This PR consolidates the two workflow files shipped to extensions into
one, which stops us from requiring a separate runner for what can
actually be done in one workflow.
It also
- adds a check that version bumps will now only be created by zed-zippy
in separate commits.
- Makes the bumping of versions faster and more reliable.
- (Hopefully) fixes an issue we were seeing in some CI tests.
Release Notes:
- N/A
## Summary
Fixes an issue where GPUI's handling of `WM_NCLBUTTONDOWN` prevented
Windows from processing default titlebar interactions (dragging, caption
buttons, and border resize).
## Changes
- Allow OS to handle `WM_NCLBUTTONDOWN` events for `HTCAPTION`, caption
button areas, and resize border areas (`HTLEFT`, `HTRIGHT`, `HTTOP`,
`HTBOTTOM`, `HTTOPLEFT`, `HTTOPRIGHT`, `HTBOTTOMLEFT`, `HTBOTTOMRIGHT`)
- Use current cursor position in `WM_NCHITTEST` for accurate hit-testing
## Testing
- Manual testing on Windows: titlebar dragging works
- Manual testing on Windows: minimize/maximize/close buttons work
- Manual testing on Windows: window border resize works in all
directions
Release Notes:
- N/A
Closes#47489
The search worker pool was sized as `num_cpus - 1`, which spawned zero
workers when a devcontainer exposed only 1 CPU. All search channels
closed immediately and the search yielded zero results, while file
finder and LSP symbols worked fine.
The fix ensures at least 1 worker is always spawned: `(num_cpus -
1).max(1)`. A `num_cpus` override on `TestDispatcher` and a new test
reproduce the bug with `server_cx.executor().set_num_cpus(1)`.
## Manual testing
Add a `.devcontainer/` directory to a new project with these files:
```
// docker-compose.yml
services:
dev:
image: debian:bookworm-slim
cpuset: "0"
volumes:
- ..:/workspace:cached
command: sleep infinity
```
```
// devcontainer.json
{
"name": "zed-sandbox (1 CPU)",
"dockerComposeFile": "docker-compose.yml",
"service": "dev",
"workspaceFolder": "/workspace"
}
```
Build zed and point it at the new project:
```
cargo run -p zed -- ~/Repos/zed-sandbox-project
```
Open the built-in terminal, confirm `nproc` prints `1`.
Finally, run a project search (`Cmd+Shift+F`) and search for contents
that exist in it.
Results should appear 🎉
Release Notes:
- Fixed project search returning no results in devcontainers with a
single visible CPU.
Ensure that `git_ui::stash_picker::StashList.handle_show_toast` emits a
`DismissEvent` so that, when the user confirms they wish to view a stash
entry, the modal is actually dismissed and does not block the user's
view.
Release Notes:
- Fixed issue where viewing a stash entry would not dismiss the modal
Closes#45550
This fix, adds a new field to `EditState` to track and temporarily
unfold the given directory when creating files or directories in
collapsed paths.
Release Notes:
- Fixed the file and folder creation input appearing in the wrong
location when creating inside a collapsed folder path..
Recording:
https://github.com/user-attachments/assets/15e48863-26b9-4dc9-888a-b31fb3208d98
---------
Co-authored-by: Smit Barmase <heysmitbarmase@gmail.com>
With #47768, all image pills automatically got snapped to the end of the
prompt message. This behavior is unexpected as other pills (`@symbol`,
`@thread` et al) respect the cursor position.
Closes#48731.
- [ ] Tests or screenshots needed?
- [x] Code Reviewed
- [x] Manual QA
Release Notes:
- Insert images at cursor position in the Agent Panel
When saving after a streaming edit, check if format-on-save is enabled
for the buffer's language and run formatting before saving.
(No release notes because we aren't using the streaming edit tool yet.)
Release Notes:
- N/A
Move shell command parsing logic (`extract_commands` and supporting
code) from the agent crate into a new `shell_command_parser` crate so it
can be reused by `agent_servers` for ACP permission checking.
