Add a /feedback command for opening project feedback links.
The command shows a picker when run without arguments and supports direct
bug, feature, and security targets. Bug and feature options open the matching
GitHub issue templates, while security opens the repository security policy.
Add a dedicated /status command that reports the current runtime session state.
The new report shows provider, model, workspace, mode, permissions, session,
context usage, token telemetry, cache telemetry, cost, transcript counts, and
rate-limit availability. /statusline remains available for footer configuration.
Replace the separate /agent, /plan, and /yolo commands with a single
/mode command that can either open a picker or switch directly by name
or number.
This keeps mode switching in one command surface and avoids duplicating
similar commands for each mode.
Common footgun: users set api_provider = \"ollama\" (or vllm /
openrouter / etc.) at the top of config.toml and add a top-level
base_url = \"http://my-server\" alongside it. The root base_url field
is only read for DeepSeek/DeepseekCN (and a back-compat sniff for
NvidiaNim) — for every other provider it's silently ignored, and the
user can't figure out why their override doesn't apply.
Add a one-line tracing::warn at config load time pointing the user at
the matching `[providers.<name>]` table or the corresponding
`*_BASE_URL` env var. Skipped if the per-provider table already has
its own `base_url` (which would win anyway).
No behavior change to URL resolution.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous one-line error told users to set
DEEPSEEK_ALLOW_INSECURE_HTTP=1 but the env var name is easy to typo
when you're staring at it in a terminal (sam43b in #1303 wrote
"DEEPSEEKALLOWINSECURE_HTTP"). Reformat the message to:
- Note that loopback hosts are auto-allowed (no env var needed)
- Show the env var with underscores explicit and prominent
- Include a one-line copy-pasteable example
No behavior change; same `validate_base_url_security` decisions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The skills prompt renderer was re-sorting every discovered skill by name,
which discarded workspace/source precedence at the last mile. Under a large
global skills set, higher-priority workspace skills from directories such as
`.claude/skills` could be pushed past the prompt budget and disappear from the
model-visible skills list even though discovery had found them correctly.
This keeps stable ordering in discovery and preserves registry order during
rendering, then adds a regression test that proves a workspace-priority skill
survives when lower-priority global skills overflow the prompt budget.
Constraint: Session-time skill rendering must preserve cross-tool/workspace precedence
Rejected: Raise the prompt budget cap | would hide the ordering bug and bloat prompts
Rejected: Special-case `.claude/skills` during rendering | precedence belongs to registry order, not path-specific branches
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Do not re-sort rendered skills without re-proving precedence behavior under prompt truncation
Tested: cargo test --all-features; cargo fmt --all -- --check; cargo clippy --all-targets --all-features
Not-tested: Manual TUI interaction beyond automated skills prompt and QA PTY coverage
Route DEEPSEEK_BASE_URL through the active provider config instead of leaving
self-hosted providers on their localhost defaults. This makes --base-url work
for Ollama and vLLM while preserving provider-specific env overrides.
On WSL2 with Windows drives mounted at /mnt/c, git snapshot operations
can take 30+ seconds due to the slow 9P filesystem bridge. The original
code sent TurnStarted *after* the snapshot, causing the UI's 30-second
dispatch watchdog to fire with 'Turn dispatch timed out; the engine may
have stopped' before the turn ever appeared to start.
This commit sends TurnStarted immediately before the snapshot, so the
UI shows progress while the snapshot runs in the background.
- Check for both .deepseek and .deepseek/ to prevent duplicates
- Ensure trailing newline before appending to avoid joining with unterminated line
- Add tests for both edge cases
When /init runs inside a git repository, automatically append .deepseek/
to .gitignore so that workspace-local state (instructions, snapshots,
pastes) is not accidentally committed.
The helper ensure_deepseek_gitignored() checks for an existing .git
directory, reads the current .gitignore (if any), and appends the entry
only when it is not already present. Non-fatal if the file cannot be
written (e.g. read-only filesystem).
Includes four tests covering creation, append, idempotency, and
non-git-repo skip behaviour.
Fixes#1326
Sort discovered tools by name in three places so the prompt prefix
the model sees is deterministic across runs regardless of server
pagination order:
- McpConnection::discover_tools — after all pages collected
- McpPool::all_tools — after iterating connections
- McpPool::to_api_tools — final block sent to the model
Adds a regression test that exercises a 2-page paginated discovery
with reverse-ordered tools and asserts the result is sorted.
Adapts the production sort idea from @hxy91819's PR; the test
infrastructure here uses the existing ScriptedValueTransport rather
than introducing a parallel MockTransport with a different trait
signature.
Co-Authored-By: hxy91819 <hxy91819@gmail.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Error messages containing environment variable names like
DEEPSEEK_ALLOW_INSECURE_HTTP were mangled by markdown rendering:
the inline _italic_ parser consumed underscored segments (e.g.
