Two pieces:
**#1073 fix.** When a paste burst is currently being assembled, or when
the burst's Enter-suppression window is still open after a flush, the
trailing newline of the paste was firing `submit_input()` and the
in-flight burst buffer was getting destroyed by `clear_after_explicit_paste()`.
The PasteBurst module already exposed `newline_should_insert_instead_of_submit`
and `append_newline_if_active` for exactly this case, but no caller had
been wired up. Added `App::handle_composer_enter`, which checks the
suppression state and either appends `\n` to the burst buffer or inserts
it directly into the composer text — no submit. The `KeyCode::Enter`
arm in the composer event loop now dispatches through that helper.
Reproduces the Windows/PowerShell symptom from the report:
multi-line paste ending with `\n` no longer auto-submits AND the text
no longer leaks into the now-empty composer.
Four unit tests cover: active-burst Enter, post-flush window Enter,
normal Enter outside the window, and Enter with paste-burst detection
disabled (suppression must be off).
**PTY QA harness.** New `crates/tui/tests/support/qa_harness/` wraps
`portable-pty` (already a runtime dep) and `vt100` (new dev-dep) into
a small surface for scenarios that need a real PTY: spawn a binary,
send keys/paste/resize, parse the ANSI stream into a frame, assert
on visible text + filesystem state. The harness seals `$HOME` so
scenarios cannot read the developer's real `~/.deepseek/` and points
the base URL at 127.0.0.1:1 so no live request escapes. README under
`support/qa_harness/README.md` documents how to add a scenario.
Initial scenarios in `crates/tui/tests/qa_pty.rs`: smoke boot,
keystroke round-trip, and bracketed/unbracketed paste-with-trailing-
newline regression guards for #1073. The unbracketed scenario does
not deterministically reproduce the bug on macOS (single-syscall
PTY writes keep the burst continuously active), but the unit tests
above cover the path conclusively; the PTY test stands as a
regression guard for the visible-text invariant.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace the close-by-default admission rules with a find-value-first
posture. The new section in AGENTS.md says: every contribution has
value somewhere; harvest commits/files/ideas yourself rather than
asking contributors to split or resubmit; always credit; keep the
trust boundary on sandbox/providers/publishing/global-prompts but
own the work of getting there.
Bad-faith / prompt-injection contributions: close and block.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sets the `deepseek-cn` provider preset's default `base_url` to the official host (`https://api.deepseek.com`) per [api-docs.deepseek.com](https://api-docs.deepseek.com/). Keeps recognizing `api.deepseeki.com` in URL heuristics and chat-client normalization so existing configs continue to work, and updates the `doctor` strict-tool-mode endpoint hint, docs, and examples accordingly.
Closes#1079. Thanks to @Jefsky for the fix.
Aligns the slash-menu cache with `discover_in_workspace`, so global `~/.deepseek/skills` and `~/.claude/skills` skills appear alongside project-local `.agents/skills` in the slash menu, `/skills` listing, and `/skill <name>` lookups. Also strips surrounding YAML quotes from `SKILL.md` frontmatter values, so a skill declared as `name: "hud"` registers as `hud` and matches prefix lookup.
Closes#1068. Thanks to @AlphaGogoo / @Duducoco for the fix and the test.
Summary:
- Keep default auto alternate-screen mode inside the TUI so transcript scrolling stays app-owned unless users explicitly opt out.
- Queue terminal resume events when the engine channel is full, avoiding stranded paused terminal state after interactive tool cancellation or bursts.
- Scope crash-checkpoint recovery to the resolved launch workspace instead of the shell cwd.
- Add runtime deepseek_version to the prompt environment block so agents can distinguish installed runtime identity from a stale checkout.
Test plan:
- cargo test -p deepseek-tui --locked on a simulated merge with current main
- cargo fmt --all -- --check
- git diff --check
- Existing PR CI was green for lint, version drift, Linux/macOS/Windows tests, npm wrapper smoke, and GitGuardian.
Summary:
- Use Reverse for job timestamp sorting to avoid negation overflow edge cases.
- Make secret redaction UTF-8 safe while preserving the previous short-secret threshold.
- Update remaining setup and doctor guidance to use the supported deepseek dispatcher name.
Test plan:
- cargo test -p deepseek-config list_values_redacts --locked
- cargo test -p deepseek-core --locked
- cargo test -p deepseek-tui doctor_endpoint_tests --locked
- cargo fmt --all -- --check
- git diff --check
Supersedes #957.
Summary:
- Stop treating -v as an npm wrapper version fallback.
- Keep wrapper fallback for --version and -V.
- Add a Node regression test for wrapper version flag detection.
Test plan:
- npm test from npm/deepseek-tui
- git diff --check origin/main...HEAD
Supersedes #959.
Summary:
- Add a mouse-only jump-to-latest affordance when the transcript is scrolled away from the live tail.
- Hide the control at the tail or when mouse capture is disabled.
- Add tests for visibility and click behavior.
Maintainer verification on current origin/main:
- cargo test -p deepseek-tui jump_to_latest --locked
- cargo fmt --all -- --check
- git diff --check origin/main...HEAD
Closes#971
Summary:
- Truncate oversized memory prompt content at the previous valid UTF-8 character boundary.
