GitHub Copilot Integration

GitHub Copilot generates code inline as developers type. Like all AI coding tools, it operates without knowledge of your team's specific stack decisions. vybdocs enforces your constraints at the commit and PR boundaries.

Integration approach

vybdocs integrates with GitHub Copilot workflows at two points:

Pre-commit hook — catches violations before they enter the git history
GitHub Actions — catches violations at PR time, before merge

Pre-commit hook setup

vyb init --with-hooks

Or manually create .git/hooks/pre-commit:

#!/bin/sh
npx @vybdocs/vyb check --staged --ci

With Husky for team-wide consistency:

npm install --save-dev husky
npx husky install
echo "vyb check --staged" > .husky/pre-commit
chmod +x .husky/pre-commit

GitHub Actions enforcement

The primary enforcement point for Copilot workflows is the PR check. See GitHub Actions for the complete workflow file.

Summary:

.github/workflows/vyb-check.yml
name: vybdocs check
on: [pull_request]
jobs:
  vyb-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: actions/setup-node@v4
        with:
          node-version: '24'
      - run: npm ci
      - run: npx @vybdocs/vyb check --base origin/${{ github.base_ref }}

GitHub Code Scanning

vybdocs supports SARIF output for GitHub Code Scanning, which surfaces violations as inline annotations on Copilot-suggested code in the PR diff view:

- name: Run vybdocs check (SARIF)
  run: npx @vybdocs/vyb check --output-format sarif --output vyb-results.sarif || true

- name: Upload SARIF to GitHub Code Scanning
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: vyb-results.sarif
    category: vybdocs

With SARIF integration, Copilot-suggested code that violates your rules is flagged inline in the PR review — reviewers see the annotation directly on the offending line.

Copilot-specific rule patterns

GitHub Copilot tends to suggest certain patterns that commonly violate engineering standards:

Suggest deprecated APIs

Copilot is trained on historical code and may suggest deprecated patterns:

- id: ts-002
  name: no-deprecated-react-apis
  severity: warn
  pattern: "componentWillMount|componentWillUpdate|componentWillReceiveProps"
  remediation: >
    These React lifecycle methods are deprecated.
    Use useEffect() or getDerivedStateFromProps() instead.

Verbose type assertions

- id: ts-003
  name: no-type-casting-over-assertion
  severity: info
  pattern: "<[A-Z]\\w+>"
  exclude: ["**/*.tsx", "**/*.generic.ts"]
  remediation: Prefer 'value as Type' over '<Type>value' for readability.

Status checks and branch protection

To prevent Copilot-generated code from being merged without passing vyb check:

Enable required status checks in your repository's branch protection rules
Add vyb-check (the GitHub Actions job name) as a required check
Enable "Require branches to be up to date before merging"

With this configuration, no PR — regardless of how it was written (human or Copilot) — can be merged unless vyb check passes.

Next: GitHub Actions

Integration approach​

Pre-commit hook setup​

GitHub Actions enforcement​

GitHub Code Scanning​

Copilot-specific rule patterns​

Suggest deprecated APIs​

Verbose type assertions​

Status checks and branch protection​