From 43227c66c58e432d4b4197d248969fdd99c425e2 Mon Sep 17 00:00:00 2001
From: "Ariel Shaqed (Scolnicov)" <ariels@treeverse.io>
Date: Mon, 10 Nov 2025 09:38:28 +0200
Subject: [PATCH] Create generated-code.instructions.md

Instruct copilot to review generated code better than it does today.
---
 .../generated-code.instructions.md            | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .github/instructions/generated-code.instructions.md

diff --git a/.github/instructions/generated-code.instructions.md b/.github/instructions/generated-code.instructions.md
new file mode 100644
index 00000000000..e9bd9a491e3
--- /dev/null
+++ b/.github/instructions/generated-code.instructions.md
@@ -0,0 +1,36 @@
+## Generated code
+
+Some files in the repository contain generated code.  These include:
+- All files `*.gen.go`.
+- All files under `clients/java`.
+- All files under `clients/python`.
+- All files under `clients/rust`.
+
+DO NOT make any stylistic suggestions to these files.  Only make suggestions to these files for actual errors.
+
+### Examples
+
+#### Not an error, do NOT report suggest a fix
+
+In file clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java
+
+
+```java
+        } else if ( localBasePaths.length > 0 ) {
+            basePath = localBasePaths[localHostIndex];
+```
+
+Do NOT comment
+> Test is always false.
+
+This is generated code, and there is no harm in this code.
+
+#### Error, report and suggest a fix
+
+If a generated file in clients/python contains code similar to this:
+
+```py
+  sql_statement = s"SELECT $columns FROM $table LIMIT 1"
+```
+
+then it may be susceptible to SQL injection.  Report it unless variables `column` and `table` are very clearly safe to use.