SDLC Orchestrator VS Code Extension

Version: 1.7.1 Status: GA (General Availability) Framework: SDLC 6.0.6 (7-Pillar + AI Governance Principles) Sprint: 174 - Anthropic Best Practices Integration Last Updated: February 16, 2026

Gate status monitoring, AI-powered code generation, and compliance assistance directly in VS Code. Part of the SDLC Orchestrator governance platform - the Operating System for Software 3.0.

What's New in 1.7.0 (Sprint 174)

Anthropic Best Practices Integration

SDLC 6.0.6 Framework: Full alignment with 7-Pillar Architecture + AI Governance Principles
Context Cache Awareness: Extension recognizes new sdlcctl cache commands (stats, clear, warm)
MCP Client Integration: Backend MCP service support (AsyncExitStack + SSE transport)
Version Sync: Synchronized with sdlcctl CLI v1.8.0

Framework-First Compliance

All framework references updated from 6.0.5 to 6.0.6
Spec validation aligned with Section 8 Specification Standard
CLAUDE.md PRO tier awareness for project onboarding

What's New in 1.6.x (Sprints 147-173)

v1.6.3 (Sprint 172)

Gate Status Fix: Resolved cold-start hydration issues
Project Auto-Detection: Improved workspace detection reliability
Ownership Transfer: Design support for project ownership changes

v1.6.2 (Sprint 172)

Project Init Fix: Existing project initialization now correctly registers with backend
Marketplace Release: Published to VS Code Marketplace

v1.6.1 (Sprint 147)

Gate URL Fix: Fixed 404 error by adding /app prefix to gate URLs
Codebase Cleanup: Sprint 147 Spring Cleaning alignment

What's New in 1.5.0 (Sprint 139)

E2E Testing Commands (RFC-SDLC-602)

E2E Validate (Cmd+Shift+E): Validate E2E testing compliance with CLI integration
E2E Cross-Reference: Validate Stage 03 ↔ Stage 05 bidirectional links
E2E Initialize: Create E2E testing folder structure in Stage 05
E2E Validate with Options: Advanced validation with custom pass rate threshold
Show E2E Results: View detailed validation results in tree view

New Backend API Endpoints

POST /api/v1/cross-reference/validate: Full cross-reference validation
GET /api/v1/cross-reference/coverage/{id}: Quick coverage check
GET /api/v1/cross-reference/missing-tests/{id}: Get missing test endpoints
GET /api/v1/cross-reference/ssot-check/{id}: SSOT compliance check

SSOT Enforcement

Validates openapi.json exists only in Stage 03
Detects duplicate OpenAPI files in Stage 05 or other folders
Reports violations with actionable fix suggestions

CLI Integration (Zero Mock Policy)

Real sdlcctl e2e validate execution via Extension
Falls back to local validation when CLI unavailable
JSON output parsing for structured results

Previous Releases

1.4.0 (Sprint 138) - E2E API Testing

Framework 6.0.6: RFC-SDLC-602 E2E API Testing Enhancement
E2E API Testing Workflow: 6-phase standardized testing process awareness
Stage Cross-Reference: Stage 03 ↔ Stage 05 bidirectional traceability
OWASP API Top 10: Security checklist integration ready
Version Sync: Synchronized with sdlcctl CLI v1.4.0
4 New Evidence Types: e2e_test_report, security_test_report, api_coverage_report, cross_reference_validation

1.3.0 (Sprint 136) - Stage Consistency

SPEC-0021: Stage Consistency Validation support
Extension recognizes sdlcctl validate-consistency command
Cross-stage consistency: Stage 01 ↔ 02, Stage 02 ↔ 03, Stage 03 ↔ 04, Stage 01 ↔ 04

1.2.0 (Sprint 127) - Multi-Frontend Alignment

Specification Validation: YAML frontmatter validation (SPEC-0002 compliant)
BDD Requirements: GIVEN-WHEN-THEN validation support
Tier-Specific Sections: LITE/STANDARD/PROFESSIONAL/ENTERPRISE validation
Extension Parity: 67% → 89% feature parity (+22 points)

