Skip to main content

Instructions

Instructions are persistent coding standards that Copilot applies automatically based on the files you're editing. Unlike agents (which you invoke) or skills (which execute steps), instructions activate passively via applyTo glob patterns.

How Instructions Workโ€‹

When you open a file in VS Code, Copilot checks all .instructions.md files to see if any applyTo pattern matches your file. Matching instructions are loaded into the conversation context, so Copilot follows those rules when generating or editing code.

You open `src/api.py`
  โ†’ Copilot checks all .instructions.md files
  โ†’ `applyTo: "**/*.py"` matches!
  โ†’ Instruction rules are loaded into context
  โ†’ Copilot generates code following those standards

File Structureโ€‹

Instructions live in instructions/ (or .github/instructions/ inside a play):

instructions/python-azure-waf.instructions.md
---
description: "Enforces Python best practices for Azure AI services โ€” security, reliability, and cost optimization patterns."
applyTo: "**/*.py"
waf:
  - "security"
  - "reliability"
  - "cost-optimization"
---

# Python Azure AI Coding Standards

## Security

- Use `DefaultAzureCredential` for all Azure authentication โ€” never hardcode keys
- Load secrets from environment variables or Azure Key Vault, never from code

## Reliability

- Add retry with exponential backoff on all Azure SDK and HTTP calls
- Set explicit timeouts โ€” never rely on client defaults

Frontmatter Schemaโ€‹

FieldRequiredTypeValidation
descriptionโœ…stringMinimum 10 characters
applyToโœ…stringValid glob pattern
wafNostring[]Valid WAF pillar names

applyTo Glob Patternsโ€‹

The applyTo pattern determines which files trigger the instruction:

PatternMatchesUse Case
**/*.pyAll Python filesPython coding standards
**/*.{ts,tsx}TypeScript + TSXReact/TypeScript standards
**/*.bicepAll Bicep filesIaC best practices
**/*.{yaml,yml}YAML filesConfig/pipeline standards
**/test_*.pyPython test filesTesting patterns
solution-plays/01-*/**Play 01 files onlyPer-play targeting
**/infra/**/*.bicepInfra Bicep onlyInfrastructure rules

Glob rules:

  • * matches any characters except /
  • ** matches any characters including / (recursive)
  • {a,b} matches either a or b

WAF Instructionsโ€‹

FrootAI ships with instructions for each Well-Architected Framework pillar:

InstructionPillarApplies To
waf-security.instructions.mdSecurity**/*.{ts,js,py,bicep,json,yaml,yml}
waf-reliability.instructions.mdReliability**/*.{ts,js,py,bicep,json,yaml,yml}
waf-cost-optimization.instructions.mdCost**/*.{ts,js,py,bicep,json,yaml,yml}
waf-operational-excellence.instructions.mdOps Excellence**/*.{ts,js,py,bicep,json,yaml,yml}
waf-performance-efficiency.instructions.mdPerformance**/*.{ts,js,py,bicep,json,yaml,yml}
waf-responsible-ai.instructions.mdResponsible AI**/*.{ts,js,py,bicep,json,yaml,yml}

:::info WAF Security Example The waf-security instruction enforces: never hardcode secrets, use Managed Identity, implement RBAC, enable private endpoints, rate-limit AI API calls, and pin dependency versions. These rules auto-apply to every code file. :::

Writing Effective Instructionsโ€‹

Copilot follows examples better than prose. Include concrete code patterns:

## Authentication โ€” Always Use Managed Identity

โœ… Correct:
```python
from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential()

โŒ Wrong:

api_key = "sk-abc123..."  # NEVER hardcode keys

:::tip Keep Under 200 Lines
Instructions are loaded into the LLM context window. Shorter instructions use fewer tokens and get applied more reliably. One concern per instruction file.
:::

## Multi-Scope Instructions

Target multiple file types with a single glob:

```yaml
---
description: "Full-stack WAF standards for TypeScript frontend and Python backend"
applyTo: "**/*.{ts,tsx,py}"
waf: ["security", "reliability", "performance-efficiency"]
---

For play-specific instructions:

---
description: "Play 01 Enterprise RAG implementation standards"
applyTo: "solution-plays/01-enterprise-rag/**/*.{py,ts,bicep}"
---

Validationโ€‹

npm run validate:primitives

This checks that every instruction has:

  • description with 10+ characters
  • Valid applyTo glob pattern
  • Correct lowercase-hyphen filename

See Alsoโ€‹