Setting up the initial copilot instructions

[sramani-metro]

No description provided.

[Copilot]

Pull request overview

Adds initial GitHub Copilot instruction documents for the Thunder framework, including a repo-wide overview and layer-scoped guidance that applies automatically to Source/** subtrees.

Changes:

• Added repo-wide .github/copilot-instructions.md covering architecture, workflows, and cross-cutting C++/Thunder conventions.
• Added scoped instruction files under .github/instructions/ for core/, com/, plugins/, and Source/Thunder/.
• Documented macOS-specific portability pitfalls (notably cross-dylib dynamic_cast issues with template typeinfo).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
.github/instructions/thunder-runtime.instructions.md	Adds runtime/daemon-layer guidance for Source/Thunder/** (Server/ServiceMap/Controller/config/lifecycle).
.github/instructions/plugins.instructions.md	Adds plugin framework API rules for Source/plugins/** (IPlugin, IShell lifetime, JSONRPC patterns).
.github/instructions/core.instructions.md	Adds Source/core/** rules for dependencies, threading, sync, JSON, IPC, portability.
.github/instructions/com.instructions.md	Adds Source/com/** rules for COM-RPC interfaces, proxy/stub patterns, and macOS IPC casting caveats.
.github/copilot-instructions.md	Adds top-level repository + style conventions and links to scoped instruction files.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This file mandates include guards and forbids #pragma once, but the codebase uses both patterns today (e.g. Source/com/com.h:20 uses #pragma once, while Source/plugins/IPlugin.h:20 uses #ifndef __IPLUGIN_H__). To avoid confusing contributors/Copilot, consider either allowing both or documenting where each is preferred, rather than an absolute prohibition.

[sramani-metro]

@copilot open a new pull request to apply changes based on this feedback

[Copilot]

IPluginExtended/ICompositPlugin are not nested under IPlugin (they’re PluginHost::IPluginExtended and PluginHost::ICompositPlugin), and IPluginExtended does not add Inbound()/Process() for HTTP handling. In Source/plugins/IPlugin.h, HTTP handling is provided by PluginHost::IWeb (Inbound(Web::Request&), Process(const Web::Request&)), while IPluginExtended only adds Attach()/Detach() for channel lifecycle. Please update this section header and bullets to match the actual interfaces to avoid misleading plugin authors.

Suggested change

	## `IPlugin::IPluginExtended` and `IPlugin::ICompositPlugin`
	- `IPluginExtended`: adds `Inbound(Web::Request&)` and `Process(const Web::Request&)` for HTTP handling. Also known as the `IWeb` pattern (prefer `IWeb` from the exchange interfaces if available).
	- `ICompositPlugin`: for plugins that aggregate sub-plugins — rare, check existing examples before implementing.
	## `PluginHost::IPluginExtended` and `PluginHost::ICompositPlugin`
	- `PluginHost::IPluginExtended`: extends `IPlugin` with `Attach()` / `Detach()` for channel lifecycle handling (called when a channel connects/disconnects).
	- HTTP handling is provided by `PluginHost::IWeb`, which adds `Inbound(Web::Request&)` and `Process(const Web::Request&)`. Prefer `PluginHost::IWeb` (or the corresponding exchange interface) when exposing HTTP endpoints.
	- `PluginHost::ICompositPlugin`: for plugins that aggregate sub-plugins — rare, check existing examples before implementing.

[Copilot]

@sramani-metro I've opened a new pull request, #2070, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This says deactivation reason codes are passed to IPlugin::INotification::Deactivated(), but that callback’s signature is only (callsign, IShell*) (no reason parameter). The reason is available via IShell::Reason() (e.g. used in Source/Thunder/Controller.h). Please update this guidance, and also align the reason names with the actual PluginHost::IShell::reason enum (e.g. WATCHDOG_EXPIRED, INITIALIZATION_FAILED, etc.).

