This is not a chat UI. It is a set of tools that GitHub Copilot itself can call.
Once installed, Copilot Chat gets three new tools. They run entirely on your
machine — no API key, no network, no LLM call, no randomness. Every result is
a pure function of the input plus your local workspace, so the same input
always produces the same output. A finding is reported only when a concrete
pattern is actually present; anything that can't be proven locally is marked
UNVERIFIED rather than invented.
The verify tool runs in pure Glyph. The byte-level source scan, the
severity classification, and the final verdict are all compiled to opaque
.glyphb bytecode and executed on an embedded Glyph virtual machine — the
same bytecode, byte-for-byte, that the native Seraphina engine runs. The
JavaScript here is only the door: it hands the raw source bytes to the
bytecode and maps the emitted finding-codes back to messages. No external
service, no API key, no network.
What Copilot gets
| Tool name |
What it does |
Cost |
seraphina_verify_code |
Deterministic static review of a snippet: non-cryptographic randomness in security paths, hard-coded credentials, empty/bare exception handlers, eval/exec on dynamic input, shell=True subprocess calls, loose equality, TODO/FIXME markers. Returns SAFE / REVIEW_NOTES / NEEDS_FIXES / CRITICAL with line numbers. |
Zero — pure local |
seraphina_plan_task |
Repo-grounded implementation plan. Extracts keywords from the task, greps the real workspace, and cites file:line for every grounded fact. Unfound assumptions are flagged UNVERIFIED. |
Zero — pure local |
seraphina_repo_grep |
Fast local text/regex search across the workspace. Returns file:line: context. |
Zero — pure local |
How Copilot invokes them
In Copilot Chat the user can either:
- Let Copilot decide — for sufficiently big tasks Copilot picks the tool itself.
- Reference explicitly with
#seraphinaVerify, #seraphinaPlan, or #seraphinaGrep.
Why deterministic
- No hallucination surface. The verifier only reports patterns it literally
matched in the supplied text. The planner only states facts it can cite from
a real file in the workspace.
- Reproducible. Re-running a tool on unchanged input yields a byte-identical
result — useful for review, auditing, and CI.
- Private. Nothing leaves your machine. There is no endpoint to configure
and no key to store.
- Glyph-backed. The verifier's scan, classification, and verdict are a
compiled Glyph program. The embedded JS engine is proven byte-faithful to the
reference Glyph VM by a cross-engine parity test on real source, so the
published extension genuinely runs Glyph — not a JS imitation.
Settings
| Setting |
Default |
Notes |
seraphinaGlyph.repoGrep.maxFiles |
50 |
Truncates after N files with hits |
seraphinaGlyph.repoGrep.maxHitsPerFile |
20 |
|
Build from source
npm install
npm run compile
npm run package
code --install-extension seraphina-glyph-planner-0.4.0.vsix
License
Free to use (including commercially) and to redistribute unmodified, but not
to modify, fork, or reverse-engineer. Source-available, not open-source — see
LICENSE.
