Custom Instructions for Duo Code Review
## Release notes GitLab Duo Code Review now supports custom instructions, allowing teams to guide AI code reviews with project-specific coding standards. Users can define rules with specific path patterns to ensure Duo provides targeted, consistent feedback aligned with team conventions. ## Problem to solve As a project maintainer, I want to customize how Duo Code Review evaluates our codebase, so I can enforce team-specific conventions and best practices that wouldn't be caught by standard linters or static analysis tools. Currently, Duo Code Review provides generic feedback that doesn't account for team-specific conventions, architectural patterns, or domain knowledge. This leads to generic reviews that miss important project-specific concerns and requires additional manual review effort. ## User experience goal The user should be able to define, manage, and apply custom code review instructions through the GitLab UI at the project level, with rules targeted to specific file patterns. ## Proposal We will implement a UI-based system for custom code review instructions in GitLab Duo Code Review at the project level. ### User Journey 1. A project maintainer notices that Duo Code Review isn't catching team-specific conventions 2. They navigate to Project Settings > Duo Code Review > Custom Instructions 3. They create a new rule by: - Providing a descriptive title - Defining path patterns to target specific files - Writing clear instructions for the AI reviewer 4. When a team member submits a merge request, Duo Code Review automatically applies the relevant rules based on the files being modified 5. The merge request receives AI review comments that reflect the team's specific conventions 6. The team iteratively refines rules based on effectiveness #### Rule Configuration Rules will be configurable via the GitLab project settings UI: - Settings located under Project Settings > Duo Code Review > Custom Instructions - Simple interface for creating, editing, and managing review rules - Ability to enable/disable individual rules without deletion #### Rule Structure Each rule will consist of: - **Title**: Descriptive name for easy reference - **Path patterns**: Glob patterns specifying which files the rule applies to (e.g., `**/*.js`, `lib/**/*.rb`) - **Instruction**: Plain text guidance for the AI reviewer #### Path Pattern Implementation - **Syntax**: Will follow glob pattern syntax similar to `.gitignore` and `CODEOWNERS` - **Multiple patterns**: Users can specify multiple patterns per rule, one pattern per line - **Pattern types**: Initially, only inclusive patterns will be supported (no negation with `!`) - **Examples in UI**: Common pattern examples will be provided to help users get started #### Rule Application 1. **Rule Matching**: - When Duo Code Review is triggered, the system identifies applicable rules based on files being modified - Rules are added to the context provided to the LLM - The LLM applies these guidelines in its review 2. **Rule Precedence**: - More specific path patterns have priority over broader patterns - Later rules take precedence over earlier rules 3. **Visibility**: - Indication in the Duo Code Review interface about which rules were applied - Option to view the specific instructions that influenced review comments ### User Experience 1. **Rule Management**: - Users can view, create, edit, and delete custom instructions through the GitLab UI - Rules can be individually enabled or disabled without deletion - Clear visibility of which patterns each rule applies to ![gitlab-rules-listing.svg](/uploads/385540393d61ae2458739d991bc61709/gitlab-rules-listing.svg) 2. **Rule Creation and Editing**: - Intuitive form-based interface for creating rules - Multi-line input for path patterns with one pattern per line - Plain text editor for instruction content with character count ![gitlab-rule-editor.svg](/uploads/19bd917f18648fc5650f923a8fae3c69/gitlab-rule-editor.svg) 3. **Rule Application Visibility**: - Indication in the Duo Code Review interface about which rules were applied - Option to view the specific instructions that influenced review comments ### Further details #### Interoperability There are two additional items that should be considered as part of the implementation plan: 1. Configuration of this information via a REST API. This would allow users to programmatically update this information across projects and make the data easier to expose for other applications. 2. While the initial use case for these custom instructions may be that we leverage them in Duo Code Review, we should also consider more broadly that other GitLab Duo features would use these. #### Use Cases 1. **Enforcing Documentation Standards**: - Rules for Go files that ensure exported functions have proper documentation - Rules for markdown files that enforce consistent formatting 2. **Specialized Error Handling**: - Rules for controllers that enforce consistent error handling patterns - Rules for API endpoints that ensure proper validation and error responses 3. **Security Best Practices**: - Rules for authentication-related code to enforce security patterns - Rules for database queries to prevent injection vulnerabilities 4. **Architectural Patterns**: - Rules that enforce clean architecture in specific modules - Rules that ensure proper separation of concerns #### Example Rules **Error Handling Standards**: ``` Title: Error Handling Standards Path patterns: **/*.js **/*.ts src/api/**/*.js Instruction: Always ensure proper error handling with try/catch blocks for async operations. Errors should: 1. Be logged with appropriate severity 2. Include contextual information about the operation 3. Not expose sensitive information 4. Be properly propagated to the caller when necessary ``` **API Security Guidelines**: ``` Title: API Security Guidelines Path patterns: app/controllers/api/** lib/api/** Instruction: When reviewing API endpoints, check for: 1. Proper input validation for all parameters 2. Authentication and authorization checks 3. Rate limiting where appropriate 4. Prevention of SQL injection vulnerabilities 5. No exposure of sensitive data in responses ``` ### Feature Usage Metrics We will track: 1. **Rule creation and management**: - Number of projects with at least one custom instruction rule - Average number of rules per project - Rule creation/editing/deletion events 2. **Rule application**: - Number of merge requests where rules were applied - Number of unique rules applied across merge requests - Distribution of rule applications by path pattern 3. **Review impact**: - Correlation between rule application and comment acceptance - Change in review comment volume/quality before and after rule implementation ### What does success look like, and how can we measure that? **Success Metrics**: 1. 25% of projects using Duo Code Review implement at least one custom instruction within 3 months of launch 2. 15% reduction in manual code review comments on projects using custom instructions 3. 20% increase in Duo Code Review comment acceptance rate for projects using custom instructions **Acceptance Criteria**: 1. Users can create, edit, and delete custom instructions through the GitLab UI 2. Custom instructions are correctly applied to matching files in merge requests 3. Duo Code Review comments reflect the guidance provided in custom instructions 4. Performance impact of rule application is less than 500ms per merge request 5. Rule application is visible to users in the Duo Code Review interface ### What is the competitive advantage or differentiation for this feature? 1. **Integration with GitLab ecosystem**: Our custom instructions are fully integrated with GitLab's project structure and permissions model. 2. **Familiar pattern matching**: We leverage GitLab's existing pattern matching syntax (similar to `.gitignore` and `CODEOWNERS`), reducing the learning curve. 3. **Project-level customization**: Our implementation allows for fine-grained control within projects, with plans to expand to group-level configuration in the future. 4. **Actionable, contextual feedback**: By combining AI capabilities with team-specific knowledge, we provide more relevant and actionable review comments. 5. **Foundation for future expansion**: This feature lays the groundwork for future group-level configuration and more advanced rule capabilities, creating a scalable approach to AI code review customization.
epic