.github/copilot-instructions.md - third_party/github/OpenPRoT/openprot - Git at Google

 ## Pull Request Review Checklist

 - [ ] Code is completely panic-free (no unwrap/expect/panic/indexing)
 - [ ] All fallible operations return Result or Option
 - [ ] Integer operations use checked/saturating/wrapping methods where needed
 - [ ] Array/slice access uses get() or pattern matching, not direct indexing
 - [ ] Error cases are well documented and handled appropriately
 - [ ] Tests verify error handling paths, not just happy paths
 - [ ] Unsafe code blocks are documented with safety comments
 - [ ] Hardware register access uses proper volatile operations
 - [ ] Cryptographic operations use constant-time implementations where applicable

 ## Quick Reference: Forbidden Patterns

 | Forbidden Pattern | Required Alternative |
 |-------------------|----------------------|
 | `value.unwrap()` | `match value { Some(v) => v, None => return Err(...) }` |
 | `result.expect("msg")` | `match result { Ok(v) => v, Err(e) => return Err(e.into()) }` |
 | `collection[index]` | `collection.get(index).ok_or(Error::OutOfBounds)?` |
 | `a + b` (integers) | `a.checked_add(b).ok_or(Error::Overflow)?` |
 | `ptr.read()` | `ptr.read_volatile()` (for MMIO) |

 ## Security-Specific Guidelines

 - **Timing attacks**: Use constant-time comparisons for secrets (subtle crate)
 - **Zeroization**: Use `zeroize` crate for sensitive data cleanup (keys, passwords, etc.)
 - **Memory safety**: Ensure sensitive data is properly zeroized after use
 - **Hardware abstraction**: All register access must go through HAL traits
 - **Error information**: Don't leak sensitive data in error messages
	## Pull Request Review Checklist

	- [ ] Code is completely panic-free (no unwrap/expect/panic/indexing)
	- [ ] All fallible operations return Result or Option
	- [ ] Integer operations use checked/saturating/wrapping methods where needed
	- [ ] Array/slice access uses get() or pattern matching, not direct indexing
	- [ ] Error cases are well documented and handled appropriately
	- [ ] Tests verify error handling paths, not just happy paths
	- [ ] Unsafe code blocks are documented with safety comments
	- [ ] Hardware register access uses proper volatile operations
	- [ ] Cryptographic operations use constant-time implementations where applicable

	## Quick Reference: Forbidden Patterns

	\| Forbidden Pattern \| Required Alternative \|
	\|-------------------\|----------------------\|
	\| `value.unwrap()` \| `match value { Some(v) => v, None => return Err(...) }` \|
	\| `result.expect("msg")` \| `match result { Ok(v) => v, Err(e) => return Err(e.into()) }` \|
	\| `collection[index]` \| `collection.get(index).ok_or(Error::OutOfBounds)?` \|
	\| `a + b` (integers) \| `a.checked_add(b).ok_or(Error::Overflow)?` \|
	\| `ptr.read()` \| `ptr.read_volatile()` (for MMIO) \|

	## Security-Specific Guidelines

	- Timing attacks: Use constant-time comparisons for secrets (subtle crate)
	- Zeroization: Use `zeroize` crate for sensitive data cleanup (keys, passwords, etc.)
	- Memory safety: Ensure sensitive data is properly zeroized after use
	- Hardware abstraction: All register access must go through HAL traits
	- Error information: Don't leak sensitive data in error messages