docs(release): credit contributors + document Project Context Pack default

CHANGELOG additions: - Top-line credit summary: wplll, Liu-Vince, Giggitycountless, SamhandsomeLee, barjatiyasaurabh, tyculw, hongyuatcufe, ljlbit. - New "Added" section properly documenting #1196 (cache-aware diagnostics, /cache inspect, /cache warmup, payload optimization, Project Context Pack). Calls out that the Pack is default-on, adds ~1–10 KB to every prompt, and how to opt out via [context] project_pack = false. - Per-item issue reporter credits across the Fixed section. - Removed #1129 from the i18n entry — that's a separate bug we did not actually fix (wrong env var name in HTTP system prompt). README updates: rewrote the "What's New" section in both README.md and README.zh-CN.md to v0.8.24 with all the same credits and the project_pack opt-out note.
2026-05-09 02:26:41 -05:00
parent 5f9f5ed558
commit 277621fba0
3 changed files with 108 additions and 50 deletions
@@ -8,7 +8,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.8.24] - 2026-05-09

 A bugfix + refactor release picking up the backlog after the v0.8.23 security
-release.
+release. Big thanks to **wplll** (cache-aware prompt + `/cache inspect`),
+**Liu-Vince** (MCP pagination diagnosis), **@Giggitycountless** (snapshot cap
+proposal), and to issue reporters **@SamhandsomeLee**,
+**@barjatiyasaurabh**, **@tyculw**, **@hongyuatcufe**, and **@ljlbit** for
+the bugs fixed below.

 ### Fixed

@@ -23,7 +27,7 @@ release.
  `<workspace>/.claude/commands/`, and `<workspace>/.cursor/commands/` are
  now discovered alongside the existing global `~/.deepseek/commands/`.
  Workspace-local commands shadow global by name, matching the precedence
-  model already used for skills.
+  model already used for skills. Reported by **@SamhandsomeLee**.
 - **`@`-mention completion finds AI-tool dot-directories** — files inside
  `.deepseek/`, `.cursor/`, `.claude/`, and `.agents/` are now discoverable
  in `@`-mention Tab-completion even when those directories are excluded by
@@ -32,25 +36,54 @@ release.
 - **MCP paginated discovery (#1250, #1256)** — tools, resources, resource
  templates, and prompts from MCP servers that paginate their responses
  (e.g., gbrain at 5 items per page) are now fully discovered by following
-  the MCP spec's `nextCursor` across all pages. Thanks **Liu-Vince** for
-  the diagnosis and fix.
+  the MCP spec's `nextCursor` across all pages. Reported by
+  **@hongyuatcufe**; thanks to **Liu-Vince** for the diagnosis and PR
+  #1256 with the same fix shape.
 - **Snapshot storage has a disk-space cap (#1112)** — the snapshot side repo
  now enforces a 500 MB hard limit. When the limit is exceeded at snapshot
  time, the oldest snapshots are pruned aggressively to stay under a 400 MB
  target. Guards against the reported 1.2 TB snapshot blowup during
-  high-churn sessions.
+  high-churn sessions. Reported by **@tyculw**; thanks to
+  **@Giggitycountless** for the PR #1131 proposal that informed the
+  hard-cap approach.
 - **`/clear` now resets the Todos sidebar (#1258)** — previously `/clear`
  only reset the Plan panel; the Todos checklist persisted across clears
  until app restart. The fix ensures `clear_todos()` clears the
-  `SharedTodoList` inner state.
+  `SharedTodoList` inner state. Reported by **@barjatiyasaurabh**.
+
+### Added
+
+- **Cache-aware prompt diagnostics + payload optimization (#1196)** — adds
+  a `PromptBuilder` that classifies the system prompt into `static` /
+  `history` / `dynamic` layers for cache-prefix stability, plus:
+  - `/cache inspect` — shows SHA-256 hashes per layer, base static prefix
+    hash vs full request prefix hash, static-prefix stability across
+    turns, and first-divergence tracking. Does not print prompt text.
+  - `/cache warmup` — prefetches the stable prefix to seed the DeepSeek
+    context cache.
+  - **Project Context Pack injected into the stable prefix by default**
+    — a structured workspace summary (directory listing up to 4 levels /
+    400 entries, README excerpt up to 4 KB, config + key source file
+    lists). Adds **~1–10 KB to every prompt depending on repo size**, in
+    exchange for a much more cacheable prefix. **Default ON**; disable
+    with `[context] project_pack = false` in `~/.deepseek/config.toml`
+    if you'd rather keep prompts minimal.
+  - Wire-payload optimization: large tool outputs are budgeted, repeated
+    identical tool outputs and `<turn_meta>` blocks are deduplicated
+    with stable refs (wire-only — local session messages stay intact).
+  - Footer cache-hit % chip from `prompt_cache_hit_tokens` /
+    `prompt_cache_miss_tokens` in the API response.
+  
+  Thanks **wplll** for the design and implementation.

