Date: 2026-07-01 Status: Development-phase specification Scope: Production-quality AI coding IDE milestone Audience: Product engineering, AI runtime engineering, desktop engineering, frontend engineering, infra, QA
Vibe Coder is the coding-first phase of AgenticOS. The long-term product vision remains a full AI Agentic IDE and eventually an AI-assisted development operating system, but this phase must intentionally narrow the active product to one thing:
Build a production-quality AI coding IDE.
The current milestone must compete with Cursor, Claude Code Desktop, Codex, Windsurf, VS Code, and GitHub Copilot Workspace on the core coding loop:
Open repository
-> Ask the AI
-> AI understands context
-> AI plans the change
-> AI edits code
-> AI runs commands as inline chat cards
-> AI reviews diagnostics
-> AI repairs failures
-> AI shows diffs
-> User accepts or rejects
-> Session persists and can resume
The Browser module, Design module, and Device Control module remain part of the product vision, but they must not participate in the active orchestration pipeline during this phase. They become future feature islands:
- Existing UI preserved.
- Existing files preserved.
- Existing architecture preserved where reasonable.
- Future compatibility preserved.
- No active tool routing.
- No hidden runtime dependency.
- No context injection into coding tasks.
- No shared execution loop with coding.
- No implicit background startup.
This phase should feel like a focused desktop IDE with a Claude-quality chat experience and a Cursor-quality editor/file-tree experience. The terminal must never be a standalone page. Commands run by the AI must render as beautiful execution cards inside the chat timeline.
This document defines the target architecture, module responsibilities, subsystem interactions, implementation roadmap, acceptance criteria, and quality gates.
The long-term vision is to build the world's best AI Agentic IDE:
- Coding intelligence comparable to Cursor, Codex, Claude Code Desktop, Windsurf, and GitHub Copilot Workspace.
- Multi-agent execution comparable to Antigravity-style parallel agent systems.
- Browser automation comparable to Codex Browser and Claude Browser.
- Design work comparable to Claude Design.
- Device control comparable to Hermes-style local automation.
- Multi-provider AI routing across OpenAI, Anthropic, Google, DeepSeek, OpenRouter, Ollama, Groq, Together, Fireworks, and OpenAI-compatible APIs.
The current product vision is narrower:
Vibe Coder is a local-first AI coding IDE where the user works with one visible assistant that can understand a repository, edit files, run commands, verify results, and produce reviewable diffs.
The product should not expose internal complexity as a virtue. The UI should feel simple even if the runtime is sophisticated.
The coding milestone includes:
- Workspace open/close and persistence.
- File tree with production IDE behavior.
- Monaco editor with tabs, splits, diagnostics, git decorations, and diff support.
- AI chat as the primary interaction model.
- Inline tool cards in the chat timeline.
- Inline terminal command cards in chat.
- File read/search/edit tools.
- Git status/diff/add/restore/commit helpers.
- Diagnostics, lint, build, test, and formatting commands.
- Multi-file change sets.
- Diff review with accept/reject at file and hunk levels.
- Undo/redo through snapshots.
- Conversation and session history.
- Crash recovery.
- Provider abstraction and model picker.
- Minimal multi-agent runtime for coding roles only.
- Context engineering for repository understanding.
- Prompt composition for coding workflows.
- Token and cost controls.
- Observability, logging, and failure recovery.
These modules are preserved but disconnected:
- Browser Automation.
- Design Studio.
- Device Control.
- Browser tool routing.
- Design tool routing.
- Device/screen control tool routing.
- Browser context injection.
- Design canvas context injection.
- Device screenshot context injection.
- Browser-driven verification.
- Visual design generation.
- Desktop app automation.
- Scheduled agents.
- Cloud background agents.
- Plugin marketplace workflows.
- General-purpose personal automation.
The reason is discipline. Coding must become reliable before the product reconnects broader automation.
This specification uses publicly documented competitor patterns as benchmark inputs:
- OpenAI Codex is described as a coding agent that can read, edit, and run code, and its app includes local environments, in-app browser, and computer-use features.
- Claude Code Desktop documents embedded preview, diff review, terminal, file editor, side questions, external tools, screen/app control, local/cloud/SSH execution, and verification flows.
- Cursor's core strength is an AI-native editor interaction model: chat, inline edits, codebase context, planning, and agentic multi-file work.
- Windsurf/Devin Desktop Cascade documents code/chat modes, tool calling, checkpoints, linter integration, and permissioned terminal command execution.
- VS Code remains the baseline for file explorer, editor tabs, diagnostics, language-server features, command palette, keyboard shortcuts, and extension architecture.
- GitHub Copilot cloud agent documents repository research, implementation planning, branch changes, diff review, iteration, and pull request creation.
Vibe Coder's differentiator should not be a larger list of features. It should be a tighter local coding loop with:
- Better explainability than Cursor.
- More focused UI than dashboard-heavy tools.
- Safer file writes than most agent systems.
- Better inline command UX than IDE terminals.
- Better provider flexibility than single-provider products.
- Better isolation between active coding and future automation modules.
- Coding is the only active pipeline in this phase.
- Browser, Design, and Device Control remain present but isolated.
- Terminal is never a page.
- Commands appear as chat execution cards.
- User sees one assistant, not a swarm of agents.
- Internal agents may exist, but their details are hidden by default.
- File writes must be reviewable.
- File writes must be recoverable.
- Every execution must be cancellable.
- Every long-running task must show progress.
- Every provider error must become a human-readable recovery path.
- Every edited file must be represented in a change set.
- Every accepted change set must create a snapshot.
- Every rejected change set must leave the workspace untouched.
- No feature can be active unless it has one owner subsystem.
- No hidden feature may pollute context.
- No future island may register active coding tools.
- No future island may subscribe to coding session events unless explicitly enabled.
- No duplicate execution pipeline.
- No duplicate diff engine.
- No duplicate provider transport.
- No duplicate prompt composition path for coding.
- No duplicate token budget manager.
- No unbounded session or tool memory.
- No silent failure.
Desktop Shell
-> App Shell
-> Workspace UI
-> File Tree
-> Chat Timeline
-> Code Workspace
-> Settings
-> Command Palette
-> Coding Runtime
-> Session Manager
-> Execution Controller
-> Agent Orchestrator
-> Context Pipeline
-> Prompt Pipeline
-> Provider Gateway
-> Tool Router
-> Tool Execution Engine
-> Diff/ChangeSet Engine
-> Verification Engine
-> Memory Store
-> Observability
-> Local Capabilities
-> File System
-> Shell Runner
-> Git
-> Diagnostics
-> Language Intelligence
-> Future Islands
-> Browser Island
-> Design Island
-> Device Control Island
User message
-> Chat Composer
-> Session Manager
-> Context Builder
-> Planner Agent
-> Prompt Composer
-> Provider Gateway
-> Streaming Normalizer
-> Tool Router
-> Tool Execution Engine
-> ChangeSet Manager
-> Verification Loop
-> Result Formatter
-> Timeline Renderer
Browser Island
Design Island
Device Control Island
-> UI routes may exist
-> stores may exist
-> files may exist
-> settings may exist
-> no tool registration in coding runtime
-> no context contribution
-> no execution subscription
-> no automatic startup
-> no provider requests
The future islands should compile, render their placeholder or existing UI, and preserve future architecture, but they must not influence coding behavior.
The target repository should clarify ownership. A recommended structure:
src/
main/
app/
ipc/
shell/
filesystem/
git/
security/
storage/
observability/
future-islands/
browser/
design/
device-control/
preload/
index.ts
renderer/
app/
App.tsx
routes.tsx
AppShell.tsx
feature-flags.ts
features/
workspace/
chat/
editor/
file-tree/
git/
settings/
command-palette/
notifications/
sessions/
diffs/
diagnostics/
runtime/
coding/
session/
orchestration/
agents/
context/
prompt/
providers/
tools/
streaming/
memory/
verification/
cost/
security/
observability/
future-islands/
browser/
design/
device-control/
shared/
ui/
types/
utils/
packages/
providers/
ui/
shared/
language/
test-fixtures/
docs/
architecture/
product/
qa/
Do not reorganize the repository in one massive move. Use staged migration:
- Create new target folders.
- Add facade modules.
- Move one subsystem at a time.
- Preserve imports through compatibility barrels.
- Delete compatibility barrels only after all callers migrate.
- Run typecheck and focused tests after each subsystem.
The UI has one primary workspace route:
Workspace
Left: File Tree
Center: Chat Timeline
Right: Code Workspace
Secondary routes:
- Git.
- Settings.
- Dashboard.
Advanced routes are not top-level:
- Agents.
- Memory.
- Context.
- Logs.
- Plugins.
- Browser.
- Design.
- Device Control.
These live under Settings or Future Islands.
