These are parent-side control-plane tools for managing background
subagents. Subagents themselves cannot launch background agents
(AGENT is already excluded), so they have no agent IDs to manage
natively, and exposing the tools only widens the surface for
cross-agent interference if an ID leaks via prompt or transcript.
The view hook used to filter the registry snapshot to running entries
only, so once the last background agent finished the pill disappeared
and the dialog became unreachable — final stats, prompt, and errors
were stranded for the rest of the session even though the registry
still held them. Expose every entry from the hook and let surfaces
that only care about live work do their own filtering. The pill stays
mounted whenever any entry exists and switches to a quieter "done"
label after the last agent terminates, so users can still open the
dialog to inspect final state.
Some OpenAI-compatible servers (notably sglang's deepseek-v4 jinja
template) crash on the array form of message content even when it
carries a single text block, with `TypeError: sequence item 0:
expected str instance, list found` at `encoding_dsv4.py:336`.
The DeepSeekOpenAICompatibleProvider already flattens content arrays
into joined strings in buildRequest, but isDeepSeekProvider only
matched on the official api.deepseek.com baseUrl. DeepSeek models
served behind sglang / vllm / ollama / etc. bypass the workaround
and hit the bug.
Extend the matcher to also detect by model name (case-insensitive
substring 'deepseek'), so any OpenAI-compatible endpoint serving a
DeepSeek model picks up the same content-format flattening.
Fixes#3613
Co-authored-by: wenshao <wenshao@U-K7F6PQY3-2157.local>
When --telemetry-outfile is configured, FileSpanExporter.serialize called
JSON.stringify directly on OTel ReadableSpan instances. The spans hold a
back-reference to BatchSpanProcessor (._shutdownOnce -> BindOnceFuture._that
-> BatchSpanProcessor), which forms a cycle and triggers
"TypeError: Converting circular structure to JSON" on every export. Combined
with DiagConsoleLogger, the error was repeatedly printed to stderr and
polluted the Ink TUI.
Switch FileExporter.serialize to the existing safeJsonStringify utility,
matching the upstream gemini-cli fix so future merges stay clean. Add a
focused regression test that mimics the BatchSpanProcessor cycle shape;
broader cycle behavior is already covered by safeJsonStringify.test.ts.
Co-authored-by: wenshao <wenshao@U-K7F6PQY3-2157.local>
* fix(core): preserve settings-sourced apiKey when registry model envKey is absent (#3417)
On restart, `applyResolvedModelDefaults` unconditionally cleared the
apiKey resolved from `settings.security.auth.apiKey` (layer 4 fallback)
and only read from `process.env[model.envKey]`. When the provider-specific
env var was absent (e.g. key stored only in settings), the correctly
resolved key was discarded, causing a 401 error.
Now capture the previously-resolved apiKey before clearing and fall back
to it when `process.env[model.envKey]` is empty, but only for safe source
kinds (`settings` and general `env` without `via.modelProviders`).
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(core): also preserve CLI-sourced apiKey during syncAfterAuthRefresh
Address review feedback: keys passed via CLI flags (e.g. --openaiApiKey)
were dropped on restart because source kind 'cli' was not in the
fallback allowlist. Add 'cli' to the condition and a regression test.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(core): move apiKey preservation from applyResolvedModelDefaults to syncAfterAuthRefresh
The previous fallback logic inside applyResolvedModelDefaults could leak
a settings/cli-sourced apiKey to a different provider when switching
models within the same authType (e.g. dashscope → openai). This is a
credential safety issue because the two providers may have different
baseUrls.
Move the save/restore logic to syncAfterAuthRefresh Step 1, guarded by
an `isUnchanged` check (same authType AND same modelId). This ensures:
- Restart scenario: apiKey preserved (same model, no change)
- Cross-provider switch: apiKey cleared (different modelId)
Also adds two cross-provider switch tests (settings-sourced and
CLI-sourced) per review feedback.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(core): replace non-null assertion with truthiness guard and add cold-start test
- Replace `savedApiKeySource!` with a truthiness guard for safer
source restoration
- Add test for cold-start scenario (previousAuthType undefined) to
verify no key preservation occurs on first syncAfterAuthRefresh
- Fix stale "short-circuit" comment in programmatic key test
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(core): detect provider config hot-reload in isUnchanged check
When a model provider config is hot-reloaded (e.g. via Coding Plan
update) changing envKey or baseUrl while keeping the same model id,
the save/restore logic must not preserve the old apiKey. Extend the
isUnchanged guard to compare apiKeyEnvKey and baseUrl against the
resolved model, but only after applyResolvedModelDefaults has run at
least once (apiKeyEnvKey !== undefined). On first startup call these
fields are still unset, so the check is skipped to preserve the
settings/cli-sourced key correctly.
Adds two hot-reload tests (envKey change and baseUrl change).
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(core): use baseUrl source as hasBeenApplied signal for provider change detection
Replace `apiKeyEnvKey !== undefined` guard with `baseUrl source ===
'modelProviders'` to reliably detect whether applyResolvedModelDefaults
has been called before. This fixes two edge cases:
1. No-envKey models: hot-reload changing baseUrl was undetected because
apiKeyEnvKey remained undefined. Now baseUrl source is checked.
2. Startup with envKey but omitted baseUrl: undefined !== default URL
could falsely trigger isProviderChanged. Now skipped at startup
since baseUrl source is not yet 'modelProviders'.
Updates hot-reload test fixtures to simulate post-apply state (baseUrl
source as 'modelProviders') and adds no-envKey hot-reload test.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(core): shallow-clone savedApiKeySource to avoid mutation risk
Copy the ConfigSource object before applyResolvedModelDefaults runs,
so a future refactor that mutates source objects in place won't break
the save/restore logic.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
---------
Co-authored-by: jinye.djy <jinye.djy@alibaba-inc.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Test 1 asserted `say exactly GAMMA3` after pressing Up once in the
rewind selector, but that only passed because `/rewind` was incorrectly
counted as a user turn. After `isRealUserTurn()` excluded slash commands,
the turn list is [ALPHA1, BETA2, GAMMA3] and Up from the initial
selection (GAMMA3) lands on BETA2. Update the assertion to match.
Ref: https://github.com/QwenLM/qwen-code/pull/3441#issuecomment-4319798259
Co-authored-by: jinye.djy <jinye.djy@alibaba-inc.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* feat(cli): add Space-to-preview in resume session picker
Press Space on a highlighted session to open a read-only transcript
preview; Enter resumes, Esc returns. Works from both in-session
`/resume` and standalone `qwen --resume`.
The standalone path runs before `loadCliConfig`, so no real Config /
LoadedSettings exist when its render tree mounts. `StandaloneSessionPicker`
wraps the picker in stub Providers — every downstream access in the
preview render path is either optional-chained or gated on states
(Confirming / Executing) that never occur in resumed session data, so
the stubs' methods are only read, never invoked for real work. Tool
descriptions degrade to the raw function-call name in preview; users
get full fidelity after pressing Enter to resume.
Co-Authored-By: Qwen-Coder <noreply@qwen.ai>
* fix(cli): guard SessionPreview separator width on narrow terminals
`'─'.repeat(boxWidth - 2)` would throw RangeError when columns < 6
(tmux splits, small panes). Clamp boxWidth to a safe minimum and
compute separatorWidth with Math.max(0, …).
Co-Authored-By: Qwen-Coder <noreply@alibabacloud.com>
* fix(cli): gate Space-to-preview behind enablePreview prop
`SessionPicker` is shared by the resume dialog and the delete-session
dialog. Preview's Enter shortcut forwards to `onSelect`, which for
delete is `handleDelete` — so Space → preview → Enter would silently
delete the session while the preview UI still says "Enter to resume".
