@mmmbuto/qwen-code-termux 0.14.0-termux → 0.14.3-termux

package/bundled/qc-helper/docs/features/code-review.md

@@ -0,0 +1,279 @@
+# Code Review
+
+> Review code changes for correctness, security, performance, and code quality using `/review`.
+
+## Quick Start
+
+```bash
+# Review local uncommitted changes
+/review
+
+# Review a pull request (by number or URL)
+/review 123
+/review https://github.com/org/repo/pull/123
+
+# Review and post inline comments on the PR
+/review 123 --comment
+
+# Review a specific file
+/review src/utils/auth.ts
+```
+
+If there are no uncommitted changes, `/review` will let you know and stop — no agents are launched.
+
+## How It Works
+
+The `/review` command runs a multi-stage pipeline:
+
+```
+Step 1:  Determine scope (local diff / PR worktree / file)
+Step 2:  Load project review rules
+Step 3:  Run deterministic analysis (linter, typecheck)    [zero LLM cost]
+Step 4:  5 parallel review agents                          [5 LLM calls]
+           |-- Agent 1: Correctness & Security
+           |-- Agent 2: Code Quality
+           |-- Agent 3: Performance & Efficiency
+           |-- Agent 4: Undirected Audit
+           '-- Agent 5: Build & Test (runs shell commands)
+Step 5:  Deduplicate --> Batch verify --> Aggregate         [1 LLM call]
+Step 6:  Reverse audit (find coverage gaps)                 [1 LLM call]
+Step 7:  Present findings + verdict
+Step 8:  Autofix (user-confirmed, optional)
+Step 9:  Post PR inline comments (if requested)
+Step 10: Save report + incremental cache
+Step 11: Clean up (remove worktree + temp files)
+```
+
+### Review Agents
+
+| Agent                             | Focus                                                              |
+| --------------------------------- | ------------------------------------------------------------------ |
+| Agent 1: Correctness & Security   | Logic errors, null handling, race conditions, injection, XSS, SSRF |
+| Agent 2: Code Quality             | Style consistency, naming, duplication, dead code                  |
+| Agent 3: Performance & Efficiency | N+1 queries, memory leaks, unnecessary re-renders, bundle size     |
+| Agent 4: Undirected Audit         | Business logic, boundary interactions, hidden coupling             |
+| Agent 5: Build & Test             | Runs build and test commands, reports failures                     |
+
+All agents run in parallel. Findings from Agents 1-4 are verified in a **single batch verification pass** (one agent reviews all findings at once, keeping LLM calls fixed). After verification, a **reverse audit agent** re-reads the entire diff with knowledge of all confirmed findings to catch issues that every other agent missed. Reverse audit findings skip the verification step (the agent already has full context) and are included directly as high-confidence results.
+
+## Deterministic Analysis
+
+Before the LLM agents run, `/review` automatically runs your project's existing linters and type checkers:
+
+| Language              | Tools detected                                                   |
+| --------------------- | ---------------------------------------------------------------- |
+| TypeScript/JavaScript | `tsc --noEmit`, `npm run lint`, `eslint`                         |
+| Python                | `ruff`, `mypy`, `flake8`                                         |
+| Rust                  | `cargo clippy`                                                   |
+| Go                    | `go vet`, `golangci-lint`                                        |
+| Java                  | `mvn compile`, `checkstyle`, `spotbugs`, `pmd`                   |
+| C/C++                 | `clang-tidy` (if `compile_commands.json` available)              |
+| Other                 | Auto-discovered from CI config (`.github/workflows/*.yml`, etc.) |
+
+For projects that don't match standard patterns (e.g., OpenJDK), `/review` reads CI configuration files to discover what lint/check commands the project uses. No user configuration needed.
+
+Deterministic findings are tagged with `[linter]` or `[typecheck]` and skip LLM verification — they are ground truth.
+
+- **Errors** → Critical severity
+- **Warnings** → Nice to have (terminal only, not posted as PR comments)
+
+If a tool is not installed or times out, it is skipped with an informational note.
+
+## Severity Levels
+
+| Severity         | Meaning                                                             | Posted as PR comment?      |
+| ---------------- | ------------------------------------------------------------------- | -------------------------- |
+| **Critical**     | Must fix before merging (bugs, security, data loss, build failures) | Yes (high-confidence only) |
