GitHub Copilot Code Review: Organization Controls, Content Exclusion, and Unlimited Custom Instructions
GitHub CopilotGitHub Copilot code review received three significant configuration upgrades on June 12, 2026. Organization administrators can now set a default runner type across all repositories and lock the setting to override repository-level choices. Copilot code review also gained full respect for existing content exclusion policies at repository, organization, and enterprise levels, allowing teams to prevent Copilot from reading sensitive files during review. Most notably for everyday developers, the previous 4,000-character limit on .github/copilot-instructions.md and *.instructions.md files has been removed entirely, enabling richer custom review guidelines.
Sources & Mentions
5 external resources covering this update
Organization-Wide Runner Type Controls
GitHub expanded the administrative reach of Copilot code review by introducing a new organization-level setting that lets admins define a default runner type for all repositories. Previously, each repository owner could independently choose whether Copilot code review ran on a GitHub-hosted runner or a self-hosted runner. With this update, organization administrators can now set a default that applies across every repository in the organization and, critically, lock that setting so that individual repository maintainers cannot override it.
This change is particularly meaningful for organizations that have strict compliance requirements or security policies around where code analysis runs. A team that mandates self-hosted runners for data residency reasons, for example, can now enforce that policy uniformly without relying on per-repository configuration hygiene.
Content Exclusion Now Honored in Code Review
GitHub Copilot code review now fully respects content exclusion configurations already in place at the repository, organization, and enterprise levels. Teams that had previously defined rules to prevent Copilot from accessing certain files, such as secrets files, configuration files with credentials, or proprietary algorithm files, can now be confident that those same exclusions apply when Copilot performs code review.
This closes a gap that existed when code review was first introduced: content exclusion policies established for Copilot's code completion and chat features were not automatically honored during review sessions. With this update, the same exclusion rules apply uniformly across all Copilot surfaces. Administrators do not need to configure anything new; any existing exclusion policies are automatically picked up.
Character Limit Removed for Custom Instructions
Perhaps the most developer-facing of the three improvements is the removal of the 4,000-character limit on custom instruction files. Previously, both .github/copilot-instructions.md and files matching the *.instructions.md pattern were capped at 4,000 characters, which constrained teams that wanted to provide detailed, context-rich review guidelines.
With the character limit gone, teams can now write comprehensive review instructions that cover code style guidelines, architectural conventions, security requirements, naming standards, and any other context that helps Copilot produce more accurate and relevant review comments. This is especially valuable for larger codebases with nuanced conventions that require more than a few brief sentences to describe.
The removal aligns with GitHub's broader push to make Copilot more customizable at the team and organization level, allowing engineering teams to shape Copilot's behavior to reflect their specific standards rather than relying on generic defaults.