feat(cli): Add squad loop command — prompt-driven continuous work loop (#761)

[bradygaster]

Summary

Adds the squad loop command — a prompt-driven continuous work loop that reads a loop.md file and runs it on a configurable interval, no GitHub issues required.

What's included

Core implementation (loop.ts)

• parseLoopFile — YAML frontmatter parser (no yaml dependency) with configured: true safety gate
• generateLoopFile — boilerplate scaffold for --init
• runLoop — main loop with setInterval, SIGINT/SIGTERM graceful shutdown (kills in-flight child process on Ctrl+C), capability phase runner
• timeoutMinutes validated as a positive number (same guard as interval)
• FSStorageProvider initialized after all import declarations

CLI entry (cli-entry.ts)

• Full --help output with examples
• --init to scaffold a loop.md (path resolved via path.resolve for correct cross-platform handling)
• --file, --interval, --timeout, --copilot-flags, --agent-cmd
• All capability flags (--self-pull, --monitor-email, --monitor-teams, etc.)

Template

• templates/loop.md — well-documented boilerplate with guidance

Tests (test/cli/loop.test.ts)

• 21 unit tests covering parseLoopFile and generateLoopFile
• Frontmatter parsing, defaults, edge cases, round-trip validation

Docs

• docs/src/content/docs/features/loop.md — full feature guide (interval default corrected to 10 minutes throughout)
• Updated docs/src/content/docs/reference/cli.md with loop reference (interval default corrected to 10 minutes)

Changeset

• Minor bump for @bradygaster/squad-cli

Design decisions

• Reuses the watch capability system (pre-scan + housekeeping) but skips core triage — the prompt IS the work driver
• Frontmatter configured: true required as a safety gate (prevents accidental loops)
• Simple regex-based YAML parsing (no external dependency)
• Same shutdown pattern as watch (setInterval + signal handlers); graceful shutdown now kills any in-flight execFile child process immediately
• Teams communication adapter removed from this PR — ships separately with proper tests, lazy-loading, and security review

How to use

squad loop --init          # generate boilerplate loop.md
# Edit loop.md, set configured: true
squad loop                 # run the loop
squad loop --monitor-email # with email monitoring

---

⚠️ Ready for insiders release.

[Copilot]

Pull request overview

Adds a new squad loop CLI command that runs a prompt-driven continuous work loop from loop.md, plus supporting docs/tests/templates, and extends the SDK communications layer with a Teams adapter/config surface.

Changes:

• Implement squad loop (frontmatter parsing + --init scaffolding + interval runner) and wire it into the CLI entrypoint.
• Add loop.md template, unit tests for parsing/scaffolding, and user-facing documentation.
• Add Teams communication configuration in SDK types and a new Teams communication adapter, plus factory wiring.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 14 comments.

Show a summary per file

File	Description
packages/squad-cli/src/cli/commands/loop.ts	Core loop implementation (parser/scaffold/runner + capability phases).
packages/squad-cli/src/cli-entry.ts	CLI wiring for squad loop, help output, and --init.
templates/loop.md	Boilerplate loop.md template content.
test/cli/loop.test.ts	Unit tests for parseLoopFile() / generateLoopFile().
docs/src/content/docs/features/loop.md	Feature guide for the Loop command.
docs/src/content/docs/reference/cli.md	CLI reference updates to include Loop.
packages/squad-sdk/src/platform/types.ts	Adds Teams-specific config shape under CommunicationConfig.
packages/squad-sdk/src/platform/comms.ts	Wires teams-webhook channel to Teams adapter and reads Teams config.
packages/squad-sdk/src/platform/comms-teams.ts	New Teams adapter using Microsoft Graph auth + messaging + reply polling.
.changeset/loop-command.md	Changeset for @bradygaster/squad-cli minor bump.

[Copilot]

There’s a statement (const storage = new FSStorageProvider();) between import declarations. In ESM/TypeScript, all static import statements must come before any other statements, so this will fail to compile. Move the storage initialization below the imports (or convert the later imports to dynamic imports).