Key Features

App Builder

Blueprint Editor: Visual tree view for building AppBlueprint specifications
Module Management: Add/remove modules with entity definitions
Domain Templates: Pre-built templates for Vietnamese SME (Restaurant, Hotel, Retail, HRM, CRM)
Real-time Validation: Immediate feedback on blueprint structure

Code Generation

IR-Based Generation: Deterministic output via Intermediate Representation
Multi-Provider: Ollama (primary) -> Claude (fallback) -> Rule-based
4-Gate Quality Pipeline: Syntax -> Security -> Context -> Tests
SSE Streaming: Real-time progress with file-by-file updates
Resume Capability: Checkpoint-based recovery for failed generations

Contract Lock

Specification Immutability: Lock blueprints before code generation
SHA256 Hash Verification: Cryptographic integrity checking
Audit Trail: Full history of lock/unlock operations
Auto-Expiry: Orphaned locks expire after 1 hour

View G0-G5 gate progress in real-time
See evidence count and approval status
Auto-refresh every 30 seconds
Click to open gates in browser
Progress percentage visualization
Gate approval/rejection actions directly from sidebar

Context Overlay Panel

Dynamic context based on current gate status
Copy context as PR comment
Stage-aware guidance for AI assistants

Inline AI Chat (@gate)

Use Copilot-style commands in VS Code Chat:

@gate /status      - Show current gate status (G0-G5)
@gate /evaluate    - Run compliance evaluation, show violations
@gate /fix <id>    - Get AI recommendation for a violation
@gate /council <id> - Use AI Council 3-stage deliberation

Specification Validation (SDLC 6.0.6)

YAML Frontmatter: Validate spec metadata (tier, status, version)
BDD Requirements: GIVEN-WHEN-THEN format checking
Tier Validation: LITE/STANDARD/PROFESSIONAL/ENTERPRISE compliance
Auto-validate on Save: Optional setting for continuous validation

Violations Panel

View compliance violations grouped by severity (Critical, High, Medium, Low)
Quick actions to get AI recommendations
Navigate to file locations
Filter by status (open, resolved)

Projects Panel

List all projects you have access to
Quick project selection
View compliance scores
See current gate status
Auto-detection from workspace

Evidence Submission

Submit evidence directly from VS Code
Attach files to quality gates
Track evidence lifecycle

GitHub Integration

Connect/disconnect GitHub repositories
Sync repository metadata
Scan repositories for compliance

Offline Mode Support

Automatic cache fallback when network unavailable
Stale-while-revalidate pattern for smooth UX
Visual indicator when using cached data
Graceful degradation with user-friendly messages

Installation

From VS Code Marketplace

Open VS Code Extensions (Ctrl+Shift+X)
Search for "SDLC Orchestrator"
Click Install

From CLI

code --install-extension mtsolution.sdlc-orchestrator

From VSIX (Development)

Download the latest .vsix file from releases
In VS Code, open Command Palette (Cmd+Shift+P / Ctrl+Shift+P)
Run "Extensions: Install from VSIX..."
Select the downloaded file

Quick Start

Install the extension
Create API Key (Recommended):
- Go to SDLC Orchestrator Dashboard → Settings → API Keys
- Click "Create New API Key"
- Copy the key (starts with sdlc_live_)
Login using Command Palette > "SDLC: Login"
- Select "API Token" (Recommended - Never expires)
- Paste your API key
Select Project using Command Palette > "SDLC: Select Project"
View Gates in the SDLC sidebar

Why API Key? Unlike email/password (JWT expires after 8 hours), API keys never expire until you revoke them - perfect for development tools!