Add `enablePreview?: boolean` (default false). Resume callers (the
in-app resume dialog and `--resume` standalone) opt in; the delete
dialog stays opt-out and behaves exactly as before. Footer hint and
preview render branch are both gated on the prop. Add a regression
test that emulates the delete dialog and asserts Space is a no-op,
the hint is absent, and Enter still flows straight to onSelect.
Co-Authored-By: Qwen-Coder <noreply@alibabacloud.com>
---------
Co-authored-by: Qwen-Coder <noreply@qwen.ai>
Co-authored-by: Qwen-Coder <noreply@alibabacloud.com>
Add ArenaSelectDialog tests for Escape, discard, and winner selection key paths.
Verify Escape only closes the dialog, x discards without applying changes, Enter applies the highlighted successful agent, and
failed agents remain inert when selected.
The /review skill's language rule "match the language of the PR" has no
applicable target during local reviews (no PR exists). When a user sets
an output language via /language, local review output now honors that
preference instead of defaulting to English.
PR reviews remain unchanged — they continue matching the PR's language
since findings may be published as inline comments visible to all
collaborators.
Closes#3594
* feat(cli): add conversation rewind feature with double-ESC and /rewind command (#3186)
Add the ability to rewind conversation to a previous user turn, similar
to Claude Code's message selector. Users can trigger rewind via:
- Double-ESC on empty prompt while idle
- /rewind (or /rollback) slash command
The RewindSelector component provides a two-phase UI: a scrollable
pick-list of user turns followed by a confirmation dialog. On confirm,
both UI history and API history are truncated consistently, the terminal
is re-rendered, and the original prompt text is pre-populated in the
input for editing.
Key implementation details:
- historyMapping.ts correctly handles tool-call loops (functionResponse
entries) and the startup context pair when mapping UI turns to API
Content[] indices
- useDoublePress hook provides generic double-press detection with
800ms timeout and proper cleanup on unmount
- ESC handler guards against WaitingForConfirmation state to prevent
accidental rewind during tool approval
- Chat recording service records rewind events with tree-branching
via parentUuid for session replay support
Closes#3186
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix: call recordRewind() in handleRewindConfirm and simplify payload
- Actually invoke chatRecordingService.recordRewind() after rewind
- Remove tree-branching from recordRewind (no UI-to-recording UUID
mapping exists yet) to avoid corrupting the parentUuid chain
- Simplify RewindRecordPayload to just truncatedCount
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* test: add tmux-based E2E script for rewind feature
Automated verification of all 5 manual test items from PR description:
1. /rewind command flow (pick turn, confirm, verify truncation)
2. Double-ESC opens selector (with btw dismiss handling)
3. ESC during streaming cancels (no rewind)
4. /rewind with no history (guard blocks)
5. After rewind, model ignores removed turns
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(rewind): resolve resume persistence and IDE mode issues
- chatRecordingService: add turnParentUuids tracking and rewindRecording()
which re-roots the parentUuid chain so rewound messages land on a dead
branch; reconstructHistory() then skips them automatically on resume.
Add rebuildTurnBoundaries() for re-populating the index after /resume.
- AppContainer: fix truncatedCount bug (was always 0 after loadHistory),
wire handleRewindConfirm to rewindRecording() with correct targetTurnIndex,
add config.getIdeMode() guard to openRewindSelector so rewind is disabled
in IDE sessions where extra user Content entries break the API boundary
mapping.
- useResumeCommand: call rebuildTurnBoundaries() after startNewSession so
rewind works correctly within resumed sessions.
- resumeHistoryUtils: surface "Conversation rewound." info item when a
rewind record is encountered during history reconstruction.
- historyMapping.test.ts: add 9 unit tests for computeApiTruncationIndex
covering normal flow, startup context pair, tool responses, and
compression fallback.
- Copyright headers: standardize new files to "Copyright 2025 Qwen Code".
🤖 Generated with [Qwen Code](https://github.com/QwenLM/qwen-code)
* fix(rewind): close slash-command, compression, and IDE bypass holes
Three bugs found by Codex review:
1. P1: `/rewind` slash command bypassed the IDE-mode guard because
`slashCommandActions.openRewindSelector` called `setIsRewindSelectorOpen`
directly. Fixed by introducing a ref bridge (`openRewindSelectorRef`)
that delegates to the guarded callback.
2. P1: Slash-command invocations (`/help`, `/stats`, etc.) are stored as
`type: 'user'` in UI history but never reach the API or recording
service. The turn-index counter in `handleRewindConfirm` and
`computeApiTruncationIndex` counted them, producing off-by-N errors.
Added `isRealUserTurn()` helper that excludes items starting with
`/` or `?`, applied in all three counting sites (AppContainer,
historyMapping, RewindSelector).
3. P2: After chat compression, `computeApiTruncationIndex` returned
`apiHistory.length` when the target turn was unreachable, silently
keeping the full API history while the UI was truncated. Changed to
return `-1`; `handleRewindConfirm` now aborts with an error message
when the target turn was absorbed by compression.
Tests: 14 unit tests for historyMapping (including slash-command and
compression cases), full suite 616/616 passed.
🤖 Generated with [Qwen Code](https://github.com/QwenLM/qwen-code)
---------
Co-authored-by: jinye.djy <jinye.djy@alibaba-inc.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
handleError / handleCancellationError / handleMaxTurnsExceededError all
called process.exit synchronously, bypassing the caller's runExitCleanup
-> Config.shutdown -> chat-recording flush() chain on SIGINT, max-turn,
and fatal-error paths. Same family as the EPIPE bypass fixed in
bf24fff1f, just on a different code path.
Makes the three handlers async and routes the exit through a shared
exitAfterCleanup() helper that awaits runExitCleanup() before the actual
process.exit. The helper carries an exit-once latch so a SIGINT racing a
stream rejection (handleCancellationError + handleError fired
concurrently) doesn't end up running cleanup twice or interleaving exit
calls — only the first caller drains and exits, the second parks on a
never-resolving promise that's killed when process.exit fires.
Text-mode handleError still throws to the caller (unchanged behavior),
but now drains the queue first so the unhandled-rejection path doesn't
lose chat-recording records.
Five call sites in nonInteractiveCli.ts updated to await. Existing 11
errors.test.ts cases adapted to async + rejects.toThrow; added 5 new
regression guards covering cleanup-before-exit ordering for each
handler plus the concurrent-handler race.
