@qwen-code/qwen-code 0.14.3-preview.0 β†’ 0.14.4-nightly.20260414.1486e8538

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/README.md +3 -1
  2. package/bundled/qc-helper/docs/configuration/auth.md +2 -2
  3. package/bundled/qc-helper/docs/configuration/settings.md +20 -12
  4. package/bundled/qc-helper/docs/features/_meta.ts +1 -0
  5. package/bundled/qc-helper/docs/features/hooks.md +113 -0
  6. package/bundled/qc-helper/docs/features/sandbox.md +9 -1
  7. package/bundled/qc-helper/docs/features/sub-agents.md +89 -5
  8. package/bundled/qc-helper/docs/features/tips.md +54 -0
  9. package/bundled/qc-helper/docs/support/tos-privacy.md +1 -1
  10. package/cli.js +259744 -255254
  11. package/locales/de.js +17 -4
  12. package/locales/en.js +16 -4
  13. package/locales/fr.js +2087 -0
  14. package/locales/ja.js +16 -4
  15. package/locales/pt.js +17 -4
  16. package/locales/ru.js +17 -4
  17. package/locales/zh.js +16 -4
  18. package/package.json +2 -2
package/README.md CHANGED
@@ -20,6 +20,8 @@
20
20
 
21
21
  ## πŸŽ‰ News
22
22
 
23
+ - **2026-04-13**: Qwen OAuth free tier policy update: daily quota adjusted to 100 requests/day (from 1,000). The free tier will be discontinued on 2026-04-15. Consider using [OpenRouter](https://openrouter.ai), [Fireworks AI](https://app.fireworks.ai), or [Alibaba Cloud ModelStudio](https://modelstudio.console.alibabacloud.com/ap-southeast-1?tab=doc#/doc/?type=model&url=2840914_2&modelId=qwen3.6-plus) as alternatives.
24
+
23
25
  - **2026-04-02**: Qwen3.6-Plus is now live! Sign in via Qwen OAuth to use it directly, or get an API key from [Alibaba Cloud ModelStudio](https://modelstudio.console.alibabacloud.com/ap-southeast-1?tab=doc#/doc/?type=model&url=2840914_2&modelId=qwen3.6-plus) to access it through the OpenAI-compatible API.
24
26
 
25
27
  - **2026-02-16**: Qwen3.5-Plus is now live!
@@ -28,7 +30,7 @@
28
30
 
29
31
  Qwen Code is an open-source AI agent for the terminal, optimized for Qwen series models. It helps you understand large codebases, automate tedious work, and ship faster.
30
32
 
31
- - **Multi-protocol, OAuth free tier**: use OpenAI / Anthropic / Gemini-compatible APIs, or sign in with Qwen OAuth for 1,000 free requests/day.
33
+ - **Multi-protocol, OAuth free tier**: use OpenAI / Anthropic / Gemini-compatible APIs, or sign in with Qwen OAuth for 100 free requests/day (free tier ending 2026-04-15). After that, switch to [OpenRouter](https://openrouter.ai), [Fireworks AI](https://app.fireworks.ai), or [Alibaba Cloud ModelStudio](https://modelstudio.console.alibabacloud.com/ap-southeast-1?tab=doc#/doc/?type=model&url=2840914_2&modelId=qwen3.6-plus).
32
34
  - **Open-source, co-evolving**: both the framework and the Qwen3-Coder model are open-sourceβ€”and they ship and evolve together.
33
35
  - **Agentic workflow, feature-rich**: rich built-in tools (Skills, SubAgents) for a full agentic workflow and a Claude Code-like experience.
34
36
  - **Terminal-first, IDE-friendly**: built for developers who live in the command line, with optional integration for VS Code, Zed, and JetBrains IDEs.
package/bundled/qc-helper/docs/configuration/auth.md CHANGED
@@ -13,7 +13,7 @@ Use this if you want the simplest setup and you're using Qwen models.
13
13
  - **How it works**: on first start, Qwen Code opens a browser login page. After you finish, credentials are cached locally so you usually won't need to log in again.
14
14
  - **Requirements**: a `qwen.ai` account + internet access (at least for the first login).
15
15
  - **Benefits**: no API key management, automatic credential refresh.