+| **Suggestion**   | Recommended improvement                                             | Yes (high-confidence only) |
+| **Nice to have** | Optional optimization                                               | No (terminal only)         |
+
+Low-confidence findings appear in a separate "Needs Human Review" section in the terminal and are never posted as PR comments.
+
+## Autofix
+
+After presenting findings, `/review` offers to auto-apply fixes for Critical and Suggestion findings that have clear solutions:
+
+```
+Found 3 issues with auto-fixable suggestions. Apply auto-fixes? (y/n)
+```
+
+- Fixes are applied using the `edit` tool (targeted replacements, not full-file rewrites)
+- Per-file linter checks run after fixes to verify they don't introduce new issues
+- For PR reviews, fixes are committed and pushed from the worktree automatically — your working tree stays clean
+- Nice to have and low-confidence findings are never auto-fixed
+- PR review submission always uses the **pre-fix verdict** (e.g., "Request changes") since the remote PR hasn't been updated until the autofix push completes
+
+## Worktree Isolation
+
+When reviewing a PR, `/review` creates a temporary git worktree (`.qwen/tmp/review-pr-<number>`) instead of switching your current branch. This means:
+
+- Your working tree, staged changes, and current branch are **never touched**
+- Dependencies are installed in the worktree (`npm ci`, etc.) so linting and build/test work
+- Build and test commands run in isolation without polluting your local build cache
+- If anything goes wrong, your environment is unaffected — just delete the worktree
+- The worktree is automatically cleaned up after the review completes
+- If a review is interrupted (Ctrl+C, crash), the next `/review` of the same PR automatically cleans up the stale worktree before starting fresh
+- Review reports and cache are saved to the main project directory (not the worktree)
+
+## Cross-repo PR Review
+
+You can review PRs from other repositories by passing the full URL:
+
+```bash
+/review https://github.com/other-org/other-repo/pull/456
+```
+
+This runs in **lightweight mode** — no worktree, no linter, no build/test, no autofix. The review is based on the diff text only (fetched via GitHub API). PR comments can still be posted if you have write access.
+
+| Capability                                       | Same-repo | Cross-repo                    |
+| ------------------------------------------------ | --------- | ----------------------------- |
+| LLM review (Agents 1-4 + verify + reverse audit) | ✅        | ✅                            |
+| Agent 5: Build & test                            | ✅        | ❌ (no local codebase)        |
+| Deterministic analysis (linter/typecheck)        | ✅        | ❌                            |
+| Cross-file impact analysis                       | ✅        | ❌                            |
+| Autofix                                          | ✅        | ❌                            |
+| PR inline comments                               | ✅        | ✅ (if you have write access) |
+| Incremental review cache                         | ✅        | ❌                            |
+
+## PR Inline Comments
+
+Use `--comment` to post findings directly on the PR:
+
+```bash
+/review 123 --comment
+```
+
+Or, after running `/review 123`, type `post comments` to publish findings without re-running the review.
+
+**What gets posted:**
+
+- High-confidence Critical and Suggestion findings as inline comments on specific lines
+- For Approve/Request changes verdicts: a review summary with the verdict
+- For Comment verdict with all inline comments posted: no separate summary (inline comments are sufficient)
+- Model attribution footer on each comment (e.g., _— qwen3-coder via Qwen Code /review_)
+
+**What stays terminal-only:**
+
+- Nice to have findings (including linter warnings)
+- Low-confidence findings
+
+## Follow-up Actions
+
+After the review, context-aware tips appear as ghost text. Press Tab to accept:
+
+| State after review                 | Tip                | What happens                            |
+| ---------------------------------- | ------------------ | --------------------------------------- |
+| Local review with unfixed findings | `fix these issues` | LLM interactively fixes each finding    |
+| PR review with findings            | `post comments`    | Posts PR inline comments (no re-review) |
+| PR review, zero findings           | `post comments`    | Approves the PR on GitHub (LGTM)        |
+| Local review, all clear            | `commit`           | Commits your changes                    |