Co-authored-by: wenshao <wenshao@U-K7F6PQY3-2157.local>
* fix(cli): respect OPENAI_MODEL precedence in CLI model resolution
* test(cli): cover env-driven model precedence for OpenAI-compatible auth
* fix(cli): scope model env precedence by auth type
* test(cli): cover QWEN_MODEL fallback precedence
* Codex worktree snapshot: startup-cleanup
Co-authored-by: Codex
* Add Python SDK real smoke test
Adds a repository-only real E2E smoke script for the Python SDK, plus npm and developer documentation entry points.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): address review findings — bugs, type safety, and test coverage
- Fix prepare_spawn_info: JS files now use "node" instead of sys.executable
- Fix protocol.py: correct total=False misuse on 7 TypedDicts (required fields were optional)
- Fix query.py: add _closed guard in _ensure_started, suppress exceptions in close()
- Fix sync_query.py: prevent close() deadlock, add context manager, add timeouts
- Fix transport.py: handle malformed JSON lines, add _closed guard in start()
- Fix validation.py: use uuid.RFC_4122 instead of magic UUID
- Fix __init__.py: export TextBlock, widen query_sync signature
- Remove dead code: ensure_not_aborted, write_json_line, _thread_error
- Add 12 new tests (29 → 41): context managers, JSON skip, closed guards, spawn info, timeouts
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): address wenshao review — session_id, bool validation, debug stderr
- Fix continue_session=True generating a wrong random session_id
- Add _as_optional_bool helper for strict type validation on bool fields
- Default debug stderr to sys.stderr when no custom callback is provided
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): address remaining wenshao review feedback
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* test(cli): harden settings dialog restart prompt test
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): review fixes — UUID compat, stderr fallback, sync cleanup
- Remove UUID version restriction to support v6/v7/v8 (RFC 9562)
- Always write to sys.stderr when stderr callback raises (was silent when debug=False)
- Prevent duplicate _STOP sentinel in SyncQuery.close() via _stop_sent flag
- Add ruff format --check to CI workflow
- Fix smoke_real.py version guard: fail early before imports instead of NameError
- Apply ruff format to existing files
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): remaining review fixes — exit_code attr, guard strictness, sync timeout
- Add exit_code attribute to ProcessExitError for programmatic access
- Strengthen is_control_response/is_control_cancel guards to require
payload fields, preventing misrouting of malformed messages
- Expose control_request_timeout property on Query so SyncQuery uses
the configured timeout instead of a hardcoded 30s default
- Use dataclasses.replace() instead of direct mutation on frozen-style
QueryOptions in query() factory
- Add ResourceWarning in SyncQuery.__del__ when not properly closed
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): add exit_code default and guard __del__ against partial GC
- Give ProcessExitError.exit_code a default value (-1) so user code can
construct the exception with just a message string
- Wrap SyncQuery.__del__ in try/except AttributeError to prevent crashes
when the object is partially garbage-collected
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): review fixes — resource leak, type safety, CI matrix, docs
- Fix SyncQuery.__del__ to call close() on GC instead of only warning
- Replace hasattr duck-type check with isinstance(prompt, AsyncIterable)
- Type-validate permission_mode/auth_type in QueryOptions.from_mapping
- Use TypeGuard return types on all is_sdk_*/is_control_* predicates
- Add 5s margin to sync wrapper timeouts to prevent error type masking
- Expand CI matrix to test Python 3.10, 3.11, 3.12
- Change ProcessExitError.exit_code default from -1 to None
- Add stderr to docs QueryOptions listing
- Update README sync example to use context manager pattern
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): preserve iterator exhaustion state and suppress detached task warning
- Add _exhausted flag to Query.__anext__ and SyncQuery.__next__ so
repeated iteration after end-of-stream raises Stop(Async)Iteration
instead of blocking forever.
- Remove re-raise in _initialize() to prevent asyncio
"Task exception was never retrieved" warning on detached tasks;
the error is already surfaced via _finish_with_error().
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): reject mcp_servers at validation time and add iterator/init tests
- Reject mcp_servers in validate_query_options() with a clear error
instead of advertising MCP support to the CLI and then failing at
runtime when mcp_message arrives.
- Remove dead mcp_servers branch from _initialize().
- Add tests for async/sync iterator exhaustion, detached init task
warning suppression, and mcp_servers validation.
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(sdk-python): fix ruff lint errors in new tests
- Use ControlRequestTimeoutError instead of bare Exception (B017)
- Fix import sorting for stdlib vs third-party (I001)
- Break long line to stay within 88-char limit (E501)
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* style(sdk-python): apply ruff format to new tests
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
---------
Co-authored-by: jinye.djy <jinye.djy@alibaba-inc.com>
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* feat(vscode): expose /skills as slash command with secondary picker
Add a secondary completion picker for the /skills slash command in the
VSCode IDE companion, allowing users to browse and select skills from
a dropdown before sending.
Changes:
- CLI: add 'skills' to ALLOWED_BUILTIN_COMMANDS_NON_INTERACTIVE whitelist
- CLI: send available_skills_update via ACP with skill names/descriptions
- Extension: handle available_skills_update in session update handler
- Webview: implement secondary picker that triggers after selecting /skills
- Webview: allow spaces in completion trigger for /skills sub-queries
Closes#1562
Made-with: Cursor
* feat(vscode-ide-companion): embed skills in commands update metadata
- Move available skills from separate session update to _meta field of
available_commands_update for more efficient delivery
- Simplify skill data to just skill names (string array)
- Add skillsCompletion utility for secondary picker logic
- Cache available skills in WebViewProvider for replay on webview ready
- Update all related types and handlers to support the new structure
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* refactor(vscode-ide-companion): simplify skills picker flow
* refactor(vscode-ide-companion): extract skills completion utils to shared module
Move `isSkillsSecondaryQuery`, `shouldOpenSkillsSecondaryPicker`, and
`SKILL_ITEM_ID_PREFIX` from App.tsx and useCompletionTrigger.ts into a
shared `completionUtils.ts` file to eliminate duplication.
* fix(vscode-ide-companion): restore skills picker state on reload
Cache and replay available skills when the webview becomes ready again.
Clear stale skills when commands metadata does not include availableSkills.
* fix(vscode-ide-companion): replay slash commands after webview reload
Cache available commands in the webview provider.
Replay them on webviewReady so slash command state survives reloads.
* fix(vscode-ide-companion): import AvailableCommand from ACP SDK
* fix(vscode-ide-companion): fallback /skills to direct command
* test(vscode-ide-companion): cover skills secondary picker flow
* test(vscode-ide-companion): guard App mock initialization
* fix(vscode-ide-companion): remove duplicate AvailableCommand import
The auto-merge introduced a duplicate AvailableCommand in the
@agentclientprotocol/sdk import block, causing TS2300.
* fix(vscode-ide-companion): remove duplicate availableCommands replay in handleWebviewReady
The handleWebviewReady method was sending cachedAvailableCommands twice
on every webview-ready handshake, causing an unnecessary extra state
update in the webview.
---------
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* feat(cli): add Traditional Chinese (zh-TW) as a UI language option
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix: use upstream unused-keys-only-in-locales.json to resolve conflict
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* revert: remove check-i18n.ts changes to avoid pre-existing zh.js issues
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* feat(cli): add Traditional Chinese (zh-TW) as a UI language option
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(cli): add WITTY_LOADING_PHRASES to zh-TW locale
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(cli): sync zh-TW.js with en.js keys, fix double-escape, fix check-i18n.ts
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix: resolve conflict in unused-keys-only-in-locales.json
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(cli): add missing Performance translation to zh-TW
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(cli): add quotes to Performance key in zh-TW
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(cli): regenerate zh-TW.js with correct multi-line value parsing
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix: resolve conflict in unused-keys-only-in-locales.json
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(cli): regenerate zh-TW.js with correct multi-line value parsing
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(cli): standardize zh-TW.js key quoting and sync zh.js keys
- Convert zh-TW.js keys from double-quoted to single-quoted to match en.js style
- Fix zh.js key mismatches: add missing keys (Value:, No server selected, prompts, required, Enum) and remove extra keys (The name of the extension to update, Session (temporary))
- Regenerate unused-keys-only-in-locales.json
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* fix(cli): update loading phrases when UI language changes
Add getCurrentLanguage() to useMemo deps in usePhraseCycler so that
WITTY_LOADING_PHRASES re-evaluates after a /language switch instead of
staying locked to the language active at mount time.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(i18n): normalize locale separators and fix case-insensitive language lookup
- detectSystemLanguage(): normalize POSIX locales (e.g. zh_TW.UTF-8 → zh-tw)
by replacing underscores with hyphens and lowercasing before matching, so
users with LANG=zh_TW.UTF-8 correctly detect zh-TW instead of falling
through to zh
- getLanguageNameFromLocale(): compare codes case-insensitively so that
normalizeOutputLanguage('zh-TW') resolves to 'Traditional Chinese' instead
of falling back to 'English'
- Add test cases for zh-TW / zh-tw / ZH-TW in normalizeOutputLanguage
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(test): update getLanguageNameFromLocale mock to include zh-TW
Add 'zh-tw' entry to the mock map and normalize locale input with
toLowerCase() so the mock mirrors the real case-insensitive implementation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* perf(core): make chat recording writes async
Every recorded chat event (user message, assistant turn, tool call,
tool result, slash command, etc.) was issuing 4 sync fs syscalls on
the main event loop: existsSync(dir) + mkdirSync(dir) + existsSync(file)
+ appendFileSync(file). For a tool-heavy prompt this added ~88 sync
I/O calls per session, blocking the UI render and keypress handler
during each one.
