Four Copilot follow-ups, three of them user-visible coverage gaps:
- `git commit --amend` was diffing `HEAD~1..HEAD` for attribution,
which spans the entire amended commit (parent → amended) rather
than the actual amend delta. A message-only amend would emit a
note attributing every file in the original commit to this
amend. New `isAmendCommit` helper detects the flag and
getCommittedFileInfo switches to `HEAD@{1}..HEAD` (the pre-amend
HEAD vs the amended HEAD); if the reflog is GC'd we bail with a
warning rather than over-attribute.
- `git commit --message "..."` and `--message="..."` were silently
skipped because the regex only recognised the short `-m` form.
The flag prefix now matches both alternatives via
`(?:-[a-zA-Z]*m|--message)\s*=?\s*` (non-capturing inner group
so the existing `[full, prefix, body]` destructure still works).
- `gh pr create -b "..."` (the short alias for `--body`) was the
same gap on the PR side; `(?:--body|-b)[\s=]+` now covers both
forms.
- `.d.ts` was an over-broad blanket exclusion in
EXCLUDED_EXTENSIONS — declaration files are commonly authored
(ambient declarations, asset shims like `*.d.ts` for
`import './x.svg'`); the repo even contains
`packages/vscode-ide-companion/src/assets.d.ts`. Removed `.d.ts`
from the extensions Set and adjusted the test to assert the new
behavior. Auto-generated `.d.ts` (e.g. `tsc --declaration`
output) still gets caught by the build-directory rules.
Tests added: `--amend` plumbing covered by the new branch in
getCommittedFileInfo (no targeted unit test — the diff invocation
goes through ShellExecutionService and is exercised by the existing
post-command path); `--message`/`--message="..."`/-b/-b="..."` all
have positive trailer-injection assertions; `.d.ts` test split into
"hand-authored" (negative) and "in dist" (positive).
Five Critical/Suggestion items:
- `cd subdir && git commit` (or any non-attributable commit chain
whose HEAD movement still happens in our cwd, e.g. cd into a
subdirectory of the same repo) used to skip attribution AND fail
to clear pending per-file entries. Those entries then leaked into
the next foreground commit, inflating its AI percentage. New
`else if (commitCtx.hasCommit)` branch in execute() compares pre-
and post-HEAD; if HEAD moved we drop the per-file state. preHead
is now snapshotted whenever ANY commit was attempted, not only
attributable ones.
- getCommittedFileInfo's three diff calls run in `Promise.all`. If
`--numstat` failed while `--name-only` succeeded, every file's
diffSize would be 0 and generateNotePayload would clamp aiChars
to 0 — emitting a structurally valid note with all-zero AI
percentages. Detect the partial-failure shape (files non-empty,
diffSizes empty) and return empty so no note is written.
- addCoAuthorToGitCommit and addAttributionToPR now bail when the
captured `-m`/`--body` value contains `$(`. The tool description
recommends `git commit -m "$(cat <<'EOF' ... EOF)"` for
multi-line messages, but the regex's `(?:[^"\\]|\\.)*` body group
stops at the first interior `"` from a nested shell token —
splicing the trailer there breaks the command before it reaches
the executor.
- looksLikeGhPrCreate now accepts `gh pr new` as well — it's a
documented alias for `gh pr create` and was silently skipped.
- Removed `incrementPermissionPromptCount` / `incrementEscapeCount`
and their getters: they had no production callers, so the backing
fields just round-tripped through snapshots as 0. The four
snapshot fields are now optional so pre-fix snapshots that carry
non-zero values still load cleanly and just get ignored.
Three regression tests added: heredoc-style `-m "$(cat <<EOF...)"`
preserved literally, heredoc-style `--body` likewise, `gh pr new
--body "..."` rewritten with attribution.
Two Critical findings on addCoAuthorToGitCommit, plus a Copilot
maintainability nit:
- The `-m` regex used to scan the whole compound command, so
`git commit -m "fix" && git tag -a v1 -m "release"` would target
the LATER tag annotation (last -m wins) and splice the trailer
there instead of the commit message. The rewrite now scopes to
the actual `git commit` segment via a new
findAttributableCommitSegment(): same shell-aware walk
gitCommitContext does, but returning the segment's character
range so the regex can be run on a slice and spliced back into
the original command.
- Within the segment, a literal `-m '...'` *inside* a quoted body
was treated as a real later -m. For
`git commit -m "docs mention -m 'flag' for completeness"`, the
inner single-quoted -m sits at a higher index than the real
outer -m, and the previous index comparison would have it win —
splicing the trailer mid-message and corrupting the quoting.
The new code checks whether the candidate is nested inside the
other quote-style's range (start/end containment) and prefers
the outer match when so.
- Hoisted three constant Sets (sudo flag list, git global flags
taking values, git global flags shifting cwd, gh global flags)
out of the per-call scope to module constants. Functional
no-op, but keeps the parsing helpers easier to read and avoids
re-allocating the Sets on every command.
Two regression tests added for the cases above:
- inner `-m '...'` inside the outer message body is preserved
literally and the trailer lands after the body
- `git tag -a v1 -m "release notes"` after a real
`git commit -m "fix"` is left untouched, with the trailer
appended to "fix" only
Five review items, one Critical:
- attachCommitAttribution now canonicalises via the repo *root* (one
realpath call) and resolves committed paths against that canonical
root, rather than per-leaf realpath inside clearAttributedFiles.
At cleanup time the leaf for a just-deleted file no longer exists,
so per-leaf fs.realpathSync would fail and silently fall back to a
non-canonical path that misses the stored canonical key — leaving
stale attributions for deleted files.
clearAttributedFiles drops its internal realpath and now documents
the canonical-paths-required precondition explicitly.
- addCoAuthorToGitCommit picks the LAST `-m` regardless of quote
style. Previously `doubleMatch ?? singleMatch` always preferred
the last double-quoted match, so `git commit -m "Title" -m
'Body'` injected the trailer into the title where git
interpret-trailers would silently ignore it. Now compares match
indices, and the escape helper follows the actually-selected
match's quote style.
- parseGhInvocation handles `-R=value` (the equals form of the
short `--repo` alias). `--repo=...` and `--hostname=...` were
already covered; `-R=...` previously fell through to the generic
flag branch and skipped the value.
- New tests for the symlink-aware canonicalisation: macOS-style
`/var` ↔ `/private/var` mapping is mocked via vi.mock on
node:fs, with cases for record-then-look-up under either form,
generateNotePayload with a symlinked baseDir, partial clear via
the canonical-root-derived path (deleted leaf), and snapshot
restore canonicalisation.
- Doc-only: integration-test header comments updated from
"V1 -> V2 -> V3" / "migration to V3" to reflect the actual V4
end state (assertions already used the literal `4`).
Two related Copilot follow-ups:
- recordEdit/getFileAttribution/clearAttributedFiles now run input
paths through fs.realpathSync before storing/looking up, so a
symlinked path (e.g. macOS /var ↔ /private/var) resolves to the
same key regardless of which form the caller passes. Previously
edit.ts/write-file.ts handed in non-realpath'd absolute paths
while generateNotePayload tried to realpath only inside its
lookup loop, leaving partial-clear and clear-on-finally paths
unable to find entries when the forms diverged.