Generate Code:
- Open App Builder: "SDLC: Open App Builder"
- Create a blueprint with modules and entities
- Lock the specification: "SDLC: Lock Contract Spec"
- Generate code: "SDLC: Generate from Blueprint"

Commands

Command	Keybinding	Description
SDLC: Refresh Gate Status	Cmd+Shift+R	Refresh all views
SDLC: Select Project	-	Choose project to monitor
SDLC: Login	-	Login to SDLC Orchestrator
SDLC: Logout	-	Logout and clear tokens
SDLC: Initialize SDLC Project	Cmd+Shift+I	Initialize project structure
SDLC: Open App Builder	Cmd+Shift+B	Open blueprint editor
SDLC: Generate from Blueprint	Cmd+Shift+G	Start code generation
SDLC: Magic Mode	Cmd+Shift+M	Natural language to code
SDLC: Lock Contract Spec	Cmd+Shift+L	Lock blueprint for generation
SDLC: Unlock Contract Spec	-	Unlock blueprint for editing
SDLC: Preview Generated Code	Cmd+Alt+P	Preview with QR code
SDLC: Resume Failed Generation	-	Resume from checkpoint
SDLC: Validate Specification	Cmd+Shift+V	Validate spec (SDLC 6.0.6)
SDLC: Approve Gate	-	Approve a quality gate
SDLC: Reject Gate	-	Reject a quality gate
SDLC: Submit Evidence	-	Submit evidence to gate
SDLC: Connect GitHub	-	Connect GitHub repository
SDLC: Check SSOT Compliance	-	Check Single Source of Truth
E2E: Validate Testing Compliance	Cmd+Shift+E	Validate E2E testing with CLI
E2E: Validate Cross-References	-	Validate Stage 03 ↔ 05 links
E2E: Initialize Testing Structure	-	Create E2E folder structure
E2E: Validate with Options	-	Advanced validation with options
E2E: Show Validation Results	-	View detailed E2E results

Configuration

Setting	Default	Description
`sdlc.apiUrl`	`https://sdlc.nhatquangholding.com`	Backend API URL
`sdlc.autoRefreshInterval`	`30`	Auto-refresh interval (seconds)
`sdlc.defaultProjectId`	``	(Optional) Manual project UUID - auto-detected from workspace if not set
`sdlc.enableNotifications`	`true`	Show gate status notifications
`sdlc.aiCouncilEnabled`	`true`	Enable AI Council for critical violations
`sdlc.showViolationBadge`	`true`	Show violation count in activity bar
`sdlc.validateSpecOnSave`	`false`	Auto-validate spec files on save (SDLC 6.0.6)
`sdlc.defaultSpecTier`	`PROFESSIONAL`	Default tier for spec validation (LITE/STANDARD/PROFESSIONAL/ENTERPRISE)
`sdlc.showProjectsPanel`	`false`	Always show Projects panel (auto-hidden when project detected)

Requirements

VS Code 1.80.0 or higher
SDLC Orchestrator backend running (v1.7.0+)
Valid API token or GitHub OAuth

