Kilo Unified User - Multi Profile Support

[catrielmuller]

Context

This PR refactors the Kilocode authentication and user resolution system to support multiple Kilocode provider profiles seamlessly. Previously, the system had several critical issues:

1. Authentication Override Bug: When users authenticated via the vscode:// URL handler (device auth flow), the system would override ALL Kilocode provider profiles with the new authentication token, losing existing profile configurations.

2. Single Profile Limitation: The organization selector and API requests only worked with the currently active profile, making it impossible to view or manage organizations for other Kilocode profiles without switching the active profile first.

3. Scattered User Resolution Logic: User authentication and token resolution logic was duplicated across multiple files, making it difficult to maintain consistent behavior.

Implementation

Core Changes

1. Centralized User Resolution (src/core/kilocode/kilo-user-resolver.ts)

   • Created a unified resolution system with clear priority rules:
     1. Active profile if it's a Kilocode provider with valid token
     2. First Kilocode provider found in profiles list
     3. Fallback to unauthenticated state
   • Provides three resolution functions:
     • resolveKiloUserProfile(): Returns full profile context
     • resolveKiloUserToken(): Returns just the token
     • resolveKiloUser(): Returns user identity for telemetry

2. Dedicated Kilo User Handler (src/core/kilocode/webview/kiloUserHandler.ts)

   • Extracted all Kilocode-specific API handlers from the main webview message handler
   • Supports both specific profile requests and global resolution
   • Handles:
     • Profile data fetching (with organization auto-switch logic)
     • Balance data requests
     • Credit purchases
     • Notifications
   • Properly scopes organization validation and auto-switch to active profile only

3. Enhanced Organization Selector (webview-ui/src/components/kilocode/common/OrganizationSelector.tsx)

   • Now supports two modes:
     • Global mode: Works with the active profile (default behavior)
     • Controlled mode: Can work with any specific profile via props
   • Properly filters responses by profile name to prevent cross-profile data contamination
   • Enables viewing and managing organizations for any Kilocode profile

4. Type-Safe User Identity (packages/types/src/kilocode/kilo-user.ts)

   • New KiloUser interface for consistent user representation
   • Tracks authentication source and profile name
   • Used for telemetry identity across the extension

Bug Fixes

Authentication Override Prevention:

• Device auth flow now properly creates/updates only the intended profile
• Existing profiles remain untouched during authentication
• Token resolution respects profile boundaries

Multi-Profile Support:

• Organization selector can now display organizations for any profile
• API requests can target specific profiles via profileName parameter
• Profile switching no longer required to view organization data

Code Organization:

• Removed 400+ lines of duplicated logic from webviewMessageHandler.ts
• Consolidated Kilocode-specific handlers into dedicated module
• Simplified extension initialization by using centralized resolution

Screenshots

How to Test

Test Multi-Profile Authentication

1. Create two Kilocode provider profiles (Profile A and Profile B)
2. Authenticate Profile A via device auth flow
3. Switch to Profile B and authenticate it
4. Verify Profile A still has its original token and organization settings
5. Switch back to Profile A and confirm it still works correctly

Test Organization Selector

1. Create a Kilocode profile with access to multiple organizations
2. Open the profile settings page
3. Verify the organization selector displays all available organizations
4. Switch to a different profile (non-Kilocode or different Kilocode account)
5. Return to the first profile's settings
6. Confirm the organization selector still shows the correct organizations

Test Global User Resolution

1. Create multiple Kilocode profiles
2. Set one as active
3. Open a new task - verify telemetry uses the active profile's user
4. Switch active profile to a non-Kilocode provider
5. Verify telemetry falls back to the first Kilocode profile found
6. Remove all Kilocode profiles
7. Verify telemetry falls back to machine ID

[changeset-bot]

🦋 Changeset detected

Latest commit: f9093ae

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
kilo-code	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[kiloconnect]

✅ No Issues Found

19 files reviewed | Confidence: 92% | Recommendation: Merge

Review Details

Files Reviewed:

• packages/types/src/kilocode/kilo-user.ts (new)
• packages/types/src/index.ts (exports)
• src/core/kilocode/kilo-user-resolver.ts (new)
• src/core/kilocode/webview/kiloUserHandler.ts (new)
• src/core/kilocode/__tests__/kilo-user-resolver.spec.ts (new)
• webview-ui/src/components/kilocode/common/OrganizationSelector.tsx (modified)
• webview-ui/src/utils/kilocode/useKiloIdentity.tsx (simplified)
• src/core/webview/ClineProvider.ts (modified)
• src/core/webview/webviewMessageHandler.ts (refactored)
• src/extension.ts (updated import)
• webview-ui/src/App.tsx (modified)
• src/shared/ExtensionMessage.ts (added kiloUser to state)
• src/shared/WebviewMessage.ts (added profileName)

Architecture Assessment:

• ✅ Clean separation of concerns with centralized user resolution
• ✅ Proper priority-based resolution (active profile → first kilocode profile → unauthenticated)
• ✅ Profile filtering in OrganizationSelector prevents cross-profile data contamination
• ✅ Comprehensive test coverage for resolver functions
• ✅ Backward compatible - existing functionality preserved

Security Check:

• ✅ Token handling remains secure (tokens not exposed in KiloUser interface)
• ✅ Profile context properly scoped to prevent auth override bugs
• ✅ No sensitive data leakage in new types

Code Quality:

• ✅ Well-documented with clear JSDoc comments
• ✅ Proper TypeScript typing throughout
• ✅ Error handling with fallback to EMPTY_KILO_USER
• ✅ useCallback with proper dependencies in OrganizationSelector

Checked: Security, bugs, performance, error handling, type safety

---

Summary

This PR successfully addresses the three issues outlined:

1. Authentication Override Bug - Fixed by adding profileName parameter to requests and only performing organization validation for the active profile

2. Single Profile Limitation - OrganizationSelector now supports controlled mode with apiConfiguration, profileName, and onChange props

3. Scattered User Resolution Logic - Consolidated into kilo-user-resolver.ts with three clean exported functions

The refactoring is well-executed with proper test coverage. The code follows established patterns in the codebase and maintains backward compatibility.

[kiloconnect]

✅ No New Issues

Incremental review of commit f9093ae (test fix since previous review).

The new commit properly updates the test mocks in webviewMessageHandler.autoSwitch.spec.ts to align with the refactored code that now uses resolveGlobalProfile. Changes include:

• Added listConfig mock to mockProviderSettingsManager (required by the new profile resolution logic)
• Updated getProfile mock to return proper kilocode profile structure with apiProvider, kilocodeToken, and kilocodeOrganizationId
• Added specific mock for the "already has organization selected" test case to properly simulate existing organization state

These test fixes are correct and necessary for the refactored architecture.

Review Details

Files Changed Since Last Review:

• src/core/webview/__tests__/webviewMessageHandler.autoSwitch.spec.ts (test fixes)

Verified:

• ✅ Test mocks correctly match the new resolveGlobalProfile function signature
• ✅ Mock data structure aligns with ProfileContext interface
• ✅ Test assertions remain valid for the refactored behavior