16
- - **Cost & quota**: free, with a quota of **60 requests/minute** and **1,000 requests/day**.
16
+ - **Cost & quota**: free, with a quota of **60 requests/minute** and **100 requests/day**. Note: the free tier will be discontinued on 2026-04-15. After that, consider switching to [OpenRouter](https://openrouter.ai), [Fireworks AI](https://app.fireworks.ai), or [Alibaba Cloud ModelStudio](https://modelstudio.console.alibabacloud.com/ap-southeast-1?tab=doc#/doc/?type=model&url=2840914_2&modelId=qwen3.6-plus) β€” run `qwen auth` to configure your new provider.
17
17
 
18
18
  Start the CLI and follow the browser flow:
19
19
 
@@ -327,7 +327,7 @@ You'll see a selector with arrow-key navigation:
327
327
  ```
328
328
  Select authentication method:
329
329
 
330
- > Qwen OAuth - Free Β· Up to 1,000 requests/day Β· Qwen latest models
330
+ > Qwen OAuth - Free Β· 100 requests/day Β· Ending 2026-04-15
331
331
  Alibaba Cloud Coding Plan - Paid Β· Up to 6,000 requests/5 hrs Β· All Alibaba Cloud Coding Plan Models
332
332
 
333
333
  (Use ↑ ↓ arrows to navigate, Enter to select, Ctrl+C to exit)
package/bundled/qc-helper/docs/configuration/settings.md CHANGED
@@ -100,7 +100,7 @@ Settings are organized into categories. All settings should be placed within the
100
100
  | `ui.customThemes` | object | Custom theme definitions. | `{}` |
101
101
  | `ui.statusLine` | object | Custom status line configuration. A shell command whose output is shown in the footer's left section. See [Status Line](../features/status-line). | `undefined` |
102
102
  | `ui.hideWindowTitle` | boolean | Hide the window title bar. | `false` |
103
- | `ui.hideTips` | boolean | Hide helpful tips in the UI. | `false` |
103
+ | `ui.hideTips` | boolean | Hide all tips (startup and post-response) in the UI. See [Contextual Tips](../features/tips). | `false` |
104
104
  | `ui.hideBanner` | boolean | Hide the application banner. | `false` |
105
105
  | `ui.hideFooter` | boolean | Hide the footer from the UI. | `false` |
106
106
  | `ui.showMemoryUsage` | boolean | Display memory usage information in the UI. | `false` |
@@ -210,17 +210,19 @@ The `extra_body` field allows you to add custom parameters to the request body s
210
210
 
211
211
  #### context
212
212
 
213
- | Setting | Type | Description | Default |
214
- | ------------------------------------------------- | -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
215
- | `context.fileName` | string or array of strings | The name of the context file(s). | `undefined` |
216
- | `context.importFormat` | string | The format to use when importing memory. | `undefined` |
217
- | `context.includeDirectories` | array | Additional directories to include in the workspace context. Specifies an array of additional absolute or relative paths to include in the workspace context. Missing directories will be skipped with a warning by default. Paths can use `~` to refer to the user's home directory. This setting can be combined with the `--include-directories` command-line flag. | `[]` |
218
- | `context.loadFromIncludeDirectories` | boolean | Controls the behavior of the `/memory refresh` command. If set to `true`, `QWEN.md` files should be loaded from all directories that are added. If set to `false`, `QWEN.md` should only be loaded from the current directory. | `false` |
219
- | `context.fileFiltering.respectGitIgnore` | boolean | Respect .gitignore files when searching. | `true` |
220
- | `context.fileFiltering.respectQwenIgnore` | boolean | Respect .qwenignore files when searching. | `true` |
221
- | `context.fileFiltering.enableRecursiveFileSearch` | boolean | Whether to enable searching recursively for filenames under the current tree when completing `@` prefixes in the prompt. | `true` |
222
- | `context.fileFiltering.enableFuzzySearch` | boolean | When `true`, enables fuzzy search capabilities when searching for files. Set to `false` to improve performance on projects with a large number of files. | `true` |
223
