- Add packages/coding-agent/src/utils/format.ts as the canonical source
for formatDuration, formatTokenCount, truncateWithEllipsis, sparkline,
formatDateShort, fileLink, stripAnsi, normalizeStringArray — all already
exported from @singularity-forge/coding-agent via index.ts.
- Convert shared/format-utils.js to a compatibility shim that re-exports
the 8 functions from @singularity-forge/coding-agent. All 13 importers
continue to work with no import changes required.
- Convert shared/path-display.js to a compatibility shim that re-exports
toPosixPath from @singularity-forge/coding-agent. Implementation in
packages/coding-agent/src/utils/path-display.ts was already canonical.
- shared/frontmatter.js is intentionally NOT shimmed: splitFrontmatter/
parseFrontmatterMap have a different API from the package's parseFrontmatter/
stripFrontmatter (flat-map vs {frontmatter, body} object).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Create packages/coding-agent/src/core/providers/web-search-middleware.ts with
WebSearchMiddleware class: injects web_search tool, enforces session budget (#1309),
strips thinking blocks from history, and respects PREFERENCES.md search_provider.
- Wire webSearchMiddleware.applyToPayload into sdk.ts onPayload callback (before
extension hook dispatch) so injection runs as compiled TypeScript with zero
jiti-dispatch overhead.
- Export WebSearchMiddleware, webSearchMiddleware singleton, setPreferBraveResolver,
CUSTOM_SEARCH_TOOL_NAMES, MAX_NATIVE_SEARCHES_PER_SESSION, and stripThinkingFromHistory
from @singularity-forge/coding-agent so the extension can delegate to the same instance.
- Refactor search-the-web/native-search.js: remove self-contained injection logic;
import and delegate before_provider_request to webSearchMiddleware singleton.
Use tri-state isAnthropicProvider (null/false/true) to synthesize a provider hint
when event.model is absent but model_select has already fired — prevents the
model-name heuristic from wrongly injecting into Copilot claude-* requests.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Install @a2a-js/sdk v0.3.13 as a dependency
- Add a2a-transport.js: A2ATransport class with spawnAgent, dispatch,
getOrSpawnAgent, and buildAgentCard; spawns pi subprocesses with
SF_A2A_AGENT_* env vars and dispatches envelopes via A2A JSON-RPC
- Add a2a-agent-server.js: A2A HTTP server entrypoint for spawned agent
processes; starts express + A2AExpressApp with DefaultRequestHandler,
handles incoming DispatchEnvelopes via SwarmAgentExecutor, writes
envelope to SQLite MessageBus, and signals readiness via stdout JSON
- Update swarm-dispatch.js: split dispatch() into _busDispatch()
(existing SQLite path) and _a2aDispatch() (new A2A path); lazy-load
A2ATransport singleton only when SF_A2A_ENABLED is set; default
path unchanged for all existing callers
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Create config.ts with McpServerConfig types and readMcpConfigs/getServerConfig
- Create auth.ts with buildHttpTransportOpts and createCliOAuthProvider
- Create connection-manager.ts with McpConnectionManager class
- Create index.ts re-exporting the public API
- Export McpConnectionManager and helpers from @singularity-forge/coding-agent
- Rewrite mcp-client extension as thin wrapper using McpConnectionManager
- Rewrite auth.js as re-export shim from @singularity-forge/coding-agent
- Update test to import buildHttpTransportOpts from @singularity-forge/coding-agent
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sf-tui was a 'bundled' extension with zero features independent of the sf/
extension. Every hook, shortcut, tool, header and footer render depended
on sf/ internals (getAutoSession, isAutoActive, projectRoot,
getExperimentalFlag). The separation was artificial.
Changes:
- Moved all sf-tui/*.js into sf/ui/ (header, footer, git, color-band, emoji,
prompt-history, marketplace, powerline, shared)
- Fixed imports: ../sf/ → ../ (one level up from ui/)
- Registered sf/ui/index.js from sf/index.js in a try/catch so a UI failure
can't take out the core SF commands
- Merged sf-tui manifest entries (9 commands, 3 shortcuts, agent_start hook)
into sf/extension-manifest.json
- Deleted src/resources/extensions/sf-tui/ entirely
- Fixed prompt-history.test.mjs import path
Result: one fewer extension to discover, load and validate at startup.
sf is now the single extension that owns both planning state and UI chrome.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
New installations create .sf/preferences.yaml (pure YAML, no frontmatter
markers) and ~/.sf/preferences.yaml. Existing .md files are read as fallbacks
with no migration required for current users.