- chatRecordingService.appendRecord: cache ensure-flags so dir/file
creation runs once per session, then enqueue the actual write on a
per-instance promise chain (writeChain). lastRecordUuid is updated
synchronously so chained createBaseRecord still sees the right
parentUuid without waiting for the previous write.
- chatRecordingService.flush: drains the chain — wired into
Config.shutdown so no records are lost on exit.
- jsonl-utils.writeLine: now actually async (fs.promises.mkdir +
fs.promises.appendFile) with per-dir mkdir cache. The existing
per-file mutex still serializes writes correctly.
- Tests updated to await flush() before assertions.
Trace measurement on a single tool-heavy prompt: 110 → 20 sync I/O
calls (-82%), with chatRecordingService dropping from 88 to 0.
* perf(core): cache repeated fs lookups on tool hot path
Each tool invocation went through validatePath → isPathWithinWorkspace
→ fullyResolvedPath, plus its own existence/dir checks. The same paths
got re-resolved across back-to-back tool calls, and ripGrep re-
discovered .qwenignore on every Grep.
- workspaceContext.fullyResolvedPath: bounded LRU on input path
(1024, FIFO). Failed resolutions are NOT cached so retries work.
- paths.validatePath: cache positive isDirectory results; ENOENT
falls through every time so a freshly created file is picked up
immediately.
- ripGrep: module-level caches for searchPath-is-dir and per-dir
.qwenignore presence (256 each, FIFO).
- fileUtils.processSingleFileContent: drop the existsSync gate;
let fs.promises.stat throw ENOENT and convert to FILE_NOT_FOUND
in catch.
Trace: 20 → 10 sync I/O calls. Cumulative reduction since the
chat-recording change: 110 → 10, -91%. All 6057 core tests pass.
* test(core): cache reset hooks + regression-guards from audit
Self-review pass on the previous two perf commits surfaced a few
follow-ups worth pinning down before they bite:
- Module-level caches (paths.isDirectoryCache, ripGrep dirIsDir/qwen-
Ignore, jsonl-utils.ensuredDirs) persisted across vitest cases
silently. Added underscore-prefixed `_reset*ForTest` exports and
wired one into the validatePath describe block so future cases
mutating the same absolute paths can't pass by accident.
- Documented the parentUuid-chain tradeoff on chatRecordingService
.appendRecord: when the async write rejects, lastRecordUuid was
already set sync, so subsequent records reference an absent
ancestor — readers like sessionService.reconstructHistory then
silently drop those descendants. Same observable failure mode as
the prior sync code's caught-and-logged throw.
- Documented the dir<->file mutation and mid-session .qwenignore
staleness windows for the validatePath / ripGrep caches.
- Added regression tests:
* validatePath does NOT cache ENOENT (Edit-then-Read works)
* validatePath skips re-stat on cache hit (perf assertion)
* flush() resolves immediately on a fresh service
* a rejected writeLine does not block the next record
Full core suite: 6061 pass, 2 skipped — no regressions.
* fix(core): cache chatsDirEnsured only on mkdir success
Pre-fix, the flag flipped to true even when mkdirSync threw, so a single
transient failure (NFS EACCES, sandbox mount race, parent dir briefly
missing) would short-circuit every subsequent appendRecord and silently
drop the rest of the session's transcript with no error surfaced.
Reported by zhangxy-zju on #3581.
* fix(cli): destroy stdout instead of process.exit on EPIPE
Routine CLI patterns like `qwen -p ... | head -1` / `| less` / `| grep -m1`
close the downstream pipe and trigger EPIPE. The previous handler called
process.exit(0), which bypassed the caller's runExitCleanup -> Config
.shutdown -> chat-recording flush() chain and silently dropped queued
JSONL writes (most recent assistant turn + tool results).
Destroying stdout instead lets writes fail fast and the natural function
return drive cleanup. We deliberately do not also abortController.abort()
here: the abort path runs handleCancellationError which itself calls
process.exit(130), re-introducing the same bypass.
Reported by zhangxy-zju on #3581.
* fix(cli): bound runExitCleanup with per-fn + wall-clock timeouts
Pre-fix, runExitCleanup was an unbounded series of awaits. After the
async-jsonl change moved chat-recording writes off the calling thread
(Config.shutdown now `await flush()`s the queue), any hung syscall
(slow disk, dead NFS mount, stuck MCP socket, telemetry HTTP stall)
would hang process exit indefinitely — sync writes were inherently
bounded by syscall return; async writes are not.
Adds per-cleanup 2s + overall 5s wall-clock failsafes on the same
shape as Claude Code's gracefulShutdown.ts. Also replaces dead
test-isolation code (`global['cleanupFunctions']` was never on global,
the array is module-private) with a `_resetCleanupFunctionsForTest`
hook matching the convention from d6485964c.
Follow-up flagged by zhangxy-zju on #3581.
---------
Co-authored-by: wenshao <wenshao@U-K7F6PQY3-2157.local>
* feat(vscode): add native context menu copy actions for webview chat
Add three right-click context menu items to the chat message area using
VSCode's native webview/context API:
- Copy Message: copies the right-clicked message's raw markdown content
- Copy All Messages: copies the full conversation in markdown format
- Copy Last Reply: copies the last assistant response
Implementation details:
- Commands registered in package.json with webview/context menu entries
- Clipboard writes go through extension host (vscode.env.clipboard) for
reliability in webview sandbox
- Message identification via data-msg-idx stamped after render
- Tool-call outputs supported including diff format (git diff style)
- i18n support via package.nls.json (English) and package.nls.zh-cn.json
- Menu only shown in message area (not input box or empty state)
Closes#3052
* fix(vscode): wrap tool-call content text in code blocks for copy
* fix(vscode): only wrap tool-call content in code blocks for Copy All, not single Copy Message
* fix(vscode): route copy commands to the right-clicked webview and use dynamic code fences
* fix(vscode): use childIndexMap for copy-message routing and extract shared message handling
Replace the wrapper-div approach (which broke CSS layout) with a
render-time childIndexMap that maps DOM child positions to allMessages
indices. This avoids both the useLayoutEffect index-drift bug and the
wrapper-div CSS side effects.