- | `context.gapThresholdMinutes` | number | Minutes of inactivity after which retained thinking blocks are cleared to free context tokens. Aligns with typical provider prompt-cache TTL. Set higher if your provider has a longer cache TTL. | `5` |
213
+ | Setting | Type | Description | Default |
214
+ | -------------------------------------------------------- | -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
215
+ | `context.fileName` | string or array of strings | The name of the context file(s). | `undefined` |
216
+ | `context.importFormat` | string | The format to use when importing memory. | `undefined` |
217
+ | `context.includeDirectories` | array | Additional directories to include in the workspace context. Specifies an array of additional absolute or relative paths to include in the workspace context. Missing directories will be skipped with a warning by default. Paths can use `~` to refer to the user's home directory. This setting can be combined with the `--include-directories` command-line flag. | `[]` |
218
+ | `context.loadFromIncludeDirectories` | boolean | Controls the behavior of the `/memory refresh` command. If set to `true`, `QWEN.md` files should be loaded from all directories that are added. If set to `false`, `QWEN.md` should only be loaded from the current directory. | `false` |
219
+ | `context.fileFiltering.respectGitIgnore` | boolean | Respect .gitignore files when searching. | `true` |
220
+ | `context.fileFiltering.respectQwenIgnore` | boolean | Respect .qwenignore files when searching. | `true` |
221
+ | `context.fileFiltering.enableRecursiveFileSearch` | boolean | Whether to enable searching recursively for filenames under the current tree when completing `@` prefixes in the prompt. | `true` |
222
+ | `context.fileFiltering.enableFuzzySearch` | boolean | When `true`, enables fuzzy search capabilities when searching for files. Set to `false` to improve performance on projects with a large number of files. | `true` |
223
+ | `context.clearContextOnIdle.thinkingThresholdMinutes` | number | Minutes of inactivity before clearing old thinking blocks to free context tokens. Aligns with typical provider prompt-cache TTL. Use `-1` to disable. | `5` |
224
+ | `context.clearContextOnIdle.toolResultsThresholdMinutes` | number | Minutes of inactivity before clearing old tool result content. Use `-1` to disable. | `60` |
225
+ | `context.clearContextOnIdle.toolResultsNumToKeep` | number | Number of most-recent compactable tool results to preserve when clearing. Floor at 1. | `5` |
224
226
 
225
227
  #### Troubleshooting File Search Performance
226
228
 
@@ -235,6 +237,7 @@ If you are experiencing performance issues with file searching (e.g., with `@` c
235
237
  | Setting | Type | Description | Default | Notes |
236
238
  | ------------------------------------ | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
237
239
  | `tools.sandbox` | boolean or string | Sandbox execution environment (can be a boolean or a path string). | `undefined` | |
240
+ | `tools.sandboxImage` | string | Sandbox image URI used by Docker/Podman when `--sandbox-image` and `QWEN_SANDBOX_IMAGE` are not set. | `undefined` | |
238
241
  | `tools.shell.enableInteractiveShell` | boolean | Use `node-pty` for an interactive shell experience. Fallback to `child_process` still applies. | `false` | |
239
242
  | `tools.core` | array of strings | **Deprecated.** Will be removed in next version. Use `permissions.allow` + `permissions.deny` instead. Restricts built-in tools to an allowlist. All tools not in the list are disabled. | `undefined` | |
240
243
  | `tools.exclude` | array of strings | **Deprecated.** Use `permissions.deny` instead. Tool names to exclude from discovery. Automatically migrated to the `permissions` format on first load. | `undefined` | |
@@ -442,6 +445,7 @@ Here is an example of a `settings.json` file with the nested structure, new as o
442
445
  "tools": {
443
446
  "approvalMode": "yolo",
444
447
  "sandbox": "docker",
448
+ "sandboxImage": "ghcr.io/qwenlm/qwen-code:0.14.1",
445
449
  "discoveryCommand": "bin/get_tools",
446
450
  "callCommand": "bin/call_tool",
