v1.49.2

This release fixes an issue with the --pull-interval flag when using URL gordon references.

Bug Fixes

• Fixes blocking of --pull-interval flag when using URL gordon reference

Technical Changes

• Updates CHANGELOG.md for v1.49.1

---

What's Changed

• docs: update CHANGELOG.md for v1.49.1 by @docker-read-write[bot] in #2484
• Do not block --pull-interval flag when using URL gordon ref by @gtardif in #2485

Full Changelog: v1.49.1...v1.49.2

v1.49.1

This release improves the shell tool's command handling and fixes documentation inconsistencies.

Improvements

• Accepts "command" as an alias for "cmd" in shell tool calls to improve compatibility with different AI models
• Improves error messaging when shell commands are empty or blank

Bug Fixes

• Fixes documentation and code divergences reported in issue #2464 with 36 targeted corrections
• Prevents blank "cmd" parameters from interfering with "command" alias functionality

Technical Changes

• Updates configuration schema version to 8 in documentation
• Updates CHANGELOG.md for v1.49.0 release

---

What's Changed

• docs: update CHANGELOG.md for v1.49.0 by @docker-read-write[bot] in #2483
• shell: accept command as alias for cmd and improve empty-arg error by @trungutt in #2481
• docs: fix doc-code divergences reported in #2464 by @dgageot in #2479

Full Changelog: v1.49.0...v1.49.1

v1.49.0

This release improves DMR support, adds skill filtering capabilities, and includes several bug fixes for OpenTelemetry and security hardening.

What's New

• Adds support for filtering skills by name in agent YAML configuration
• Improves DMR support with better context size handling and structured configuration

Bug Fixes

• Fixes OpenTelemetry service resource schema alignment
• Fixes path traversal vulnerability and other security issues in artifact store, skills loader, hooks, shell and agent warnings
• Fixes OpenTelemetry import ordering in tests

Technical Changes

• Encodes agent source URL when using it as agent name and key for proper conversation handling in serve api
• Moves localhost helper comment in OpenTelemetry code

---

What's Changed

• docs: update CHANGELOG.md for v1.48.0 by @docker-read-write[bot] in #2470
• Improve DMR support by @krissetto in #2351
• fix(otel): align service resource schema by @pandego in #2442
• bump github.com/docker/cli from v29.4.0+incompatible to v29.4.1+incompatible by @dgageot in #2472
• Support filtering skills by name in agent YAML (#2404) by @dgageot in #2474
• Encode agent source URL when using it as agent name and key, so that it can be used properly in conversations when using serve api by @gtardif in #2473
• fix: harden artifact store, skills loader, hooks, shell and agent warnings by @dgageot in #2480

Full Changelog: v1.48.0...v1.49.0

v1.48.0

This release adds working directory configuration for MCP and LSP toolsets and improves toolset reliability with better retry handling.

What's New

• Adds optional working_dir field to MCP and LSP toolset configurations to launch processes from a specific directory

Bug Fixes

• Fixes retry behavior for MCP toolsets after tool calls within the same turn
• Stops retrying SQLITE_CANTOPEN (14) errors that cannot be resolved
• Fixes filepath handling to satisfy gocritic filepathJoin lint rule
• Returns explicit error when ref-based MCP resolves to remote server with working_dir

Technical Changes

• Documents working_dir field for MCP and LSP toolsets in configuration

---

What's Changed

• docs: update CHANGELOG.md for v1.47.0 by @docker-read-write[bot] in #2468
• feat: add optional working_dir to MCP and LSP toolset configs by @simonferquel-clanker in #2460
• Don't retry SQLITE_CANTOPEN (14) errors by @dgageot in #2466
• fix: retry LSP/MCP toolsets after tool calls, covering env-wrapped commands (fixes #2457) by @simonferquel-clanker in #2458

Full Changelog: v1.47.0...v1.48.0

v1.47.0

This release fixes several issues with AI model interactions, including title generation failures with reasoning models and shell command hangs.

