Reference Map — Printable

AI Across the SDLC

Where AI fits at every stage of the software development lifecycle — what you can use today, what's emerging, and what to try on Monday morning. Focused on GitHub Copilot, but the patterns are transferable.

Executive Summary

How Does GitHub/Microsoft Compare to AWS AI-DLC?

AWS AI-DLC is a productised workflow that enforces structured development phases via steering files, with particular strength in brownfield reverse engineering. When demonstrated, it looks like a single coherent system covering the entire SDLC. The reality is more nuanced — each approach has different strengths at different stages:

SDLC Stage	GitHub / Microsoft	AWS AI-DLC
Plan & Requirements	Emerging	Strong
Design & Architecture	Emerging	Strong
Code & Implement	Mature	Present (uses underlying tool)
Test & Validate	Mature	Basic (build & test only)
Review & Merge	Mature	Indirect (Mob ceremonies)
Build, Deploy & Release	Emerging	Not implemented
Operate & Monitor	Preview	Not implemented
Maintain & Evolve	Mature	Partial (reverse eng. only)

AI-DLC covers Plan and Design deeply, has Code and Test present but dependent on the underlying AI tool, and its Deploy and Operate phases are admitted placeholders. The GitHub/Microsoft stack has the inverse profile — Code, Test, Review, and Maintain are mature, with Plan and Design catching up via Spec Kit.

A key distinction: AI-DLC is a process layer that wraps around AI tools — it adds governance and structure, but still requires an AI coding tool underneath (and it lists GitHub Copilot as a supported agent). The GitHub/Microsoft stack provides both the tools (Copilot, agent mode, coding agent, code review, Actions, MCP) and an emerging structured workflow (Spec Kit). They solve different parts of the problem.

AI-DLC’s strengths

Structured Inception phase, mandatory team review (Mob Elaboration), automatic brownfield reverse engineering, enforced workflow that prevents shortcuts. Compelling for organisations that need governance and process discipline imposed by the tooling.

GitHub/Microsoft’s strengths

Deep tooling across more stages: agent mode, autonomous coding agent, automated PR review, GitHub Actions, custom agents (.agent.md), MCP for external integrations, and a growing ecosystem of 50+ community extensions via Spec Kit.

For a full side-by-side, see GitHub AI-SDLC vs AWS AI-DLC. The stage-by-stage detail below includes AI-DLC coverage notes on each card.

● Ready — use today ● Emerging — maturing fast ● Preview — early access

Plan & Requirements

Emerging

Turn ideas into structured requirements. AI helps explore problem spaces, generate user stories, and build product specs — but humans own the strategic "why."

Spec Kit — /speckit.specify

Generate a structured product specification from a high-level prompt. Living spec.md becomes the source of truth.

"Using Spec Kit, specify a caching layer for our API that supports Redis and in-memory fallback."

Copilot Chat — Requirements Exploration

Use @workspace to explore an existing codebase before writing requirements. Ask Copilot to surface architecture, dependencies, and constraints.

"@workspace What authentication mechanisms exist in this project? List all auth-related files and their roles."

Azure Boards + Copilot

Send Azure DevOps work items directly to GitHub Copilot's coding agent. The agent works on the task and generates a PR.

Assign a work item to Copilot from Azure Boards → agent creates branch, implements, opens PR.

Prompt For Questions (Tactic)

Ask the AI to interview you before it starts work. Surfaces requirements and edge cases you hadn't considered.

"I need to add multi-tenancy. Please ask me 5 questions to understand what I need before suggesting an approach."

AWS AI-DLC Coverage: Strong

Requirements Analysis, User Stories, Mob Elaboration (mandatory team review). Brownfield projects get an automatic Reverse Engineering stage before requirements. This is AI-DLC's strongest phase.

Design & Architecture

Emerging

Turn requirements into architecture decisions, domain models, and technical plans. AI generates options; you make the structural calls. This is where intent engineering starts — encode your decisions so agents can't deviate from them.

Spec Kit — /speckit.plan

Generate a technical implementation plan from a spec. Defines architecture, tech stack, and implementation strategy.

"Using Spec Kit, create a plan for the caching layer spec. Use Redis Cluster with read replicas."

Copilot Chat — Mermaid Diagrams

Generate architecture diagrams, sequence flows, and entity relationships as Mermaid code. Forces structural reasoning.

"Create a Mermaid C4 diagram showing the cache service's place in our architecture."