Architecture

src/
├── extension.ts                # Main entry point, activation (32KB)
├── commands/
│   ├── appBuilderCommand.ts    # Blueprint editor commands
│   ├── connectGithubCommand.ts # GitHub integration
│   ├── e2eCrossRefCommand.ts   # Cross-reference validation (Sprint 139)
│   ├── e2eValidateCommand.ts   # E2E validation with CLI (Sprint 139)
│   ├── evidenceSubmissionCommand.ts # Evidence upload
│   ├── gateApprovalCommand.ts  # Gate approve/reject
│   ├── generateCommand.ts      # Code generation commands
│   ├── initCommand.ts          # SDLC project initialization
│   ├── lockCommand.ts          # Contract lock/unlock
│   ├── magicCommand.ts         # Natural language mode
│   ├── previewCommand.ts       # Code preview with QR
│   ├── resumeCommand.ts        # Resume failed generation
│   └── specValidationCommand.ts # Spec validation (SDLC 6.0.6)
├── services/
│   ├── apiClient.ts            # Backend API client (axios-based)
│   ├── authService.ts          # JWT token management, OAuth flow
│   ├── cacheService.ts         # Offline cache with TTL
│   ├── codegenApi.ts           # Code generation API client
│   ├── fileService.ts          # File system operations
│   ├── projectDetector.ts      # Workspace project auto-detection
│   ├── sdlcStructureService.ts # SDLC folder structure service
│   ├── sseClient.ts            # Server-Sent Events client
│   └── telemetryService.ts     # Usage telemetry
├── panels/
│   ├── appBuilderPanel.ts      # Blueprint editor webview
│   └── generationPanel.ts      # Real-time generation view
├── providers/
│   └── blueprintProvider.ts    # Blueprint tree data provider
├── views/
│   ├── complianceChat.ts       # Chat participant (@gate)
│   ├── contextPanel.ts         # Context Overlay panel
│   ├── gateStatusView.ts       # Gate sidebar TreeDataProvider
│   ├── projectsView.ts         # Projects TreeDataProvider
│   ├── streamingStatusBar.ts   # SSE streaming status bar
│   └── violationsView.ts       # Violations TreeDataProvider
├── validation/
│   └── ssotValidator.ts        # SSOT compliance validator
├── types/
│   ├── codegen.ts              # Type definitions for codegen
│   └── evidence.ts             # E2E evidence types (RFC-SDLC-602)
├── utils/
│   ├── config.ts               # Configuration manager
│   ├── errors.ts               # Error classification & handling
│   └── logger.ts               # Structured logging
└── test/
    └── suite/
        ├── apiClient.test.ts
        ├── authService.test.ts
        ├── cacheService.test.ts
        ├── codegenApi.test.ts
        ├── complianceChat.test.ts
        ├── contextPanel.test.ts
        ├── e2eValidation.test.ts
        ├── errorHandling.test.ts
        ├── errors.test.ts
        ├── gateStatusView.test.ts
        ├── github.test.ts
        ├── offlineMode.test.ts
        ├── projectsView.test.ts
        ├── specValidation.test.ts
        ├── streaming.test.ts
        └── violationsView.test.ts

Development

Prerequisites

Node.js 18+
npm 9+
VS Code 1.80+

Setup

cd vscode-extension
npm install
npm run compile

Watch Mode

npm run watch

Package Extension

npm run package
# Creates sdlc-orchestrator-1.7.1.vsix

Run Tests

npm run test

Debug in VS Code

Open vscode-extension folder in VS Code
Press F5 to launch Extension Development Host
The extension will be loaded in a new VS Code window

Cache Strategy

Data Type	TTL	Description
Projects	10 min	List of all projects
Gates	2 min	Gate status (frequently updated)
Violations	2 min	Compliance violations
Sessions	5 min	Onboarding sessions
Blueprints	10 min	App blueprints

Troubleshooting

Connection Refused

Ensure SDLC Orchestrator backend is running
Check sdlc.apiUrl configuration
Verify firewall/proxy settings

Token Expired

Run "SDLC: Logout" then "SDLC: Login"
Check token expiration in dashboard
Use API Token instead of email/password for long-lived sessions

Generation Failed

Check if blueprint is locked: "SDLC: Lock Contract Spec"
Verify backend AI providers are available
Try "SDLC: Resume Failed Generation" if checkpoint exists

Lock Expired

Locks auto-expire after 1 hour of inactivity
Re-lock the specification before generation

Gate URL 404 Error

Ensure backend v1.6.1+ is running (gate URL prefix fix)
Check sdlc.apiUrl points to correct backend

License

Apache-2.0

Support

GitHub Issues: https://github.com/Minh-Tam-Solution/SDLC-Orchestrator/issues
Documentation: https://docs.sdlc-orchestrator.dev
VS Code Marketplace: https://marketplace.visualstudio.com/items?itemName=mtsolution.sdlc-orchestrator

SDLC Orchestrator

Minh Tam Solution