+---------------------------------------------------------------+
| Top Bar: workspace, model, status, command palette, settings |
+--------------+-----------------------------+------------------+
| File Tree | Chat Timeline | Code Workspace |
| | | |
| Open Editors | User/assistant messages | Tabs |
| Pinned Files | Tool cards | Monaco |
| Recent Files | Command cards | Diff editor |
| Repo Tree | Diff cards | Diagnostics |
| Search | Verification cards | Breadcrumbs |
+--------------+-----------------------------+------------------+
| Status Bar: branch, diagnostics, provider, tokens, task state |
+---------------------------------------------------------------+
The design should borrow quality principles from Claude, Cursor, Linear, Raycast, Arc, and modern desktop apps:
- Calm density.
- Clear hierarchy.
- Minimal chrome.
- Strong typography.
- Fast keyboard-first workflows.
- Crisp icons.
- Subtle animation.
- No dashboard noise in the main workspace.
- No oversized marketing-style panels.
- No decorative visual clutter.
- No gradients that reduce readability.
- No nested cards.
- No overloaded status badges.
UI modules:
WorkspaceShell: owns the three-column layout.TopBar: owns global workspace/model/status commands.FileTreePanel: owns navigation and file operations.ChatPanel: owns composer and timeline.CodeWorkspace: owns editor tabs, Monaco, diagnostics, diff panel.StatusBar: owns branch, diagnostics, current session, provider, token/cost summary.CommandPalette: owns searchable actions.Settings: owns provider/model/runtime/user preferences.FutureIslandShell: owns isolated placeholder entry points.
Use domain stores, not one mega store.
Recommended stores:
workspaceStore: root path, workspace metadata, recent workspaces.fileTreeStore: tree nodes, expanded state, selection, file operations.editorStore: open tabs, active tab, splits, dirty buffers, cursor positions.chatStore: composer state, selected session, streaming UI state.timelineStore: persisted timeline events.sessionStore: session metadata, execution state, checkpoints.changeSetStore: pending diffs, accepted/rejected states, snapshots.providerStore: providers, selected model, health.settingsStore: user preferences.notificationStore: toasts and banners.commandStore: command palette registry.featureFlagStore: enabled modules.
Do not put runtime services directly in UI stores. UI stores should store serializable state. Runtime services should expose typed APIs and events.
Runtime emits ExecutionEvent
-> SessionEventAdapter validates event
-> timelineStore appends normalized item
-> chat UI renders item
-> side effects update editor/file tree/status only when event is committed
- Streaming text uses buffered rendering to avoid re-rendering every token.
- Timeline uses virtualization for long sessions.
- File tree uses virtualization for large repos.
- Editor tabs and diagnostics use memoized selectors.
- Tool cards are pure render components.
- Long outputs are collapsed by default after threshold.
- Inline errors include retry paths.
The Electron main process owns privileged operations:
- Filesystem.
- Shell process spawning.
- Git process execution.
- Secure credential storage.
- Native dialogs.
- Window management.
- Crash logs.
- IPC validation.
- Local artifact storage.
The renderer owns product UI and AI orchestration, but privileged actions go through main-process APIs with validation.
Required services:
WorkspaceService: open/list/read/write/watch workspace files.ShellService: run commands with streaming output and cancellation.GitService: status/diff/add/restore/commit/log/branch.CredentialService: encrypt/decrypt provider keys.ArtifactService: store logs, screenshots, command outputs, diffs.DiagnosticsService: run typecheck/lint/test adapters where applicable.SecurityService: validate paths, command risk, file operation scope.RecoveryService: store crash checkpoints and restore hints.ObservabilityService: structured logs and telemetry events.
Every IPC handler must:
- Validate input with schema.
- Validate workspace scope.
- Return typed result object.
- Never throw raw errors to renderer.
- Include stable error codes.
- Include human-readable error messages.
- Include recovery hints where possible.
- Log structured error context.
Canonical result:
type IpcResult<T> =
| { ok: true; data: T; meta?: Record<string, unknown> }
| { ok: false; error: { code: string; message: string; detail?: string; recoverable: boolean } }The AI runtime is a coding-specific engine. It should be internally sophisticated but externally simple.
CodingRuntime
-> SessionManager
-> AgentOrchestrator
-> ContextPipeline
-> PromptPipeline
-> ProviderGateway
-> StreamingLayer
-> ToolRouter
-> ToolExecutionEngine
-> VerificationEngine
-> RepairLoop
-> ResultFormatter
CodingRuntime owns:
- Session lifecycle.
- Provider calls.
- Agent role selection.
- Context construction.
- Tool routing.
- Streaming coordination.
- Tool execution.
- Diff generation.
- Verification.
- Error recovery.
- Cost/token accounting.
- Timeline event emission.
CodingRuntime must not own:
- Browser automation.
- Design generation.
- Device control.
- Product UI rendering.
- Main-process direct filesystem access.
- Provider credential storage.
Only three user-facing coding modes:
Ask: answer questions, no file writes unless user explicitly requests.Edit: make code changes with review.Agent: plan, edit, run commands, repair, and verify.
Advanced internal modes can exist but should not appear in primary UI.
createSession()
-> loadConversation()
-> buildContext()
-> createPlan()
-> executePlan()
-> runTools()
-> collectChanges()
-> verify()
-> repairIfNeeded()
-> formatResult()
-> persistSession()
The user sees one assistant. Internally, Vibe Coder may use multiple coding agents.
Core roles for this phase:
- Manager.
- Planner.
- Coder.
- Reviewer.
- Debugger.
- Tester.
- Refactorer.
- Documentation.
- Security.
- Performance.
Only Manager, Planner, Coder, Reviewer, Debugger, and Tester are active in Core v1. Others remain available for later.
Responsibilities:
- Interpret user intent.
- Choose execution mode.
- Decide whether a plan is needed.
- Assign internal roles.
- Control task budget.
- Stop runaway execution.
- Summarize final result.
Input:
- User message.
- Session state.
- Workspace state.
- Model availability.
- Context summary.
Output:
- Execution strategy.
- Role assignments.
- Budget limits.
- Escalation decisions.
- Final response outline.
Permissions:
- May call Planner.
- May call Coder.
- May call Reviewer.
- May call Debugger.
- May approve read-only tools.
- May not directly write files.
- May not run shell commands directly.
Memory scope:
- Session memory.
- Task memory.
- Repository summary.
Priority:
- Highest orchestration priority.
Escalation:
- Ask user if request is ambiguous, risky, or outside coding scope.
Responsibilities:
- Build implementation plan.
- Identify files likely to change.
- Identify tests/commands.
- Identify risks.
- Define acceptance criteria.
Input:
- User goal.
- Context pack.
- Repo index.
- Open files.
Output:
- Structured plan.
- Candidate files.
- Tool needs.
- Verification strategy.
Permissions:
- Read files.
- Search code.
- Query index.
- No file writes.
- No shell writes.
Memory scope:
- Working memory only.
Priority:
- High before multi-file edits.
Escalation:
- If plan confidence is low, ask Manager to request clarification.
Responsibilities:
- Apply code edits.
- Create new files.
- Modify existing files.
- Preserve style.
- Keep changes minimal.
Input:
- Approved plan.
- Context pack.
- File contents.
- Coding standards.
Output:
- Proposed change set.
- Rationale.
- Follow-up verification commands.
Permissions:
- Read files.
- Edit files through ChangeSet Manager only.
- Create files through ChangeSet Manager only.
- No direct disk writes.
- No shell commands except through Manager-approved execution.
Memory scope:
- Task memory.
- File-level context.
Priority:
- High during implementation.
Escalation:
- If edit conflicts or unknown architecture appears, ask Planner/Manager.
Responsibilities:
- Review generated changes.
- Check for regressions.
- Check edge cases.
- Check style and maintainability.
- Check whether scope drift occurred.
Input:
- Diff.
- Plan.
- Acceptance criteria.
- Test results.
Output:
- Review findings.
- Required repairs.
- Approval recommendation.
Permissions:
- Read diff.
- Read relevant files.
- Run read-only analysis tools.
- No writes.
Memory scope:
- Task memory.
Priority:
- High before final response.
Escalation:
- If serious issue found, route to Debugger or Coder.
Responsibilities:
- Analyze failing commands.
- Interpret stack traces.
- Identify root cause.
- Propose repair.
Input:
- Failure output.
- Recent changes.
- Relevant files.
Output:
- Failure diagnosis.
- Repair instructions.
- Confidence score.
Permissions:
- Read files.
- Search files.
- Run diagnostic commands with approval.
- No direct writes.
Memory scope:
- Failure memory.
Priority:
- High on failures.
Responsibilities:
- Select verification commands.
- Run tests through command tool.
- Interpret results.
- Recommend additional checks.
Input:
- Plan.
- Changed files.
- Package scripts.
- Project type.
Output:
- Verification command list.
- Test results.
- Pass/fail summary.
Permissions:
- Run read-only tests/builds/lints.