Suggested change

	- Reason codes for deactivation (`REQUESTED`, `AUTOMATIC`, `FAILURE`, `SHUTDOWN`, `CONDITIONS`, `WATCHDOG`) are passed to `IPlugin::INotification::Deactivated()` — use the correct reason when triggering deactivation.
	- Deactivation reasons are represented by `PluginHost::IShell::reason` (e.g. `WATCHDOG_EXPIRED`, `INITIALIZATION_FAILED`, `SHUTDOWN`, `REQUESTED`) and are available inside `IPlugin::INotification::Deactivated(const string& callsign, PluginHost::IShell* shell)` via `shell->Reason()` — always set and interpret the correct reason when triggering or handling deactivation.

[Copilot]

The activation/deactivation paths mention loading/unloading a .so, but Thunder also targets macOS where the runtime library extension is .dylib. Consider wording this as “shared library” (or “.so/.dylib”) to avoid encoding a Linux-only assumption.

Suggested change

	- Activation path: `Service::Activate()` → loads `.so` → calls `Initialize()` → transitions to `ACTIVATED`.
	- Deactivation path: `Service::Deactivate()` → calls `Deinitialize()` → unloads `.so`.
	- Activation path: `Service::Activate()` → loads the plugin shared library (`.so`/`.dylib`) → calls `Initialize()` → transitions to `ACTIVATED`.
	- Deactivation path: `Service::Deactivate()` → calls `Deinitialize()` → unloads the plugin shared library (`.so`/`.dylib`).

[Copilot]

The execution mode table describes Off as “In-process”, but in-process is the default when there is no root block. In code, RootConfig::ModeType::OFF is treated as an invalid/unexpected value (ASSERT(false) in Source/plugins/Shell.cpp), so documenting it as an in-process mode is incorrect.

Suggested change

	| `Off` | In-process (default if no `root` block) |
	| `Off` | Invalid / reserved — do not use; in-process is the implicit default when no `root` block is present |

[Copilot]

The plugin state list is incomplete/misleading. In this repo PluginHost::IShell::state includes additional lifecycle states like ACTIVATION, DEACTIVATION, and DESTROYED (see Source/plugins/IShell.h), so describing the states as only UNAVAILABLE → DEACTIVATED → PRECONDITION → ACTIVATED is inaccurate.

Suggested change

	- Plugin states are `UNAVAILABLE → DEACTIVATED → PRECONDITION → ACTIVATED` (plus `SUSPENDED`/`HIBERNATED`). Only the framework transitions states — never force-set `_state` directly.
	- Plugin states follow `PluginHost::IShell::state` (see `Source/plugins/IShell.h`), including `UNAVAILABLE`, `DEACTIVATED`, `ACTIVATION`, `PRECONDITION`, `ACTIVATED`, `DEACTIVATION`, `SUSPENDED`, `HIBERNATED`, and `DESTROYED`. Only the framework transitions states — never force-set `_state` directly.

[MFransen69]

perhaps mention something that it also provides general abstrtactions to plugins, e.g. OS things like threads, time, low level network stuff, files etc.?

[MFransen69]

Don't know if it is important but that is old RDKV. Newer code is in all the enterservices- repo's

[MFransen69]

ThunderExtensions repo is missinf(should we explain inhere what that is)
Also ThunderClient libraries, ThunderNanoServicesRDK, ThunderTools,

[MFransen69]

As it mentions key gues does not have to be complete

[MFransen69]

Don't know if it is important, but Thunder is more next to plugins

[MFransen69]

prefer #pragma once?

[MFransen69]

It is not preferred over manual (okay now stating Pierre's opinion :) )
Only for very small functions we use RAII over manual. But we can discuss in the CCB. But for now this should be the rule to be consistent with existing code

[MFransen69]

Isnn't that the same as this PR: #2072 ?

See my remark there, can't we point to the PSG somehow ? It has all options ad is reviewed

[MFransen69]

This whole section is hugely incorrect. Just remove it?

[MFransen69]

Mhmm that is strange, that is not even completely correct (addref and release come in via IReferenceCounted :)

[sebaszm]

Thanks for putting this together! That was a lot to go through!