+
+Note: `fix these issues` is only available for local reviews. For PR reviews, use Autofix (Step 8) — the worktree is cleaned up after the review, so post-review interactive fixing is not possible.
+
+## Project Review Rules
+
+You can customize review criteria per project. `/review` reads rules from these files (in order):
+
+1. `.qwen/review-rules.md` (Qwen Code native)
+2. `.github/copilot-instructions.md` (preferred) or `copilot-instructions.md` (fallback — only one is loaded, not both)
+3. `AGENTS.md` — `## Code Review` section
+4. `QWEN.md` — `## Code Review` section
+
+Rules are injected into the LLM review agents (1-4) as additional criteria. For PR reviews, rules are read from the **base branch** to prevent a malicious PR from injecting bypass rules.
+
+Example `.qwen/review-rules.md`:
+
+```markdown
+# Review Rules
+
+- All API endpoints must validate authentication
+- Database queries must use parameterized statements
+- React components must not use inline styles
+- Error messages must not expose internal paths
+```
+
+## Incremental Review
+
+When reviewing a PR that was previously reviewed, `/review` only examines changes since the last review:
+
+```bash
+# First review — full review, cache created
+/review 123
+
+# PR updated with new commits — only new changes reviewed
+/review 123
+```
+
+### Cross-model review
+
+If you switch models (via `/model`) and re-review the same PR, `/review` detects the model change and runs a full review instead of skipping:
+
+```bash
+# Review with model A
+/review 123
+
+# Switch model
+/model
+
+# Review again — full review with model B (not skipped)
+/review 123
+# → "Previous review used qwen3-coder. Running full review with gpt-4o for a second opinion."
+```
+
+Cache is stored in `.qwen/review-cache/` and tracks both the commit SHA and model ID. Make sure this directory is in your `.gitignore` (a broader rule like `.qwen/*` also works). If the cached commit was rebased away, it falls back to a full review.
+
+## Review Reports
+
+For same-repo reviews, results are saved as a Markdown file in your project's `.qwen/reviews/` directory (cross-repo lightweight reviews skip report persistence):
+
+```
+.qwen/reviews/2026-04-06-143022-pr-123.md
+.qwen/reviews/2026-04-06-150510-local.md
+```
+
+Reports include: timestamp, diff stats, deterministic analysis results, all findings with verification status, and the verdict.
+
+## Cross-file Impact Analysis
+
+When code changes modify exported functions, classes, or interfaces, the review agents automatically search for all callers and check compatibility:
+
+- Parameter count/type changes
+- Return type changes
+- Removed or renamed public methods
+- Breaking API changes
+
+For large diffs (>10 modified symbols), analysis prioritizes functions with signature changes.
+
+## Token Efficiency
+
+The review pipeline uses a fixed number of LLM calls regardless of how many findings are produced:
+
+| Stage                           | LLM calls  | Notes                                               |
+| ------------------------------- | ---------- | --------------------------------------------------- |
+| Deterministic analysis (Step 3) | 0          | Shell commands only                                 |
+| Review agents (Step 4)          | 5 (or 4)   | Run in parallel; Agent 5 skipped in cross-repo mode |
+| Batch verification (Step 5)     | 1          | Single agent verifies all findings at once          |
+| Reverse audit (Step 6)          | 1          | Finds coverage gaps; findings skip verification     |
+| **Total**                       | **7 or 6** | Same-repo: 7; cross-repo: 6 (no Agent 5)            |
+
+## What's NOT Flagged
+
+The review intentionally excludes:
+
+- Pre-existing issues in unchanged code (focus on the diff only)
+- Style/formatting/naming that matches your codebase conventions
+- Issues a linter or type checker would catch (handled by deterministic analysis)
+- Subjective "consider doing X" suggestions without a real problem
+- Minor refactoring that doesn't fix a bug or risk
+- Missing documentation unless the logic is genuinely confusing
+- Issues already discussed in existing PR comments (avoids duplicating human feedback)
+
+## Design Philosophy
+
+> **Silence is better than noise.** Every comment should be worth the reader's time.
+
+- If unsure whether something is a problem → don't report it
+- Linter/typecheck issues are handled by tools, not LLM guesses
+- Same pattern across N files → aggregated into one finding
+- PR comments are high-confidence only
+- Style/formatting issues matching codebase conventions are excluded