[Copilot]

inFrontmatter is assigned but never read. This will trip TS/ESLint no-unused-vars (and makes the parser harder to follow). Remove it or use it to control parsing state.

Suggested change

	let inFrontmatter = false;
	let frontmatterLines: string[] = [];
	let bodyStart = 0;
	if (lines[0]?.trim() === '---') {
	inFrontmatter = true;
	let frontmatterLines: string[] = [];
	let bodyStart = 0;
	if (lines[0]?.trim() === '---') {

[Copilot]

timeoutMinutes is used to derive timeoutMs for execFile, but it’s never validated. If loop.md (or --timeout) provides 0/negative/NaN, Node will treat it inconsistently (immediate timeout or throw). Add the same validation you do for interval (positive number of minutes).

Suggested change

	if (isNaN(timeoutMinutes) || timeoutMinutes < 1) {
	fatal('timeout must be a positive number of minutes');
	}

[Copilot]

Graceful shutdown clears the interval, but it doesn’t stop an in-flight execFile child process. If the user presses Ctrl+C while a round is running, the loop will likely keep the process alive until the Copilot command exits or times out. Consider keeping a reference to the current child process and terminating it in shutdown() (and/or set a flag to skip housekeeping).

[Copilot]

--init builds absPath with string concatenation (${process.cwd()}/${filePath}), which breaks on Windows paths and doesn’t normalize .. segments. Use node:path.resolve(process.cwd(), filePath) (and keep the absolute-path detection consistent with the rest of the CLI).

[Copilot]

openBrowser() uses exec() with an interpolated command string containing the URL. Even though inputs are mostly generated, this is still shell invocation and can be fragile across platforms (quoting/escaping) and increases command-injection risk if the URL ever contains unexpected characters. Prefer spawn/execFile with argument arrays (or a small cross-platform “open” helper) so the URL is passed as a parameter rather than via a shell string.

[Copilot]

The Graph messages polling URL includes spaces and an unencoded ISO timestamp inside $filter (e.g., createdDateTime gt 2026-...). This will produce an invalid URL (spaces) and/or an invalid OData filter. Build the query with URL/URLSearchParams and encodeURIComponent, and confirm the correct datetime filter syntax for Graph.

Suggested change

	const url = `${GRAPH_BASE}/chats/${chatId}/messages?$filter=createdDateTime gt ${sinceIso}&$top=50&$orderby=createdDateTime asc`;
	let data: { value: Array<{ id: string; body: { content: string }; from: { user: { displayName: string; id: string } } | null; createdDateTime: string }> };
	try {
	data = (await graphFetch(url, accessToken)) as typeof data;
	const url = new URL(`${GRAPH_BASE}/chats/${chatId}/messages`);
	url.searchParams.set('$filter', `createdDateTime gt ${sinceIso}`);
	url.searchParams.set('$top', '50');
	url.searchParams.set('$orderby', 'createdDateTime asc');
	let data: { value: Array<{ id: string; body: { content: string }; from: { user: { displayName: string; id: string } } | null; createdDateTime: string }> };
	try {
	data = (await graphFetch(url.toString(), accessToken)) as typeof data;

[Copilot]

In “me” mode, ensureChat() picks the first oneOnOne chat returned and treats it as a self-chat. That list can include 1:1 chats with other people, so this can easily send messages to the wrong recipient. Either require an explicit recipientUpn/chatId, or implement filtering that positively identifies a self-chat (or always create a new chat and persist its id).

Suggested change

	// "me" mode — find or create a self-chat
	if (!upn || upn === 'me') {
	const chatsRes = (await graphFetch(
	`${GRAPH_BASE}/me/chats?$filter=chatType eq 'oneOnOne'&$top=10`,
	accessToken,
	)) as { value: Array<{ id: string }> };
	if (chatsRes.value.length > 0) {
	this.resolvedChatId = chatsRes.value[0]!.id;
	return this.resolvedChatId;
	}
	// "me" mode — create a self-chat instead of reusing the first oneOnOne chat,
	// because /me/chats can include 1:1 chats with other people.
	if (!upn || upn === 'me') {

[Copilot]

postUpdate() returns { id: msg.id } where msg.id is a message ID, but pollForReplies() treats threadId as a chat ID (/chats/{chatId}/messages) unless resolvedChatId is set. This breaks the CommunicationAdapter contract for Teams (and will fail entirely for channel-mode posts). Consider returning the chat/channel thread identifier as id (e.g., chatId for 1:1, or {teamId,channelId,messageId} via a serialized id) and update pollForReplies() accordingly.