Release Notes:
- N/A
This PR adds some design refinements to the thinking effort selector (to
be generally rolled out soon):
- Improved split button UI styles and consistency with other dropdowns
in the message editor
- Stopped rendering the effort selector if thinking is turned off
- Added a keybinding to trigger the effort menu
- Added a keybinding to cycle through effort options
<img width="500" height="380" alt="Screenshot 2026-02-09 at 10 18@2x"
src="https://github.com/user-attachments/assets/48d5b65c-7256-4ceb-aab2-35869f8fbf4a"
/>
---
- [x] Code Reviewed
- [x] Manual QA
Release Notes:
- N/A
## Summary
When the v0.8.0 extension API was forked in #44025, the five DAP
dispatcher methods in `wit.rs` were not updated to handle
`Extension::V0_8_0`. Because `V0_8_0` is listed before `V0_6_0` in the
enum, the wildcard `_ =>` catch-all fires first, causing all DAP calls
to bail with `"not available prior to v0.6.0"` for any extension
targeting the v0.8.0 API.
The DAP WIT interface is identical between v0.6.0 and v0.8.0, so the
handler code is the same — this just adds the missing match arms for:
- `call_get_dap_binary`
- `call_dap_request_kind`
- `call_dap_config_to_scenario`
- `call_dap_locator_create_scenario`
- `call_run_dap_locator`
This follows the same pattern used by every other method in the
`Extension` impl block, which already handles both `V0_8_0` and
`V0_6_0`.
## Test plan
- Verified that an extension targeting `zed_extension_api` v0.8.0 with
DAP support can successfully start a debug session (previously failed
with `"dap_request_kind not available prior to v0.6.0"`)
Release Notes:
- Fixed DAP (Debug Adapter Protocol) methods failing for extensions
targeting the v0.8.0 extension API.
The multi workspace refactor **completely** broke the Vim mode, saving
is not possible, and various other actions. This PR fixes this
- [X] Code Reviewed
- [X] Manual QA
Release Notes:
- N/A
Release Notes:
- Added Claude Opus 4.6 and 4.6 Thinking with Cross region inference for
US, EU, and Global endpoints.
---------
Co-authored-by: Ona <no-reply@ona.com>
The new multi workspace introduced in #47795 changed the window root
from `Workspace` to `MultiWorkspace`, which broke
`Workspace::for_window()` (assuming that was meant to). That returns
`None` now. The REPL action registration in `repl_sessions_ui.rs` used
this to check if the project was local, so when it got None, it silently
skipped registering `repl::Run` and `repl::RunInPlace` on every editor.
Luckily we can just get the project directly from the editor in order to
register actions.
Release Notes:
- N/A
Added note about suffixing theme IDs with '-theme' for clarity.
As discussed in
https://github.com/zed-industries/extensions/pull/4693#pullrequestreview-3751636461
- [ ] ~Tests or screenshots needed?~
- [x] Code Reviewed
- [ ] ~Manual QA~
Release Notes:
- Clarified theme ID suffixing in extension docs
---------
Co-authored-by: Finn Evers <finn.evers@outlook.de>
It's happeningggggg
Release Notes:
- Changed the Agent Panel so that the Active Thread is restored on
restart.
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Danilo Leal <daniloleal09@gmail.com>
Co-authored-by: Anthony Eid <anthony@zed.dev>
Co-authored-by: Danilo Leal <67129314+danilo-leal@users.noreply.github.com>
Co-authored-by: Richard Feldman <richard@zed.dev>
Co-authored-by: Zed Zippy <234243425+zed-zippy[bot]@users.noreply.github.com>
- Ensure that both sides are passed the appropriate companion data to
preserve spacers when syncing
- Remove companion handling in codepaths related to range folding, since
this isn't supported in the side-by-side diff
- Move handling of buffer folding into the block map
- Rework `set_companion` to handle both `DisplayMap`s at once
- DRY some code around block map syncing in the `DisplayMap`
TODO:
- [x] diagnose and fix issue that causes balancing blocks not to render
properly when they are adjacent to spacers (e.g. merge conflict buttons)
- [x] clear balancing blocks when clearing companion
- [x] additional tests: interaction between spacers and balancing
blocks, resizing
Release Notes:
- N/A
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [git2](https://redirect.github.com/rust-lang/git2-rs) |
workspace.dependencies | patch | `0.20.2` → `0.20.4` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
### GitHub Vulnerability Alerts
####
[GHSA-j39j-6gw9-jw6h](https://redirect.github.com/rust-lang/git2-rs/issues/1211)
If the Buf struct is dereferenced immediately after calling new() or
default() on the Buf struct, a null pointer is passed to the unsafe
function slice::from_raw_parts. According to the safety section
documentation of the function, data must be non-null and aligned even
for zero-length slices or slices of ZSTs. Thus, passing a null pointer
will lead to undefined behavior.