package/bundled/qc-helper/docs/features/commands.md

@@ -34,6 +34,7 @@ Commands for adjusting interface appearance and work environment.
 | ------------ | ---------------------------------------- | ----------------------------- |
 | `/clear`     | Clear terminal screen content            | `/clear` (shortcut: `Ctrl+L`) |
 | `/context`   | Show context window usage breakdown      | `/context`                    |
+| → `detail`   | Show per-item context usage breakdown    | `/context detail`             |
 | `/theme`     | Change Qwen Code visual theme            | `/theme`                      |
 | `/vim`       | Turn input area Vim editing mode on/off  | `/vim`                        |
 | `/directory` | Manage multi-directory support workspace | `/dir add ./src,./tests`      |
@@ -61,16 +62,98 @@ Commands for managing AI tools and models.
 | `/mcp`           | List configured MCP servers and tools         | `/mcp`, `/mcp desc`                           |
 | `/tools`         | Display currently available tool list         | `/tools`, `/tools desc`                       |
 | `/skills`        | List and run available skills                 | `/skills`, `/skills <name>`                   |
+| `/plan`          | Switch to plan mode or exit plan mode         | `/plan`, `/plan <task>`, `/plan exit`         |
 | `/approval-mode` | Change approval mode for tool usage           | `/approval-mode <mode (auto-edit)> --project` |
 | →`plan`          | Analysis only, no execution                   | Secure review                                 |
 | →`default`       | Require approval for edits                    | Daily use                                     |
 | →`auto-edit`     | Automatically approve edits                   | Trusted environment                           |
 | →`yolo`          | Automatically approve all                     | Quick prototyping                             |
 | `/model`         | Switch model used in current session          | `/model`                                      |
+| `/model --fast`  | Set a lighter model for prompt suggestions    | `/model --fast qwen3-coder-flash`             |
 | `/extensions`    | List all active extensions in current session | `/extensions`                                 |
 | `/memory`        | Manage AI's instruction context               | `/memory add Important Info`                  |
 