- restoreFromSnapshot also canonicalises on the way in so a
session resumed from a pre-fix snapshot (where keys may not
have been canonical) ends up with the same shape as newly
recorded entries — otherwise a single file could end up with
two parallel records.
- generateNotePayload's lookup loop dropped its per-entry realpath
call (now redundant since keys are canonical at write time),
keeping only the realpath of `baseDir` (which still comes from
`git rev-parse --show-toplevel` and may be a symlink).
- Updated `clearAttributedFiles` doc to describe the new semantics:
callers can pass either the resolved repo-relative path or an
already-canonical absolute path, and either will match.
Two Critical items, two Copilot, and five wenshao Suggestions:
- attachCommitAttribution's `finally` block used to call
`clearAttributions()` unconditionally, wiping per-file tracking
for files the AI had edited but the user excluded from this
commit. Added `clearAttributedFiles(committedAbsolutePaths)` to
the service and the call site now passes only the paths that
actually landed in this commit; entries for un-`add`ed files stay
pending for a later commit.
- generateNotePayload now runs both `baseDir` and each tracked
absolute path through `fs.realpathSync` before `path.relative`.
On macOS in particular `/var` symlinks to `/private/var`, so the
toplevel from `git rev-parse --show-toplevel` and the absolute
path captured by edit/write-file tools could diverge — producing
`../../actual/path` keys in the lookup that never matched and
silently zeroed all per-file AI attribution.
- tokeniseSegment now consumes value-taking sudo flags (`-u`,
`-g`, `-h`, `-D`, `-r`, `-t`, `-C`, plus the long forms). Without
this, `sudo -u other git commit` left `other` standing in for
the program name and skipped the trailer entirely.
- A duplicate JSDoc block above `countCommitsAfter` (a leftover
from the earlier extraction of `getGitHead`) was removed; both
helpers now have one accurate comment each.
- attachCommitAttribution's multi-commit guard now also runs when
`preHead === null` (brand-new repo), via `git rev-list --count
HEAD`. A compound `git init && git commit -m a && git commit -m b`
no longer slips through and mis-attributes combined data to the
last commit.
- addCoAuthorToGitCommit's `-m` matching switched to `matchAll` and
takes the LAST match. `git commit -m "title" -m "body"` puts the
trailer at the end of the body so `git interpret-trailers`
recognises it; the previous first-match behaviour stuffed the
trailer in the title where git treats it as plain message text.
- addAttributionToPR's `--body` regex accepts both space and
`=` separators (`--body "..."` and `--body="..."`); the `=` form
is common with gh.
- New `parseGhInvocation` walks past gh's global flags
(`--repo`, `-R`, `--hostname`) so `gh --repo owner/repo pr
create ...` is detected. The earlier fixed-position check at
tokens[1]/tokens[2] missed any command with a global flag.
- getCommittedFileInfo now fans out the two `rev-parse` calls and
the three diff calls with `Promise.all`. They're independent and
serialising them was paying spawn latency 5× per commit.
Tests: sudo with `-u user`, multi `-m`, `gh --repo owner/repo`,
`--body="..."`, plus the existing 84 shell tests still pass.
Five follow-ups from the latest review pass:
- attachCommitAttribution now refuses to write a single git note for
shell commands that produce more than one commit (e.g.
`git commit -m a && git commit -m b`). The singleton's per-file
attribution map can't be partitioned across the individual commits,
so attaching the combined note to HEAD would mis-attribute earlier
commits' changes to the last one. Walks `preHead..HEAD` via
`git rev-list --count`; on multi-commit detection it snapshots the
prompt counters and bails with a debug warning instead of writing
a misleading note.
- parseGitInvocation now recognises the attached `-C/path` form
(e.g. `git -C/path commit -m x`). shell-quote tokenises that as a
single `-C/path` token which previously fell to the generic flag
branch with `changesCwd = false`, leaving an out-of-cwd commit
classified as attributable.
- attachCommitAttribution dropped its unused `command` parameter
(the caller already gates on `commitCtx.attributableInCwd`, so
re-parsing was removed earlier; the parameter became dead).
- Added wiring guards in edit.test.ts and write-file.test.ts:
AI-originated edits/writes hit `CommitAttributionService.recordEdit`,
`modified_by_user: true` skips, and write-file's distinction
between a true new file and an overwritten empty file (`null` vs
`''` old content) is now pinned by `aiCreated` assertions.
Six review items, two of them critical:
- gitCommitContext was checking fixed-position tokens (`arg1`, `arg3`)
and missed every git invocation that puts a global flag between
`git` and the subcommand: `git -c user.email=x@y commit`,
`git --no-pager commit`, `git -C /p -c k=v commit`, etc. In
background mode these would slip past the refusal guard; in
foreground they got no co-author trailer, no git note, and no
prompt-counter snapshot. New `parseGitInvocation` walks past
git's global flags (with their values) before reading the
subcommand, and reports `changesCwd` for `-C` / `--git-dir` /
`--work-tree`.
- The Windows guard on addCoAuthorToGitCommit and addAttributionToPR
used `os.platform() === 'win32'`, which incorrectly skipped Windows
+ Git Bash (`getShellConfiguration().shell === 'bash'`). Switched
both to gate on `getShellConfiguration().shell !== 'bash'` so Git
Bash users keep the feature.
- attachCommitAttribution was re-parsing `gitCommitContext(command)`
even though `execute()` already gates on `commitCtx.attributableInCwd`.
Removed the redundant re-parse — drift between the two checks would
silently diverge trailer injection from git-notes writes.
- tokeniseSegment (formerly tokeniseProgram) now logs via debugLogger
on parse failure instead of swallowing silently. Easier to debug
if shell-quote ever throws on something unusual.
- Added a comment on `cwdShifted` documenting that it's a one-way
latch — `cd src && cd ..` will still skip attribution. The
trade-off matches the wrong-repo guard's "better miss than corrupt
unrelated repos" intent.
- Stale `--stat` reference in the aiChars-clamp comment updated to
`--numstat` to match the actual git command in
ShellToolInvocation.getCommittedFileInfo.
Tests: `git -c key=val commit` and `git --no-pager commit` now
produce a trailer; existing 82 shell tests still pass.
Six items called out across CodeQL, Copilot, and wenshao:
- The earlier `looksLikeGitCommit`/`stripCommandPrefix` returned a
single yes/no and rejected ANY `cd` in the chain. That fixed the
wrong-repo case but also disabled attribution for `git commit -m
"x" && cd ..` (commit already landed safely in our cwd; the cd
came after). It also conflated three distinct decisions onto one
predicate.
New `gitCommitContext` returns both `hasCommit` and
`attributableInCwd`, walking segments in order so that a `cd`
AFTER the commit doesn't invalidate it. Callers now pick the right
arm:
- background-mode refusal uses `hasCommit` (refuses even
`cd /elsewhere && git commit` since we can't attribute it
afterward either way)
- HEAD snapshot, addCoAuthorToGitCommit, and the
attachCommitAttribution gate use `attributableInCwd`
- Tokenisation switches from a regex while-loop to `shell-quote`'s
`parse`. Quoted env values like `FOO="a b" git commit` now skip
correctly (the old `\S*\s+` form would cut after the opening
quote). Eliminates the CodeQL polynomial-regex alert at the same
time since the `\S*\s+` pattern is gone.