 ### Changed

- **Language directive strengthened against project-context bias (#1118,
-  #1129)** — the system prompt now explicitly instructs the model that
-  project context (AGENTS.md, auto-generated instructions, file trees) is
-  NOT a language signal. Chinese filenames in a repo no longer bias the
-  model toward Chinese replies when the user writes in English.
+- **Language directive strengthened against project-context bias (#1118)**
+  — the system prompt now explicitly instructs the model that project
+  context (AGENTS.md, auto-generated instructions, file trees) is NOT a
+  language signal. Chinese filenames in a repo no longer bias the model
+  toward Chinese replies when the user writes in English. Reported by
+  **@ljlbit**.

 ### Known issues

@@ -225,31 +225,44 @@ deepseek --provider ollama --model deepseek-coder:1.3b

 ---

-## What's New In v0.8.23
+## What's New In v0.8.24

-A security-focused follow-up to v0.8.22: sanitized child-process environments,
-tighter tool-safety classifications, and fixes for MCP, secrets, and the
-runtime API. [Full changelog](CHANGELOG.md).
+A community-focused bugfix release picking up the backlog after the v0.8.23
+security release. [Full changelog](CHANGELOG.md).

- **Child-process environment scrubbed** — shells, MCP servers, hooks, and other
-  spawned subprocesses now start from an explicit env allowlist instead of
-  inheriting every parent variable. No more accidental `*_API_KEY` or
-  `GITHUB_TOKEN` leakage through subprocesses.
- **macOS Keychain prompts gone** — the file-backed secret store is now the
-  default; the OS keyring is opt-in via `DEEPSEEK_SECRET_BACKEND=system|keyring`.
- **MCP servers stay working** — MCP stdio launches now inherit the env vars
-  that `npx`, `uvx`, `python -m`, and proxy-bound corporate setups need, while
-  still scrubbing secrets.
- **MCP spawn errors are visible** — instead of an opaque wrapper message, you
-  now see the real OS error ("No such file or directory") when an MCP server
-  can't start.
- **Live thinking is compact by default** — the streaming thinking panel
-  collapses by default; expand via the details toggle.
- **Runtime API requires auth by default** — `deepseek serve --http` no longer
-  accepts unauthenticated requests.
- **Plus**: hardened `run_tests` approval, symlink-traversal guards, Plan-mode
-  tool-surface tightening, path-sanitization fixes, and a new
-  `docs/RELEASE_CHECKLIST.md`.
+- **Cache-aware prompt diagnostics + payload optimization** (#1196, thanks
+  **wplll**) — new `/cache inspect` and `/cache warmup` commands, layered
+  prompt classification (static / history / dynamic) with per-layer SHA-256
+  hashes, wire-payload dedup for repeated tool outputs, and a footer cache-hit
+  % chip from the DeepSeek API response. A new **Project Context Pack** is
+  injected into the stable prefix by default to improve cache hit rates;
+  disable with `[context] project_pack = false` if you'd rather keep prompts
+  minimal.
+- **Workspace-local slash commands** (#1259) — drop a `.deepseek/commands/foo.md`
+  in any project and `/foo` works there. Also scans `.cursor/commands/` and
+  `.claude/commands/`. Project-local shadows global by name.
+- **`@`-mention completion finds AI-tool dot-directories** — files inside
+  `.deepseek/`, `.cursor/`, `.claude/`, and `.agents/` are now discoverable
+  via `@` completion even when those dirs are in `.gitignore`.
+- **MCP paginated discovery** (#1250, thanks **Liu-Vince**) — MCP servers that
+  paginate `tools/list` (e.g., gbrain at 5 per page) now have all their tools
+  discovered via `nextCursor`.
+- **Snapshot disk cap** (#1112) — the snapshot side repo enforces a 500 MB
+  hard limit, pruning oldest first when it's hit. Guards against the reported
+  1.2 TB blowup. Thanks **@Giggitycountless** for the PR #1131 proposal.
+- **`/clear` resets the Todos sidebar** (#1258) — was only clearing the Plan
+  panel before.
+- **Mouse-wheel survives focus toggles** — re-arms `EnableMouseCapture` on
+  `FocusGained` so wheel scroll keeps working after Cmd+Tab or screenshot
+  workflows.
+- **i18n: prompts in English get English replies** (#1118) — Chinese
+  filenames in a project tree no longer bias the model toward Chinese
+  responses.
+- **Plus**: language-directive strengthening, MCP error-message clarity
+  improvements (PR #1196), and assorted polish.
+
+⚠️ **Known issue:** v0.8.22+ have a Windows 10 conhost flicker regression
+(#1260) tracked for v0.8.25. v0.8.20 works correctly if you're affected.