Changes:
- preferences.js: add yaml path getters, load chain tries .yaml first, add
parsePreferencesYaml() for direct YAML parse without frontmatter extraction
- templates/preferences.yaml: new canonical template (pure YAML with comment
header pointing to preferences-reference.md)
- gitignore.js: ensurePreferences() creates preferences.yaml; simplified by
removing scaffold-versioning dependency
- init-wizard.js: buildPreferencesFile() produces pure YAML, writes preferences.yaml
- commands-prefs-wizard.js: savePreferencesFile() helper handles .yaml vs .md;
ensurePreferencesFile uses yaml template for yaml paths
- preferences-template-upgrade.js: yaml files get raw YAML on upgrade
- planning-depth.js: returns {path, isYaml}, handles both formats
- deep-project-setup-policy.js: isWorkflowPrefsCaptured() tries all 3 paths
- detection.js: preferences.yaml added to all detection checks
- auto-worktree.js: canonical=yaml, LEGACY_PREFERENCES_FILES=["PREFERENCES.md","preferences.md"]
- auto-bootstrap-context.js: preferences.yaml before PREFERENCES.md in list
- guided-flow.js / worktree-root.js: existence checks include preferences.yaml
- User-visible strings / comments updated throughout
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Prompts: replace 'append to .sf/DECISIONS.md' → 'call save_decision' in
plan-slice, heal-skill (KNOWLEDGE.md), refine-slice, queue, guided-execute-task
- Prompts: replace 'Read .sf/DECISIONS.md if it exists' / 'Read .sf/REQUIREMENTS.md if it exists'
with 'injected from DB into system context' in guided-plan-slice, guided-research-slice
- requirement-promoter: remove dead appendRequirementRow() and readHighestRNumber(file)
that read/wrote REQUIREMENTS.md; replace with DB-only readHighestRNumber() using
getActiveRequirements(); remove sfRoot import, mkdirSync, writeFileSync
- requirement-promoter: pre-compute highestNum once per sweep loop instead of
re-reading for each cluster (fixes ID collision when promoting multiple at once)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- auto.js, auto/loop.js, bootstrap/register-hooks.js: tag all
autonomous-mode system notices with NOTICE_KIND.SYSTEM_NOTICE;
add dedupe_key to loop-level model-policy and flow-audit notices
- web/notifications-service.ts: add repeatCount/lastTs/noticeKind to
Notification type (schema v2 fields)
- uok/trace-writer.js: new unit trace writer
- tests/notification-store-grouping.test.mjs: grouping test coverage
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The function and node:fs/os/path imports were dropped from the source
during editing. Added them back. Updated memory-embeddings-llm-gateway
test to cover auth.json-only behavior (no env var aliases).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Gateway key and URL are now read exclusively from ~/.sf/agent/auth.json
under the 'llm-gateway' entry. Removed env var support for the API key
(SF_LLM_GATEWAY_KEY, LLM_MUX_API_KEY, etc.) — credentials belong in
auth.json alongside all other provider keys, not in the environment.
Model/instruction overrides (SF_LLM_GATEWAY_EMBED_MODEL etc.) still
read from env vars as they are tuning knobs, not secrets.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Delete memory-backfill.js — not imported anywhere, dead code
- Rename memory-sleeper.js → tool-watchdog.js — misnamed; it is a
tool-output watchdog with no relation to the memory store
- Collapse memory-embeddings-llm-gateway.js into memory-embeddings.js —
removes the lazy-import split; loadGatewayConfigFromEnv,
createGatewayEmbedFn, and rerankCandidates are now direct exports
- Remove buildEmbeddingFn() dead stub (always returned null)
- Enable packages/coding-agent memory extraction extension by default
(memory.enabled ?? true) so session-level extraction is active
- Update all import sites and tests
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Local SQLite is the memory system. External Singularity Memory is an
optional cross-project enhancement, not a dependency. Flip the default
so SM is disabled unless explicitly opted in via SM_ENABLED=true:
- sm-client.js: return disconnected early unless SM_ENABLED=true
- memory-store.js: only pass smConnected=true when SM_ENABLED=true
- doctor-config-checks.js: skip SM health check when not opted in
- sm-client.test.ts: update test to reflect opt-in behaviour
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- knowledge-compounding.js: replace KNOWLEDGE.md file-read dedup with
getActiveMemories() DB query; file was never written so dedup was
always empty, causing duplicates to accumulate on every milestone close
- knowledge-compounding.js + save_knowledge tool: map confidence strings
('high'/'medium'/'low') to numeric scores (0.9/0.6/0.3) for the
memories.confidence REAL column; string values coerced to 0.0 by
SQLite, silently making all knowledge entries rank last and never
appear in system context
- save_knowledge: use K-${randomUUID()} (full UUID) instead of
K-${randomUUID().slice(0,8)} to match knowledge-compounding.js and
avoid collision risk
- complete-milestone.md: replace '.sf/DECISIONS.md' file reference with
'decisions inlined from DB' — the file is not generated anymore
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Verifies the function handles null/undefined content gracefully and
correctly extracts goal, demo, verification, and observability sections
from slice plan content. Addresses sf-mozutl5d-ei3ec6 by ensuring the
function is importable and behaves correctly end-to-end.
