Skip to content

Instantly share code, notes, and snippets.

@Shazwazza

Shazwazza/agentic-roslyn.md

Last active February 6, 2026 08:31
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Shazwazza/8427cfe2b6fab05c8e31b11c34c69205 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Shazwazza/8427cfe2b6fab05c8e31b11c34c69205 to your computer and use it in GitHub Desktop.
Download ZIP
Technical Report: The Agentic Analyzer Architecture (Roslyn + Copilot SDK)
Raw
agentic-roslyn.md

Technical Report: The Agentic Analyzer Architecture Subject: Feasibility and Architecture of Blending Roslyn Analyzers with GitHub Copilot SDK Date: February 6, 2026 To: Development Team

  1. Executive Summary This report outlines the architectural pattern for "Agentic Analyzers"—a hybrid tooling approach that combines the deterministic speed of Roslyn (static analysis) with the semantic reasoning of the GitHub Copilot SDK (Generative AI). By bridging these technologies, we can move beyond checking syntax (e.g., "Is this variable camelCase?") to checking intent (e.g., "Does this API endpoint violate our specific 2026 security idempotency standards?"). This enables analyzers that are dynamic (rules update without recompilation), runtime-aware (checking logs/metrics), and adaptive.
  2. The Core Architecture The system functions as a two-stage pipeline:
  • The Sensor (Roslyn): A lightweight DiagnosticAnalyzer runs in the IDE background. It acts as a highly specific trigger, identifying relevant syntax nodes (e.g., MethodDeclaration, catch blocks) to avoid sending the entire codebase to the LLM.
  • The Brain (Copilot SDK): When a trigger is activated, the Roslyn analyzer packages the code context and dispatches it to a "Copilot Agent" (a custom extension). This Agent evaluates the code against natural language rules and returns specific, context-aware diagnostics.
  1. Key Capabilities A. Dynamic Rule Definitions Traditional analyzers require recompiling and redistributing a .dll to change a rule. Agentic Analyzers fetch rules from dynamic sources:
  • Markdown Docs: The Agent reads docs/security-guidelines.md as its source of truth. Updating the text file immediately updates the analyzer's logic.
  • Vector Search: For large codebases, the Agent can retrieve similar patterns from the existing codebase to ensure consistency (e.g., "How do we usually handle retries in this module?"). B. Runtime & Environment Awareness The Copilot SDK allows tool calling. The analyzer can perform checks that were previously impossible at design time:
  • Database Schema: "You are referencing a column User_ID that doesn't exist in the current production schema."
  • Performance: "This LINQ query pattern matches one that caused a 200ms latency spike in the last release."
  1. Implementation Details The "Prompt Template" Strategy To prevent "hallucinations" (false positives), the Copilot Agent requires a structured System Prompt. This prompt anchors the AI to your specific constraints. Recommended System Prompt Structure: ROLE: You are a Senior Code Reviewer for [Company Name]. Your goal is to strictly validate code against the specific rules provided below.

INPUT CONTEXT:

  1. Code Snippet: [Insert Code from Roslyn]
  2. File Path: [Insert Path]
  3. Active Rule Set: [Insert Rule Text, e.g., "All public APIs must use the Result pattern, never throw exceptions."]

INSTRUCTIONS:

  • Analyze the Code Snippet ONLY against the Active Rule Set.
  • Do NOT offer general improvements (style, naming) unless they violate the Rule Set.
  • If the code violates the rule, output a JSON object with:
    • "isViolation": true
    • "message": "A concise, actionable error message explaining the violation."
    • "suggestedFix": "A rewritten version of the code that complies."
  • If the code is valid, output "isViolation": false.

CONSTRAINT:

  • Be conservative. If you are unsure, do not flag a violation.

C# Integration Hook The Roslyn analyzer acts as the client. Note the use of CompilationEnd or OnSave triggers to manage performance (avoiding API calls on every keystroke). public override void Initialize(AnalysisContext context) { // Run on save or compilation end to save tokens/latency context.RegisterCompilationAction(async compilationContext => { var agent = new CopilotAgentClient(); var violations = await agent.ReviewChangesetAsync(compilationContext.Compilation);

    foreach(var v in violations)
    {
        var diagnostic = Diagnostic.Create(Rule, v.Location, v.Message);
        compilationContext.ReportDiagnostic(diagnostic);
    }
});

}

  1. Challenges & Mitigation | Challenge | Impact | Mitigation Strategy | |---|---|---| | Latency | LLM calls take 500ms - 2s, causing UI lag if run synchronously. | Run analysis asynchronously on file save; do not block the UI thread. Use caching for unchanged methods. | | Token Cost | Sending code to LLMs frequently can be expensive. | Only send "changed" methods. Use Roslyn to filter trivial nodes before invoking the SDK. | | Determinism | AI may give different answers to the same code. | Set LLM temperature to 0. Use "Few-Shot Prompting" (examples of pass/fail) in the system prompt. |
  2. Conclusion Blending Roslyn with the GitHub Copilot SDK allows us to capture "tribal knowledge" and architectural intent in a way that static analysis cannot. While it introduces latency and cost considerations, it provides a layer of automated, semantic code review that scales with the team's evolving standards.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment