Copilot IDE

[bago2k4]

NB: merge after #159

Support to export VS Code AI chats (Copilot)

Question: do we want to have any code shared between providers? Cursor and Copilot IDEs have a few things in common, most important the workspace selection. For now the duplicate the few functions/structures used for it

[Copilot]

Pull request overview

This PR adds support for exporting VS Code Copilot IDE chat sessions by implementing a new copilotide provider. The implementation reads chat session JSON files from VS Code's workspace storage, matches workspaces to project paths, and converts the data to the CLI's unified format for markdown export.

Changes:

• Added copilotide provider for VS Code Copilot IDE chat session export
• Added cursoride provider for Cursor IDE chat session export (shares similar workspace matching logic)
• Enhanced markdown rendering to handle multiline tool input values with code blocks

Reviewed changes

Copilot reviewed 27 out of 27 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
specstory-cli/pkg/spi/factory/registry.go	Registered new copilotide and cursoride providers
specstory-cli/pkg/providers/copilotide/*.go	Complete implementation of VS Code Copilot provider (workspace matching, JSON parsing, session conversion)
specstory-cli/pkg/providers/cursoride/*.go	Complete implementation of Cursor IDE provider (SQLite database access, workspace matching, session conversion)
specstory-cli/pkg/markdown/markdown.go	Enhanced generic tool rendering to display multiline input values in code blocks
specstory-cli/main.go	Added hidden flag for Cursor IDE database check interval configuration
specstory-cli/docs/*.md	Implementation plans and documentation for both new providers

[Copilot]

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 40 out of 40 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 35 out of 35 changed files in this pull request and generated 5 comments.

[Copilot]

NewCursorIDEWatcher initializes lastThrottledCall to time.Now(), which means the first triggerCheck("initial") (after 5s) will almost always be throttled and delayed until the full throttle window expires. If the intent is to run an initial scan promptly, initialize lastThrottledCall to the zero time (or set it to time.Now().Add(-throttleDuration)).

[Copilot]

There’s substantial new parsing/matching logic here (JSONL incremental updates, sequence-based tool correlation, editing-only synthetic requests), but copilotide currently has no unit tests. Given other providers in this repo are heavily tested, adding focused tests for ParseResponsesForTools/BuildToolInfoFromInvocation (ID mismatch + ordering, hidden tools, outputs mapping) would help prevent regressions.

[Copilot]

stripMarkdownHeading currently strips any leading # even when it's not a markdown heading (e.g. #login would become login). This can change the meaning of the first word in slugs. Consider only stripping when the string matches a real heading marker like ^#{1,6}\s+ (hashes followed by whitespace) and leave other leading hashes intact.

[Copilot]

renderGenericTool writes multiline input values inside a fenced code block without escaping. If a tool input contains ``` (or other markdown that closes the fence), the rendered markdown becomes malformed and could leak content outside the block. Consider escaping backticks in valueStr or using a fence length that can't occur in the content (e.g. dynamically choose 4+ backticks).

[Copilot]

BuildToolInfoFromInvocation looks up tool outputs using invocation.ToolCallID, but the rest of this file establishes that VS Code invocation IDs don't match the OpenAI-style IDs in metadata. This will likely prevent outputs from ever being populated. Since you already have the matched toolCall, use toolCall.ID (or whichever ID keys metadata.ToolCallResults) when looking up toolResults.

[Copilot]

Pull request overview

Copilot reviewed 35 out of 35 changed files in this pull request and generated 6 comments.

---

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

Pull request overview

Copilot reviewed 35 out of 35 changed files in this pull request and generated 9 comments.

[Copilot]

CursorIDEWatcher initializes lastThrottledCall to time.Now(), which causes the first triggerCheck (e.g. the initial check scheduled 5s after Start) to be throttled and delayed until throttleDuration elapses. Consider initializing lastThrottledCall to the zero time or to time.Now().Add(-throttleDuration) so the initial check runs immediately.

[Copilot]

renderGenericTool now emits multi-line tool input values inside fenced code blocks, but it doesn’t escape backticks/HTML. If a value contains ``` or HTML tags, it can break the markdown structure or inject unintended markup. Consider escaping code-block content (similar to cursoride.escapeCodeBlock) or using an indented code block / a safer escaping helper here.

