lintai docs

Appearance

Rule Reference

SEC353lintai-ai-securityguidancequalitypreviewmarkdownwarn

Copilot instructions: exceeds 4000 chars

GitHub Copilot instruction markdown exceeds the 4000-character guidance limit

Public lane
guidance
Category
quality
Provider
lintai-ai-security
Scope
per-file
Surface
markdown
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Advice-oriented guidance and maintainability review.

How to read this category

Contract, schema, or config correctness signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

guidancesidecar lane

Lifecycle

Preview Lifecycle Contract

State

preview

Promotion blocker

Long Copilot instruction files can still be intentional, so the first release stays guidance-only while usefulness is measured.

Promotion requirements

Needs corpus-backed precision review, external usefulness evidence, and completed stable checklist metadata.

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC354Copilot instructions: missing `applyTo`Path-specific GitHub Copilot instruction markdown is missing `applyTo` frontmatterguidancequalitymarkdown
SEC355AI markdown: wildcard tool grantAI-native markdown frontmatter grants wildcard tool accessguidancehardeningmarkdown
SEC356Plugin agent: `permissionMode` in frontmatterPlugin agent frontmatter sets `permissionMode`guidancequalitymarkdown
SEC357Plugin agent: `hooks` in frontmatterPlugin agent frontmatter sets `hooks`guidancequalitymarkdown
SEC358Plugin agent: `mcpServers` in frontmatterPlugin agent frontmatter sets `mcpServers`guidancequalitymarkdown
SEC359Cursor rule: `alwaysApply` typeCursor rule frontmatter `alwaysApply` must be booleanguidancequalitymarkdown

Why It Matters

GitHub Copilot repository and path-specific instruction files are easier to reason about when they stay short and focused. Once instruction markdown grows past the documented 4000-character guidance limit, part of the intended behavior can become easier to ignore, harder to review, and less portable across review-oriented Copilot workflows.

What Triggers

SEC353 applies only to GitHub Copilot instruction paths:

  • .github/copilot-instructions.md
  • .github/instructions/*.instructions.md

It triggers when the file content exceeds 4000 characters.

Examples that trigger:

  • a repository-level .github/copilot-instructions.md packed with multi-page guidance
  • a path-specific .github/instructions/review.instructions.md that grows beyond the same limit

Examples that stay clean:

  • short repository-level Copilot instructions
  • path-specific instruction files that stay within the limit
  • fixture-like paths such as tests/fixtures/.github/copilot-instructions.md

False Positives

This rule now lives in the explicit guidance lane because some projects may intentionally keep large instruction files while they evaluate how much Copilot actually consumes in their workflows. The rule is guidance about reviewability and effective application, not a claim that every long file is broken.

Remediation

Split long Copilot guidance into:

  • a shorter shared .github/copilot-instructions.md
  • narrower .github/instructions/*.instructions.md files for path-specific behavior

Prefer small, focused instruction files over one large catch-all document.