|
| 1 | +# GitHub Copilot Instructions for Contrast AI SmartFix |
| 2 | + |
| 3 | +This document provides guidelines for GitHub Copilot when working on the Contrast AI SmartFix project. |
| 4 | + |
| 5 | +## Core Development Principles |
| 6 | + |
| 7 | +### 1. Code Quality & Linting |
| 8 | +- **All code changes MUST pass linting** - Use flake8 with the project's configuration (`.flake8`) |
| 9 | +- Follow PEP 8 style guidelines strictly |
| 10 | +- Maximum line length: 180 characters (as configured in `.flake8`) |
| 11 | +- Use type hints for all function parameters and return values |
| 12 | +- Ensure proper docstrings for all functions, classes, and modules |
| 13 | + |
| 14 | +### 2. Testing Requirements |
| 15 | +- **New code MUST have unit tests** - No exceptions for new functionality |
| 16 | +- **Existing code modifications MUST include tests** - When editing existing code, write comprehensive unit tests |
| 17 | +- Use pytest as the testing framework |
| 18 | +- Maintain minimum 80% code coverage for new code |
| 19 | +- Tests should follow the Arrange-Act-Assert pattern |
| 20 | +- Mock external dependencies appropriately (GitHub API, Contrast API, file system operations) |
| 21 | + |
| 22 | +### 3. Object-Oriented Design & Domain-Driven Design |
| 23 | +- **New code MUST follow Object-Oriented principles** - Encapsulation, inheritance, polymorphism |
| 24 | +- **Refactor existing procedural code to OOP** - When editing old code, take the opportunity to make it Object-Oriented |
| 25 | +- Apply Domain-Driven Design (DDD) principles to identify and model domain objects: |
| 26 | + |
| 27 | +#### Domain Objects to Consider: |
| 28 | +- **Vulnerability** - Represents security vulnerabilities with properties like severity, rule, UUID |
| 29 | +- **Remediation** - Encapsulates the process of fixing a vulnerability |
| 30 | +- **BuildResult** - Represents build execution results and status |
| 31 | +- **GitRepository** - Manages git operations and repository state |
| 32 | +- **PullRequest** - Represents GitHub pull request with metadata and operations |
| 33 | +- **Agent** - Abstracts AI agent behavior (FixAgent, QAAgent) |
| 34 | +- **TelemetryEvent** - Structured telemetry data collection |
| 35 | +- **ConfigurationContext** - Environment and configuration management |
| 36 | + |
| 37 | +#### Design Patterns to Use: |
| 38 | +- **Strategy Pattern** - For different coding agents (SmartFix vs External) |
| 39 | +- **Factory Pattern** - For creating agents, configurations, and API clients |
| 40 | +- **Repository Pattern** - For data access (GitHub, Contrast API) |
| 41 | +- **Command Pattern** - For git operations and build commands |
| 42 | +- **Observer Pattern** - For telemetry and logging events |
| 43 | + |
| 44 | +### 4. Error Handling & Resilience |
| 45 | +- Use custom exception classes that inherit from appropriate base exceptions |
| 46 | +- Implement proper logging at appropriate levels (DEBUG, INFO, WARNING, ERROR) |
| 47 | +- Handle external API failures gracefully with retries where appropriate |
| 48 | +- Validate inputs at boundaries (API responses, user inputs, configuration) |
| 49 | + |
| 50 | +### 5. Async/Await Best Practices |
| 51 | +- Use async/await consistently for I/O operations |
| 52 | +- Properly handle asyncio event loops and cleanup |
| 53 | +- Use context managers for resource management |
| 54 | +- Handle cancellation and timeout scenarios |
| 55 | + |
| 56 | +## File Organization & Architecture |
| 57 | + |
| 58 | +### 6. Module Structure |
| 59 | +- Keep modules focused on single responsibilities |
| 60 | +- Use dependency injection instead of global state where possible |
| 61 | +- Separate domain logic from infrastructure concerns |
| 62 | +- Group related functionality into cohesive modules |
| 63 | + |
| 64 | +### 7. Configuration Management |
| 65 | +- Centralize configuration in the `Config` class |
| 66 | +- Use environment variables with sensible defaults |
| 67 | +- Validate configuration at startup |
| 68 | +- Support testing configurations |
| 69 | + |
| 70 | +## Security & Performance |
| 71 | + |