- No file writes except tool-generated caches allowed by command policy.
Memory scope:
- Task verification memory.
Agents do not chat freely. They communicate through structured messages.
type AgentMessage = {
id: string
sessionId: string
fromRole: AgentRole
toRole: AgentRole | "manager"
type: "plan" | "request" | "result" | "finding" | "repair" | "approval"
summary: string
payload: unknown
confidence: number
createdAt: number
}Rules:
- Manager is the only router.
- Agents cannot recursively spawn agents.
- Agents cannot bypass tool permissions.
- Agents cannot write directly to disk.
- Agents cannot call providers directly.
- Agents cannot expose internal messages to the user by default.
- The final user response is synthesized by Manager.
- Agent outputs are persisted as internal artifacts for debugging.
- User-visible timeline shows activities, not agent identity, unless advanced details are expanded.
- Every agent handoff has a reason and expected output.
The provider layer must support many providers without leaking provider-specific logic into the runtime.
interface ProviderAdapter {
id: string
displayName: string
family: "openai" | "anthropic" | "google" | "openai-compatible" | "local"
listModels(config: ProviderConfig): Promise<ModelInfo[]>
complete(request: ProviderRequest): Promise<ProviderResponse>
stream(request: ProviderRequest): AsyncIterable<ProviderStreamEvent>
validate(config: ProviderConfig): Promise<ProviderValidationResult>
getCapabilities(model: string): ModelCapabilities
}interface ModelInfo {
id: string
displayName: string
providerId: string
contextWindow: number
maxOutputTokens: number
supportsTools: boolean
supportsStreaming: boolean
supportsVision: boolean
supportsJson: boolean
supportsReasoning: boolean
supportsPromptCaching: boolean
cost: {
inputPerMillion?: number
outputPerMillion?: number
}
}- Normalize chat completion.
- Normalize streaming.
- Normalize tool calls.
- Normalize errors.
- Normalize usage/cost.
- Track provider health.
- Track rate limits.
- Support fallback chains.
- Support cancellation.
- Support retries.
- Support request tracing.
- Support provider-specific adapter logic.
Core v1 default:
- Use selected model for everything.
- If selected model is unavailable, use configured fallback.
- If no fallback exists, show actionable provider error.
Advanced routing later:
- Planner prefers strong reasoning model.
- Coder prefers strong code model.
- Reviewer prefers strong reasoning plus large context.
- Tester can use cheaper model for interpretation.
- Documentation can use cheaper writing model.
- Security can use stronger model.
- Fast answers can use low-latency model.
Health dimensions:
- Validation status.
- Last successful request.
- Consecutive failures.
- Rate-limit state.
- Average latency.
- Streaming reliability.
- Tool-call reliability.
- Model availability.
Routing must not choose a provider with known hard failure unless user explicitly forces it.
All coding tools execute through one framework.
Tool Router
-> Tool Policy
-> Tool Validator
-> Tool Scheduler
-> Tool Executor
-> Tool Result Normalizer
-> Timeline Event Adapter
-> Artifact Store
Read-only:
- Read file.
- List directory.
- Search files.
- Search content.
- Query symbols.
- Query diagnostics.
- Git status.
- Git diff.
Write:
- Create file.
- Edit file.
- Delete file.
- Rename file.
- Apply patch.
- Format file.
Execution:
- Run command.
- Run package script.
- Run tests.
- Run build.
- Run lint.
- Run typecheck.
Git write:
- Stage.
- Unstage.
- Restore.
- Commit.
Disabled this phase:
- Browser actions.
- Design actions.
- Device actions.
type ToolResult<T = unknown> = {
ok: boolean
toolCallId: string
name: string
startedAt: number
completedAt: number
durationMs: number
data?: T
error?: ToolError
artifacts?: ArtifactRef[]
summary: string
}Commands render like:
Running npm test
cwd: /repo
status: running
stdout/stderr stream...
Completed in 12.4s
exit code: 0
Required UX:
- Command title.
- Working directory.
- Start time/duration.
- Running spinner.
- Exit code.
- Collapsed output after threshold.
- Copy output.
- Save full log artifact.
- Rerun command.
- Stop command.
- Show approval reason for risky commands.
Terminal must never be a page. User-controlled interactive terminal can exist as an overlay or command palette action, but not as a primary route and not as a replacement for agent command cards.
Command policy:
- Read-only commands can auto-run if configured.
- Package install requires approval unless allowlisted.
- Network commands require approval.
- Destructive commands require approval or hard block.
- Commands outside workspace require approval.
- Commands touching parent directories require approval.
- Credential-exposing commands are blocked.
File policy:
- Reads are allowed inside workspace.
- Writes require change set.
- Deletes require explicit review.
- Binary writes require explicit review.
- Generated files are labeled.
The chat should feel close to Claude in simplicity:
- Large message area.
- Minimal header.
- Clean composer.
- Streaming assistant response.
- Collapsible thinking/progress.
- Tool cards inline.
- Command cards inline.
- Diff cards inline.
- Retry and follow-up affordances.
Timeline item types:
- User message.
- Assistant message.
- Thinking/progress.
- Plan.
- Tool call.
- Command execution.
- File read summary.
- File edit summary.
- Diff card.
- Diagnostic result.
- Test result.
- Error.
- Approval request.
- Completion summary.
Features:
- Plain natural language input.
@filereferences.@folderreferences.@symbolreferences.@selectionreference.- Attach file.
- Mode toggle: Ask/Edit/Agent.
- Model picker.
- Send/cancel.
- Keyboard shortcuts.
Do not expose:
- Agent role selector in primary composer.
- Token tuning.
- Prompt selection.
- Browser/design/device toggles.
Tool cards should be visually compact:
- Icon.
- Verb.
- Target.
- Status.
- Duration.
- Expand details.
Examples:
- "Read
src/App.tsx" - "Searched
useAuthin 38 files" - "Edited 3 files"
- "Ran
npm test"
Diff card requirements:
- Multi-file summary.
- Per-file status.
- Add/delete counts.
- Expand compact diff.
- Open full diff in editor.
- Accept file.
- Reject file.
- Accept all.
- Reject all.
- Conflict warning.
The file tree must compete with Cursor and VS Code.
- Virtualization.
- Lazy loading.
- Search/filter.
- File icons.
- Git status badges.
- Diagnostics badges.
- Context menu.
- Create file.
- Create folder.
- Rename.
- Move.
- Delete.
- Drag and drop.
- Open editors section.
- Pinned files section.
- Recent files section.
- Reveal active file.
- Collapse all.
- Refresh.
- Respect ignore rules.
- Large repository mode.
- Initial render under 150ms for cached tree.
- Search starts under 100ms.
- Expanding folder under 100ms for typical folder.
- 50k files supported without UI lock.
- File watching batched.
- No full tree re-render on file change.
User can:
- Add file to context.
- Remove file from context.
- Pin file for AI.
- Ask about file.
- Ask to edit file.
- Open file in diff.
The file tree itself must not decide AI behavior. It only provides explicit user context.
The editor must feel professional.
- Monaco editor.
- Tabs.
- Split view.
- Dirty state.
- Save/revert.
- Breadcrumbs.
- Diagnostics.
- Git decorations.
- Inline suggestions.
- Code actions.
- Find/replace.
- Symbol outline.
- Go to definition where available.
- Sticky scroll where practical.
- Minimap toggle.
- Diff editor.
- Read-only generated diff mode.
- Large file mode.
- Binary file placeholder.
- Encoding preservation.
Required:
- Ask about selection.
- Edit selection.
- Explain file.
- Generate tests for file.
- Refactor symbol.
- Apply change from chat diff.
- Open changed file from timeline.
- Show inline diagnostics after agent edit.
Do not add too many visible AI buttons. Use command palette and contextual actions.
Context quality is a product differentiator. The pipeline must be explicit.
User Intent
-> Intent Classifier
-> Context Request
-> Source Collectors
-> Ranking
-> Deduplication
-> Compression
-> Budget Allocation
-> Context Pack
- User message.
- Current file.
- Current selection.
- Open tabs.
- Pinned files.
- Recent files.
- Recently changed files.
- File tree selection.
- Search results.
- Symbol index.
- AST references.
- Repository summary.
- Project config files.
- Conversation history.
- Task history.
- Diagnostics.
- Git diff.
Disabled for this phase:
- Browser state.
- Design canvas state.
- Device/screen state.
- Explicit mention.
- Open/active file.
- Selection.
- Symbol match.
- Import graph proximity.
- Recent edits.
- Git changes.
- Diagnostic relevance.
- Filename/path similarity.
- Semantic similarity.
- Test relationship.
- Recency in conversation.
type ContextPack = {
id: string
intent: UserIntent
budget: TokenBudget
sources: ContextSource[]
messages: ContextMessage[]
omitted: OmittedContext[]
stats: {
estimatedTokens: number
maxTokens: number
sourceCount: number
}
}Recommended budget allocation:
- 10 percent: system/developer instructions.