- attachCommitAttribution now snapshots prompt counters via
`clearAttributions(true)` whenever a commit lands, even if no
per-file attributions were tracked. Previously the early-return
on `hasAttributions() === false` meant `promptCountAtLastCommit`
never advanced, so a later `gh pr create` reported an inflated
N-shotted count spanning multiple commits.
Tests: env-var and sudo prefixes still produce trailers; quoted
"git commit" / "gh pr create" leave commands unchanged; cd BEFORE
commit suppresses the rewrite while cd AFTER commit does not; `git
-C <path> commit` is treated as a commit (refused in background)
but not as attributable.
Five Copilot follow-ups:
- looksLikeGitCommit now strips leading env-var assignments
(`GIT_COMMITTER_DATE=now git commit ...`) and a small allowlist of
safe wrappers (`sudo`, `command`) before matching. The previous
exact-prefix match silently skipped trailer injection on common
real-world commit forms.
- A new looksLikeGhPrCreate (same shell-aware shape) replaces the raw
`\bgh\s+pr\s+create\b` regex in addAttributionToPR, so quoted text
like `echo "gh pr create --body \"x\""` no longer triggers a
command-string rewrite.
- executeBackground refuses to run `git commit` and tells the user to
re-run foreground. The BackgroundShellRegistry lifecycle has no
hook for the post-command pre/post-HEAD comparison or git-notes
write, so allowing the commit through would create the new commit
without notes and leak stale per-file attribution into the next
foreground commit.
- recordDeletion was unused outside its own test — removed (and the
test). When AI-driven deletions need tracking we'll add it with an
actual integration point rather than carrying dead API surface.
- generatePRAttribution was likewise unused; addAttributionToPR
builds the trailer string inline. The two formats had already
diverged. Removed the helper and its tests; reviving from git
history is straightforward if a future caller needs it.
Tests: env-var and sudo prefixes now produce trailers; quoted
"gh pr create" leaves the command unchanged; existing 81 shell tests
still pass alongside the trimmed 25 commitAttribution tests.
Deleted files with no AI tracking now use diffSize directly. With
numstat as the input source, diffSize is an exact count, and an
empty-file deletion legitimately reports zero — a magic fallback would
only inflate totals.
Two more Critical items called out by wenshao plus the matching Copilot
quote-handling notes:
- attachCommitAttribution and addCoAuthorToGitCommit now go through a
shell-aware `looksLikeGitCommit` helper instead of a raw
`\bgit\s+commit\b` regex. The helper splits the command on shell
separators (`splitCommands`) and checks each segment, so `echo "git
commit"` no longer triggers attribution clearing or trailer
injection. The same helper bails on any segment that contains `cd`
or `git -C <path>`, since either could redirect the commit into a
different repo than our cwd — writing notes or capturing HEAD there
would corrupt unrelated state.
- The post-command attribution call now runs regardless of whether the
shell wrapper aborted. `git commit -m "x" && sleep 999` could move
HEAD and then time out, leaving the new commit without its
attribution note while the stale per-file attribution stayed around
for a later unrelated commit. attachCommitAttribution still gates on
HEAD movement, so it's a no-op when no commit was actually created.
- The `-m '...'` and `--body '...'` regexes used to match only the
first quote segment, so a command like `git commit -m 'don'\''t'`
(bash's standard apostrophe-escape form) would have the trailer
spliced mid-message and break the command's quoting. The single-
quote patterns now use a negative lookahead / inner alternation to
either skip those messages entirely (commit path) or match the
whole escape-aware body (PR path).
Tests cover the new behavior: quoted "git commit" is left alone, the
`cd && git commit` and `git -C` patterns get no trailer, and the
apostrophe-escape form passes through unchanged for both `-m` and
`--body`.
Three Critical items called out by wenshao:
- attachCommitAttribution was passing config.getTargetDir() as `baseDir`
to generateNotePayload, but getCommittedFileInfo returns paths
relative to `git rev-parse --show-toplevel`. When the working
directory was a subdirectory of the repo, path.relative produced
`../...` keys that never matched in the AI-attribution lookup,
silently zeroing out attribution for every file outside getTargetDir.
StagedFileInfo now carries an optional `repoRoot` (filled in by
getCommittedFileInfo via `git rev-parse --show-toplevel`) and the
caller prefers it over the target dir.
- addCoAuthorToGitCommit interpolated `gitCoAuthorSettings.name` and
`.email` into the rewritten command without escaping. A name
containing `$()`, backticks, or `"` could be evaluated as command
substitution under double quotes, or break the user-approved
`git commit -m "..."` quoting. Now escapes per the surrounding quote
style with the same helpers addAttributionToPR uses, gates on
non-Windows for the same shell-quoting reason, and fixes the regex
to accept `-m"msg"` shorthand (no space) so users who type the
bash-shorthand form aren't silently denied a trailer.
- parseDiffStat used `git diff --stat` output and approximated each
line as ~40 chars by parsing a graphical text bar. Replaced with
`git diff --numstat` which gives unambiguous integer
additions+deletions per file; the heuristic remains but the parser
is no longer fooled by the visual `++--` markers. Binary entries
fall back to a fixed estimate so they still land in the map (rather
than dropping out as diffSize=0).
Suggestions also addressed: stale duplicate JSDoc on
addCoAuthorToGitCommit removed, misleading `clearAttributions`
comments rewritten to describe what the boolean argument actually
does. Tests cover the new shorthand path, escape behavior, and
numstat parsing (text/binary/rename/malformed).
Three follow-up review items from Copilot:
- parseDiffStat now handles git's binary-diff format (`path | Bin A ->
B bytes`) using the byte delta with a floor of 1. Without this,
binary edits arrived at the attribution payload as diffSize=0 and
were silently dropped. Also extracted the parser to a top-level
exported function so the binary path is unit-testable; added five
targeted cases (text/binary/rename normalisation/summary skip).
- attachCommitAttribution now passes `this.config.getModel()` into
generateNotePayload instead of the user-configurable
`gitCoAuthor.name`. The note's `generator` field reflects which
model produced the changes — and CommitAttributionService's
sanitizeModelName() actually has the codename to scrub now.
- generate-settings-schema.ts imports SETTINGS_VERSION instead of
hardcoding `default: 3`, so a future bump propagates to the emitted
JSON schema in one place. Regenerated settings.schema.json bumps
$version's default from 3 to 4 to match the V4 migration.
Six items called out on PR #3115 by Copilot:
- shell.ts: addAttributionToPR's bash quote escaping doesn't apply to
cmd.exe / PowerShell, where `\$` and `'\''` aren't honored. Skip the
PR body rewrite entirely on Windows — losing PR attribution there is
preferable to corrupting the user-approved `gh pr create` command.
- attributionTrailer.ts + shell.ts call site: buildGitNotesCommand used
bash-style single-quote escaping on the JSON note, which is broken on
Windows. Switched to argv form (`{ command, args }`) and routed the
invocation through child_process.execFile so shell quoting is bypassed
entirely. Tests updated to assert the argv shape.
