Skip to content
Docs

Overview

GitHub Copilot is an AI-assisted tool integrated with GitHub that can provide automated feedback during pull request (PR) reviews. Within our development workflow, Copilot is used primarily to assist with identifying potential issues in proposed code changes and to highlight areas that may benefit from additional review.

While Copilot can surface useful suggestions, it does not replace human code review. All feedback should be treated as advisory and evaluated alongside established engineering standards and team review practices.

Our team prioritizes the use of OpenAI Codex for AI-assisted development tasks. GitHub Copilot is primarily used within GitHub’s pull request workflow to supplement the review process.

Purpose

Section titled “Purpose”

GitHub Copilot helps improve the pull request review process by:

  • Identifying potential bugs or logic errors
  • Highlighting code that may not follow best practices
  • Suggesting small improvements or refactoring opportunities
  • Drawing attention to areas that may require additional testing

These automated suggestions help reviewers focus attention on potentially problematic areas, but they should always be validated by engineers.

Section titled “Recommended Usage”

GitHub Copilot should be used as a review assistant, not an authoritative reviewer.

When Copilot provides PR feedback:

  • Review suggestions critically before applying any changes.
  • Confirm that recommendations align with project architecture and coding standards.
  • Verify that proposed fixes do not introduce unintended side effects.
  • Ensure changes are tested before merging.

Copilot feedback should complement the normal peer review process and should never be used as the sole basis for approving or rejecting a pull request.

Pull Request Review Workflow

Section titled “Pull Request Review Workflow”

GitHub Copilot is integrated into the standard pull request workflow and acts as an automated assistant during the review process.

A typical review flow may include:

  1. Developer opens a pull request

    Code changes are submitted for review in GitHub.

  2. Copilot performs automated review

    Copilot analyzes the diff and generates suggestions or comments on potential issues.

  3. Engineers review Copilot feedback

    Developers and reviewers evaluate Copilot comments alongside their own code review.

  4. Human reviewers perform full review

    Architecture, maintainability, security, and correctness are validated by engineers.

  5. Changes are addressed and verified

    Suggested improvements are implemented if appropriate and verified through testing.

  6. Pull request is approved and merged

    After thorough review, the PR is approved and merged into the main branch.

Copilot helps surface potential issues earlier in the review process, but human reviewers remain responsible for the final approval decision.

Example Copilot Pull Request Feedback

Section titled “Example Copilot Pull Request Feedback”

Developers may see comments from Copilot that resemble the following examples:

Potential Bug Detection

Section titled “Potential Bug Detection”

This condition may not behave as expected if user is null. Consider adding a null check before accessing user.id.

Code Simplification

Section titled “Code Simplification”

This loop can be simplified using Array.map() to improve readability.

Performance Suggestion

Section titled “Performance Suggestion”

This query runs inside a loop and may cause performance issues for large datasets. Consider batching the queries or prefetching the data.

Missing Error Handling

Section titled “Missing Error Handling”

This function does not handle potential errors from the external API call. Consider adding error handling or retry logic.

These comments are intended to highlight areas that may benefit from additional attention during review.

Limitations

Section titled “Limitations”

Developers should be aware of the following limitations when relying on AI-assisted code review:

  • Copilot may misinterpret code context or intent.
  • Suggestions may not reflect project-specific architecture decisions.
  • Security or performance concerns may not always be detected.
  • Automated feedback can occasionally produce incorrect or unnecessary recommendations.

Because of these limitations, human review remains a required step in all pull requests.

Security Considerations

Section titled “Security Considerations”

When interacting with AI-assisted tools in GitHub:

  • Avoid exposing secrets, credentials, or sensitive infrastructure details.
  • Ensure code changes comply with internal security policies.
  • Treat Copilot suggestions as untrusted input until verified.

Following these practices helps maintain the integrity and security of the codebase.