In the interactive MCP OAuth flow, the MCP client registers itself with
the authorization in one of three ways:
- Client ID Metadata Document aka CIMD (recommended default). This is
already implemented: https://zed.dev/oauth/client-metadata.json.
- Dynamic Client Registration (DCR). This is the traditional method.
Also already implemented in Zed.
- Pre-registration: the client is registered out of band, typically in
the IdP or SaaS provider's UI. You get a client id and maybe a client
secret, that have to be provided by the MCP client when it wants to
exchange an access token. This is what this pull request is about.
This PR has two main parts:
- Allow users to configure a client id and optional client secret for an
MCP server in their configuration, under a new `oauth` key, and take it
into account
- Make the MCP server state and the configuration modal aware of the
intermediate states (client secret missing) and error cases stemming
from client pre-registration.
The client secret can be stored either in the system keychain or in
plain text in the MCP server configuration. The UI tries to steer user
towards the more secure option: the keychain.
<img width="715" height="201" alt="Screenshot 2026-04-10 at 16 48 06"
src="https://github.com/user-attachments/assets/5e64103e-6746-4ef0-8bd9-533d492b6912"
/>
<img width="884" height="544" alt="Screenshot 2026-04-10 at 16 47 07"
src="https://github.com/user-attachments/assets/0e35bb3c-cbc4-4e8c-a713-66323597b2e2"
/>
<img width="785" height="558" alt="Screenshot 2026-04-10 at 16 47 23"
src="https://github.com/user-attachments/assets/03339187-1508-461a-87ae-a7c2647df9a5"
/>
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Closes
https://github.com/issues/assigned?issue=zed-industries%7Czed%7C52198
**Note for the reviewer: I know how busy the AI team is at the moment so
please treat this as low priority, we don't have signal that this is a
highly desired feature. It's a rather large PR, so I'm happy to pair
review / walk through it.**
Release Notes:
- Added support for OAuth client pre-registration (client id, client
secret) to the built-in MCP client.
Still behind a feature flag for now for testing with various agents.
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
Behind feature flag until we move RFD forward, but already working great
on codex
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
---------
Co-authored-by: zed-zippy[bot] <234243425+zed-zippy[bot]@users.noreply.github.com>
Still behind a flag until RFD progresses. But also fixes one area where
we would have called delete even if we didn't have support.
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Closes #ISSUE
Release Notes:
- N/A or Added/Fixed/Improved ...
Before:
1. Agent tries to edit unsaved file
2. Tool call fails with error telling the agent to ask the user to save
or discard edits
3. User types save/restore
4. Agent uses save/restore tool
https://github.com/user-attachments/assets/c94dd361-e8e0-48ee-be31-da8afe594419
After:
1. Agent tries to edit unsaved file
2. User is prompted to save/restore file
3. User accepts/rejects or saves/discards file manually
https://github.com/user-attachments/assets/1d98a0c4-4420-4426-94f2-42355de230be
Release Notes:
- agent: Improved UX when agent tries to edit unsaved buffer
---------
Co-authored-by: Ben Brandt <benjamin.j.brandt@gmail.com>
Store the ACP agent version from agent_info and expose it
through AgentConnection so the configuration UI can display it
for connected agents.
Helpful when debugging to know which version is currently running.
<img width="214" height="67" alt="image"
src="https://github.com/user-attachments/assets/4f4c0e3c-a621-48fb-98d4-67329db1e62a"
/>
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- acp: Show running agent version in the External Agent settings
Previously, we weren't waiting on the status future early enough so we
would just hang if we weren't able to start the agent process.
I also added the recent stderr logs in there to help the user debug the
issue, since it is likely relevant in these cases.
<img width="902" height="226" alt="image"
src="https://github.com/user-attachments/assets/204e42ff-4c9b-49e7-8a6d-ecf7b022fbd0"
/>
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- acp: Improve error messages if the ACP agent fails to start.
Testing out Niko's new SDK design
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
Insert sessions before awaiting `session/load` so replayed
`session/update` notifications can find the thread.
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- acp: Fix for some replay events getting dropped when loading a
previous session.
Closes#46551
Zed was using the `terminal.shell` setting for some actions unrelated to
the terminal GUI, like environment capture, ACP agent startup, context
server startup, and vim `:!`, and so if a user set it to `tmux` or
`nushell`, those paths would fail.
This PR ensures paths unrelated to Zed's terminal use the system path
instead.
Manual testing:
Set `terminal.shell` to `tmux` or any another non-bash executable.
Starting an external agent thread shouldn't break.