-### 1.5 Information, Settings, and Help
+### 1.5 Built-in Skills
+
+These commands invoke bundled skills that provide specialized workflows.
+
+| Command      | Description                                                         | Usage Examples                                    |
+| ------------ | ------------------------------------------------------------------- | ------------------------------------------------- |
+| `/review`    | Review code changes with 5 parallel agents + deterministic analysis | `/review`, `/review 123`, `/review 123 --comment` |
+| `/loop`      | Run a prompt on a recurring schedule                                | `/loop 5m check the build`                        |
+| `/qc-helper` | Answer questions about Qwen Code usage and configuration            | `/qc-helper how do I configure MCP?`              |
+
+See [Code Review](./code-review.md) for full `/review` documentation.
+
+### 1.6 Side Question (`/btw`)
+
+The `/btw` command allows you to ask quick side questions without interrupting or affecting the main conversation flow.
+
+| Command                | Description                           |
+| ---------------------- | ------------------------------------- |
+| `/btw <your question>` | Ask a quick side question             |
+| `?btw <your question>` | Alternative syntax for side questions |
+
+**How It Works:**
+
+- The side question is sent as a separate API call with recent conversation context (up to the last 20 messages)
+- The response is displayed above the Composer — you can continue typing while waiting
+- The main conversation is **not blocked** — it continues independently
+- The side question response does **not** become part of the main conversation history
+- Answers are rendered with full Markdown support (code blocks, lists, tables, etc.)
+
+**Keyboard Shortcuts (Interactive Mode):**
+
+| Shortcut             | Action                                              |
+| -------------------- | --------------------------------------------------- |
+| `Escape`             | Cancel (while loading) or dismiss (after completed) |
+| `Space` or `Enter`   | Dismiss the answer (when input is empty)            |
+| `Ctrl+C` or `Ctrl+D` | Cancel an in-flight side question                   |
+
+**Example:**
+
+```
+(While the main conversation is about refactoring code)
+
+> /btw What's the difference between let and var in JavaScript?
+
+  ╭──────────────────────────────────────────╮
+  │ /btw What's the difference between let   │
+  │     and var in JavaScript?               │
+  │                                          │
+  │ + Answering...                           │
+  │ Press Escape, Ctrl+C, or Ctrl+D to cancel│
+  ╰──────────────────────────────────────────╯
+  > (Composer remains active — keep typing)
+
+(After the answer arrives)
+
+  ╭──────────────────────────────────────────╮
+  │ /btw What's the difference between let   │
+  │     and var in JavaScript?               │
+  │                                          │
+  │ `let` is block-scoped, while `var` is    │
+  │ function-scoped. `let` was introduced    │
+  │ in ES6 and doesn't hoist the same way.   │
+  │                                          │
+  │ Press Space, Enter, or Escape to dismiss │
+  ╰──────────────────────────────────────────╯
+  > (Composer still active)
+```
+
+**Supported Execution Modes:**
+
+| Mode                 | Behavior                                     |
+| -------------------- | -------------------------------------------- |
+| Interactive          | Shows above Composer with Markdown rendering |
+| Non-interactive      | Returns text result: `btw> question\nanswer` |
+| ACP (Agent Protocol) | Returns stream_messages async generator      |
+
+> [!tip]
+>
+> Use `/btw` when you need a quick answer without derailing your main task. It's especially useful for clarifying concepts, checking facts, or getting quick explanations while staying focused on your primary workflow.
+
+### 1.7 Information, Settings, and Help
 
 Commands for obtaining information and performing system settings.
 
@@ -85,7 +168,7 @@ Commands for obtaining information and performing system settings.
 | `/copy`     | Copy last output content to clipboard           | `/copy`                          |
 | `/quit`     | Exit Qwen Code immediately                      | `/quit` or `/exit`               |
 
-### 1.6 Common Shortcuts
+### 1.8 Common Shortcuts
 
 | Shortcut           | Function                | Note                   |
 | ------------------ | ----------------------- | ---------------------- |
@@ -95,7 +178,7 @@ Commands for obtaining information and performing system settings.
 | `Ctrl/cmd+Z`       | Undo input              | Text editing           |
 | `Ctrl/cmd+Shift+Z` | Redo input              | Text editing           |
 
-### 1.7 CLI Auth Subcommands
+### 1.9 CLI Auth Subcommands
 
 In addition to the in-session `/auth` slash command, Qwen Code provides standalone CLI subcommands for managing authentication directly from the terminal:
 

