feat(agent): playground build kit (default agent config)

[mmabrouk]

Context

When a user opens the playground to build a new agent, the assistant needs authoring scaffolding: the platform ops (find capabilities, commit a revision, etc.), the Agenta getting-started skill, and elevated sandbox permissions so it can write and execute files. That scaffolding is a build aid, not the user's app. The committed agent must carry only what the user authored.

Previously build_agent_v0_default() baked these into the published default, so every deployed agent shipped with platform tools and sandbox elevation baked in. This PR fixes that by separating "what the playground injects for a build run" from "what gets committed."

Design: docs/design/agent-workflows/projects/default-agent-config/design.md

Changes

The backend now builds a read-only agent-template overlay and attaches it to the inspect response. The frontend merges it onto parameters.agent only for a playground run, and leaves it out when committing.

Before: build_agent_v0_default() returned a default that included platform tools, the authoring skill, and sandbox elevation. Every inspect response returned that enriched default. The commit path had to strip it out manually (or didn't, and it leaked in).

After: build_agent_v0_default() is bare. fetch_simple_application attaches additional_context.playground_build_kit.agent_template_overlay to the response. The frontend's applyBuildKitOverlay does a deep-merge of the overlay into the run config. The commit reads only persisted entity parameters, so the overlay is excluded for free.

The overlay shape:

{
  "tools": [
    { "type": "platform", "op": "<op_name>" },
    { "@ag.embed": { "@ag.references": { "workflow": { "slug": "__ag__..." } } } }
  ],
  "skills": [{ "@ag.embed": { "@ag.references": { "workflow": { "slug": "__ag__getting_started_with_agenta" } } } }],
  "sandbox": { "permissions": { "write_files": "allow", "execute_code": "allow" } }
}

Key files:

• api/oss/src/apis/fastapi/applications/overlay.py (new) — build_agent_template_overlay() assembles the overlay from PLATFORM_OPS + reserved static workflow slugs + the authoring skill slug.
• api/oss/src/apis/fastapi/applications/router.py — fetch_simple_application attaches the overlay; create/edit/commit paths do not.
• services/oss/src/agent/schemas.py — reverted build_agent_v0_default() to bare (no platform tools, no skills, no sandbox elevation).
• web/packages/agenta-playground/src/state/execution/agentRequest.ts — applyBuildKitOverlay (deep-merge objects, identity-merge lists), called in buildAgentRequest only when the kit is enabled.
• web/packages/agenta-entity-ui/.../AgentTemplateControl.tsx — read-only "Playground build kit" panel with an enable/disable toggle and "Removed on commit" tag.

Out of scope: collapsible advanced-drawer sections (Change 1 from the design) — ships separately.

Scope / risk

The overlay is computed fresh on every inspect call from static sources (PLATFORM_OPS, _STATIC_WORKFLOWS, the getting-started slug). It is never stored. A stale catalog entry would show in the overlay without affecting committed revisions.

The merge in applyBuildKitOverlay is shallow for top-level keys and identity-merge for lists. That means the overlay's tools list replaces (not appends to) a run's tools if the overlay is applied. Review whether deep-merge vs. replace is the right semantic for tools in edge cases where the user has also configured tools.

The frontend toggle (buildKitEnabled) defaults on. There is no server-side flag; disabling it is a client session state.

Tests

• api/oss/tests/pytest/unit/applications/test_build_kit_overlay.py (new): overlay builder shape; inspect response carries additional_context.playground_build_kit.
• services/oss/tests/pytest/unit/agent/test_default_agent_template.py: published default is bare across builtin, inspect schema, and catalog.
• web/packages/agenta-playground/tests/unit/agentRequest.test.ts: kit-on merges overlay, kit-off sends bare config, commit excludes the kit, applier never mutates the input.

Codex-reported results: API overlay test 3/3, services default-agent test 5/5, playground vitest 148/148. Not independently re-run in CI on this branch yet.

How to QA

Prerequisites: local dev stack (run.sh --oss --dev or --ee --dev).

Steps:

1. Open the Playground for any agent app.
2. Open the "Advanced" drawer. Confirm a "Playground build kit" section appears with tools and a skill listed, and a "Removed on commit" tag.
3. Run the agent. Confirm the run request (check network) includes the platform tools and skill from the overlay.
4. Click "Commit". Inspect the commit payload. Confirm it does not include the overlay tools or skill.
5. Toggle the build kit off. Run again. Confirm the overlay is absent from the run request.