447
451
  "exclude": ["write_file"]
@@ -515,6 +519,7 @@ For authentication-related variables (like `OPENAI_*`) and the recommended `.qwe
515
519
  | `QWEN_TELEMETRY_OUTFILE` | Sets the file path to write telemetry to when the target is `local`. | Overrides the `telemetry.outfile` setting. |
516
520
  | `QWEN_TELEMETRY_USE_COLLECTOR` | Set to `true` or `1` to enable or disable using an external OTLP collector. Any other value is treated as disabling it. | Overrides the `telemetry.useCollector` setting. |
517
521
  | `QWEN_SANDBOX` | Alternative to the `sandbox` setting in `settings.json`. | Accepts `true`, `false`, `docker`, `podman`, or a custom command string. |
522
+ | `QWEN_SANDBOX_IMAGE` | Overrides sandbox image selection for Docker/Podman. | Takes precedence over `tools.sandboxImage`. |
518
523
  | `SEATBELT_PROFILE` | (macOS specific) Switches the Seatbelt (`sandbox-exec`) profile on macOS. | `permissive-open`: (Default) Restricts writes to the project folder (and a few other folders, see `packages/cli/src/utils/sandbox-macos-permissive-open.sb`) but allows other operations. `strict`: Uses a strict profile that declines operations by default. `<profile_name>`: Uses a custom profile. To define a custom profile, create a file named `sandbox-macos-<profile_name>.sb` in your project's `.qwen/` directory (e.g., `my-project/.qwen/sandbox-macos-custom.sb`). |
519
524
  | `DEBUG` or `DEBUG_MODE` | (often used by underlying libraries or the CLI itself) Set to `true` or `1` to enable verbose debug logging, which can be helpful for troubleshooting. | **Note:** These variables are automatically excluded from project `.env` files by default to prevent interference with the CLI behavior. Use `.qwen/.env` files if you need to set these for Qwen Code specifically. |
520
525
  | `NO_COLOR` | Set to any value to disable all color output in the CLI. | |
@@ -527,6 +532,9 @@ For authentication-related variables (like `OPENAI_*`) and the recommended `.qwe
527
532
 
528
533
  Arguments passed directly when running the CLI can override other configurations for that specific session.
529
534
 
535
+ For sandbox image selection, precedence is:
536
+ `--sandbox-image` > `QWEN_SANDBOX_IMAGE` > `tools.sandboxImage` > built-in default image.
537
+
530
538
  ### Command-Line Arguments Table
531
539
 
532
540
  | Argument | Alias | Description | Possible Values | Notes |
package/bundled/qc-helper/docs/features/_meta.ts CHANGED
@@ -19,4 +19,5 @@ export default {
19
19
  hooks: 'Hooks',
20
20
  'status-line': 'Status Line',
21
21
  'scheduled-tasks': 'Scheduled Tasks',
22
+ tips: 'Contextual Tips',
22
23
  };
package/bundled/qc-helper/docs/features/hooks.md CHANGED
@@ -57,9 +57,11 @@ The following table lists all available hook events in Qwen Code:
57
57
  | `UserPromptSubmit` | Fired when user submits a prompt | Input processing, validation, context injection |
58
58
  | `SessionStart` | Fired when a new session starts | Initialization, context setup |
59
59
  | `Stop` | Fired before Qwen concludes its response | Finalization, cleanup |
60
+ | `StopFailure` | Fired when turn ends due to API error | Error logging, alerting, rate limit handling |
60
61
  | `SubagentStart` | Fired when a subagent starts | Subagent initialization |
61
62
  | `SubagentStop` | Fired when a subagent stops | Subagent finalization |
62
63
  | `PreCompact` | Fired before conversation compaction | Pre-compaction processing |
64
+ | `PostCompact` | Fired after conversation compaction | Summary archiving, usage statistics |
63
65
  | `SessionEnd` | Fired when a session ends | Cleanup, reporting |
64
66
  | `PermissionRequest` | Fired when permission dialogs are displayed | Permission automation, policy enforcement |
65
67
 
@@ -299,6 +301,60 @@ Event-specific fields are added based on the hook type. Below are the event-spec
299
301
  }
300
302
  ```
301
303
 
304
+ #### StopFailure
305
+
306
+ **Purpose**: Executed when the turn ends due to an API error (instead of Stop). This is a **fire-and-forget** event - hook output and exit codes are ignored.