- Remove data-msg-idx wrapper divs; messages render directly as
container children, preserving original [&>*] CSS layout
- Build childIndexMap during MessageList render, skipping null items
(empty AssistantMessage, hidden tool calls via shouldShowToolCall)
- findMessageIndex walks up from click target to container's direct
child, then maps through childIndexMap
- Filter hidden tool calls and empty content in copyAllMessages
- Extract handleCommonWebviewMessage to deduplicate routing logic
across sidebar, editor panel, and restored panel handlers
- Clear lastContextMenuProvider on dispose to prevent memory leaks
* fix(vscode): handle image messages in copy and resolve intermittent copy failure
- Copy Message on image messages now outputs markdown format 
instead of empty string
- Copy All Messages includes image messages as  instead of
skipping them
- Copy Last Reply skips empty assistant placeholders during streaming
- Resolve intermittent copy failure by pre-resolving message index on
right-click instead of storing a DOM element reference that can become
stale after React re-renders
* feat(vscode-companion): support /export session command
* fix(vscode-ide-companion/webview): prefer ACP session id for export
* feat(vscode-ide-companion): support /export slash command
Add nested /export completion and ACP command availability for the VS Code companion.
Reuse the shared export flow, write to the default path, and show clickable export results in chat.
* fix(export): align slash command messaging
Restore the CLI export description to the existing wording.
Keep the VS Code companion error message consistent with the required /export subcommands.
* fix(webui): support explicit markdown file links
Handle local markdown file links in assistant messages even when automatic file-link detection is disabled.
Normalize encoded paths and line fragments so exported files can be opened from the VS Code webview.
* test(vscode-ide-companion): make export path assertion cross-platform
* fix(vscode-ide-companion): use public session export entrypoint
* fix(cli): replay standalone ESC after early capture
* fix(vscode-ide-companion): resolve rebase artifacts and vitest export alias
Remove duplicate AvailableCommand import caused by merge, and add
vitest resolve alias for @qwen-code/qwen-code/export so the session
export service tests can resolve the CLI export module from source.
* fix(cli): fix getAvailableCommands test mock to use getCommandsForMode
The test mock was only setting up getCommands but getAvailableCommands
calls getCommandsForMode. Add getCommandsForMode to the mock and set up
test data on it instead.
* fix(vscode-ide-companion): fix export file link click and add save dialog
- Fix file:/// URI handling in MarkdownRenderer: normalizeExplicitFileLink
now strips the file:// scheme before checking isAbsolutePath, so exported
file links are properly recognized and clickable
- Replace direct cwd file write with vscode.window.showSaveDialog() so
users can choose the export destination and filename
- Handle cancelled save dialog gracefully (return null, skip success message)
* fix(webui): scope file link handler to file:// URIs only, fix # in filenames
- normalizeExplicitFileLink now returns early for file:// URIs without
splitting on #, since vscode.Uri.file() encodes # as %23 in the path.
This prevents filenames containing # from being truncated after decode.
- Explicit-link click handler now only fires for file:// URI hrefs,
not arbitrary relative paths. This prevents model-generated markdown
links from bypassing enableFileLinks=false and opening arbitrary files.
- Remove unused KNOWN_FILE_EXTENSIONS constant.
* fix(vscode-ide-companion): update export tests for save dialog, fix stale JSDoc
- Add showSaveDialog mock to sessionExportService.test.ts
- Update existing test to verify save dialog is called with correct args
- Add test for cancelled save dialog returning null
- Fix JSDoc that incorrectly claimed fallback-to-cwd behavior
* fix(core): preserve reasoning_content during session resume and active sessions (GH#3579)
* chore(core): remove dead thinkingThresholdMinutes config after latch removal (GH#3579)
#3450 pinned every assistant/thinking segment in a streamed turn to the
same turn-start timestamp so a later user message could not be sorted
between two segments of the previous turn (#3273). That fix turned out
to conflict with the tool-call timeline: tool calls carry their own
arrival timestamp, which is strictly greater than the turn-start
timestamp, so after #3450 every tool call sorted AFTER both assistant
segments instead of between them — the exact 'tool call jumped to the
end' ordering bug users are now reporting.
The two bugs pull the sort key in opposite directions and cannot both
be satisfied by a single timestamp strategy. Roll #3450 back byte-for-
byte on useMessageHandling.ts so the tool-call ordering regression is
fixed immediately; replace the test file with two focused cases that
pin the conflicting invariants so the next fix (likely a monotonic
sequence key shared across messages and tool calls) has a clear
target:
- tool-call interleave test (passes today): a tool call that arrives
between two assistant segments must sort strictly between them.
- #3273 regression test (it.fails today): all assistant segments of
one turn must sort before a user message sent during the turn.
Flipped to a normal it() once the proper fix lands.
Refs: #3273, #3450
Co-authored-by: Qwen-Coder <noreply@qwenlm.ai>
* fix(cli): dispatch queued slash commands through the slash path
When the agent was responding and the user queued a message, the drain
path joined all queued messages with `\n\n` and submitted them as one
prompt. Any slash command in that blob (e.g. `/model`) no longer started
with `/`, so it was sent to the model as plain text instead of opening
the command's dialog.
The mid-turn tool-result drain had the same problem: it drained the
entire queue into the tool-result payload, so a slash command queued
during tool execution was injected as context for the model rather than
executed as a command.
Queue draining now splits into segments — consecutive plain-text
messages are still batched into one submission, while slash commands
are submitted alone so their `/` prefix survives. The mid-turn drain
only takes leading plain-text messages and leaves slash commands
queued for the normal idle drain. The idle drain is gated on open
dialogs so a queued `/model` does not cause the following queued
prompt to be sent to the model while the picker is still open, and a
re-entry lock plus a nonce close the race between state commits and
the async dialog-open.
* fix(cli): defer queued slash commands until idle
* fix(cli): drop queued messages on cancel instead of auto-submitting
Cancel's contract is now "abort and redirect" in both cancel paths:
restore the most recent queued segment into the buffer for editing and
drop the rest, so forgotten follow-ups cannot auto-submit once the turn
settles. Previously the non-tool path left queued plain-text segments
in place for the idle drain to fire, and the tool-executing path
cleared only the buffer — both surprised users with belated message
dispatches after they had already cancelled.
* refactor(cli): batch plain prompts in idle drain
Idle drain now runs in two phases: drain all plain-text prompts into one
turn (drainQueue), then pop slash commands one-by-one (popNextSegment).
Mirrors the mid-turn behavior so queue handling is consistent across
mid-turn and idle contexts.
popAllMessages now drains the entire queue joined with \n\n for Ctrl+C
cancel and ESC/Up edit-restore. Drop the unused options parameter from
useMessageQueue and the extractFirstSegment helper.
---------
Co-authored-by: 愚远 <zhenxing.tzx@alibaba-inc.com>
* fix(cli): disable Kitty keyboard protocol on SIGINT to prevent garbled 9;5u output
When a Kitty-capable terminal (iTerm2, Kitty, WezTerm) is used, the CLI
enables the Kitty keyboard protocol at startup via ESC[>1u. On exit, the
protocol must be disabled with ESC[<u to restore the terminal's default
key encoding. Failing to do so leaves the terminal in Kitty mode: any
subsequent Ctrl+C press is encoded as ESC[99;5u, and since the shell does
not understand this sequence, it echoes the trailing '9;5u' as garbled
text.
Root cause: kittyProtocolDetector registered cleanup handlers for 'exit'
and 'SIGTERM', but omitted SIGINT. A process terminated via SIGINT (e.g.
kill -INT <pid>, a parent process sending SIGINT, or certain process
managers) would exit without disabling the protocol.
Fix:
1. Add process.on('SIGINT', disableProtocol) alongside the existing
'exit' and 'SIGTERM' handlers in kittyProtocolDetector.ts.
