Merge pull request #34 from codervisor/develop

Develop

Author: tikazyq

.github/copilot-instructions.md

@@ -21,13 +21,15 @@
 - **Temp files**: Use `tmp/` folder for experiments (gitignored)
 - **Build packages**: Use `pnpm build` (builds all packages)
 - **Containers**: `docker compose -f docker-compose.dev.yml up web-dev -d --wait`
+- **Validating**: Use `pnpm validate`
 - **Testing**: Use `pnpm test`
 
 ### Task Tracking
 - **Always start by checking**: Search related devlogs before starting ANY new work
 - **Must create devlogs**: For features, refactoring, or multistep work (>30min)
 - **Required progress updates**: Add notes after successful builds, major changes, or blockers
 - **Always complete**: Document learnings and close devlogs when work is finished
+- **Required details**: Include necessary information in devlogs for comprehensive context
 
 ## 🎯 Essential Patterns
 

.github/instructions/all.instructions.md

@@ -355,9 +355,6 @@ export class ProjectService {
     if (!this.database.isInitialized) {
       await this.database.initialize();
     }
-
-    // Create default project if it doesn't exist
-    await this.createDefaultProject();
   }
 
   async list(): Promise<ProjectMetadata[]> {

.github/scripts/publish-dev-packages.sh

@@ -6,8 +6,8 @@ echo "📦 Publishing packages to NPM with dev tag..."
 
 # Define all publishable packages (as regular arrays for better compatibility)
 PACKAGES=(
+    "core:packages/core"
     "mcp:packages/mcp"
-    "core:packages/core" 
     "ai:packages/ai"
     "cli:packages/cli"
 )

.github/scripts/setup-node.sh

@@ -2,11 +2,6 @@
 # Setup Node.js, pnpm, and dependencies with caching
 set -euo pipefail
 
-NODE_VERSION=${1:-"20"}
-PNPM_VERSION=${2:-"10.13.1"}
-
-echo "🔧 Setting up Node.js $NODE_VERSION and pnpm $PNPM_VERSION..."
-
 # pnpm store path is already set by pnpm/action-setup
 echo "📦 Installing dependencies..."
 pnpm install --frozen-lockfile

.github/scripts/verify-build.sh

@@ -38,8 +38,8 @@ else
     FAILED=1
 fi
 
-# Check web package (uses .next-build for standalone builds)
-if [ -d "packages/web/.next-build" ]; then
+# Check web package
+if [ -d "packages/web/.next" ]; then
     echo "✅ Web package build artifacts verified"
 else
     echo "❌ Web package build artifacts missing"

.github/workflows/main.yml

@@ -21,6 +21,8 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
+  NODE_VERSION: 22
+  PNPM_VERSION: 10.13.1
 
 jobs:
   # Phase 1: Build and Test
@@ -29,26 +31,22 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       cache-key: ${{ steps.cache-key.outputs.key }}
-    
-    strategy:
-      matrix:
-        node-version: [ 20, 22 ]
-    
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Setup Node.js ${{ matrix.node-version }}
+      - name: Setup Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@v4
         with:
-          node-version: ${{ matrix.node-version }}
+          node-version: ${{ env.NODE_VERSION }}
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
-          version: 10.13.1
+          version: ${{ env.PNPM_VERSION }}
           run_install: false
 
       - name: Generate cache key
@@ -68,7 +66,7 @@ jobs:
       - name: Install dependencies
         run: ./.github/scripts/setup-node.sh
 
-      - name: Build packages (dependency order)
+      - name: Build packages
         run: ./.github/scripts/build-packages.sh
 
       - name: Run tests
@@ -145,34 +143,6 @@ jobs:
           IMAGE_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n1)
           ./.github/scripts/test-docker.sh "$IMAGE_TAG"
 
-  # Phase 3: Security Scan (depends on docker-build)
-  security-scan:
-    name: Security Scan
-    runs-on: ubuntu-latest
-    needs: docker-build
-    if: github.event_name != 'pull_request'
-    permissions:
-      contents: read
-      packages: read
-      security-events: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: 'trivy-results.sarif'
-
   # Phase 4a: NPM Publish Stable (main branch)
   npm-publish-stable:
     name: Publish to NPM (Stable)
@@ -196,13 +166,13 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: ${{ env.NODE_VERSION }}
           registry-url: 'https://registry.npmjs.org'
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
-          version: 10.13.1
+          version: ${{ env.PNPM_VERSION }}
           run_install: false
 
       - name: Restore pnpm cache
@@ -280,13 +250,13 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: ${{ env.NODE_VERSION }}
           registry-url: 'https://registry.npmjs.org'
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
-          version: 10.13.1
+          version: ${{ env.PNPM_VERSION }}
           run_install: false
 
       - name: Restore pnpm cache

.github/workflows/vscode-automation.yml

@@ -156,39 +156,4 @@ jobs:
           platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
-            VCS_REF=${{ github.sha }}
-
-  # Phase 3: Security Scan
-  security-scan:
-    name: Security Scan VSCode Automation
-    runs-on: ubuntu-latest
-    needs: build-vscode-automation
-    if: github.event_name != 'pull_request'
-    permissions:
-      contents: read
-      packages: read
-      security-events: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Log in to Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
-          format: 'sarif'
-          output: 'trivy-results-vscode-automation.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: 'trivy-results-vscode-automation.sarif'
+            VCS_REF=${{ github.sha }}

.vscode/mcp.json

@@ -13,7 +13,10 @@
 			"command": "npx",
 			"args": [
 				"@codervisor/devlog-mcp@dev"
-			]
+			],
+			"env": {
+				// "DEVLOG_BASE_URL": "http://localhost:3200"
+			}
 		},
 		"sequential-thinking": {
 			"command": "npx",

.vscode/settings.json

@@ -8,5 +8,12 @@
     "chat.agent.maxRequests": 100,
     "github.copilot.chat.languageContext.typescript.enabled": true,
     "github.copilot.chat.codesearch.enabled": true,
-    "github.copilot.chat.scopeSelection": true
+    "github.copilot.chat.scopeSelection": true,
+    "chat.mcp.serverSampling": {
+        "devlog/.vscode/mcp.json: devlog": {
+            "allowedModels": [
+                "copilot/claude-sonnet-4"
+            ]
+        }
+    }
 }

Dockerfile.dev

@@ -7,6 +7,7 @@ RUN apk add --no-cache libc6-compat python3 make g++ curl
 # Enable pnpm
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
+RUN npm install -g pnpm
 
 # Set working directory
 WORKDIR /app