Only count the dialog frame padding row when padDialogFrame actually inserts it, so the btw editor cursor stays on the input row after a turn.
Co-authored-by: mi-skam <40042054+mi-skam@users.noreply.github.com>
read tool and Anthropic builder derived an image's media type from its
file extension, so a .png file containing JPEG bytes was declared
image/png. Anthropic sniffs the real bytes and 400s the whole request
on a mismatch, breaking the session and making it impossible to resume.
- read tool now sniffs the real format from magic bytes (sniffImageMIME)
- Anthropic request builder reconciles declared MIME against the actual
bytes on every outbound image, repairing already-persisted sessions on
continue/resume
- kitty renderer re-encodes non-PNG images to PNG (f=100 is PNG-only),
fixing empty image boxes for JPEG/GIF screenshots
filepath.IsAbs("/etc") is false on Windows, so the cd-escape check
folded "/etc" back inside root via filepath.Join and let it through,
failing CI. Treat a leading forward slash that is not OS-absolute as an
escape attempt.
#38: emit OSC 7 (ESC ]7;file://host/path) on TUI setup and /cd so
terminals like kitty open new tabs/splits in the launch cwd instead of
inheriting a stale extension-subprocess directory. Verified end-to-end
against kitty 0.46.2.
#39: stop blanket-rejecting cd into subdirectories of the sandbox root.
CheckCommand now resolves the cd target and rejects only real escapes.
Add Sandbox.DisplayPath to present jailed tool-result/error paths
relative to root, reducing the absolute-path bias that pushed the model
toward unjailing.
Keep built-in models visible when merging models.json, accept custom provider API keys through the login flow, preserve model-level base URLs, and route custom clients through the scoped HTTP wrapper.
Also register providers from model-level baseUrl metadata, warn on unknown api values, dedupe login picker entries, and cover the custom-provider behavior with regression tests.
Co-authored-by: pulyankote <4314305+pulyankote@users.noreply.github.com>
Custom provider metadata now lives entirely in $ZOT_HOME/models.json
instead of a separate provider-config.json or auth.json base_url entry.
- Extend UserProvider to carry baseUrl and api format (openai/anthropic).
- Recognize custom providers in Resolve, the login picker, and the model
list when credentials exist.
- Persist only API keys in auth.json; base URLs are read from models.json.
- Normalize custom provider env vars so my-company uses MY_COMPANY_API_KEY.
- Reuse NewOpenAICompat/NewAnthropicCompat for user-defined endpoints.
- Drop the checked-in provider-config.json example and modelListEndpoint.
Builds on s3rj1k's --insecure flag (#35) but limits insecure TLS to the
resolved inference client for an explicit --base-url, instead of mutating
http.DefaultTransport process-wide. Built-in providers, auth, and model
discovery keep normal certificate verification. Documents the flag in
the CLI reference.
Co-authored-by: s3rj1k <evasive.gyron@gmail.com>
In flat (non-recursive) mode, typing a filter to locate a directory and
then opening it with Right re-applied that same filter inside the
directory. Typing "@eda" then Right to open eda/ showed nothing,
because no child of eda/ matches "eda". The filter the user typed
selected the directory at the current level; it has no meaning one
level deeper.
Clear the text after the last "@" (keeping the bare "@" so the picker
stays open) whenever Right or Left successfully changes the browse
level. The filter was scoped to the level just left, so dropping it
shows the new directory's full contents.
Adds a regression test that opens eda/ after an "@eda" filter and
asserts the directory's contents are listed while the stale filter
would have matched nothing.
The recursive @-picker only read the repo's root .gitignore, so a
nested .gitignore (e.g. .opencode/.gitignore ignoring its own
node_modules) was invisible. WalkDir visits lexically, so a
dot-prefixed vendored tree got walked first and its node_modules
flooded the 5000-entry budget before the walk ever reached deeply
nested source files. The picker then fuzzy-matched against junk and
never surfaced the real target.
- Add ignore.Stack: a per-directory .gitignore chain pushed/popped as
the recursive walk descends, with git-style nearest-file-wins
semantics including nested negations. scanRecursive now prunes
nested-ignored trees like node_modules.
- Raise maxRecursiveEntries 5000 -> 50000 and maxRecursiveDepth
12 -> 24. The bottleneck is per-keystroke fuzzy.Find, not memory:
a fileEntry is ~120 bytes (~6 MB at 50k), and benchmarked
fuzzy.Find latency is ~2ms @ 5k, ~13ms @ 50k, ~21ms @ 100k, so 50k
keeps ranking under one 60Hz frame while holding a large monorepo
once nested-gitignore pruning has done its job.
Verified against the reporting monorepo: the fully-pruned tree is
4397 entries (node_modules=0), scan ~360ms once (cached after),
match ~2.5ms per keystroke, and @pipeline.py now finds
eda/rjg/enk-1150/pipeline.py.
Adds regression tests at both the ignore.Stack layer and the
file_suggest layer, including a repro of the nested-node_modules +
deep-file scenario.
Previously gitignore filtering ran only in recursive mode; the default
flat directory browse showed .git/, node_modules/, etc. Apply it in
both modes and make it user-controllable.
- Flat scan() now also skips .git and gitignored entries.
- New respectGitignore flag on the suggester (default on), persisted as
respect_gitignore in config.json, surfaced as a /settings checkbox,
and plumbed through SettingsStore/InteractiveConfig/cli. Toggling
flips the picker live.
- .git is always pruned in recursive mode regardless of the toggle, to
protect the entry budget.
