Copilot

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,5 +1,5 @@
 name: Bug Report
-description: Report a reproducible problem in Scalytics Connect
+description: Report a reproducible problem in Scalytics Copilot
 title: "[Bug]: "
 labels: ["bug"]
 body:

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,42 @@
+name: "CodeQL Analysis"
+
+on:
+  push:
+    branches: [ "main", "copilot-chore" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '30 1 * * 1' # Every Monday at 01:30
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript', 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you want to use custom queries, add them here:
+        # queries: security-extended,security-and-quality
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{ matrix.language }}"

.gitignore

@@ -84,3 +84,4 @@ venv.bak/
 .coverage
 htmlcov/
 .ipynb_checkpoints
+.tmp/

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-# Contributing to Scalytics Connect
+# Contributing to Scalytics Copilot
 
 Thanks for contributing. This document defines the expected workflow for issues, changes, and pull requests.
 
@@ -47,18 +47,26 @@ npm start
 ## Coding Standards
 
 - Follow existing project patterns in `src/`, `frontend/`, and `scripts/`.
-- Run lint and tests before opening a PR:
+- **Pre-Commit Check:** We use a standardized validation script to ensure code quality and security. Run this command locally before pushing or opening a PR:
 
 ```bash
-npm run lint
-npm test -- --runInBand --passWithNoTests
-cd frontend && npm run build
+npm run commit-check
 ```
 
-- For Python changes, ensure code compiles:
+This script performs:
+1.  **Backend Tests:** Runs Jest unit and integrity tests.
+2.  **Frontend Validation:** Runs linting (`eslint`) and smoke tests.
+3.  **Python Sanity:** Compiles all Python services to detect syntax errors.
+4.  **Security Audit:** Scans dependencies for known vulnerabilities.
+5.  **Local CodeQL:** (Optional) Performs deep static analysis if the `codeql` CLI is installed.
 
+### Local CodeQL (Deep Analysis)
+
+For deep security analysis mirroring our CI, we recommend installing the [CodeQL CLI](https://github.com/github/codeql-cli-binaries/releases). If found in your `PATH`, `commit-check` will automatically run it and output results to `.tmp/codeql/`.
+
+If you need to increase memory for a local run:
 ```bash
-python -m compileall scripts src/python_services
+CODEQL_JS_RAM_MB=8192 npm run commit-check
 ```
 
 ## Pull Request Process

NOTICE

@@ -1,4 +1,4 @@
-ScalyticsConnect
+ScalyticsCopilot
 Copyright 2024-present Scalytics, Inc. (https://www.scalytics.io)
 
 This product includes software developed by Scalytics, Inc.

README.md

@@ -1,14 +1,14 @@
-# Scalytics Connect
+# Scalytics Copilot
 
-[![CI](https://github.com/scalytics/ScalyticsConnect/actions/workflows/ci.yml/badge.svg)](https://github.com/scalytics/ScalyticsConnect/actions/workflows/ci.yml) [![Secrets Scan](https://github.com/scalytics/ScalyticsConnect/actions/workflows/secrets-scan.yml/badge.svg)](https://github.com/scalytics/ScalyticsConnect/actions/workflows/secrets-scan.yml)
+[![CI](https://github.com/scalytics/ScalyticsCopilot/actions/workflows/ci.yml/badge.svg)](https://github.com/scalytics/ScalyticsCopilot/actions/workflows/ci.yml) [![Secrets Scan](https://github.com/scalytics/ScalyticsCopilot/actions/workflows/secrets-scan.yml/badge.svg)](https://github.com/scalytics/ScalyticsCopilot/actions/workflows/secrets-scan.yml)
 
-Scalytics Connect is a private AI operations platform for organizations that need governance, deployment control, and auditability for GenAI workloads.
+Scalytics Copilot is a private AI operations platform for organizations that need governance, deployment control, and auditability for GenAI workloads.
 
 Built by [Scalytics](https://www.scalytics.io), it is designed for teams that cannot rely on unmanaged black-box AI tooling.
 