- commitAttribution.ts: when a tracked file's aiChars exceeded the diff
--stat-derived diffSize (long-line edits where diffSize ≈ lines * 40),
humanChars clamped to 0 but aiChars stayed inflated, leaving aiChars +
humanChars > the committed change magnitude. Clamp aiChars to diffSize
so the totals stay consistent.
- shell.ts parseDiffStat: only normalized rename brace notation
(`{old => new}`). Cross-directory renames emit `old/path => new/path`
without braces, leaving diffSizes keyed by the full string. Added a
second normalization step.
- shell.ts: addAttributionToPR docstring claimed `(X% N-shotted)` but
the implementation only emits `(N-shotted by Generator)`. Updated the
docstring to match the actual behavior.
- settingsSchema.ts + generator: gitCoAuthor went from boolean to object
in the V4 migration. The exported JSON Schema now wraps the field in
`anyOf: [boolean, object]` (via a new `legacyTypes` hint on
SettingDefinition) so users with a stored boolean don't see a spurious
IDE warning before their next launch runs the migration.
* docs: scaffold branch for #3247 tool execution unification
Placeholder commit to establish the branch for PR creation.
Actual refactoring will be done in subsequent commits.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* feat(core): add shared permission flow for tool execution unification
This addresses #3247 by consolidating duplicated tool execution behavior
across Interactive, Non-Interactive, and ACP modes behind shared execution
utilities.
- Add permissionFlow.ts: shared L3→L4 permission evaluation logic
- Add permissionFlow.test.ts: comprehensive test coverage (17 tests)
- Export from index.ts for use across all execution modes
Why: Permission handling logic was duplicated in CoreToolScheduler and
Session.runTool(). This shared module ensures consistent behavior across
all modes and provides a single source of truth for future fixes.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(e2e): add bundle step to E2E workflow and fix canUseTool test
- Add 'npm run bundle' to E2E workflow so dist/cli.js exists for SDK tests
- Fix 'should handle control responses when stdin closes before replies' test:
- Use helper.getPath() for absolute file path
- Make prompt explicitly invoke write_file tool
- Remove inputStreamDonePromise timeout that caused false failures
- Add q.endInput() to signal stdin done
- Assert canUseTool was called and file content is updated
* fix(core): wire evaluatePermissionFlow() and address PR review feedback
Address review feedback on PR #3723:
- Wire evaluatePermissionFlow() in coreToolScheduler.ts (both call sites)
- Wire evaluatePermissionFlow() in Session.ts (ACP mode)
- Delete TOOL_EXECUTION_UNIFICATION.md (had literal \n artifacts)
- Add PermissionFlowPermission union type for stronger typing
- Document the 'default' permission state in docstring
- Use needsConfirmation/isPlanModeBlocked/isAutoEditApproved helpers
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* feat(core): add FileReadCache and short-circuit unchanged Reads
Track Read / Edit / WriteFile operations per session in a new
FileReadCache, keyed by (dev, ino) so symlinks, hardlinks, and
case-variant paths collapse to one entry. ReadFile consults the cache
on entry: when a full Read of a text file is repeated against an
unchanged inode (mtime+size match, no intervening recordWrite), it
returns a short placeholder instead of re-emitting the file content.
Range-scoped Reads, non-text payloads, and post-write reads always
fall through to the full pipeline.
The cache is a one-instance-per-Config field, which gives subagents an
empty cache automatically. Edit / WriteFile do not consume it yet — a
follow-up will wire prior-read enforcement onto the same cache.
* fix(core): refine FileReadCache contract per PR review feedback
Three changes addressing review feedback on PR #3717:
1. Truncated reads no longer arm the placeholder. A "full" Read whose
output got truncated (line cap or character cap) means the model
only saw the head of the file; returning `file_unchanged` next call
would falsely imply "you've already seen everything", so we keep
such entries non-cacheable and let the next call re-emit the
truncated window.
2. Add a Config-level escape hatch (`fileReadCacheDisabled`, default
false). When true, ReadFile bypasses both the fast-path lookup and
the post-read record so behaviour matches the pre-cache build
byte-for-byte. Intended for sessions that may undergo context
compaction or transcript transformation, where the placeholder's
"you saw the content earlier in this conversation" assumption
becomes unreliable.
3. The `unchangedResult` placeholder now explicitly warns about three
distinct retrieval failures: context compaction, subagent transcript
transformation, and external mutation (shell / MCP / other process).
The previous wording only covered the third.
Also adds a `READ_FILE_CACHE` debug logger that emits `hit` / `miss`
on every full-Read cache consultation, so cache-hit rate can be
observed locally without committing to a full telemetry pipeline.
* fix(core): clear FileReadCache on startNewSession
The file-read cache backs ReadFile's `file_unchanged` placeholder,
whose correctness depends on the model having seen the prior full
read earlier in the *current* conversation. `/clear` and session
resume both go through `startNewSession()`, which previously left
cache entries from the outgoing session in place.
Result: a follow-up full Read of an unchanged file in the new
session could return the placeholder despite the new conversation
never having received the file contents, leaving the model to
reason about content it cannot retrieve.
Calls `this.fileReadCache.clear()` from `startNewSession()` and
adds a regression test asserting the cache is empty after a session
restart.
Reported by `pomelo-nwu` on PR #3717.
* fix(core): tighten FileReadCache contract per 3rd review pass
Six issues raised by the 3rd review on PR #3717, all addressed:
1. Subagent cache isolation (was the most critical bug). Every
subagent / scoped-agent / fork path constructs its Config via
`Object.create(parent)`, which does not run instance field
initializers. The child therefore resolved `fileReadCache` through
the prototype chain to the parent's instance — so a subagent's
ReadFile would return the file_unchanged placeholder for files
the subagent's own transcript had never received. Fixed centrally
in `getFileReadCache()` with a lazy own-property check, so every
`Object.create(Config)` site (6 of them today) automatically gets
an isolated cache without each site needing to remember to
override the field. New regression tests assert (a) `Object.create`
children get a distinct cache and (b) repeated calls return the
same instance.
2. Edit / WriteFile now call `cache.recordWrite(absPath, postWriteStats)`
on the success path. Without this, low-resolution mtime filesystems
(FAT/exFAT, NFS attribute caches, same-millisecond rewrites on
POSIX) would leave the cache reporting `fresh` after an edit and
ReadFile would serve the pre-edit placeholder. Best-effort: a
stat failure here is non-fatal (the next Read will re-stat).
3. `tryCompressChat` (in `core/client.ts`) now clears the cache after
`startChat(newHistory)` succeeds. Compaction rewrites the prompt
history so prior full-Read tool results may no longer be in the
model's context, but the cache previously kept claiming "the
model has seen this file in this conversation."
4. ReadFile auto-memory paths skip the fast-path entirely. Auto-memory
files (AGENTS.md and the auto-memory root) get a per-read
`<system-reminder>` freshness note in the slow path; returning the
placeholder would silently drop that staleness signal. These files
are small; re-emitting them is cheap.
5. The cache's recorded fingerprint is now the post-read stat, not
the pre-read one. processSingleFileContent does its own internal
stat between the pre-read stat and the bytes that land in
`result.llmContent`; if the file mutated in that window, the old
code would record a fingerprint that did not correspond to the
bytes actually emitted. A subsequent Read whose stat happened to
match the recorded fingerprint would then serve a placeholder
pointing at content the model never saw.