[Copilot]

The comment says “Replace non-alphanumeric characters with hyphens”, but the implementation only turns Unicode spaces into '-', and silently drops punctuation. This can concatenate words (e.g., "Plan: Replace" -> "planreplace") and diverges from the documented behavior; consider mapping other non-alphanumeric separators to '-' as well.

Suggested change

	// Replace non-alphanumeric characters with hyphens
	var builder strings.Builder
	for _, r := range text {
	if unicode.IsLetter(r) || unicode.IsDigit(r) {
	builder.WriteRune(r)
	} else if unicode.IsSpace(r) {
	builder.WriteRune('-')
	}
	}
	slug := builder.String()
	// Remove consecutive hyphens
	for strings.Contains(slug, "--") {
	slug = strings.ReplaceAll(slug, "--", "-")
	}
	// Trim hyphens from start and end
	slug = strings.Trim(slug, "-")
	// Treat any non-alphanumeric rune as a separator so punctuation
	// doesn't silently merge adjacent words.
	var builder strings.Builder
	lastWasHyphen := false
	for _, r := range text {
	if unicode.IsLetter(r) || unicode.IsDigit(r) {
	builder.WriteRune(r)
	lastWasHyphen = false
	continue
	}
	if builder.Len() > 0 && !lastWasHyphen {
	builder.WriteRune('-')
	lastWasHyphen = true
	}
	}
	slug := strings.Trim(builder.String(), "-")

[Copilot]

parseJSONL applies each kind:1/kind:2 update by marshaling/unmarshaling the entire composer to/from map form. For longer sessions with many JSONL updates, this becomes unnecessarily expensive. Consider handling known key paths directly (e.g., requests/customTitle) or using a targeted update strategy to avoid full re-marshal per line.

[Copilot]

Markdown table rows interpolate file.Name directly inside backticks without escaping. Filenames can legally contain '|' or backticks on Unix, which will break the table formatting. Consider reusing escapeTableCellValue (from tool_grep.go) or adding an escaping helper for table/backtick contexts.

[Copilot]

The file list table interpolates displayName directly inside backticks without escaping. If a filename/URI contains '|' or backticks, the markdown table/code formatting can break. Consider escaping table-cell content (e.g., via escapeTableCellValue) before formatting.

[Copilot]

This markdown table prints file paths without escaping. Directory/file names can contain characters like '|' or backticks, which will break the table. Consider escaping the displayed name before embedding it in a table row.

[Copilot]

This markdown table prints fileResult.Resource directly inside backticks. If the path contains '|' or backticks, the table formatting can break. Consider escaping the file path similarly to escapeTableCellValue used elsewhere in this provider.

Suggested change

	// Add row
	fmt.Fprintf(&message, "| `%s` | L%d | `%s` |\n",
	fileResult.Resource,
	escapedResource := escapeTableCellValue(fileResult.Resource)
	// Add row
	fmt.Fprintf(&message, "| `%s` | L%d | `%s` |\n",
	escapedResource,

[Copilot]

ShellCommandHandler injects the terminal command directly into the

text and into a fenced code block without escaping. Commands can contain characters like <, &, or backticks which may break the HTML/markdown structure. Consider escaping command text (HTML + code block) before rendering.

[Copilot]

Pull request overview

Copilot reviewed 37 out of 37 changed files in this pull request and generated 8 comments.

[Copilot]

schema.SessionData requires workspaceRoot (see schema/types.go:179-182). Cursor IDE sessions currently build SessionData without setting WorkspaceRoot, which will fail schema validation in debug mode and leaves consumers without project context. Consider passing projectPath into ConvertToAgentChatSession (or setting WorkspaceRoot in the provider before writing) and populating WorkspaceRoot consistently with other providers.

[Copilot]

ProviderInfo.Name is set to "cursoride", but other providers use a human-readable name (e.g. "Cursor CLI", "Claude Code"). Since schema validation requires provider.name and this is user-facing in exports, consider setting it to "Cursor IDE" (and keep ID as "cursoride").

Suggested change

	Name: "cursoride",
	Name: "Cursor IDE",

[Copilot]

slugify/slugifyText only replace spaces with '-', so slugs can still contain characters that are unsafe for filenames/paths (e.g. '/', '\', ':', '?'). Since BuildSessionFilePath uses session.Slug directly in the filename (session/session.go:62-66), this can break exports or create unintended paths. Consider generating slugs via spi.GenerateFilenameFromUserMessage (or equivalent sanitization) and updating the comment that says the caller lowercases the slug (the caller currently does not).

