Continue PR #14: Restore organization features and fix security issues

[Copilot]

PR #14 implementation was incomplete—missing critical files (searchUI, tagManager, tagInputUI) and had unresolved security/correctness issues from code review.

Restored Features

Tags System

• Restored tagManager.ts, tagInputUI.ts, tagTypes.ts
• 7 predefined categories (TODO, FIXME, QUESTION, NOTE, BUG, IMPROVEMENT, REVIEW) + custom tags
• Tag normalization for case-insensitive filtering across all comparison points

Search Interface

• Restored searchUI.ts with QuickPick UI
• Full-text search with regex, multi-filter (author/date/file/tags), search history
• Fixed filter action bug: changed generic clearFilters to specific actions (filterByAuthor, filterByDate, etc.)

Sidebar Enhancements

• Restored noteTreeItem.ts with proper tree item hierarchy
• Tag filtering with AND/OR logic in notesSidebarProvider.ts

Security Fixes

Keybinding Conflict

// Before: shadows VS Code's Find in Files
"key": "ctrl+shift+f"

// After: non-conflicting chord
"key": "ctrl+alt+shift+f"

Tooltip Injection Prevention

// Before: allows command-URI injection
tooltip.isTrusted = true;
tooltip.supportHtml = true;
tooltip.appendMarkdown(note.content);

// After: safe text rendering
tooltip.isTrusted = false;
tooltip.appendText(note.content);

Error Handling

// Wrapped dynamic import in try-catch with fallback to empty tags
try {
  const { TagInputUI } = await import('./tagInputUI.js');
  tags = await TagInputUI.showTagInput(undefined, allNotes);
} catch (e) {
  console.error('Failed to load tag input UI:', e);
  tags = []; // Proceed without tags instead of failing
}

Bug Fixes

• Preview length calculation: Added Math.max(MIN_PREVIEW_LENGTH, maxLength - tagsDisplay.length) guard against negative lengths when tags are long
• Tag duplicate prevention: Exact normalized comparison instead of substring matching (includes())
• ESM imports: Added .js extensions for Node ESM resolution

Integration

• Updated extension.ts: background search indexing, command registration
• Updated package.json: commands, keybindings, menus
• Updated commentController.ts, noteManager.ts: tag support in create/update flows
• Updated codeLensProvider.ts: tag display in previews

Validation

• CodeQL: 0 vulnerabilities
• Build: Success with esbuild production mode

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
code-context-notes	Ready	Preview, Comment	Feb 2, 2026 11:18am