Replace per-skill AI disclosure with a PreToolUse hook#125889
Open
lewing wants to merge 20 commits intodotnet:mainfrom
Open
Replace per-skill AI disclosure with a PreToolUse hook#125889lewing wants to merge 20 commits intodotnet:mainfrom
lewing wants to merge 20 commits intodotnet:mainfrom
Conversation
Move the AI-generated content disclosure from duplicated text in copilot-instructions.md and 6 SKILL.md files into a single .github/hooks/hooks.json PreToolUse hook that fires when gh CLI commands post to GitHub (pr/issue create/comment/edit/review). This eliminates token waste from repeated instructions and ensures the disclosure applies uniformly to all GitHub-posting actions, including any future skills that use gh. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR centralizes the repository’s “AI-generated content disclosure” reminder by removing duplicated disclosure paragraphs from Copilot instructions and multiple skill prompts, and introducing a single lifecycle hook intended to trigger only when gh is used to post to GitHub.
Changes:
- Added a
.github/hooks/hooks.jsonPreToolUsehook to detectgh pr/issue {create,comment,edit,review,merge}and emit a disclosure reminder. - Removed the duplicated disclosure text from
.github/copilot-instructions.mdand several.github/skills/*/SKILL.mdfiles. - Kept skill workflows otherwise unchanged, relying on the hook as the new single source of truth.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/hooks/hooks.json | Adds a PreToolUse hook for Bash that detects certain gh commands and prints a disclosure reminder. |
| .github/copilot-instructions.md | Removes the “AI-Generated Content Disclosure” section from the main Copilot instructions. |
| .github/skills/api-proposal/SKILL.md | Removes the per-skill disclosure paragraph from the publish phase guidance. |
| .github/skills/ci-analysis/SKILL.md | Removes the per-skill disclosure paragraph near the top-level workflow guidance. |
| .github/skills/code-review/SKILL.md | Removes the per-skill disclosure paragraph from the review output format guidance. |
| .github/skills/issue-triage/SKILL.md | Removes the per-skill disclosure paragraph from the anti-patterns section. |
| .github/skills/performance-benchmark/SKILL.md | Removes the per-skill disclosure paragraph near EgorBot posting instructions. |
| .github/skills/vmr-codeflow-status/SKILL.md | Removes the per-skill disclosure paragraph near the top-level workflow guidance. |
- Replace node -e with grep+shell (no external runtime dependency) - Broaden matcher to Bash|PowerShell for cross-platform coverage - Add one-line disclosure pointer back to copilot-instructions.md for discoverability in environments without hook support Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
lewing
commented
Mar 21, 2026
Member
Author
lewing
left a comment
lewing
left a comment
There was a problem hiding this comment.
Addressed all three review comments in 691492f:
- Node dependency → Replaced
node -ewith pure shell (grep -qE ... && echo >&2; :). No external runtime needed, always exits 0. - Matcher scope → Broadened to
"Bash|PowerShell"for cross-platform coverage. - Discoverability → Added a one-line pointer back in
copilot-instructions.mdlinking to.github/hooks/hooks.jsonso the rule is visible even in environments without hook support.
Note
This comment was generated with the help of Copilot.