2. Export a new disableKittyProtocol() function for explicit call sites.
3. Call disableKittyProtocol() in the registerCleanup callback in
gemini.tsx before instance.unmount(), so the disable sequence is
written while stdout is fully operational regardless of exit path.
Fixes#3528
* fix(test): add disableKittyProtocol to kittyProtocolDetector mock
* fix(cli): run ACP Agent tool calls concurrently (#2516)
When the model returns multiple Agent tool calls in a single turn, the
ACP Session previously executed them sequentially in a plain for-loop,
multiplying latency by the number of sub-agents spawned.
Mirror the partition logic in coreToolScheduler.partitionToolCalls:
consecutive Agent calls form a parallel batch (safe because sub-agents
have no shared mutable state); any other tool forms its own sequential
batch so the model's implicit ordering is preserved. Response-part
ordering still matches the original functionCalls order.
Add a focused test that uses controllable deferred executes to prove
both Agent calls start before either resolves, and that the fed-back
functionResponse ordering is stable regardless of resolution order.
* Address PR #3463 review: bound concurrency + robust test timing
Two issues raised by the /review bot:
1. The raw Promise.all fan-out bypassed the bounded-concurrency guard
that coreToolScheduler applies via QWEN_CODE_MAX_TOOL_CONCURRENCY.
Replaced with an inline runBounded helper that mirrors core's
runConcurrently (Promise.race on a bounded executing set, default
cap 10), keeping in-order result collection.
2. The concurrency test used a 10-iteration microtask yield loop before
asserting both execute() spies had been invoked. That's fragile —
runTool's pre-execute path (build → getDefaultPermission →
evaluatePermissionRules → permission branch → PreToolUseHook) has
more await boundaries than 10 ticks guarantees, and the CI run
reported call-a still at 0 invocations at the assertion point.
Reworked the test to wait on an explicit `called` deferred that
resolves *inside* the execute() mock body. Under sequential
behaviour only one `called` would ever fire → `Promise.all([called-a,
called-b])` deadlocks → vitest's per-test timeout surfaces the
regression. Under the fix both fire before either result resolves.
* fix(acp): degrade gracefully when AgentTool invocation has no eventEmitter
The concurrency test for #2516 timed out on CI with "Test timed out in
5000ms" after the `await Promise.all([called-a, called-b])` rewrite in
the previous review-fix commit. The 5000ms wait was the symptom; the
root cause is that neither `execute()` was ever being called.
runTool's AgentTool branch was guarded with `'eventEmitter' in invocation`,
which is a *key-presence* check. The test mock provides
`{ eventEmitter: undefined, ... }` — the key exists (value undefined),
the branch is entered, and `SubAgentTracker.setup` immediately throws
inside `eventEmitter.on(...)`. The try/catch in runTool swallows the
throw and returns an error response, so `invocation.execute()` never
runs, `called[id].resolve()` never fires, and the test deadlocks.
The earlier review commit (4519c5f9c) interpreted the CI symptom as
"10 microtask yields aren't enough" and rewrote the assertion around a
deferred `Promise.all`. But the old test's `toHaveBeenCalledTimes(1)`
failure with 0 invocations was already the same bug — execute was never
called. The new formulation just converted the visible failure from an
assertion mismatch into a timeout.
Switch the guard to a truthy check against `invocation.eventEmitter`.
Semantics for real AgentTool are unchanged — `agent.ts:392` declares
`readonly eventEmitter: AgentEventEmitter = new AgentEventEmitter()`,
so production always enters the branch. The only new behavior is that
incomplete invocations (or test mocks) skip SubAgentTracker setup
cleanly instead of crashing. `subAgentCleanupFunctions` stays `[]`,
so the cleanup forEach at the success/error paths is a no-op.
In ACP mode, the Mcp server list sent by the IDE client can include
SSE (type: "sse") and HTTP (type: "http") transports, but the previous
implementation only handled stdio servers via toStdioServer(). Non-stdio
servers were silently skipped (continue), so any SSE/HTTP-configured
MCP server would never be registered.
Changes:
- Add toSseServer() helper: detects type=="sse" servers and maps them
to MCPServerConfig(url=..., headers=...)
- Add toHttpServer() helper: detects type=="http" servers and maps them
to MCPServerConfig(httpUrl=..., headers=...)
- Refactor newSessionConfig() loop to handle all three transport types
- Declare mcpCapabilities: { sse: true, http: true } in agentCapabilities
so IDE clients know this agent supports these transports without needing
a transparent proxy
- Export the three helper functions for unit testing
Tests:
- Unit tests for toStdioServer / toSseServer / toHttpServer helpers
(type discrimination, mutual exclusion)
- Integration-style tests for QwenAgent.initialize() mcpCapabilities
- Integration-style tests for newSession() with SSE/HTTP MCP servers,
verifying MCPServerConfig is constructed with the correct arguments
(url vs httpUrl, headers passthrough, empty-headers → undefined)
Fixes#3472
* fix: strengthen error handling in launchBrowser to prevent unhandled events
* fix: strengthen error handling with ChildProcess type and debugLogger
* fix: use type-only import for ChildProcess
* refactor(core): make OpenAI converter stateless to prevent shared-state races
Follow-up to #3525. #3516 showed that OpenAIContentConverter's long-lived
per-pipeline state raced between concurrent streams; #3525 scoped the
streaming tool-call parser, this removes the remaining shared state.
- OpenAIContentConverter is now a module of stand-alone functions; the
exported symbol is a namespace object preserved for call-site
compatibility.
- New RequestContext (in types.ts, alongside PipelineConfig and
ErrorHandler) carries model, modalities, startTime, and an optional
per-stream toolCallParser. The pipeline builds one per request and
threads it through every conversion call.
- errorHandler drops duration/isStreaming; duration is recomputed from
startTime at error time and troubleshooting text is uniform.
- convertOpenAIChunkToGemini now throws if toolCallParser is missing so
future misuse surfaces loudly instead of silently constructing a
one-shot parser per chunk.
* test(core): align timeout expectations
Selecting an older entry from input history via the arrow keys and pressing
Enter now moves that entry to the most recent position, so the next Up press
surfaces it first. Previously two bugs combined to keep stale copies in place:
the history-navigation index was not reset on submit, and deduplication only
collapsed consecutive repeats, leaving non-consecutive duplicates intact.
* feat(web-search): add GLM (ZhipuAI) web search provider
- Add GlmProvider class implementing BaseWebSearchProvider using the
ZhipuAI Web Search API (https://open.bigmodel.cn/api/paas/v4/web_search)
- Support multiple search engines: search_std, search_pro, search_pro_sogou,
search_pro_quark
- Support optional config: maxResults, searchIntent, searchRecencyFilter,
contentSize, searchDomainFilter
- Truncate query to 70 characters per API limit
- Register 'glm' in the provider discriminated union (types.ts) and
createProvider() switch (index.ts)
- Add GlmProviderConfig to settingsSchema, ConfigParams, and Config class
- Add --glm-api-key CLI flag and GLM_API_KEY env var support in webSearch.ts
- Forward GLM_API_KEY in sandbox environment
- Update provider priority list: Tavily > Google > GLM > DashScope
- Add 17 unit tests for GlmProvider and 4 integration tests in index.test.ts
- Update docs/developers/tools/web-search.md with GLM configuration,
env vars, CLI args, pricing, and corrected DashScope billing info
- Fix stale OAuth/free-tier references in web-search.md
Closes#3496
* docs(web-search): fix DashScope note and add GLM server-side limitations
* fix(web-search): make DashScope provider work with standard API key, remove qwen-oauth dependency
- DashScopeProvider.isAvailable() now checks config.apiKey instead of authType
- Remove OAuth credential file reading and resource_url requirement
- Use standard DashScope endpoint: dashscope.aliyuncs.com/api/v1/indices/plugin/web_search
- Read DASHSCOPE_API_KEY env var and --dashscope-api-key CLI flag
- Forward DASHSCOPE_API_KEY into sandbox environment
- Update integration test to detect DASHSCOPE_API_KEY
- Update docs to reflect new API key based configuration
* feat(web-search): remove built-in web search tool
The web_search tool and all related provider implementations are removed.