 ## The Niche We Serve
 
-Most AI chat stacks optimize for speed-to-demo. Scalytics Connect optimizes for production control:
+Most AI chat stacks optimize for speed-to-demo. Scalytics Copilot optimizes for production control:
 
 - data locality and controlled model access
 - role-based permissions and policy enforcement
@@ -17,7 +17,7 @@ Most AI chat stacks optimize for speed-to-demo. Scalytics Connect optimizes for
 
 ## For Enterprise Teams
 
-Use Scalytics Connect when you need:
+Use Scalytics Copilot when you need:
 
 - governed AI operations across departments
 - user/group/permission controls at model and provider level

docs/admin/content-filtering-guide.md

@@ -1,6 +1,6 @@
 # Content Filtering Guide (Admin)
 
-This guide explains how administrators can configure and manage the Content Filtering system within Scalytics Connect to prevent the leakage of sensitive information in AI responses.
+This guide explains how administrators can configure and manage the Content Filtering system within Scalytics Copilot to prevent the leakage of sensitive information in AI responses.
 
 ## Overview
 

docs/admin/huggingface-setup.md

@@ -21,7 +21,7 @@ If you don't already have one, create an account on [huggingface.co](https://hug
 2.  Go to your **Settings** page by clicking on your profile picture in the top-right corner.
 3.  In the left sidebar, navigate to **Access Tokens**.
 4.  Click the **"New token"** button.
-5.  Give your token a descriptive name (e.g., "Scalytics Connect Access").
+5.  Give your token a descriptive name (e.g., "Scalytics Copilot Access").
 6.  Assign it the **`read`** role. The `write` role is not necessary for downloading models.
 7.  **Important**: In the token's **fine-grained permissions**, ensure the following are enabled:
     - ✅ **"Read access to public gated repositories"** - Required for downloading gated models
@@ -44,7 +44,7 @@ These permissions allow the system to:
 ### Step 4: Use the Token in the Application
 
 1.  Copy the generated token immediately. For security reasons, you will not be able to see it again.
-2.  In the Scalytics Connect admin panel, go to the **Admin -> Models -> Hugging Face** page.
+2.  In the Scalytics Copilot admin panel, go to the **Admin -> Models -> Hugging Face** page.
 3.  You will see a **"Hugging Face Hub Login"** section.
 4.  Paste your copied token into the input field and click **"Login"**.
 

docs/admin/local-model-optimization.md

@@ -4,7 +4,7 @@ This comprehensive reference provides enterprise-grade configuration parameters
 
 ## Introduction to vLLM-Powered Inference
 
-Scalytics Connect now uses **vLLM** (Very Fast LLM) as the unified inference engine for all local models. vLLM provides state-of-the-art serving throughput with dynamic batching, optimized attention mechanisms, and efficient memory management. All models are downloaded in PyTorch format from HuggingFace and automatically optimized by vLLM.
+Scalytics Copilot now uses **vLLM** (Very Fast LLM) as the unified inference engine for all local models. vLLM provides state-of-the-art serving throughput with dynamic batching, optimized attention mechanisms, and efficient memory management. All models are downloaded in PyTorch format from HuggingFace and automatically optimized by vLLM.
 
 ## Key vLLM Advantages
 
@@ -24,7 +24,7 @@ Scalytics Connect now uses **vLLM** (Very Fast LLM) as the unified inference eng
 
 ## Default Inference Parameters
 
-Scalytics Connect uses the following optimized default parameters for vLLM inference:
+Scalytics Copilot uses the following optimized default parameters for vLLM inference:
 
 | Parameter | Default Value | Description |
 |-----------|--------------|-------------|

docs/admin/oauth-integration-guide.md

@@ -1,10 +1,10 @@
 # OAuth Integration Guide
 
-This guide covers the OAuth integration features of Scalytics Connect, including security considerations for administrators.
+This guide covers the OAuth integration features of Scalytics Copilot, including security considerations for administrators.
 
 ## Overview
 
-Scalytics Connect supports OAuth integration with several identity providers to enable single sign-on (SSO) functionality. When enabled, users can authenticate using their accounts from supported providers such as GitHub, Google, Microsoft, Azure AD, or Okta.
+Scalytics Copilot supports OAuth integration with several identity providers to enable single sign-on (SSO) functionality. When enabled, users can authenticate using their accounts from supported providers such as GitHub, Google, Microsoft, Azure AD, or Okta.
 
 ## Supported Providers
 
@@ -89,5 +89,5 @@ If you encounter issues with OAuth:
 
 ## Related Documentation
 
-- [Scalytics Connect Agent Administration](./scalytics-connect-agent-administration.md)
+- [Scalytics Copilot Agent Administration](./scalytics-copilot-agent-administration.md)
 - [External API Integrations](../developer/api-integration.md) (if available)

docs/admin/prompt-controls.md

@@ -41,7 +41,7 @@ This approach allows administrators to establish mandatory final guidelines via
 
 ## Context Window Management
 
-To prevent errors and ensure reliable responses, Scalytics Connect automatically manages the conversation history to fit within the selected AI model's context window limit. This involves several steps, primarily handled by the Inference Router service (`src/services/inferenceRouter.js`).
+To prevent errors and ensure reliable responses, Scalytics Copilot automatically manages the conversation history to fit within the selected AI model's context window limit. This involves several steps, primarily handled by the Inference Router service (`src/services/inferenceRouter.js`).
 