---
### Release Notes
<details>
<summary>rust-lang/git2-rs (git2)</summary>
###
[`v0.20.4`](https://redirect.github.com/rust-lang/git2-rs/compare/git2-0.20.3...git2-0.20.4)
[Compare
Source](https://redirect.github.com/rust-lang/git2-rs/compare/git2-0.20.3...git2-0.20.4)
###
[`v0.20.3`](https://redirect.github.com/rust-lang/git2-rs/compare/git2-0.20.2...git2-0.20.3)
[Compare
Source](https://redirect.github.com/rust-lang/git2-rs/compare/git2-0.20.2...git2-0.20.3)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
Release Notes:
- N/A
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [time](https://time-rs.github.io)
([source](https://redirect.github.com/time-rs/time)) |
workspace.dependencies | patch | `0.3.44` → `0.3.47` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
### GitHub Vulnerability Alerts
####
[CVE-2026-25727](https://redirect.github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc)
### Impact
When user-provided input is provided to any type that parses with the
RFC 2822 format, a Denial of Service attack via stack exhaustion is
possible. The attack relies on formally deprecated and rarely-used
features that are part of the RFC 2822 format used in a malicious
manner. Ordinary, non-malicious input will never encounter this
scenario.
### Patches
A limit to the depth of recursion was added in v0.3.47. From this
version, an error will be returned rather than exhausting the stack.
### Workarounds
Limiting the length of user input is the simplest way to avoid stack
exhaustion, as the amount of the stack consumed would be at most a
factor of the length of the input.
---
### Release Notes
<details>
<summary>time-rs/time (time)</summary>
###
[`v0.3.47`](https://redirect.github.com/time-rs/time/blob/HEAD/CHANGELOG.md#0347-2026-02-05)
[Compare
Source](https://redirect.github.com/time-rs/time/compare/v0.3.46...v0.3.47)
##### Security
- The possibility of a stack exhaustion denial of service attack when
parsing RFC 2822 has been
eliminated. Previously, it was possible to craft input that would cause
unbounded recursion. Now,
the depth of the recursion is tracked, causing an error to be returned
if it exceeds a reasonable
limit.
This attack vector requires parsing user-provided input, with any type,
using the RFC 2822 format.
##### Compatibility
- Attempting to format a value with a well-known format (i.e. RFC 3339,
RFC 2822, or ISO 8601) will
error at compile time if the type being formatted does not provide
sufficient information. This
would previously fail at runtime. Similarly, attempting to format a
value with ISO 8601 that is
only configured for parsing (i.e. `Iso8601::PARSING`) will error at
compile time.
##### Added
- Builder methods for format description modifiers, eliminating the need
for verbose initialization
when done manually.
- `date!(2026-W01-2)` is now supported. Previously, a space was required
between `W` and `01`.
- `[end]` now has a `trailing_input` modifier which can either be
`prohibit` (the default) or
`discard`. When it is `discard`, all remaining input is ignored. Note
that if there are components
after `[end]`, they will still attempt to be parsed, likely resulting in
an error.
##### Changed
- More performance gains when parsing.
##### Fixed
- If manually formatting a value, the number of bytes written was one
short for some components.
This has been fixed such that the number of bytes written is always
correct.
- The possibility of integer overflow when parsing an owned format
description has been effectively
eliminated. This would previously wrap when overflow checks were
disabled. Instead of storing the
depth as `u8`, it is stored as `u32`. This would require multiple
gigabytes of nested input to
overflow, at which point we've got other problems and trivial
mitigations are available by
downstream users.
###
[`v0.3.46`](https://redirect.github.com/time-rs/time/blob/HEAD/CHANGELOG.md#0346-2026-01-23)
[Compare
Source](https://redirect.github.com/time-rs/time/compare/v0.3.45...v0.3.46)
##### Added
- All possible panics are now documented for the relevant methods.