Suggested change

	// generateSlug creates a slug from the composer name or first user message
	func generateSlug(composer *ComposerData) string {
	// Use composer name if available
	if composer.Name != "" {
	return slugify(composer.Name)
	}
	// Otherwise, use first user message
	for _, bubble := range composer.Conversation {
	if bubble.Type == 1 && bubble.Text != "" {
	// Take first 4 words
	return slugifyText(bubble.Text, 4)
	}
	}
	// Fallback to composer ID
	return composer.ComposerID
	}
	// slugify converts a string to a slug while preserving casing
	// The casing is preserved for use in titles, and will be lowercased for filenames by the caller
	func slugify(s string) string {
	// Replace spaces with hyphens, keep original casing
	s = strings.ReplaceAll(s, " ", "-")
	return s
	}
	// slugifyText converts text to a slug using the first N words
	// generateSlug creates a filename-safe slug from the composer name or first user message.
	func generateSlug(composer *ComposerData) string {
	// Prefer the composer name when it produces a usable filename-safe slug.
	if composer.Name != "" {
	if slug := slugify(composer.Name); slug != "" {
	return slug
	}
	}
	// Otherwise, use the first user message.
	for _, bubble := range composer.Conversation {
	if bubble.Type == 1 && bubble.Text != "" {
	// Keep the existing behavior of using the first 4 words, then sanitize them
	// for safe use in filenames and paths.
	if slug := slugifyText(bubble.Text, 4); slug != "" {
	return slug
	}
	}
	}
	// Fallback to the composer ID, sanitized when possible.
	if slug := slugify(composer.ComposerID); slug != "" {
	return slug
	}
	return composer.ComposerID
	}
	// slugify converts a string to a filename-safe slug.
	func slugify(s string) string {
	return spi.GenerateFilenameFromUserMessage(s)
	}
	// slugifyText converts text to a filename-safe slug using the first N words.

[Copilot]

lastThrottledCall is initialized to time.Now(), which means the first triggerCheck() call within the first 10s will always be throttled. With the current Start() logic (initial trigger after 5s), the first DB check is delayed to ~10s after watcher creation. If the intent is to allow an immediate first check, initialize lastThrottledCall to time.Time{} (or time.Now().Add(-throttleDuration)).

[Copilot]

FindAllWorkspacesForProject and LoadComposerIDsFromAllWorkspaces are currently unused (no references outside this file). This adds a lot of extra surface area/complexity without affecting behavior. Consider either wiring these into the provider/watcher (so WSL/multi-workspace matching is actually supported) or removing them until needed.

[Copilot]

uriToPath returns parsedURI.Path without URL-decoding. workspace.json URIs can contain percent-encoded characters (e.g. %20 for spaces, %3A, etc.), so path comparisons/canonicalization can fail and the workspace won’t match. Consider applying url.PathUnescape(parsedURI.Path) and using the decoded path for matching.

Suggested change

	// Get the path from the URI
	path := parsedURI.Path
	// On Windows, URL paths have an extra leading slash (e.g., /C:/Users)
	// but we don't support Windows, so we can just use the path as-is
	return path, nil
	// Decode the URI path so workspace matching uses the filesystem path form.
	decodedPath, err := url.PathUnescape(parsedURI.Path)
	if err != nil {
	return "", fmt.Errorf("failed to decode URI path: %w", err)
	}
	// On Windows, URL paths have an extra leading slash (e.g., /C:/Users)
	// but we don't support Windows, so we can just use the path as-is
	return decodedPath, nil

[Copilot]

ProviderInfo.Name is set to "copilotide", but other providers use a human-readable provider name in session exports (e.g. "Codex CLI", "Claude Code"). Consider setting provider.name to something like "VS Code Copilot IDE" (and keep ID as "copilotide") so downstream consumers and users see a consistent provider label.

Suggested change

	Name: "copilotide",
	Name: "VS Code Copilot IDE",

[Copilot]

There are unit tests for workspace URI/path parsing, but the Cursor IDE session conversion logic (ConvertToAgentChatSession) is currently untested. Given the amount of edge-case handling (exchange grouping, tool bubbles, timestamps, slug generation), adding a few focused tests would help prevent regressions (e.g. WorkspaceRoot populated, slug is filesystem-safe, tool bubbles produce ToolInfo metadata).