Web search functionality will be provided via MCP integrations instead,
which is the direction the broader agent ecosystem is moving.
Removed:
- packages/core/src/tools/web-search/ (entire directory)
- packages/cli/src/config/webSearch.ts
- integration-tests/cli/web_search.test.ts
- ToolNames.WEB_SEARCH, ToolErrorCode.WEB_SEARCH_FAILED
- webSearch config in ConfigParams, Config class, settingsSchema
- CLI options: --tavily-api-key, --google-api-key, --google-search-engine-id,
--glm-api-key, --dashscope-api-key, --web-search-default
- Sandbox env forwarding for TAVILY/GLM/DASHSCOPE/GOOGLE search keys
- web_search from rule-parser, permission-manager, speculation gate,
microcompact tool set, and builtin-agents tool list
* fix: remove websearch reference
* docs: remove websearch tool
* docs: add break change guide
* fix review
* fix(cli): remove residual blank lines after MCP init completes (#3095)
ConfigInitDisplay rendered <Box marginTop={1}> plus a content line, so
the live area grew by 2 rows during startup. When initialization
finished and the component unmounted, Ink shrank the live area but the
rows it had already committed to the terminal scrollback cannot be
reclaimed, leaving a visible gap above the input.
Move the MCP init status into the Footer's left-bottom status slot
(always mounted, fixed height) so the live area height stays constant
across the init → ready transition. The status participates in the
existing priority chain: ctrlC / ctrlD / escape / vim / shell /
autoAccept / configInit / hint.
* fix(cli): suppress MCP init message when custom status line is active
Audit follow-up. Previously the configInit branch preceded the
suppressHint branch in the footer's left-bottom priority chain. With
a custom status line configured, <Text>{null}</Text> collapses to
zero rows in Ink, so the footer's bottom row went from 1 row during
init to 0 rows after — a 1-row height oscillation that reintroduces
the same scrollback-residue symptom the original fix eliminated in
the default case.
Swap the order so suppressHint short-circuits to null first: the
init message now shares the hint's suppression rule, keeping the
footer's height constant in every configuration.
Also:
- Gate the hook's return on isConfigInitialized directly instead of
letting the effect clear state, avoiding a one-frame flash where
the stale "Initializing..." message leaks through on the first
render after init completes.
- Cover the new behavior with three Footer tests, including a
regression test for the custom-status-line case.
* fix(cli): show MCP init progress even under a custom status line
Reverting a UX trade-off introduced in the previous commit. That
change suppressed the init message whenever a custom status line was
active, arguing that <Text>{null}</Text> collapses to zero rows in
Ink and any non-zero init row would re-create a one-row shrink on
completion.
Zero shrink was the wrong goal. Hiding init progress from users who
have configured a status line is a real usability loss — the status
line does not surface MCP connection state, so those users now see
no feedback during startup. A one-time, one-line shrink on init
completion is a far smaller regression than the original two-row
scrollback residue this PR was created to fix, and strictly better
than the silent alternative.
Keep the init message in the left-bottom slot and let it sit above
suppressHint in the priority chain. Update the regression test so
that it pins the new behavior (init is visible with or without a
status line) and prevents the suppression from being reintroduced.
* fix(cli): keep MCP init progress visible in screen-reader mode
Footer is gated behind !isScreenReaderEnabled, so moving the init
message inside Footer silenced it for screen-reader users. Render the
same message as a plain Text node in Composer when the screen reader is
active — screen-reader users don't suffer from the live-area residual
row issue that motivated the original move, so an independent node is
safe for them.
* refactor(cli): drop duplicated screen-reader init path and show progress under YOLO
- ScreenReaderAppLayout already mounts <Footer /> directly, so the
separate <Text> branch in Composer was producing a duplicated
'Connecting to MCP servers...' line in screen-reader mode. Remove it.
- Move configInitMessage ahead of AutoAcceptIndicator in the footer's
priority chain so users launched with YOLO / auto-accept-edits still
see the ~1s startup progress; the approval-mode indicator takes over
as soon as init finishes.
- Add unit tests for useConfigInitMessage covering the idle, progress,
reset, and unsubscribe paths.
* fix(i18n): sync mismatched keys between en.js and zh.js (#3503)
Add 4 keys missing from en.js that are actively used in source code,
add 5 missing Chinese translations to zh.js, integrate check-i18n
into CI to prevent future drift, and skip JSON file write in CI to
avoid dirtying the working tree.
---
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
* feat(session): auto-title sessions via fast model, add /rename --auto
The /rename work in #3093 generates kebab-case titles only when the user
explicitly runs `/rename` with no args; until they do, the session picker
shows the first user prompt (often truncated or misleading). This change
adds a sentence-case auto-title that fires once per session after the
first assistant turn, using the configured fast model.
New service: `packages/core/src/services/sessionTitle.ts` —
`tryGenerateSessionTitle(config, signal)` returns a discriminated outcome
(`{ok: true, title, modelUsed}` | `{ok: false, reason}`) so callers can
either handle failures generically or map reasons to actionable messages.
Prompt shape: 3-7 words, sentence case, good/bad examples including a
CJK row, JSON schema enforced via `baseLlmClient.generateJson`.
`maxAttempts: 1` — titles are cosmetic metadata and shouldn't fight
rate limits.
Trigger point: `ChatRecordingService.maybeTriggerAutoTitle` runs after
`recordAssistantTurn`. Fire-and-forget promise, guarded by:
- `currentCustomTitle` — don't overwrite any existing title.
- `autoTitleController` doubles as in-flight flag; a second turn while
the first is still pending is a no-op.
- `autoTitleAttempts` cap of 3 — the first assistant turn may be a
pure tool-call with no user-visible text; retry for a handful of
turns until a title lands. Cap bounds total waste.
- `!config.isInteractive()` — headless CLI (`qwen -p`, CI) never auto-
titles; spending fast-model tokens on a one-shot session is waste.
- `autoTitleDisabledByEnv()` — `QWEN_DISABLE_AUTO_TITLE=1` opt-out.
- `config.getFastModel()` falsy — skip entirely rather than falling
back to the main model; auto-titling on main-model tokens is too
expensive to be silent.
Persistence: `CustomTitleRecordPayload` grows a `titleSource: 'auto' |
'manual'` field. Absent on pre-change records (treated as `undefined`
→ manual, safe default so a user's pre-upgrade `/rename` is never
silently reclassified). `SessionPicker` renders `titleSource === 'auto'`
titles in dim (secondary) color; manual stays full contrast. On resume,
the persisted source is rehydrated into `currentTitleSource` — without
this, finalize's re-append would rewrite an auto title as manual on
every resume cycle.
Cross-process manual-rename guard: when two CLI tabs target the same
JSONL, in-memory state can diverge. Before writing an auto record, the
IIFE re-reads the file via `sessionService.getSessionTitleInfo`. If a
`/rename` from another process landed as manual, bail and sync local
state — never clobber a deliberately-chosen manual title with a model
guess. Cost is one 64KB tail read per successful generation.
