What the GitHub match counts mean
The headline numbers come from GitHub's public code-search API at one point in time. A repository can contain more than one matching file, generated copies can be indexed, forks may be present, and GitHub does not expose the total number of eligible repositories for these queries. For those reasons, dividing a match count by a guessed repository total would create a false adoption rate.
Use the counts as a reproducible search-visibility snapshot: they show how many indexed files matched the exact query when collected. Use the sample analysis to form hypotheses about instruction quality, then validate those hypotheses in a random or stratified study before making population claims.
What the 400-file sample found
All 100 AGENTS.md and CLAUDE.md sample files were readable. The Copilot query produced 99 readable files and the Cursor query produced 100. Every query also produced 99 or 100 unique repositories within its own sample, reducing—but not eliminating—duplicate-repository effects.
Explicit verification and security guidance were often absent. In the AGENTS.md sample, 68% lacked a detected security or approval rule and 53% lacked detected verification or completion criteria. In the Cursor rule sample, 87% lacked a detected security or approval rule, 83% lacked detected completion criteria, and 75% lacked an explicit test command. These are deterministic text detections, not judgments about repository quality.
Test commands and security patterns
The most frequently detected test command in sampled AGENTS.md files was pytest at 11%, followed by cargo test at 10% and go test at 7%. The top detected AGENTS.md security category was secrets and credentials at 24%. CLAUDE.md most often named npm test at 12%, while production restrictions appeared in 36% of its sample.
A missing text pattern does not prove that a repository lacks tests or security controls; the rules may live in CI, contributor documentation, policy tooling, or another instruction file. The report measures whether the sampled file itself gives an agent an explicit, recognizable command or boundary.
How to use this report
Benchmark your own instruction file against five practical categories: setup, explicit test commands, completion criteria, scope or precedence, and security or approval rules. Copy only controls that are true for your repository, and run each command from a clean checkout before publishing it to an agent.
For research or citation, download the JSON to preserve the query totals, methodology, summaries, limitations, and raw rows together. Use the CSV when you need repository URLs and detected signals for independent analysis. Always cite the snapshot date and the best-match sampling limitation next to any percentage.
How to cite and verify this release
Preferred citation: KyenAI. (2026). AI Coding Agent Instruction File Adoption Report — Q3 2026 (Version 2026-Q3) [Data set]. https://www.kyenai.com/guides/ai-coding-agent-instruction-file-adoption-report-2026
This release has no DOI, so use the canonical report URL as its stable identifier. Download the BibTeX or Citation CFF record for a reference manager; use the manifest and SHA-256 file to verify the JSON, CSV, and published generator before analysis or redistribution.
Recommended play
- Treat GitHub match totals as file counts, never as unique-repository adoption rates.
- Use the sample gaps as an audit checklist for setup, tests, completion, scope, and safety.
- Download the JSON when citing results so the date, query, denominator, and limitations remain attached.
- Use the versioned citation record and verify core artifacts against the published SHA-256 checksums.
- Repeat the generator on a later date to measure search-index change with the same method.
Instruction-file snapshot by surface
Choose the row that matches the tool surface you are researching; the match totals and sample results are not interchangeable.
| Area | Search query | Snapshot finding | Interpretation boundary |
|---|---|---|---|
| AGENTS.md | filename:AGENTS.md | 158,592 indexed file matches; 100 sampled files | May include multiple files per repository and forks |
| CLAUDE.md | filename:CLAUDE.md | 46,772 indexed file matches; 100 sampled files | Measures filenames, not active Claude Code use |
| Copilot instructions | filename:copilot-instructions.md path:.github | 56,888 indexed file matches; 100 sampled files | Path query covers the repository-wide file, not every Copilot instruction surface |
| Cursor MDC rules | extension:mdc path:.cursor/rules | 8,392 indexed file matches; 100 sampled files | Counts individual rule files, so one repository may contribute many |
Execution steps
Choose the exact surface
Match your coding tool to its documented instruction path before comparing counts or content.
Preserve the denominator
State whether a percentage uses readable files, sampled files, unique sample repositories, or GitHub file matches.
Audit your repository
Check for setup, tests, verification, scope, and security rules with the downloadable categories.
Reproduce or extend
Run the generator with a GitHub token, record the new date, and compare like-for-like queries.
Common pitfalls
Calling file matches an adoption rate
Say indexed file matches and publish the unique-repository count only for the analyzed sample.
Treating best-match results as random
Label every sample percentage as descriptive of GitHub's first 100 best matches for that query.
Equating absence with failure
Describe missing detected patterns; do not claim the repository lacks a control elsewhere.
Citing a live number without a date
Include the July 19, 2026 snapshot date or regenerate the dataset before publication.
Implementation checklist
- Name the exact GitHub query and snapshot date.
- Separate indexed file matches from unique sampled repositories.
- State that GitHub best-match ordering is not random.
- Keep sample percentages tied to readable-file denominators.
- Describe regex detections as signals, not quality judgments.
- Link the downloadable raw rows and methodology.
- Regenerate before citing the figures as current.
Questions this guide answers
What should you do first?
Treat GitHub match totals as file counts, never as unique-repository adoption rates.
Who is this guide for?
Engineering leaders, developer-tool researchers, platform teams, and maintainers designing repository instructions for coding agents.
What evidence supports this guide?
This guide uses listed source material from GitHub. Source links and scope notes are available on this page.