packages/kilo-vscode/docs/opencode-migration-plan.md
This extension is a ground-up rebuild of the old Kilo Code extension using Kilo CLI as the backend. Rather than migrating the old extension's codebase, we started fresh with a Solid.js webview, a CLI server manager, and a message-based protocol between extension host and webview. This new extension lives in the kilocode monorepo.
This document tracks remaining work needed for feature parity with the old extension. Each feature links to its detailed parity requirement doc. Features sourced from the GitHub project board include issue links.
| Feature | Remaining Work | Backend | Priority |
|---|---|---|---|
| Browser Session Controls | In-chat browser controls, action replay, screenshot viewing | CLI-side (if browser tool exists) + webview | P3 |
| Checkpoint & Task Management | Checkpoint restore UI, navigation, diff viewing, "See New Changes" buttons | CLI session undo/redo/fork + extension git integration | P1 |
| Mermaid Diagram Features | Mermaid rendering, "Fix with AI" button, copy, open-as-PNG | Webview-only (rendering); CLI for "Fix with AI" | P2 |
| Message Editing & Management | Inline editing, deletion, timestamp display, redo-previous-message (up-arrow) | CLI session fork/undo for edit semantics | P1 |
| Special Content Types | Copy button on error cards, dedicated MCP tool/resource rows, open-markdown-preview button | Mixed: CLI for MCP data; webview for rendering | P1 |
| Feature | Remaining Work | Backend | Priority |
|---|---|---|---|
| Authentication & Enterprise | Org feature flags, MDM policy enforcement | CLI handles its auth; extension handles org/MDM | P1 |
| Auto-Purge | Scheduled cleanup of old session/task storage | Extension-side (storage ownership TBD) | P3 |
| Cloud Task Support | Upload local sessions to cloud, real-time sync, conflict resolution | Kilo cloud API + CLI; extension provides UI | P2 |
| Code Reviews | Local review mode, automated AI review of uncommitted/branch changes | CLI (partial); extension for VS Code review UX | P2 |
| Codebase Indexing & Semantic Search | Vector indexing, semantic search, embeddings infrastructure | CLI has grep/glob endpoints; semantic indexing is extension or cloud | P2 |
| Contribution Tracking | AI attribution tracking, line fingerprinting, reporting | Extension-side | P3 |
| Custom Commands | Slash command system, project-level command discovery, YAML frontmatter support | CLI has custom commands; extension provides UI entry points | P2 |
| Marketplace | Catalog, install, update capabilities (toolbar button exists but renders a stub) | Extension-side | P2 |
| MCP & MCP Hub | MCP configuration UI (add/edit/delete servers), tool allowlisting | CLI owns MCP lifecycle; extension provides config UI | P1 |
| Repository Initialization | /init command support for setting up agentic engineering | CLI /init endpoint; extension provides UI trigger | P3 |
| Rules & Workflows | Workflow management UI (rules subtab exists, workflows subtab is a stub) | CLI owns rules runtime; extension provides management UI | P3 |
| Settings Sync | VS Code Settings Sync allowlist registration | Extension-side (VS Code API) | P3 |
| Settings UI | Terminal and Prompts tabs (show "Not implemented"), Workflows subtab stub | CLI exposes config; extension provides settings forms | P1 |
| Skills System | Skill execution, discovery, hot-reload (config UI for paths/URLs exists) | CLI has skills runtime; extension provides packaging/UI | P2 |
| Speech-to-Text | Voice input, streaming STT | Webview (mic capture); CLI-compatible STT optional | P3 |
The "Agent Behaviour" settings tab contains 5 sub-tabs in both the legacy and new extensions. The legacy tab was a combined 2800+ lines of UI; the new tab is ~820 lines. Each sub-tab has its own parity doc.
| Sub-Tab | Remaining Work | Priority |
|---|---|---|
| Modes / Agents | Core CRUD done (PR #7225). Remaining: when-to-use, system prompt preview, import/export, default variant, hidden/disable, org features | P2 |
| MCP Servers | Add/edit servers, restart, per-server timeout, expandable detail (tools/resources/logs/auth) | P2 |
| Rules & Workflows | Rules: description text, global/workspace separation, per-rule toggles, new file creation, auto-discovery. Workflows: entire sub-tab is a stub | P2/P3 |
| Skills | Minor gaps: project/global separation, mode badge per skill. Covered by Skills System | P2 |
Open issues from the GitHub project board not covered by the feature docs above. Each item has its own detailed doc.
