refactor: extract VS Code extension to packages/agent-os-vscode/ (#491)

[imran-siddique]

Moves the VS Code extension from \packages/agent-os/extensions/vscode/\ to \packages/agent-os-vscode/\ as a standalone sibling package.

Why

• TS security issues were getting filed against the Python agent-os package
• Python security tools (bandit, ruff) cannot scan TypeScript
• No independent versioning — VS Code extension releases were coupled to agent-os
• npm dependencies polluted the agent-os directory

Changes

• Pure \git mv\ — 32 files renamed, 0 content changes
• Updated tutorial cross-references in README.md and docs/index.md

What stays the same

• All source code is identical (rename only)
• package.json, tsconfig.json, extension entry point unchanged
• VS Code extension ID and functionality unaffected

Closes #491

[github-actions]

🤖 AI Agent: security-scanner — Security Review of PR #491: Refactor VS Code Extension to Standalone Package

Security Review of PR #491: Refactor VS Code Extension to Standalone Package

This PR involves a pure file reorganization of the VS Code extension from packages/agent-os/extensions/vscode/ to packages/agent-os-vscode/. The changes are limited to file renaming, directory restructuring, and updating references in documentation. There are no modifications to the source code, configuration files, or dependencies.

Summary of Findings

1. Prompt Injection Defense Bypass: 🔵 LOW

   • Analysis: Since this PR does not modify any source code, there is no direct impact on prompt injection defenses. However, the policyEngine.ts file, which appears to be a critical component for policy enforcement, was moved. This introduces a potential risk if the file path changes are not correctly reflected in all references.
   • Recommendation: Ensure that all references to policyEngine.ts in the codebase are updated and tested to confirm that the policy engine is still functioning as expected.

2. Policy Engine Circumvention: 🔵 LOW

   • Analysis: The policy engine file (policyEngine.ts) was moved, but its content remains unchanged. There is no indication of changes that could weaken or circumvent policy enforcement.
   • Recommendation: Perform integration tests to verify that the policy engine is still being invoked correctly in the new directory structure.

3. Trust Chain Weaknesses: 🔵 LOW

   • Analysis: No changes were made to SPIFFE/SVID validation, certificate pinning, or other trust mechanisms. The reorganization does not introduce any new trust chain weaknesses.
   • Recommendation: No action required.

4. Credential Exposure: 🔵 LOW

   • Analysis: No secrets, credentials, or sensitive information were added, removed, or exposed in this PR. The changes are limited to file renaming and documentation updates.
   • Recommendation: No action required.

5. Sandbox Escape: 🔵 LOW

   • Analysis: The PR does not introduce any new code or modify existing code that could affect sandboxing or process isolation.
   • Recommendation: No action required.

6. Deserialization Attacks: 🔵 LOW

   • Analysis: No changes were made to deserialization logic or related code. The PR involves only file movements and documentation updates.
   • Recommendation: No action required.

7. Race Conditions: 🔵 LOW

   • Analysis: No changes were made to concurrency-related code or time-of-check-to-time-of-use (TOCTOU) logic. The PR is a pure refactor.
   • Recommendation: No action required.

8. Supply Chain Risks: 🔵 LOW

   • Analysis: The PR does not introduce new dependencies or modify existing ones. The package.json and package-lock.json files were moved without changes.
   • Recommendation: No action required.

---

Overall Risk Assessment: 🔵 LOW

This PR is a straightforward refactor involving file and directory renaming, with no changes to the actual source code or dependencies. The potential risks are minimal and primarily related to ensuring that all references to the moved files are correctly updated.

---

Recommendations

1. Testing: Ensure that the CI/CD pipeline includes tests to verify the functionality of the VS Code extension, especially the policyEngine.ts file, in its new location.
2. Documentation: Verify that all updated documentation links are functional and point to the correct locations.
3. Post-Merge Validation: After merging, perform a thorough end-to-end test of the VS Code extension to confirm that the refactor did not inadvertently break any functionality.

No critical or high-severity issues were identified in this PR. It is safe to merge after ensuring the above recommendations are followed.

[github-actions]

🤖 AI Agent: breaking-change-detector — Summary

🔍 API Compatibility Report

Summary

This pull request involves a pure file relocation of the VS Code extension from packages/agent-os/extensions/vscode/ to a standalone sibling package packages/agent-os-vscode/. No content changes were made to the source code, configuration files, or functionality. As a result, there are no breaking changes to the Python API or the VS Code extension functionality.

Findings

Severity	Package	Change	Impact
✅	N/A	Pure file relocation	No API changes detected

Migration Guide

No migration steps are required as this change does not affect the public API or functionality of the repository.

