Skip to Content
PrimitivesInstructions

Instructions

Instructions are persistent coding standards that Copilot applies automatically based on the files you’re editing. Unlike agents (which you invoke) or skills (which execute steps), instructions activate passively via applyTo glob patterns.

How Instructions Work

When you open a file in VS Code, Copilot checks all .instructions.md files to see if any applyTo pattern matches your file. Matching instructions are loaded into the conversation context, so Copilot follows those rules when generating or editing code.

You open `src/api.py`
  β†’ Copilot checks all .instructions.md files
  β†’ `applyTo: "**/*.py"` matches!
  β†’ Instruction rules are loaded into context
  β†’ Copilot generates code following those standards

File Structure

Instructions live in instructions/ (or .github/instructions/ inside a play):

instructions/python-azure-waf.instructions.md
---
description: "Enforces Python best practices for Azure AI services β€” security, reliability, and cost optimization patterns."
applyTo: "**/*.py"
waf:
  - "security"
  - "reliability"
  - "cost-optimization"
---
 
# Python Azure AI Coding Standards
 
## Security
 
- Use `DefaultAzureCredential` for all Azure authentication β€” never hardcode keys
- Load secrets from environment variables or Azure Key Vault, never from code
 
## Reliability
 
- Add retry with exponential backoff on all Azure SDK and HTTP calls
- Set explicit timeouts β€” never rely on client defaults

Frontmatter Schema

FieldRequiredTypeValidation
descriptionβœ…stringMinimum 10 characters
applyToβœ…stringValid glob pattern
wafNostring[]Valid WAF pillar names

applyTo Glob Patterns

The applyTo pattern determines which files trigger the instruction:

PatternMatchesUse Case
**/*.pyAll Python filesPython coding standards
**/*.{ts,tsx}TypeScript + TSXReact/TypeScript standards
**/*.bicepAll Bicep filesIaC best practices
**/*.{yaml,yml}YAML filesConfig/pipeline standards
**/test_*.pyPython test filesTesting patterns
solution-plays/01-*/**Play 01 files onlyPer-play targeting
**/infra/**/*.bicepInfra Bicep onlyInfrastructure rules

Glob rules:

  • * matches any characters except /
  • ** matches any characters including / (recursive)
  • {a,b} matches either a or b

WAF Instructions

FrootAI ships with instructions for each Well-Architected Framework pillar:

InstructionPillarApplies To
waf-security.instructions.mdSecurity**/*.{ts,js,py,bicep,json,yaml,yml}
waf-reliability.instructions.mdReliability**/*.{ts,js,py,bicep,json,yaml,yml}
waf-cost-optimization.instructions.mdCost**/*.{ts,js,py,bicep,json,yaml,yml}
waf-operational-excellence.instructions.mdOps Excellence**/*.{ts,js,py,bicep,json,yaml,yml}
waf-performance-efficiency.instructions.mdPerformance**/*.{ts,js,py,bicep,json,yaml,yml}
waf-responsible-ai.instructions.mdResponsible AI**/*.{ts,js,py,bicep,json,yaml,yml}
ℹ️

WAF Security Example

The waf-security instruction enforces: never hardcode secrets, use Managed Identity, implement RBAC, enable private endpoints, rate-limit AI API calls, and pin dependency versions. These rules auto-apply to every code file.

Writing Effective Instructions

Copilot follows examples better than prose. Include concrete code patterns:

## Authentication β€” Always Use Managed Identity
 
βœ… Correct:
```python
from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential()

❌ Wrong:

api_key = "sk-abc123..."  # NEVER hardcode keys

<Callout type="info" emoji="πŸ’‘">
**Keep Under 200 Lines**

Instructions are loaded into the LLM context window. Shorter instructions use fewer tokens and get applied more reliably. One concern per instruction file.
</Callout>
## Multi-Scope Instructions

Target multiple file types with a single glob:

```yaml
---
description: "Full-stack WAF standards for TypeScript frontend and Python backend"
applyTo: "**/*.{ts,tsx,py}"
waf: ["security", "reliability", "performance-efficiency"]
---

For play-specific instructions:

---
description: "Play 01 Enterprise RAG implementation standards"
applyTo: "solution-plays/01-enterprise-rag/**/*.{py,ts,bicep}"
---

Validation

npm run validate:primitives

This checks that every instruction has:

  • description with 10+ characters
  • Valid applyTo glob pattern
  • Correct lowercase-hyphen filename

See Also

Last updated on
HooksPlugins