Add Copilot instructions (main)

[Copilot]

Overview

This PR adds a comprehensive .github/copilot-instructions.md file to help GitHub Copilot coding agents work efficiently with the sec-certs repository. These instructions serve as onboarding documentation that significantly reduces the time and errors when agents first encounter this codebase.

What's Included

The instructions file provides:

1. Repository Overview

• Clear description of sec-certs as a Python security certificate analysis tool for Common Criteria and FIPS 140-2/3
• Complete tech stack overview including Python versions (3.10+), testing framework (pytest), linters (Ruff, MyPy), and key dependencies
• Project statistics: ~75 source files with 13.5k lines of code

2. Critical Setup Requirements

System Dependencies with exact commands:

sudo apt-get install -y build-essential libpoppler-cpp-dev pkg-config \
    python3-dev tesseract-ocr tesseract-ocr-eng tesseract-ocr-deu \
    tesseract-ocr-fra default-jdk

Python Environment with validated installation sequence:

pip install -r requirements/test_requirements.txt
pip install -e .
python -m spacy download en_core_web_sm

3. Build, Test, and Validation

• Testing: Commands with pytest markers (slow, remote) for different test scenarios
• Linting: Both pre-commit hooks and manual commands for Ruff and MyPy
• Documentation: Sphinx build process
• Distribution: Package building for PyPI release

4. Project Architecture

• Complete directory structure with all major folders explained
• Key file locations (pyproject.toml, rules.yaml, configuration.py, etc.)
• Main architectural components: Datasets, Certificates, CLI, Heuristics
• Dependencies and configuration files

5. CI/CD Pipelines

Documentation of all 5 GitHub workflows:

• tests.yml - Multi-version Python testing
• pre-commit.yml - Automated linting
• docs.yml - Documentation building and deployment
• release.yml - PyPI and DockerHub publishing
• cron.yml - Weekly remote/flaky tests

6. Common Pitfalls and Gotchas

10 documented issues that commonly trip up new developers:

• Auto-generated _version.py file (created by setuptools-scm, should not be committed)
• Poppler library version requirements (≥20.x, older 0.x versions fail)
• Spacy language model download requirement
• Java in PATH for FIPS table parsing
• pip-sync limitations with system packages
• Test marker usage for stable vs. flaky tests
• And more...

Validation

All commands and information in the instructions have been validated by:

• Running actual commands in the repository environment
• Examining CI workflow files for accuracy
• Reviewing documentation (README, CONTRIBUTING, docs/)
• Verifying file structure and existence
• Testing import paths and CLI functionality

Benefits

This documentation will help coding agents:

• ✅ Set up the development environment correctly on the first attempt
• ✅ Run tests and linting without trial-and-error
• ✅ Understand project structure quickly without extensive exploration
• ✅ Avoid common pitfalls (Poppler versions, missing spacy models, etc.)
• ✅ Match CI requirements and reduce build failures
• ✅ Complete tasks faster by reducing time spent searching and exploring

Constraints Met

• Length: 1,601 words (~2 pages) - within the specified limit
• Non-task-specific: Generic instructions applicable to any coding task
• Comprehensive: Covers all aspects needed for efficient agent work

The instructions explicitly tell agents to trust the documented commands and only search/explore when information is incomplete or incorrect, significantly reducing wasted effort on exploration.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• esm.ubuntu.com
  • Triggering command: /usr/lib/apt/methods/https (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Your task is to "onboard" this repository to Copilot coding agent by adding a .github/copilot-instructions.md file in the repository that contains information describing how a coding agent seeing it for the first time can work most efficiently.

You will do this task only one time per repository and doing a good job can SIGNIFICANTLY improve the quality of the agent's work, so take your time, think carefully, and search thoroughly before writing the instructions.

- Reduce the likelihood of a coding agent pull request getting rejected by the user due to generating code that fails the continuous integration build, fails a validation pipeline, or having misbehavior. - Minimize bash command and build failures. - Allow the agent to complete its task more quickly by minimizing the need for exploration using grep, find, str_replace_editor, and code search tools. - Instructions must be no longer than 2 pages. - Instructions must not be task specific.

Add the following high level details about the codebase to reduce the amount of searching the agent has to do to understand the codebase each time:

• A summary of what the repository does.
• High level repository information, such as the size of the repo, the type of the project, the languages, frameworks, or target runtimes in use.

Add information about how to build and validate changes so the agent does not need to search and find it each time.

• For each of bootstrap, build, test, run, lint, and any other scripted step, document the sequence of steps to take to run it successfully as well as the versions of any runtime or build tools used.
• Each command should be validated by running it to ensure that it works correctly as well as any preconditions and postconditions.
• Try cleaning the repo and environment and running commands in different orders and document errors and and misbehavior observed as well as any steps used to mitigate the problem.
• Run the tests and document the order of steps required to run the tests.
• Make a change to the codebase. Document any unexpected build issues as well as the workarounds.
• Document environment setup steps that seem optional but that you have validated are actually required.
• Document the time required for commands that failed due to timing out.
• When you find a sequence of commands that work for a particular purpose, document them in detail.
• Use language to indicate when something should always be done. For example: "always run npm install before building".
• Record any validation steps from documentation.

List key facts about the layout and architecture of the codebase to help the agent find where to make changes with minimal searching.

• A description of the major architectural elements of the project, including the relative paths to the main project files, the location
  of configuration files for linting, compilation, testing, and preferences.
• A description of the checks run prior to check in, including any GitHub workflows, continuous integration builds, or other validation pipelines.
• Document the steps so that the agent can replicate these itself.
• Any explicit validation steps that the agent can consider to have further confidence in its changes.
• Dependencies that aren't obvious from the layout or file structure.
• Finally, fill in any remaining space with detailed lists of the following, in order of priority: the list of files in the repo root, the
  contents of the README, the contents of any key source files, the list of files in the next level down of directories, giving priority to the more structurally important and snippets of code from key source files, such as the one containing the main method.

- Perform a comprehensive inventory of the codebase. Search for and view: - README.md, CONTRIBUTING.md, and all other documentation files. - Search the codebase for build steps and indications of workarounds like 'HACK', 'TODO', etc. - All scripts, particularly those pertaining to build and repo or environment setup. - All build and actions pipelines. - All project files. - All configuration and linting files. - For each file: - think: are the contents or the existence of the file information that the coding agent will need to implement, build, test, validate, or demo a code change? - If yes: - Document the command or information in detail. - Explicitly indicate which commands work and which do not and the order in which commands should be run. - Document any errors encountered as well as the steps taken to workaround them. - Document any other steps or information that the agent can use to reduce time spent exploring or trying and failing to run bash commands. - Finally, explicitly instruct the agent to trust the instructions and only perform a search if the information in the instruction...

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[J08nY]

Looks good to me.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.63%. Comparing base (85adccc) to head (045c042).
✅ All tests successful. No failed tests found.

❗ There is a different number of reports uploaded between BASE (85adccc) and HEAD (045c042). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (85adccc)	HEAD (045c042)
	2	1

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #520       +/-   ##
===========================================
- Coverage   68.37%   57.63%   -10.74%     
===========================================
  Files          70       70               
  Lines        8526     8526               
===========================================
- Hits         5829     4913      -916     
- Misses       2697     3613      +916     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.