- Preserve the existing memory cap and truncation marker behavior.
- Add regression coverage for accented and emoji content crossing the byte cutoff.
Maintainer verification on current origin/main:
- cargo test -p deepseek-tui memory --locked
- cargo fmt --all -- --check
- git diff --check origin/main...HEAD
Summary:
- Treat Ctrl+H as Backspace in the help overlay filter.
- Document the terminal erase behavior inline.
- Add regression coverage for the help filter widening after Ctrl+H.
Maintainer verification on current origin/main:
- cargo test -p deepseek-tui ctrl_h_widens_match_set --locked
- cargo fmt --all -- --check
- git diff --check origin/main...HEAD
Fixes#958
Summary:
- Skip empty auto-created sessions when continuing a workspace.
- Recover a saved session ending in an unanswered user prompt as an editable draft instead of auto-resubmitting it.
- Preserved and repaired the local Qthresh poisoned session records by moving them to ~/.deepseek/sessions/recovery-backups/qthresh-2026-05-07-auto-poison.
Test plan:
- cargo test -p deepseek-tui latest_session_for_workspace_skips_empty_auto_created_session --locked
- cargo test -p deepseek-tui apply_loaded_session_restores_dangling_user_tail_as_retry_draft --locked
- cargo test -p deepseek-tui --locked
- cargo fmt --all -- --check
- git diff --check
- git diff --check origin/main...HEAD
- cargo clippy -p deepseek-tui --all-targets --all-features --locked -- -D warnings
Closes#988
Closes #944\n\n## Summary\n- mark Docker/GHCR publishing as experimental while the package is not publicly readable\n- align installer and release docs with the live npm/Scoop state\n- keep package-channel verification explicit for release triage\n\n## Test plan\n- ruby -e 'require "yaml"; YAML.load_file(".github/workflows/release.yml"); puts "release.yml ok"'\n- cargo test -p deepseek-tui-cli update::tests::test_asset_matching_accepts_binary_assets_and_rejects_checksums --locked\n- cargo fmt --all -- --check\n- git diff --check origin/main...HEAD\n- CI: Version drift, Lint, Test (ubuntu-latest), Test (macos-latest), Test (windows-latest), npm wrapper smoke
Closes#899.
Detects light terminal profiles from COLORFGBG, keeps the existing dark theme as the fallback, and maps DeepSeek dark-palette cells to readable light surfaces in the existing ColorCompatBackend.
Local verification:
- cargo fmt --all -- --check
- cargo test -p deepseek-tui palette --all-features
- cargo test -p deepseek-tui color_compat --all-features
- cargo build
CI: all required checks passed on #931.
Integrates source PR #525 by @shentoumengxin.
Adds `/anchor` for critical user facts that should survive compaction via `.deepseek/anchors.md`. Keeps `/pin` unregistered so the resident-context `/pin` lane remains available, and renders anchors as structured bullets in compaction summaries instead of raw separator text.
Local verification:
- cargo fmt --all -- --check
- cargo test -p deepseek-tui anchor --all-features
- cargo build
CI: all required checks passed on #930.
Co-authored-by: ZZHAsus <3075047037@qq.com>
* feat(tui): add `notification_condition` override + assistant text in body (#820)
`[notifications]` already controls method (auto/osc9/bel/off), the
`threshold_secs` gate, and the `include_summary` body. Some users
want a simpler high-level switch — "always notify on every turn" or
"never notify" — without having to know the lower-level fields.
This adds a single optional `[tui].notification_condition` field:
- `"always"` — notify on every successful turn (no duration
threshold). The configured `[notifications].method` and
`include_summary` flag are still respected.
- `"never"` — suppress all turn-completion notifications.
- omitted — fall back to the existing `[notifications]` defaults
(the v0.8.15 behavior is unchanged).
The OSC 9 / BEL body now also carries the assistant's reply text,
sanitized and truncated to 360 characters, with a fallback to the
latest assistant message in `api_messages` when the streaming buffer
was empty (e.g. a tool-only turn). When `include_summary = true`,
the elapsed/cost line is appended on a new line.
Drive-by: drop the unused `Method::from_str` helper (the new code
match-arms over the typed `NotificationMethod` enum, so the parser
helper had no remaining callers).
Differences from upstream #820:
- Keeps the `[notifications]` section in `config.example.toml`
(with `notification_condition` documented as an opt-in override)
rather than deleting the existing block. This avoids breaking
configs that already set `[notifications].method` etc.
- Drops the unrelated `#[allow(dead_code)]` on
`schema_migration::registry`.
- Threads `Option<CostEstimate>` through the helper (the cost
surface changed from `Option<f64>` since #820 was authored).
Tests:
- `notification_settings_*` (3) — `always` keeps the configured
method, `never` returns `None`, missing override falls back.
- `completed_turn_notification_*` (4) — streaming text wins, falls
back to latest assistant message, default placeholder, and 360-char
truncation with `...`.
Integrates #820.