| Feature | Remaining Work | Priority |
|---|---|---|
| Markdown Rendering Improvements | Add CSS for heading sizes, weights, spacing so headings look different from body text | P1 |
| Approval Box Missing Full Path | Always show full absolute path for out-of-workspace permission requests | P1 |
| Profile View Missing Back Button | Add back button to Profile view header matching Settings view pattern | P2 |
| Chat Input Overflow on Narrow Sidebar | Make chat input toolbar wrap when sidebar is too narrow | P2 |
| Feature | Remaining Work | Priority |
|---|---|---|
| File Attachments | Add non-image file attachment via button, drag-and-drop, or file picker | P2 |
| Task Completion Notification | VS Code toast when task completes or awaits input while panel is hidden | P2 |
| Remember Last Model Choice | Persist last-used model and pre-select it for new sessions | P2 |
| Expandable MCP Tools | Make MCP tool rows expandable to show inputs/outputs like regular tools | P2 |
| Session Preview Improvements | Evaluate showing first message snippet or improving title generation | P2 |
| Feature | Remaining Work | Priority |
|---|---|---|
| Pre-Release Switch CPU Spike | Fix race condition / process conflict when switching release ↔ pre-release | P0 |
| Extension View Doesn't Refresh on Update | Force webview reload when extension version changes | P1 |
| Propagate CLI Errors to UI | Surface CLI stderr errors in chat or as VS Code notifications | P1 |
| CLI Startup Errors | Detect CLI process exit before connection; show error with details and retry | P1 |
| Autocomplete Settings Link Broken | Fix "settings" link in autocomplete broken notice; fix missing default model | P1 |
| Feature | Remaining Work | Priority |
|---|---|---|
| Show Changelog on Update | Detect version change on activation and offer "What's New" notification | P3 |
| Publish to OpenVSX | Add ovsx publish step to CI/CD pipeline after VS Code Marketplace publish | P3 |
| HTTP Request Timeouts | Add timeouts to SDK calls (only health check has timeout currently) | P1 |
| VSCode Error Notifications | Error notifications for CLI start failure, SSE disconnect | P1 |
| Dedicated Output Channel | General "Kilo Code" output channel and centralized logging utility | P2 |
| Feature | Remaining Work | Priority |
|---|---|---|
| /init Pre-Commit Secret Check | Check for secret scanning hooks in /init; suggest adding one if missing | P2 |
| Plan Mode Over-Prompting | Fix Plan mode system prompt so agent stops repeatedly asking to implement | P1 |
| Architect Mode / Plan Files | Export plan as .md to /plans/ directory from Plan mode | P2 |
Before publishing this extension to the VS Code Marketplace or deploying to users, verify every item below.
KiloProvider._getHtmlForWebview() has several areas to audit:
style-src 'unsafe-inline' is broadly permissive — investigate whether nonce-based style loading is feasible now that kilo-ui styles are bundledconnect-src http://127.0.0.1:* http://localhost:* allows connections to any localhost port — tighten to the actual CLI server port once known at runtimeimg-src … https: allows images from any HTTPS origin — scope to ${webview.cspSource} data: unless external images are explicitly needed'wasm-unsafe-eval' in script-src was added for shiki — confirm it is still required and document the reasonws:// connections to any localhost port — same concern as connect-srcopenExternal URLs — The openExternal handler passes any URL from the webview directly to vscode.env.openExternal() with no allowlist or scheme check. Restrict to https: (and possibly vscode:) schemes, or allowlist specific hostschmod 0600. Evaluate whether VS Code's SecretStorage API should be used for extension-side secrets, and document the threat model for CLI-managed credentialsextension.test.ts). Add integration tests for: server lifecycle, SSE event routing, message send/receive, permission flow, session managementchmod-based credential protection on Windowsdist/webview.js size and verify the total .vsix package size is acceptable.vscodeignore review — Ensure only necessary files are included in the package (no docs/, src/, test artifacts, or development scripts)README.md, CHANGELOG.md, publisher name, extension icon, and package.json fields (displayName, description, categories, keywords, repository) are production-readyactivationEvents review — Confirm the extension only activates when needed (not *), to avoid impacting VS Code startup timeengines.vscode in package.json matches the minimum API features actually usedconsole.log mixed with other extensions (details). Create a dedicated "Kilo Code" output channel before productionconsole.log calls with emojis and debug detail exist in KiloProvider.ts. Gate behind a debug flag or move to the output channel at appropriate log levelsesbuild-plugin-solid. All webview components use Solid's reactive primitives (signals, createEffect, etc.).esbuild.js.vscode.Webview.postMessage() with typed messages defined in messages.ts. Provider hierarchy: ThemeProvider → DialogProvider → VSCodeProvider → ServerProvider → LanguageBridge → MarkedProvider → ProviderProvider → SessionProvider → DataBridge.@kilocode/kilo-ui for UI components. A DataBridge component in App.tsx adapts the session store to kilo-ui's DataProvider expected shape, enabling shared components like <KiloMessage> to work with the extension's data model.Task.ts or webviewMessageHandler.ts — the CLI server replaces the old in-process agent loop.