The await_holding_lock allow attributes were patched in without a final newline, which cargo fmt --check (and the release parity job) rejected. Restoring it.
Remove stale v0.8.59 release docs (release-notes-v0.8.59.md, docs/V0_8_59_RELEASE_TRIAGE.md) now that v0.8.59 is shipped.
Clear three clippy release-gate lints: const-evaluate the DEFAULT_SPAWN_DEPTH ceiling assert, and allow the intentional await_holding_lock on two Z.ai routing tests that must hold the test-env mutex across the await.
Credit new 0.8.60 models and first-party provider routes in the changelog: GLM-5.2 (Z.ai + OpenRouter), first-party Z.ai, StepFun/StepFlash (step-3.7-flash), and MiniMax (MiniMax-M3) routes (#3187/#3191). Regenerate the embedded crates/tui/CHANGELOG.md slice.
Fixes#3202.
Add first-party Z.ai, StepFun, and MiniMax rows to the shared model registry so provider-filtered list/resolve does not fall through to OpenRouter or DeepSeek defaults.
Teach the dispatcher model helper to honor top-level --provider as a fallback when the subcommand does not provide one, matching user-facing command intent.
Route explicit exec models through authenticated inventory when the configured route is unique, and fail early with a provider hint when the model alias is available from multiple configured providers.
Verification: cargo fmt --all --check; git diff --check; cargo test -p codewhale-agent -p codewhale-cli --locked; cargo test -p codewhale-tui explicit_exec_model --locked; cargo build -p codewhale-cli -p codewhale-tui --locked; debug model list/resolve smoke; debug Z.ai GLM-5.2 PONG smoke.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add a runnable provider/model inventory and use it for CLI auto routing so exec, review, ACP, and fleet worker subprocesses stop pairing stale root DeepSeek defaults with direct providers like Z.ai.
Forward codewhale fleet through the dispatcher instead of falling back to prompt mode, and tighten the runtime prompt policy for blocking choice questions after stale wakeups.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Wire the foreground fleet manager loop to FleetExecutor so leased tasks launch real codewhale exec workers, stream progress into the ledger, and record terminal receipts from subprocess outcomes. Remove the local_result simulation path and update manager tests to use a fake codewhale binary.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Refs #1310.
Adds the direct minimax provider slot, auth/config/env bindings, model aliases, docs, and picker/status surfaces. MiniMax requests now set reasoning_split and preserve reasoning_details history so thinking stays out of answer text.
Also updates Moonshot/Kimi reasoning classification for the Kimi Code route so reasoning_content streams into Thinking cells instead of inline prose.
Adds : an append-only JSONL ledger that
survives process restart and reconstructs queue/worker state.
- Records runs, task inbox entries, leases, lifecycle events, heartbeats,
receipts, and alert decisions.
- Replays the ledger to rebuild on startup.
- Atomic temp-file writes guard against partial writes; malformed lines
are skipped during replay.
- Provides , , , , and a
compaction helper.
- Six tests cover create/rebuild, enqueue/claim, restart survival,
partial-line tolerance, event/heartbeat reconstruction, and receipts.
Closes#3156.
* feat(config): implement verbosity settings with normal and concise modes
* fix(config): wrap unsafe env calls in tests and fix clippy/fmt errors for CI
* perf(config): avoid verbosity prompt allocations
Phase 0:
- Rename runtime API metadata to CodeWhale Runtime API while keeping
DeepSeek-prefixed env vars and headers as aliases.
- Add CODEWHALE_RUNTIME_TOKEN primary with DEEPSEEK_RUNTIME_TOKEN fallback.
- Accept x-codewhale-runtime-token header alongside x-deepseek-runtime-token.
- Change generated token prefix from dst_ to cwrt_.
- Add runtime_api_version, codewhale_version, transports, capabilities,
and experimental to /v1/runtime/info while preserving old fields.
- Update CLI help for --auth-token and --cors-origin.
- Add CODEWHALE_CORS_ORIGINS with DEEPSEEK_CORS_ORIGINS alias.
Phase 1:
- Split inline pub mod runtime into crates/protocol/src/runtime/mod.rs.
- Add DynamicToolSpec, DynamicToolItemStatus, DynamicToolCallParams,
DynamicToolCallResult, DynamicToolCallContent, and TurnEnvironmentParams.
- Accept dynamic_tools and environments on thread create, plus
dynamic_tools and environment_id on turn start (no-op in Phase 0/1).
Tests:
- Update existing auth/health/runtime_info tests for new naming.
- Add header alias tests and dynamic-tool request deserialization tests.