[Copilot]

New Teams adapter selection and .squad/config.json parsing (teams config + readTeamsConfig) aren’t covered by tests. There are existing unit tests for the communication adapter contract/factory; adding a test that verifies createCommunicationAdapter() returns TeamsCommunicationAdapter when communications.channel is teams-webhook (and that communications.teams is passed through) would prevent regressions.

[diberry]

Architectural Review — PR #765

1,781 additions across 10 files. Two distinct features bundled: a loop command and a Teams communication adapter.

---

✅ Architectural Pros

1. Smart reuse of watch capabilities. Loop only activates pre-scan + housekeeping phases from the existing capability registry, skipping core triage. Avoids duplicating the capability system while carving out a clean subset.

2. Safety gate pattern. configured: true in frontmatter prevents accidental runaway loops. Simple and effective.

3. No YAML dependency. The regex-based frontmatter parser handles the simple key: value format needed without adding js-yaml. Good for keeping the CLI lean.

4. execFile over exec. Using execFile with arrays avoids shell injection. The prompt content from loop.md is passed as a single --message argument, not interpolated into a shell string.

5. 21 unit tests for the parser. Good edge case coverage on parseLoopFile — unclosed frontmatter, NaN interval, quoted/unquoted strings, round-trip validation.

---

❌ Architectural Cons & Hidden Risks

🔴 HIGH RISK

1. comms-teams.ts is 550 lines with ZERO tests.
The PR has 21 tests — all for the loop parser. The entire Teams adapter (OAuth PKCE flow, device code flow, token refresh, Graph API calls, local HTTP server for auth callback, token file management) is completely untested. This is the most complex code in the PR and the most likely to break in production.

2. Teams adapter loads for ALL SDK users — cold-start tax.
comms.ts now unconditionally import { TeamsCommunicationAdapter } from './comms-teams.js' at the top. Since comms.ts is re-exported from the barrel (platform/index.ts), every import from '@bradygaster/squad-sdk/platform' now loads 550 lines of Teams auth code, a local HTTP server factory, and crypto imports — even if Teams is never used.

3. Plaintext OAuth tokens at ~/.squad/teams-tokens.json.
Access tokens and refresh tokens stored as unencrypted JSON with default file permissions. The tokens carry Chat.ReadWrite ChatMessage.Send ChatMessage.Read User.Read — enough to read and send Teams messages as the user.

4. Hardcoded Microsoft first-party client ID (14d82eec-204b-4c2f-b7e8-296a70dab67e).
This is the Microsoft Graph PowerShell app's client ID. Using it means Squad authenticates as "Microsoft Graph PowerShell" in every tenant. Microsoft can revoke or change its redirect URI configuration at any time, enterprise tenants may have conditional access policies blocking this app, and it's against Microsoft identity platform guidance to reuse first-party app registrations in third-party code.

🟡 MEDIUM RISK

5. CommunicationConfig becoming a dumping ground.
The generic interface now has teams?: { tenantId, clientId, recipientUpn, chatId, channelId, teamId } bolted on. If Slack, Discord, email each get the same treatment, this interface becomes an unstructured union. Better pattern: discriminated union keyed by channel or adapterConfig?: Record<string, unknown>.

6. Two unrelated features in one PR.
The loop command and the Teams adapter are logically independent. Bundling them means the loop feature can't ship until Teams concerns are resolved, review is harder, and revert granularity is lost.

7. Type-assertion lie in the platform adapter fallback.

adapter = { type: 'github' as const } as ReturnType<typeof createPlatformAdapter>;

This stub doesn't implement any methods. If any capability calls adapter.listWorkItems() or similar, it crashes at runtime with undefined is not a function. The as cast suppresses the compiler warning.