6. The empty `catch` around the pre-read stat now logs `stat-failed`
with `err.code` so oncall can distinguish a transient stat failure
from a genuine cache miss in the debug stream. One-line change,
no behaviour difference.
Reported by `pomelo-nwu` on PR #3717.
* test(core): mock getFileReadCache in client.test.ts
CI flagged 5 tryCompressChat tests as TypeError after the cache.clear()
hook was added in 0471799fd — the existing mock Config in client.test.ts
predates the FileReadCache wiring and did not stub getFileReadCache().
Local test runs missed this because they were scoped to the cache /
read-file / edit / write-file / config files.
Adds the minimal getFileReadCache stub returning an object with a clear()
method, matching the only call shape tryCompressChat needs.
Two critical issues called out in review:
1. attachCommitAttribution treated the final shell exit code as proof
that `git commit` itself failed. For compound commands like
`git commit -m "x" && npm test`, the commit can succeed and a later
step can fail; the previous code then cleared attribution without
writing the git note. Now we snapshot HEAD before the command (via
`git rev-parse HEAD` through child_process.execFile, kept independent
of the mockable ShellExecutionService) and detect commit creation by
HEAD movement, so attribution lands whenever a new commit was created
regardless of later steps.
2. addAttributionToPR spliced the configured generator name into the
user-approved `gh pr create --body "..."` argument verbatim. A name
containing `"`, `$`, a backtick, or `'` could break the command or be
evaluated as command substitution. Now we shell-escape the appended
text per the surrounding quote style before splicing.
Tests cover the new escape paths for both double- and single-quoted
bodies, including a generator name designed to break interpolation
(`$(rm -rf /) "danger" \`eval\``) and one with an apostrophe.
The `tool_token_count` field was sourced from `toolUsePromptTokenCount`
on the GenAI usage metadata, but none of the providers we adapt
(OpenAI/DashScope, Anthropic) populate it, and Google's Gemini API only
emits it for built-in server-side tools that qwen-code does not use.
The metric was therefore always zero in practice, so the dedicated
counter, telemetry field, UI row, and supporting plumbing are removed
end-to-end (telemetry types, OTEL counter type, UI aggregation, model
stats display, qwen-logger payload, VS Code session schema, and docs).
After a stable/patch CLI release, the release branch version bump was
never synced back to main, causing nightly versions to fall behind
stable (e.g. nightly 0.15.3 < stable 0.15.5). Add automated PR
creation and auto-merge steps (matching the existing release-sdk.yml
pattern) so package.json on main stays in sync after each release.
Resolves#3756
* fix(vscode-companion): fill slash commands into input on Enter instead of auto-submitting (#1990)
Previously, selecting any slash command from the VSCode completion menu
via Enter would immediately send it to the agent, giving users no chance
to append arguments. This was especially problematic for skills and
custom commands that accept parameters.
Changes:
- Commands that accept input (skills, commands with completion) now fill
into the input box on Enter, letting users type arguments before
submitting
- No-arg built-in commands (/clear, /doctor, etc.) still auto-submit
on Enter for convenience
- Tab always fills without submitting (unchanged)
- Client-side commands (/auth, /account, /model) still execute
immediately (unchanged)
The distinction is driven by the ACP `input` field: Session.ts now sets
`input: { hint }` for commands that accept arguments (non-BUILT_IN kind
or commands with completion functions), and `input: null` for the rest.
Also fixes:
- /auth + /login unified handling in useMessageSubmit.ts
- authCancelled message now clears waiting state (prevents input lockup)
- Stale /login comment updated to /auth in WebViewProvider.ts
Resolves#1990
* fix(acp): derive input field from argumentHint and subCommands, not just kind+completion
The previous logic only checked `kind !== BUILT_IN || completion != null`
to decide whether a command accepts arguments. This caused built-in
commands like /bug, /context, /export, /language, and /stats to be
marked as no-input (auto-submit on Enter), even though they accept
meaningful arguments or have subcommands.
Now a command is considered to accept input when any of:
- it is not a BUILT_IN command
- it has a completion function
- it declares an argumentHint
- it has subCommands
Also adds argumentHint to /bug since it accepts a description but has
neither completion nor subCommands.
* fix(vscode-companion): strip U+200B from completion insertion path
The contentEditable input uses U+200B as a height placeholder. When
selecting a completion item, the raw textContent was used directly for
computing trigger position and building the new text, which could
preserve the hidden character and produce text like "\u200B/commit"
that downstream slash-command handling may not recognize.
Now strip zero-width spaces from the text before computing cursor
position and trigger offsets, and adjust the cursor for any removed
characters so the final inserted text is placeholder-free.
* fix(vscode-companion): add stripZeroWidthSpaces to @qwen-code/webui mock in App.test.tsx
The test mock for @qwen-code/webui was missing the newly imported
stripZeroWidthSpaces function, causing 4 test failures in CI.
* fix(docs): correct outdated and inaccurate LSP documentation
- Remove reference to non-existent `packages/cli/LSP_DEBUGGING_GUIDE.md`
- Remove reference to unimplemented `/lsp status` slash command
- Replace incorrect `DEBUG=lsp*` env var with actual debug log location
(`~/.qwen/debug/` session files with `[LSP]` tag)
- Remove external Claude Code documentation links (`code.claude.com`)
- Document `isPathSafe` constraint: absolute paths outside workspace
are blocked, users must add server binary directory to PATH
- Add practical troubleshooting: `ps aux | grep <server>` to check
if the server process is actually running
- Add clangd-specific guidance: `--background-index`, `compile_commands.json`
location, and `--compile-commands-dir` usage
- Simplify trust documentation (remove vague "configure in settings")
* fix(lsp): allow absolute paths in LSP server command configuration
Previously, `isPathSafe` rejected any command containing a path
separator that resolved outside the workspace directory. This blocked
legitimate use cases where users specify absolute paths to language
server binaries (e.g. `/usr/bin/clangd`, `/opt/tools/jdtls/bin/jdtls`).
The fix allows:
- Bare command names resolved via PATH (unchanged)
- Absolute paths (explicit user intent, already gated by trust checks)
- Relative paths within the workspace (unchanged)
Only relative paths that traverse outside the workspace (e.g.
`../../malicious-binary`) are still blocked.
Closes: server silently fails to start when users configure absolute
paths in `.lsp.json`, with only a debug log warning visible.
* feat(lsp): inject LSP priority instruction into system prompt when enabled
The model was not using the LSP tool because the system prompt's
"Tool Usage" section never mentioned it. The tool description alone
("ALWAYS use LSP as the PRIMARY tool") was insufficient — models
follow system prompt instructions more reliably than tool descriptions.
Changes:
- getCoreSystemPrompt() accepts `options.lspEnabled` parameter
- When LSP is enabled, injects an instruction in the Tool Usage section
telling the model to ALWAYS use the LSP tool FIRST for code
intelligence queries (definitions, references, hover, symbols, etc.)
instead of falling back to grep/readfile
- Updated client.ts to pass config.isLspEnabled() to the prompt builder
- Updated test mocks and snapshots
* feat(lsp): add symbolName parameter for position-free LSP queries
The model avoided calling LSP for findReferences, hover, etc. because
these operations required filePath + line + character which the user
rarely provides. The model would read files directly instead.
