Introduce a new prompt "protocol" separate from extras: add LoopData.protocol_temporary and protocol_persistent, include protocol contents before message history during prompt construction, and clear temporary protocol data each turn. Add helper _build_context_message to render protocol/extras, update response input conversion to include protocol, and move project instructions & active/loaded skills injection into protocol. Update docs, prompts, plugin metadata, the SkillsTool message, and add tests to verify protocol placement and behavior.
Release MCP config locks before awaited initialization or tool calls, isolate MCP session operations in disposable DeferredTask workers, and bound session cleanup so wedged transports cannot freeze later agent work.
Add deterministic MCP regression coverage for lock scope, config update initialization, cleanup timeouts, and isolated operation timeouts. Update the helper DOX contract for the new concurrency and cleanup behavior.
Remove agent profile scoping from the List Skills and Import Skills settings sections so skills are scoped only by project.
Move Scan Skills after Import Skills in both navigation metadata and rendered section order, and add an MCP-style search affordance to List Skills with filtered results and an empty search state.
Add a Settings > Skills scanner section and modal backed by Snyk Agent Scan-oriented checks and prompts. Wire uploaded skill zips from Import Skills into the scanner before import, and add a preparation API that extracts archives into temporary scan roots without installing or executing them.
Harden shared skill zip extraction against traversal, backslash paths, and symlink entries, and cover the new flow with focused scanner tests.
Default the WebUI Browser surface back to live CDP screencast while keeping snapshot/state transport as a fallback. Carry viewer transport through the WebSocket API and Browser store, use screencast metadata to avoid extra frame dimension decode, and include frame-chain action metadata in Browser content results. Update Browser prompts, skill guidance, DOX, and focused regressions so agent actions prefer DOM/CDP refs while the visible Browser remains responsive.
Validate call_subordinate profile arguments against available agent profiles so missing profiles fail as repairable errors. Persist each agent's profile in saved chats and avoid flattening existing subordinate profiles during profile switches, settings refresh, or restart reload.
Patch stale sentence-transformer embedding provider/model aliases at the _model_config read/build boundary so memory embeddings use the intended local HuggingFace provider without adding provider-specific logic to models.py.
Cover stale alias forms, the bare default alias, normal OpenAI embedding pass-through, and missing API-key detection with focused regression tests.
Create the .a0proj/skills directory during project metadata setup so Project Settings can open the skills folder for new projects. Repair the folder when loading existing project settings, and cover both creation and repair with regression tests.
Raises the Socket.IO heartbeat interval and timeout defaults so long context and prompt work do not trip python-engineio's empty packet queue timeout.
Adds positive-integer environment overrides and updates the runtime configuration regression test.
When compression hides an explicitly loaded skill body, reattach the current missing revision as a normal skills_tool history result under one fixed budget. Preserve skill name and revision metadata in automatic and manual compaction summaries without copying full skill bodies.
Move explicit skill loads out of per-turn prompt extras and into normal tool-result history, with revision metadata for duplicate detection. Duplicate load calls now omit the full body only when the same revision remains model-visible after history output assembly.
Buffer JSON/base64 connector_file_op_result chunks per pending file operation and resolve only after the complete result is assembled.
Validate malformed chunk metadata with a pending-operation error, while preserving the existing single-payload behavior for small file operations.
Reject document_query during parallel tool-call normalization before worker jobs are started. Add prompt guidance so the model avoids batching document_query, and update DOX plus regressions for the new sequential-only contract.
Add trigger frontmatter for browser automation and browser form workflow skills so relevant-skill recall surfaces them for rendered browsing, screenshots, host-browser, and form-heavy tasks. Update build-skill guidance to document trigger metadata and add regression coverage for parsing and ranking the browser skills.
Prefer explicit tool_name examples and first prompt headings when deriving native Responses function tool names, falling back to the prompt filename only when no callable name is declared.
Add regression coverage for code_execution_tool, memory_load, call_subordinate, behaviour_adjustment, and filename-only fallback, and document the contract in responses_tools DOX.
Add oMLX as a first-class local chat and embedding provider using the Docker-friendly host.docker.internal:8000/v1 default and LiteLLM hosted_vllm wiring. Mark it as a no-key local provider, include it in onboarding with a bundled logo, document Apple Silicon setup including paged SSD cache, and cover the provider defaults, model search behavior, and onboarding metadata with focused tests.
Add shipped local-provider defaults for LM Studio and Ollama so Dockerized Agent Zero can reach host-running services without manual api_base edits. Map host.docker.internal in the sample Compose file for Linux Docker, document the behavior, and cover the provider defaults and compose mapping with focused regression tests.