 ---

@@ -192,24 +192,36 @@ deepseek --provider ollama --model deepseek-coder:1.3b

 ---

-## v0.8.23 新功能
+## v0.8.24 新功能

-面向安全的 v0.8.22 跟进版本：子进程环境清理、工具安全分类收紧，以及 MCP、
-密钥存储和运行时 API 的修复。[完整更新日志](CHANGELOG.md)。
+承接 v0.8.23 安全发布之后的社区 bug 修复版本。[完整更新日志](CHANGELOG.md)。

- **子进程环境已清理** — shell、MCP 服务器、hooks 等子进程现在从显式环境变量
-  白名单启动，不再继承所有父进程变量。`*_API_KEY`、`GITHUB_TOKEN` 等敏感信息
-  不会通过子进程泄露。
- **macOS 钥匙串弹窗已消除** — 文件存储现在是默认的密钥后端；系统钥匙串需通过
-  `DEEPSEEK_SECRET_BACKEND=system|keyring` 主动选择加入。
- **MCP 服务器保持正常运行** — MCP stdio 启动时保留 `npx`、`uvx`、`python -m`
-  和企业代理等所需的环境变量，同时继续清理密钥。
- **MCP 启动错误现在可见** — 不再显示模糊的包装错误信息，而是直接展示真实的
-  操作系统错误（如 "No such file or directory"）。
- **实时思考默认折叠** — 流式思考面板默认折叠，可通过详情切换展开。
- **运行时 API 默认要求认证** — `deepseek serve --http` 不再接受未认证请求。
- **此外**：加固 `run_tests` 审批策略、符号链接遍历防护、Plan 模式工具集收紧、
-  路径清理修复，以及新增 `docs/RELEASE_CHECKLIST.md`。
+- **缓存感知的 prompt 诊断和载荷优化** (#1196，感谢 **wplll**) — 新增
+  `/cache inspect` 和 `/cache warmup` 命令，对系统 prompt 进行分层（static /
+  history / dynamic）并展示每层的 SHA-256 哈希；线材有效载荷去重重复工具输出；
+  页脚展示来自 DeepSeek API 响应的缓存命中率。新增**项目上下文包**默认注入到
+  稳定前缀以提高缓存命中率；如需保持 prompt 简洁，可在配置中设置
+  `[context] project_pack = false` 关闭。
+- **工作区本地的斜杠命令** (#1259) — 在任意项目中放置
+  `.deepseek/commands/foo.md`，`/foo` 即可在该项目中可用。同时扫描
+  `.cursor/commands/` 和 `.claude/commands/`。项目本地按名称覆盖全局。
+- **`@` 提示补全可发现 AI 工具点目录** — 即使
+  `.deepseek/`、`.cursor/`、`.claude/`、`.agents/` 在 `.gitignore` 中，
+  这些目录下的文件也能通过 `@` 补全发现。
+- **MCP 分页发现** (#1250，感谢 **Liu-Vince**) — 对 `tools/list` 进行分页的
+  MCP 服务器（如 gbrain 每页 5 个）现在通过 `nextCursor` 完整发现所有工具。
+- **快照磁盘容量上限** (#1112) — 快照副本仓库现在强制 500 MB 上限，
+  超出时按时间从旧到新清理。可防止报告中 1.2 TB 快照失控。感谢
+  **@Giggitycountless** 的 PR #1131 提案。
+- **`/clear` 现在重置 Todos 侧边栏** (#1258) — 以前只清空 Plan 面板。
+- **鼠标滚轮在焦点切换后仍可用** — 在 `FocusGained` 时重新启用
+  `EnableMouseCapture`，使 Cmd+Tab 或截屏后滚轮滚动仍正常工作。
+- **i18n：英文提问得到英文回复** (#1118) — 项目中的中文文件名不再使模型偏向
+  中文回复。
+- **此外**：语言指令加强、MCP 错误信息更清晰（来自 PR #1196），及若干打磨。
+
+⚠️ **已知问题**：v0.8.22+ 在 Windows 10 conhost 上存在闪烁回归（#1260），
+跟踪到 v0.8.25 修复。如受影响，v0.8.20 工作正常。

 ---