akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

enhance(security): update agent instructions to include explicit security scans and checks in workflows

Browse Source
This commit is contained in:
GitHub Actions
2025-12-23 21:30:51 +00:00
parent 460ca9aa42
commit c21fd17ec9
3 changed files with 21 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.github/instructions/copilot-instructions.md vendored
View File

@@ -80,12 +80,17 @@ Before proposing ANY code change or fix, you must build a mental map of the feat
Before marking an implementation task as complete, perform the following in order:
1. **Pre-Commit Triage**: Run `pre-commit run --all-files`.
1. **Security Scans**: Run all security scans and ensure zero vulnerabilities.
- **CodeQL**: Run as VS Code task or use Skill.
- **Trivy**: Run as VS Code task or use Skill.
- **Zero issues allowed**.
2. **Pre-Commit Triage**: Run `pre-commit run --all-files`.
- If errors occur, **fix them immediately**.
- If logic errors occur, analyze and propose a fix.
- Do not output code that violates pre-commit standards.
2. **Coverage Testing** (MANDATORY - Non-negotiable):
3. **Coverage Testing** (MANDATORY - Non-negotiable):
- **Backend Changes**: Run the VS Code task "Test: Backend with Coverage" or execute `scripts/go-test-coverage.sh`.
- Minimum coverage: 85% (set via `CHARON_MIN_COVERAGE` or `CPM_MIN_COVERAGE`).
- If coverage drops below threshold, write additional tests to restore coverage.
@@ -97,16 +102,16 @@ Before marking an implementation task as complete, perform the following in orde
- **Critical**: Coverage tests are NOT run by default pre-commit hooks (they are in manual stage for performance). You MUST run them explicitly via VS Code tasks or scripts before completing any task.
- **Why**: CI enforces coverage in GitHub Actions. Local verification prevents CI failures and maintains code quality.
3. **Type Safety** (Frontend only):
4. **Type Safety** (Frontend only):
- Run the VS Code task "Lint: TypeScript Check" or execute `cd frontend && npm run type-check`.
- Fix all type errors immediately. This is non-negotiable.
- This check is also in manual stage for performance but MUST be run before completion.
4. **Verify Build**: Ensure the backend compiles and the frontend builds without errors.
5. **Verify Build**: Ensure the backend compiles and the frontend builds without errors.
- Backend: `cd backend && go build ./...`
- Frontend: `cd frontend && npm run build`
5. **Clean Up**: Ensure no debug print statements or commented-out blocks remain.
6. **Clean Up**: Ensure no debug print statements or commented-out blocks remain.
- Remove `console.log`, `fmt.Println`, and similar debugging statements.
- Delete commented-out code blocks.
- Remove unused imports.