- The need to use `#[serde(default)]` when using custom `serde` formats
is documented. This applies
only when deserializing an `Option<T>`.
- `Duration::nanoseconds_i128` has been made public, mirroring
`std::time::Duration::from_nanos_u128`.
- Various methods for truncating components have been added, avoiding
the need to call the fallible
`replace` methods multiple times.
For `PrimitiveDateTime`, `UtcDateTime`, and `OffsetDateTime`:
- `truncate_to_day`
For `Time`, `PrimitiveDateTime`, `UtcDateTime`, and `OffsetDateTime`:
- `truncate_to_hour`
- `truncate_to_minute`
- `truncate_to_second`
- `truncate_to_millisecond`
- `truncate_to_microsecond`
##### Changed
- The minimum supported Rust version is now 1.88.0.
- Significant performance gains in numerous locations. No public APIs
were changed or removed as
part of this.
- The size of `error::ComponentRange`, along with types that contain it,
has been significantly
reduced.
##### Fixed
- The `PartialOrd` and `Ord` implementations of `UtcOffset` now return
the expected result.
###
[`v0.3.45`](https://redirect.github.com/time-rs/time/blob/HEAD/CHANGELOG.md#0345-2026-01-13)
[Compare
Source](https://redirect.github.com/time-rs/time/compare/v0.3.44...v0.3.45)
##### Added
- `time::format_description::StaticFormatDescription` type alias for
`&'static [BorrowedFormatItem<'static>]`. This is the type returned by
the
`time::macros::format_description!` macro.
##### Changed
- The minimum supported Rust version is now 1.83.0.
- All floating point methods on `Duration` are now `const fn`.
- All setters on `Parsed` are now `const fn`.
- The `serde` dependency has been replaced with `serde_core`, This
reduces compile times by not
including unused parts of `serde`.
- `Date::from_julian_day` uses a new algorithm, resulting in an
approximately 16% performance
improvement. This method is used internally by numerous other methods.
- `util::is_leap_year` uses a new algorithm, resulting in an
approximately 8% performance
improvement.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
Release Notes:
- N/A
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
after a successful file drag-drop, conclude_drag_operation did not reset
external_files_dragged to false. since dragging_exited (the only place
that resets this flag) is never called for successful drops (only for
cancelled ones), the flag stayed true permanently. this caused synthetic
drags (used for text selection during buffer scrolling) to be suppressed
for the lifetime of the window.
Release Notes:
- N/A
---------
Co-authored-by: MrSubidubi <finn@zed.dev>
Helps #48601
Whenever an extension is installed, we call `register_grammars` even
when the grammar list is empty. This unnecessarily increments
reload_count and notifies the LSP store, which clears all languages and
triggers a full reparse.
Clearing languages also emits `LanguageChanged` events for buffers,
causing the editor to perform expensive recomputations (like
https://github.com/zed-industries/zed/pull/48622) which can block the
main thread for large multibuffers.
This PR addresses the empty-grammar case. If an extension actually adds
a grammar, the underlying issue still exists and will require additional
fixes to fully resolve.
- [ ] Tests or screenshots needed?
- [x] Code Reviewed
- [ ] Manual QA
Release Notes:
- Fixed an issue where installing theme extensions could block the main
thread
TODO:
- [x] Review code
- [x] Decide whether to keep ignored API tests
Release Notes:
- Fixed a bug where cancelling a thread mid-thought would cause further
anthropic requests to fail
- Fixed a bug where the model configured on a thread would not be
persisted alongside that thread
The `alt-tab` keybinding doesn’t work properly under the `AgentPanel`
context on Windows and certain Linux distros, so `alt-l` is provided as
an alternative for the same action.
In my testing, I could not trigger the `AcpThread > Editor` context, but
I added the keybinding there too just in case.
Closes#48347.
Release Notes:
- Added an alternate keybinding for `agent::CycleFavoriteModels` on
Linux and Windows to prevent conflict with global app switcher
Fixes#36818
Release Notes:
- Added new `global_lsp_settings.request_timeout` setting to configure
the maximum timeout duration for LSP-related operations.