Release Notes:
- Fixed ACP agent and other breakage when `terminal.shell` was set to a
non-shell program like `tmux`
Follow up to #53999
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Closes #ISSUE
Release Notes:
- N/A
The `user_message_id` parameter on `AgentConnection::prompt` was
`Option<UserMessageId>`, but `NativeAgentConnection::prompt` immediately
called `.expect()` on it, crashing when the value was `None`.
Because the `expect` message said `UserMessageId` was required, this PR
makes the parameter not optional which makes the panic impossible.
This means we also need to unconditionally generate an ID in `send`,
where before we gated this on whether `truncate` returned `Some`.
Generating IDs unconditionally should be find, especially because the
prompt requires them.
Release Notes:
- N/A
We were incorrectly wrapping new terminal auth methods in double ssh
calls.
Only affected ACP beta users, but important for testing and stabilizing
the feature.
We moved the ssh wrapping to be only added in the acp process creation
where it was needed.
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
---------
Co-authored-by: Bennet Bo Fenner <bennetbo@gmx.de>
- `language_model` no longer depends on provider-specific crates such as
`anthropic` and `open_ai` (inverted dependency)
- `language_model_core` was extracted from `language_model` which
contains the types for the provider-specific crates to convert to/from.
- `gpui::SharedString` has been extracted into its own crate (still
exposed by `gpui`), so `language_model_core` and provider API crates
don't have to depend on `gpui`.
- Removes some unnecessary `&'static str` | `SharedString` -> `String`
-> `SharedString` conversions across the codebase.
- Extracts the core logic of the cloud `LanguageModelProvider` into its
own crate with simpler dependencies.
Release Notes:
- N/A
---------
Co-authored-by: John Tur <john-tur@outlook.com>
This PR decouples `language_model`'s dependence on Zed-specific
implementation details. In particular
* `credentials_provider` is split into a generic `credentials_provider`
crate that provides a trait, and `zed_credentials_provider` that
implements the said trait for Zed-specific providers and has functions
that can populate a global state with them
* `zed_env_vars` is split into a generic `env_var` crate that provides
generic tooling for managing env vars, and `zed_env_vars` that contains
Zed-specific statics
* `client` is now dependent on `language_model` and not vice versa
Release Notes:
- N/A
We can't add a current_dir when in remote scenarios in the same place,
it gets added elsewhere.
Reused the same worktree selection logic, and make sure this gets passed
to the RPC call instead.
This fixes something that hasn't made it to preview yet.
Release Notes:
- N/A
Follow-up to the terminal permission params refactor, addressing
@benbrandt's [review
feedback](https://github.com/zed-industries/zed/pull/51782#pullrequestreview-2926899804)
about string formatting leaking into the UI layer.
## Changes
### Outcome construction moved to acp_thread
- Added `PermissionOptionChoice::build_outcome(is_allow)` — builds a
`SelectedPermissionOutcome` from a choice, attaching
`SelectedPermissionParams::Terminal` when the choice carries
`sub_patterns`.
- Added
`PermissionOptions::build_outcome_for_checked_patterns(checked_indices,
is_allow)` — handles the `DropdownWithPatterns` per-command checklist
flow, returning `None` when zero patterns are checked (degrading to
once).
The UI's `authorize_with_granularity` no longer does any
`format!("always_allow:{}",...)` string formatting or
`SelectedPermissionParams` construction.
### `option_kind` folded into `SelectedPermissionOutcome`
`SelectedPermissionOutcome` now carries `option_kind:
acp::PermissionOptionKind`, eliminating the separate parameter that was
threaded through the entire `authorize_tool_call` chain:
```
ThreadView::authorize_tool_call
→ Conversation::authorize_tool_call
→ AcpThread::authorize_tool_call
```
Every signature in this chain dropped one parameter.
### `SelectedPermissionParams` removed from UI imports
The type is now only referenced by `acp_thread` (construction) and
`agent` (consumption). The UI passes `SelectedPermissionOutcome`
opaquely.
Release Notes:
- N/A
## Context
If you went back and edited the first message, we were resetting the
provisional title, even though the title had previously already been set
from a summarization pass.
In order to achieve this, we moved the default thread title logic up the
UI layer, and allowed AcpThreads to have an optional title.
## Self-Review Checklist
<!-- Check before requesting review: -->
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
---------
Co-authored-by: Bennet Bo Fenner <bennetbo@gmx.de>
## Context
The registry now distinguishes between websites and repos, so we can
show either or both if available.
