never string interpolation in SQL
- Input validation at system boundaries
- No secrets in code — use environment variables or secret managers
...Universal Files (All Presets)
These four files ship with every preset — they form the universal baseline:
| File | applyTo | Purpose |
|---|---|---|
architecture-principles | ** | 5 questions before coding, 4-layer architecture, separation of concerns |
git-workflow | ** | Conventional commits, push reminders, version-aware messaging |
ai-plan-hardening-runbook | docs/plans/** | Quick-reference when editing plan files |
status-reporting | docs/plans/**, .forge/** | Standard output templates for orchestration updates |
Domain Instruction Files (Per Preset)
Each preset installs 17 domain-specific instruction files. They auto-load based on what you're editing:
| File | Domain | Loads When Editing |
|---|---|---|
api-patterns | REST conventions, pagination, error responses | Controllers, routes, endpoints |
auth | JWT/OIDC, RBAC, multi-tenant isolation | Auth modules, middleware |
caching | Redis, in-memory cache, TTL strategies | Cache services, config |
database | ORM/query patterns, migrations, connections | Repositories, SQL, models |
dapr | Dapr sidecar patterns, pub/sub, state management | Dapr config, service invocation |
deploy | Dockerfiles, health checks, container optimization | Dockerfiles, compose, k8s |
errorhandling | Exception hierarchy, ProblemDetails, error boundaries | Error handlers, middleware |
graphql | Schema design, resolvers, query patterns, Hot Chocolate / Apollo | GraphQL types, resolvers |
messaging | Pub/sub, job queues, event-driven patterns | Event handlers, message consumers |
multi-environment | Dev/staging/prod config, environment detection | Config files, env setup |
naming | Naming conventions, file organization, namespace rules | All code files |
observability | OpenTelemetry, structured logging, metrics | Logging, tracing, health |
performance | Hot/cold path analysis, allocation reduction | Performance-critical code |
security | Input validation, secret management, CORS | Auth, security, middleware |
testing | Unit tests, integration tests, test containers | Test files |
version | Semantic versioning, commit-driven bumps | Version files, changelogs |
project-principles | Activates when PROJECT-PRINCIPLES.md exists | Plan files, reviews |
frontend.instructions.md for React/Vue patterns. The azure-iac preset replaces several app-specific files with Bicep/Terraform equivalents.
As of v2.18, every instruction file includes Temper Guards (shortcut prevention tables) and Warning Signs (observable anti-patterns). These help agents avoid common quality erosion and help reviewers detect violations.
Agents
19 agents organized in three categories. Agents are read-only — they audit code but can't edit files.
Stack-Specific Agents (6)
Vary by preset — examples for dotnet:
| Agent | Reviews |
|---|---|
| architecture-reviewer | Layer separation, dependency direction, SOLID |
| database-reviewer | Query patterns, migrations, connection management |
| deploy-reviewer | Dockerfile, health checks, container optimization |
| performance-reviewer | Hot paths, allocations, async patterns |
| security-reviewer | Input validation, auth, secrets, OWASP |
| test-runner | Test coverage, test patterns, mocking strategy |
Cross-Stack Agents (8)
Shared across all presets — same expertise regardless of language:
| Agent | Reviews |
|---|---|
| api-contract-reviewer | API versioning, backward compatibility, OpenAPI |
| accessibility-reviewer | WCAG 2.2, semantic HTML, ARIA, keyboard nav |
| multi-tenancy-reviewer | Tenant isolation, data leakage, RLS, cache separation |
| cicd-reviewer | Pipeline safety, secrets, rollback strategies |
| observability-reviewer | Structured logging, distributed tracing, metrics |
| dependency-reviewer | CVEs, outdated packages, license conflicts |
| compliance-reviewer | GDPR, CCPA, SOC2, PII handling, audit logs |
| error-handling-reviewer | Exception hierarchy, error boundaries, ProblemDetails |
Pipeline Agents (6)
Drive the 7-step pipeline with handoff buttons between stages:
| Agent | Pipeline Step | What It Does |
|---|---|---|
| specifier | Step 0 | Interviews you, produces specification |
| preflight | Step 1 | Verifies prerequisites, checks environment readiness |
| plan-hardener | Step 2 | Converts spec into hardened execution contract |
| executor | Step 3 | Executes slices, validates gates |
| reviewer-gate | Step 5 | Independent audit for drift and compliance |
| shipper | Step 6 | Commits, updates roadmap, captures lessons |
Skills
12 slash commands per app preset. Skills do work — they can read, write, and run terminal commands:
| Skill | Invocation | What It Does |
|---|---|---|
| database-migration | /database-migration | Generate, review, test, deploy schema migrations |
| staging-deploy | /staging-deploy | Build, push, migrate, deploy, verify on staging |
| test-sweep | /test-sweep | Run all test suites and aggregate results |
| dependency-audit | /dependency-audit | Scan for vulnerabilities, outdated packages, licenses |
| security-audit | /security-audit | OWASP scan, secrets detection, severity report |
| code-review | /code-review | Architecture, security, testing, patterns review |
| release-notes | /release-notes | Generate from git history and CHANGELOG |
| api-doc-gen | /api-doc-gen | Generate/update OpenAPI spec, validate consistency |
| onboarding | /onboarding | Walk new dev through setup, architecture, first task |
| health-check | /health-check | Forge diagnostic: smith → validate → sweep |
| forge-execute | /forge-execute | Guided plan execution: list → estimate → execute → report |
| forge-troubleshoot | /forge-troubleshoot | Diagnose common Plan Forge issues |
Lifecycle Hooks
Hooks run automatically during agent sessions — no manual activation:
| Hook | When | What It Enforces |
|---|---|---|
| SessionStart | Session begins | Injects Project Principles, current phase, forbidden patterns |
| PreToolUse | Before file edit | Blocks edits to paths listed in plan's Forbidden Actions |
| PostToolUse | After file edit | Auto-formats, warns on TODO/FIXME/stub markers |
| Stop | Session ends | Warns if code modified but no test run detected |
📄 Full reference: capabilities.md, COPILOT-VSCODE-GUIDE.md