Chore/quick wins

.github/agents/architect.md

@@ -0,0 +1,10 @@
+---
+name: "architect"
+description: "Designs secure Azure/OpenAI architectures"
+---
+
+You are a senior Azure solutions architect specializing in DoD-compliant VS Code extensions.
+
+Always prioritize Azure US Government cloud, Key Vault, AzureCliCredential, and zero API-key exposure.
+
+Output diagrams in Mermaid when helpful.

.github/agents/coder.md

@@ -0,0 +1,10 @@
+---
+name: "coder"
+description: "Writes TypeScript for VS Code extensions + Azure OpenAI SDK"
+---
+
+You are an expert TypeScript developer for VS Code extensions using openai v4 and Azure auth.
+
+Follow the existing patterns in src/ and package.json.
+
+Never expose secrets. Use Azure Key Vault patterns religiously.

.github/agents/docs-agent.md

@@ -0,0 +1,8 @@
+---
+name: "docs-agent"
+description: "Writes perfect READMEs and comments"
+---
+
+You keep documentation military-grade clear.
+
+Update README.md, examples/, and inline JSDoc on every change.

.github/agents/planner.md

@@ -0,0 +1,20 @@
+---
+name: "planner"
+description: "Orchestrates the agent swarm for code-buddy features"
+tools: [githubRepo, search, fetch, usages, problems]
+---
+
+You are the master planner for ecma-codebuddy, a secure Azure OpenAI VS Code extension for government environments.
+
+Always break tasks into subtasks and delegate:
+
+- Architecture → @architect
+- Coding → @coder
+- Testing → @tester
+- Security/compliance → @security-agent
+- Docs → @docs-agent
+- Review → @reviewer
+
+Enforce DoD compliance: Azure GovCloud only, Key Vault secrets, no hard-coded keys.
+
+Show a clear plan first, then execute via delegation.

.github/agents/reviewer.md

@@ -0,0 +1,8 @@
+---
+name: "reviewer"
+description: "Final code review and PR polish"
+---
+
+You are a senior reviewer.
+
+Enforce style, performance, accessibility, and full compliance before approving.

.github/agents/security-agent.md

@@ -0,0 +1,16 @@
+---
+name: "security-agent"
+description: "Hardens for DoD/Zero-Trust"
+tools: [problems, fetch]
+---
+
+You are a FedRAMP High / DoD IL5 security specialist.
+
+Scan for:
+
+- Hard-coded secrets (forbidden)
+- Commercial Azure endpoints (must use .azure.us)
+- Insecure auth flows
+- Supply-chain risks (npm audit)
+
+Block any PR that fails.

.github/agents/tester.md

@@ -0,0 +1,11 @@
+---
+name: "tester"
+description: "Generates and runs unit/integration tests"
+tools: [terminal, githubRepo]
+---
+
+You are a ruthless TDD enforcer.
+
+Write Jest/Mocha/Vitest tests with 90%+ coverage.
+
+Mock Azure Key Vault and OpenAI calls aggressively for isolated tests.

.github/workflows/ci.yml

@@ -0,0 +1,71 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+      - chore/**
+      - feature/**
+  pull_request:
+
+jobs:
+  unit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Unit tests + coverage
+        run: npm run coverage
+
+      - name: Upload coverage artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-unit
+          path: |
+            coverage/lcov.info
+            coverage/coverage-summary.json
+            coverage/badge.svg
+
+  extension-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run VS Code extension tests (headless)
+        env:
+          DISPLAY: :99
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y xvfb
+          xvfb-run --auto-servernum npm test
+
+      - name: Upload VS Code test logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: vscode-test-logs
+          path: .vscode-test

.gitignore

@@ -1,5 +1,6 @@
+coverage/
+.nyc_output/
 out
 dist
 node_modules
 .vscode-test/
-

AGENTS.md

@@ -0,0 +1,8 @@
+# AGENTS.md — Swarm rules for code-buddy
+
+- Never use commercial Azure endpoints → always AzureUSGovernment
+- All secrets via Azure Key Vault only
+- Prefer openai v4 SDK patterns
+- Tests are mandatory; aim for 95% coverage
+- Documentation updates on every PR
+- When in doubt, ask the human for clarification