## Self-Review Checklist
<!-- Check before requesting review: -->
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
## Summary
Adds a new permission UI for terminal pipeline commands (e.g. `cargo
test | tail`) that lets users selectively always-allow individual
commands in the pipeline, rather than only offering a blanket
always-allow for the first command.
## Screenshot
<img width="464" height="293" alt="Screenshot 2026-03-18 at 3 27 48 PM"
src="https://github.com/user-attachments/assets/e027eeec-c2b3-4f73-a596-95f42a9adad2"
/>
Release notes:
- The terminal permissions UI now allows you to select individual
subcommands independently.
---------
Co-authored-by: Danilo Leal <daniloleal09@gmail.com>
Co-authored-by: Ben Brandt <benjamin.j.brandt@gmail.com>
## Context
Add Project::default_path_list and reuse it for agent session work
directories and ACP server startup so agent processes start in the
project context by default
We previously removed all cwd from this hoping to have a global process
shared, but it doesn't work for remote projects. Since we're at the
project boundary anyway, we might as well start it up in a similar spot
as a new thread.
## Self-Review Checklist
<!-- Check before requesting review: -->
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- acp: Make sure the agent server is started in a project directory
## Context
Brings in support for the new terminal auth methods. Currently behind
AcpBeta feature flag while the RFD stabilizes
## Self-Review Checklist
<!-- Check before requesting review: -->
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
Before you mark this PR as ready for review, make sure that you have:
- [x] Added a solid test coverage and/or screenshots from doing manual
testing
- [x] Done a self-review taking into account security and performance
aspects
- [x] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
Release Notes:
- N/A
---------
Co-authored-by: cameron <cameron.studdstreet@gmail.com>
Co-authored-by: Ben Brandt <benjamin.j.brandt@gmail.com>
#### Fixes#51082
#### Description :
When a user configures `default_config_options` (e.g. a specific model)
for an ACP agent, the setting was only applied when creating a new
session. Resuming or loading an existing session (e.g. from history)
skipped this step, causing the model dropdown to revert to "Default
(recommended)".
#### Fix :
Extract the config options defaulting logic into a shared helper
apply_default_config_options and call it consistently across all three
session entry points: new_session, resume_session, and load_session
Release Notes:
#### Release notes :
Fixed model dropdown resetting to "Default (recommended)" when opening a
previous conversation from history. Configured models (via
default_config_options) are now correctly applied when resuming or
loading existing sessions.
#### Video :
[Screencast from 2026-03-15
12-55-58.webm](https://github.com/user-attachments/assets/977747b9-390c-4f78-91fc-91feace444e1)
This removes the assumption that one project <-> one native agent. The
native agent now maintains a project per session. We don't make use of
this right now, but it will come in handy once we start sharing ACP
connections globally.
Release Notes:
- N/A
These are edge cases, but there are a few ways you can get into a state
where you are setting favorites for registry agents and we don't have
the setting yet. This prioritizes `type: registry` for agents that we
have in the registry, especially the previous built-ins.
Release Notes:
- N/A
This will help with test times (in some cases), as nextest cannot figure
out whether a given rdep is actually an alive edge of the build graph
Closes #ISSUE
Before you mark this PR as ready for review, make sure that you have:
- [ ] Added a solid test coverage and/or screenshots from doing manual
testing
- [ ] Done a self-review taking into account security and performance
aspects
- [ ] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
Release Notes:
- N/A
Emit client-side organization changed events through
`RefreshLlmTokenListener` so it produces the same `RefreshLlmTokenEvent`
used for server-pushed `UserUpdated` messages.
This keeps token refresh fan-out in one place.
Closes CLO-383.
Release Notes:
- N/A
---------
Co-authored-by: Tom Houlé <tom@tomhoule.com>
Previously we required AgentSessionInfo all over the place, which meant
there were lots of unnecessary fake ones created all over the place.
Made the methods and functions only take the data they need so we only
use these in history contexts now, as intended.
Release Notes:
- N/A
This has lots of benefits, but mainly allows users to uninstall agents.
Release Notes:
- N/A
---------
Co-authored-by: Anthony Eid <hello@anthonyeid.me>
Co-authored-by: cameron <cameron.studdstreet@gmail.com>
Use a separate `display_name` field (distinct from `server_name`) so
that session titles show a human-readable name. For custom agents this
resolves to the configured display name; for built-ins it falls back to
the server name.
Release Notes:
- N/A
Removes the feature flag around listing and loading existing sessions
for external agents.
Release Notes
- acp: Expose session history for all external agents that support it.
Co-authored-by: Bennet Bo Fenner <bennetbo@gmx.de>