_ALLOW_ → italic ALLOW without underscores), resulting in the
illegible DEEPSEEKALLOWINSECURE_HTTP displayed to the user.
Switch HistoryCell::Error from render_message (which routes through
markdown_render::render_markdown_tagged) to wrap_plain_line, which
renders the message body verbatim while preserving the existing
severity label, bold prefix, and continuation-rail layout.
Closes#1303
Extract the duplicated try_lock retry loop into a generic helper method
retry_lock<T>() that retries up to N times with 1ms pauses. This improves
readability and makes the retry pattern reusable.
Addresses review feedback from gemini-code-assist.
The /clear command was not reliably clearing the Todos sidebar because
clear_todos() used a single try_lock() attempt. When the engine held
the mutex during tool execution, the lock acquisition failed and todos
persisted across /clear commands.
Replace the non-blocking try_lock with a retry loop (up to 100 attempts,
1ms apart) so /clear waits briefly for the mutex and always clears todos.
Also add a regression test clear_todos_resets_todos_list that seeds todos
and asserts they are empty after /clear.
Fixes#1258
Replace the upstream inert-scrollbar test (transcript_scrollbar_gutter_
is_not_draggable) with one that asserts the gutter starts a scrollbar
drag rather than a text selection, matching the intended behaviour
where the visible scrollbar thumb remains interactive.
The other 17 test failures in the CI run are pre-existing Windows/local
environment issues (Python REPL / skills fixture pollution) unrelated
to this change.
- Wire mouse_hits_transcript_scrollbar into the Left-Down handler so the
scrollbar thumb remains draggable after rebase onto upstream/main.
- Fix clippy::useless_format in memory-overhead test.
Simulate a 30-turn complex session (user → thinking → assistant →
tools) and assert the rail_prefix_widths vector stays under 1 MB even
in pathological sessions. The test reports exact memory figures via
eprintln! for diagnostic visibility.
Replace the hardcoded three-glyph TOOL_CARD_RAIL_PREFIXES set (only
covered tool-card rails) with iterative structural detection that
handles all TUI decoration glyphs:
- Iterates through consecutive leading decorative spans so tool headers
with multiple prefix spans (e.g. "• ▶ run issue") are fully stripped.
- Pattern A: "<glyph>[<glyph>…]<space>" where all non-space chars are
drawing characters — covers single-glyph (▏, ▶, ⌕) and multi-glyph
prefixes (⋮⋮).
- Pattern B: "<glyph>" + lone space span — covers assistant/user glyphs
(●, ▎).
- Covers Box Drawing, Block Elements, Geometric Shapes, and individual
chars used as TUI decoration (•, …, ·, ⌕, ⋮).
Store rail-prefix widths in TranscriptViewCache so the copy path reads
metadata rather than guessing from glyphs.
When the user holds the left mouse button and drags past the top or
bottom of the transcript rect, advance the viewport on a fixed cadence
so a long passage can be selected in one drag. Also strip the visual
tool-card left-rail glyph (`╭ │ ╰`) from copied text so it does not
leak into the clipboard.
Auto-scroll:
* New `SelectionAutoscroll` state on `ViewportState` records direction
and the last in-bounds column while a drag is held outside the rect.
* Armed/disarmed by the existing `Drag(Left)` handler; cleared on
`Up(Left)`, on a fresh `Down(Left)`, and when the cursor returns
inside the viewport.
* A new per-loop helper `tick_selection_autoscroll` advances
`pending_scroll_delta` by ±1 line every 30 ms (~33 lines/sec) and
extends the selection head to the matching edge row, so the visible
selection rect stays glued to the cursor edge.
* The main loop's `poll_timeout` is clamped to the next autoscroll
tick so the loop wakes up on cadence even with no input events.
Copy artifact:
* `line_to_plain_for_copy` returns `(plain_text, rail_prefix_width)`,
stripping a leading rail glyph span when present.
* `selection_to_text` shifts recorded selection columns left by the
rail width before slicing so visible selection bounds still match.
Tests:
* `drag_above/below_viewport_arms_autoscroll_*` — verify direction
and clamped column for vertical-out drags.
* `drag_back_inside_disarms_autoscroll` — re-entering clears state.
* `mouse_up_clears_selection_autoscroll` — release ends autoscroll.
* `tick_selection_autoscroll_advances_pending_scroll_when_due` —
cadence advances scroll and head; `_respects_cadence` blocks early
ticks; `_clears_when_drag_ended` self-heals if drag state is lost.
* `line_to_plain_for_copy_*` — rail glyph stripping for top/middle/
bottom rails plus negative tests for plain spans, OSC-8 wrappers,
and lines whose plain text legitimately starts with `│`.
* Strengthened `selection_to_text_copies_rendered_transcript_block`
to assert no `│ ` line-prefix leaks.