- 15 percent: recent conversation.
- 35 percent: relevant files.
- 15 percent: repository summaries/index.
- 10 percent: diagnostics/git state.
- 10 percent: tool results.
- 5 percent: reserve.
This is a default. It can adapt by task type.
Memory must help coding, not create invisible behavior.
Short-term memory:
- Current user message.
- Current plan.
- Current tool results.
- Current change set.
Working memory:
- Facts discovered during current task.
- Failure analysis.
- Decisions made.
- Files touched.
Session memory:
- Conversation messages.
- Timeline events.
- Checkpoints.
- User approvals.
Repository memory:
- Project structure summary.
- Key modules.
- Build/test commands.
- Architectural notes.
- Generated index.
Long-term memory:
- User preferences.
- Repeated project conventions.
- Common commands.
Core v1 should enable short-term, working, session, and repository memory. Long-term memory should be opt-in.
- Memory writes are explicit or explainable.
- Long-term memory is off by default.
- Memory can be inspected.
- Memory can be deleted.
- Memory has TTL/eviction.
- Sensitive data is not stored in long-term memory.
- Provider keys are never in memory.
- Tool outputs are summarized before long-term storage.
- Repository memory is workspace-scoped.
- Session memory is session-scoped.
Prompting should be structured, testable, and versioned.
- Global coding behavior.
- Product identity.
- Mode instructions.
- Agent role instructions.
- Tool-use policy.
- Safety policy.
- Repository instructions.
- Context pack.
- Conversation history.
- Current user request.
Responsibilities:
- Compose prompts.
- Version prompts.
- Enforce max size.
- Deduplicate repeated instructions.
- Attach tool schemas.
- Insert repository instructions.
- Insert selected context.
- Log prompt hash and token estimate.
- Never expose hidden prompt content to normal UI.
Core v1 should have one primary coding prompt with role-specific overlays.
Avoid:
- Many competing prompt builders.
- User-facing prompt complexity.
- Prompt cache as product feature.
- Unbounded system prompts.
- Hidden prompt mutation during a task.
Golden tests:
- Ask mode prompt.
- Edit mode prompt.
- Agent mode prompt.
- No workspace prompt.
- Large context prompt.
- Tool policy prompt.
- Diff review prompt.
- Failure repair prompt.
Streaming must unify provider output, tool events, and command output.
Provider stream
Command stream
Tool event stream
-> Stream Normalizer
-> Event Buffer
-> Timeline Adapter
-> Renderer
type StreamEvent =
| { type: "assistant_token"; text: string }
| { type: "assistant_done"; usage?: Usage }
| { type: "tool_started"; toolCallId: string; name: string }
| { type: "tool_progress"; toolCallId: string; message: string }
| { type: "tool_completed"; toolCallId: string; result: ToolResult }
| { type: "command_output"; commandId: string; stream: "stdout" | "stderr"; chunk: string }
| { type: "error"; error: RuntimeError }- First token visible quickly.
- Buffered updates to avoid UI churn.
- Word-boundary buffering for assistant text.
- Raw chunk buffering for command output.
- Cancellation propagates through provider and tools.
- Stream completion is explicit.
- Stale streams are evicted.
- Reconnect/replay from persisted events where possible.
Sessions are durable coding work units.
type CodingSession = {
id: string
workspaceId: string
title: string
createdAt: number
updatedAt: number
status: "idle" | "running" | "needs_review" | "failed" | "cancelled" | "complete"
messages: MessageRef[]
timeline: TimelineEventRef[]
checkpoints: CheckpointRef[]
changeSets: ChangeSetRef[]
provider: ProviderSessionInfo
settings: SessionSettings
}Create checkpoints:
- Before AI edits.
- Before accepting changes.
- Before running high-risk command.
- Before session finalization.
- On crash recovery interval.
On app restart:
- Load open workspace.
- Load active sessions.
- Detect incomplete executions.
- Mark interrupted commands.
- Restore pending diffs.
- Restore dirty buffers.
- Offer resume or archive.
Token optimization should improve quality and cost without becoming visible complexity.
- Context ranking.
- Deduplication.
- File chunking.
- Repository summaries.
- Conversation summarization.
- Tool-result summarization.
- Prompt caching where provider supports it.
- Short model-specific tool descriptions.
- Lazy context expansion.
- Use smaller models for classification.
- Avoid resending unchanged file contents when possible.
Use one TokenBudgetManager.
It owns:
- Model context window.
- Reserved output tokens.
- Current prompt estimate.
- Context allocation.
- Compression decisions.
- Warning thresholds.
Do not allow components to estimate tokens independently except through this manager.
Cost is controlled by:
- Model routing.
- Context trimming.
- Prompt caching.
- Summarization.
- Avoiding redundant retries.
- Avoiding duplicate agents.
- Running cheap classifiers locally when possible.
- Showing per-session cost estimate.
- Allowing user budget limits.
Core v1 cost UI:
- Session token estimate.
- Provider/model label.
- Optional cost estimate in status bar.
- Warning before expensive long task if estimate exceeds threshold.
- Virtualized file tree.
- Virtualized timeline.
- Memoized selectors.
- Batched streaming updates.
- Lazy loaded settings pages.
- Lazy loaded future islands.
- Large file mode in editor.
- Worker-based indexing.
- Debounced file watchers.
- Incremental indexing.
- Cache repository summaries.
- Cache model metadata.
- Cache provider health.
- Reuse parsed AST where possible.
- Parallel read-only file reads.
- Sequential writes through ChangeSet Manager.
- Bounded tool concurrency.
- Background tasks with priority.
Core startup should initialize only:
- App shell.
- Workspace state.
- File tree shell.
- Chat shell.
- Editor shell.
- Provider settings.
- Core tool registry.
Lazy initialize:
- Repository index.
- Language graph.
- Memory.
- Advanced agents.
- Future islands.
- Plugins.
- MCP.
Every error must be typed.
Categories:
- Provider errors.
- Tool errors.
- File errors.
- Command errors.
- Git errors.
- Diff conflicts.
- Context errors.
- Prompt errors.
- Session errors.
- Permission errors.
- Runtime cancellation.
- Internal invariant violation.
Error shape:
type RuntimeError = {
code: string
message: string
detail?: string
recoverable: boolean
retryable: boolean
userAction?: string
cause?: unknown
}User-facing errors should answer:
- What failed?
- Why likely?
- What can I do?
- Did any files change?
- Can I retry?
Retry only:
- Transient network failure.
- Timeout.
- Rate limit after backoff.
- 5xx provider error.
Do not retry:
- Auth failure.
- Invalid model.
- Invalid request schema.
- Tool schema mismatch.
- User cancellation.
Retry read-only tools if safe.
Do not automatically retry writes. Writes require deterministic change set state.
When verification fails:
Failure output
-> Debugger analyzes
-> Planner updates repair plan
-> Coder applies repair
-> Tester verifies
-> Reviewer checks diff
Limit repair loop count by default to 2. Ask user before continuing.
Observability must support debugging without exposing secrets.
- Session created.
- Provider selected.
- Provider request started/completed/failed.
- Tool call started/completed/failed.
- Command started/output/completed/failed.
- Change set created.
- Diff accepted/rejected.
- Verification started/completed/failed.
- Cancellation.
- Recovery.
- Feature island attempted activation.
Never log:
- API keys.
- Authorization headers.
- Full prompts by default.
- Full file contents by default.
- Secret-like values.
- Clipboard contents.
Log:
- Prompt hash.
- Token estimate.
- Model ID.
- Provider ID.
- Error code.
- Duration.
- Artifact references.
- Renderer cannot directly access filesystem.
- Renderer cannot directly spawn commands.
- Renderer cannot directly read credentials.
- Main process validates paths and commands.
- Tool engine enforces permissions.
- ChangeSet Manager controls writes.
- Future islands cannot register active tools.
Rules:
- File reads/writes stay inside workspace unless explicit user approval.
- Symlinks must resolve within allowed roots unless approved.
- Parent directory writes blocked by default.
- Hidden files allowed only if inside workspace, but secrets are treated carefully.
Hard block examples:
- Recursive delete outside workspace.
- Credential dumping commands.
- System shutdown/restart.
- Disk formatting.
- Permission escalation.
- Background persistence installation.
Approval required examples:
- Package install.
- Network command.
- Git push.
- Git reset.
- File deletion.
- Large file rewrite.
Plugins are not active in Core v1 coding pipeline unless explicitly enabled.
Target architecture:
Plugin Manifest
-> declared capabilities
-> declared tools
-> declared permissions
-> declared UI contributions
-> runtime sandbox
Core rule:
Plugins cannot silently add tools to coding runtime. User must enable plugin tools explicitly.
Extension model should eventually support:
- Tool providers.