8. Coupling loop to watch internals.
loop.ts imports CapabilityRegistry, createDefaultRegistry, WatchCapability, WatchContext, WatchPhase, CapabilityResult, WatchConfig — deep coupling to watch's internal types. Changes to watch's capability system now have two consumers to validate against, but only watch tests cover capability execution.

🟢 LOW RISK

9. No preflight check for gh copilot. The loop's core mechanism is execFile('gh', ['copilot', ...]). If gh or the copilot extension isn't installed, every round fails with an opaque error.

10. Module-level const storage = new FSStorageProvider() in loop.ts. Side effect on import — if the constructor throws, the entire CLI module fails to load.

---

Recommendation

Split the PR. Ship the loop command (it's solid). Gate the Teams adapter behind a separate PR with tests, lazy-loading (import() instead of top-level import), encrypted token storage, and its own app registration guidance.

[diberry]

🔄 Retrospective — Why Didn't the Squad Catch These Issues?

PR #765 was authored entirely by @copilot (the GitHub Copilot coding agent) working autonomously on issue #761. The commit history shows the Teams adapter commit predates the loop work — it was already on the branch when @copilot picked up #761. Two features shipped in one PR by accident, not by design.

The PR arrived with 10 issues across architecture, security, testing, and API design. The squad has the right agents to catch every one of them: Flight (architecture), FIDO (testing), RETRO (security). None were activated.

Root Cause Analysis

Primary: @copilot operates outside the squad's orchestration layer.

The entire Squad system — coordinator routing, Design Review ceremonies, reviewer gates, Scribe logging — only activates when work flows through the coordinator. @copilot doesn't. It picks up issues via GitHub assignment, works in its own branch, and opens PRs directly. No ceremony is triggered. No reviewer is spawned. No security check happens.

The squad has a Design Review ceremony configured to auto-trigger "before multi-agent task involving 2+ agents modifying shared systems." This PR modified shared SDK types and the CLI entry point — it qualified. But the ceremony never fired because @copilot never asked the coordinator for work.

Secondary: @copilot tests what's easy, skips what's hard.

@copilot wrote 21 tests for parseLoopFile and generateLoopFile — pure functions with no dependencies. It wrote zero tests for the 550-line Teams adapter because that requires mocking Graph API, HTTP servers, and OAuth flows. Known pattern: optimizes for what compiles and passes, not for what needs coverage.

Secondary: No PR-level review trigger for squad agents.

The squad has squad-pr-readiness.yml — but it posts an informational checklist, not an enforcement gate. There's no mechanism that says "when @copilot opens a PR, spawn Flight + FIDO + RETRO to review before it's marked ready."

Secondary: Architectural issues are invisible to linters and compilers.

Every issue found — module-level side effects, type-assertion lies, hardcoded client IDs, plaintext token storage, async API breaks, feature bundling — passes tsc, ESLint, and all tests. These are judgment calls that require an agent (or human) who understands the system's architecture.

Recommendations

#	Recommendation	Effort	Impact
1	Add a squad-pr-review ceremony that auto-triggers when @copilot opens a PR	Medium	High
2	Add a "no feature bundling" check to PR readiness	Low	Medium
3	Mark OAuth/token/auth work as red in @copilot's capability profile	Low	High
4	Require test coverage for new files >100 lines in CI	Low	Medium

The Meta-Lesson

The squad's agents are good. The squad's process has a hole. Every issue found was catchable by agents already on the roster. The failure wasn't capability — it was activation. @copilot is the one team member that bypasses the coordinator, and that bypass is exactly where quality dropped.

---

This PR has been split into:

• PR feat(cli): Add squad loop command (#761) #767 — Loop command (reviewed clean, ready for merge)
• PR feat(sdk): Add Teams communication adapter #768 — Teams adapter (reviewed clean after fixes, ready for merge)

@diberry — please review both split PRs. The retro recommendations above should be tracked as separate issues.

[Copilot]

Architectural Review — PR #765

1,781 additions across 10 files. Two distinct features bundled: a loop command and a Teams communication adapter....