Expected result: Overlay present on run, absent on commit. Toggle removes it from runs.

Automated tests:

cd api && uv run python -m pytest oss/tests/pytest/unit/applications/test_build_kit_overlay.py -v
cd services && uv run python -m pytest oss/tests/pytest/unit/agent/test_default_agent_template.py -v
cd web && pnpm --filter @agenta/playground test -- --run agentRequest

Edge cases: If the user has manually configured tools on their agent before the overlay merges, check that the commit writes only the user-configured tools and not the overlay tools.

https://claude.ai/code/session_01GYo3UEfvsZpncagqb28Mbc

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agenta-documentation	Ready	Preview, Comment	Jun 29, 2026 4:55pm

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: bf733020-a613-4e73-b28c-b8a5a90b9377

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Introduces a server-generated "Playground Build Kit" agent template overlay returned in SimpleApplicationResponse.additional_context. The overlay includes platform tools, reserved static workflow embeds, a getting-started skill, and sandbox permissions. Frontend state atoms expose this overlay per revision; buildAgentRequest conditionally deep-merges it into invoke parameters; AgentTemplateControl renders a read-only overlay panel. The service's bare agent default is simultaneously stripped of the formerly injected authoring extras.

Changes

Playground Build Kit Overlay

Layer / File(s)	Summary
API models and overlay builder api/oss/src/apis/fastapi/applications/models.py, api/oss/src/apis/fastapi/applications/overlay.py	Adds PlaygroundBuildKitContext and SimpleApplicationAdditionalContext Pydantic models and extends SimpleApplicationResponse with additional_context. Implements build_agent_template_overlay() with internal helpers to compute reserved static workflow slugs and assemble the overlay dict (platform tools, embedded static workflows, getting-started skill, sandbox permissions).
Router wiring and service default simplification api/oss/src/apis/fastapi/applications/router.py, services/oss/src/agent/schemas.py	fetch_simple_application conditionally populates additional_context via build_agent_template_overlay(). The agent service schema default is reduced to a bare build_agent_v0_default(), removing the previously injected skill slug and sandbox permission.
Frontend state atoms and API type web/packages/agenta-entities/src/workflow/api/api.ts, web/packages/agenta-entities/src/workflow/state/store.ts, web/packages/agenta-entities/src/workflow/state/index.ts, web/packages/agenta-entities/src/workflow/index.ts, web/packages/agenta-entities/src/workflow/state/commit.ts	Extends InspectWorkflowResponse.additional_context with playground_build_kit typing. Adds workflowAgentTemplateOverlayAtomFamily (derives overlay from inspect response) and workflowBuildKitEnabledAtomFamily (default-enabled boolean per revision). Re-exports both atoms and AgentTemplate type through barrel files; adds documentation comments to prepareCommitParameters.
Build kit overlay merge in agent request web/packages/agenta-playground/src/state/execution/agentRequest.ts, web/packages/agenta-playground/src/state/execution/index.ts, web/packages/agenta-playground/src/state/index.ts	Adds applyBuildKitOverlay with deep-merge and identity-based list-merge helpers for tools/skills/mcps. buildAgentRequest reads the enabled flag and overlay atom, applies withBuildKitOverlay before pruning blank entries. applyBuildKitOverlay is exported through the execution and state barrel files.
AgentTemplateControl build kit panel and override indicators web/packages/agenta-entity-ui/src/DrillInView/SchemaControls/AgentTemplateControl.tsx	Adds ReadOnlyItemRow, overlay helper predicates and descriptors, derives overlay tools/skills/sandbox permissions from workflowAgentTemplateOverlayAtomFamily, and renders a collapsible "Playground build kit" panel in Advanced with a toggle. Wraps SandboxPermissionControl with a warning indicator when build kit permissions override user values.
Tests api/oss/tests/pytest/unit/applications/test_build_kit_overlay.py, services/oss/tests/pytest/unit/agent/test_default_agent_template.py, web/packages/agenta-playground/tests/unit/agentRequest.test.ts	Adds pytest tests for build_agent_template_overlay contents and fetch_simple_application additional context. Updates service default tests to assert bare template and absent authoring fields. Extends agentRequest unit tests for overlay apply/merge/immutability and disabled-kit behavior.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant SimpleApplicationsRouter
  participant build_agent_template_overlay
  participant Frontend State
  participant buildAgentRequest