- Add protocol crate round-trip tests for all new types.
Co-authored-by: CodeWhale Agent <codewhale-agent@hmbown.local>
Harvests #3052 onto the v0.8.59 release branch. Noninteractive CLI launches default to concise output discipline unless config, env, or --verbosity overrides it; interactive TUI launches remain normal by default.
Also forwards CODEWHALE_VERBOSITY as the primary env bridge while keeping DEEPSEEK_VERBOSITY for compatibility, documents the setting, and records @cyq1017 credit in both changelogs.
Add an explicit /context report|json|summary source-map surface while preserving plain /context as the existing inspector.
Expose the same diagnostic map through doctor --context-json for headless checks. The report uses the existing compaction token heuristic and labels counts as conservative estimates rather than exact provider billing.
Modified harvest from PR #3150 by @idling11.
Co-authored-by: idling11 <8055620+idling11@users.noreply.github.com>
Harvests the narrow CLI/TUI exec model propagation fix from PR #3148 while honoring the CodeWhale model env alias before the legacy DeepSeek model handoff.
Co-authored-by: hongchen1993 <269377208+hongchen1993@users.noreply.github.com>
Headless exec hardening for benchmark/CI/droplet use:
- New CLI flags: --allowed-tools, --disallowed-tools, --max-turns, --append-system-prompt
- Add disallowed_tools to EngineConfig + command_denies_tool() helper
- run_exec_agent threads all four flags into EngineConfig and Op::SendMessage
- needs_engine now includes flag presence for standalone exec use
Completes the in-progress OpenAI Codex provider and bumps the workspace to
0.8.55. Builds on the committed Together AI provider + model catalog work.
OpenAI Codex (ChatGPT) provider — experimental:
- Wire the previously-dead OAuth module into credential resolution. The TUI
config now resolves the access token via the Codex CLI login in
~/.codex/auth.json (env overrides OPENAI_CODEX_ACCESS_TOKEN/CODEX_ACCESS_TOKEN),
refreshing expired tokens synchronously via the OpenAI token endpoint —
mirroring the existing Kimi OAuth flow rather than introducing a new pattern.
- Send the ChatGPT backend's required headers from the Responses client
(chatgpt-account-id, OpenAI-Beta: responses=experimental, originator) and
stop duplicating the Authorization header already installed on the client.
- Fix the cli crate's non-exhaustive ProviderKind matches (compile blocker).
Consistency / de-slop pass (so the provider fits the whole app, not one path):
- has_api_key_for / active_provider_has_config_api_key now detect the Codex
OAuth login on disk, the same way they detect Kimi OAuth — a `codex login`
user is no longer reported as unauthenticated.
- Replace the bogus OPENAI_CODEX_API_KEY hint (which exists nowhere else) with
the real OPENAI_CODEX_ACCESS_TOKEN/CODEX_ACCESS_TOKEN in the auth-error and
picker surfaces.
- Drop dead state in the Responses stream parser (unused ToolCallState fields /
imports); tool-call data is streamed live.
- Update docs/PROVIDERS.md, config.example.toml, and the provider-metadata wire
test for the Responses wire format.
Release:
- Bump workspace + crates + npm package to 0.8.55; update CHANGELOG.md and
crates/tui/CHANGELOG.md.
Note: the live Responses round-trip has not been exercised against the
production ChatGPT backend in this environment; the provider ships as preview.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Harvests provider-scoped TLS skip-verify from #1893 by @wavezhang. Disabled by default, active-provider-only, doctor-reported, and keeps SSL_CERT_FILE as the preferred custom CA path.
Harvested from PR #2501 by @HUQIANTAO.
Cache only explicit deterministic non-streaming tool-free requests, key entries by provider, route, account fingerprint, and final wire body, and zero usage on hits so local spend counters are not double-counted.
Co-authored-by: HUQIANTAO <58421104+HUQIANTAO@users.noreply.github.com>
Merge global MCP config with trusted workspace .codewhale/mcp.json files so project MCP servers appear in TUI, CLI, doctor, and runtime API flows. Project stdio servers default cwd to the workspace, project cwd escapes are rejected, and project MCP is ignored until workspace trust is recorded in user-owned config.
Fixes#2749
Reported by @yekern
Harvested from PR #2751 by @cyq1017
Add optional [search].base_url support for DuckDuckGo-compatible private search endpoints, including a preferred CODEWHALE_SEARCH_BASE_URL env override and the legacy DEEPSEEK_SEARCH_BASE_URL alias.
