Github Copilot & the markkëtplace
#ai
Git, github & copilot
Around the 20 year anniversary of git, and 17 for github we were thinking about all the different tools we've used in our career
From dropping files in FTP, LAN, or delivering floppy disks to customers, to continuous integrations
Both Linus and Github claim that Ruby & Ruby on Rails helped them achieve international popularity
Either by attending college, or by being apprentices, developers maintain a tradition of collaboration, open source, patience, and forking to improve things our ecosystem, inspired by our own struggles
In some ways, we're just like Linus, much dumber, yet both standing in the shoulders of the same giants
Vibe coding
VibeCoding was recently coined by Andrej Karpathi from Open AI
Per wikipedia:
Vibe coding (also vibecoding) is an AI-dependent programming technique where a person describes a problem in a few sentences as a prompt to a large language model (LLM) tuned for coding
At Markkët we started using Copilot after meeting the security team at Github, during their conference in San Francisco and deciding they're cool and we can trust them
VScode offers a Copilot plugin, and it is also available to summarize pull requests, perform code reviews, and security inspections
It builds on top of previous efforts by Github like dependabot, and improvements to safety and privacy in the deployment pipelines
For the rest of the article, we asked our Copilot running Claude 3.7 to share some tips for our experience working together
Markkët Development Guidelines
🎯 Our Development Philosophy
We use "Vibe Coding" to create front end components and getting unstuck - focusing on developer happiness while maintaining high standards of moonlight and reliability
💫 Core Principles
Type Safety First: TypeScript everywhere
Fail Fast: Catch errors early in development
Developer Experience: Tools that make coding enjoyable
Security by Design: Protected secrets and safe data handling
Test-Driven: Automated testing at multiple levels
🔧 Prompt tips
We recommend using AI sparingly, is a new technology that hallucinates constantly and has the power to break things beyond human comprehension
Having good architecture, and understanding of data flows, type safety and testing tools is essential - avoid installing random packages suggested by the AI, and remember that the training sets are full of errors
Before prompting the AI, select your UI kits, frameworks, and programming languages - we love using NextJS with typescript, and there are many other alternatives to bootstrap your project
For markkët templates we recommend using astro, or plain with a JS template engine
Have a repo ready, create branches, and always prompt on a clean git story - you want to easily be able to revert changes
For making changes inside a file, Copilot can guess many things - if there are related files, or similar implementations, drag those files to the context
When creating a whole new file or set of components, is better to actually create a file, and add some comments with the expected behavior before prompting
Copilot is very good at writing documentation in an accesible english, and translating - for international teams and ESL developers is fantastic - take advantage of this to include README files and comments in complex pieces
When prompting, include specific package names and versions
Examples
in this NEXTJS project, using the app router, complete this file to display a dynamic form that is easy to customize, so we can reuse it later
We're using Jquery 1.7 to communicate with our PHP API, this widget needs to request /api/420 and blaze it
My front end skills are a little embarrassing, can you make the image be more compelling inside the frame and suggest some CSS to make this landing page look like we're not a bunch of clowns, thanks <3
🛡️ Development Safety
ESLint + Prettier
TypeScript strict mode
GitHub Actions CI/CD
Secrets managed via GitHub Secrets
No API keys in code or commits
Data sanitization at boundaries
Trust, Privacy and safety
We particularly use VScode & Github, which are Microsoft tools
Growing up my first computer had MSDos, I pirated many copies of Windows and try to use open-source and be rebellious where possible
I love trying out new things, and supporting the small teams where possible
However, when dealing with private data, personally identifiable information, credit cards, etc, we must be very strict
Microsoft has a vested financial interest in protecting their own infrastructure and their customers; I have personally met engineers at different teams, and their claims are genuine - Github scans your public and private repos and catches errors that are easy to miss
In any case, you take the general precautions you need and evaluate the tools you're using, and read all the output before potentially opening up backdoors to your database
🧪 Development Environment
Save keys in files ignored by .git, generating new keys for teammates and separate environments
Environment variables in .env.local
Remember: We code for maintainability and developer happiness while keeping security and reliability as top priorities! 🚀