Skip to content

Comments

Feat skills#1221

Merged
Wendong-Fan merged 25 commits intomainfrom
feat-skills
Feb 18, 2026
Merged

Feat skills#1221
Wendong-Fan merged 25 commits intomainfrom
feat-skills

Conversation

@4pmtong
Copy link
Collaborator

@4pmtong 4pmtong commented Feb 11, 2026
edited
Loading

Description

Summary

Introduces a Skills System and adds an Agents tab to the main navigation.

Skills System

  • Backend: SkillToolkit with user config and agent access control; integrated into all agents (Developer, Browser, Document, Multi Modal, Social Media, Coordinator, Task, New Worker).
  • Electron: Skills scan, write, delete, config management; seed example skills.
  • Frontend: Skills page (Your skills / Example skills), upload, delete, scope management. Example skills cannot be deleted.
  • Example skills: code-reviewer, data-analyzer, report-writer.

Agents Tab

  • New Agents tab in the main nav (second position after Projects).
  • Agents page with Models, Skills, and Memory sub-tabs.

Other

  • agentMap moved to agents.tsx; i18n updates; Models page refactored.

What is the purpose of this pull request?

  • Bug fix
  • New Feature
  • Documentation update
  • Other

@4pmtong 4pmtong marked this pull request as draft February 11, 2026 06:33
@4pmtong 4pmtong changed the base branch from skill_upload_prototype to main February 11, 2026 08:12
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 13, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 16, 2026
View reviewed changes
@4pmtong
feat(skills): example skills no delete, agents tab reorder, SkillTool…
1869f73 
…kit for new worker, description overflow fix
@4pmtong 4pmtong marked this pull request as ready for review February 16, 2026 07:24
@4pmtong 4pmtong changed the title WIP: Feat skills Feat skills Feb 16, 2026
4pmtong and others added 3 commits February 16, 2026 15:30
@4pmtong @github-advanced-security
Potential fix for code scanning alert no. 103: Incomplete string esca…
93ee3da 
…ping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@4pmtong
fix: apply ruff lint and format fixes
55ed0f9
@4pmtong
fix: apply ruff lint and format fixes
40a1805
@Pakchoioioi Pakchoioioi linked an issue Feb 16, 2026 that may be closed by this pull request
[Feature Request] support agent skills #908
Closed
Wendong-Fan
Wendong-Fan reviewed Feb 18, 2026
View reviewed changes
backend/app/service/chat_service.py Outdated
options.project_id,
key,
working_directory=working_directory,
user_id=options.user_id,
Copy link
Contributor

@Wendong-Fan Wendong-Fan Feb 18, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

options.user_id may not match the folder key used by the Electron skills config, which is derived from the email prefix. If they differ, enabled state and agent scope may appear saved in UI but not apply at runtime

Wendong-Fan
Wendong-Fan reviewed Feb 18, 2026
View reviewed changes
electron/main/index.ts

ipcMain.handle('skill-read', async (_event, filePath: string) => {
try {
const fullPath = path.isAbsolute(filePath)
Copy link
Contributor

@Wendong-Fan Wendong-Fan Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we limit this read target to SKILLS_ROOT. Accepting an absolute path from renderer can read files outside the skills folder. The same guard would also help skill write, delete, and list.

Wendong-Fan
Wendong-Fan reviewed Feb 18, 2026
View reviewed changes
electron/main/index.ts Outdated
const directory = await unzipper.Open.file(zipPath);
for (const file of directory.files as any[]) {
if (file.type === 'Directory') continue;
const destPath = path.join(tempDir, file.path);
Copy link
Contributor

@Wendong-Fan Wendong-Fan Feb 18, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better add a path boundary check before writing this entry? A crafted zip entry path can include parent traversal segments and escape tempDir, so validating that the resolved destination stays inside tempDir would close this gap.

@Wendong-Fan Wendong-Fan added this to the Sprint 15 milestone Feb 18, 2026
@Wendong-Fan Wendong-Fan mentioned this pull request Feb 18, 2026
Merged
@Wendong-Fan Wendong-Fan merged commit a23c30d into main Feb 18, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Wendong-Fan Wendong-Fan Wendong-Fan left review comments

@fengju0213 fengju0213 Awaiting requested review from fengju0213

Assignees

@4pmtong 4pmtong

Labels

None yet

Projects

None yet

Milestone

Sprint 15

Development

Successfully merging this pull request may close these issues.

[Feature Request] support agent skills

4 participants

@4pmtong @Wendong-Fan @Pakchoioioi @Douglasymlai