---

✅ No breaking changes detected.

[github-actions]

🤖 AI Agent: docs-sync-checker — Issues Found

📝 Documentation Sync Report

Issues Found

• ⚠️ packages/agent-os/README.md — The link to the VS Code extension has been updated, but it is recommended to verify that the description and context for the extension remain accurate after the move.
• ⚠️ docs/index.md — The link to the VS Code extension has been updated, but it is recommended to verify that the surrounding documentation reflects the new structure and location of the extension.
• ⚠️ CHANGELOG.md — No entry for this structural change. While this is a pure refactor with no functional changes, it is still recommended to document the reorganization for clarity.

Suggestions

• 💡 Confirm that the updated links in packages/agent-os/README.md and docs/index.md are correct and that the descriptions of the VS Code extension are still accurate.
• 💡 Add an entry to CHANGELOG.md under a "Refactor" or "Changes" section to document the extraction of the VS Code extension into a standalone package (packages/agent-os-vscode).

Additional Notes

• Since this PR is a pure refactor with no content or functional changes, there are no new public APIs, and no new docstrings or type hints are required.
• The example code does not appear to require updates as the functionality of the VS Code extension remains unchanged.

✅ Documentation is mostly in sync, but minor updates to the README, docs, and CHANGELOG are recommended for clarity and completeness.

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This pull request proposes a straightforward refactor to move the VS Code extension from a subdirectory of the agent-os package to its own standalone package, packages/agent-os-vscode. The changes are limited to file renaming and updating references in documentation. No functional changes have been made to the code.

The refactor appears to be well-executed, with no changes to the actual source code or configuration files. The motivation for the change is sound, as it improves modularity, allows for independent versioning, and avoids cross-language tooling conflicts.

Below is the detailed review:

---

🔴 CRITICAL

No critical issues were identified in this pull request.

---

🟡 WARNING

1. Potential Breaking Change in Documentation Links

   • The PR updates documentation links to point to the new location of the VS Code extension. However, if any external documentation, scripts, or CI/CD pipelines reference the old paths (e.g., packages/agent-os/extensions/vscode/), they will break. Ensure that all external references are updated accordingly.

   Action: Verify and update any external documentation, scripts, or CI/CD configurations that reference the old path.

---

💡 SUGGESTIONS

1. Add a Deprecation Notice in the Old Directory

   • While the files have been moved, it might be helpful to leave a README.md file in the old directory (packages/agent-os/extensions/vscode/) with a deprecation notice and a pointer to the new location. This will help developers who may still navigate to the old path.

     Example README.md content:

     # Deprecated Directory
     
     The VS Code extension has been moved to a new location: [`packages/agent-os-vscode/`](../../agent-os-vscode/).
     
     Please update your references accordingly.

2. Add a Migration Note in the Changelog

   • Since this is a structural change, consider adding a note in the CHANGELOG.md for the agent-os package to inform users about the new location of the VS Code extension.

3. Test the Updated Documentation Links

   • Ensure that the updated links in README.md and docs/index.md are valid and point to the correct locations.

4. Verify CI/CD Pipeline Updates

   • If the CI/CD pipeline includes steps for building or testing the VS Code extension, ensure that the pipeline has been updated to reflect the new location of the package.

5. Consider Adding a README in the New Package

   • While the README.md for the VS Code extension has been moved, it might be helpful to add a brief README at the root of the packages/agent-os-vscode/ directory to explain the purpose of the package and its relationship to the rest of the repository.

---

Final Assessment

This PR is a well-executed refactor with no functional changes to the code. However, there are potential breaking changes related to external references to the old directory structure, which should be addressed. Additionally, minor improvements to documentation and CI/CD pipeline verification are recommended to ensure a smooth transition.

Status: 🟡 WARNING
Please address the potential breaking changes and consider the suggestions before merging.

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This pull request refactors the repository by moving the VS Code extension from packages/agent-os/extensions/vscode/ to packages/agent-os-vscode/ as a standalone sibling package. The changes are primarily organizational, involving file renaming and updates to documentation and references. No changes were made to the source code or functionality of the VS Code extension.

The refactor addresses several issues, including:

• Separation of TypeScript and Python codebases for better security scanning.
• Decoupling the versioning of the VS Code extension from the agent-os package.
• Avoiding npm dependency pollution in the agent-os directory.

Feedback

🔴 CRITICAL

No critical security issues were identified in this pull request.

