feat: mutlti root workspace support#1333
Conversation
🦋 Changeset detectedLatest commit: 59c4ea6 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8718f5bdd2
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
@faga295 Thanks a lot for putting this PR together! I was looking into the additionalDirectories feature and testing things out, and I noticed a couple of edge cases we might need to handle to fully align with the ACP specification https://agentclientprotocol.com/protocol/v1/session-setup#additional-workspace-roots. I found two specific requirements in the spec that might need a bit more enforcement in the current implementation:
I've actually experimented with a way to handle both of these! We could add a validateAdditionalDirectories helper and pass the resolved roots into AcpKaos . Something like this: Would you be open to incorporating something like this into your PR? I'd be happy to help out or submit a patch to your branch if that makes it easier. Thanks again for driving this feature! 🚀 |
|
@luckzylp Thanks a lot for your suggestions. You’re welcome to help fix this issue with us. I’ve granted you access to my fork repo, so feel free to push your changes there. |
|
@luckzylp For your second point, I’m not sure this is the right approach. Rather than passing |
- Add path-boundary module with resolveCanonicalPath, resolveCanonicalRoots and assertPathInRoots primitives - Inject effectiveRoots into AcpKaos to validate every file operation against canonical workspace roots - Add validateAdditionalDirectories to reject malformed additionalDirectories at session-init time - Wire canonical roots through newSession/loadSession/resumeSession lifecycle
|
@faga295 This is merely my understanding of the ACP specification. Updating the workspace scope in core is exactly what we are doing via However, we also must pass Because Therefore, injecting it into Currently, I have attempted to push the code directly to your repository (but failed). I have submitted a pull request to your repository and I sincerely welcome everyone to review and discuss. |
@luckzylp Since |
Remove the assertPathInRoots boundary checks from every AcpKaos file operation (stat, readText, writeText, etc.) and the associated resolveCanonicalRoots machinery. Keep the validateAdditionalDirectories function for input-level validation of the additionalDirectories parameter.
|
@faga295 That makes total sense, and I agree with your point. I did a quick look into how Claude Code and Codex handle this, and they both treat the ACP adapter as a thin protocol layer—delegating boundary enforcement entirely to the underlying Agent SDK/Runtime rather than doing path validation inside the adapter itself. Given this, introducing effectiveRoots into AcpKaos is indeed unnecessary. I'll make sure our implementation aligns with this by handling the workspace scope on the core/SDK side instead. I have updated the PR, and let me know if you have any further feedback! |
feat(acp-adapter): enforce path boundary for additionalDirectories
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 45e0462096
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| cwd: params.cwd, | ||
| sessionId: params.sessionId, | ||
| mcpServers: params.mcpServers, | ||
| additionalDirs, |
There was a problem hiding this comment.
Clear omitted ACP roots on resume
When an ACP client resumes or loads an already-cached session without sending additionalDirectories, this forwards undefined into the SDK. If the client also lacks ACP fs capabilities, KimiHarness.resumeSession returns the cached session without calling core, so any prior additionalDirs remain active even though the ACP additional-directories spec says omitted or empty on session/load/session/resume means the resulting additional-root list is []. That can leave old workspace roots available after a client intentionally resumes with none; pass an explicit empty array for load/resume when the field is absent.
Useful? React with 👍 / 👎.
| export function validateAdditionalDirectories( | ||
| dirs: unknown, | ||
| ): string[] | undefined { | ||
| if (dirs === undefined || dirs === null) return undefined; |
There was a problem hiding this comment.
Reject null additionalDirectories
This treats additionalDirectories: null as if the field were omitted, but the ACP field is only valid when absent or an array of non-empty absolute path strings; null is a present non-array value and should produce invalid_params. Accepting it silently makes malformed clients look successful and bypasses the validation this helper is meant to provide.
Useful? React with 👍 / 👎.
…ad/resume, reject null
… omitted additionalDirs
|
@faga295 I have submitted a pull request to fix these two review issues, and let me know if you have any further feedback! |
fix(acp-adapter): normalize omitted additionalDirectories to [] on lo…
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 661d7a15fc
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ae1f8506f6
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b2d8516f13
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
When an unauthenticated client sends session/load or session/resume with a malformed additionalDirectories value, this validation previously threw invalid_params before setupSessionFromExisting could run the existing auth gate. This changes the unauthenticated error to an auth_required error for these inputs.
|
@faga295 I have submitted a pull request to fix this review issue, and let me know if you have any further feedback! |
fix(acp-adapter): preserve auth_required before validating extra roots
|
Codex Review: Didn't find any major issues. Already looking forward to the next diff. Reviewed commit: ℹ️ About Codex in GitHubCodex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback". |
Related Issue
Resolve #(issue_number)
#1287
Problem
See linked issue
What changed
Implemented ACP multi-root workspace support for Zed and other ACP clients.
The adapter now advertises
sessionCapabilities.additionalDirectories, so clients know Kimi Code supports multi-root workspaces during initialize. It also maps ACP additionalDirectories to Kimi Code SDK/core additionalDirs forsession/new,session/load, andsession/resume.Checklist
gen-changesetsskill, or this PR needs no changeset.gen-docsskill, or this PR needs no doc update.