DEV Community

Cover image for Resolution Tracker: Secure & Scalable with GitHub Copilot CLI
Shannie Chekani
Shannie Chekani

Posted on

Resolution Tracker: Secure & Scalable with GitHub Copilot CLI

#githubcopilotchallenge #security #python #flask

GitHub Copilot CLI Challenge Submission

This is a submission for the GitHub Copilot CLI Challenge

What I Built

I built a Secure Resolution Tracker using Flask and SQLAlchemy. While the core idea was to help users manage their 2026 goals, the "Agentic" phase of this project turned it into a lesson in security. I used the GitHub Copilot CLI (v0.0.410) to transform a standard CRUD app into a secure, production-ready tool.

Key Features:

Full CRUD: Create, read, update, and delete resolutions.

Zero-Trust Security: Protection against Open Redirect attacks and unauthorized data modification.

Agentic Documentation: Custom copilot-instructions.md to guide AI development.

Demo

GitHub Repository: https://github.com/ShannieCh/Create_ResolutionList_Flask

Test Account: hanna@gmail.com / hanna123 (used for the Agentic Security Audit).

The User Interface: A secure, Full-CRUD dashboard where users manage their 2026 resolutions.

Agentic Security Workflow
I used the GitHub Copilot CLI to audit and secure the application. Here is the process in action:

  • Security Audit: Using the GitHub Copilot CLI (v0.0.410) in Agent Mode to perform a @workspace security audit on my routes.py file.

  • The Mitigation Plan: Copilot CLI's 'Plan Mode' identified an Open Redirect vulnerability and outlined a structured approach to block external malicious URLs using urllib.parse.

  • Implementing the Refactor: Following the agent's plan, I refactored routes.py to include robust error handling and database rollback logic, ensuring application stability.

  • VS Code Workspace Organization Professional project structure in VS Code with a properly configured .gitignore to protect sensitive local files.

  • Final Clean Repository The final, production-ready GitHub repository featuring the copilot-instructions.md governance file.

My Experience with GitHub Copilot CLI

Integrating the GitHub Copilot CLI in Agent Mode was a game-changer. Instead of just asking for code snippets, I used the CLI to "oversee" the project:

The Security Audit: I used the terminal agent to scan my workspace, identifying a critical Open Redirect vulnerability I had missed.

Strategic Planning: Using 'Plan Mode,' I architected a multi-step fix involving a is_safe_url utility and updated SQLAlchemy models to handle cascade deletes.

Governance: I created a copilot-instructions.md file to ensure the agent always follows my security standards for future updates.

Repository Hygiene: The CLI helped me configure a strict .gitignore, ensuring that venv/ and flask.db were never leaked to the public repository.

Copilot didn't just write code; it acted as a security lead, helping me find flaws and planning the refactors needed to fix them.

Top comments (0)