| 72 | +### 8. Security Considerations |
| 73 | +- Never log sensitive data (API keys, tokens) |
| 74 | +- Sanitize user inputs and API responses |
| 75 | +- Use secure defaults for all configurations |
| 76 | +- Validate file paths to prevent directory traversal |
| 77 | + |
| 78 | +### 9. Performance Guidelines |
| 79 | +- Use efficient data structures and algorithms |
| 80 | +- Implement proper caching where beneficial |
| 81 | +- Avoid blocking operations in async contexts |
| 82 | +- Monitor memory usage for large operations |
| 83 | + |
| 84 | +## Documentation & Maintenance |
| 85 | + |
| 86 | +### 10. Code Documentation |
| 87 | +- Write clear, concise docstrings for all public methods |
| 88 | +- Include usage examples in docstrings for complex functions |
| 89 | +- Document complex business logic with inline comments |
| 90 | +- Keep README.md updated with architectural changes |
| 91 | + |
| 92 | +### 11. Git & Version Control |
| 93 | +- Use descriptive commit messages following conventional commits |
| 94 | +- Keep commits atomic and focused |
| 95 | +- Write meaningful branch names |
| 96 | +- Update version numbers appropriately |
| 97 | + |
| 98 | +## Testing Patterns |
| 99 | + |
| 100 | +### 12. Test Structure |
| 101 | +```python |
| 102 | +class TestClassName: |
| 103 | + """Test class for ClassName functionality.""" |
| 104 | + |
| 105 | + def setup_method(self): |
| 106 | + """Set up test fixtures before each test method.""" |
| 107 | + pass |
| 108 | + |
| 109 | + def test_method_name_should_expected_behavior(self): |
| 110 | + """Test that method_name produces expected behavior under specific conditions.""" |
| 111 | + # Arrange |
| 112 | + # Act |
| 113 | + # Assert |
| 114 | + pass |
| 115 | +``` |
| 116 | + |
| 117 | +### 13. Mock Usage |
| 118 | +- Mock external dependencies (APIs, file system, network) |
| 119 | +- Use `unittest.mock.patch` appropriately |
| 120 | +- Verify mock calls when testing side effects |
| 121 | +- Use `pytest.fixture` for reusable test data |
| 122 | + |
| 123 | +## Legacy Code Refactoring |
| 124 | + |
| 125 | +### 14. When Editing Existing Code |
| 126 | +- **Identify domain objects** - Look for data and behavior that belong together |
| 127 | +- **Extract classes** - Convert function clusters into cohesive classes |
| 128 | +- **Introduce interfaces** - Abstract complex dependencies |
| 129 | +- **Add tests first** - Write tests for existing behavior before refactoring |
| 130 | +- **Refactor incrementally** - Make small, safe changes |
| 131 | + |
| 132 | +### 15. Gradual Modernization |
| 133 | +- Replace global variables with dependency injection |
| 134 | +- Convert procedural code to class-based approaches |
| 135 | +- Introduce type hints to existing functions |
| 136 | +- Add comprehensive error handling |
| 137 | + |
| 138 | +## Example Refactoring Approach |
| 139 | + |
| 140 | +**Before (Procedural):** |
| 141 | +```python |
| 142 | +def process_vulnerability(vuln_data, repo_path, config): |
| 143 | + # 50+ lines of mixed concerns |
| 144 | + pass |
| 145 | +``` |
| 146 | + |
| 147 | +**After (Object-Oriented):** |
| 148 | +```python |
| 149 | +class VulnerabilityProcessor: |
| 150 | + def __init__(self, repository: GitRepository, agent_factory: AgentFactory): |
| 151 | + self._repository = repository |
| 152 | + self._agent_factory = agent_factory |
| 153 | + |
| 154 | + def process(self, vulnerability: Vulnerability) -> RemediationResult: |
| 155 | + agent = self._agent_factory.create_fix_agent() |
| 156 | + return agent.remediate(vulnerability, self._repository) |
| 157 | +``` |
| 158 | + |
| 159 | +## Continuous Improvement |
| 160 | + |
| 161 | +- Regularly review and update these guidelines |
| 162 | +- Incorporate learnings from code reviews |
| 163 | +- Stay updated with Python and testing best practices |
| 164 | +- Monitor code quality metrics and improve accordingly |
| 165 | + |
| 166 | +--- |
| 167 | + |
| 168 | +**Remember:** These guidelines ensure maintainable, testable, and robust code that follows industry best practices and domain-driven design principles. |
0 commit comments