diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e282dd8..5eb828a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [0.8.24] - 2026-05-09 A bugfix + refactor release picking up the backlog after the v0.8.23 security -release. +release. Big thanks to **wplll** (cache-aware prompt + `/cache inspect`), +**Liu-Vince** (MCP pagination diagnosis), **@Giggitycountless** (snapshot cap +proposal), and to issue reporters **@SamhandsomeLee**, +**@barjatiyasaurabh**, **@tyculw**, **@hongyuatcufe**, and **@ljlbit** for +the bugs fixed below. ### Fixed @@ -23,7 +27,7 @@ release. `/.claude/commands/`, and `/.cursor/commands/` are now discovered alongside the existing global `~/.deepseek/commands/`. Workspace-local commands shadow global by name, matching the precedence - model already used for skills. + model already used for skills. Reported by **@SamhandsomeLee**. - **`@`-mention completion finds AI-tool dot-directories** — files inside `.deepseek/`, `.cursor/`, `.claude/`, and `.agents/` are now discoverable in `@`-mention Tab-completion even when those directories are excluded by @@ -32,25 +36,54 @@ release. - **MCP paginated discovery (#1250, #1256)** — tools, resources, resource templates, and prompts from MCP servers that paginate their responses (e.g., gbrain at 5 items per page) are now fully discovered by following - the MCP spec's `nextCursor` across all pages. Thanks **Liu-Vince** for - the diagnosis and fix. + the MCP spec's `nextCursor` across all pages. Reported by + **@hongyuatcufe**; thanks to **Liu-Vince** for the diagnosis and PR + #1256 with the same fix shape. - **Snapshot storage has a disk-space cap (#1112)** — the snapshot side repo now enforces a 500 MB hard limit. When the limit is exceeded at snapshot time, the oldest snapshots are pruned aggressively to stay under a 400 MB target. Guards against the reported 1.2 TB snapshot blowup during - high-churn sessions. + high-churn sessions. Reported by **@tyculw**; thanks to + **@Giggitycountless** for the PR #1131 proposal that informed the + hard-cap approach. - **`/clear` now resets the Todos sidebar (#1258)** — previously `/clear` only reset the Plan panel; the Todos checklist persisted across clears until app restart. The fix ensures `clear_todos()` clears the - `SharedTodoList` inner state. + `SharedTodoList` inner state. Reported by **@barjatiyasaurabh**. + +### Added + +- **Cache-aware prompt diagnostics + payload optimization (#1196)** — adds + a `PromptBuilder` that classifies the system prompt into `static` / + `history` / `dynamic` layers for cache-prefix stability, plus: + - `/cache inspect` — shows SHA-256 hashes per layer, base static prefix + hash vs full request prefix hash, static-prefix stability across + turns, and first-divergence tracking. Does not print prompt text. + - `/cache warmup` — prefetches the stable prefix to seed the DeepSeek + context cache. + - **Project Context Pack injected into the stable prefix by default** + — a structured workspace summary (directory listing up to 4 levels / + 400 entries, README excerpt up to 4 KB, config + key source file + lists). Adds **~1–10 KB to every prompt depending on repo size**, in + exchange for a much more cacheable prefix. **Default ON**; disable + with `[context] project_pack = false` in `~/.deepseek/config.toml` + if you'd rather keep prompts minimal. + - Wire-payload optimization: large tool outputs are budgeted, repeated + identical tool outputs and `` blocks are deduplicated + with