Bug Fixes

• Fixes title generation failures with OpenAI reasoning models by using low reasoning effort instead of omitting it
• Fixes shell command hangs when a tool command backgrounds a child process
• Repairs malformed JSON in edit_file tool call arguments that was causing parsing failures
• Moves reasoning token budget floor to OpenAI provider for better token management

Improvements

• Increases title generation token budget for reasoning models to ensure adequate output space
• Adds thinking_display provider option for Anthropic models to control visibility of thinking blocks

Technical Changes

• Adds test assertion for non-empty title in end-to-end title generation tests

---

What's Changed

• docs: update CHANGELOG.md for v1.46.0 by @docker-read-write[bot] in #2455
• fix: title generation fails with OpenAI reasoning models by @trungutt in #2412
• fix: repair malformed JSON in edit_file tool call arguments by @trungutt in #2452
• Add thinking_display provider_opt for Anthropic models by @dgageot in #2451
• shell: fix hang when a tool command backgrounds a child process by @dgageot in #2462
• bump direct Go dependencies by @dgageot in #2463

Full Changelog: v1.46.0...v1.47.0

v1.46.0

This release adds OAuth credential configuration for MCP servers, evaluation testing improvements, and numerous stability fixes.

What's New

• Adds support for explicit OAuth credentials configuration for remote MCP servers that don't support Dynamic Client Registration
• Adds --repeat flag to eval command for running evaluations multiple times
• Adds support for xhigh effort level in Anthropic adaptive thinking (Claude Opus 4.7+)
• Adds task_budget configuration field for Claude Opus 4.7 to cap total tokens across multi-step tasks
• Adds markdown rendering support in user_prompt dialog messages

Improvements

• Improves image attachment handling by inlining as base64 data URLs for cross-provider compatibility
• Improves robots.txt caching to store parsed data per host instead of boolean results
• Improves session database version detection with clear upgrade messages for newer databases

Bug Fixes

• Fixes --attach flag being silently ignored when used without a message argument
• Fixes data race in AddMessageUsageRecord by adding mutex lock
• Fixes data race in rule-based router by protecting lastSelectedID with mutex
• Fixes panic in extractSystemBlocks when system message is empty with CacheControl
• Fixes empty messages slice handling in SendUserMessage path
• Fixes symlink-based path traversal vulnerability in ACP filesystem toolset
• Fixes OAuth callback CSRF vulnerability by rejecting when expected state is not set
• Fixes MCP tryRestart to use context-aware select instead of time.Sleep
• Fixes assistant text being discarded when tool calls are present in Responses API conversion
• Fixes MCP OAuth token refresh by remembering the discovered auth server

Technical Changes

• Updates mutex handling for MCP Toolset.Instructions() method
• Updates Go dependencies including Anthropic SDK and various UI libraries

---

What's Changed

• docs: update CHANGELOG.md for v1.45.0 by @docker-read-write[bot] in #2427
• fix: reject OAuth callback when expected state has not been set (CSRF) by @dgageot in #2434
• fix: prevent symlink-based path traversal in ACP filesystem toolset by @dgageot in #2433
• fix: guard against empty messages slice in SendUserMessage path by @dgageot in #2432
• fix: prevent panic in extractSystemBlocks on empty system message wit… by @dgageot in #2431
• fix: hold mutex for instructions read in MCP Toolset.Instructions() by @dgageot in #2430
• fix: add mutex to protect lastSelectedID in rule-based router by @dgageot in #2429
• fix: add mutex lock to AddMessageUsageRecord to prevent data race by @dgageot in #2428
• Add --repeat flag to eval command for running evaluations multiple times by @dgageot in #2440
• fix: replace time.Sleep with context-aware select in MCP tryRestart by @dgageot in #2436
• fix: preserve assistant text when tool calls present in Responses API conversion by @dgageot in #2438
• fix: detect newer session database and show clear upgrade message by @dgageot in #2441
• Support explicit OAuth credentials for remote MCP servers by @dgageot in #2394
• fix: cache parsed robots.txt per host instead of boolean result by @dgageot in #2437
• bump direct Go dependencies by @dgageot in #2444
• Render markdown in user_prompt dialog messages by @dgageot in #2446
• Add a pokemon example by @dgageot in #2445
• Add an advanced coder example by @dgageot in #2447
• fix(mcp): reuse discovered auth server for token refresh by @pandego in #2448
• Fix --attach flag by @rumpl in #2449
• Support xhigh effort for Anthropic adaptive thinking (Opus 4.7+) by @dgageot in #2450
• feat(anthropic): add task_budget for Claude Opus 4.7 by @dgageot in #2453
• chore: update cagent-action to v1.4.1 by @derekmisler in #2454