Code inspired by [prior
implementation](https://github.com/zed-industries/zed/pull/38443),
though with a few tweaks here & there (like using `serde:default` and
keeping the pre-defined constant in the LSP file).
---------
Co-authored-by: Kirill Bulatov <mail4score@gmail.com>
Co-authored-by: Kirill Bulatov <kirill@zed.dev>
This PR updates the deprecated `rootPath` field in the LSP
`InitializeParams` for backwards compatibility with language servers
that still rely on this field.
### Issue
Some language servers (notably the Salesforce Apex Language Server) only
read from the deprecated `rootPath` field in the LSP initialize request
and do not use `rootUri` or `workspaceFolders`.
When Zed sends `root_path: None`, these language servers fail to
initialize because they cannot determine the workspace root.
Example error from the Apex Language Server:
```
NullPointerException
at apex.jorje.lsp.impl.db.nddb.NdApexIndex.getToolsStoragePath(NdApexIndex.java:723)
```
The Apex LSP's initialize handler does:
```java
serverSetup.setRootPath(params.getRootPath());
```
VSCode's LanguageClient sends both `rootPath` and `rootUri` for
backwards compatibility:
https://github.com/microsoft/vscode-languageserver-node/blob/main/client/src/common/client.ts#L1434
### Fix
Derive `rootPath` from the existing `root_uri` field when building the
initialize params. The LSP spec states that if both `rootPath` and
`rootUri` are provided, `rootUri` wins, so this change should be
backwards compatible and won't affect language servers that properly use
`rootUri`<sup>(1)</sup>.
---
(1) [LSP Specification -
InitializeParams](https://microsoft.github.io/language-server-protocol/specifications/lsp/3.17/specification/#initializeParams)
- notes that `rootPath` is deprecated in favor of `workspaceFolders`,
but for backwards compatibility it should still be provided when
possible.
Release Notes:
- Improved compatibility with legacy language servers
This PR hardens the authorization flow for all file and directory tools.
## Sensitive settings protection
All file/directory tools (copy, move, create_directory, delete, save,
edit, streaming_edit) now detect and protect sensitive settings paths:
- Paths inside `.zed/` directories (local settings)
- Paths inside the global config directory (`~/.config/zed/` or
equivalent)
Even when the global default is `allow`, modifications to these paths
require explicit confirmation. The authorization dialog title is
annotated with "(local settings)" or "(settings)" to inform the user.
`sensitive_settings_kind` walks up ancestor directories to handle paths
where intermediate subdirectories don't exist yet (e.g.
`~/.config/zed/new_subdir/evil.json`).
## Deferred filesystem operations
Copy, move, create_directory, and delete tools now defer all
project/filesystem operations until after the user authorizes the
action. Previously, some tools began resolving project paths or
traversing directories before authorization.
## streaming_edit_file permissions
`streaming_edit_file` now shares `edit_file`'s tool name for permission
checks, ensuring consistent permission rules between the two edit tool
variants. The duplicated authorization logic is replaced by a shared
`authorize_file_edit` function.
## Copy/move pattern extraction
Copy and move tools now include both source and destination paths in
their permission context (`input_value`). The always-allow pattern is
extracted from the common parent directory of both paths, ensuring the
pattern covers future checks against both.
## Save tool improvements
- Authorization title now shows only the paths that need confirmation,
not all paths
- Title is annotated with "(local settings)" or "(settings)" for
sensitive paths
Release Notes:
- File and directory tool operations now require confirmation before
modifying sensitive settings paths.
Builds on top of #48620 to add explicit test coverage for the exact
bypass scenarios reported by users:
- `rm -rf /etc/../` — path traversal via single parent dir that
normalizes to `/`
- `rm -rf --no-preserve-root /` — long flag without `=value` that could
bypass the old regex
- `rm --no-preserve-root -rf /` — long flag positioned before short
flags
- `rm / -rf --no-preserve-root` — trailing long flag without `=value`
after the path operand
- `sudo rm -rf /`, `sudo rm -rf /*`, `sudo rm -rf --no-preserve-root /`
— sudo-prefixed variants
All of these cases are already correctly blocked by the hardened regex
patterns and path normalization logic added in #48620. These tests
confirm that the reported bypasses are addressed and guard against
regressions.
Release Notes:
- N/A
