feat: Add VS Code Language Model API integration (#80)

docs/vscode/configuration.md

@@ -73,6 +73,8 @@ Maximum number of completion tokens to generate.
 ```
 **Required** for most providers. Keep this secure and never commit to version control.
 
+**Note:** If you have GitHub Copilot enabled in VS Code, POML can automatically use VS Code's Language Model API when no API key is configured, providing seamless integration without additional setup.
+
 ### API URL
 
 ```json

examples/108_code_review.poml

@@ -0,0 +1,13 @@
+<!-- POML example for simple code review -->
+<poml>
+  <role>You are an experienced code reviewer.</role>
+
+  <task>Review the provided Python code and suggest improvements.</task>
+
+  <!-- Include the sample code file -->
+  <document src="assets/108_sample_code.py" />
+
+  <output-format>
+    Provide a concise code review with key suggestions for improvement.
+  </output-format>
+</poml>

examples/assets/108_sample_code.py

@@ -0,0 +1,81 @@
+import sqlite3
+import hashlib
+from flask import Flask, request, render_template_string
+
+app = Flask(__name__)
+
+# Database connection
+def get_db():
+    conn = sqlite3.connect('users.db')
+    return conn
+
+@app.route('/login', methods=['POST'])
+def login():
+    username = request.form['username']
+    password = request.form['password']
+
+    # Security issue: SQL injection vulnerability
+    query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
+
+    conn = get_db()
+    cursor = conn.cursor()
+    cursor.execute(query)
+    user = cursor.fetchone()
+
+    if user:
+        # Security issue: password stored in plain text
+        return f"Welcome {username}!"
+    else:
+        return "Invalid credentials"
+
+@app.route('/search')
+def search():
+    query = request.args.get('q', '')
+
+    # Security issue: XSS vulnerability
+    template = f"<h1>Search Results for: {query}</h1>"
+    return render_template_string(template)
+
+@app.route('/admin')
+def admin_panel():
+    # Security issue: No authentication check
+    conn = get_db()
+    cursor = conn.cursor()
+    cursor.execute("SELECT * FROM users")
+    users = cursor.fetchall()
+
+    # Performance issue: Loading all users at once
+    return str(users)
+
+def process_data(data):
+    result = []
+    # Performance issue: Inefficient nested loops
+    for i in range(len(data)):
+        for j in range(len(data)):
+            if data[i] == data[j] and i != j:
+                result.append(data[i])
+    return result
+
+class UserManager:
+    def __init__(self):
+        self.users = []
+
+    def add_user(self, name, email, password):
+        # Maintainability issue: No input validation
+        user = {
+            'name': name,
+            'email': email,
+            'password': password  # Security issue: storing plain password
+        }
+        self.users.append(user)
+
+    def find_user(self, email):
+        # Performance issue: Linear search
+        for user in self.users:
+            if user['email'] == email:
+                return user
+        return None
+
+if __name__ == '__main__':
+    # Security issue: Debug mode in production
+    app.run(debug=True, host='0.0.0.0')

examples/expects/108_code_review.txt

@@ -0,0 +1,101 @@
+===== human =====
+
+You are an experienced code reviewer specializing in security, performance, and best practices.
+
+Review the provided Python code for security vulnerabilities and improvement opportunities.
+
+```python
+import sqlite3
+import hashlib
+from flask import Flask, request, render_template_string
+
+app = Flask(__name__)
+
+# Database connection
+def get_db():
+    conn = sqlite3.connect('users.db')
+    return conn
+
+@app.route('/login', methods=['POST'])
+def login():
+    username = request.form['username']
+    password = request.form['password']
+
+    # Security issue: SQL injection vulnerability
+    query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
+
+    conn = get_db()
+    cursor = conn.cursor()
+    cursor.execute(query)
+    user = cursor.fetchone()
+
+    if user:
+        # Security issue: password stored in plain text
+        return f"Welcome {username}!"
+    else:
+        return "Invalid credentials"
+
+@app.route('/search')
+def search():
+    query = request.args.get('q', '')
+
+    # Security issue: XSS vulnerability
+    template = f"<h1>Search Results for: {query}</h1>"
+    return render_template_string(template)
+
+@app.route('/admin')
+def admin_panel():
+    # Security issue: No authentication check
+    conn = get_db()
+    cursor = conn.cursor()
+    cursor.execute("SELECT * FROM users")
+    users = cursor.fetchall()
+
+    # Performance issue: Loading all users at once
+    return str(users)
+
+def process_data(data):
+    result = []
+    # Performance issue: Inefficient nested loops
+    for i in range(len(data)):
+        for j in range(len(data)):
+            if data[i] == data[j] and i != j:
+                result.append(data[i])
+    return result
+
+class UserManager:
+    def __init__(self):
+        self.users = []
+
+    def add_user(self, name, email, password):
+        # Maintainability issue: No input validation
+        user = {
+            'name': name,
+            'email': email,
+            'password': password  # Security issue: storing plain password
+        }
+        self.users.append(user)
+
+    def find_user(self, email):
+        # Performance issue: Linear search
+        for user in self.users:
+            if user['email'] == email:
+                return user
+        return None
+
+if __name__ == '__main__':
+    # Security issue: Debug mode in production
+    app.run(debug=True, host='0.0.0.0')
+```
+
+Focus on:
+- SQL injection and XSS vulnerabilities
+- Authentication and authorization issues
+- Performance bottlenecks
+- Code maintainability
+
+Provide a structured code review with:
+1. Critical security issues
+2. Performance improvements
+3. Best practice recommendations
+4. Positive observations

package.json

@@ -246,12 +246,14 @@
           "type": "string",
           "description": "Language Model Provider",
           "enum": [
+            "vscode",
             "openai",
             "microsoft",
             "anthropic",
             "google"
           ],
           "enumItemLabels": [
+            "VS Code LM (GitHub Copilot)",
             "OpenAI",
             "Azure OpenAI",
             "Anthropic",