- Context providers.
- UI panels.
- Commands.
- Language support.
- Provider adapters.
But Core v1 should focus on built-in coding tools.
The Browser, Design, and Device Control modules become future feature islands.
Each island has:
- Own route.
- Own store.
- Own service facade.
- Own feature flag.
- Own placeholder runtime boundary.
- Own settings section.
- Own future tool registry.
Each island must not:
- Register tools with coding runtime.
- Subscribe to coding execution events.
- Add context to coding prompts.
- Start background processes.
- Call providers.
- Modify session memory.
- Affect workspace status.
interface FutureIslandModule {
id: "browser" | "design" | "device-control"
label: string
status: "placeholder" | "disabled" | "enabled"
route: string
initialize?: () => Promise<void>
shutdown?: () => Promise<void>
}During this phase, all future islands return status: "placeholder" or status: "disabled".
Reintegration requires:
- Dedicated architecture spec.
- Dedicated tool registry namespace.
- Dedicated context provider.
- Dedicated permission policy.
- Dedicated tests.
- Explicit feature flag.
- Explicit user setting.
- No changes to coding core contracts.
Current phase:
- Preserve Browser UI.
- Preserve Browser files.
- Remove Browser from active coding tool route.
- Disable browser context injection.
- Disable browser verification.
Future phase:
- Browser session manager.
- Browser action tools.
- DOM snapshot.
- Console capture.
- Network capture.
- Screenshot artifacts.
- Visual annotations.
- Local dev server detection.
- Browser verification loop.
- Browser diff evidence.
Integration point later:
CodingRuntime calls BrowserCapabilityProvider only when browser feature flag is enabled and user task requires frontend verification.
Current phase:
- Preserve Design UI.
- Preserve Design files.
- No active design tools.
- No design context injection.
- No prompt-to-design generation.
Future phase:
- Screenshot annotation.
- Component preview.
- Visual edit request.
- Design token extraction.
- Responsive preview.
- Accessibility review.
- Design-to-code repair loop.
- Generated mockups.
- Claude Design-style artifact generation.
- Visual regression.
Integration point later:
Design Studio produces structured design requests that CodingRuntime can convert into code tasks.
Current phase:
- Preserve placeholder only if files exist.
- No device automation.
- No screen reading.
- No keyboard/mouse control.
- No clipboard access.
Future phase:
- Screen observation.
- OCR.
- Active window detection.
- Permissioned click/type.
- App switching.
- Clipboard read/write with approval.
- Action replay.
- Sensitive app guard.
- Emergency stop.
- Audit log.
Integration point later:
Device Control becomes a separately permissioned capability. It must never be silently available to coding tasks.
Goals:
- Disable future modules from active runtime.
- Reduce startup load.
- Establish coding-only feature flags.
- Ensure one provider can power first chat.
Tasks:
- Add feature flag registry.
- Mark Browser/Design/Device Control as future islands.
- Remove island tools from coding tool registry.
- Remove island context from coding context builder.
- Lazy load island routes.
- Simplify nav.
- Simplify first-run provider setup.
- Remove Manager-role requirement from first chat.
- Add mock provider for tests.
- Add startup health tests.
Goals:
- One session path.
- One event schema.
- One stream path.
- One tool execution path.
Tasks:
- Define canonical execution events.
- Normalize tool results.
- Normalize command stream events.
- Fix cancellation propagation.
- Persist timeline events.
- Add replay tests.
- Remove duplicate runtime paths from active coding mode.
- Add failure recovery events.
Goals:
- Claude-quality chat loop.
- Terminal commands inline only.
Tasks:
- Build command execution card.
- Stream command output into card.
- Add stop/rerun/copy.
- Add approvals inline.
- Remove terminal page.
- Move interactive terminal to optional overlay.
- Add long-output artifact storage.
- Add tests for command lifecycle.
Goals:
- Safe multi-file edits.
- Reviewable and undoable changes.
Tasks:
- Define ChangeSet model.
- Route all writes through ChangeSet Manager.
- Create pre-write snapshots.
- Create diff cards.
- Add accept/reject.
- Add conflict detection.
- Add undo.
- Add diff tests.
Goals:
- High-quality repository understanding.
- Stable prompts.
Tasks:
- Build ContextPackBuilder.
- Build CoreSystemPromptBuilder.
- Add prompt golden tests.
- Add context ranking.
- Add context source UI.
- Add token budget manager.
- Disable advanced memory by default.
Goals:
- Production-level file tree/editor experience.
- Professional UX.
Tasks:
- File tree virtualization.
- File actions.
- Git decorations.
- Diagnostics badges.
- Editor tabs/splits.
- Command palette.
- Keyboard shortcuts.
- Visual QA.
Goals:
- Internal coding-role collaboration.
- No user-facing swarm.
Tasks:
- Manager/Planner/Coder/Reviewer/Debugger/Tester roles.
- Structured agent messages.
- Agent handoff traces.
- Hidden internal artifacts.
- Advanced details toggle.
- Repair loop.
Goals:
- Reliability, security, and release readiness.
Tasks:
- Full golden workflow tests.
- Crash recovery tests.
- Performance budget tests.
- Security tests.
- Provider failure tests.
- Large repo tests.
- Memory leak tests.
- Installer smoke tests.
Acceptance:
- Open workspace.
- Configure one provider.
- Ask question.
- Read files.
- Edit one file.
- Show diff.
- Accept diff.
- Persist session.
Acceptance:
- Run build/test/lint through chat cards.
- Show streaming output.
- Cancel command.
- Recover from failure.
Acceptance:
- Plan multi-file change.
- Edit multiple files.
- Review diff.
- Run verification.
- Repair failures.
Acceptance:
- File tree and editor feel competitive.
- Command palette works.
- Keyboard shortcuts work.
- Sessions recover.
- UI passes visual QA.
Acceptance:
- Planner, Coder, Reviewer, Debugger, Tester collaborate internally.
- User sees one assistant.
- Repair loop works.
For the coding milestone to be accepted:
- User can complete 15 golden coding workflows.
- Browser/Design/Device modules are isolated from active runtime.
- No standalone terminal page exists.
- Commands render in chat.
- File edits route through ChangeSet Manager.
- Diffs are reviewable.
- Accepted changes create snapshots.
- Rejected changes do not touch disk.
- Sessions persist and resume.
- Provider failures are readable and recoverable.
- Typecheck passes.
- Focused test suites pass.
- No known data-loss bug.
- No high-severity security gap.
- UI passes desktop visual QA.
A feature is done only when:
- It has an owner subsystem.
- It has typed interfaces.
- It has error handling.
- It has cancellation if long-running.
- It has tests.
- It has user-facing empty/error states.
- It has observability.
- It respects feature flags.
- It does not activate future islands.
- It is documented if architectural.
+----------------------+
| User |
+----------+-----------+
|
v
+----------------------+ +--------+---------+ +----------------------+
| File Tree | | Chat Timeline | | Code Workspace |
| open/pin/search | | messages/cards | | editor/diff/tabs |
+----------+-----------+ +--------+---------+ +----------+-----------+
| | |
+-----------+-----------+-----------+-----------+
| |
v v
+-------+-----------------------+------+
| Coding Runtime |
| session, agents, context, prompt |
+-------+-----------------------+------+
| |
+-------------+-------+ +------+--------------+
| Provider Gateway | | Tool Execution |
| models/stream/tools | | files/commands/git |
+-------------+-------+ +------+--------------+
| |
v v
+---------+---------+ +--------+-------------+
| AI Providers | | Electron Main APIs |
+-------------------+ +----------------------+
Future Islands: Browser, Design, Device Control
Preserved, routed separately, not connected to Coding Runtime in this phase.
Mitigation:
- Enforce coding-only scope.
- Feature flag future modules.
- Require acceptance criteria for each phase.
Risk: Hidden Cross-Module Coupling
Mitigation:
- Future island contract.
- Tool registry namespace checks.
- Context provider tests.
Mitigation:
- One selected model by default.
- Advanced routing later.
- Provider facade now.
Mitigation:
- ChangeSet Manager.
- Snapshots.
- Conflict detection.
- Review before write or before accept depending implementation.
Mitigation:
- Command lifecycle state machine.
- Timeout.
- Cancellation.
- Exit-code capture.
- Full output artifact.
Mitigation:
- Explicit ContextPackBuilder.
- Disabled future-island context.
- Source visibility.
- No duplicate subsystem without ADR.
- No direct provider call outside provider gateway.
- No direct filesystem write outside ChangeSet Manager or main service.
- No direct shell spawn outside ShellService.
- No runtime feature without feature flag.
- No new top-level route without product approval.
- No hidden context source.
- No untyped event payload.
- No catch block that swallows error silently.
- No UI state stored only in component if it must recover.
- No advanced module dependency in coding runtime.
- No long task without cancellation.
- No command execution without policy check.
- No file deletion without explicit review.
