Skip to content

feat(cloud-agent): PR tracking for cloud-agent sessions#2903

Merged
eshurakov merged 3 commits intomainfrom
convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head
May 7, 2026
Merged

feat(cloud-agent): PR tracking for cloud-agent sessions#2903
eshurakov merged 3 commits intomainfrom
convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head

Conversation

@kilo-code-bot
Copy link
Copy Markdown
Contributor

@kilo-code-bot kilo-code-bot Bot commented Apr 29, 2026
edited by eshurakov
Loading

Summary

Adds infrastructure to associate a GitHub pull request with a cloud-agent-next CLI session.

  • New cli_session_pull_requests side table (PK = session_id, FK → cli_sessions_v2.session_id with ON DELETE CASCADE) storing PR number, url, state, title, head sha, and last-synced timestamp.
  • Required unique index UQ_cli_sessions_v2_session_id on cli_sessions_v2.session_id so the FK has a unique target (the base table uses a composite PK (session_id, kilo_user_id)).
  • New composite index on (git_url, git_branch) to support branch → session lookups.
  • New fetchPullRequestForBranch helper in the GitHub adapter that looks up the most relevant PR for a (owner, repo, branch) triple via an installation token. Prefers open PRs, maps merged_at"merged" state, returns null on 404, and throws a dedicated GitHubRateLimitError (carrying resetAt) for rate/secondary-rate-limit responses while passing through genuine 403 permission failures unchanged.
  • Mock adapter in apps/web/src/tests/setup/__mocks__/ updated to mirror the new export surface.

Verification

  • verified locally

Visual Changes

Screenshot 2026-05-06 at 22 52 17

@kilo-code-bot kilo-code-bot Bot force-pushed the convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head branch from 3e32e34 to cb82fe9 Compare April 29, 2026 14:07
kilo-code-bot[bot]
kilo-code-bot Bot commented Apr 29, 2026
View reviewed changes
Comment thread packages/db/src/migrations/0109_rare_vin_gonzales.sql Outdated
Comment thread packages/db/src/migrations/0107_dashing_mockingbird.sql Outdated
@kilo-code-bot
Copy link
Copy Markdown
Contributor Author

kilo-code-bot Bot commented Apr 29, 2026
edited
Loading

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 file)
  • packages/db/src/migrations/0121_skinny_mimic.sql

Reviewed by gpt-5.5-2026-04-23 · 1,826,359 tokens

kilo-code-bot[bot]
kilo-code-bot Bot commented Apr 29, 2026
View reviewed changes
Comment thread apps/web/src/routers/cli-sessions-v2-router.ts
kilo-code-bot Bot pushed a commit that referenced this pull request Apr 29, 2026
fix(cloud-agent-next): close PR #2903 review findings + typecheck
ab3ff48 
- Add associatedPr to mobile FetchedSessionData so mobile-session-manager
  matches the shared type definition. This unblocks the CI typecheck
  failure on apps/mobile.

- refreshAssociatedPullRequest: move ensureOrganizationAccess BEFORE
  the throttle short-circuit for org-scoped sessions. Previously a
  removed org member with a stale cli_sessions_v2 row could receive
  cached PR metadata via the throttle path without a current
  membership check. Adds a regression test covering the fresh-sentinel
  case where the throttle previously would have bypassed the check.

- upsertCliSessionPullRequestsFromWebhook: introduce
  WebhookInstallationOwner and require the caller (webhook router) to
  pass the integration owner. The session SELECT now constrains by
  organization_id OR kilo_user_id so a webhook from one tenant's
  installation cannot upsert PR metadata onto a session owned by
  another tenant that happens to share the same (git_url, git_branch).
  Adds cross-tenant isolation tests for both org and user ownership,
  including the slow-path normalization branch.
kilo-code-bot Bot pushed a commit that referenced this pull request Apr 30, 2026
fix(cloud-agent-next): close PR #2903 review findings + typecheck
5e0bc5b 
- Add associatedPr to mobile FetchedSessionData so mobile-session-manager
  matches the shared type definition. This unblocks the CI typecheck
  failure on apps/mobile.

- refreshAssociatedPullRequest: move ensureOrganizationAccess BEFORE
  the throttle short-circuit for org-scoped sessions. Previously a
  removed org member with a stale cli_sessions_v2 row could receive
  cached PR metadata via the throttle path without a current
  membership check. Adds a regression test covering the fresh-sentinel
  case where the throttle previously would have bypassed the check.

