Add local agent delegation skill and profile examples#50
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (5)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (4)
📝 WalkthroughWalkthroughThis PR adds a bundled local-agent delegation skill, local agent profile schema and example templates, config and CLI support for seeding and discovering skills, and documentation updates for skill paths and experimental local-agent behavior. ChangesLocal agent delegation feature
Estimated code review effort: 3 (Moderate) | ~25 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Warning Tools execution failed with the following error: Failed to run tools: 13 INTERNAL: Received RST_STREAM with code 2 (Internal server error) Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
skills/local-agent-delegation/SKILL.md (1)
38-51: 🔒 Security & Privacy | 🔵 TrivialFlag shell-injection risk for any real implementation of this guidance.
The CLI examples interpolate
$PROMPTdirectly into shell command strings (e.g.,codex exec --json -C "$WORKSPACE" "$PROMPT"). This is fine as illustrative documentation, but if any actual tool implementation follows this literally with shell-string concatenation rather than passing arguments as an array/exec without a shell, untrusted prompt content could lead to command injection. Worth calling out so future implementers pass$PROMPT/$WORKSPACEas separate argv entries (no shell) rather than building a shell string.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@skills/local-agent-delegation/SKILL.md` around lines 38 - 51, The CLI guidance examples in SKILL.md should explicitly warn that directly interpolating $PROMPT or $WORKSPACE into a shell command string is unsafe for real implementations. Update the CLI execution guidance near the examples to call out shell-injection risk and instruct implementers to pass arguments as separate argv entries without a shell, rather than concatenating strings, while keeping the examples clearly documented as illustrative only.src/user-config.ts (1)
95-103: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win
devspace init --forcedoesn't refresh the seeded skill.
ensureDevspaceDefaultSkillsnever overwrites an existinglocal-agent-delegation/SKILL.md, even when the CLI is run with--force(the function ignoresforceentirely — seesrc/cli.tsLine 144). As the bundled skill content evolves in future releases, existing installs will silently keep stale guidance unless users manually delete the file. Consider threading aforce/version-stamp option through so--forcecan refresh the seeded copy.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/user-config.ts` around lines 95 - 103, ensureDevspaceDefaultSkills currently short-circuits when local-agent-delegation/SKILL.md already exists, so seeded skills never refresh on devspace init --force. Update the ensureDevspaceDefaultSkills flow to accept and honor a force/version-based refresh signal from the CLI (via src/cli.ts) and overwrite the bundled SKILL.md when refresh is requested, while preserving the existing no-op behavior when it is not. Keep the fix centered around ensureDevspaceDefaultSkills, devspaceSkillsDir, and the local-agent-delegation/SKILL.md write path.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/agent-profile-schema.md`:
- Around line 7-16: The agent profile path wording is inconsistent with the
actual loader behavior. Update the docs that describe where profiles live so
they use DEVSPACE_AGENT_DIR as the canonical path via config.agentDir
(defaulting to ~/.codex), and treat ~/.devspace/agents as only an optional
override/example. Keep the related guidance in agent-profile-schema.md aligned
with the existing wording in configuration.md and gotchas.md, and adjust the
references around the profile/template examples accordingly.
---
Nitpick comments:
In `@skills/local-agent-delegation/SKILL.md`:
- Around line 38-51: The CLI guidance examples in SKILL.md should explicitly
warn that directly interpolating $PROMPT or $WORKSPACE into a shell command
string is unsafe for real implementations. Update the CLI execution guidance
near the examples to call out shell-injection risk and instruct implementers to
pass arguments as separate argv entries without a shell, rather than
concatenating strings, while keeping the examples clearly documented as
illustrative only.
