feat: Copilot governance engine and VS Code extension #44
Description
Summary
Implement a three-layer governance architecture for VS Code Copilot that closes the governance gap with Claude Code hooks, plus the Copilot Chat session parser and Windows compatibility fixes.
Problem
Claude Code has 19+ hook templates providing pre/post-tool-call governance (file boundary enforcement, drift checks, persist reminders). VS Code Copilot has no equivalent hook system — MCP provides capability (tools) but not governance (guardrails). This creates a gap where agents can operate without session tracking, drift awareness, or context persistence discipline.
Solution
Three-Layer Architecture
-
Behavioral rules (
copilot-instructions.md) — Preventive/advisory rules baked into the system prompt via the template. Tells the agent what to do and when. -
MCP governance-in-response —
CheckGovernance()appends contextual warnings to every MCP tool response. Five checks:- Session not started → nudge
ctx_session_event(start) - Context not loaded → nudge
ctx_status() - Drift stale (>15min or >5 calls without check) → nudge
ctx_drift() - Persist nudge (>=10 calls since last write, repeats every 8) → nudge
ctx_add() - Violations from detection ring → CRITICAL escalation
- Session not started → nudge
-
VS Code detection ring — Extension monitors terminal commands and file edits:
- Terminal watcher: detects dangerous commands (
rm -rf /,git push --force,chmod 777, etc.) - File edit watcher: detects edits to sensitive files (
.env,.pem, credentials) - Records violations to
.context/state/violations.json - MCP reads and clears violations on next tool call, escalates with CRITICAL warnings
- Terminal watcher: detects dangerous commands (
Additional Features
- Copilot Chat session parser for
ctx recall— parses VS Code Copilot Chat JSONL files (snapshot+patch model) with platform-aware directory discovery - Windows compatibility — case-insensitive path comparison for boundary validation
- VS Code extension with
@ctxchat participant, MCP JSON generation, and session lifecycle integration
Files Changed
Windows Compatibility
internal/validation/path.go— case-insensitive path comparison on Windowsinternal/validation/path_test.go— updated tests
Copilot Chat Parser
internal/recall/parser/copilot.go— CopilotParser with Matches() and ParseFile()internal/recall/parser/copilot_raw.go— typed Go structs for JSONL formatinternal/recall/parser/parser.go— registrationinternal/recall/parser/query.go— directory scanninginternal/config/session/tool.go— ToolCopilot constant
VS Code Extension and Integration
editors/vscode/— extension source, tests, LICENSEinternal/cli/initialize/core/vscode.go— .vscode/mcp.json generationinternal/cli/hook/cmd/root/run.go— ensureVSCodeMCPJSON()internal/assets/overrides/vscode/— context file overridesinternal/cli/system/cmd/sessionevent/— session event CLI command
MCP Governance Engine
internal/mcp/session/governance.go— CheckGovernance() with 5 checksinternal/mcp/session/governance_test.go— 24 testsinternal/mcp/session/state.go— governance tracking fieldsinternal/mcp/server/route/tool/dispatch.go— governance wiring with appendGovernance()internal/mcp/handler/tool.go— RecordSessionStart() in session event handlerinternal/assets/hooks/copilot-instructions.md— governance rules and detection ring docs
Supersedes
- feat: Add Copilot Chat session parser for recall #28 (Copilot Chat parser issue)
- feat: add Copilot Chat session parser for recall #29 (Copilot Chat parser PR)
- Windows cross-platform compatibility fixes #30 (Windows compat issue)
- fix: Windows cross-platform compatibility #31 (Windows compat PR)
- feat: VS Code extension with full CLI parity, encoding compliance guards #36 (VS Code extension PR)