Thus I have the impression this is too verbose for what it's supposed to address. I expected a list of brief guidelines, rather than such detailed description, whch is hard to review and maintain being correct. I even think some sections like how to build, run and test are redundant completely from a pull-request reviewer perspective.

Many do's and don'ts are repeated multiple times (like not using a vector, disregarding it being incorrect), some are not applicable (like don't edit generated files - this can't happen in a PR), some should be already obvious for AI (like what asserts are for).

And there seems to be much focus towards macOS (it hardly being a main target platform).

I left some comments on statements that I believe are straight incorrect. I also hope with so much text it's not a TL;DR sort of thing for Copilot. :)

[sebaszm]

Missing extensions.

[sebaszm]

That would be true for JSON-RPC. For COM-RPC, while this would be preferred, I don't think this is a concrete rule. Certainly it's supported that the return value is not hresult.

[sebaszm]

Not completely true. We do support std::vecotor in COM-RPC (with mandatory (at)restrict limitation).

[sebaszm]

I think it's the opposite? We endorese #pragma once, but old code still uses header guards, no point in changing it now.

[sebaszm]

Why they are expected to be declared? the interface already inherits a virtual destructor from IUnknown, and re-declaring it in interface has zero functional purpose and only clutters the contract :) (the header).

[sebaszm]

Neither list or map will even work. But vector will.

[sebaszm]

technically Iunknown only provides queryInterface :)

[sebaszm]

I think this section will be romoved once the issue described here is resolved.

[sebaszm]

again, I don't think this is a no-exception rule

[sebaszm]

This is typically autogenerated, no need for calling these manually.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 10 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

The error-code note says Core::ERROR_TIMEDOUT is equal to Core::ERROR_ASYNC_ABORTED “in some contexts”, but these are distinct values in Source/core/Errors.h (TIMEDOUT=11, ASYNC_ABORTED=4). This equivalence statement is likely incorrect and could cause people to write the wrong comparisons/handling; suggest removing the equality claim or describing the actual scenario being referred to (e.g. specific APIs translating one to the other).

Suggested change

	- `Core::ERROR_TIMEDOUT` (== `Core::ERROR_ASYNC_ABORTED` in some contexts) indicates a COM-RPC call exceeded `CommunicationTimeOut`.
	- `Core::ERROR_TIMEDOUT` indicates a COM-RPC call exceeded `CommunicationTimeOut`. Do not assume it is equal to `Core::ERROR_ASYNC_ABORTED`; handle them as distinct error codes.

[Copilot]

The “Plugin config hot-reload” description doesn’t match the current runtime behavior in Source/Thunder/PluginServer.h: ConfigObserver::Updated() calls ServiceMap::ConfigReload(), which iterates *.json files and calls Insert(...); Insert ignores duplicate callsigns rather than deactivating/reactivating an existing plugin. Consider updating this section to reflect what actually happens today (and/or documenting the current limitations) so this file doesn’t teach a hot-reload mechanism that isn’t implemented.

Suggested change

- **Plugin config hot-reload**: `FileObserver` watches the `configs` directory. On change, `ConfigObserver` calls `Service::ConfigUpdated()` → plugin is deactivated, config updated, re-activated (if autostart). This is non-atomic — there is a brief window where the plugin is inactive.

- **Plugin config “hot-reload” (current behavior is limited)**: `FileObserver` watches the `configs` directory. On change, `ConfigObserver::Updated()` calls `ServiceMap::ConfigReload()`, which rescans `*.json` files and calls `Insert(...)` for each. `Insert` **ignores duplicate callsigns**, so existing plugins are *not* deactivated, reconfigured, or re-activated — only newly added configs for previously unknown callsigns are picked up. To apply config changes for an existing plugin, you must currently deactivate/activate it (for example via `Controller`) or restart the daemon. Treat this as **additive-only discovery**, not full hot-reload.

