fix(cli): respect EXCLUDED_SUBDIRS in ReadPermission.harden()#11512
fix(cli): respect EXCLUDED_SUBDIRS in ReadPermission.harden()#11512Elshayib wants to merge 6 commits into
Conversation
…openai-compatible
MiMo and other OpenAI-compatible providers reject reasoning_effort: 'none'
(they only accept 'low', 'medium', 'high'). When user-provided variants
contain { reasoning: { effort: 'none' } }, rewrite them to
{ reasoning: { enabled: false } } so the SDK never sends an unsupported
effort value.
Fixes Kilo-Org#11501
Spread the original variant object (...v) so sibling keys like temperature are not dropped when replacing reasoning.effort. Addresses code review feedback on PR Kilo-Org#11510.
The connect() and disconnect() functions only modified in-memory state, so MCP server toggle changes were lost after restart. Now both functions update the enabled field in the project config file via cfgSvc.update(), bridging the gap between the runtime toggle endpoints (added Dec 2025) and the enabled config field (added Jun 2025). Fixes Kilo-Org#6157
ReadPermission.harden() now exempts paths under EXCLUDED_SUBDIRS (e.g. .kilo/plans/*.md) from config dir hardening. Previously, broad read allow rules for .kilo/plans/*.md were incorrectly downgraded to ask, blocking plan file reads despite the ConfigProtection exemption. Fixes Kilo-Org#11439
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
| const CONFIG_DIRS = [".kilo/", ".kilocode/", ".opencode/"] | ||
| const EXCLUDED_SUBDIRS = ["plans/"] | ||
|
|
||
| function isConfigDir(pattern: string): boolean { |
There was a problem hiding this comment.
WARNING: Root-level config files are still exempt from hardening
isConfigDir() only checks the .kilo/, .kilocode/, and .opencode/ directory prefixes, but ConfigProtection.isRelative() also treats root files like kilo.json, opencode.json, and AGENTS.md as protected config. With this helper, a broad read: { "*": "allow" } still reads those root files without prompting, so the new behavior does not actually mirror the config-protection rules.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| const connect = Effect.fn("MCP.connect")(function* (name: string) { | ||
| const mcp = yield* requireMcpConfig(name) | ||
| yield* createAndStore(name, { ...mcp, enabled: true }) | ||
| yield* cfgSvc.update({ |
There was a problem hiding this comment.
WARNING: In-memory and persisted state can diverge on update failure
createAndStore() has already started and stored the client before this write happens. If cfgSvc.update() fails here, the command returns an error even though the server is left connected in memory, so the user's visible runtime state no longer matches what will come back after the next reload. Persisting first or rolling the client back on failure would avoid that split-brain state.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| yield* closeClient(s, name) | ||
| delete s.clients[name] | ||
| s.status[name] = { status: "disabled" } | ||
| yield* cfgSvc.update({ |
There was a problem hiding this comment.
WARNING: Disconnect can report failure after it has already shut the server down
This write happens after the live client is closed and removed from s.clients. If cfgSvc.update() fails, the call errors out even though the server is already disconnected in memory, while the config on disk still says it is enabled; the next reload will silently bring it back. Consider persisting first or restoring the prior runtime state on failure.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| "kilo-code": patch | ||
| --- | ||
|
|
||
| Fix ReadPermission.harden() respecting EXCLUDED_SUBDIRS — .kilo/plans/*.md is no longer downgraded to "ask" by config dir hardening, matching ConfigProtection exemption semantics. |
There was a problem hiding this comment.
SUGGESTION: Rewrite this changeset in user-facing terms
Changeset entries are shown directly to end users, so this one is more helpful if it describes the visible behavior instead of the internal permission helpers and exemption names.
| Fix ReadPermission.harden() respecting EXCLUDED_SUBDIRS — .kilo/plans/*.md is no longer downgraded to "ask" by config dir hardening, matching ConfigProtection exemption semantics. | |
| Allow reading plan files under `.kilo/plans/`, `.kilocode/plans/`, and `.opencode/plans/` when your read permissions already permit them. |
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| "kilo-code": patch | ||
| --- | ||
|
|
||
| Fix MiMo and other OpenAI-compatible models throwing error when thinking mode is set to "Instant" — remaps `reasoning: { effort: "none" }` to `reasoning: { enabled: false }` for `@ai-sdk/openai-compatible` providers that don't support the `"none"` reasoning effort tier. |
There was a problem hiding this comment.
SUGGESTION: Rewrite this changeset in user-facing terms
Changeset entries are shown directly to end users, so this is easier to scan if it describes the user-visible fix instead of the internal provider remapping details.
| Fix MiMo and other OpenAI-compatible models throwing error when thinking mode is set to "Instant" — remaps `reasoning: { effort: "none" }` to `reasoning: { enabled: false }` for `@ai-sdk/openai-compatible` providers that don't support the `"none"` reasoning effort tier. | |
| Fix OpenAI-compatible models failing when Instant mode disables reasoning. |
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
Code Review SummaryStatus: 3 Issues Found | Recommendation: Address before merge Overview
Fix these issues in Kilo Cloud Issue Details (click to expand)WARNING
SUGGESTION
Files Reviewed (8 files)
Previous Review Summary (commit 44198a0)Current summary above is authoritative. Previous snapshots are kept for context only. Previous review (commit 44198a0)Status: 5 Issues Found | Recommendation: Address before merge Overview
Fix these issues in Kilo Cloud Issue Details (click to expand)WARNING
SUGGESTION
Files Reviewed (8 files)
Reviewed by gpt-5.4-20260305 · Input: 56.3K · Output: 9.7K · Cached: 306.7K Review guidance: REVIEW.md from base branch |
isConfigDir() now also recognizes root-level config files (kilo.json, kilo.jsonc, opencode.json, opencode.jsonc, AGENTS.md) as config paths that should be hardened from broad allow rules.
|
Addressed all review feedback:
|
1 participant
Summary
ReadPermission.harden()now exempts paths underEXCLUDED_SUBDIRS(e.g..kilo/plans/*.md) from config dir hardening. Previously, broad read allow rules for.kilo/plans/*.mdwere incorrectly downgraded toask, blocking plan file reads despite theConfigProtectionexemption.Changes
packages/opencode/src/kilocode/permission/read.ts: AddedisConfigDir()helper that mirrorsConfigProtection.isRelative()logic includingEXCLUDED_SUBDIRSexemption.harden()now downgrades broadallowrules toaskfor config dirs (.kilo/,.kilocode/,.opencode/) but skips excluded subdirectories likeplans/.packages/opencode/test/kilocode/permission/env-read.test.ts: Added 6 test cases covering config dir hardening, excluded subdirs, non-config paths, non-broad rules, edit permission immunity, and nested config dirs.Testing
test/kilocode/permission/passtest/permission/passtest/cli/run/permission.shared.test.tspassFixes
Closes #11439