- sf-db.js: add backfillUatVerdicts(basePath) that scans ASSESSMENT/UAT_RESULT
files for slices with no uat_verdict in DB and populates them on open
- dynamic-tools.js: call backfillUatVerdicts after openDatabase succeeds so
all 3 repos with existing verdict files are covered on next launch
- workflow-tool-executors.js: call setSliceUatVerdict when saving ASSESSMENT
at slice scope so future verdicts are written directly to DB
- workflow-helpers.js: remove all file fallbacks from checkNeedsRunUat;
verdict check is DB-only (backfill guarantees DB is populated on open)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
checkNeedsRunUat only checked for UAT_RESULT file, but the autonomous
runner writes ASSESSMENT files. This caused run-uat to dispatch 5x with
no verdict when only an ASSESSMENT (with verdict: PASS) existed.
Now ASSESSMENT file with any verdict counts as a completed UAT result,
stopping the infinite dispatch loop.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Previously required /autonomous first. Now any slash command (/next, /chat,
/clear etc.) caches the ExtensionCommandContext, so Ctrl+Y YOLO shortcut
works on first press after any command interaction.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Shortcut handlers (registerShortcut) receive ExtensionContext which has
no newSession(). This caused autonomous mode started via Ctrl+Y to
always crash with 'newSession is not a function'.
- AutoSession.lastCommandCtx: new field that persists across stopAuto/reset
so shortcut handlers can fall back to the last valid command context
- startAuto(): cache valid command ctx; fall back and notify user if ctx
has no newSession; return early with actionable message if no cache yet
- dispatchHookUnit(): same guard — resolve hookCtx before s.cmdCtx = ctx
- run-unit.js: last-resort guard before newSession() call returns clean
error category instead of TypeError
- steerable-autonomous-extension.js: rename ctrl+y → ctrl+alt+y to avoid
conflict with terminal yank built-in
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Rewrite all 13 renamed tool descriptions to follow Copilot tool conventions:
- Imperative verb opening
- One sentence on what it returns
- One sentence on when to use it
- No internal jargon or SF-specific acronyms
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- fix(compaction): tokensBefore undefined crash on reload
compaction-orchestrator now falls back to preparation.totalTokens when
extension returns tokensBefore: undefined; compaction-summary-message
guards with ?? 0 defensively
- feat(exec): inline truncation notice in sf_exec digest
appends [stdout truncated — read full output: <path>] when
stdout_truncated=true so agent knows to use sf_exec_search
- feat(exec): wire onUpdate progress for sf_exec
calls onUpdate before execution starts with status/command so TUI
shows live feedback during long-running commands
- feat(security): prompt injection defense for external content
new sanitize-external-content.js utility: strips HTML comments,
detects 15 injection patterns (instruction override, role reassignment,
fake system messages, encoded payloads); wired into exec-tool digest
- feat(tools): sf_session_todo tool (persisted cross-compaction)
add/check/list ops; persists to .sf/session_todo.json; pending todos
injected into compaction summary block for context continuity
- feat(hooks): shell hooks surface (.sf/hooks/pre-tool/*.sh, post-tool/*.sh)
pre-tool hooks block tool execution (exit≠0 = block with stdout reason)
post-tool hooks fire-and-forget; JSON context piped to stdin; 5s timeout
- fix(db): WAL autocheckpoint disabled to prevent corruption
PRAGMA wal_autocheckpoint=0 in initSchema(); explicit checkpointWal()
after successful finalize verification — the only safe checkpoint point
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- unit-runtime: fall back to STATE.md for nextActionAdvanced when DB is
unavailable (restores test compat for reconcileDurableCompleteUnitRuntime-
Records; DB path still preferred in production)
- browser-slash-command-dispatch: remove 'stop' from SF_PASSTHROUGH_COMMANDS
so /stop correctly returns { kind: 'reject' } in browser mode (was falling
through to prompt/rpc instead of builtin-reject)
- bg-events: export MAX_PENDING_ALERTS so process-manager can re-export it;
satisfies session-memory-leaks contract test
- commands-handlers: guard effectiveScope assignment — only use requestedScope
when mode=audit AND requestedScope is truthy (avoids undefined propagation)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove setFooter(hideFooter) calls in auto-start.js and auto.js that were
overriding the sf-tui footer with a near-invisible stub. The sf-tui footer
already checks isAutoActive() and routes to renderAutoFooter — no override
needed. Also remove now-unused hideFooter import from auto.js.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The repair loop was classifying agent reports of 'tool unavailable' as
'checkpoint-tool-unavailable' even when sf_autonomous_checkpoint IS
registered in the manifest. This caused a self-referential loop: the
repair prompt re-requested the same tool call, the agent re-reported
unavailability, and the cycle repeated (4 repair attempts).