Keep the browser tool prompt as a compact callable contract and move detailed workflows into browser-automation, with fragile form guidance chained through browser-form-workflows. Add regression coverage for the skills_tool loading path, host browser setup hint, and prompt token ceiling.
Keep running parallel jobs alive when an await call reaches its timeout so agents can await the same job ids again instead of cancelling child work. Distinguish direct background tool workers from call_subordinate child chats so nested subordinate chats can use parallel normally while true worker recursion remains blocked. Update the parallel prompt, DOX notes, and regressions for non-destructive timeout and non-blocking collect semantics.
Hide A0 connector remote tool prompts unless a connected CLI advertises the matching capability. Remote file access enables text_editor_remote, F4-enabled remote execution enables code_execution_remote, and supported enabled Computer Use that is not in rearm-required state enables computer_use_remote.
Apply the same gate to Responses API function-tool generation, move the prompt hook to the active tool-prompt extension path, and update connector prompt wording, DOX, and regression coverage.
Verified with:
- conda run -n a0 pytest tests/test_a0_connector_prompt_gating.py tests/test_default_prompt_budget.py tests/test_responses_architecture.py -q
- document that parallel accepts full reply-shaped tool call objects and ignores planning-only fields
- steer prompt guidance toward one mixed batch for ready independent calls instead of splitting by tool type
- add normalization and prompt regression coverage plus matching DOX notes
- add a parallel wrapper and runtime for concurrent background tool calls
- run parallel call_subordinate jobs as child chats with visible subagent steps that match normal subordinate args
- render parallel child tool steps with normal tool-call args while keeping job handles in wrapper results and prompt extras
- group parallel child chats in the sidebar with persistent accordion and caret behavior
- add prompt, extension, DOX, and regression coverage
Limit LiteLLM module mutation to documented global switches such as drop_params, while preserving configured LiteLLM kwargs as per-call options. Avoid freezing global kwargs into provider defaults so runtime settings remain current, and extend focused tests for drop_params, additional_drop_params, and provider default behavior.
Wrap FastA2A agent card generation so Agent Zero advertises streaming support on A2A endpoints by default.
Add focused regression coverage for the agent-card capability rewrite and proxy wiring, and update the helper DOX profile for the new wrapper.
Make Telegram tool lifecycle hooks no-op for contexts that do not expose a raw data dict or do not carry the Telegram bot marker.
This keeps global tool extension dispatch safe for non-Telegram contexts, including Responses API tool-call regression tests, without changing behavior for real Telegram sessions.
Treat model-slot kwargs as provider-specific preset fields: applying a preset now replaces explicit kwargs and clears inherited kwargs when the preset omits them, while preserving durable tuning like context windows and rate limits.
Mirror the behavior in the WebUI preset merge helper and add regressions for Codex-like presets so unsupported parameters such as temperature cannot leak into Responses API providers.
Ensure native browser controls use the shared Rubik font token so Firefox no longer falls back to its UI font in form elements.\n\nImport Rubik on the login page and document the WebUI font contract, keeping mono aliases reserved for code and fixed-width data.
Teach the Responses fallback classifier to inspect status codes, wrapped exception types, and response bodies so LiteLLM NotFoundError wrappers that hide the /v1/responses URL still fall back to chat completions.
Keep rate-limit errors non-fallback and add a regression test for the OpenAIException detail-only 404 shape observed with providers that do not expose the Responses API.
Upgrade LiteLLM to 1.88.1 so Agent Zero is above the CVE-2026-42271 patched floor, and move the OpenAI SDK pin to 2.41.1 to satisfy LiteLLM's new dependency range.
Pin Starlette to the patched 1.0.1 release for the Host-header request.url.path advisory.
Fold requirements2.txt back into requirements.txt now that browser-use is no longer part of the repo dependency set, and update installer and setup docs to use a single requirements file.
Route Agent Zero turns through a LiteLLM transport layer that prefers the Responses API while preserving chat-completions fallback for providers without compatible endpoints.
Persist Responses metadata in history and agent state so provider-state continuation, local replay, native function-call execution, and stored-response cleanup survive normal chat workflows.
Normalize prompt caching by provider: OpenAI and Azure use prompt_cache_key and prompt_cache_retention, while Anthropic, Gemini, Bedrock, OpenRouter, and compatible chat providers keep block-level cache_control breakpoints and cached tool definitions.
Use the shared inline confirmation helper for configured MCP server removal and keep the delete icon neutral until confirmation.\n\nApply confirmed removals immediately, refresh server status from the apply response, guard against stale/double actions, and document the new MCP manager behavior.
Revamp the global and project MCP manager surfaces with list-first layout, clearer examples, a dedicated scanner modal, manager/raw toolbar parity, and local-command-first server creation.\n\nAdd server and tool search, plugin-style enable toggles, per-tool disabled_tools handling in the MCP backend, internal A0 MCP tool search, regression coverage, and updated DOX contracts.