In `@src/user-config.ts`:
- Around line 95-103: ensureDevspaceDefaultSkills currently short-circuits when
local-agent-delegation/SKILL.md already exists, so seeded skills never refresh
on devspace init --force. Update the ensureDevspaceDefaultSkills flow to accept
and honor a force/version-based refresh signal from the CLI (via src/cli.ts) and
overwrite the bundled SKILL.md when refresh is requested, while preserving the
existing no-op behavior when it is not. Keep the fix centered around
ensureDevspaceDefaultSkills, devspaceSkillsDir, and the
local-agent-delegation/SKILL.md write path.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro Plus
Run ID: d155bbc9-3211-414a-becd-71ea38475dc6
📒 Files selected for processing (19)
docs/agent-profile-schema.mddocs/chatgpt-coding-workflow.mddocs/configuration.mddocs/gotchas.mdexamples/agents/claude-implementer.mdexamples/agents/codex-explorer.mdexamples/agents/codex-worker.mdexamples/agents/copilot-reviewer.mdexamples/agents/cursor-agent-worker.mdexamples/agents/opencode-explorer.mdexamples/agents/pi-reviewer.mdpackage.jsonskills/local-agent-delegation/SKILL.mdsrc/cli.tssrc/config.test.tssrc/config.tssrc/skills.test.tssrc/skills.tssrc/user-config.ts
There was a problem hiding this comment.
Pull request overview
This PR introduces an experimental local-agent delegation skill that can be bundled with DevSpace and conditionally exposed, and adds packaged local coding-agent profile examples plus schema documentation to clarify that the profiles are templates only (not automatically activated or executed by DevSpace).
Changes:
- Add
DEVSPACE_EXPERIMENTAL_LOCAL_AGENTS/experimentalLocalAgentsconfig support and wiring to conditionally exposelocal-agent-delegation. - Add skill discovery support for
~/.devspace/skillsand a bundled-skills fallback when the experiment is enabled. - Package local agent profile example templates under
examples/agents/and document the profile schema and non-goals.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/user-config.ts | Adds experimentalLocalAgents, devspaceSkillsDir(), and ensureDevspaceDefaultSkills() for optional skill seeding. |
| src/skills.ts | Adds ~/.devspace/skills discovery and bundled fallback for local-agent-delegation under the experimental flag. |
| src/skills.test.ts | Extends skill discovery tests to cover .devspace/skills and experimental inclusion of local-agent-delegation. |
| src/config.ts | Adds devspaceSkillsDir and experimentalLocalAgents to ServerConfig and loads from env/config file. |
| src/config.test.ts | Adds coverage for new config fields and ensureDevspaceDefaultSkills() seeding behavior. |
| src/cli.ts | Seeds default skill during init when experimentalLocalAgents is enabled (but currently does not honor the env var). |
| skills/local-agent-delegation/SKILL.md | Introduces the bundled local-agent-delegation skill content and delegation guidance. |
| package.json | Ensures examples/ and skills/ are included in the published package. |
| examples/agents/pi-reviewer.md | Adds a read-only Pi CLI agent profile template. |
| examples/agents/opencode-explorer.md | Adds a read-only OpenCode CLI agent profile template. |
| examples/agents/cursor-agent-worker.md | Adds a write-capable Cursor CLI agent profile template. |
| examples/agents/copilot-reviewer.md | Adds a read-only GitHub Copilot CLI agent profile template. |
| examples/agents/codex-worker.md | Adds a write-capable Codex CLI agent profile template. |
| examples/agents/codex-explorer.md | Adds a read-only Codex CLI agent profile template. |
| examples/agents/claude-implementer.md | Adds a write-capable Claude CLI agent profile template. |
| docs/gotchas.md | Documents ~/.devspace/skills, bundled fallback behavior, and that examples are inert templates. |
| docs/configuration.md | Documents DEVSPACE_EXPERIMENTAL_LOCAL_AGENTS and skill discovery behavior. |
| docs/chatgpt-coding-workflow.md | Documents experimental toggle and inert agent profile examples. |
| docs/agent-profile-schema.md | Adds a detailed schema reference for the (template-only) local agent profile format. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| publicBaseUrl, | ||
| experimentalLocalAgents: files.config.experimentalLocalAgents, | ||
| }; |
There was a problem hiding this comment.
Addressed in 5c36d0f.
devspace init now resolves localAgents with env-over-config precedence, so DEVSPACE_LOCAL_AGENTS=1 devspace init seeds the default local-agent skill. This was also updated after the knob rename from the earlier experimental env name.
There was a problem hiding this comment.