stable refs (wire-only — local session messages stay intact). + - Footer cache-hit % chip from `prompt_cache_hit_tokens` / + `prompt_cache_miss_tokens` in the API response. + + Thanks **wplll** for the design and implementation. ### Changed -- **Language directive strengthened against project-context bias (#1118, - #1129)** — the system prompt now explicitly instructs the model that - project context (AGENTS.md, auto-generated instructions, file trees) is - NOT a language signal. Chinese filenames in a repo no longer bias the - model toward Chinese replies when the user writes in English. +- **Language directive strengthened against project-context bias (#1118)** + — the system prompt now explicitly instructs the model that project + context (AGENTS.md, auto-generated instructions, file trees) is NOT a + language signal. Chinese filenames in a repo no longer bias the model + toward Chinese replies when the user writes in English. Reported by + **@ljlbit**. ### Known issues diff --git a/README.md b/README.md index 7dd5335f..e72eee91 100644 --- a/README.md +++ b/README.md @@ -225,31 +225,44 @@ deepseek --provider ollama --model deepseek-coder:1.3b --- -## What's New In v0.8.23 +## What's New In v0.8.24 -A security-focused follow-up to v0.8.22: sanitized child-process environments, -tighter tool-safety classifications, and fixes for MCP, secrets, and the -runtime API. [Full changelog](CHANGELOG.md). +A community-focused bugfix release picking up the backlog after the v0.8.23 +security release. [Full changelog](CHANGELOG.md). -- **Child-process environment scrubbed** — shells, MCP servers, hooks, and other - spawned subprocesses now start from an explicit env allowlist instead of - inheriting every parent variable. No more accidental `*_API_KEY` or - `GITHUB_TOKEN` leakage through subprocesses. -- **macOS Keychain prompts gone** — the file-backed secret store is now the - default; the OS keyring is opt-in via `DEEPSEEK_SECRET_BACKEND=system|keyring`. -- **MCP servers stay working** — MCP stdio launches now inherit the env vars - that `npx`, `uvx`, `python -m`, and proxy-bound corporate setups need, while - still scrubbing secrets. -- **MCP spawn errors are visible** — instead of an opaque wrapper message, you - now see the real OS error ("No such file or directory") when an MCP server - can't start. -- **Live thinking is compact by default** — the streaming thinking panel - collapses by default; expand via the details toggle. -- **Runtime API requires auth by default** — `deepseek serve --http` no longer - accepts unauthenticated requests. -- **Plus**: hardened `run_tests` approval, symlink-traversal guards, Plan-mode - tool-surface tightening, path-sanitization fixes, and a new - `docs/RELEASE_CHECKLIST.md`. +- **Cache-aware prompt diagnostics + payload optimization** (#1196, thanks + **wplll**) — new `/cache inspect` and `/cache warmup` commands, layered + prompt classification (static / history / dynamic) with per-layer SHA-256 + hashes, wire-payload dedup for repeated tool outputs, and a footer cache-hit + % chip from the DeepSeek API response. A new **Project Context Pack** is + injected into the stable prefix by default to improve cache hit rates; + disable with `[context] project_pack = false` if you'd rather keep prompts + minimal. +- **Workspace-local slash commands** (#1259) — drop a `.deepseek/commands/foo.md` + in any project and `/foo` works there. Also scans `.cursor/commands/` and + `.claude/commands/`. Project-local