- No prompt change without golden test update.
- Strict types.
- No
anyin runtime interfaces unless contained at boundary. - Zod or equivalent schema validation for IPC/tool inputs.
- Result types for recoverable failures.
- Explicit cancellation signals.
- Discriminated unions for events.
- Domain components.
- Pure render components for timeline cards.
- Store selectors with shallow comparison.
- Avoid giant components.
- Lazy load non-core routes.
- Accessibility labels for controls.
- Keyboard navigation.
- No side effects during import.
- Lazy initialize heavy services.
- Explicit lifecycle start/stop.
- Structured logs.
- Redacted telemetry.
- Bounded caches.
- Unit tests for pure logic.
- Integration tests for runtime events.
- E2E tests for golden workflows.
- Visual tests for major UI changes.
- Regression tests for every fixed bug.
Workspace:
- User knows where to type.
- User knows which workspace is open.
- User knows which model is active.
- User knows whether AI is working.
- User can cancel.
Chat:
- Streaming feels smooth.
- Tool cards are readable.
- Command cards are beautiful.
- Errors are clear.
- Diffs are easy to review.
Editor:
- Tabs are clear.
- Dirty state is clear.
- Diagnostics are visible.
- Diff mode is understandable.
File tree:
- Fast with large repos.
- Context actions discoverable.
- Git/diagnostic states readable.
Accessibility:
- Keyboard usable.
- Focus visible.
- Contrast sufficient.
- Buttons have labels/tooltips.
- Typecheck passes.
- Lint passes.
- Unit tests pass.
- Integration tests pass.
- E2E golden workflows pass.
- Installer builds.
- Crash recovery works.
- Provider setup works.
- Session persistence works.
- Command cancellation works.
- Diff accept/reject works.
- Snapshot restore works.
- Future islands isolated.
- Logs redacted.
- Security review complete.
- Performance budgets met.
- Memory leak checks pass.
- Visual QA complete.
- Documentation updated.
- Known issues triaged.
| Capability | Cursor | Claude Code Desktop | Codex | Windsurf/Devin Desktop | VS Code | Target Vibe Coder |
|---|---|---|---|---|---|---|
| Chat coding | Strong | Strong | Strong | Strong | Extension-based | Strong, minimal, timeline-first |
| Inline edits | Strong | Moderate | Strong | Strong | Extension-based | Strong through editor and chat |
| Agentic multi-file edits | Strong | Strong | Strong | Strong | Extension-based | Strong with reviewable change sets |
| Terminal execution | Present | Present | Present | Permissioned | Native terminal | Inline chat cards only |
| Diff review | Strong | Strong | Strong | Strong | Strong | Strong, snapshot-backed |
| File tree | Strong | Moderate | Moderate | Strong | Excellent | Cursor/VS Code quality |
| Provider flexibility | Limited | Anthropic-first | OpenAI-first | Platform-first | Extension-based | Multi-provider |
| Local-first | Strong | Strong | Strong | Strong | Strong | Strong |
| Browser automation | Emerging | Documented desktop preview/control | Documented in-app browser | Present/varies | Extension-based | Isolated now, future phase |
| Design generation | Limited | Claude ecosystem | Emerging | Limited | Extension-based | Isolated now, future phase |
| Device control | Limited | Documented | Documented | Limited | Extension-based | Isolated now, future phase |
| Session recovery | Strong | Strong | Strong | Checkpoints | Strong | Required |
| Extension model | Limited | External tools | Connectors | Hooks/MCP | Excellent | Later, not Core v1 |
Current repo strengths:
- Electron/React foundation exists.
- Monaco editor exists.
- File tree exists.
- Chat timeline exists.
- Provider package exists.
- Runtime components exist.
- Tool system exists.
- Browser module exists.
- Design module exists.
- Tests exist.
- Typecheck passes.
Current gaps:
- Coding pipeline is mixed with broader agentic ambitions.
- Browser/design concepts are too close to active orchestration.
- Startup initializes too much.
- Provider setup is too role-heavy.
- Chat still exposes agent workforce concepts.
- Terminal still exists as embedded interactive UI instead of only execution cards.
- Multiple prompt/context/token/memory abstractions compete.
- Diff and review systems need one owner.
- Future modules need explicit island boundaries.
- UI needs sharper coding-first focus.
Target remediation:
- Isolate future islands.
- Simplify runtime.
- Simplify provider first-run.
- Build one coding execution path.
- Move terminal execution into chat cards.
- Centralize ChangeSet/Diff/Snapshot.
- Centralize ContextPack/Prompt/Token.
- Hide internal agents.
- Polish workspace.
- Add
runtimeFeatureFlags. - Add
futureIslandRegistry. - Mark Browser/Design/Device as disabled or placeholder.
- Prevent future islands from registering coding tools.
- Prevent future islands from contributing context.
- Prevent future islands from starting during coding runtime boot.
- Simplify first-run provider flow.
- Remove Manager role requirement from sending first chat.
- Add mock provider.
- Add core runtime smoke test.
- Define canonical
ExecutionEvent. - Define canonical
TimelineItem. - Build event adapter.
- Persist timeline events.
- Restore timeline events.
- Fix cancellation propagation.
- Fix optimistic session cleanup.
- Add session recovery.
- Add replay test.
- Add stuck execution detector.
- Define
CommandExecution. - Build
ShellService. - Stream command output.
- Build command timeline card.
- Add stop command.
- Add rerun command.
- Add copy output.
- Add log artifact.
- Add command policy.
- Remove terminal page.
- Define
ChangeSet. - Route writes through ChangeSet Manager.
- Add snapshot creation.
- Add diff generation.
- Add compact diff card.
- Add full diff editor integration.
- Add accept/reject.
- Add conflict detection.
- Add undo.
- Add diff tests.
- Build
ContextPackBuilder. - Build
CoreSystemPromptBuilder. - Build token budget manager facade.
- Add context source UI.
- Add prompt golden tests.
- Disable long-term memory by default.
- Add repo summary generation.
- Add index cache.
- Add context ranking tests.
- Add large repo tests.
- Build provider facade.
- Remove direct AI fetches.
- Add selected default model.
- Add fallback model.
- Add provider health UI.
- Add provider stream tests.
- Add provider error cards.
- Add model picker.
- Add cost estimate.
- Add provider diagnostics.
- Polish file tree.
- Add open editors.
- Add pinned files.
- Add recent files.
- Add git decorations.
- Add diagnostics badges.
- Polish tabs.
- Add split editor.
- Add command palette.
- Add keyboard shortcuts.
- Implement Manager role.
- Implement Planner role.
- Implement Coder role.
- Implement Reviewer role.
- Implement Debugger role.
- Implement Tester role.
- Add structured internal messages.
- Add hidden agent artifacts.
- Add repair loop.
- Add reviewer gate.
- Add crash recovery tests.
- Add command timeout tests.
- Add provider failure tests.
- Add snapshot recovery tests.
- Add UI visual tests.
- Add accessibility pass.
- Add performance profiling.
- Add memory leak checks.
- Add security review.
- Add release checklist.
Vibe Coder should not try to be Browser, Design Studio, Device Control, and Coding IDE at the same time during this phase.
The strongest path is:
- Preserve future modules.
- Isolate future modules.
- Build a world-class coding IDE first.
- Make chat, editor, file tree, inline command cards, diffs, sessions, providers, and context feel production-grade.
- Reconnect Browser, Design, and Device Control only after the coding loop is stable.
This is the architecture that gives AgenticOS a chance to become the long-term AI development operating system without collapsing under its own ambition before the coding experience is excellent.
- OpenAI Codex IDE extension: https://developers.openai.com/codex/ide
- OpenAI Codex in-app browser: https://developers.openai.com/codex/app/browser
- OpenAI Codex computer use: https://developers.openai.com/codex/app/computer-use
- Claude Code Desktop documentation: https://code.claude.com/docs/en/desktop
- Claude Design announcement: https://www.anthropic.com/news/claude-design-anthropic-labs
- Cursor Plan Mode announcement: https://cursor.com/blog/plan-mode
- Windsurf/Devin Desktop Cascade overview: https://docs.windsurf.com/windsurf/cascade
- Windsurf/Devin Desktop Cascade modes: https://docs.windsurf.com/windsurf/cascade/modes
- Windsurf/Devin Desktop terminal permissions: https://docs.windsurf.com/windsurf/terminal
- VS Code Language Server guide: https://code.visualstudio.com/api/language-extensions/language-server-extension-guide
- VS Code Extension API: https://code.visualstudio.com/api/references/vscode-api
- GitHub Copilot cloud agent: https://docs.github.com/copilot/concepts/agents/cloud-agent/about-cloud-agent
The coding runtime must be modeled as state machines instead of loosely coupled booleans. State machines make cancellation, recovery, debugging, replay, and UI rendering predictable.
idle
-> preparing_context
-> planning
-> awaiting_plan_approval
-> executing
-> awaiting_tool_approval
-> applying_changes
-> verifying
-> repairing
-> awaiting_diff_review
-> complete
Any active state
-> cancelling
-> cancelled
Any active state
-> failed
failed
-> retrying
-> preparing_context
awaiting_diff_review
-> accepted
-> rejected
-> complete
Rules:
idlemeans no provider stream, command, or write is active.preparing_contextmeans the runtime is collecting repository context and no model call has started.planningmeans the model is producing a plan or the Planner agent is active.awaiting_plan_approvalis optional and appears only when plan mode requires approval.executingmeans provider/tool loop is running.awaiting_tool_approvalblocks all tool execution until the user responds.applying_changesmeans a ChangeSet is being created or updated.verifyingmeans command/test/lint/typecheck verification is active.repairingmeans a bounded repair loop is active.awaiting_diff_reviewmeans there are pending changes requiring user review.completemeans no required work remains.failedmeans runtime cannot proceed without retry/user action.cancelledmeans all active provider streams and tools are aborted.
queued
-> awaiting_approval
-> starting
-> running
-> stopping
-> stopped
running
-> succeeded
-> failed
-> timed_out
Any state
-> cancelled
Command invariants:
- A command has exactly one working directory.
