feat(cloud-agent): add profile skills, MCPs, and agents#3018
Merged
Conversation
Contributor
Author
Code Review SummaryStatus: 1 Issue Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Files Reviewed (5 files)
Fix these issues in Kilo Cloud Reviewed by gpt-5.5-20260423 · 3,434,216 tokens |
eshurakov
force-pushed
the
docs/cloud-agent-profile-skills-and-mcps-plan
branch
from
011409b to
58541ac
Compare
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
eshurakov
force-pushed
the
docs/cloud-agent-profile-skills-and-mcps-plan
branch
from
47db62c to
f3fe309
Compare
eshurakov
changed the title
eshurakov
force-pushed
the
docs/cloud-agent-profile-skills-and-mcps-plan
branch
3 times, most recently
from
0062965 to
82ecfa1
Compare
…cleanup - MCP env values and remote header values now mix plain strings and encrypted envelopes per key. Non-sensitive config (locale, paths, public IDs) skips the envelope round-trip while secrets stay encrypted. - Profile resolution returns a base (repo-bound) + top (explicit pick or effective default) pair, replacing the previous automatic/explicit shape. The explicit pick replaces the default in the top slot but never replaces the repo base; duplicates are dropped. - Drop count-only session metadata fields (envVarCount, setupCommandCount, mcpServerCount, skillCount) from session GET output — no callers were consuming them. - Remove dead createSkillFromMarketplace / createMcpFromMarketplace tRPC procedures along with the supporting marketplace input schemas, types, and normalizeMarketplaceMcp helper. - Rename getCanPgDb to getPgDb in cloud-agent-next.
eshurakov
force-pushed
the
docs/cloud-agent-profile-skills-and-mcps-plan
branch
from
82ecfa1 to
eaa9aab
Compare
InitializeContext, InitContext, and ExistingSessionMetadata now carry a single profile?: SessionProfileBundle instead of six flat fields (envVars, encryptedSecrets, setupCommands, mcpServers, runtimeSkills, runtimeAgents). Construction sites pass readProfileBundle(metadata) directly and consumers in the orchestrator forward initContext.profile to session-service without the buildProfileBundle re-pack shim, which is removed. Adding a profile field is now a single-line change in SessionProfileBundle.
Promotes the most thorough parseGitUrl (gastown's, with GitLab subgroup + SSH support) into @kilocode/worker-utils/git-url alongside isValidGitUrl, sanitizeGitUrl, and a new repoFullNameFromGitUrl helper. Removes four near-duplicate implementations across cloud-agent-next, session-ingest, app-builder, and apps/web; gastown's platform-pr.util now re-exports the shared symbols so existing call sites stay put.
The integration test still asserted the pre-eaa9aab41 contract where a repo binding suppressed the default. Resolution now layers the effective default on top of the repo binding when no explicit pick is supplied, so update the expectation to match: both layers apply with the default winning on key collisions and its setup command appended.
tsgo intermittently fails to emit packages/encryption/src/{encryption,timing-safe-equal}.d.ts
into dist/tsc, causing rollup to fail with 'Could not resolve ./encryption'.
Encryption types are never exposed in router I/O, so externalizing them lets
rollup's tree-shaker drop the unused imports — bundle output is unchanged.
