Skip to content

add Copilot PR review instructions #19738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
seanbudd wants to merge 13 commits into
base: master
Choose a base branch
from
Draft

add Copilot PR review instructions #19738

Changes from 2 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
b7bf5a7
add Copilot PR review instructions
seanbudd Mar 3, 2026
4e09892
Update .github/copilot-instructions.md
seanbudd Mar 3, 2026
fc06662
Apply suggestions from code review
seanbudd Mar 6, 2026
34a72d9
Update .github/copilot-instructions.md
seanbudd Mar 6, 2026
7bb947f
Pre-commit auto-fix
pre-commit-ci[bot] Mar 6, 2026
fd2c30c
Update .github/copilot-instructions.md
seanbudd Mar 10, 2026
13c82b8
Update .github/copilot-instructions.md
seanbudd Mar 10, 2026
f934ab5
Update .github/copilot-instructions.md
seanbudd Mar 10, 2026
d92a637
Pre-commit auto-fix
pre-commit-ci[bot] Mar 10, 2026
68e5661
Update .github/copilot-instructions.md
SaschaCowley Mar 11, 2026
8c6dcbf
Update .github/copilot-instructions.md
seanbudd Mar 11, 2026
dafec43
Update .github/copilot-instructions.md
seanbudd Mar 11, 2026
23b93b5
Update .github/copilot-instructions.md
seanbudd Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 64 additions & 0 deletions .github/copilot-instructions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# Copilot instructions for GitHub code reviews (NVDA)

Use these instructions when reviewing pull requests in this repository.

## Review goals

* Prioritize correctness, regressions, accessibility impact, API compatibility, and security.
Comment thread
seanbudd marked this conversation as resolved.
Outdated
* Keep feedback specific and actionable; prefer concrete code suggestions over generic comments.
* Classify issues by severity:
* **Blocking**: likely bug, regression risk, security concern, API break, missing required tests/docs.
Comment thread
seanbudd marked this conversation as resolved.
* **Non-blocking**: style consistency, readability, minor refactors.
* Avoid requesting unrelated refactors or broad redesigns outside PR scope.

## NVDA Python style checks

When reviewing Python changes, verify alignment with `projectDocs/dev/codingStandards.md`:

* Follow PEP 8 unless NVDA guidance differs.
Comment thread
seanbudd marked this conversation as resolved.
Outdated
* **Indentation must use tabs**, not spaces.
* New/changed code should include **PEP 484 type hints** (prefer `X | Y` and `T | None`).
Comment thread
seanbudd marked this conversation as resolved.
Outdated
* Naming conventions:
Comment thread
SaschaCowley marked this conversation as resolved.
* functions/variables: `lowerCamelCase`
* classes: `UpperCamelCase`
* constants: `UPPER_SNAKE_CASE`
* scripts: `script_*`
* events: `event_*`
Comment thread
seanbudd marked this conversation as resolved.
* User-visible strings must be translatable via `_()` and include an appropriate translators comment.
Comment thread
seanbudd marked this conversation as resolved.
Outdated
* All public functions, classes, and methods must have Sphinx-style docstrings (without type declarations in docstrings).
Most internal functions, classes, and methods should also have docstrings, except where their purpose is clear from their name or code.
* Flag unnecessary import-time side effects and new module-level globals where avoidable.
* Prefer inclusive language and avoid terms disallowed by NVDA guidelines.
Comment thread
seanbudd marked this conversation as resolved.
Copy link
Copy Markdown
Collaborator

@XLTechie XLTechie Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't "NVDA guidelines" be replaced with the path to the file containing them, rather than assuming it will naturally know which guidelines apply in this situation?

Copy link
Copy Markdown
Member Author

@seanbudd seanbudd Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see discussion here: #19738 (comment)

Copy link
Copy Markdown
Collaborator

@XLTechie XLTechie Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes, I recall that one, though didn't realize the context.

All that aside, I'm seriously asking what makes us think it's going to read those referenced files at all? Not sure the whole "incorporated by reference" thing works here.

• Including external links. Copilot won’t follow them. You should copy relevant info into your instructions files instead.

No idea if they mean web links or things it recognizes as file paths, but I've not seen any clarity that would suggest that file links in the repo work any better than web links.


## PR checklist expectations

Ensure the PR content supports NVDA’s review checklist (`.github/PULL_REQUEST_TEMPLATE.md`):

* Documentation impact considered:
* changelog entry when required (`user_docs/en/changes.md`)
Copy link
Copy Markdown
Collaborator

@XLTechie XLTechie Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it smart enough to know when to incorporate an external file as instructions (of which it can only take 1,000 lines before it gets confused), or the same format being used just to reference a file that it shouldn't read?

  • If it does try to read the changelog, it's going to get deeply confused to the point of being useless, at least according to that blog post.
  • If, on the other hand, it ignores such external references (suggested in the article, with the reason possibly explained by the syntax of this line), than all the external references may not be doing what you think.

There has to be some way to confirm this, apart from the ambiguous statement in that blog.

Suggested change
* changelog entry when required (`user_docs/en/changes.md`)
* changelog entry when required (the changelog is contained in the file "user_docs/en/changes.md")

No idea if that would make a difference, but at least it's a different format than the "incorporate by reference" files.

I'm also concerned that "when required" is ambiguous, especially if it doesn't read in external files as I believe.

* user/developer docs updates where needed
* context-sensitive help for GUI options
* Testing strategy is clear and reproducible:
* unit/system/manual coverage discussed
* manual steps are concrete
* UX impact considered for:
* speech, braille, low vision
* browser differences where applicable
* localization implications
* API compatibility with add-ons is preserved unless explicitly intended and documented.
Copy link
Copy Markdown
Collaborator

@XLTechie XLTechie Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* API compatibility with add-ons is preserved unless explicitly intended and documented.
* API compatibility with add-ons is preserved, unless breaking API compatibility is explicitly intended and documented.

Copy link
Copy Markdown
Collaborator

@XLTechie XLTechie Mar 11, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason I commented on this before, is that the grammar as used, literally means:

API compatibility with add-ons is preserved unless API compatibility is explicitly intended and documented.

It is supposed to mean that the compatibility should be preserved, unless incompatibility is intended (how does it know?) and documented. But it doesn't say that. It never indicates what the alternative to API compatibility is, which should probably lead the system to make the second subject agree with the first, which produces a very weird instruction.

However this is phrased, I would drop the word "intended". The AI has no idea if it was intended. Documentation is the only deciding factor.


## Security-specific review checks

For code that can expose sensitive information or run in privileged contexts:

* Check lock-screen object handling safeguards (for example, secure object filtering).
* Check secure-mode behavior (`globalVars.appArgs.secure`) and that blocked actions fail gracefully.
* Ensure changes do not leak information on secure screens.
* Check writable behavior (`NVDAState.shouldWriteToDisk`) and do not write to disk if running securely or if running from the launcher.
Comment thread
seanbudd marked this conversation as resolved.
Outdated

Comment thread
seanbudd marked this conversation as resolved.
## Comment style for Copilot reviews

* Focus comments on changed lines and clear user/developer impact.
* Explain **why** something is a problem and **what** acceptable fix looks like.
Comment thread
seanbudd marked this conversation as resolved.
Outdated
* If uncertain, ask a precise question instead of making a weak assertion.
* Acknowledge valid trade-offs; do not insist on preferences when standards are satisfied.
Loading