[Copilot]

The rule "Place comments ... never on the same line as a statement" contradicts existing Thunder code style (there are many inline trailing comments in Source/, e.g. Source/Thunder/PluginHost.cpp:84 and Source/com/Administrator.h:37). Consider relaxing this to a preference (e.g. avoid trailing comments when possible) rather than a hard prohibition, so contributors/Copilot aren’t pushed into a style that the repo doesn’t follow.

Suggested change

	Keep comments minimal — code must be self-explanatory. A comment must add context that cannot be read from the code itself. Write comments in correct English. Place comments on their own line immediately before or after the relevant code — never on the same line as a statement.
	Keep comments minimal — code must be self-explanatory. A comment must add context that cannot be read from the code itself. Write comments in correct English. Prefer placing comments on their own line immediately before or after the relevant code; avoid trailing comments where possible, but they are acceptable when they significantly improve clarity or match the surrounding file’s style.

[Copilot]

This section states that all files should be PascalCase, but the repository contains many established lowercase headers (e.g. Source/core/core.h, Source/plugins/plugins.h, Source/com/com.h). To avoid generating renames or inconsistent guidance, consider scoping this to “new feature/module files” or documenting exceptions/legacy naming patterns.

[Copilot]

This section references Thunder/GenerateLua.sh, but that script does not exist in this repository (no GenerateLua.sh found). If the intent is cross-repo documentation, consider either linking to the correct script/path (if it lives elsewhere) or removing this step to avoid a dead-end for contributors.

Suggested change

- Run `Thunder/GenerateLua.sh Thunder/ ThunderInterfaces/` to produce the Wireshark dissector data file.

[Copilot]

This file says “No rules are defined here — rules are in copilot-instructions.md and constraints.md”, but the repo also contains several other rule-bearing instruction files (e.g. the scoped core.instructions.md, com.instructions.md, plugins.instructions.md, thunder-runtime.instructions.md). Consider rewording to avoid implying that only those two files contain rules.

Suggested change

	Use this file to find where detailed documentation or canonical examples live. No rules are defined here — rules are in `copilot-instructions.md` and `constraints.md`. For anti-patterns, see `common-mistakes.md`.
	Use this file to find where detailed documentation or canonical examples live. This file does not define new rules — consult `copilot-instructions.md`, `constraints.md`, and other `*.instructions.md` files for rules. For anti-patterns, see `common-mistakes.md`.

[Copilot]

This sentence states Thunder targets -fno-rtti, but the build configuration in this repo does not appear to disable RTTI (e.g. cmake/common/CompileSettings.cmake sets -fno-exceptions but not -fno-rtti), and the codebase uses dynamic_cast in multiple places. Consider removing the -fno-rtti claim or rephrasing it to the actual constraint being enforced (e.g. avoid RTTI-dependent patterns across dylib boundaries).

Suggested change

	3. **No RTTI, no exceptions, no STL allocations across ABI boundaries** — Thunder targets embedded Linux (`-fno-exceptions`, `-fno-rtti`). COM ref-counting (`AddRef`/`Release`/`Core::ProxyType`) replaces smart pointers at interface boundaries.
	3. **No RTTI, no exceptions, no STL allocations across ABI boundaries** — Thunder targets embedded Linux and is built with `-fno-exceptions`. Treat RTTI-dependent patterns (`dynamic_cast`, `typeid`, etc.) as forbidden across COM/ABI boundaries so deployments can safely opt into `-fno-rtti`. COM ref-counting (`AddRef`/`Release`/`Core::ProxyType`) replaces smart pointers at interface boundaries.

[Copilot]

This file says to prefer #pragma once for new headers, but core.instructions.md later says “use classic guards … (double-underscore prefix/suffix)” for new headers. These two instruction sources conflict and will cause inconsistent output; consider making them agree (either prefer #pragma once everywhere for new headers, or scope classic guards to specific subtrees / legacy files).