`finalize()` aborts the in-flight controller before re-appending the
title record. Session switch / shutdown doesn't have to wait on a slow
fast-model call.
New user-facing command: `/rename --auto` regenerates via the same
generator — explicit user trigger, overwrites whatever's there (manual
or auto) because the user asked. Errors route through
`autoFailureMessage(reason)` so `empty_history`, `model_error`,
`aborted`, etc. each get actionable guidance rather than a generic
"could not generate". `/rename -- --literal-name` is the sentinel for
titles that start with `--`; unknown `--flag` tokens error with a hint
pointing at the sentinel. Existing `/rename <name>` and bare `/rename`
(kebab-case via existing path) are unchanged, except the kebab path now
prefers fast model when available and runs its output through
`stripTerminalControlSequences` (same ANSI/OSC-8 hardening as the
sentence-case path).
New shared util: `packages/core/src/utils/terminalSafe.ts` —
`stripTerminalControlSequences(s)` strips OSC (\x1b]...\x07|\x1b\\), CSI
(\x1b[...[a-zA-Z]), SS2/SS3 leaders, and C0/C1/DEL as a backstop. A
model-returned `\x1b[2J` or OSC-8 hyperlink escape would otherwise
execute on every SessionPicker render; both sentence-case and kebab
paths now route titles through the helper before they reach the JSONL
or the UI.
Tail-read extractor: `extractLastJsonStringFields(text, primaryKey,
otherKeys, lineContains)` reads multiple fields from the same matching
line in a single pass. Two separate tail scans could return a mismatched
pair (primary from a newer record, secondary from an older one with only
the primary set); the new helper guarantees the pair is atomic. Validates
a proper closing quote on the primary value so a crash-truncated trailing
record can't win the latest-match race. `readLastJsonStringFieldsSync`
is its file-reading wrapper — same tail-window fast path and full-file
fallback as the single-field version, plus a `MAX_FULL_SCAN_BYTES = 64MB`
cap so a corrupt multi-GB session file can't freeze the picker. Session
reads now open with `O_NOFOLLOW` (falls back to plain RDONLY on Windows
where the constant isn't exposed) — defense in depth against a symlink
planted in `~/.qwen/projects/<proj>/chats/`.
Character handling: `flattenToTail` on the LLM prompt drops a dangling
low surrogate after `slice(-1000)` — otherwise a CJK supplementary char
or emoji cut mid-pair produces invalid UTF-16 that some providers 400.
`sanitizeTitle` applies the same surrogate scrub after max-length trim,
and strips paired CJK brackets (`「」 『』 【】 〈〉 《》`) as whole units so
a `【Draft】 Fix login` doesn't leave a dangling `】` after leading-char
strip. `lineContains` in the title reader is tightened from the loose
substring `'custom_title'` to `'"subtype":"custom_title"'` so user text
containing the literal `custom_title` can't shadow a real record.
Tests: 46 new unit tests across
- `sessionTitle.test.ts` (22): success/all-failure-reasons, tool-call
filter, tail-slice, surrogate scrub, ANSI/OSC-8 strip, CJK brackets.
- `chatRecordingService.autoTitle.test.ts` (15): trigger/skip matrix,
in-flight guard, abort propagation on finalize, manual/auto/legacy
resume symmetry, cross-process race, env opt-out, retry-after-
transient.
- `sessionStorageUtils.test.ts` (13): single-pass extractor, straddle
boundary, truncated trailing record, lineContains, multi-field atom.
- `renameCommand.test.ts` (8): `--auto` success, all reasons, sentinel,
unknown-flag hint, positional rejection, manual/SessionService
fallbacks.
* docs(session): design doc for auto session titles
Matches the session-recap design doc shape (Overview / Triggers /
Architecture / Prompt Design / History Filtering / Persistence /
Concurrency / Configuration / Observability / Out of Scope) and adds a
Security Hardening section unique to the title path — titles render
directly in the picker and persist in user-readable JSONL, so
LLM-returned control sequences are an attack surface the recap path
doesn't have.
Captures decisions a code-only reader has to reverse-engineer:
- Why `maxAttempts: 1` (best-effort cosmetic metadata; no retry loop).
- Why `autoTitleAttempts` cap is 3 (first turn can be pure tool-call).
- Why the auto trigger does NOT fall back to the main model but
session-recap does (auto-title fires on every turn; silently charging
main-model tokens is a bill surprise).
- Why `titleSource: undefined` stays unwritten on legacy records (no
rewrite risks silently reclassifying user intent).
- Why the cross-process re-read sits between the LLM await and the
append (manual wins at both in-process and on-disk layers).
- Why `finalize()`'s abort tolerates a controller swap (in-flight
identity check).
- Why JSON-schema function calling instead of tag extraction (avoid
reasoning preamble bleed; cross-provider reliability).
Placed at docs/design/session-title/ alongside session-recap,
compact-mode, fork-subagent, and other per-feature design docs. No
sidebar index update required — the design folder is unindexed.
* test(rename): pin model choice in bare /rename kebab path
Addresses reviewer feedback: the bare `/rename` model selection
(`config.getFastModel() ?? config.getModel()`) had no test pinning
it either way. Previous tests mocked `getHistory: []`, which exits
the function before the model is ever chosen, so a silent regression
to either direction (always-main or always-fast) would pass CI.
Two explicit cases now:
- fastModel set → `generateContent` called with `model: 'qwen-turbo'`.
- fastModel unset → `generateContent` called with `model: 'main-model'`.
The tests intentionally mock a non-empty history so the kebab path
reaches the generateContent call site instead of bailing on empty input.
params.pages !== undefined let "" fall through to parsePDFPageRange(''),
which returns null and surfaced "Invalid pages parameter: ''" for every
read_file call from models that default optional strings to "".
Switch to a truthy check so "" behaves the same as an omitted field, and
add a regression test.
Fixes#3558
- Add internal-ID qualifier, anti-duplication clause, and large-file reading strategy to the launch tool-result template, ported from claw-code.
- Rename transcript_file to output_file for consistency.
- Reference read_file and run_shell_command via ToolNames constants instead of raw strings.
Surface subagent token and tool counts while the agent is still running
(previously populated only at completion) and keep the detail subtitle
in sync with the Progress rows by counting TOOL_CALL events ourselves —
executionStats.totalToolCalls only advances on TOOL_RESULT, so it would
lag the visible row count by one while a tool was in flight.
Drop terminal entries from the list so the header counts and the list
stop disagreeing, auto-fall-back from the detail view when the viewed
entry finishes or disappears, and keep the "Local agents" header
rendered in the empty state so the dialog doesn't visually collapse.
Round elapsed time to whole seconds, pre-truncate progress rows with
string-width so truncated and non-truncated rows share the same left
indent, and switch the list's selection chevron + scroll hints to
ASCII glyphs.
Render each activity with its tool display name and single-line
description, collapsing embedded newlines so a heredoc body no longer
spills across the Progress block. Keep the registry's newest-last order
so the live row sits at the bottom with the accent marker, and switch
that marker to an ASCII `>` for unambiguous single-cell alignment with
history rows.
Render the agent title in bold accent so it stands out under the border,
and switch the progress chevron to a single-cell glyph with an extra
separator space so every row shares the same three-column indent.
Cap Progress and Prompt to five rows each, colour the latest progress
entry as primary text and older ones as secondary, tick duration every
second while the dialog is open, and drop the "Background tasks" header
from the detail view so the agent name sits directly under the border.
Expand the detail body's height budget now that each section is
self-bounded, so short terminals no longer hide the whole body behind a
truncation banner.