Use the version 1 hooks schema with separate bash and powershell keys for cross-platform support. Pure shell builtins on both platforms — no dependency on grep, node, or other external tools. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Shell hook: match any command mentioning 'github' or 'gh' (covers gh CLI, curl to api.github.com, etc.) - GitHub MCP tools hook: unconditional reminder for any tool with 'github' in the name - copilot-instructions.md: remove gh-specific wording; the rule applies to all GitHub posting methods Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The copilot-instructions.md rule is the source of truth. The shell hook is a best-effort nudge when gh/github commands run, not a gate. Remove the overly broad GitHub MCP tool matcher that would spam on every read-only query. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Two hooks: 1. Shell (Bash|PowerShell): fires when command mentions github/gh 2. MCP tools: matcher catches write verbs (create|comment|update| edit|review|push|merge), then body checks for 'github' in the tool args to avoid false positives from non-GitHub tools No metadata on MCP tools to distinguish read vs write, so we match on tool name patterns containing write-like verbs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Shell hook now only fires on gh pr/issue create/comment/review/edit/ merge/close — not on reads like 'gh pr view' or 'gh issue list'. Message shortened to ~15 tokens referencing copilot-instructions.md for the full rule, avoiding context bloat in long sessions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The hook message is a short pointer ('per copilot-instructions.md'),
so the full rule needs to live here. Restores the original section
from dotnet#125842. The per-skill duplicates remain removed — the hook
provides the point-of-action reminder, this section is the source
of truth.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
Author
|
opened microsoft/vscode#303928 |
danmoseley
approved these changes
Apr 2, 2026
Member
danmoseley
left a comment
danmoseley
left a comment
There was a problem hiding this comment.
OK but I'm a bit unclear how this is an improvement?
Member
Author
it avoids sprinkling the same text in a bunch of places that aren't related? |
This was referenced Apr 16, 2026
Comment on lines
451
to
+455
| When posting any content to GitHub under a user's credentials (not a dedicated bot account), you **MUST** include a concise, visible note (e.g. a `> [!NOTE]` alert) indicating the content was AI/Copilot-generated. Skip this if the user explicitly asks you to omit it. | ||
|
|
||
| - **NEVER** use `gh issue close`, `gh issue edit`, `gh issue comment`, or `gh pr review --approve`/`--request-changes` **unless the user explicitly asks you to** after picking an outcome. | ||
|
|
||
| - **Security concerns are out of scope.** Do not assess, discuss, or make recommendations about potential security implications. Security assessment is handled through separate processes. | ||
| - **NEVER** use `gh issue close`, `gh issue edit`, `gh issue comment`, or | ||
| `gh pr review --approve`/`--request-changes` **unless the user explicitly | ||
| asks you to** after picking an outcome. |
There was a problem hiding this comment.
The PR description says the duplicated AI disclosure text was removed from issue-triage/SKILL.md, but this file still contains the per-skill disclosure guidance (line 451). Either remove this line to fully rely on the new PreToolUse hook + .github/copilot-instructions.md, or update the PR description to reflect that issue-triage intentionally keeps the explicit disclosure text.
Member
Author
There was a problem hiding this comment.
@copilot apply changes based on this feedback
Member
Author
There was a problem hiding this comment.
@copilot please remove the ai disclosure text here too
- .claude/settings.json: merged hooks (from PR) with marketplace config (from upstream) - ci-analysis/SKILL.md: accept upstream deletion (skill moved to dotnet/arcade-skills) - vmr-codeflow-status/SKILL.md: accept upstream deletion (skill moved to dotnet/arcade-skills) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as low quality.
This comment was marked as low quality.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace per-skill AI disclosure with a single PreToolUse hook
Replaces the per-skill duplication from #125842 with a single
PreToolUsehook that reminds about AI-generated content disclosure at the point of action.What changed
.github/hooks/hooks.json— a singlePreToolUsehook (Copilot CLI format) withcommand(Node.js),bash, andpowershellvariants that fires on write-verb tool calls (Bash|PowerShell|create|comment|update|edit|review|push|merge) and checks forgh pr/issuecommands or GitHub MCP tool usage.claude/settings.json— equivalent Claude Code hook configurationcopilot-instructions.md(unchanged from Require AI-generated content disclosure in copilot instructions and skills #125842) — this is the source of truthapi-proposal/SKILL.mdci-analysis/SKILL.mdcode-review/SKILL.mdissue-triage/SKILL.mdperformance-benchmark/SKILL.mdvmr-codeflow-status/SKILL.mdDesign
ghCLI commands and GitHub MCP tools, avoiding doubled context overhead from running two hooks on every tool callcopilot-instructions.mdNote
This PR was drafted with the help of an AI agent.
cc @stephentoub