 ### Overview
 

docs/admin/scalytics-api-guide.md

@@ -4,7 +4,7 @@ This guide explains how administrators can manage the Scalytics API feature, whi
 
 ## Feature Overview
 
-The Scalytics API allows users to generate API keys that can be used to authenticate requests against the `/v1/chat/completions` endpoint. This enables integration with development tools, scripts, or other applications that support the OpenAI API format, but restricts usage to the local models hosted within this Scalytics Connect instance.
+The Scalytics API allows users to generate API keys that can be used to authenticate requests against the `/v1/chat/completions` endpoint. This enables integration with development tools, scripts, or other applications that support the OpenAI API format, but restricts usage to the local models hosted within this Scalytics Copilot instance.
 
 ## Concurrency and Model Selection
 
@@ -45,15 +45,15 @@ While users generate their own Scalytics API keys via their personal settings pa
 *   **Key Security:** Remind users that Scalytics API keys should be treated like passwords and kept confidential. Deleting a user's key is the way to revoke their specific access.
 *   **Rate Limiting:** Monitor overall API usage patterns (e.g., via logs or system monitoring) and adjust the global rate limits as necessary to balance usability and protect server resources.
 *   **Global Toggle:** Use the global disable switch when the API feature needs to be temporarily or permanently deactivated for maintenance or security reasons.
-*   **System Prompts:** Note that the Scalytics API endpoint (`/v1/chat/completions`) does **not** automatically apply any system prompts or profiles configured for the local model within the main Scalytics Connect UI. For API usage, any desired system prompt must be explicitly included by the client application as the first message in the `messages` array with `role: "system"`. This ensures compatibility with standard OpenAI client behavior.
+*   **System Prompts:** Note that the Scalytics API endpoint (`/v1/chat/completions`) does **not** automatically apply any system prompts or profiles configured for the local model within the main Scalytics Copilot UI. For API usage, any desired system prompt must be explicitly included by the client application as the first message in the `messages` array with `role: "system"`. This ensures compatibility with standard OpenAI client behavior.
 
 ## Connecting to a Remote Scalytics Instance
 
-You can configure this Scalytics Connect instance to use the models hosted on *another* Scalytics Connect instance. This is achieved by treating the remote instance's Scalytics API as an external provider and using a Global API Key.
+You can configure this Scalytics Copilot instance to use the models hosted on *another* Scalytics Copilot instance. This is achieved by treating the remote instance's Scalytics API as an external provider and using a Global API Key.
 
 **Prerequisites:**
 
-*   Access to the *remote* Scalytics Connect instance.
+*   Access to the *remote* Scalytics Copilot instance.
 *   An API key generated on the *remote* instance (via Settings -> API Keys -> Generate Scalytics API Key).
 *   The base URL of the *remote* instance (e.g., `https://remote-scalytics.yourcompany.com`).
 

docs/admin/scalytics-connect-agent-administration.md → docs/admin/scalytics-copilot-agent-administration.md

@@ -1,10 +1,10 @@
-# Scalytics Connect Agent Administration Guide
+# Scalytics Copilot Agent Administration Guide
 
-This guide is intended for system administrators responsible for configuring, managing, and monitoring the Scalytics Connect Agent system.
+This guide is intended for system administrators responsible for configuring, managing, and monitoring the Scalytics Copilot Agent system.
 
 ## Overview
 
-The Scalytics Connect Agent system provides AI agent capabilities to your users through a WebSocket-based communication protocol. As an administrator, you'll be responsible for:
+The Scalytics Copilot Agent system provides AI agent capabilities to your users through a WebSocket-based communication protocol. As an administrator, you'll be responsible for:
 
 1. Configuring available agent types
 2. Managing tool permissions
@@ -13,7 +13,7 @@ The Scalytics Connect Agent system provides AI agent capabilities to your users
 
 ## System Requirements
 
-The Scalytics Connect Agent system relies on the following components:
+The Scalytics Copilot Agent system relies on the following components:
 
