Copilot & Agent configuration

[tmikula-dev]

Overview

Adds detailed agent role definitions for DevOps Engineer, Reviewer, SDET, Senior Developer, and Specification Master in the .github/agents/ directory. Introduces copilot-instructions.md file to have copilot instruction setted for the project.

Release Notes

• Copilot configuration
• Agents project specific configuration

Related

Closes #107

Summary by CodeRabbit

• Documentation
  • Added internal development guidelines and agent role specifications for the project team, including DevOps, code review, testing, development, and architecture documentation.
  • Added comprehensive coding guidelines and architecture overview documentation.

---

Note: These updates are internal process documentation with no changes to end-user functionality.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

AquaSec has completed a full security repository scan ✅ You can find the analysis results for this PR branch on this overview.
Below is the summary of the findings:

AQUASEC	CRITICAL	HIGH	MEDIUM	LOW	TOTAL
sast	0	4	2	0	6
vulnerabilities	0	0	0	0	0
iacMisconfigurations	1	2	2	10	15
secrets	0	0	0	0	0
pipelineMisconfigurations	0	0	0	16	16
license	0	0	0	0	0
➡️ Total	1	6	4	26	37

[coderabbitai]

Walkthrough

Six new documentation files are added to configure project-level AI copilot instructions and define role-based agent specifications. The files include copilot guidelines, quality gates, architecture overview, and specific agent contracts for DevOps Engineer, Reviewer, SDET, Senior Developer, and Specification Master roles.

Changes

Cohort / File(s)	Summary
Agent Specifications .github/agents/devops-engineer.agent.md, .github/agents/reviewer.agent.md, .github/agents/sdet.agent.md, .github/agents/senior-developer.agent.md, .github/agents/specification-master.agent.md	Introduces five agent role documentation files, each defining mission, inputs, outputs, responsibilities, collaboration guidelines, and Definition of Done. Covers CI/CD responsibilities, quality gates (Black, Pylint, mypy, pytest), test coverage requirements (≥80%), API contract validation, and EventGate-specific patterns.
Copilot Instructions .github/copilot-instructions.md	Adds project-level copilot configuration with coding guidelines, architecture overview, file structure, testing approach, quality gates, and run instructions. Documents Lambda entry point, handler/writer patterns, route dispatch mechanism, and error response handling.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 With whiskers twitching, I celebrate today,
Documentation guides the AI copilot's way,
Agent specs and instructions, all crystal clear,
No bugs to find, just wisdom here! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title clearly summarizes the main changes: adding Copilot configuration and agent role definitions.
Description check	✅ Passed	Description follows the template structure with Overview, Release Notes, and Related sections; all required sections are present and adequately filled.
Linked Issues check	✅ Passed	PR fulfills all acceptance criteria from issue #107: copilot-instructions.md added to .github, and AI agent configurations created.
Out of Scope Changes check	✅ Passed	All changes align with issue #107 objectives; no unrelated modifications detected beyond Copilot configuration and agent role definitions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@ci_local.sh`:
- Around line 9-16: The shell invocation currently expands unquoted $(git
ls-files '*.py') which breaks on filenames with whitespace; change the two calls
that pass $(git ls-files '*.py') to Black and Pylint to use NUL-delimited file
lists instead (e.g. use git ls-files -z '*.py' | xargs -0 black --check or git
ls-files -z '*.py' | xargs -0 pylint --fail-under=9.5) or capture into a
NUL-aware array (mapfile -d '' FILES < <(git ls-files -z '*.py') && black
--check "${FILES[@]}"); update the occurrences referencing black and pylint so
filenames are handled safely.

🧹 Nitpick comments (1)

.github/agents/reviewer.agent.md (1)

21-21: Consider the maintenance implications of hardcoded implementation details.

The reference to ROUTE_HANDLERS in event_gate_lambda.py provides clear guidance but will require updates if the implementation pattern changes. Consider adding a note that this specification should be reviewed when architectural changes occur.

[miroslavpojer]

I am missing the copilot rules file for reviewer. He is very helpfull.
I have checked usage of rulesets.

• I see there is some unsupported setup.
• When signed commit will be enabled then copilot refuse to work.
• It can be fixed by bypassing the copilot for PR only.

Could you introduce rulesets, add bypass and update the related handbook pages with this technical tip?

[oto-macenauer-absa]

maybe

- Terraform scripts are not part of this repository

[tmikula-dev]

I reworked my proposed solution of copilot-instructions.md based on my current experience with agent development. I added your suggestion, please see the new version in 674cd11

[oto-macenauer-absa]

I'd add

- Preserve existing formatting and conventions.

[tmikula-dev]

Added also in commit: 674cd11

[oto-macenauer-absa]

Would be nice to add also a lint prompt to use this script.

Something like .github/prompts/lint.prompt.md with this content:

---
mode: agent
description: Lint code in the project using Pylint, Black, and mypy tools
---

Your task is to lint the code in the project using Pylint, Black, and mypy tools. Follow the instructions below to perform the linting process.

## Instructions

- run ci_local.sh - The command is going to take a while to finish, make sure you give it enough time to complete before looking for results.
- Analyze the output from each tool and identify any issues or areas for improvement in the code.
- Provide a summary of the linting results, including any errors or warnings found by each tool

[tmikula-dev]

Based on my experience, having these scripts is counterproductive. It worked much better for me just have inside the configuration file "Quality gates (run after changes, fix only if below threshold)" and commands. It runs them every time after agent work.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/aquasec_repo_scan.yml:
- Around line 28-38: The workflow currently only verifies a static file
("test_aquasec_scan.sarif") and uploads it (steps "Verify SARIF file exists" and
"Upload Scan Results to GitHub Security"), so restore the real AquaSec scanning
steps or make the purpose explicit: either (A) replace the check-and-upload of
test_aquasec_scan.sarif with the original authentication, API call, scanner
invocation, SARIF conversion, and output path used by the "AquaSec Full
Repository Scan" job so actual scanning runs and generates a real SARIF file
before upload, or (B) if this is intended as a test, rename the workflow and job
and add a conditional (e.g., only: branches: [ci-test] or an env flag) and
documentation to clearly mark it as a mock; locate the steps by the step names
"Verify SARIF file exists" and "Upload Scan Results to GitHub Security" and the
test artifact name test_aquasec_scan.sarif to make the necessary edits.

[tmikula-dev]

I am missing the copilot rules file for reviewer. He is very helpfull. I have checked usage of rulesets.

• I see there is some unsupported setup.
• When signed commit will be enabled then copilot refuse to work.
• It can be fixed by bypassing the copilot for PR only.

Could you introduce rulesets, add bypass and update the related handbook pages with this technical tip?

Thanks for the comment! I personally do not find the copilot reviewer useful in comparison with CodeRabbit, which can be used in this OSS project. The decision is of course up to team. But myself as a main code contributor here, will not be using copilot reviewer. I am happy for discussion about the development workflow to understand yours better. I do an agent development on the other repository with same repo settings, and everything works correctly.