307
+
308
+ **Event-specific fields**:
309
+
310
+ ```json
311
+ {
312
+ "error": "rate_limit | authentication_failed | billing_error | invalid_request | server_error | max_output_tokens | unknown",
313
+ "error_details": "detailed error message (optional)",
314
+ "last_assistant_message": "the last message from the assistant before the error (optional)"
315
+ }
316
+ ```
317
+
318
+ **Matcher**: Matches against the `error` field. For example, `"matcher": "rate_limit"` will only trigger for rate limit errors.
319
+
320
+ **Output Options**:
321
+
322
+ - **None** - StopFailure is fire-and-forget. All hook output and exit codes are ignored.
323
+
324
+ **Exit Code Handling**:
325
+
326
+ | Exit Code | Behavior |
327
+ | --------- | ------------------------- |
328
+ | Any | Ignored (fire-and-forget) |
329
+
330
+ **Example Configuration**:
331
+
332
+ ```json
333
+ {
334
+ "hooks": {
335
+ "StopFailure": [
336
+ {
337
+ "matcher": "rate_limit",
338
+ "hooks": [
339
+ {
340
+ "type": "command",
341
+ "command": "/path/to/rate-limit-alert.sh",
342
+ "name": "rate-limit-alerter"
343
+ }
344
+ ]
345
+ }
346
+ ]
347
+ }
348
+ }
349
+ ```
350
+
351
+ **Use Cases**:
352
+
353
+ - Rate limit monitoring and alerting
354
+ - Authentication failure logging
355
+ - Billing error notifications
356
+ - Error statistics collection
357
+
302
358
  #### SubagentStart
303
359
 
304
360
  **Purpose**: Executed when a subagent (like the Task tool) is started to set up context or permissions.
@@ -387,6 +443,63 @@ Event-specific fields are added based on the hook type. Below are the event-spec
387
443
  }
388
444
  ```
389
445
 
446
+ #### PostCompact
447
+
448
+ **Purpose**: Executed after conversation compaction completes to archive summaries or track usage.
449
+
450
+ **Event-specific fields**:
451
+
452
+ ```json
453
+ {
454
+ "trigger": "manual | auto",
455
+ "compact_summary": "the summary generated by the compaction process"
456
+ }
457
+ ```
458
+
459
+ **Matcher**: Matches against the `trigger` field. For example, `"matcher": "manual"` will only trigger for manual compaction via `/compact` command.
460
+
461
+ **Output Options**:
462
+
463
+ - `hookSpecificOutput.additionalContext`: additional context (for logging only)
464
+ - Standard hook output fields (for logging only)
465
+
466
+ **Note**: PostCompact is **not** in the official decision mode supported events list. The `decision` field and other control fields do not produce any control effects - they are only used for logging purposes.
467
+
468
+ **Exit Code Handling**:
469
+
470
+ | Exit Code | Behavior |
471
+ | --------- | --------------------------------------------------------- |
472
+ | 0 | Success - stdout shown to user in verbose mode |
473
+ | Other | Non-blocking error - stderr shown to user in verbose mode |
474
+
475
+ **Example Configuration**:
476
+
477
+ ```json
478
+ {
479
+ "hooks": {
480
+ "PostCompact": [
481
+ {
482
+ "matcher": "manual",
483
+ "hooks": [
484
+ {
485
+ "type": "command",
486
+ "command": "/path/to/save-compact-summary.sh",
487
+ "name": "save-summary"
488
+ }
489
+ ]
490
+ }
491
+ ]
492
+ }
493
+ }
494
+ ```
495
+
496
+ **Use Cases**:
497
+
498
+ - Summary archiving to files or databases
499
+ - Usage statistics tracking
500
+ - Context change monitoring
501
+ - Audit logging for compaction operations
502
+
390
503
  #### Notification
391
504
 
392
505
  **Purpose**: Executed when notifications are sent to customize or intercept them.
package/bundled/qc-helper/docs/features/sandbox.md CHANGED
@@ -103,8 +103,16 @@ qwen -p "run the test suite"
103
103
 
104
104
  - **CLI flag**: `--sandbox-image <image>`
105
105
  - **Environment variable**: `QWEN_SANDBOX_IMAGE=<image>`
106
+ - **Settings file**: `tools.sandboxImage` in your `settings.json` (e.g., `{"tools": {"sandboxImage": "ghcr.io/qwenlm/qwen-code:0.14.1"}}`)
106
107
 
107
- If you don’t set either, Qwen Code uses the default image configured in the CLI package (for example `ghcr.io/qwenlm/qwen-code:<version>`).
