Workflows
Workflows are step-by-step multi-phase instruction files. Each workflow step has a clear goal, a set of tasks, and exit criteria. Run them in order to move a project through a defined cycle.
Dev Cycle
Quality assurance and continuous improvement of an existing codebase.
| Step | File | Purpose |
|---|---|---|
| 1 | Test the Project | Run tests, verify build, check dependencies, populate TODO.md with issues |
| 2 | Test the UI | Test interface components, check browser compatibility and accessibility |
| 3 | Code Review | Analyse code quality, security, performance, and best practices |
Scope Cycle
Used at the start of a new project or phase to define what needs to be built.
| Step | File | Purpose |
|---|---|---|
| 1 | Define Product Scope | Analyse the codebase and write a comprehensive SCOPE.md |
| 2 | Actionable Plan → TODO | Break the scope into developer-ready tasks and populate TODO.md |
Feature Cycle
Full lifecycle for delivering a single feature from idea to production.
| Step | File | Purpose |
|---|---|---|
| 1 | Define Feature | Write a complete spec with acceptance criteria before any code is written |
| 2 | Design and Review | Technical design covering data, services, API, security, and performance |
| 3 | Implement | Execute the design task-by-task with verification after each change |
| 4 | Test | Verify acceptance criteria, edges, security, and performance |
| 5 | Release | Pre-release checklist, deployment, smoke test, rollback plan |
Bug Cycle
Systematic process for finding, fixing, and preventing bugs.
| Step | File | Purpose |
|---|---|---|
| 1 | Reproduce | Establish an on-demand reproduction and write a failing regression test |
| 2 | Diagnose | Find the exact root cause using hypothesis-driven investigation |
| 3 | Fix and Verify | Apply a minimal targeted fix, verify tests pass, commit with full context |
Release Cycle
Prepare and ship a production release safely.
| Step | File | Purpose |
|---|---|---|
| 1 | Pre-Release Check | Tests, security scan, changelog, docs, migration safety — go/no-go gate |
| 2 | Release | Version tag, changelog, deploy, migrations, health check |
| 3 | Post-Release | 30-minute monitoring, cleanup, stakeholder communication, follow-up tasks |
Refactor Cycle
Disciplined, behaviour-preserving code improvement.
| Step | File | Purpose |
|---|---|---|
| 1 | Assess | Identify code quality issues, establish test safety net, risk assessment |
| 2 | Plan | Map current state, define target state, sequence atomic steps |
| 3 | Execute | One step at a time, test after every change, commit each step |
Incident Cycle
Detect, resolve, and learn from production incidents.
| Step | File | Purpose |
|---|---|---|
| 1 | Detect and Triage | Confirm the incident, assess severity, assemble the response team |
| 2 | Investigate and Resolve | Form hypotheses, gather evidence, apply fix, confirm resolution |
| 3 | Post-Mortem | Blameless review, timeline reconstruction, action items to prevent recurrence |
Data Cycle
Model, migrate, and validate database and data pipeline changes.
| Step | File | Purpose |
|---|---|---|
| 1 | Model and Design | ERD review, schema design decisions, index strategy, migration plan |
| 2 | Migrate and Apply | Zero-downtime migration execution and rollback readiness |
| 3 | Validate and Monitor | Data integrity checks, query performance, pipeline monitoring |
Onboarding Cycle
Bring a new contributor to productivity in a structured, verifiable way.
| Step | File | Purpose |
|---|---|---|
| 1 | Environment Setup | Local dev environment, tooling, credentials, verify the build runs |
| 2 | Explore the Codebase | Architecture tour, key concepts, domain model, flow through the system |
| 3 | First Contribution | Pick a starter issue, implement, PR, and get it merged |
Security Cycle
Audit, remediate, and harden the application against security threats.
| Step | File | Purpose |
|---|---|---|
| 1 | Audit | OWASP Top 10 review, dependency CVE scan, secret detection, header check |
| 2 | Remediate | Fix all findings — patch CVEs, fix injection/auth bugs, rotate secrets |
| 3 | Harden | CSP, HSTS, rate limiting, least-privilege, security scanning in CI |
Deploy Cycle
Build, validate, and ship a production deployment safely.
| Step | File | Purpose |
|---|---|---|
| 1 | Prepare Deployment | Artefact build, env config validation, migration review, rollback plan |
| 2 | Deploy and Verify | Execute deploy, smoke tests, error rate monitoring, rollback if needed |
How to Use a Workflow
- Open the workflow step file.
- Give it to Copilot as your system prompt or reference it in chat.
- Copilot follows the instructions and populates
TODO.mdwith results. - Hand off to the AutoDev agent to execute the tasks.
- Move to the next workflow step when exit criteria are met.