  Client->>SimpleApplicationsRouter: GET /simple-application
  SimpleApplicationsRouter->>build_agent_template_overlay: call
  build_agent_template_overlay-->>SimpleApplicationsRouter: overlay dict
  SimpleApplicationsRouter-->>Client: SimpleApplicationResponse{additional_context: {playground_build_kit: {agent_template_overlay}}}
  Client->>Frontend State: store inspect response
  Frontend State->>Frontend State: workflowAgentTemplateOverlayAtomFamily derives overlay
  Client->>buildAgentRequest: invoke
  buildAgentRequest->>Frontend State: read workflowBuildKitEnabledAtomFamily
  buildAgentRequest->>Frontend State: read workflowAgentTemplateOverlayAtomFamily
  buildAgentRequest->>buildAgentRequest: applyBuildKitOverlay(config, overlay)
  buildAgentRequest-->>Client: merged parameters for /invoke

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Agenta-AI/agenta#4830: Modifies the /inspect response contract in InspectWorkflowResponse and related store atoms—this PR's additional_context.playground_build_kit extension builds on that same contract.
• Agenta-AI/agenta#4881: Heavily refactors AgentTemplateControl.tsx Advanced/config UI sections—this PR adds the "Playground build kit" overlay panel in the same component and Advanced area.
• Agenta-AI/agenta#4904: Modifies buildAgentRequest in agentRequest.ts—this PR also modifies that function to inject build kit overlay merging into the parameters construction.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 60.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is concise and matches the main change: adding a playground build kit for the default agent config.
Description check	✅ Passed	The description accurately explains the build-kit overlay, backend/frontend split, and bare default agent changes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/build-kit-4917-v2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[mmabrouk]

🤖 The AI agent says: @Agenta-AI please review — DRAFT, do not merge.

Specific feedback wanted:

1. Inspect contract placement — is additional_context.playground_build_kit.agent_template_overlay on SimpleApplicationResponse the right home (vs. application.data / application.meta)? This is the load-bearing decision in the design.
2. Overlay builder (api/oss/src/apis/fastapi/applications/overlay.py) — does iterating PLATFORM_OPS + reserved-slug static workflows, and embedding the authoring skill via @ag.embed, match the intended sources? Confirm the embed shapes match _ToolEmbedRefSchema / _SkillEmbedRefSchema.
3. Frontend applier (applyBuildKitOverlay in agentRequest.ts) — verify the deep-merge (objects) / identity-merge (lists by op/slug/name) is correct and that it only touches the throwaway run copy, never the draft or commit tree.
4. Bare published default — reverting the schemas.py enrichment touches the skills project's surface; confirm this is acceptable (design open question dashboard setup #1).

Implemented by Codex (gpt-5.5, xhigh). Change 1 (collapsible drawer sections) intentionally excluded.

[mmabrouk]

🤖 The AI agent says:

What to review on this PR:

1. Merge semantics in applyBuildKitOverlay (agentRequest.ts). The overlay's tools list is identity-merged (replace, not append). If a user has manually configured tools and the kit is on, the overlay's tools replace theirs. Is replace the right semantic, or should the overlay append to the user's tools?

2. overlay.py — which static workflows become tools vs. skills. The filter is is_skill == False on the flags. Confirm this correctly excludes skill entries (like agenta-getting-started) and includes only workflow tools. Any new static workflow entry added later will silently appear in every agent's overlay.

3. Commit-path exclusion. The PR claims the overlay is excluded from commits for free because the commit reads only persisted entity parameters. Verify in web/packages/agenta-entities/src/workflow/state/commit.ts that there is no path that could accidentally serialize the overlay into the committed payload.

4. buildKitEnabled toggle is client session state, not persisted. Confirm the intent: a page refresh will re-enable the kit even if the user toggled it off. Is that acceptable?

[mmabrouk]

🤖 The AI agent says: 📄 Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Model agent_template_overlay explicitly instead of using dict.

This is now a backend/frontend contract, but Optional[dict] leaves the OpenAPI schema and runtime validation opaque. Please promote the overlay shape into concrete Pydantic models (or typed submodels for tools, skills, and sandbox) so downstream clients get a stable contract. As per coding guidelines, "Define explicit request and response models in models.py."