- A command has exactly one command string displayed to the user.
- A command has a policy decision before execution.
- A command has a start event before any output event.
- A command has a terminal event: succeeded, failed, timed_out, stopped, or cancelled.
- Full command output is stored as an artifact if truncated in UI.
draft
-> proposed
-> pending_review
-> partially_accepted
-> accepted
-> rejected
-> conflicted
-> restored
ChangeSet invariants:
draftcan be modified by Coder.proposedis frozen for review.pending_reviewis visible to the user.partially_acceptedmeans some files/hunks are accepted and some remain pending.acceptedmeans changes are applied and snapshot is recorded.rejectedmeans no proposed changes remain active.conflictedblocks accept until user resolves or regenerates.restoredmeans a previous accepted change set was undone.
created
-> queued
-> sending
-> streaming
-> completed
sending or streaming
-> retrying
-> failed
-> cancelled
Provider invariants:
- Every provider request has a provider ID, model ID, request ID, session ID, and prompt hash.
- Every provider request records token estimate before send.
- Every provider request records actual usage when provider returns it.
- Every provider request redacts secrets from logs.
- A provider stream cannot emit tokens after cancellation is acknowledged.
The product should stabilize shared data models before broad implementation. These models should be imported from a shared package or a runtime/coding/types module.
type TimelineItem =
| UserMessageItem
| AssistantMessageItem
| ThinkingItem
| PlanItem
| ToolCallItem
| CommandItem
| ChangeSetItem
| DiffItem
| VerificationItem
| ErrorItem
| ApprovalItem
| SummaryItemRequired common fields:
type TimelineItemBase = {
id: string
sessionId: string
correlationId: string
type: string
createdAt: number
updatedAt?: number
status?: "pending" | "running" | "succeeded" | "failed" | "cancelled"
visible: boolean
metadata?: Record<string, unknown>
}The timeline must be append-first. Updates may patch existing timeline items by ID, but should not reorder old events except during deterministic replay reconstruction.
type ChangeSet = {
id: string
sessionId: string
title: string
reason: string
createdAt: number
updatedAt: number
status: "draft" | "proposed" | "pending_review" | "partially_accepted" | "accepted" | "rejected" | "conflicted" | "restored"
files: ChangeSetFile[]
baseSnapshotId?: string
acceptedSnapshotId?: string
sourceToolCallIds: string[]
}
type ChangeSetFile = {
id: string
path: string
changeType: "create" | "modify" | "delete" | "rename"
oldPath?: string
beforeContentHash?: string
afterContentHash?: string
beforeContent?: string
afterContent?: string
hunks: DiffHunk[]
status: "pending" | "accepted" | "rejected" | "conflicted"
}type Artifact = {
id: string
sessionId: string
type: "command_log" | "diff_patch" | "provider_trace" | "snapshot" | "diagnostic_report" | "prompt_trace"
path: string
createdAt: number
sizeBytes: number
redacted: boolean
metadata: Record<string, unknown>
}Artifacts should be stored under a workspace-scoped AgenticOS data directory, not scattered through the user's repository unless the user exports them.
type ContextSource = {
id: string
type:
| "user_message"
| "active_file"
| "selection"
| "open_file"
| "pinned_file"
| "recent_file"
| "search_result"
| "symbol"
| "diagnostic"
| "git_diff"
| "project_config"
| "repo_summary"
| "conversation_summary"
label: string
path?: string
range?: { startLine: number; endLine: number }
score: number
estimatedTokens: number
included: boolean
reason: string
}Explicitly excluded for this phase:
browser_dombrowser_screenshotdesign_canvasdevice_screen
If any of these appear in a coding context pack while their island flag is disabled, tests should fail.
interface CodingRuntime {
startSession(input: StartSessionInput): Promise<CodingSession>
sendMessage(sessionId: string, input: UserInput): AsyncIterable<ExecutionEvent>
cancel(sessionId: string): Promise<void>
resume(sessionId: string): AsyncIterable<ExecutionEvent>
getSession(sessionId: string): Promise<CodingSession | null>
listSessions(workspaceId: string): Promise<CodingSessionSummary[]>
}Rules:
- UI never calls individual agents directly.
- UI never calls provider gateway directly for coding messages.
- UI never calls tools directly for agent actions.
- UI can call explicit user commands like "open file" and "git status" through feature services.
interface ToolRouter {
getAvailableTools(context: ToolContext): ToolDefinition[]
authorize(call: ProposedToolCall): Promise<ToolAuthorization>
execute(call: AuthorizedToolCall): AsyncIterable<ToolExecutionEvent>
}Tool Router responsibilities:
- Filter tools by coding phase.
- Exclude future island tools.
- Validate schema.
- Apply policy.
- Request approval if needed.
- Schedule execution.
- Normalize result.
interface ContextPipeline {
build(request: ContextRequest): Promise<ContextPack>
explain(packId: string): Promise<ContextExplanation>
pin(source: ContextPin): Promise<void>
unpin(sourceId: string): Promise<void>
}The explain method matters. Modern AI IDEs fail trust when users cannot tell why the model saw or did not see specific files.
interface PromptPipeline {
compose(request: PromptRequest): Promise<PromptBundle>
estimate(request: PromptRequest): Promise<TokenEstimate>
validate(bundle: PromptBundle): PromptValidationResult
}Prompt bundles should include:
- Provider messages.
- Tool schemas.
- Prompt version.
- Prompt hash.
- Estimated token count.
- Omitted context summary.
Isolation cannot be a promise in documentation only. It must be enforced in code and tests.
Required flags:
type RuntimeFeatureFlags = {
codingCore: true
browserIsland: false
designIsland: false
deviceControlIsland: false
browserToolsInCoding: false
designToolsInCoding: false
deviceToolsInCoding: false
browserContextInCoding: false
designContextInCoding: false
deviceContextInCoding: false
advancedAgents: false
longTermMemory: false
plugins: false
mcp: false
}Flags must be read from one module. No component or service should invent its own flag.
At runtime boot:
Register coding tools
Skip browser tools unless browserToolsInCoding
Skip design tools unless designToolsInCoding
Skip device tools unless deviceToolsInCoding
Add test:
Given default flags
When CodingRuntime initializes
Then registered tools do not include browser_*, design_*, device_*
Add test:
Given default flags
When ContextPipeline builds a pack
Then context source types exclude browser/design/device sources
Add test:
Given default flags
When app boots
Then BrowserManager does not launch
And Design runtime does not initialize
And Device controller does not initialize
Routes may still render placeholders:
/browsermay show Browser Island placeholder or existing isolated UI./designmay show Design Island placeholder or existing isolated UI./device-controlmay show Device Control placeholder.
But entering those routes must not mutate coding runtime state.
Golden workflows are the product's truth tests.
User:
Explain how authentication works in this repo.
Expected:
- Runtime builds context from repo index and likely auth files.
- No file writes.
- No commands unless needed.
- Timeline shows search/read cards.
- Final answer includes file references.
- Session persists.
Pass criteria:
- No diff appears.
- No command runs without need.
- Answer cites relevant files.
User:
Change the button text on the settings page to "Save changes".
Expected:
- Search/read relevant settings file.
- Edit only necessary file.
- Show diff card.
- Ask user to accept/reject.
- On accept, snapshot is created.
Pass criteria:
- One ChangeSet.
- Correct diff.
- Reject leaves disk unchanged.
User:
Rename the provider health hook and update all imports.
Expected:
- Planner identifies symbol and imports.
- Coder edits all references.
- Tester runs typecheck.
- Reviewer checks for missed imports.
- Diff card shows all files.