Group Simulation (Tactic)

Ask Copilot to simulate a review panel — a security engineer, DBA, and platform engineer each critique the design.

"If I showed this design to a senior backend engineer, a security engineer, and a DBA — what would each say?"

ADC Records

Use Agent Decision Context records to capture motivation, alternatives considered, and rollback strategy for every architectural decision.

Create adc/YYYY-MM-DD--decision-name/ with research.md, plan.md, handoff.md

AWS AI-DLC Coverage: Strong

Application Design, Functional Design, NFR Design, Infrastructure Design — all as dedicated stages with mandatory Mob Construction review. Generates formal design documents at each stage.

Code & Implement

Ready

This is where AI is most mature. From inline completions to full multi-file agent mode, Copilot can implement features, refactor code, and generate documentation — all grounded by your copilot-instructions.md and custom skills.

Copilot Inline & Chat

Real-time code completions informed by open tabs. Use /explain, /fix, /doc, /tests for targeted actions.

Open types.ts + config.ts alongside your target file for best context (the "Surround" in 4S).

Agent Mode (VS Code)

Multi-file, agentic coding. Copilot analyses the codebase, edits across files, runs terminal commands, and iterates on errors autonomously.

"Extract the add-to-cart logic from ShoppingCartController into a CartService. Update all callers and add unit tests."

Coding Agent (GitHub.com)

Assign a GitHub issue to Copilot. It works asynchronously in the cloud — creates a branch, implements, opens a PR for review.

Label an issue "copilot" or assign to @copilot → autonomous implementation in background.

copilot-instructions.md

Your project's "constitution." Coding standards, architecture constraints, naming conventions — applied to every Copilot suggestion.

.github/copilot-instructions.md: "Use repository pattern. Never call DbContext directly from controllers."

Custom Skills (SKILL.md)

Encode repeatable patterns as reusable agent knowledge. A skill is a SKILL.md file plus optional scripts the agent can invoke.

.github/skills/extract-service/SKILL.md: Step-by-step pattern for brownfield service extraction.

MCP Servers

Connect Copilot to external tools and data sources. Database queries, API docs, monitoring dashboards — all available in context.

.vscode/mcp.json: Connect to Postgres, Jira, Confluence, or custom internal APIs.

AWS AI-DLC Coverage: Present

Code Generation stage (two-part: plan then execute per unit). Steering files enforce the workflow but code generation itself relies on the underlying AI tool (Amazon Q, Copilot, etc.) — AI-DLC adds process, not coding capability.

Test & Validate

Ready

AI generates tests, identifies edge cases, and improves coverage — but remember the Self-Rating Trap: the AI that wrote the code shouldn't be the only one validating it. Use physics (test runners, linters, type checkers) as your independent verification.

Copilot — /tests

Generate unit tests for selected code. Copilot infers framework (Jest, pytest, xUnit) from project context.

"Generate unit tests for CartService.AddToCart. Include edge cases: empty cart, duplicate items, out-of-stock."

Agent Mode — Test-First Workflow

Ask agent mode to list edge cases first, then write tests that would fail if the implementation is wrong. Safer than "write tests."

"List edge cases for the payment flow, then write tests that would fail if any edge case is mishandled."

CodeQL & Security Scanning

Automatic SAST via CodeQL. Secret scanning via GitHub MCP Server. Catch vulnerabilities before the PR completes.

Enable in repo Settings → Code Security. Runs automatically on every push and PR.

DAST via Custom Agents

StackHawk and Aikido offer Copilot custom agents for dynamic security testing. Generate DAST configs from source code analysis.

Install StackHawk's .agent.md → generates CI workflow for dynamic scanning of your API endpoints.

AWS AI-DLC Coverage: Basic

Build and Test stage runs after all units complete. Validates the code compiles and tests pass, but doesn't generate tests or provide SAST/DAST tooling — that depends on the underlying AI tool and CI pipeline.

Review & Merge

Ready

AI-assisted code review catches issues before humans see them — freeing reviewers to focus on architecture and intent rather than style and bugs. Copilot reviews leave comments, never approvals — the human always has final say.

Copilot Code Review

Add Copilot as a reviewer on any PR. It analyses the diff and leaves inline comments on potential issues, bugs, and improvements.

PR → Reviewers → Select "Copilot". Comments appear within minutes.

Coding Agent PRs

When the coding agent opens a PR, it includes a summary of changes, reasoning, and test results. Review like any other PR.