 - Node.js server with WebSocket support
 - Database for agent state persistence
@@ -59,7 +59,7 @@ Tools are configured in `config/tools.json`. Each tool requires:
 
 ### Permission Levels
 
-The Scalytics Connect Agent system uses the following permission levels:
+The Scalytics Copilot Agent system uses the following permission levels:
 
 | Level | Description | Approval Required | Example Tools |
 |-------|-------------|-------------------|--------------|
@@ -88,7 +88,7 @@ Example PM2 configuration:
 ```json
 {
   "apps": [{
-    "name": "scalytics-connect-agent-server",
+    "name": "scalytics-copilot-agent-server",
     "script": "server.js",
     "instances": "max",
     "exec_mode": "cluster",
@@ -137,7 +137,7 @@ http {
 
 ### Assigning Agent Access
 
-Control which users have access to which agents through the Scalytics Connect Admin panel:
+Control which users have access to which agents through the Scalytics Copilot Admin panel:
 
 1. Navigate to Admin > User Management
 2. Select a user
@@ -240,12 +240,12 @@ All agent activities are logged for security and troubleshooting:
 
 ### Log Analysis
 
-The Scalytics Connect Agent system writes logs to the following locations:
+The Scalytics Copilot Agent system writes logs to the following locations:
 
-- **Application logs**: `/var/log/scalyticsconnect/application.log`
-- **WebSocket logs**: `/var/log/scalyticsconnect/websocket.log`
-- **Agent logs**: `/var/log/scalyticsconnect/agents.log`
-- **Error logs**: `/var/log/scalyticsconnect/error.log`
+- **Application logs**: `/var/log/scalyticscopilot/application.log`
+- **WebSocket logs**: `/var/log/scalyticscopilot/websocket.log`
+- **Agent logs**: `/var/log/scalyticscopilot/agents.log`
+- **Error logs**: `/var/log/scalyticscopilot/error.log`
 
 Use the log viewer in Admin > System > Logs for filtering and analysis.
 
@@ -281,7 +281,7 @@ Consider the following for data privacy:
 
 ### Updates
 
-When updating the Scalytics Connect Agent system:
+When updating the Scalytics Copilot Agent system:
 
 1. Review the changelog for breaking changes
 2. Backup configuration files
@@ -308,5 +308,5 @@ Recovery procedure:
 ## Support Resources
 
 - **Documentation**: `/docs/admin/agent-administration.md`
-- **Knowledge Base**: Internal support portal > Scalytics Connect Agents
-- **Support Contact**: support@scalyticsconnect.example.com or internal ticket system
+- **Knowledge Base**: Internal support portal > Scalytics Copilot Agents
+- **Support Contact**: support@scalyticscopilot.example.com or internal ticket system

docs/admin/scalytics-deep-search-guide.md

@@ -42,7 +42,7 @@ Deep Search requires a locally hosted text embedding model to convert text chunk
 1.  Navigate to **Admin Panel -> Models**.
 2.  Locate the downloaded local embedding model you wish to use (it will be marked with a purple icon and "Local Embedding" type).
 3.  If the model is not the current default (Status will be "Inactive (Not Preferred)"), click the **"Set as System Embedding Model"** button (checkmark icon) in the Actions column.
-4.  **Important:** After setting a new preferred embedding model, you **must restart the Scalytics Connect server** for the change to take effect and the new model to be loaded by the embedding worker.
+4.  **Important:** After setting a new preferred embedding model, you **must restart the Scalytics Copilot server** for the change to take effect and the new model to be loaded by the embedding worker.
 
 **d) CRITICAL WARNING: Changing the Embedding Model Post-Initialization**
 
@@ -85,7 +85,7 @@ By default, Deep Search is optimized for English queries. However, it can be con
     *   Open the `src/python_services/deep_search_service/config.py` file.
     *   Locate the `DEEP_SEARCH_EMBEDDING_MODEL_IS_MULTILINGUAL` setting.
     *   Change its value from `False` to `True`.
-    *   Save the file and restart the Scalytics Connect server for the change to take effect.
+    *   Save the file and restart the Scalytics Copilot server for the change to take effect.
 
 ## 3. Configuring Search Providers
 

docs/developer/dependency-upgrade-plan.md

@@ -1,7 +1,7 @@
 # Dependency Upgrade Plan
 
 ## Goal
-Keep ScalyticsConnect secure and maintainable while minimizing regression risk.
+Keep ScalyticsCopilot secure and maintainable while minimizing regression risk.
 
 ## Principles
 - Upgrade in small batches, not all-at-once.