Full Changelog: v1.45.0...v1.46.0

v1.45.0

This release improves template expression handling, adds circular navigation to completions, and fixes issues with skills and MCP toolset loading.

Bug Fixes

• Fixes evaluation of JavaScript template expressions to handle failures independently - when one expression fails, other valid expressions in the same template are still expanded
• Fixes skills loading functionality
• Fixes retry behavior for MCP toolset startup when server is unavailable
• Fixes MCP toolset creation to proceed even when command binary is unavailable

Improvements

• Adds circular navigation wrapping to completion component, allowing users to cycle through completion options

---

What's Changed

• docs: update CHANGELOG.md for v1.44.0 by @docker-read-write[bot] in #2403
• add circular navigation wrapping to completion component by @maxcleme in #2407
• fix: evaluate JS template expressions independently on failure by @dgageot in #2400
• fix: retry stdio MCP toolset when binary is unavailable at startup by @simon-agent-go-expert in #2413
• Fix skills loading by @dgageot in #2414

Full Changelog: v1.44.0...v1.45.0

v1.44.0

This release introduces TUI customization capabilities, session management improvements, and OAuth security enhancements, along with numerous bug fixes and stability improvements.

What's New

• Adds support for extending and customizing TUI with additional commands through new Immediate flag and Parser struct
• Adds session delete functionality to session browser
• Adds click-to-select support for agents in the sidebar
• Adds /fork slash command to duplicate current session into a new tab
• Adds mid-turn message steering for running agent sessions with new /steer and /followup API endpoints
• Adds OAuth token storage in OS keychain with silent refresh token support
• Adds debug OAuth commands: list, remove, and login
• Adds support for shell expansions (~, env vars) in config paths
• Adds total session count display in session browser dialog title

Improvements

• Improves TUI rendering to match sandbox template
• Makes Ctrl+W context-aware to preserve word deletion in editor when focused
• Makes /exit close only the current tab when multiple tabs are open

Bug Fixes

• Fixes crash when opening empty websocket frames in OpenAI provider
• Fixes Gemini thinking tokens not included in output token count for cost calculation
• Fixes tool calls getting stuck as running when moved out of active reasoning block
• Fixes missing type in schema and orphaned function calls in Responses API
• Fixes spurious blank line appearing in every assistant message
• Fixes layout shift when hovering over assistant messages to reveal copy button
• Fixes concurrent RunSession calls causing tool_use/tool_result mismatch
• Fixes panic in code mode when tool handler is nil
• Fixes suggestion ghost text remaining when completion dialog closes on backspace
• Fixes skill frontmatter parsing when description contains a colon
• Fixes sidebar agent click zones mapping all lines to first agent
• Fixes OAuth token security vulnerabilities and infinite recursion issues
• Fixes auto-detect tool install failures being treated as fatal
• Fixes background agent context being cancelled with parent message lifecycle