Changes:
- Add `symbolName` optional parameter to LspTool
- When symbolName is provided without line/character, auto-resolve
the symbol's position via workspaceSymbol before executing the
actual operation (findReferences, hover, goToImplementation, etc.)
- Update tool description with examples showing symbolName usage
- Move LSP priority instruction to top of system prompt for visibility
- Add debug logging for LSP prompt injection
This enables natural queries like:
{operation: "findReferences", symbolName: "Calculator"}
{operation: "hover", symbolName: "addShape"}
without requiring the user to know exact file positions.
* feat(lsp): add LSP reminder to grep/readfile tool descriptions
When LSP is enabled, the model often chose grep or readfile instead
of LSP for code intelligence queries. Now the competing tools'
descriptions include a note reminding the model to use the LSP tool
for definitions, references, symbols, hover, diagnostics, etc.
This "push-pull" approach:
- System prompt pushes toward LSP (top-level priority instruction)
- Grep/ReadFile descriptions pull away from code intelligence usage
* fix(docs): align LSP doc with isPathSafe change — absolute paths now supported
The doc still said "absolute paths outside the workspace are not
supported" but the code was changed to allow them. Updated all
three places (Required Fields table, Troubleshooting, Debugging)
to reflect that absolute paths are now accepted.
* fix(lsp): improve symbol-based tool resolution
* fix(lsp): normalize display paths across platforms
* fix(lsp): narrow docs and path safety changes
* fix(lsp): add edge-case tests for isPathSafe and fix Chinese comment
- Add test for intermediate path traversal (./a/../../../etc/passwd)
- Add test for forward-slash relative paths (tools/clangd)
- Replace Chinese JSDoc with English on requestUserConsent
* fix(lsp): rename requestUserConsent to checkWorkspaceTrust
The method only checks workspace trust level and does not actually
prompt the user for consent. Rename the method and update the JSDoc
and call-site log message to accurately reflect the behavior.
* fix(core): preserve reasoning_content in rewind, compression, and merge paths (#3579)
* chore(core): remove dead stripThoughtsFromHistory methods (#3579)
* revert(pr): remove redundant reasoning merge per review feedback (#3737)
Per tanzhenxin's review: the compressed ack is plain text without
tool_calls so the thought-part injection is unnecessary, and the
converter reasoning merge is redundant given #3729's canonical
ensureReasoningContentOnToolCalls in the deepseek provider.
Both paths are now handled at the request boundary, not in history
transformation.
* fix(cli): correct OPENAI_MODEL precedence without breaking /model selection
Fixes model precedence regression from #3567 (reverted in #3633):
- argv.model > settings.model.name > OPENAI_MODEL > QWEN_MODEL
- settings.model.name wins over OPENAI_MODEL when it matches a provider
- OPENAI_MODEL only used as fallback when no explicit model is configured
- Added tests proving both paths: settings wins, and OPENAI_MODEL fallback works
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(cli): separate model selection from provider lookup to prevent env override
The previous implementation iterated through candidates [argv.model, settings.model.name,
OPENAI_MODEL, QWEN_MODEL] and picked the first matching provider. This caused
settings.model.name to be overridden by OPENAI_MODEL when the former didn't
match any provider.
Fix by:
1. First resolve target model using strict precedence
2. Only look up provider for that specific model
3. Filter OPENAI_MODEL/QWEN_MODEL from env when model was resolved
from settings or argv, preventing the core resolver from picking
up these env vars
Also fixes Edge Case 5 test (was testing buggy behavior) and adds
integration test verifying settings.model.name wins over OPENAI_MODEL.
* fix(types): remove unused type annotation from mock
The mockImplementation used ModelConfigSourcesInput type which
wasn't properly resolved. Remove the type annotation
to fix TypeScript and ESLint errors.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* trigger CI
* chore: trigger clean CI build
* fix(test): make mock compatible with CI type checking
The mockImplementation was causing TS2345 in CI because
the return type didn't match ModelConfigResolutionResult.
Fixed by using optional chaining and removing type annotations
that caused CI build failures.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(test): make mock compatible with CI type checking
The mock of resolveModelConfig returned sources as { model: string }
instead of { model: ConfigSource }, causing a type error in CI only
(where strictBuild is enabled). Use proper ConfigSource objects.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(test): update mock to match reviewer suggestion
Use proper ConfigSource objects with path/envKey details as suggested
in the review, matching what resolveModelConfig actually returns.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* test(cli): add regression tests for model precedence
Adds [Regression] tests that guard against the original bug where
OPENAI_MODEL incorrectly overrode settings.model.name. Tests cover:
- settings.model.name precedence over OPENAI_MODEL
- OPENAI_MODEL used when settings.model.name not set
- argv.model overriding both settings and env
- QWEN_MODEL as fallback when OPENAI_MODEL not set
- Non-OpenAI auth ignoring OPENAI_MODEL
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(cli): address reviewer feedback on model precedence PR
- Add missing assertion in Non-OpenAI auth test to verify OPENAI_MODEL
is filtered from env passed to resolveModelConfig
- Clean up modelProvider lookup comment to clarify the old bug is fixed
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(cli): address review feedback on model precedence PR
- Sanitize OPENAI_MODEL/QWEN_MODEL in beforeEach to prevent flaky tests
- Remove stray "// trigger rebuild" comment
- Add AUTH_ENV_MODEL_VARS mapping for all auth types (not just OpenAI)
- Fix filteredEnv logic to strip ALL model env vars when model not from env
- Use sourceEnvVar tracking to only keep the env var that was actually used
Fixes the blocking test failure when OPENAI_MODEL is set in shell env.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(cli): fix test assertion for filtered env, add source-based filtering comments
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Mistral Vibe <vibe@mistral.ai>
Extend the DeepSeek reasoning_content normalization (introduced in
#3729) to assistant turns without tool_calls. The DeepSeek API rejects
follow-up requests in thinking mode whenever any prior assistant turn
omits reasoning_content, not just turns that carried tool_calls.
* fix(cli): keep sticky todo panel compact
* fix(cli): stabilize sticky todo redraws
* fix(cli): address sticky todo review feedback
* fix(cli): size sticky todo number column correctly
* fix(cli): address sticky todo review feedback
* fix(cli): bound SubAgent display by visual height to prevent flicker
The SubAgent runtime display used hard-coded MAX_TASK_PROMPT_LINES=5 and
MAX_TOOL_CALLS=5 plus character-length truncation (`length > 80`). On narrow
terminals the soft-wrapped content overflowed the available height as the
tool-call list grew, forcing Ink to clear and redraw on every update.
Pull AgentExecutionDisplay onto the same visual-height/visual-width slicing
pattern that ToolMessage and ConversationMessages already use:
- Add `sliceTextByVisualHeight` to textUtils — counts soft wraps as visual
rows, supports top/bottom overflow direction.
- AgentExecutionDisplay now derives maxTaskPromptLines / maxToolCalls from
the assigned `availableHeight` and uses `truncateToVisualWidth` (CJK +
emoji safe) instead of substring(0, 80). Compact mode is unchanged.