[mmabrouk]

My guess here is that this is a subset of parameters.agent. not sure how we can specify it, if possible why not, obviously in a way that uses the paramters.agent so that we dont need to change both each time

[mmabrouk]

🤖 The AI agent says: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Tighten the reserved-workflow filter.

This currently appends reserved slugs even when retrieve_revision() returns None or revision.flags is missing. The expected overlay only includes confirmed non-skill static workflows, so this can leak invalid tool embeds into the playground.

         revision = catalog.retrieve_revision(slug=slug)
-        if revision and revision.flags and revision.flags.is_skill:
+        if not revision or not revision.flags or revision.flags.is_skill:
             continue
         slugs.append(slug)

[mmabrouk]

🤖 The AI agent says: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Don't let build-kit synthesis blank the whole fetch response.

fetch_simple_application() is wrapped in @suppress_exceptions(default=SimpleApplicationResponse()). If build_agent_template_overlay() raises, this path now returns an empty 200 response instead of the fetched application. Build the overlay behind a local try/except and fall back to additional_context=None so the inspect path still works. As per path instructions, use @suppress_exceptions(...) only for controlled defaults.

[mmabrouk]

🤖 The AI agent says: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Include overlay-added permissions in the override list.

The key in userPermissions guard drops permissions that the build kit adds on top of the draft. In the common write_files/new-network-key case, the warning next to SandboxPermissionControl under-reports the effective playground permissions.

 function overriddenPermissionKeys(
     userPermissions: Record<string, unknown> | null | undefined,
     overlayPermissions: Record<string, unknown> | null | undefined,
 ): string[] {
-    if (!userPermissions || !overlayPermissions) return []
+    if (!overlayPermissions) return []
     return Object.entries(overlayPermissions)
-        .filter(([key, overlayValue]) => {
-            if (!(key in userPermissions)) return false
-            return stableString(userPermissions[key]) !== stableString(overlayValue)
-        })
+        .filter(
+            ([key, overlayValue]) =>
+                stableString(userPermissions?.[key]) !== stableString(overlayValue),
+        )
         .map(([key]) => key)
 }

[mmabrouk]

🤖 The AI agent says: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Cancel won't restore the build-kit toggle.

buildKitEnabled now lives outside the config snapshot, but cancelSection() only rolls back value. In drawer layouts, toggling this switch and pressing Cancel still changes later playground runs.

+    const buildKitSnapshot = useRef<boolean | null>(null)
+
     const openSectionDrawer = useCallback(
         (key: "model-harness" | "advanced") => {
             sectionSnapshot.current = value ?? {}
+            buildKitSnapshot.current = key === "advanced" ? buildKitEnabled : null
             setOpenSection(key)
         },
-        [value],
+        [value, buildKitEnabled],
     )
     const cancelSection = useCallback(() => {
         if (sectionSnapshot.current) onChange(sectionSnapshot.current)
+        if (openSection === "advanced" && buildKitSnapshot.current != null) {
+            setBuildKitEnabled(buildKitSnapshot.current)
+        }
         setOpenSection(null)
-    }, [onChange])
+    }, [onChange, openSection, setBuildKitEnabled])

[mmabrouk]

🤖 The AI agent says: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Move the switch out of the header button.

Switch is an interactive control, so nesting it inside the clickable <button> creates invalid interactive content and can break keyboard/focus handling. Keep the header toggle and the switch as separate controls.

[mmabrouk]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

web/packages/agenta-playground/tests/unit/agentRequest.test.ts (1)

285-305: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Exercise the actual commit serialization path here.

This only proves buildAgentRequest() leaves the configuration atom untouched. It would still pass if the commit serializer later started merging the overlay, which is the regression this test name claims to guard against. A commit-path assertion should read through the same selector/helper that web/packages/agenta-entities/src/workflow/state/commit.ts uses.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: d66d4d68-f4bd-4025-b2f9-7adffbb914f2

📥 Commits

Reviewing files that changed from the base of the PR and between be5bd45 and a2d4cd1.