Addressed in commit fe8af61:

Removed Teams adapter from this PR — deleted comms-teams.ts and reverted comms.ts/types.ts to their pre-Teams state. The Teams adapter ships separately as recommended.

Fixed loop.ts issues:

• Module-level FSStorageProvider init moved below all imports
• Removed unused inFrontmatter variable
• Added timeoutMinutes validation (same positive-integer guard as interval)
• In-flight execFile child tracked in currentChild and killed in shutdown() so Ctrl+C truly stops the process

Fixed cli-entry.ts: --init path construction now uses path.resolve(process.cwd(), filePath) instead of string concatenation.

Fixed docs: interval default corrected from 5→10 minutes in both features/loop.md and reference/cli.md, matching the code and template defaults.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• aka.ms
  • Triggering command: /usr/bin/../../opt/az/bin/python3 /usr/bin/../../opt/az/bin/python3 -Im azure.cli boards work-item type list --org REDACTED --project no-proj --output json (dns block)
  • Triggering command: /usr/bin/../../opt/az/bin/python3 /usr/bin/../../opt/az/bin/python3 -Im azure.cli boards work-item type list --org REDACTED --project no-proj --output json get --global t http.https://gitdirname (dns block)
  • Triggering command: /usr/bin/../../opt/az/bin/python3 /usr/bin/../../opt/az/bin/python3 -Im azure.cli boards work-item type list --org REDACTED --project nonexistent-project --output json (dns block)
• app.aladdin.microsoft.com
  • Triggering command: /usr/bin/../../opt/az/bin/python3 /usr/bin/../../opt/az/bin/python3 -Im azure.cli boards work-item type list --org REDACTED --project no-proj --output json get --global t http.https://gitdirname (dns block)
  • Triggering command: /usr/bin/../../opt/az/bin/python3 /usr/bin/../../opt/az/bin/python3 -Im azure.cli boards work-item type list --org REDACTED --project no-proj --output json (dns block)
  • Triggering command: /usr/bin/../../opt/az/bin/python3 /usr/bin/../../opt/az/bin/python3 -Im azure.cli boards work-item type list --org REDACTED --project nonexistent-project --output json (dns block)
• azcliprod.blob.core.windows.net
  • Triggering command: /usr/bin/../../opt/az/bin/python3 /usr/bin/../../opt/az/bin/python3 -Im azure.cli boards work-item type list --org REDACTED --project nonexistent-project --output json (dns block)
• https://api.github.com/copilot_internal/user
  • Triggering command: /home/REDACTED/work/squad/squad/node_modules/@github/copilot-linux-x64/copilot /home/REDACTED/work/squad/squad/node_modules/@github/copilot-linux-x64/copilot --acp ache/node/24.14.doctor wc -l radygaster/squad-cli/dist/cli-entry.js" migrate cat it 6a43d7fe7314ecd0012e68f0323794fd753/log.json /opt/hostedtoolc/home/REDACTED/work/squad/squad/packages/squad-cli/dist/cli-entry.js k/squad/node_modstatus git remo�� al id" | sort |uniq | wc -l 6a43d7fe7314ecd0012e68f0323794fd753 /home/REDACTED/work/squad/node_modules/.bin/git 6a43d7fe7314ecd0012e68f0323794fd753/init.pid node git git (http block)
  • Triggering command: /home/REDACTED/work/squad/squad/node_modules/@github/copilot-linux-x64/copilot /home/REDACTED/work/squad/squad/node_modules/@github/copilot-linux-x64/copilot --acp --stdio git js XXXXXXXXXXXXXXXX-- git (http block)
  • Triggering command: /home/REDACTED/work/squad/squad/node_modules/@github/copilot-linux-x64/copilot /home/REDACTED/work/squad/squad/node_modules/@github/copilot-linux-x64/copilot --acp ndor/bin/git git js get-url origin de/node/bin/git get-url origin es/.bin/git sort /dis�� tinstall git es/.bin/node get-url origin /opt/hostedtoolcache/node/24.14.-t /opt/hostedtoolcache/node/24.14.filter (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)