Suggested change

	Prefer `#pragma once` for new header files. Existing files that use classic `#ifndef` guards may keep them — there is no need to convert. Never mix both styles in the same file.
	For new header files, use classic `#ifndef` / `#define` / `#endif` include guards, with a double-underscore prefix and suffix in the macro name (for example, `__MYMODULE_H__`). Existing files that already use `#pragma once` or classic guards may keep them — there is no need to convert. Never mix both styles in the same file.

[Copilot]

The “Dependency Inversion Rule” claims com/ or Thunder/ provide the concrete WorkerPool / ResourceMonitor implementations, but in this repo they are implemented in Source/core/ (e.g. Source/core/WorkerPool.h defines Core::WorkerPool). This is likely to mislead contributors about where to add/modify threading/event-loop behavior; please update this section to reflect the actual layering used here.

Suggested change

	`Source/core/` is a **provider of abstractions** — it must never depend on upper layers. Upper layers (`com/`, `plugins/`, `Thunder/`) implement the abstractions. Concretely:
	- `core/` defines `IWorkerPool`, `IResource`, `IDispatch` — it does not implement a `WorkerPool` that knows about plugins.
	- `com/` and `Thunder/` provide the concrete `WorkerPool` and `ResourceMonitor` implementations that are injected at runtime.
	- If a new abstraction in `core/` needs a concrete implementation, define an interface in `core/` and provide the implementation in `Thunder/` or `com/`.
	`Source/core/` is a **provider of abstractions and platform primitives** — it must never depend on upper layers. Upper layers (`com/`, `plugins/`, `Thunder/`) configure, own, and wrap these primitives, but do not introduce dependencies back into `core/`. Concretely:
	- `core/` defines interfaces such as `IWorkerPool`, `IResource`, and `IDispatch`, and provides their generic implementations (for example, `Core::WorkerPool` in `Source/core/WorkerPool.h` and `Core::ResourceMonitor` in `Source/core/ResourceMonitor.h`). These implementations must remain independent of plugins and upper-layer concepts.
	- Threading, job-scheduling, and file-descriptor readiness behavior (event loop, `poll`/`epoll` integration, etc.) should be added or modified in `Source/core/` (typically in the `WorkerPool*` and `ResourceMonitor*` files), not in `com/` or `Thunder/`.
	- Upper layers (`com/`, `Thunder/`, `plugins/`) may own instances of `Core::WorkerPool` / `Core::ResourceMonitor`, wrap them, and register their own `IResource`/`IDispatch`/job types, but must not create new dependencies from `Source/core/` back into these layers.
	- If a new abstraction in `core/` needs a concrete implementation that depends on plugins, IPC, or other upper-layer types, define an interface in `core/` and provide the implementation in `Thunder/` or `com/`, accessed via dependency injection or callbacks.

[Copilot]

This “New File Checklist” says new headers should use classic include guards with double-underscore identifiers, but (a) constraints.md instructs to prefer #pragma once for new headers, and (b) many core headers already use #pragma once (e.g. Source/core/WorkerPool.h, Source/core/Errors.h). Consider aligning this checklist with the repo’s current practice and the global constraints file to avoid conflicting guidance.

Suggested change

	- Include guard for new headers: use classic guards `#ifndef __MYFILE_H__` / `#define __MYFILE_H__` / `#endif` (double-underscore prefix and suffix); existing headers that already use `#pragma once` may remain unchanged.
	- Include guard for new headers: prefer `#pragma once` (as per `constraints.md`). Existing headers that already use classic include guards may remain unchanged, but do not introduce new double-underscore identifiers in include guards.

[MFransen69]

This no longer holds for std::vector ;)

[MFransen69]

Or inside the same library

[MFransen69]

Perhaps we should be careful with the rather detailed part. I do not want AI start generating code everywhere using labes or adding own RTTI info and static cast.

[MFransen69]

Perhaps also mention the other ones, like for Controller and Plugin?

[MFransen69]

Should we perhaps mention generated code should use code form core over what is available in the C++ standard library?

[MFransen69]

This should not be needed at all.
This process should always be spawned from Thunder itself

[MFransen69]

Scanning through this I think I also would have expected a section on coding guidelines etc.