🟡 WARNING

1. Potential Breaking Changes in Documentation Links:

   • The updated links in README.md and docs/index.md now point to ../../agent-os-vscode/. While this change aligns with the new directory structure, it is crucial to verify that these links work correctly in all contexts (e.g., GitHub rendering, documentation tools). Broken links could lead to confusion for users.

   Action: Test the updated links in all relevant contexts (e.g., GitHub, documentation site) to ensure they work as intended.

💡 SUGGESTIONS

1. Update CI/CD Workflow:

   • The ci.yml file does not seem to include any specific steps for testing or building the VS Code extension. While this may not be a new issue introduced by this PR, it is an opportunity to improve the CI/CD pipeline.
   • Consider adding a job to build and test the VS Code extension using appropriate tools (e.g., npm run build and npm test).

2. Add a Migration Note:

   • Since this refactor changes the directory structure, it might be helpful to add a note in the release notes or documentation to inform users about the new location of the VS Code extension.

3. Verify Versioning:

   • The PR mentions that the VS Code extension will now have independent versioning. Ensure that the package.json file in packages/agent-os-vscode/ is updated to reflect this independence (e.g., versioning strategy, changelog updates).

4. Cross-Check Dependencies:

   • While this PR is a pure git mv, it is worth double-checking that all dependencies in package.json are still valid and that no unused dependencies remain.

5. Update CI/CD Documentation:

   • If the CI/CD pipeline is updated to include the VS Code extension, ensure that the documentation for contributors is updated to reflect the new build/test process.

6. Future Consideration: Monorepo Tooling:

   • As the repository grows with multiple packages, consider adopting a monorepo management tool like Lerna or Nx to streamline dependency management, versioning, and CI/CD workflows.

Conclusion

This PR is well-structured and addresses the stated goals effectively. While no critical issues were identified, there are minor areas for improvement, particularly around testing, documentation, and CI/CD workflows. Addressing these suggestions will ensure a smoother transition and better maintainability in the future.

[github-actions]

🤖 AI Agent: code-reviewer

Review of PR #491: Refactor VS Code Extension to Standalone Package

This pull request proposes a refactor to extract the VS Code extension from packages/agent-os/extensions/vscode/ into a standalone package at packages/agent-os-vscode/. The changes are primarily organizational, with no modifications to the source code itself.

---

🔴 CRITICAL

No critical security issues were identified in this pull request. The changes are limited to file relocation and updates to documentation and CI configuration, with no modifications to the codebase.

---

🟡 WARNING

1. Potential Breaking Change in Documentation Links:

   • The PR updates references to the VS Code extension in README.md and docs/index.md to point to the new location (../../agent-os-vscode/). However, this change assumes that the relative paths will resolve correctly in all contexts (e.g., GitHub rendering, local development, and any external documentation tools). If these links are broken, it could lead to confusion for users.
   • Action: Verify that the updated links work as expected in all contexts (e.g., GitHub, local preview, and any external documentation tools). If necessary, provide absolute URLs or test the relative paths thoroughly.

2. CI Workflow Changes:

   • The ci.yml file removes the dify-plugin package from the import-module list. While this may be intentional, it is not mentioned in the PR description. This could potentially break the CI pipeline if dify-plugin is still required.
   • Action: Confirm whether the removal of dify-plugin from the CI workflow is intentional and ensure that it does not impact the pipeline.

---

💡 SUGGESTIONS

1. Add a Migration Note:

   • While the PR description mentions that the VS Code extension ID and functionality remain unchanged, it would be helpful to explicitly state this in the CHANGELOG.md of the agent-os-vscode package. This will reassure users that the migration does not require any action on their part (e.g., reinstalling the extension or updating configurations).

2. Update Versioning:

   • Since the VS Code extension is now a standalone package, it might be beneficial to update its versioning scheme to reflect this change. For example, consider incrementing the major version to indicate the structural change, even if the functionality remains the same.

3. Add a Test for CI Workflow:

   • Since the CI workflow has been updated, it would be prudent to add a test to ensure that the new standalone package is correctly built and tested in the pipeline. This will prevent regressions in future updates.

4. Add a README Section for Migration:

   • Consider adding a section in the main README.md or the agent-os-vscode/README.md to explain the rationale for the migration and any potential impacts on users or contributors.

---

Summary

This PR is a well-executed refactor that improves the project structure by decoupling the VS Code extension from the agent-os package. However, there are a few areas that need attention:

• Verify and test the updated documentation links.
• Confirm the removal of dify-plugin from the CI workflow.
• Add migration notes and update versioning to reflect the structural change.
• Ensure the CI pipeline includes tests for the new standalone package.

Once these points are addressed, the PR should be ready for approval.