What the GitHub match counts mean

The headline numbers come from GitHub's public code-search API at one point in time. A repository can contain more than one matching file, generated copies can be indexed, forks may be present, and GitHub does not expose the total number of eligible repositories for these queries. For those reasons, dividing a match count by a guessed repository total would create a false adoption rate.

Use the counts as a reproducible search-visibility snapshot: they show how many indexed files matched the exact query when collected. Use the sample analysis to form hypotheses about instruction quality, then validate those hypotheses in a random or stratified study before making population claims.

What the 400-file sample found

All 100 AGENTS.md and CLAUDE.md sample files were readable. The Copilot query produced 99 readable files and the Cursor query produced 100. Every query also produced 99 or 100 unique repositories within its own sample, reducing—but not eliminating—duplicate-repository effects.

Explicit verification and security guidance were often absent. In the AGENTS.md sample, 68% lacked a detected security or approval rule and 53% lacked detected verification or completion criteria. In the Cursor rule sample, 87% lacked a detected security or approval rule, 83% lacked detected completion criteria, and 75% lacked an explicit test command. These are deterministic text detections, not judgments about repository quality.

Test commands and security patterns

The most frequently detected test command in sampled AGENTS.md files was pytest at 11%, followed by cargo test at 10% and go test at 7%. The top detected AGENTS.md security category was secrets and credentials at 24%. CLAUDE.md most often named npm test at 12%, while production restrictions appeared in 36% of its sample.

A missing text pattern does not prove that a repository lacks tests or security controls; the rules may live in CI, contributor documentation, policy tooling, or another instruction file. The report measures whether the sampled file itself gives an agent an explicit, recognizable command or boundary.

How to use this report

Benchmark your own instruction file against five practical categories: setup, explicit test commands, completion criteria, scope or precedence, and security or approval rules. Copy only controls that are true for your repository, and run each command from a clean checkout before publishing it to an agent.

For research or citation, download the JSON to preserve the query totals, methodology, summaries, limitations, and raw rows together. Use the CSV when you need repository URLs and detected signals for independent analysis. Always cite the snapshot date and the best-match sampling limitation next to any percentage.

How to cite and verify this release

Preferred citation: KyenAI. (2026). AI Coding Agent Instruction File Adoption Report — Q3 2026 (Version 2026-Q3) [Data set]. https://www.kyenai.com/guides/ai-coding-agent-instruction-file-adoption-report-2026

This release has no DOI, so use the canonical report URL as its stable identifier. Download the BibTeX or Citation CFF record for a reference manager; use the manifest and SHA-256 file to verify the JSON, CSV, and published generator before analysis or redistribution.

Recommended play

  1. Treat GitHub match totals as file counts, never as unique-repository adoption rates.
  2. Use the sample gaps as an audit checklist for setup, tests, completion, scope, and safety.
  3. Download the JSON when citing results so the date, query, denominator, and limitations remain attached.
  4. Use the versioned citation record and verify core artifacts against the published SHA-256 checksums.
  5. Repeat the generator on a later date to measure search-index change with the same method.

Instruction-file snapshot by surface

Choose the row that matches the tool surface you are researching; the match totals and sample results are not interchangeable.

AreaSearch querySnapshot findingInterpretation boundary
AGENTS.mdfilename:AGENTS.md158,592 indexed file matches; 100 sampled filesMay include multiple files per repository and forks
CLAUDE.mdfilename:CLAUDE.md46,772 indexed file matches; 100 sampled filesMeasures filenames, not active Claude Code use
Copilot instructionsfilename:copilot-instructions.md path:.github56,888 indexed file matches; 100 sampled filesPath query covers the repository-wide file, not every Copilot instruction surface
Cursor MDC rulesextension:mdc path:.cursor/rules8,392 indexed file matches; 100 sampled filesCounts individual rule files, so one repository may contribute many

Execution steps

01

Choose the exact surface

Match your coding tool to its documented instruction path before comparing counts or content.

02

Preserve the denominator

State whether a percentage uses readable files, sampled files, unique sample repositories, or GitHub file matches.

03

Audit your repository

Check for setup, tests, verification, scope, and security rules with the downloadable categories.

04

Reproduce or extend

Run the generator with a GitHub token, record the new date, and compare like-for-like queries.

Common pitfalls

Calling file matches an adoption rate

Say indexed file matches and publish the unique-repository count only for the analyzed sample.

Treating best-match results as random

Label every sample percentage as descriptive of GitHub's first 100 best matches for that query.

Equating absence with failure

Describe missing detected patterns; do not claim the repository lacks a control elsewhere.

Citing a live number without a date

Include the July 19, 2026 snapshot date or regenerate the dataset before publication.

Implementation checklist

  • Name the exact GitHub query and snapshot date.
  • Separate indexed file matches from unique sampled repositories.
  • State that GitHub best-match ordering is not random.
  • Keep sample percentages tied to readable-file denominators.
  • Describe regex detections as signals, not quality judgments.
  • Link the downloadable raw rows and methodology.
  • Regenerate before citing the figures as current.

Questions this guide answers

What should you do first?

Treat GitHub match totals as file counts, never as unique-repository adoption rates.

Who is this guide for?

Engineering leaders, developer-tool researchers, platform teams, and maintainers designing repository instructions for coding agents.

What evidence supports this guide?

This guide uses listed source material from GitHub. Source links and scope notes are available on this page.