Agent PRs include a Copilot session link showing the full reasoning trace.

Custom Review Agents

Define .agent.md files for domain-specific review: accessibility checks, performance analysis, compliance validation.

.github/.agent.md: "Review all CSS changes for WCAG 2.1 AA compliance."

AWS AI-DLC Coverage: Indirect

Mob Construction ceremonies serve as a review mechanism, but AI-DLC doesn't have a dedicated code review stage. No equivalent to Copilot's automated PR review or custom review agents.

Build, Deploy & Release

Emerging

AI generates and maintains CI/CD pipelines, suggests deployment strategies, and helps troubleshoot build failures. The automation is strong; the strategic decisions (canary vs blue-green, rollback criteria) still need human judgement.

Copilot — GitHub Actions

Generate and modify workflow YAML files. Copilot understands Actions syntax and can add steps, fix failures, and optimise pipelines.

"Add a security scan step using CodeQL to our CI pipeline, running on every PR to main."

Agent Mode — Pipeline Updates

Complex multi-file pipeline changes: add environments, configure secrets, set up matrix builds, integrate deployment gates.

"Update our CI pipeline to deploy to staging on PR merge, run smoke tests, then promote to production with manual approval."

Infrastructure as Code

Copilot generates Terraform, Bicep, CloudFormation, and Kubernetes manifests. Custom agents can validate IaC against organisation policies.

"Generate a Terraform module for an Azure App Service with managed identity, connected to our existing Key Vault."

AWS AI-DLC Coverage: Placeholder

Operations phase exists in the framework but is not yet implemented. No CI/CD pipeline generation, deployment strategy, or infrastructure-as-code capabilities in AI-DLC itself.

Operate & Monitor

Preview

The newest frontier. AI agents that monitor production, respond to incidents, and suggest optimisations. This is where the Copilot SDK and custom agents open up entirely new possibilities — but most teams are still in early experiments.

Azure SRE Agent

AI agent that monitors production applications, detects anomalies, and suggests remediations. Integrates with Azure Monitor and Application Insights.

Connects via MCP — surfaces production telemetry directly in Copilot Chat context.

Copilot SDK — Custom Ops Agents

Build custom agents for incident response, infrastructure validation, compliance checking, and resource optimisation using Python, TypeScript, Go, or .NET.

Embed the Copilot agent runtime into your own runbooks and incident response tooling.

MCP for Observability

Connect Copilot to Datadog, Grafana, PagerDuty, or custom dashboards. Query production metrics from within your IDE.

"@mcp-datadog What's the P99 latency for the /api/cart endpoint over the last 24 hours?"

AWS AI-DLC Coverage: Placeholder

Same as Deploy — the Operations phase is acknowledged but not yet implemented in the open-source framework.

Maintain & Evolve

Ready

The ongoing cycle: refactoring, dependency updates, tech debt reduction, and feature evolution. This is where brownfield AI capabilities shine — understanding existing code well enough to change it safely.

Agent Mode — Refactoring

Multi-file refactoring with test preservation. Agent mode understands call hierarchies and updates all references.

"Refactor: extract the email notification logic from OrderController into a NotificationService. Update all callers. Don't change behaviour."

Copilot — /explain

Understand unfamiliar or legacy code before modifying it. Essential for onboarding and knowledge transfer.

"Explain what this stored procedure does, what calls it, and what would break if I changed the return type."

Dependabot + Copilot

Dependabot opens PRs for dependency updates. Copilot reviews the changes for breaking API modifications and suggests migration steps.

Enable Dependabot → Copilot reviews each update PR automatically.

Steel Thread Extraction

Pick one narrow vertical slice of a brownfield codebase, reverse-engineer the intent, extract it cleanly, and prove it works end-to-end. Then repeat.

RPI: Research the flow → Plan the extraction → Implement in a fresh context with the handoff artefact.

AWS AI-DLC Coverage: Partial

The Reverse Engineering stage (Inception phase) builds a semantic model of existing codebases — strong for understanding brownfield code. But AI-DLC doesn't have dedicated refactoring, dependency management, or ongoing evolution workflows.

Monday morning starter kit: You don't need all of this. Start with three things: (1) Create a .github/copilot-instructions.md with your coding standards. (2) Try agent mode on one real task. (3) Ask Copilot to generate tests for code you wrote this week. That's enough to change how your team works.