Network policy now gates the configured endpoint host, custom endpoints do not fall back to public Bing, non-DuckDuckGo provider/base_url combinations and challenge pages return explicit errors, and custom endpoint results report the configured host as their source.
Fixes#2436
Reported by @Artenx
Harvested from PR #2510 by @cyq1017
Co-authored-by: cyq1017 <61975706+cyq1017@users.noreply.github.com>
Harvested from PR #2760 by @sximelon
Fixes#2758
Show the canonical 'codewhale resume <session-id>' subcommand in the sessions footer instead of the invalid dispatcher form, and add a parser/footer regression test tying the hint to the actual Resume command.
Verification: cargo fmt --all -- --check; git diff --check; ./scripts/release/check-versions.sh; cargo test -p codewhale-tui --bin codewhale-tui --locked sessions_footer_points_to_resume_subcommand -- --nocapture; cargo clippy -p codewhale-tui --bin codewhale-tui --locked -- -D warnings.
Co-authored-by: sximelon <15710511+sximelon@users.noreply.github.com>
Install the ring rustls provider through a shared TUI helper and route reqwest client construction through it so no-provider TLS builds do not panic in engine, runtime API, tool, MCP, config, and test paths.
Keep the skill-installer integration include compatible with a local helper, and pin prompt byte-stability tests to an isolated home/skills environment under the shared env lock.
Verification: cargo fmt --all -- --check; git diff --check; ./scripts/release/check-versions.sh; cargo clippy --workspace --all-features --locked -- -D warnings; cargo test --workspace --all-features --locked; focused skill_install, finance, goal-tool, and MCP reruns.
Harvested from PR #2636 by @HUQIANTAO with widened cache invalidation for constitution files, generated context, trust state, canonical paths, and same-length overwrites.
Co-authored-by: HUQIANTAO <58421104+HUQIANTAO@users.noreply.github.com>
Harvest the HarmonyOS/OpenHarmony port from PR #2634 and make it publish-safe by target-gating unsupported host dependencies out of the OHOS TUI graph. Self-update is disabled on OHOS, PTY shell mode reports unsupported, and Starlark execpolicy parsing returns an explicit unsupported-platform error until upstream starlark/rustyline/nix support catches up.
Add OHOS SDK setup docs and launcher scripts, install the rustls ring provider for rustls-no-provider entrypoints, and keep the packaged codewhale-tui OHOS graph free of starlark, rustyline, nix@0.28, portable-pty, and arboard.
Validation: cargo fmt --all -- --check; git diff --check; git diff --cached --check; cargo check -p codewhale-cli --locked; cargo check -p codewhale-app-server --locked; cargo check -p codewhale-tui --locked; cargo test -p codewhale-cli --locked update::tests::; cargo test -p codewhale-release --locked; cargo test -p codewhale-tui --locked background_tty_command_has_controlling_terminal; cargo test -p codewhale-tui --locked clipboard; cargo package -p codewhale-tui --allow-dirty --no-verify --locked; packaged OHOS cargo tree checks. OHOS target check still requires a loaded OpenHarmony SDK/sysroot and currently stops in ring with missing assert.h when CC/CFLAGS/linker are unset.
Harvested from PR #2634 by @shenjackyuanjie.
Co-authored-by: shenjackyuanjie <54507071+shenjackyuanjie@users.noreply.github.com>
Add prompt_persist.rs module that caches the immutable base section of
the system prompt on disk for cross-session reuse. The base section
(mode prompt, project context, skills, context management, compaction
template) is stable across sessions for the same workspace. By caching
this section and reusing it when the SHA-256 matches, we can skip the
entire base-section assembly on session start and immediately provide
byte-identical bytes to the API.
This is especially valuable for DeepSeek's service-side prefix cache:
when the base section bytes are identical across sessions, the server
can reuse its cached KV states for the entire base section, giving ~90%
discount on cached tokens.
Cache layout:
~/.codewhale/prompt_cache/<system_hash>.bin — the base section text
~/.codewhale/prompt_cache/<system_hash>.meta — JSON metadata
The cache key is the SHA-256 of the base section text. The metadata
includes the workspace path and its mtime for invalidation on workspace
changes. Stale entries are evicted lazily based on age and workspace
mtime consistency.
The module exposes three public functions:
- load_cached_base_section(): try to load a cached base section
- save_cached_base_section(): save a base section to disk
- evict_stale_entries(): clean up old cache entries
This is the infrastructure layer only. Wiring it into the prompt
assembly pipeline (splitting base_section() + volatile_section()) will
be done in a follow-up change.
Hunter B