shadows global by name. +- **`@`-mention completion finds AI-tool dot-directories** — files inside + `.deepseek/`, `.cursor/`, `.claude/`, and `.agents/` are now discoverable + via `@` completion even when those dirs are in `.gitignore`. +- **MCP paginated discovery** (#1250, thanks **Liu-Vince**) — MCP servers that + paginate `tools/list` (e.g., gbrain at 5 per page) now have all their tools + discovered via `nextCursor`. +- **Snapshot disk cap** (#1112) — the snapshot side repo enforces a 500 MB + hard limit, pruning oldest first when it's hit. Guards against the reported + 1.2 TB blowup. Thanks **@Giggitycountless** for the PR #1131 proposal. +- **`/clear` resets the Todos sidebar** (#1258) — was only clearing the Plan + panel before. +- **Mouse-wheel survives focus toggles** — re-arms `EnableMouseCapture` on + `FocusGained` so wheel scroll keeps working after Cmd+Tab or screenshot + workflows. +- **i18n: prompts in English get English replies** (#1118) — Chinese + filenames in a project tree no longer bias the model toward Chinese + responses. +- **Plus**: language-directive strengthening, MCP error-message clarity + improvements (PR #1196), and assorted polish. + +⚠️ **Known issue:** v0.8.22+ have a Windows 10 conhost flicker regression +(#1260) tracked for v0.8.25. v0.8.20 works correctly if you're affected. --- diff --git a/README.zh-CN.md b/README.zh-CN.md index c9eb6f26..0e3c1778 100644 --- a/README.zh-CN.md +++ b/README.zh-CN.md @@ -192,24 +192,36 @@ deepseek --provider ollama --model deepseek-coder:1.3b --- -## v0.8.23 新功能 +## v0.8.24 新功能 -面向安全的 v0.8.22 跟进版本:子进程环境清理、工具安全分类收紧,以及 MCP、 -密钥存储和运行时 API 的修复。[完整更新日志](CHANGELOG.md)。 +承接 v0.8.23 安全发布之后的社区 bug 修复版本。[完整更新日志](CHANGELOG.md)。 -- **子进程环境已清理** — shell、MCP 服务器、hooks 等子进程现在从显式环境变量 - 白名单启动,不再继承所有父进程变量。`*_API_KEY`、`GITHUB_TOKEN` 等敏感信息 - 不会通过子进程泄露。 -- **macOS 钥匙串弹窗已消除** — 文件存储现在是默认的密钥后端;系统钥匙串需通过 - `DEEPSEEK_SECRET_BACKEND=system|keyring` 主动选择加入。 -- **MCP 服务器保持正常运行** — MCP stdio 启动时保留 `npx`、`uvx`、`python -m` - 和企业代理等所需的环境变量,同时继续清理密钥。 -- **MCP 启动错误现在可见** — 不再显示模糊的包装错误信息,而是直接展示真实的 - 操作系统错误(如 "No such file or directory")。 -- **实时思考默认折叠** — 流式思考面板默认折叠,可通过详情切换展开。 -- **运行时 API 默认要求认证** — `deepseek serve --http` 不再接受未认证请求。 -- **此外**:加固 `run_tests` 审批策略、符号链接遍历防护、Plan 模式工具集收紧、 - 路径清理修复,以及新增 `docs/RELEASE_CHECKLIST.md`。 +- **缓存感知的 prompt 诊断和载荷优化** (#1196,感谢 **wplll**) — 新增 + `/cache inspect` 和 `/cache warmup` 命令,对系统 prompt 进行分层(static / + history / dynamic)并展示每层的 SHA-256 哈希;线材有效载荷去重重复工具输出; + 页脚展示来自 DeepSeek API 响应的缓存命中率。新增**项目上下文包**默认注入到 + 稳定前缀以提高缓存命中率;如需保持 prompt 简洁,可在配置中设置 + `[context] project_pack = false` 关闭。 +- **工作区本地的斜杠命令** (#1259) — 在任意项目中放置 + `.deepseek/commands/foo.md`,`/foo` 即可在该项目中可用。同时扫描 + `.cursor/commands/` 和 `.claude/commands/`。项目本地按名称覆盖全局。 +- **`@` 提示补全可发现 AI 工具点目录** — 即使 + `.deepseek/`、`.cursor/`、`.claude/`、`.agents/` 在 `.gitignore` 中, + 这些目录下的文件也能通过 `@` 补全发现。 +- **MCP 分页发现** (#1250,感谢 **Liu-Vince**) — 对 `tools/list` 进行分页的 + MCP 服务器(如 gbrain 每页 5 个)现在通过 `nextCursor` 完整发现所有工具。 +- **快照磁盘容量上限** (#1112) — 快照副本仓库现在强制 500 MB 上限, + 超出时按时间从旧到新清理。可防止报告中 1.2 TB 快照失控。感谢 + **@Giggitycountless** 的 PR #1131 提案。 +- **`/clear` 现在重置 Todos 侧边栏** (#1258) — 以前只清空 Plan 面板。 +- **鼠标滚轮在焦点切换后仍可用** — 在 `FocusGained` 时重新启用 + `EnableMouseCapture`,使 Cmd+Tab 或截屏后滚轮滚动仍正常工作。 +- **i18n:英文提问得到英文回复** (#1118) — 项目中的中文文件名不再使模型偏向 + 中文回复。 +- **此外**:语言指令加强、MCP 错误信息更清晰(来自 PR #1196),及若干打磨。 + +⚠️ **已知问题**:v0.8.22+ 在 Windows 10 conhost 上存在闪烁回归(#1260), +跟踪到 v0.8.25 修复。如受影响,v0.8.20 工作正常。 ---