Technical Changes

• Stores OAuth tokens in OS keychain with graceful fallback to in-memory storage
• Serializes concurrent RunSession calls to prevent race conditions
• Sanitizes message history to ensure all tool calls have results
• Adds regression tests for SSE comment lines from OpenRouter
• Uses in-memory store in keyring tests to avoid macOS keychain permission dialog
• Separates steer and follow-up into distinct queues with lock/confirm semantics
• Adds documentation for OpenAPI toolset
• Optimizes PR CI build process

---

What's Changed

• docs: update CHANGELOG.md for v1.43.0 by @docker-read-write[bot] in #2347
• Better sandbox by @dgageot in #2348
• support session delete to session browser by @shaj13 in #2352
• fix: include Gemini thinking tokens in output token count for cost calculation by @dgageot in #2353
• fix(openai): ignore empty websocket frames by @pandego in #2350
• Store OAuth tokens in OS keychain and add silent refresh token support by @dgageot in #2355
• bump direct Go dependencies by @dgageot in #2358
• Allow to extend and customize TUI with additional commands by @shaj13 in #2346
• Debug oauth by @dgageot in #2365
• fix: handle missing type in schema and orphaned function calls in Responses API by @dgageot in #2362
• Fix tool call stuck as running when moved out of active reasoning block by @dgageot in #2360
• Add regression tests for SSE comment lines from OpenRouter by @dgageot in #2359
• feat: click on agent in sidebar to switch to it by @dgageot in #2356
• fix(tui): remove spurious blank line from every assistant message by @steilerDev in #2369
• fix: use in-memory store in keyring tests to avoid macOS keychain permission dialog by @dgageot in #2367
• docs: add documentation for OpenAPI toolset by @dgageot in #2371
• fix(tui): reserve stable top row for copy icon to prevent layout shift by @dgageot in #2374
• fix: serialize concurrent RunSession calls to prevent tool_use/tool_result mismatch by @dgageot in #2375
• Faster PR CI by @rumpl in #2378
• Sanitize message history by @rumpl in #2377
• fix(toolinstall): soft-fail auto-detect installs by @pandego in #2386
• fix: prevent panic in code mode when tool handler is nil by @dgageot in #2388
• optional title and app name by @shaj13 in #2366
• fix: /exit closes only the current tab when multiple tabs are open by @dgageot in #2387
• Add support for shell expansions (~, env vars) in config paths by @dgageot in #2389
• Bump direct Go dependencies by @dgageot in #2398
• fix: OAuth token security and bug fixes by @dgageot in #2395
• fix: decouple background agent context from parent message lifecycle by @dgageot in #2392
• Show total session count in session browser dialog title by @dgageot in #2391
• fix: make Ctrl+W context-aware to preserve word deletion in editor by @dgageot in #2390
• Add /fork slash command to duplicate current session into a new tab by @shaj13 in #2385
• Fix: allow tab auto-complete without executing by @joshbarrington in #2325
• Fix skill frontmatter parsing when description contains a colon by @dgageot in #2401
• fix: clear suggestion ghost text when completion dialog closes on backspace by @dgageot in #2399
• Add mid-turn message steering for running agent sessions by @trungutt in #2363
• Fix sidebar agent click zones mapping all lines to first agent by @dgageot in #2402

New Contributors

• @pandego made their first contribution in #2350
• @steilerDev made their first contribution in #2369
• @joshbarrington made their first contribution in #2325

Full Changelog: v1.43.0...v1.44.0

v1.43.0

This release adds non-interactive mode capabilities, improves TUI interactions with mouse support, and includes several bug fixes for RAG tools and streaming responses.