Co-authored-by: zero <1603852@qq.com>
Co-authored-by: zerx-lab <161401688+zerx-lab@users.noreply.github.com>
* style: fmt — collapse short test message helper calls
---------
Co-authored-by: zero <1603852@qq.com>
Co-authored-by: zerx-lab <161401688+zerx-lab@users.noreply.github.com>
Replace the model's first-message language detection with a
deterministic `## Environment` block at the top of the workspace-
static portion of the system prompt. The block lists:
- lang: resolved BCP-47 tag (`en`, `zh-Hans`, `ja`, `pt-BR`)
- platform: `std::env::consts::OS`
- shell: `$SHELL` (or `unknown`)
- pwd: workspace path
`base.md`'s `## Language` directive now points the model at the
`lang` field instead of asking it to guess from the user's first
turn. When `lang` is missing or ambiguous the existing detect-from-
writing fallback still applies.
The block is injected at "step 2.25" in the prompt builder — after
mode prompt + project context, before the configured `instructions`
files and the skills section — so it lives in the same workspace-
static cache layer as the surrounding blocks. All four inputs
(locale tag, platform, shell, pwd) are resolved once per session
and stay byte-stable across turns, preserving prefix-cache hits.
`render_environment_block` is intentionally I/O-free: callers pass
the resolved locale tag in `PromptSessionContext.locale_tag` /
`EngineConfig.locale_tag`. `resolve_locale(...)` is invoked once
when constructing the engine config in `tui::ui`, `runtime_threads`,
and `run_exec_agent`.
Tests:
- `render_environment_block_lists_supplied_locale_and_workspace`
- `environment_block_is_inserted_into_system_prompt`
Verified:
- `cargo test -p deepseek-tui --bin deepseek-tui` (2224 passed)
- `cargo test -p deepseek-tui-core --test snapshot --locked`
- `cargo clippy -p deepseek-tui --all-targets -- -D warnings`
- `cargo fmt --all -- --check`
Integrates #813.
Co-authored-by: lloydzhou <lloydzhou@qq.com>
After `deepseek fork` saves the forked session, surface the source
session title and the truncated source/new session ids so the user
sees what was created before the TUI takes over the screen.
Implementation differs slightly from the original PR:
- Reuse the existing `session_manager::truncate_id` helper instead of
defining a second copy in `main.rs`.
- Guard against an empty saved-title string so the line stays
readable for unnamed sessions.
This is a UX-only addition that does not address the broader
`/fork` request from #576; that one is asking for an in-TUI fork
picker, which is out of scope for v0.8.15.
Integrates #600.
Co-authored-by: macworkers <Mann_Juarezxgs@cash4u.com>
Null bytes embedded in command strings can be used to slip past
parsers that treat them as terminators while shells still see the
trailing payload. The existing analyzer already blocks `\n` / `\r`
multi-line input but lets `\0` through; add a matching dangerous
classification beside it.
This PR intentionally takes only the null-byte slice from #706. The
broader `command.contains("eval")` / `command.contains("exec ")`
guard from the same PR is *not* applied because it false-positives on
routine commands such as `cargo run -- eval` (the offline eval
harness) or any binary whose name contains `eval` (`evaluator.py`,
`primeval`). A regression test pins that behavior.
Tests:
- `test_null_byte_is_blocked` — `ls\0 -la` and `echo hello\0world`
classified as Dangerous.
- `test_eval_substring_is_not_misclassified` — `cargo run --bin
deepseek -- eval` and `python evaluator.py` are *not* Dangerous.
Integrates #706.
Co-authored-by: 浩淼的mac <haomiaodemac@haomiaodemacdeMacBook-Air.local>
Surface the existing `deepseek update` self-update command in the
English and Chinese README command listings so users can discover it
without reading source. The `deepseek update` subcommand has shipped
since the dispatcher gained `crates/cli/src/update.rs`.
This integration takes only the README slice from #838. The startup
GitHub-Releases polling check from the same PR is intentionally
deferred until it can be made opt-in / config-backed without adding
unconditional network calls or perceptible startup latency.
Integrates #838.
Co-authored-by: leo119 <leo.hou0924@gmail.com>
Integrates #856 as a focused runtime API security slice.
Default local behavior remains unchanged. `/v1/*` routes require a token only when `--auth-token` or `DEEPSEEK_RUNTIME_TOKEN` is set, and `/health` remains public for readiness checks.
Co-authored-by: Zhuoran Deng <dengzhuoran9@gmail.com>
Integrates #879 safe lockfile dependency updates.
Regenerated the dependency bumps on current main so workspace crates stay on v0.8.15. The Dockerfile edits from #879 were intentionally left out because they pin stale Debian package versions and add an invalid trailing `MD []` instruction.
Co-authored-by: RinZ27 <222222878+RinZ27@users.noreply.github.com>
Integrates the useful custom HTTP header support from #881 onto current main.
- support root, provider-specific, and DEEPSEEK_HTTP_HEADERS overrides
- apply validated extra headers to model API requests while preserving protected Authorization and Content-Type defaults
- document the config shape in README, config.example.toml, and docs/CONFIGURATION.md
Co-authored-by: Desheng <8596814+dst1213@users.noreply.github.com>
Hunter Bown