The earlier build-script fix only watched .git/HEAD, which catches
branch switches and detached-HEAD moves but NOT git commit on the
current branch — the commit updates the underlying ref file
(refs/heads/<name> or packed-refs after pack-refs), and HEAD itself
stays unchanged. So the embedded short-SHA in deepseek --version went
stale on the same-branch-commit case the fix was supposed to cover.
Resolve the symbolic ref at build time and watch:
- the loose ref file (refs/heads/<branch>)
- packed-refs (Cargo treats a non-existent rerun-if-changed path as
always-changed, which covers the loose to packed transition after
git pack-refs)
Detached HEAD is unchanged: HEAD itself contains a SHA, no symbolic
deref happens, and HEAD-as-watched still triggers on every move.
Adds parse_symbolic_ref + 4 unit tests covering: stripped prefix,
no trailing newline, detached SHA, empty input.
Smoke verified: with the previous fix, an empty commit on the same
branch did not bust the cache. With this commit, it does.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Windows Terminal mouse-capture default-on change in #1169 also
restores the v0.8.14 wheel-scrolls-transcript behavior on Windows
Terminal. Before mouse capture, the terminal interpreted wheel events
as input-history navigation keys; with capture on, wheel events come
into the TUI and dispatch to the viewport scroll handler.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The stdio MCP spawn site discarded server stderr (`Stdio::null`), so a
server that crashed after \`initialize\` left only "Stdio transport
closed" — useless for debugging.
Pipe stderr now and drain it into a bounded ring buffer
(\`StderrTail\`, capped at 64 lines) via a tokio task. When the read
side fails (EOF or IO error), the transport error includes the
captured stderr tail so callers see why the server died.
Adds a unix-only regression test that spawns
\`sh -c 'echo >&2; exit 1'\` and asserts the stderr line propagates
through the recv() error.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The application's drag-select clamps to the transcript area; selection
that appeared to cross into the right sidebar on Windows was actually
the terminal handling the drag natively because Windows defaulted
`mouse_capture = false`. That default was set to dodge the
mouse-mode-leak failure mode from #878 / #898 on legacy conhost, but
modern Windows Terminal handles mouse mode cleanly.
`default_mouse_capture_enabled` now branches on `WT_SESSION`:
- Set (Windows Terminal): default on, sidebar isolation works.
- Unset (legacy conhost / older Windows hosts): default off, same as
before — explicit `--mouse-capture` or `[tui] mouse_capture = true`
still opts in.
Adds two regression tests on the Windows path covering both branches.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds three additional cases to the rail-on-code-block guard:
- multi-line SQL fence after an intro paragraph (issue #1212 repro)
- fenced block with an embedded blank line (different wrap branch)
- a single source line long enough to wrap inside the fence
The existing fix in caf77949d already covers these, but the original
test only asserted on a 2-line fence with no wrap. The wider coverage
locks the current behavior so a future markdown-render rewrite can't
silently regress the visible \`▏\` rail back into code output.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
`changelog_entry_exists_for_current_package_version` reached for
`CARGO_MANIFEST_DIR/../../CHANGELOG.md`, which assumes a workspace
checkout. Running the test from a packaged crate (no parent workspace)
panicked instead of skipping.
Walk up from `CARGO_MANIFEST_DIR` looking for `CHANGELOG.md`. Inside
the workspace it still finds the top-level file; outside the workspace
the gate quietly skips with a printed note instead of panicking.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
`build.rs` only declared `rerun-if-env-changed` for `DEEPSEEK_BUILD_SHA`
and `GITHUB_SHA`. With no `rerun-if-changed` directives, Cargo cached
the build-script output across commits and the embedded short-SHA in
`DEEPSEEK_BUILD_VERSION` (visible in `--version`) went stale until the
next `cargo clean`.
Add a `cargo:rerun-if-changed=<workspace>/.git/HEAD` directive in both
the `cli` and `tui` build scripts. Handle both layouts: a regular
checkout (`.git` is a directory) and a worktree (`.git` is a pointer
file containing `gitdir: <path>`), so the SHA stays current in either
case.
Verified: touching `.git/HEAD` now triggers a recompile of the affected
crate; `--version` reflects the current commit on the next build.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two responsibly-disclosed security fixes:
- GHSA-88gh-2526-gfrr (@JafarAkhondali)
- GHSA-72w5-pf8h-xfp4 (@47Cid)
Plus version bump, CHANGELOG, regression tests for both.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Crossterm routes the same logical commands through the WinAPI console
backend on Windows, so EnableFocusChange / Push keyboard flags /
EnableMouseCapture / EnableBracketedPaste never reach the writer as
ANSI bytes there. Gate the byte-level test with cfg(not(windows)) and
add a windows-only smoke test that just exercises the function for
panic-freedom.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The "message" arm wrapped its work in `if !data.trim().is_empty()`,
which clippy::collapsible_match flags. Move the predicate into a
match guard so the inner branch is the only body.
No behavior change.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
reidliu41