What's New

• Adds auto-stop for max iterations in non-interactive mode to prevent hanging when tools are approved
• Adds non-interactive mode flag to distinguish from tools approval scenarios
• Adds mouse drag-to-move support for TUI dialogs, allowing repositioning by clicking and dragging the title area
• Adds custom session ID support through WithID option instead of relying on UUID generation
• Adds support for custom providers in RAG embedding and reranking models
• Adds underline styling for URLs on mouse hover

Improvements

• Evolves providers config to support any provider type with shared model defaults
• Improves mise build output to show go build command and resulting binary
• Exempts background-agent polling from loop-termination detection to prevent false positives

Bug Fixes

• Fixes agent accent color application for working spinners in sidebar
• Fixes duplicate RAG tool names and nil pointer panic in file watcher
• Fixes toolset startup triggering from emitToolsChanged callback to avoid spurious timeout warnings
• Fixes missing Models map in RAG ManagersBuildConfig for model alias resolution
• Fixes nil pointer dereference in BM25Strategy.watchLoop during session teardown
• Fixes extraction of reasoning_content from DMR streaming responses
• Fixes scrollbar rendering in web terminals by replacing problematic characters

Technical Changes

• Adds nocgo build support for rag/treesitter
• Updates error message display when only one model is available

---

What's Changed

• docs: update CHANGELOG.md for v1.42.0 by @docker-read-write[bot] in #2317
• fix: use agent accent color for working spinners in sidebar by @jiahuipaung in #2315
• Exempt background-agent polling from loop-termination detection by @krissetto in #2319
• fix: pass Models map to RAG ManagersBuildConfig for model alias resolution by @dgageot in #2324
• fix: avoid triggering toolset startup from emitToolsChanged callback by @dgageot in #2323
• fix: resolve duplicate RAG tool names and nil pointer panic in file watcher by @dgageot in #2322
• rag/treesitter: add nocgo build support by @shaj13 in #2329
• Bump go dependencies by @dgageot in #2330
• session: add WithID option for custom session IDs by @shaj13 in #2331
• feat(runtime): add auto-stop for max iterations in non-interactive mode by @tdabasinskas in #2208
• Fix nil pointer dereference in BM25Strategy.watchLoop during session teardown by @dgageot in #2334
• Fix scrollbar rendering in web terminals by @dgageot in #2340
• Improve mise build output to show go build command and resulting binary by @dgageot in #2338
• fix: extract reasoning_content from DMR streaming responses by @dgageot in #2335
• feat: add mouse drag-to-move support for TUI dialogs by @dgageot in #2339
• Evolve providers to support any provider type with shared model defaults by @dgageot in #2343
• feat: support custom providers in RAG embedding and reranking models by @dgageot in #2344
• Underline URLs on mouse hover by @dgageot in #2316
• Nicer message by @rumpl in #2345

New Contributors

• @jiahuipaung made their first contribution in #2315
• @shaj13 made their first contribution in #2329

Full Changelog: v1.42.0...v1.43.0

v1.42.0

This release improves evaluation output with structured JSON results and fixes several Windows compatibility issues.

What's New

• Adds URL click detection for terminals with mouse tracking support
• Includes structured results, run configuration, and summary in evaluation JSON output
• Includes judge reasons for passed relevance criteria in evaluation results

Bug Fixes

• Fixes Windows OS detection typo in session environment (corrects "window" to "windows")
• Replaces removed claude-3-7-sonnet-latest alias with explicit model ID in examples
• Uses platform-aware shell detection for Windows compatibility in skill expansion, script_shell, post-edit hooks, and bang commands

Technical Changes

• Pre-populates criterion names in CheckRelevance results
• Fixes lint issues including gci formatting and testifylint float comparisons

---

What's Changed

• docs: update CHANGELOG.md for v1.41.0 by @docker-read-write[bot] in #2307
• eval: include structured results, run config, and summary in JSON output by @hamza-jeddad in #2309
• fix: correct Windows OS detection typo in session environment by @trungutt in #2312
• fix: replace removed claude-3-7-sonnet-latest alias in examples by @trungutt in #2313
• fix: use platform-aware shell for skill expansion, script_shell, post-edit hooks, and bang command by @trungutt in #2314
• tui/messages: Add URL click detection for terminals with mouse tracking by @vvoland in #2308

Full Changelog: v1.41.0...v1.42.0