README.md

@@ -1,103 +1,161 @@
-# ecma-codebuddy: GPT3 and ChatGPT extension for VSCode for use within the US Army 
+# ecma-codebuddy: Azure OpenAI (commercial & GovCloud) VS Code assistant
+
+[![CI](https://github.com/rbmathis/ecma-codebuddy/actions/workflows/ci.yml/badge.svg)](https://github.com/rbmathis/ecma-codebuddy/actions/workflows/ci.yml)
+[![Coverage](https://img.shields.io/badge/coverage-nyc-lightgrey)](./coverage/badge.svg)
 
 <p>
-This project is a large rewrite of  <a href="https://github.com/ThePush/azurecodegpt">AzureCodeGPT</a> that uses Azure OpenAI hosted in Azure commercial or GovCloud *without* requiring an API key. The extension provides an AI coding assistant to developers in Gov/DoD that cannot use GitHub Copilot due to security/compliance restraints. 
+This project is a modern rewrite of <a href="https://github.com/ThePush/azurecodegpt">AzureCodeGPT</a>. It uses the official <strong>OpenAI v4 SDK</strong> against <strong>Azure OpenAI</strong> (commercial or <strong>AzureUSGovernment</strong>) via <strong>AzureCliCredential</strong>—no static API keys in VS Code. It targets teams that cannot use GitHub Copilot but still need AI coding assistance.
+
+**Prereqs**
+
+- `az login` (Gov: `az cloud set --name AzureUSGovernment`)
+- Access to the configured Azure Key Vault (at least <em>Secrets User</em>)
+
+**Required Key Vault secrets**
 
-The only required settings for this version are:
-- `Azure cloud`: 'AzureCloud' for commercial, 'AzureUSGovernment' for GovCloud. The extension will use the appropriate [Azure Graph Endpoint](https://learn.microsoft.com/en-us/graph/deployments#microsoft-graph-and-graph-explorer-service-root-endpoints) to load a credential for the current user.
-- `Keyvault Name`: The name of the [KeyVault](https://azure.microsoft.com/en-us/products/key-vault/) where the necessary configuration secrets will be stored.
+- `AOAIDeployment` – e.g., `gpt-35-turbo`, `gpt-4o`
+- `AOAIEndpoint` – e.g., `https://{name}.openai.azure.us/` or `https://{name}.openai.azure.com/`
+- `AOAIKey` – AOAI key
+- `AOAIAPIVersion` – e.g., `2024-04-01-preview`
 
-Required KeyVault Configuration:
-- `AOAIDeployment`: the name of the AOAI deployment. Ex. "gpt-35-turbo" or "gpt-4o"	
-- `AOAIEndpoint`: the Uri of AOAI instance. Ex. "https://{yourname}.openai.azure.us/" or "https://{yourname}.openai.azure.com/"
-- `AOAIKey` : the API Key from the AOAI instance
-- `AOAIAPIVersion`: the version of the OpenAI API used to interact with the AOAI endpoint. Ex. "2024-04-01-preview"
+**Required settings in VS Code**
+
+- `ecma-codebuddy.azureCloud` – `AzureCloud` (default) or `AzureUSGovernment`
+- `ecma-codebuddy.keyvaultName` – Key Vault name (not URI)
+
+The extension chooses the correct Graph / Key Vault endpoints based on `azureCloud` and validates GovCloud endpoints when `AzureUSGovernment` is selected.
 
-**The current user must be able to login to Azure via [az cli](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli), and must have reader access to the configured Key Vault**
 </p>
 
 ---
 
-### Imperatives:
-You must ensure that you are using the correct cloud for IL-classified work. The extension will not do this for you.  The extension does provide simple logic to ensure that if you set `AzureUSGovernment` in the `AzureCloud` setting, it will only try to connect to a KeyVault hosted in AzureGov, and also sanity-check the AOAIEndpoint value to ensure it is a GovCloud endpoint.
+### Imperatives
 
-This Visual Studio Code extension uses the [official v4 OpenAI Client Library](https://www.npmjs.com/package/openai) and the [Azure Open API migration guide](https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/migration-javascript?tabs=javascript-new) to generate code or natural language responses to your questions from any GPT model hosted by Azure OpenAI.
+- Pick the correct cloud for IL workloads; we sanity-check Gov endpoints but you own the classification.
+- We use the <a href="https://www.npmjs.com/package/openai">official OpenAI v4 client</a> and the <a href="https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/migration-javascript?tabs=javascript-new">Azure OpenAI migration guide</a>.
 