- Drop the 300 ms debounced `refreshStatic` AppContainer fired on every
terminalWidth change — that was a flicker source on resize and the
static area no longer needs the refresh.
Tests:
- textUtils.test.ts covers undefined maxHeight, top/bottom overflow, and
soft-wrap counting.
- AgentExecutionDisplay.test.tsx asserts the height-bounded render keeps
the prompt + tool list inside the assigned rows.
- AppContainer.test.tsx asserts width-only changes no longer clear the
terminal.
* test(tui): add SubAgent flicker regression script and ANSI counter
Two reusable tools for measuring TUI flicker:
- `scripts/measure-flicker.mjs` — standalone Node script that counts the
ANSI escape sequences which betray flicker (clearTerminalPair, clearScreen,
eraseLine, cursorUp) inside any recorded raw stream (`script` log,
`tmux pipe-pane` output, custom PTY capture). Supports baseline diff mode.
- `integration-tests/terminal-capture/subagent-flicker-regression.ts` —
end-to-end ratchet that boots a mock OpenAI server, drives a real qwen
process through an `agent` tool dispatch + 5 `read_file` SubAgent rounds,
then reads PTY bytes and asserts ANSI-redraw counts stay below configured
ceilings. Mirrors PR #43f128b20's resize-clear-regression pattern.
Reference numbers (60-col / 18-row terminal, fixed build):
clearTerminalPair=5, clearScreen=10, eraseLine=440, cursorUp=132
The ratchet defaults to 10/20 ceilings — roughly 2× steady state — so
regressions like reverting sliceTextByVisualHeight or restoring the
width-driven refreshStatic trip the build.
Implementation notes captured in the script's docstring:
- Strips HTTP_PROXY family env vars (NO_PROXY isn't honored by undici,
so corp proxy would otherwise hijack the loopback request).
- Drops `--bare` (bare mode hard-codes the registered tool set and
rejects the `agent` tool); HOME is sandboxed to a temp dir instead.
- Mock server speaks SSE because the CLI requests stream:true.
* fix(cli): address inline review on SubAgent flicker fix
Three issues from inline review on PR #3721:
1. **availableHeight as total budget (Critical).** The previous formula
only constrained prompt + tool-call height, not the surrounding
header / section labels / gaps / footer. Default and verbose mode
could still overrun the parent-provided budget. Subtract a fixed-row
overhead (10 rows running, 18 completed) before computing
`maxTaskPromptLines` / `maxToolCalls`. Add unit tests that assert the
rendered frame line-count stays within `availableHeight` for both
running and completed states.
2. **Ratchet that actually distinguishes fix from no-fix.** The previous
`clearTerminalPair` / `clearScreen` ceilings passed for both fixed
and unfixed builds. Add an `eraseLine` upper bound (default 460) —
that's the metric whose drop reflects the in-place-update efficiency
the visual-height fix delivers (no-fix observed 469, with-fix 434).
Refresh docstring with the current numbers and a coverage map that
honestly states what this ratchet does and does not exercise.
3. **Keypress scope.** `useKeypress` was active on every mounted
`AgentExecutionDisplay`, including completed/historical instances in
chat history — Ctrl+E / Ctrl+F would toggle them all in lock-step
and cause large scrollback reflows. Gate `isActive` on
`data.status === 'running'`. Test mock now also honors
`{ isActive }` so the new "completed displays ignore Ctrl+E"
regression is enforceable.
* fix(cli): address round-2 inline review on SubAgent flicker
Three follow-up issues from inline review on PR #3721:
1. **sliceTextByVisualHeight reservedRows early-return (Critical).**
The early return compared `visualLineCount <= targetMaxHeight` and
ignored `reservedRows`, so a caller asking us to keep one row free
for a footer could still receive the full input back with
`hiddenLinesCount: 0` even though only `targetMaxHeight - reservedRows`
content rows were actually available. Compare against
`visibleContentHeight` instead and add a regression test for the
`'a\nb\nc' / 3 / reservedRows: 1` case the reviewer flagged.
2. **Footer hint and rendered prompt now share one slicing result
(Suggestion).** Previously `hasMoreLines` looked at
`data.taskPrompt.split('\n').length` (hard newlines only), but the
prompt body was already truncated by `sliceTextByVisualHeight` (which
counts soft wraps). A long single-line prompt could be visually
truncated without the footer ever surfacing the "ctrl+f to show
more" hint. Lift the slice into the parent component and feed both
the rendered `TaskPromptSection` and the footer's `hasMoreLines`
from the same `hiddenLinesCount`.
3. **Running → completed transition test (Critical).** The previous
"completed displays ignore Ctrl+E" test rendered already-completed
data, so `useKeypress` was inactive from the start and Ctrl+E was a
no-op trivially. It missed the real path: a running subagent gets
expanded, then completes while preserving the expanded
`displayMode` — which is exactly when the completed-state budget
has to hold the layout. Replace the test with a `rerender`-based
one that runs the full transition, asserts the completed expanded
frame stays within `availableHeight`, and asserts the post-transition
Ctrl+E is a no-op. Bumped `COMPLETED_FIXED_OVERHEAD` from 18 to 22
to accommodate the ExecutionSummary + ToolUsage block accounting
that the new transition test exposed.
* fix(cli): gate SubAgent useKeypress on isFocused for parallel runs
Per @yiliang114's review on PR #3721 — `data.status === 'running'` alone
fixes the historical/scrollback case but two SubAgents running in parallel
both stay `running`, so a single Ctrl+E / Ctrl+F still toggles them in
lock-step and the dual reflow brings back the flicker the gating was meant
to prevent. The component already receives `isFocused` from ToolMessage
(via SubagentExecutionRenderer) for the inline confirmation prompt — reuse
it on the keypress hook:
isActive: data.status === 'running' && isFocused
Adds a regression test that renders a running SubAgent with
`isFocused={false}` and asserts Ctrl+E is a no-op (frame unchanged).
---------
Co-authored-by: wenshao <wenshao@U-K7F6PQY3-2157.local>
DeepSeek's thinking-mode API requires every prior assistant turn that
carried tool_calls to replay reasoning_content in subsequent requests,
or it returns HTTP 400 ("The reasoning_content in the thinking mode
must be passed back to the API"). The model can legitimately return a
tool round without any reasoning text — qwen-code then stored no
thought parts and rebuilt the next request with reasoning_content
absent, tripping the API's check.
The DeepSeek provider now normalizes outgoing assistant messages so
any turn carrying tool_calls always has reasoning_content set (empty
string when none was emitted). Other providers are unaffected.
Refs #3695
* feat(cli): wire background shells into combined Background tasks dialog
Phase B follow-up #2: surface managed background shells in the same
overlay that already shows local subagents, so users get one unified
view instead of having to remember /tasks for shells.
- BackgroundShellRegistry: add setRegisterCallback/setStatusChangeCallback
and requestCancel(id), mirroring BackgroundTaskRegistry's contract.
register() also fires statusChange so subscribers see the lifecycle
start, not just transitions.
- useBackgroundTaskView: subscribe to both registries, merge entries by
startTime, attach a `kind` discriminator (DialogEntry union) so
renderers can dispatch on agent vs shell.