Fix: before classifying as 'checkpoint-tool-unavailable', verify the tool
is in the manifest. If it IS registered, reclassify as
'mentioned-checkpoint-without-tool' — the tool exists, the agent just
didn't call it. Also added existsSync to the ES module fs import in
autonomous-solver.js.
Test: new case in autonomous-solver.test.mjs verifies the reclassification
when tool IS in manifest.
When the autonomous solver fails to produce a checkpoint and enters the
repair loop, subsequent retries previously called newSession() each time,
wiping the conversation history. The agent restarted cold with no memory
of what it had tried, what tools it had called, or why it failed — making
meaningful repair nearly impossible.
This change adds a keepSession option to runUnit(). When true, the
newSession() call and session-switch guard logic are skipped; the repair
prompt is sent as a follow-up in the existing conversation. The agent can
now see its prior tool calls, file reads, and failure context when deciding
how to fix the issue.
Policy:
- First attempt at each unit: keepSession=false (clean session, correct
for independent slice boundaries — system prompt carries project state)
- Repair retries within the same unit: keepSession=true (agent carries
full context of what it already tried)
- Next unit after success/failure: keepSession=false (clean boundary)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When the selected model's provider is not request-ready:
1. Pre-flight check before runUnit: find any ready provider, switch to it
and continue. Only stop if no ready provider exists.
2. Post-runUnit cancelled handler: same logic — reselect + return 'continue'
instead of silently breaking.
3. Both paths now emit a visible ctx.ui.notify so the user can see what
happened ('provider X not ready — retrying with Y/model').
Previously: cancelled instantly, all 4 repair attempts also cancelled,
paused with misleading solver-missing-checkpoint and no user notification.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When runUnit() returns status='cancelled' (provider not ready, session
failed, timeout), there is no checkpoint to repair. Previously the code
called assessAutonomousSolverTurn() which saw no checkpoint and entered
the 4-attempt repair loop — all of which also cancelled instantly,
burning retries before pausing with a misleading solver-missing-checkpoint
reason instead of surfacing the real provider/session error.
Now: cancelled result short-circuits to { action: 'none' }, skipping the
repair loop and falling through to the existing cancelled handler which
correctly surfaces provider-not-ready, timeout, and session-failed errors.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Remove stale .sf/milestones/M001/ and M002/ (not in DB, were blocking dispatch)
- dispatch-guard.js: import findMilestoneIds from milestone-ids.js directly (not
via guided-flow.js, which is in the circular-dep cluster)
- auto.js: normalize 'Cannot dispatch' → prior-slice-blocker, 'SF resources updated'
→ resources-stale, 'Stuck:' → stuck in telemetry (was silently bucketing as 'other')
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add scripts/check-circular-deps.mjs using madge; npm run check:circular
and check:circular:ext scan src/ and the SF extension respectively
- findMilestoneIds() is now DB-first: reads from milestones table when DB is
open so stale/duplicate filesystem dirs (M001/ and M001-6377a4/) are never
returned; falls back to fs scan only during early bootstrap
- milestone-id-utils.js was a stale duplicate; replaced with re-exports from
canonical milestone-ids.js
- metrics-central.js: guard null/undefined counter/gauge/histogram values
with ?? 0 to prevent NOT NULL constraint failure on metrics.value
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- git-service.js autoCommit() accepts optional sessionId param
- Appends 'SF-Session: <id>' trailer to commit message when present
- Falls through cleanly when sessionId is undefined (quick tasks, templates)
- worktree.js autoCommitCurrentBranch() forwards sessionId
- auto-post-unit.js autoCommitUnit() reads session ID from getAutoSession()
via s.cmdCtx?.sessionManager?.getSessionId?.() — same pattern as auto.js
Mirrors Copilot's session logs linked to each commit for cross-session traceability.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