RSO
approved these changes
May 6, 2026
… layer `mergeProfileConfiguration` previously took only envVars and setupCommands as inline parameters — mcpServers, encryptedSecrets, runtimeSkills, and runtimeAgents had to be merged at the call site (or were silently dropped by the cloud-agent-next handler when profile resolution ran). The merge logic was duplicated across parallel "process base / process top" blocks per collection. Restructure around a single `Layer` type and a reduce over `[base, top, inline].filter(Boolean)`. The inline layer is built from the same args object the function already accepts; callers pass all six inline fields and get one final bundle out. `applyProfileResolution` in the cloud-agent-next handler shrinks to a shape conversion for mcpServers. Contract change: inline encryptedSecrets / runtimeSkills / runtimeAgents now merge with the resolved profile (inline wins on collision) instead of being silently dropped. No live caller exercises this path today — the web frontend sends only profileId, the public v1 API does not route through cloud-agent-next, and bot tools resolve profiles themselves and forward values inline without a profileId — so behavior is unchanged in practice. The contract is now symmetric across all six collections. Disabled MCP servers in any layer (including inline) are skipped in the merge — they do not delete-key an enabled entry from a lower layer. Pinned by test. Drop the misleading comment claiming `getAgentsForSession` filters disabled agents — agents have no `enabled` column (only skills and MCP servers do). Surfaced by reviewer feedback on the parent PR. Tests: five new integration tests under "inline layer" cover MCP merge, disabled inline MCP, runtimeSkills merge, runtimeAgents merge, and encryptedSecrets merge alongside the existing per-profile suite. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds first-class skills, MCP servers, and custom agents to Cloud Agent profiles, redesigns the profile editor as a tabbed two-pane dialog, and extracts profile services into a shared
@kilocode/cloud-agent-profilepackage. Plan for the work is in.plans/cloud-agent-profile-skills-and-mcps.md.Profile model
agent_environment_profile_skills,agent_environment_profile_mcp_servers,agent_environment_profile_agents(cascade-delete fromagent_environment_profiles).created_by_user_idcolumn onagent_environment_profiles.AGENT_ENV_VARS_PUBLIC_KEY/PRIVATE_KEYenvelope; secrets are masked as••••on GET responses.Backend / wire format
apps/web/src/lib/agentintopackages/cloud-agent-profile(profile, vars, commands, MCP, skills, agents, session-config, repo-binding, resolution).cloud-agent-nextsession prepare/update schemas extended with skills, MCP servers, and agent configs; values flow intoKILO_CONFIG_CONTENT.profileId(with backward compatibility) so personal/org name collisions are unambiguous.ExecutionOrchestrator.prepareWorkspacewhere recreating a sandbox could drop stored MCP config.Profile editor UI
ProfilesListDialogreplaces the in-row expand/collapse editor with a two-pane tabbed layout: Overview, Variables, Setup commands, Skills, MCPs, Agents.ProfilePickerPopoverlists candidate profiles inline so a single click selects one (was a two-step "Pick a profile…" flow).ChatInput,MobileToolbarPopover, andNewSessionPanelresolve and show the human-readable model label on locked toolbars instead of the raw id.Bug fixes bundled in
session-manager:message.updatedwas writing visibility (primary/subagent/all) intosessionConfig.mode, blowing away the real custom-agent slug on refresh. Now usesevent.info.agentand has a regression test.registerSession: carries the resolved profile so a custom agent slug is visible before async prepare completes.ModelCombobox: opt-inmodalprop so the popover scrolls inside a Radix Dialog (used by the agents tab).Storybook
apps/storybook/src/mockData/profiles.tsextended with MCP servers, skills, and agents so all three new tabs render inProfilesListDialogandProfileSelectorstories.Verification
••••masking on reload and that untouched keys round-trip without re-encrypting), custom agent with a thinking-effort variant model and with a non-variant model.KILO_CONFIG_CONTENT(checkedcloud-agent-nextlogs and the running CLI).ProfileConfigIndicatorcounts for skills and MCPs.message.updated→ custom-agent-slug regression onmain, confirmed it's fixed on this branch (see new test insession-manager.test.ts).apps/web/src/lib/user.test.ts).Visual Changes
The profile editor changed substantially. New tabs and panes:
ProfilesListDialog(Overview / Variables / Setup commands / Skills / MCPs / Agents).ProfilePickerPopover.Storybook stories under
cloud-agent/cover all states; screenshots can be reproduced from there.Reviewer Notes
packages/cloud-agent-profile) is mechanical move + re-export but touches many import sites; worth a quick scan for missed references.0110_colossal_black_knight.sqlwas generated viapnpm drizzle generate(not hand-edited). Cascade FKs are intentional.profile-mcp-service.ts— masked placeholders on input mean "keep the existing ciphertext"; non-placeholder values are re-encrypted.ExecutionOrchestrator.prepareWorkspacefast-path fix is included here because the new MCP plumbing made it observable. It can be split out if desired.docs(...)from when this branch was plan-only; happy to retitle tofeat(cloud-agent): add profile skills, MCPs, and agentsbefore merge.