-`npm audit` shows 0 vulnerabilies as of 2024-10-01
+`npm audit` shows 0 vulnerabilities as of 2024-10-01
 
-Supercharge your coding with AI-powered assistance! Automatically write new code from scratch, ask questions, get explanations, refactor code, find bugs and more 🚀✨ 
+Supercharge your coding with AI-powered assistance! Automatically write new code from scratch, ask questions, get explanations, refactor code, find bugs and more 🚀✨
 
 ---
 
 # 📢 v2.0 Release
+
 - **[Github Repository](https://github.com/rbmathis/ecma-codebuddy)**
--   Based on the original <a href="https://marketplace.visualstudio.com/items?itemName=jeremysemel.azurecodegpt">CodeGPT</a> v1.1.2
--   Updated to latest version of openai, added functionality to create unit tests
-<img src="examples/main.png" alt="Refactoring selected code using chatGPT"/>
+- Based on <a href="https://marketplace.visualstudio.com/items?itemName=jeremysemel.azurecodegpt">CodeGPT</a> v1.1.2
+- Updated to the latest `openai` v4 client; added "Write tests" command
+  <img src="examples/main.png" alt="Refactoring selected code using chatGPT"/>
 
 ---
 
 ## Features
-- 💡 **Ask general questions** or use code snippets from the editor to query GPT3 via an input box in the sidebar
+
+- 💡 **Ask general questions** or use editor selections to query Azure OpenAI via the sidebar
 - 🖱️ Right click on a code selection and run one of the context menu **shortcuts**
-	- automatically write documentation for your code
-	- explain the selected code
-	- refactor or optimize it
-	- find problems with it
+  - automatically write documentation for your code
+  - explain the selected code
+  - refactor or optimize it
+  - find problems with it
 - 💻 View GPT's responses in a panel next to the editor
 - 📝 **Insert code snippets** from the AI's response into the active editor by clicking on them
 
 ---
 
 ## Installation
 
-1. clone this repo
-2. Install vsce: `npm install vsce`
-3. From the cloned directory run: `vsce package`
-4. Drag/drop the .vsix file from the folder into your VSCode Extensions window
+1. Clone this repo
+2. Install deps: `npm install` (or `yarn install`)
+3. Install vsce: `npm install -g vsce` (or `npx vsce`)
+4. Package: `vsce package`
+5. Drag/drop the `.vsix` into VS Code Extensions
 
-After completing these steps, the extension should be ready to use after a restart.
+After installation, reload VS Code.
 
 <img src="examples/settings.png" alt="User Settings"/>
 
 ---
 
 ## KeyVault Configuration
-1. This extension expects the current user to login to Azure via `az login`. The extension then uses the cliCredential to connect to Key Vault. **The user must have at least 'Secrets User' access to Key Vault in order for the extension to load the necessary configuration values.
-2. The KeyVault must contain secrets for the following settings:
- - AOAIAPIVersion : required by the latest openai SDK.
- - AOAIDeployment: the name of the deployment within Azure Open AI
- - AOAIEndpoint: the Uri to the endpoint hosted by Azure Open AI
- - AOAIKey: a valid key to use to connect to the Azure Open AI endpoint
+
+1. `az login` (Gov: `az cloud set --name AzureUSGovernment`)
+2. Ensure the current user has Key Vault **Secrets User** (or higher)
+3. Create secrets: `AOAIAPIVersion`, `AOAIDeployment`, `AOAIEndpoint`, `AOAIKey`
 
 <img src="examples/keyvault.png" alt="Writing new code using chatGPT" width="500"/>
 
 ---
 
 ## Using the Extension
 
-The extension uses an AzureCliCredential to connect to an Azure Key Vault to load the secrets for Azure Open AI.  
-First, login to the Azure CLI by running `az login`. For government users, first run `az cloud set --name AzureUSGovernment`.  Once logged-in, the extension will use this credential to check for access to the KeyVault.  The current user must have an IAM role that allows the reading of secrets. "Key Vault Secrets User" is sufficient.  
+The extension uses `AzureCliCredential` to load AOAI secrets from Key Vault. Once logged in and configured:
 
-To use the extension, open a text editor in Visual Studio Code and open the aoaigpt panel by clicking on the aoaigpt icon in the sidebar. This will open a panel with an input field where you can enter your prompt or question. By clicking enter, it will be sent to AOAI. Its response will be displayed below the input field in the sidebar (note that it may take some time for it to be calculated).
+1. Open the **ecma-codebuddy** panel (sidebar icon)
+2. Enter a prompt; press Enter to send to Azure OpenAI
+3. Responses appear in the panel; click code blocks to paste (if enabled)
 