Add project-scoped MCP server configuration with global/project merge semantics, a richer settings UI, and chat composer access. Introduce MCP config scanning plus project-aware status/detail/log/apply APIs while preserving the raw JSON editor. Strengthen MCP runtime handling for dotted tool names, timeouts, status accuracy, and project-aware tool execution, with focused regression coverage.
Add selectable workspace support to the Time Travel plugin and introduce normalized global LiteLLM configuration handling.
models.py: add DEFAULT_LITELLM_GLOBAL_KWARGS and helpers to normalize, load, apply, and merge LiteLLM global kwargs; call configure_litellm/set per-call merges in LiteLLM wrappers so framework defaults, configured globals, and per-call overrides combine correctly. Add tests to assert merging and runtime application.
plugins/_time_travel: update docs and plugin metadata to describe workdir/project selection. API handlers now accept workspace_id and a new history_workspaces endpoint lists selectable workspaces. helpers/time_travel: implement workspace listing, selection, and resolution logic (workdir/project options, availability/locking, default selection). UI: add workspace picker to time-travel panel, wire selection/load into time-travel store, pass workspace_id to API calls, and add click hook to open the panel. Update styles and refresh/load behavior accordingly.
Tests: extend tests for LiteLLM global kwargs merging and adapt stream test to expect merged params; add tests for selectable workspaces, default selection, and locked external workdir handling.
Add settings sidebar search with filtered section results and clear affordance. Decouple sidebar accordion expansion from the active section so groups can be opened or collapsed manually. Keep the settings menu/search column fixed while the content pane scrolls, and promote Backup & Restore to its own section under Self Update.
Add a core startup migration that refreshes /exe/self_update_manager.py from the repository copy when the installed runtime updater is missing the socket-safe backup and Desktop cleanup markers.
Validate the source updater before replacing anything, preserve the previous runtime script as a backup, and leave current or non-regular targets untouched. Add regression coverage for stale runtime replacement, safe no-op/refusal paths, and the real repository updater source.
Add comprehensive file-level DOX documentation across the repo and update directory AGENTS.md indexes. Many new `*.py.dox.md` files were added under api, helpers, tools, plugins, extensions, webui, and other dirs to document endpoint purpose, ownership, runtime contracts, work guidance, and verification. Several AGENTS.md files were created or updated (agents profiles, api, docker, extensions, helpers, plugins, skills, webui components, etc.) to list child DOX files and clarify documentation/work guidance. Also add example and bundled profile DOX files (agent0, default, developer, hacker, researcher) and minor updates to helpers/dirty_json.py and its tests. These changes improve on-disk documentation coverage and establish the convention that each direct runtime file should have a matching `*.dox.md` describing its contracts and verification steps.
Add direct directory navigation to the file browser path bar and preserve the current listing when typed paths fail.
Add a default-enabled setting to remember the last successful file browser directory, while keeping explicit open paths deterministic.
Move the Editor preview/source toggle into the left-side toolbar cluster so mode switching sits with editing controls. Add a dedicated right-side Save button and remove Save from the overflow menu, leaving the menu for rename and close actions. Cover the toolbar placement with a static regression test.
Open the Editor file browser from the active project context before falling back to the configured workdir. Keep manual Editor launches on the empty start page instead of auto-creating blank Markdown files, while preserving explicit Markdown creation from the empty state. Add static regression coverage for both behaviors.
Normalize active Remote Control URLs to same-origin values before adding them to CSRF allowlists, so Tailscale Funnel URLs with paths or trailing slashes can bootstrap tokens correctly.
Allow WebSocket origin validation to trust only the currently active Remote Control origin, including Docker split-process tunnel service URLs, while preserving rejection for unrelated external origins.
Add focused regression coverage for active Tailscale-style origins, tunnel-service origin lookup, and negative cross-origin cases; keep run_ui decorator re-exports compatible with existing CSRF tests.
Update the OAuth settings poller to wait for the provider interval, carry slow_down interval updates forward, and respect provider expiration times so GitHub Copilot device-code auth can complete after browser authorization.
Dispatch the legacy device-login endpoint by provider_id and add regressions plus DOX guidance for provider-aware device polling.
Move device-code, manual callback, and setup controls into the provider row that started the OAuth flow so pending state stays anchored to its provider.
Add static coverage and plugin DOX guidance for inline provider detail rendering.
Remove the static OAuth API-key placeholder from provider defaults and gate the runtime dummy key on provider connection status.
This keeps unconnected OAuth providers blank in API-key surfaces while preserving the local proxy shim for connected account-backed providers. Update OAuth docs and regressions for the new contract.