package/bundled/qc-helper/docs/features/followup-suggestions.md

@@ -0,0 +1,109 @@
+# Followup Suggestions
+
+Qwen Code can predict what you want to type next and show it as ghost text in the input area. This feature uses an LLM call to analyze the conversation context and generate a natural next step suggestion.
+
+This feature works end-to-end in the CLI. In the WebUI, the hook and UI plumbing are available, but host applications must trigger suggestion generation and wire the followup state for suggestions to appear.
+
+## How It Works
+
+After Qwen Code finishes responding, a suggestion appears as dimmed text in the input area after a short delay (~300ms). For example, after fixing a bug, you might see:
+
+```
+> run the tests
+```
+
+The suggestion is generated by sending the conversation history to the model, which predicts what you would naturally type next. If the response contains an explicit tip (e.g., `Tip: type post comments to publish findings`), the suggested action is extracted automatically.
+
+## Accepting Suggestions
+
+| Key           | Action                                           |
+| ------------- | ------------------------------------------------ |
+| `Tab`         | Accept the suggestion and fill it into the input |
+| `Enter`       | Accept the suggestion and submit it immediately  |
+| `Right Arrow` | Accept the suggestion and fill it into the input |
+| Any typing    | Dismiss the suggestion and type normally         |
+
+## When Suggestions Appear
+
+Suggestions are generated when all of the following conditions are met:
+
+- The model has completed its response (not during streaming)
+- At least 2 model turns have occurred in the conversation
+- There are no errors in the most recent response
+- No confirmation dialogs are pending (e.g., shell confirmation, permissions)
+- The approval mode is not set to `plan`
+- The feature is enabled in settings (enabled by default)
+
+Suggestions will not appear in non-interactive mode (e.g., headless/SDK mode).
+
+Suggestions are automatically dismissed when:
+
+- You start typing
+- A new model turn begins
+- The suggestion is accepted
+
+## Fast Model
+
+By default, suggestions use the same model as your main conversation. For faster and cheaper suggestions, configure a dedicated fast model:
+
+### Via command
+
+```
+/model --fast qwen3-coder-flash
+```
+
+Or use `/model --fast` (without a model name) to open a selection dialog.
+
+### Via settings.json
+
+```json
+{
+  "fastModel": "qwen3-coder-flash"
+}
+```
+
+The fast model is used for prompt suggestions and speculative execution. When not configured, the main conversation model is used as fallback.
+
+Thinking/reasoning mode is automatically disabled for all background tasks (suggestion generation and speculation), regardless of your main model's thinking configuration. This avoids wasting tokens on internal reasoning that isn't needed for these tasks.
+
+## Configuration
+
+These settings can be configured in `settings.json`:
+
+| Setting                        | Type    | Default | Description                                                        |
+| ------------------------------ | ------- | ------- | ------------------------------------------------------------------ |
+| `ui.enableFollowupSuggestions` | boolean | `true`  | Enable or disable followup suggestions                             |
+| `ui.enableCacheSharing`        | boolean | `true`  | Use cache-aware forked queries to reduce cost (experimental)       |
+| `ui.enableSpeculation`         | boolean | `false` | Speculatively execute suggestions before submission (experimental) |
+| `fastModel`                    | string  | `""`    | Model for prompt suggestions and speculative execution             |
+
+### Example
+
+```json
+{
+  "fastModel": "qwen3-coder-flash",
+  "ui": {
+    "enableFollowupSuggestions": true,
+    "enableCacheSharing": true
+  }
+}
+```
+
+## Monitoring
+
+Suggestion model usage appears in `/stats` output, showing tokens consumed by the fast model for suggestion generation.
+
+The fast model is also shown in `/about` output under "Fast Model".
+
+## Suggestion Quality
+
+Suggestions go through quality filters to ensure they are useful:
+
+- Must be 2-12 words (CJK: 2-30 characters), under 100 characters total
+- Cannot be evaluative ("looks good", "thanks")
+- Cannot use AI voice ("Let me...", "I'll...")
+- Cannot be multiple sentences or contain formatting (markdown, newlines)
+- Cannot be meta-commentary ("nothing to suggest", "silence")
+- Cannot be error messages or prefixed labels ("Suggestion: ...")
+- Single-word suggestions are only allowed for common commands (yes, commit, push, etc.)
+- Slash commands (e.g., `/commit`) are always allowed as single-word suggestions