You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Marketplace project skill installation can surface raw filesystem errors instead of a stable Marketplace result. The shipped Skills Marketplace came from #7122, scoped from the original Marketplace implementation in #6882. Its installer kept timestamp-derived temporary paths and assumed that every project-scope request still had a workspace directory by the time it reached the filesystem layer.
Two paths reproduce the problem:
Open Marketplace for a project, then let the project context become unavailable or send a stale project-scope install request. Installing a skill reaches path.join() without a workspace directory and throws a raw path argument error.
Start two installs of the same project skill at nearly the same time, such as a repeated install action before the first request settles. Both requests can reuse the same millisecond-based tarball and staging paths. One request can rename or clean up files while the other still uses them, producing an intermittent filename, extraction, or rename error. Retrying later usually works because the timestamp changes.
This change makes project-scope Marketplace operations reject missing workspace context before touching paths, gives every skill install collision-safe staging and tarball paths, and reports the normal already-installed result when concurrent installs race for the final destination. It also tightens filesystem-backed Marketplace ids so unsafe path aliases cannot target an unintended skill or agent location.
The new commit (e6898387) stabilizes the shell-cancellation test in packages/opencode/test/session/prompt.test.ts. The fragile yield* Effect.sleep(50) race window is replaced with a deterministic waitFor("shell busy", ...) poll that waits until the session is actually in "busy" state before issuing the cancel. The SessionStatus.Service yield is hoisted above the fork so it is available at the right scope. This pattern is already used by at least four other tests in the same file (lines 1515, 1556, 1681, 1751), so it is consistent with the existing codebase. No bugs, resource leaks, or logic issues introduced.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
Marketplace project skill installation can surface raw filesystem errors instead of a stable Marketplace result. The shipped Skills Marketplace came from #7122, scoped from the original Marketplace implementation in #6882. Its installer kept timestamp-derived temporary paths and assumed that every project-scope request still had a workspace directory by the time it reached the filesystem layer.
Two paths reproduce the problem:
path.join()without a workspace directory and throws a raw path argument error.This change makes project-scope Marketplace operations reject missing workspace context before touching paths, gives every skill install collision-safe staging and tarball paths, and reports the normal already-installed result when concurrent installs race for the final destination. It also tightens filesystem-backed Marketplace ids so unsafe path aliases cannot target an unintended skill or agent location.