- upsertCliSessionPullRequestsFromWebhook: introduce
  WebhookInstallationOwner and require the caller (webhook router) to
  pass the integration owner. The session SELECT now constrains by
  organization_id OR kilo_user_id so a webhook from one tenant's
  installation cannot upsert PR metadata onto a session owned by
  another tenant that happens to share the same (git_url, git_branch).
  Adds cross-tenant isolation tests for both org and user ownership,
  including the slow-path normalization branch.
@kilo-code-bot kilo-code-bot Bot force-pushed the convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head branch from 124c0b4 to 084f755 Compare April 30, 2026 19:12
@eshurakov eshurakov force-pushed the convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head branch 3 times, most recently from f317c03 to 969f7c8 Compare May 5, 2026 14:17
kilo-code-bot[bot]
kilo-code-bot Bot commented May 5, 2026
View reviewed changes
Comment thread packages/db/src/migrations/0110_stormy_marauders.sql Outdated
kilo-code-bot[bot]
kilo-code-bot Bot commented May 5, 2026
View reviewed changes
Comment thread services/session-ingest/src/queue-consumer.ts
@eshurakov eshurakov force-pushed the convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head branch 2 times, most recently from 4a65ead to 2785dfc Compare May 6, 2026 19:46
kilo-code-bot[bot]
kilo-code-bot Bot commented May 6, 2026
View reviewed changes
Comment thread apps/web/src/routers/cli-sessions-v2-router.ts
Comment thread ...b/src/lib/integrations/platforms/github/webhook-handlers/upsert-cli-session-pull-requests.ts Outdated
@eshurakov eshurakov changed the title feat(cloud-agent): associated PR tracking for cloud-agent-next sessions feat(cloud-agent): PR tracking for cloud-agent sessions May 6, 2026
jrf0110
jrf0110 reviewed May 6, 2026
View reviewed changes
Comment thread apps/web/src/components/cloud-agent-next/hooks/useSidebarSessions.ts Outdated
jrf0110
jrf0110 reviewed May 6, 2026
View reviewed changes
Comment thread apps/web/src/components/cloud-agent-next/utils/github-pr-link.ts Outdated
alex-alecu
alex-alecu reviewed May 7, 2026
View reviewed changes
Comment thread apps/web/src/routers/cli-sessions-v2-router.ts
alex-alecu
alex-alecu reviewed May 7, 2026
View reviewed changes
Comment thread apps/web/src/lib/integrations/platforms/github/adapter.ts
@alex-alecu
Copy link
Copy Markdown
Contributor

alex-alecu commented May 7, 2026

@eshurakov please check this thread Kilo-Org/kilocode#9418 (comment)

Do you think we should re-use some logic from backend or that it's better to have it separate?

@eshurakov eshurakov force-pushed the convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head branch from 5f882d2 to 2d23c9c Compare May 7, 2026 08:07
kilo-code-bot[bot]
kilo-code-bot Bot commented May 7, 2026
View reviewed changes
Comment thread apps/web/src/lib/integrations/platforms/github/webhook-handler.ts
kilo-code-bot[bot]
kilo-code-bot Bot commented May 7, 2026
View reviewed changes
Comment thread apps/web/src/routers/cli-sessions-v2-router.ts Outdated
@eshurakov
Copy link
Copy Markdown
Contributor

eshurakov commented May 7, 2026

@alex-alecu By reuse you mean the cli and agent manager would get the status from the backend? Or to reuse the actual code?

Backend code is quite different in this case as we rely mostly on webhooks and process (for now) only cloud agent sessions. We're also limited by integration added to the kilo with only repositories that user picked.

@eshurakov eshurakov force-pushed the convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head branch from 627f927 to 7e846a5 Compare May 7, 2026 18:45
kilo-code-bot[bot]
kilo-code-bot Bot commented May 7, 2026
View reviewed changes
Comment thread apps/web/src/lib/integrations/platforms/github/batch-review-decisions.ts Outdated
eshurakov added 2 commits May 7, 2026 21:56
@eshurakov
feat(cloud-agent-next): associated PR for sessions with review decisi…
c120739 
…on badge

- Add PR association to cloud agent sessions via GitHub webhook handlers
- Show PR state badge and hover card in session sidebar
- Poll for review decisions while batch fetch is in flight
- Avoid marking no-PR sentinel rows as pending
- Defer PR review decision fetch to lazy batched query
- Add normalize-git-url utility and tests
@eshurakov
fix(batch-review-decisions): remove double after() scheduling
ebdff8f
@eshurakov eshurakov force-pushed the convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head branch from 3569913 to ebdff8f Compare May 7, 2026 20:03
@eshurakov eshurakov merged commit fd4adc9 into main May 7, 2026
43 checks passed
@eshurakov eshurakov deleted the convoy/associated-pr-for-cloud-agent-next-sessi/dbccdbdf/head branch May 7, 2026 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eshurakov eshurakov eshurakov left review comments

@alex-alecu alex-alecu alex-alecu left review comments

@jrf0110 jrf0110 jrf0110 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alex-alecu @eshurakov @jrf0110