- Tests for flat-mode filtering and the toggle across both modes.
Replace the static recursiveSkipDirs list (which would inevitably drift
as new tools appear) with the project's root .gitignore. Most caches
that bloat a recursive walk \u2014 build outputs, dependency dirs, and IaC
caches like .terraform/.terragrunt-cache \u2014 are already gitignored in
real projects.
- Extract the existing .gitignore matcher from agent/extcmd.go into a
new leaf package, packages/ignore, so packages/agent/modes can share
it without an import cycle. extcmd keeps thin aliases for its tests.
- scanRecursive now loads the root .gitignore and prunes ignored
entries, plus an unconditional .git skip (rarely self-listed).
- Tests: gitignore-driven pruning in the picker, plus unit tests for
the extracted matcher.
No new dependencies.
Add Terraform/Terragrunt/Pulumi/Serverless/CDK provider and module
caches to the recursive walk skip list. These hold copies of
downloaded providers and generated module trees that would otherwise
dominate the entry budget with non-source files.
The @-mention file picker previously did a plain case-insensitive
substring match within a single directory, only reachable nesting via
arrow-key drill-down.
- Rank matches with sahilm/fuzzy (pinned v0.1.1 to avoid the go 1.24.5
directive in v0.1.2, which would exceed CI's Go 1.23).
- Add a recursive mode that walks the whole project tree below cwd,
matching cwd-relative paths (e.g. @foobar finds src/foo/bar.go),
skipping heavy dirs (.git, node_modules, ...) and bounded by entry
and depth caps. Arrow drill-down is disabled in this mode.
- Persist as recursive_file_suggest in config.json, surfaced as a
/settings checkbox, plumbed through SettingsStore/InteractiveConfig/
cli. Toggling live flips the picker without a restart.
- Tests for fuzzy ranking, recursive cross-dir match, heavy-dir
pruning, and cache reset on toggle.
Turns omitted MaxTokens on the provider request, so Bedrock applied its
conservative 4096 default and silently truncated long writes/edits with
stopReason=length. In the TUI this read like the interaction timed out.
Thread the resolved model's catalog MaxOutput through to the request:
catalog Model.MaxOutput -> Resolved.MaxOutput -> Agent.MaxTokens
-> provider.Request.MaxTokens
Zero still falls back to each provider's own default, so models without a
catalog MaxOutput are unaffected. The SDK path inherits this via NewAgent.
Also surface StopLength explicitly in the TUI ('response hit the output
limit -- ask it to continue') instead of ending silently.
Tests: TestAgentPropagatesMaxTokens (Agent.MaxTokens reaches the wire) and
TestBedrockBuildRequestMaxTokens (non-zero flows through; zero -> 4096).
Allow extensions to emit an open_panel frame at any time, not just as
the action of a command_response. This makes it possible to build
approval gates, secret collection, and freeform user-input prompts
directly inside tool handlers.
Changes:
- extproto: add OpenPanelFromExt wire type
- extensions/manager: route spontaneous open_panel frames to hooks.OpenPanel
- ext/ext.go: add Extension.OpenPanel() SDK method
- tests: TestSpontaneousOpenPanel (manager), TestOpenPanelEmitsCorrectFrame,
TestBlockingToolWaitsForPanelKey, TestBlockingToolDenied (SDK)
- docs/plans: add spontaneous-panel.md design doc
The blocking tool pattern (open panel → block on channel → key event →
tool_result) requires no additional wire changes; it falls out of
standard Go concurrency on the extension side.
Part 3 (intercept timeout for built-in tool gating) is out of scope
and tracked separately.
On VS Code's xterm.js the transcript is taller than the viewport, so an
in-place clear (home + erase-to-end) only wipes the visible rows and the
scrolled-away part lingers in retained scrollback, stacking a duplicate
on the next full repaint.
- Clear() (Ctrl+L) now emits \x1b[3J under keepScrollback to actually
drop that scrollback, then homes and repaints. Accepts VS Code's
viewport-snap since the user explicitly asked for a clean screen.
- Overlay close (esc on a dialog, slash/file popup dismissal) now runs
the same Clear() so closing a picker purges the stale overlay rows
instead of leaving them in scrollback.
- Resize() does the same purge under keepScrollback; previously it
skipped the wipe and left a half-repainted old-width frame until the
user pressed Ctrl+L.
Other terminals keep their no-snap clear path.
- Shell escape: typing "!cmd" runs it via the bash tool's shell in the
session cwd, honoring the /jail sandbox. Output is parked below the
transcript as a styled terminal-log block until the next prompt or
/clear, so it never enters the model conversation. Shares busy state
with the agent: esc cancels it and no turn or other escape can start
while one is in flight.
- VS Code terminal: full repaints used \x1b[2J, which xterm.js scrolls
into scrollback and duplicates the frame. Clear in place via cursor
home + erase-to-end under keepScrollback; Clear()/Resize() no longer
eagerly wipe. Force a viewport-safe Invalidate on slash/file popup
open and close transitions there.
- Restore the live tool-call overlay behavior (keep in-flight boxes
visible until the tool_result reaches the transcript) and drop the
forced repaint at turn start.
- Document the shell escape in the README.
Map short/alternate provider names (bedrock -> amazon-bedrock, vertex,
gemini, azure, copilot, codex, ...) to their canonical ids in Resolve so
an alias is never treated as unknown and silently downgraded to
anthropic. Add a region-aware hint to Bedrock 403 responses on the
bearer route.