🧹 Nitpick comments (1)
src/skills.ts (1)
63-79: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low valueDiagnostics aren't filtered alongside the excluded skill.
When
experimentalLocalAgentsis false,result.skillsis filtered to drop"local-agent-delegation", butresult.diagnosticsis returned unchanged. If a collision or other diagnostic referencing that skill name is produced byloadSkills(e.g., a user-configured path duplicating the seeded skill), the diagnostic would still surface even though the skill itself is hidden — a confusing, orphaned reference to a skill the user can't see.Optional: also filter diagnostics referencing the excluded skill
return { skills: result.skills.filter((skill) => skill.name !== "local-agent-delegation"), - diagnostics: result.diagnostics, + diagnostics: result.diagnostics.filter( + (diagnostic) => !("name" in diagnostic) || diagnostic.name !== "local-agent-delegation", + ), };🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/skills.ts` around lines 63 - 79, In loadWorkspaceSkills, the non-experimental branch filters out the "local-agent-delegation" skill from result.skills but leaves related diagnostics intact. Update the return path in loadWorkspaceSkills (and any helper logic it uses, such as effectiveSkillPaths/loadSkills results) so diagnostics that reference the excluded skill are filtered out too, keeping diagnostics consistent with the visible skills list.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/skills.ts`:
- Around line 63-79: In loadWorkspaceSkills, the non-experimental branch filters
out the "local-agent-delegation" skill from result.skills but leaves related
diagnostics intact. Update the return path in loadWorkspaceSkills (and any
helper logic it uses, such as effectiveSkillPaths/loadSkills results) so
diagnostics that reference the excluded skill are filtered out too, keeping
diagnostics consistent with the visible skills list.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 472ff52e-3e63-4170-a15a-11900adf6ba9
📒 Files selected for processing (11)
docs/agent-profile-schema.mddocs/chatgpt-coding-workflow.mddocs/configuration.mddocs/gotchas.mdskills/local-agent-delegation/SKILL.mdsrc/cli.tssrc/config.test.tssrc/config.tssrc/skills.test.tssrc/skills.tssrc/user-config.ts
✅ Files skipped from review due to trivial changes (3)
- docs/gotchas.md
- docs/chatgpt-coding-workflow.md
- docs/configuration.md
🚧 Files skipped from review as they are similar to previous changes (6)
- src/config.test.ts
- src/cli.ts
- src/skills.test.ts
- src/config.ts
- src/user-config.ts
- docs/agent-profile-schema.md
9ee891f to
172d8bb
Compare
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/cli.ts (1)
132-150: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick winThread
localAgentsthroughdevspace init
runInitreadsfiles.config.localAgents, soDEVSPACE_LOCAL_AGENTS=1never seeds the default skill on a fresh setup, and there’s no init-time prompt to enable it. Read the merged config here or add explicit init-time handling forlocalAgents.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/cli.ts` around lines 132 - 150, runInit in src/cli.ts is only reading files.config.localAgents, so the merged env/config value from localAgents is not being honored during devspace init. Update the init flow to use the merged config when building the DevspaceUserConfig and when deciding whether to call ensureDevspaceDefaultSkills(), or add explicit init-time prompting/handling for localAgents so DEVSPACE_LOCAL_AGENTS=1 can seed the default skill.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@src/cli.ts`:
- Around line 132-150: runInit in src/cli.ts is only reading
files.config.localAgents, so the merged env/config value from localAgents is not
being honored during devspace init. Update the init flow to use the merged
config when building the DevspaceUserConfig and when deciding whether to call
ensureDevspaceDefaultSkills(), or add explicit init-time prompting/handling for
localAgents so DEVSPACE_LOCAL_AGENTS=1 can seed the default skill.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 7a1140c7-010f-4bb8-a820-f2381e918379
📒 Files selected for processing (11)
docs/agent-profile-schema.mddocs/chatgpt-coding-workflow.mddocs/configuration.mddocs/gotchas.mdskills/local-agent-delegation/SKILL.mdsrc/cli.tssrc/config.test.tssrc/config.tssrc/skills.test.tssrc/skills.tssrc/user-config.ts
