@dreb/coding-agent 2.25.2 → 2.25.4

package/CHANGELOG.md

@@ -4,6 +4,8 @@
 
 ### Added
 
+- Thinking summaries are visible again on Opus 4.7+ (and any adaptive-thinking Claude model). Anthropic flipped the API default for `thinking.display` to `"omitted"`, so these models returned empty thinking blocks — dreb now sends `"summarized"` by default. Added a model-keyed `modelSettings` setting with a `thinkingDisplay` override (`"summarized" | "omitted"`), exposed in `/settings` → **Show thinking summaries** (shown only for adaptive models). Because the setting is keyed by model ID and resolved at the shared session-creation chokepoint, it is honored uniformly across the TUI, headless, JSON, RPC, and Telegram clients — and inherited automatically by subagents using the same model. ([#250](https://github.com/aebrer/dreb/issues/250))
+
 - Secret scrubbing and sensitive file access guards — two layers of defense against accidental credential leaks through the tool pipeline. Output scrubbing detects and redacts known secret patterns (AWS, GitHub, OpenAI, Anthropic, Slack, Stripe, PEM/SSH keys, URL credentials) in tool output before it enters the LLM conversation. Sensitive file guard blocks read access to credential files (`~/.ssh/id_*`, `~/.aws/credentials`, `~/.dreb/secrets/`, etc.) via both the `read` tool and bash commands. Both layers configurable via `sensitiveFilePaths` and `secretOutputPatterns` settings. ([#171](https://github.com/aebrer/dreb/issues/171))
 
 - Expanded forbidden-commands guard with destructive operation patterns: `rm -rf /` and variants, `dd` to block devices, `mkfs`, fork bomb `:(){ :|:& };:`, and block device redirects (`> /dev/sda`). Guard now also checks quoted content (catches `echo "rm -rf /" | bash`) and inspects script files before execution (`bash script.sh`). ([#170](https://github.com/aebrer/dreb/issues/170))
@@ -52,6 +54,8 @@
 - Fixed RPC `get_session_stats` to expose `contextUsage`, so headless clients can read actual current context-window usage instead of deriving it from token totals ([#2550](https://github.com/badlogic/pi-mono/issues/2550))
 - Fixed `pi update` for git packages to fetch only the tracked target branch with `--no-tags`, reducing unrelated branch and tag noise while preserving force-push-safe updates ([#2548](https://github.com/badlogic/pi-mono/issues/2548))
 - Fixed print and JSON modes to emit `session_shutdown` before exit, so extensions can release long-lived resources and non-interactive runs terminate cleanly ([#2576](https://github.com/badlogic/pi-mono/issues/2576))
+- Fixed Kimi For Coding OAuth provider to accept OpenAI-style multimodal content arrays with base64 `image_url` data URLs for `kimi-for-coding`, and ensured `modifyModels()` preserves image capability even when static metadata is stale. ([#245](https://github.com/aebrer/dreb/issues/245))
+- Fixed silent image dropping in the `openai-completions` provider — text-only models now receive explicit placeholder text (`[image omitted: model does not support images]`) instead of silently stripping image content from user messages and tool results. ([#245](https://github.com/aebrer/dreb/issues/245))
 
 ## [0.62.0] - 2026-03-23
 

package/README.md

@@ -117,7 +117,7 @@ For each built-in provider, dreb maintains a list of tool-capable models, update
 - MiniMax
 - MiniMax (China)
 
-See [docs/providers.md](docs/providers.md) for detailed setup instructions.
+See [docs/providers.md](docs/providers.md) for detailed setup instructions, including Kimi For Coding notes that distinguish OAuth, API-key, first-party CLI, and Moonshot Open Platform vision support.
 
 **Custom providers & models:** Add providers via `~/.dreb/agent/models.json` if they speak a supported API (OpenAI, Anthropic, Google). For custom APIs or OAuth, use extensions. See [docs/models.md](docs/models.md) and [docs/custom-provider.md](docs/custom-provider.md).
 
@@ -157,7 +157,7 @@ Type `/` in the editor to trigger commands. [Extensions](#extensions) can regist
 | `/login`, `/logout` | OAuth authentication |
 | `/model` | Switch models |
 | `/scoped-models` | Enable/disable models for cycling |
-| `/settings` | Thinking level, theme, message delivery, transport |
+| `/settings` | Thinking level, thinking summaries (adaptive Claude models), theme, message delivery, transport |
 | `/resume` | Pick from previous sessions |
 | `/new` | Start a new session |
 | `/name <name>` | Set session display name |

package/dist/core/agent-session.d.ts

@@ -467,6 +467,13 @@ export declare class AgentSession {
      * @throws Error if no API key available for the model
      */
     setModel(model: Model<any>): Promise<void>;
+    /**
+     * Refresh the live agent's thinkingDisplay for a (possibly) new model. The default
+     * depends on the model (adaptive-thinking models default to "summarized"), so this
+     * must run on every model switch. Keyed by model id from shared settings, so it
+     * resolves identically to how createAgentSession seeds it at startup.
+     */
+    private _refreshThinkingDisplay;
     /**
      * Cycle to next/previous model.
      * Uses scoped models (from --models flag) if available, otherwise all available models.