 <img src="examples/create.png" alt="Writing new code using chatGPT" width="500"/>
 
-You can also select a code snippet in the editor and then enter a prompt in the side panel, or right-click and select "Ask aoaigpt". The **selected code will be automatically appended** to your query when it is sent to the AI. This can be useful for generating code snippets or getting explanations for specific pieces of code.
+You can also select code in the editor and either enter a prompt in the side panel or right-click and choose **Ask ecma-codebuddy**. The **selected code is automatically appended** (optionally wrapped in a code block).
 
 <img src="examples/explain.png" alt="Refactoring selected code using chatGPT"/>
 
-To **insert a code snippet** from the AI's response into the editor, simply click on the code block in the panel. The code will be automatically inserted at the cursor position in the active editor. This functionality is controlled by the setting `pasteOnClick` setting.  If true, clicks within the results window will be pasted into the open document.
+To **insert a code snippet** from the AI's response into the editor, simply click on the code block in the panel. The code will be automatically inserted at the cursor position in the active editor. This functionality is controlled by the setting `pasteOnClick` setting. If true, clicks within the results window will be pasted into the open document.
 
 <img src="examples/refactor.png" alt="chatGPT explaining selected code"/>
 
-You can select some code in the editor, right click on it and choose one of the following **shortcuts** from the context menu:
-#### Commands:
-- `Ask ecma-codebuddy`: will provide a prompt for you to enter any prompt
-- `ecma-codebuddy: Explain selection`: will explain what the selected code does
-- `ecma-codebuddy: Refactor and Optimize selection`: will try to refactor and optimize the selected code
-- `ecma-codebuddy: Find problems`: looks for problems/errors in the selected code, fixes and explains them
-- `ecma-codebuddy: Write tests` : tries to create unit tests for the selected code
+You can select code and right-click for these **shortcuts**:
+
+#### Commands
+
+- `ecma-codebuddy.ask` — prompt input box
+- `ecma-codebuddy.explain` — explain selection
+- `ecma-codebuddy.refactor` — refactor & optimize
+- `ecma-codebuddy.findProblems` — identify & fix issues
+- `ecma-codebuddy.documentation` — write docs
+- `ecma-codebuddy.writetests` — generate tests
+
+`Ask ecma-codebuddy` works with or without a selection. All prompt prefixes are configurable in VS Code settings.
+
+---
+
+## Settings
+
+| Setting                                  | Default      | Description                         |
+| ---------------------------------------- | ------------ | ----------------------------------- |
+| `ecma-codebuddy.azureCloud`              | `AzureCloud` | `AzureCloud` or `AzureUSGovernment` |
+| `ecma-codebuddy.keyvaultName`            | `""`         | Key Vault name (no URI)             |
+| `ecma-codebuddy.maxTokens`               | `1024`       | Max tokens per response             |
+| `ecma-codebuddy.temperature`             | `0.5`        | Creativity vs. determinism          |
+| `ecma-codebuddy.pasteOnClick`            | `true`       | Paste code blocks on click          |
+| `ecma-codebuddy.selectedInsideCodeblock` | `true`       | Wrap selection in fenced code       |
+| `ecma-codebuddy.promptPrefix.*`          | _(varies)_   | Customize prompts for each command  |
+
+---
+
+## Development
+
+Scripts (npm/yarn):
+
+- `watch` – `webpack --watch`
+- `compile` – production webpack bundle
+- `lint` – ESLint on `src`
+- `compile-tests` / `watch-tests` – `tsc` into `out/`
+- `test` – VS Code extension tests scaffold (`out/test/runTest.js`)
+
+> Tests are scaffolded but not yet implemented; add tests and run `yarn test` before PRs.
+
+VS Code tasks exist for `npm: watch` and `npm: watch-tests`.
+
+---
+
+## GovCloud safeguards
+
+- When `AzureUSGovernment` is selected, the extension builds Gov Key Vault URIs and checks `AOAIEndpoint` ends with `.us`.
+- Graph scopes switch to `graph.microsoft.us`.
+
+---
 
-`Ask ecma-codebuddy` is also available when nothing is selected. For the other four commands, you can **customize the exact prompt** that will be sent to the AI by editing the extension settings in VSCode Preferences.
+## License
 
+MIT