Pass criteria:
- Typecheck passes.
- No unrelated files changed.
- User can accept/reject all.
User:
Run the tests and fix the first failure.
Expected:
- Command card runs test.
- Failure output is captured.
- Debugger diagnoses failure.
- Coder edits minimal code.
- Tester reruns focused test.
- Final summary explains fix.
Pass criteria:
- Command output appears inline.
- Repair loop bounded.
- Tests pass or clear blocker explained.
User:
Add a keyboard shortcut to open quick search.
Expected:
- Planner identifies command palette/keyboard handling.
- Coder edits implementation.
- Tester runs typecheck and focused tests.
- Reviewer checks shortcut conflict.
- Diff review appears.
Pass criteria:
- Shortcut documented only if product UI has shortcut docs.
- No global browser/design/device side effects.
User starts a large refactor, then cancels.
Expected:
- Provider stream stops.
- Active command stops.
- No further tool events arrive after cancellation terminal event.
- Partial changes are either discarded or shown as draft requiring review.
- Session state becomes cancelled.
Pass criteria:
- No stuck spinner.
- No background command remains.
- Timeline is consistent.
Simulate app crash during pending diff review.
Expected:
- Restart app.
- Workspace restores.
- Session restores.
- Pending ChangeSet restores.
- User can accept/reject.
Pass criteria:
- No lost diff.
- No duplicate writes.
- App first meaningful paint: under 2.5s on development machine.
- Workspace shell visible after route load: under 500ms.
- Composer input latency: under 50ms.
- File tree initial cached render: under 150ms.
- File search response: under 150ms for indexed repo.
- First provider token: provider-dependent, but UI should show progress within 500ms.
- Tool card creation after tool start: under 100ms.
- Command output display after chunk: under 100ms.
- Diff card render for typical file: under 200ms.
- Zero known data-loss bugs.
- Zero unbounded memory growth in streaming.
- Zero uncaught provider errors in normal flow.
- Zero future-island tools in coding registry with default flags.
- Cancel succeeds within 2s for provider streams and commands where OS allows.
Coverage should be risk-based:
- Provider gateway: high unit and integration coverage.
- ChangeSet Manager: very high coverage.
- Command execution: high coverage.
- Context ranking: medium/high coverage plus golden tests.
- UI visual components: focused tests and visual QA.
- Future island isolation: high coverage because regressions are product-scope violations.
This section maps the specification to the current AgenticOS repository observed on 2026-07-01.
Keep:
packages/providerssrc/renderer/runtime/toolssrc/renderer/runtime/executionsrc/renderer/runtime/sessionssrc/renderer/components/workspace/timelinesrc/renderer/components/workspace/explorersrc/renderer/components/workspace/code-workspace.tsxsrc/renderer/stores/diff-store.tssrc/renderer/lib/diff-review.tssrc/main/ipcsrc/main/services/terminal-manager.tssrc/main/WorkspaceManager.ts
But each should be assigned a cleaner responsibility.
Isolate:
src/renderer/components/workspace/browsersrc/renderer/runtime/browsersrc/main/services/browser-manager.tssrc/main/services/viewport-manager.tssrc/renderer/components/workspace/design-workspace.tsx- design-related stores and tools
- future device-control files when added
These files should compile, but they should not register active coding tools.
Priority simplifications:
- Remove active dependency on Manager role configuration for first chat.
- Keep only selected provider/model in basic setup.
- Hide agent role UI under advanced settings.
- Hide memory/context dashboards under advanced settings.
- Disable plugin/MCP boot from default runtime unless configured.
- Remove bottom or embedded terminal as primary product surface.
- Replace it with command cards.
Risk areas from current shape:
RuntimeOS.initialize()starts many systems.ChatPanelhas too many responsibilities.- Provider/role setup appears too complex for first use.
- Browser and design modules exist close to workspace code.
- Diff review has multiple UI paths.
- Prompt/context/memory systems are numerous.
Mitigation is staged ownership, not random deletion.
Owns:
- CodingRuntime.
- Session state machine.
- Execution events.
- Agent orchestration.
- Tool routing.
- Cancellation.
- Repair loop.
Deliverables:
- Runtime interfaces.
- Event schema.
- Runtime smoke tests.
- Session recovery.
- Agent role protocols.
Owns:
- Provider gateway.
- Streaming normalization.
- Model abstraction.
- Provider health.
- Fallback logic.
- Token/cost accounting.
Deliverables:
- Provider facade.
- Mock provider.
- Error normalization.
- Stream tests.
- Cost estimate.
Owns:
- ContextPackBuilder.
- Repository index.
- Ranking.
- AST/symbol integration.
- Context compression.
- Repository memory.
Deliverables:
- Context pack model.
- Ranking tests.
- Source explanation UI data.
- Large repo benchmarks.
Owns:
- Electron main services.
- IPC validation.
- ShellService.
- WorkspaceService.
- GitService.
- CredentialService.
- ArtifactService.
Deliverables:
- Typed IPC results.
- Command streaming.
- Path safety.
- Secure credentials.
- Artifact storage.
Owns:
- Workspace shell.
- File tree.
- Editor.
- Command palette.
- Status bar.
- Settings.
Deliverables:
- Three-column layout.
- File tree production features.
- Monaco tabs/splits.
- Keyboard shortcuts.
- Model picker.
Owns:
- Chat timeline.
- Composer.
- Tool cards.
- Command cards.
- Diff cards.
- Error cards.
- Approval cards.
Deliverables:
- Timeline item components.
- Streaming text renderer.
- Inline command UX.
- Review UX.
- Accessibility pass.
Owns:
- Golden workflows.
- E2E tests.
- Crash recovery tests.
- Performance budgets.
- Memory leak detection.
- Security regression tests.
Deliverables:
- Golden workflow harness.
- CI test groups.
- Release checklist.
- Regression dashboard.
The team should create ADRs for major decisions:
- ADR: Coding-only active pipeline and future island isolation.
- ADR: Canonical execution event protocol.
- ADR: ChangeSet Manager as only file-write path.
- ADR: Terminal commands as chat cards, no terminal page.
- ADR: Provider gateway abstraction.
- ADR: ContextPackBuilder and prompt pipeline.
- ADR: Session checkpoint/recovery model.
- ADR: Feature flag governance.
- ADR: Security policy for commands and file writes.
- ADR: Multi-agent internal protocol.
Each ADR should contain:
- Context.
- Decision.
- Alternatives considered.
- Consequences.
- Migration strategy.
- Rollback strategy.
- Test plan.
The next phase should be broken into small, reviewable PRs.
Changes:
- Add
runtimeFeatureFlags. - Add
futureIslandRegistry. - Add tests proving default future island flags are false.
- No behavior changes except flag availability.
Acceptance:
- Typecheck passes.
- Feature flags importable from one module.
Changes:
- Tag tools by namespace:
coding,browser,design,device. - Register only coding tools by default.
- Add test preventing browser/design/device tools from default coding runtime.
Acceptance:
- Coding tools still work.
- Future tools excluded.
Changes:
- Add context source type allowlist.
- Exclude browser/design/device context by default.
- Add tests.
Acceptance:
- Context pack contains coding sources only.
Changes:
- Allow first chat with one provider/model.
- Remove Manager role setup requirement from basic flow.
- Move role routing to advanced settings.
Acceptance:
- User can add provider and send message.
Changes:
- Define event types.
- Add adapter from current execution manager.
- Update timeline store to consume canonical events.
Acceptance:
- Existing chat still streams.
- Event tests pass.
Changes:
- Add command card UI.
- Add command event model.
- Render command start/output/finish states.
Acceptance:
- Mock command events render correctly.
Changes:
- Main-process shell runner streams stdout/stderr.
- Renderer receives command events.
- Cancellation supported.
Acceptance:
npm --versioncommand appears as card.- Cancel test passes.
Changes:
- Add ChangeSet types and store.
- Add snapshot model.
- Add basic diff generation.
Acceptance:
- Mock edit produces reviewable ChangeSet.
Changes:
- Route edit/write file tools through ChangeSet Manager.
- Add pre-write snapshot.
- Add accept/reject.
Acceptance:
- Reject leaves file unchanged.
- Accept writes and snapshots.
Changes:
- Persist timeline events.
- Restore sessions.
- Mark interrupted sessions.
Acceptance:
- Restart restores conversation and pending diff.
The engineering council recommendation is decisive:
Do not delete Browser, Design, or Device Control.
Do not let them participate in the coding milestone.
Do not keep poor architecture out of nostalgia.
Do not rebuild everything in one pass.
Build a clean coding core with hard boundaries, strong state machines, typed events, safe file writes, inline command execution, stable providers, high-quality context, and a minimal premium UI.
Once coding feels excellent, the future islands can be reconnected deliberately. That path gives AgenticOS the best chance to become a true AI Agentic IDE instead of a collection of impressive but unstable prototypes.