- BackgroundTasksPill: group running counts by kind ("2 shells, 1 local
agent"); when all entries are terminal, collapse to "N task(s) done".
- BackgroundTasksDialog: replace per-kind section header with a single
"Background tasks" header; ListBody renders shell rows as
"[shell] <command>"; DetailBody dispatches to AgentDetailBody (the
original) or a new ShellDetailBody (cwd / output file / pid / exit).
- Context cancelSelected switches by kind: agents go through cancel(),
shells through requestCancel() — only aborts, lets the spawn settle
path record the real terminal state (mirrors task_stop in #3687).
Tests: 8 pill cases (singular/plural per kind, mixed, terminal-only),
4 dialog cases (auto-fallback on running→terminal, cancel flow,
already-terminal stays in detail, selectedIndex clamp); shell registry
gains 5 callback tests + 3 requestCancel tests.
* fix(cli): refresh detail-body agent fields between status changes
useBackgroundTaskView shallow-copies agent entries into DialogEntry so
each entry can carry a `kind` discriminator. The copy detaches
`recentActivities` from the registry: BackgroundTaskRegistry.appendActivity
mutates `entry.recentActivities = next` on the registry object and emits
`activityChange`, but the dialog's activity callback only bumps a local
counter — so the snapshot's `recentActivities` reference goes stale and
the Progress block keeps rendering the old array until the next
status-driven refresh.
Resolve `selectedEntry` against the registry on each render when the
selected entry is an agent, with `activityTick` as a useMemo dep so it
recomputes on every activity callback. Snapshot remains the source of
truth for the list (no churn on the pill / AppContainer); only the
detail body re-reads live.
Also rename the non-empty list section header from "Local agents" to
"Background tasks" to match the empty-state branch and the unified
multi-kind contents.
---------
Co-authored-by: wenshao <wenshao@U-K7F6PQY3-2157.local>
* feat(core): wire background shells into the task_stop tool
Phase B follow-up #1 from #3634, unblocked by #3471 (control plane) merging
in. The model can now cancel a managed background shell with the same
`task_stop` tool it uses for subagents — no more falling back to
`kill <pid>` via BashTool.
Lookup order: subagent registry first (existing behavior), then the
background shell registry as a fallback. Agent IDs follow
`<subagentName>-<suffix>` and shell IDs follow `bg_<8 hex chars>`, so the
two namespaces cannot collide in practice; the order is fixed for
determinism (a defensive test pins agent-wins-over-shell).
The shell cancel path resolves through the entry's own AbortController
(which `BackgroundShellRegistry.cancel` triggers); the child process
exit handler then settles the registry to `cancelled` and the on-disk
output file is preserved for inspection via `/tasks` or a direct `Read`.
This matches Phase B's "registry's own AbortController is the
cancellation source of truth" design without needing the in-flight
notification framework that subagents use.
Tests: 7 task-stop tests (was 4) — added cancel-shell happy path,
NOT_RUNNING for already-exited shell, and a defensive
agent-takes-precedence-on-id-collision case.
* fix(core): defer shell terminal transition until spawn handler settles
@doudouOUC noticed that the previous task_stop path called
`BackgroundShellRegistry.cancel(id, Date.now())`, which marked the entry
`cancelled` immediately. The spawn handler's settle path only records
real exit info via cancel/complete/fail when the entry is still
`running`, so the cancel-vs-exit race could permanently hide a real
completed/failed result and `/tasks` would show a terminal endTime
while the process was still draining.
Add a `requestCancel(id)` method to `BackgroundShellRegistry` that
triggers the entry's AbortController only; status stays `running` until
the settle path observes the abort and records the real terminal state.
The immediate-mark `cancel(id, endTime)` is reserved for `abortAll()` /
shutdown, where the CLI process is tearing down anyway and there is no
settle handler to wait for.
Tests updated:
- `task-stop.test.ts` cancel-shell happy path now asserts the entry
stays `running` with `endTime` undefined post-stop, and the abort
signal fires (the settle path's contract, not task_stop's, is the
one that flips status).
- 3 new `requestCancel` tests in `backgroundShellRegistry.test.ts`:
running → abort+still-running, terminal entry no-op, unknown id no-op.
---------
Co-authored-by: wenshao <wenshao@U-K7F6PQY3-2157.local>
* mcp config as cli
* fix: failed test cases
* updated tests to match the new api
* fix: update mcp-config tests for new API and fix type import
* mcp config type declared handler.ts
---------
Co-authored-by: Ird <irdali.durrani@fixstars.com>
Co-authored-by: mingholy.lmh <mingholy.lmh@alibaba-inc.com>
Update all package versions from 0.15.2 to 0.15.3 across the monorepo
including root package.json, package-lock.json, and all sub-packages
(channels, cli, core, vscode-ide-companion, web-templates, webui).
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
DeepSeek V4 (flash, pro) ships with a 1M context window and 384K
max output, but the generic deepseek pattern was capping it at 128K
input / 8K-64K output. Add a dedicated v4 pattern that takes
precedence over the generic deepseek fallback.
Fixes#3679
The schema advertised `default: false` but also listed the field as required,
and the validator hard-rejected calls where the model omitted it. Models read
the default annotation and reasonably skipped the field, then got the error
`Question 1: "multiSelect" must be a boolean.` and could not recover.
Make multiSelect optional in the schema and the input types, and only error
when the field is present with a non-boolean value. Existing UI consumers
already coalesce a missing value to false.
Fixes#3218
When a streamed reasoning chunk arrived with both a parsed subject (from
**Title**) and a description (the body text after \n\n in the same chunk),
the Thought event handler routed only to setThought and discarded the
description. As a result, the first body word that happened to share a
chunk with the closing ** was dropped from the persistent reasoning
display.
Treat subject-only chunks as discrete loading-indicator updates and route
all chunks carrying streamed text through the throttled buffer. The
existing flush merger preserves the subject across batched events.
These eight tests share the same shape — stdin.write(...) followed by a
fixed setTimeout while waiting for React state to settle — and have
failed across multiple unrelated commits on slow CI runners (Windows and
Ubuntu 24.x). Mining the last 60 failed CI runs showed each one failing
on 2-10 distinct SHAs, with low fails-per-SHA — the classic signature
of a timing flake rather than a real bug.
Removed:
- AuthDialog > should trigger OpenRouter OAuth from API key options
- AuthDialog Custom API Key Wizard > navigates to protocol selection
when Custom API Key is selected
- AuthDialog Custom API Key Wizard > navigates to base URL input after
selecting a protocol
- AuthDialog Custom API Key Wizard > calls handleCustomApiKeySubmit on
Enter in review view
- AuthDialog Custom API Key Wizard > shows advanced config screen after
entering model IDs
- AuthDialog Custom API Key Wizard > passes generationConfig when
advanced options are toggled
- InputPrompt > prompt suggestions > accepts and submits the prompt
suggestion on Enter when the buffer is empty
- SessionPicker > Preview Mode > opens preview on Space and closes on Esc
The behaviors are still covered by adjacent tests in the same suites.
The repo disallows merge commits, so `gh pr merge --merge --auto` always
exits 1 — every release run goes red even when publish, tag, and PR
creation all succeed (e.g. v0.1.7 in run 25036315088). Switch to
`--squash` to match the repo's allowed merge methods.