📒 Files selected for processing (16)

• api/oss/src/apis/fastapi/applications/models.py
• api/oss/src/apis/fastapi/applications/overlay.py
• api/oss/src/apis/fastapi/applications/router.py
• api/oss/tests/pytest/unit/applications/test_build_kit_overlay.py
• services/oss/src/agent/schemas.py
• services/oss/tests/pytest/unit/agent/test_default_agent_template.py
• web/packages/agenta-entities/src/workflow/api/api.ts
• web/packages/agenta-entities/src/workflow/index.ts
• web/packages/agenta-entities/src/workflow/state/commit.ts
• web/packages/agenta-entities/src/workflow/state/index.ts
• web/packages/agenta-entities/src/workflow/state/store.ts
• web/packages/agenta-entity-ui/src/DrillInView/SchemaControls/AgentTemplateControl.tsx
• web/packages/agenta-playground/src/state/execution/agentRequest.ts
• web/packages/agenta-playground/src/state/execution/index.ts
• web/packages/agenta-playground/src/state/index.ts
• web/packages/agenta-playground/tests/unit/agentRequest.test.ts

[coderabbitai]

🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

ast-grep outline web/packages/agenta-entities/src/workflow/api/api.ts --view expanded

rg -n -C4 'inspectWorkflow|safeParseWithLogging|additional_context|playground_build_kit|agent_template_overlay' \
  web/packages/agenta-entities/src/workflow/api/api.ts \
  web/packages/agenta-entities/src/workflow/state/store.ts

Repository: Agenta-AI/agenta

Length of output: 27225

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

sed -n '1,220p' web/packages/agenta-entities/src/workflow/api/api.ts
printf '\n--- SNIP ---\n'
sed -n '220,560p' web/packages/agenta-entities/src/workflow/api/api.ts
printf '\n--- SNIP ---\n'
sed -n '560,620p' web/packages/agenta-entities/src/workflow/api/api.ts

Repository: Agenta-AI/agenta

Length of output: 21474

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

sed -n '469,560p' web/packages/agenta-entities/src/workflow/api/api.ts
printf '\n--- SCHEMA ---\n'
sed -n '1,220p' web/packages/agenta-entities/src/workflow/schema.ts

Repository: Agenta-AI/agenta

Length of output: 3073

---

Validate the inspect response before returning it. inspectWorkflow returns raw response.data, so additional_context.playground_build_kit.agent_template_overlay can reach workflowAgentTemplateOverlayAtomFamily without local schema validation; wrap this in safeParseWithLogging first.

Source: Coding guidelines

[coderabbitai]

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Apply the overlay to bare agent templates too.

withAgentRunDefaults() already supports both {agent: ...} and bare templates, but this helper no-ops unless parameters.agent exists. That skips the build kit entirely for the bare-template shape this file already handles, which is risky now that the backend default was reverted to a bare template. Based on PR objectives, the bare default is part of this rollout.

Proposed fix

 const withBuildKitOverlay = (
     parameters: Record<string, unknown>,
     overlay: AgentTemplate | null,
     enabled: boolean,
 ): Record<string, unknown> => {
-    if (!enabled || !overlay || !isRecord(parameters.agent)) return parameters
-    return {
-        ...parameters,
-        agent: applyBuildKitOverlay(parameters.agent as AgentTemplate, overlay),
-    }
+    if (!enabled || !overlay) return parameters
+    if (isRecord(parameters.agent)) {
+        return {
+            ...parameters,
+            agent: applyBuildKitOverlay(parameters.agent as AgentTemplate, overlay),
+        }
+    }
+    return applyBuildKitOverlay(parameters as AgentTemplate, overlay) as Record<string, unknown>
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const withBuildKitOverlay = (
	parameters: Record<string, unknown>,
	overlay: AgentTemplate | null,
	enabled: boolean,
	): Record<string, unknown> => {
	if (!enabled || !overlay || !isRecord(parameters.agent)) return parameters
	return {
	...parameters,
	agent: applyBuildKitOverlay(parameters.agent as AgentTemplate, overlay),
	}
	const withBuildKitOverlay = (
	parameters: Record<string, unknown>,
	overlay: AgentTemplate | null,
	enabled: boolean,
	): Record<string, unknown> => {
	if (!enabled || !overlay) return parameters
	if (isRecord(parameters.agent)) {
	return {
	...parameters,
	agent: applyBuildKitOverlay(parameters.agent as AgentTemplate, overlay),
	}
	}
	return applyBuildKitOverlay(parameters as AgentTemplate, overlay) as Record<string, unknown>
	}