✅ Files skipped from review due to trivial changes (3)
- docs/gotchas.md
- docs/configuration.md
- skills/local-agent-delegation/SKILL.md
🚧 Files skipped from review as they are similar to previous changes (5)
- src/skills.test.ts
- src/config.ts
- src/skills.ts
- docs/chatgpt-coding-workflow.md
- docs/agent-profile-schema.md
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/user-config.ts (1)
96-103: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick winNo error handling around skill-seeding I/O; a failure aborts
runInitafter config/auth are already written.Per the graph evidence in
src/cli.ts,ensureDevspaceDefaultSkills()runs afterwriteDevspaceConfig/writeDevspaceAuthsucceed. IfmkdirSync/readFileSync/writeFileSynchere throw (e.g. permissions, missing bundled source file per the above concern, disk full), the exception propagates out ofrunInit's try/catch (which only special-casesSetupCancelledError), leaving the user with a written config/auth but an unhandled crash and no explanation, rather than a graceful degraded init.🛡️ Suggested guard
export function ensureDevspaceDefaultSkills(env: NodeJS.ProcessEnv = process.env): string[] { const targetPath = join(devspaceSkillsDir(env), "local-agent-delegation", "SKILL.md"); if (existsSync(targetPath)) return []; const sourcePath = new URL("../skills/local-agent-delegation/SKILL.md", import.meta.url); - mkdirSync(dirname(targetPath), { recursive: true }); - writeFileSync(targetPath, readFileSync(sourcePath, "utf8"), { mode: 0o644 }); - return [targetPath]; + try { + mkdirSync(dirname(targetPath), { recursive: true }); + writeFileSync(targetPath, readFileSync(sourcePath, "utf8"), { mode: 0o644 }); + return [targetPath]; + } catch { + return []; + } }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/user-config.ts` around lines 96 - 103, Wrap the I/O in ensureDevspaceDefaultSkills with graceful error handling so a failure does not crash runInit after writeDevspaceConfig/writeDevspaceAuth have already succeeded. Catch errors around mkdirSync, readFileSync, and writeFileSync, then either log a clear warning or return an empty list so setup can continue in a degraded state. Use the ensureDevspaceDefaultSkills helper as the main fix point, and keep the existing behavior of returning seeded paths only when the skill file is actually written.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@src/user-config.ts`:
- Around line 96-103: Wrap the I/O in ensureDevspaceDefaultSkills with graceful
error handling so a failure does not crash runInit after
writeDevspaceConfig/writeDevspaceAuth have already succeeded. Catch errors
around mkdirSync, readFileSync, and writeFileSync, then either log a clear
warning or return an empty list so setup can continue in a degraded state. Use
the ensureDevspaceDefaultSkills helper as the main fix point, and keep the
existing behavior of returning seeded paths only when the skill file is actually
written.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 9ab34d00-407e-4f6a-9bbc-99d9ccb2bf33
📒 Files selected for processing (6)
skills/local-agent-delegation/SKILL.mdsrc/cli.tssrc/config.test.tssrc/skills.test.tssrc/skills.tssrc/user-config.ts
✅ Files skipped from review due to trivial changes (1)
- skills/local-agent-delegation/SKILL.md
🚧 Files skipped from review as they are similar to previous changes (4)
- src/skills.test.ts
- src/skills.ts
- src/cli.ts
- src/config.test.ts
|
CodeRabbit: diagnostics for hidden local-agent skill Addressed in When |
|
CodeRabbit: shell interpolation note in local-agent skill docs Addressed in The CLI examples now explicitly say they are illustrative and that real implementations should pass workspace/prompt values as separate argv entries without a shell, instead of concatenating untrusted prompt text into shell command strings. |
|
CodeRabbit: Intentionally not changed in this PR.
|
Summary
local-agent-delegationskill and seed it into~/.devspace/skillsduringdevspace init.~/.devspace/skillsloading with bundled fallback behavior.Validation
npm run typechecknpm testnpm run buildNote:
npm run buildstill emits the existing Vite chunk-size warning.Summary by CodeRabbit
DEVSPACE_LOCAL_AGENTS=1, and seed default skills during setup when enabled.examplesandskills.