108
+ Priority order (highest to lowest):
109
+
110
+ 1. `--sandbox-image`
111
+ 2. `QWEN_SANDBOX_IMAGE`
112
+ 3. `tools.sandboxImage`
113
+ 4. Built-in default image from the CLI package (for example `ghcr.io/qwenlm/qwen-code:<version>`)
114
+
115
+ `settings.env.QWEN_SANDBOX_IMAGE` also works as a generic env injection mechanism, but `tools.sandboxImage` is the preferred persistent setting.
108
116
 
109
117
  ### macOS Seatbelt profiles
110
118
 
package/bundled/qc-helper/docs/features/sub-agents.md CHANGED
@@ -99,10 +99,12 @@ Subagents are configured using Markdown files with YAML frontmatter. This format
99
99
  name: agent-name
100
100
  description: Brief description of when and how to use this agent
101
101
  model: inherit # Optional: inherit or model-id
102
- tools:
103
- - tool1
104
- - tool2
105
- - tool3 # Optional
102
+ approvalMode: auto-edit # Optional: default, plan, auto-edit, yolo
103
+ tools: # Optional: allowlist of tools
104
+ - tool1
105
+ - tool2
106
+ disallowedTools: # Optional: blocklist of tools
107
+ - tool3
106
108
  ---
107
109
 
108
110
  System prompt content goes here.
@@ -118,6 +120,87 @@ Use the optional `model` frontmatter field to control which model a subagent use
118
120
  - `glm-5`: Use that model ID with the main conversation's auth type
119
121
  - `openai:gpt-4o`: Use a different provider (resolves credentials from env vars)
120
122
 
123
+ #### Permission Mode
124
+
125
+ Use the optional `approvalMode` frontmatter field to control how a subagent's tool calls are approved. Valid values:
126
+
127
+ - `default`: Tools require interactive approval (same as the main session default)
128
+ - `plan`: Analyze-only mode β€” the agent plans but does not execute changes
129
+ - `auto-edit`: Tools are auto-approved without prompting (recommended for most agents)
130
+ - `yolo`: All tools auto-approved, including potentially destructive ones
131
+
132
+ If you omit this field, the subagent's permission mode is determined automatically:
133
+
134
+ - If the parent session is in **yolo** or **auto-edit** mode, the subagent inherits that mode. A permissive parent stays permissive.
135
+ - If the parent session is in **plan** mode, the subagent stays in plan mode. An analyze-only session cannot mutate files through a delegated agent.
136
+ - If the parent session is in **default** mode (in a trusted folder), the subagent gets **auto-edit** so it can work autonomously.
137
+
138
+ When you do set `approvalMode`, the parent's permissive modes still take priority. For example, if the parent is in yolo mode, a subagent with `approvalMode: plan` will still run in yolo mode.
139
+
140
+ ```
141
+ ---
142
+ name: cautious-reviewer
143
+ description: Reviews code without making changes
144
+ approvalMode: plan
145
+ tools:
146
+ - read_file
147
+ - grep_search
148
+ - glob
149
+ ---
150
+
151
+ You are a code reviewer. Analyze the code and report findings.
152
+ Do not modify any files.
153
+ ```
154
+
155
+ #### Tool Configuration
156
+
157
+ Use `tools` and `disallowedTools` to control which tools a subagent can access.
158
+
159
+ **`tools` (allowlist):** When specified, the subagent can only use the listed tools. When omitted, the subagent inherits all available tools from the parent session.
160
+
161
+ ```
162
+ ---
163
+ name: reader
164
+ description: Read-only agent for code exploration
165
+ tools:
166
+ - read_file
167
+ - grep_search
168
+ - glob
169
+ - list_directory
170
+ ---
171
+ ```
172
+
173
+ **`disallowedTools` (blocklist):** When specified, the listed tools are removed from the subagent's tool pool. This is useful when you want "everything except X" without listing every permitted tool.
174
+
175
+ ```
176
+ ---
177
+ name: safe-worker
178
+ description: Agent that cannot modify files
179
+ disallowedTools:
180
+ - write_file
181
+ - edit
182
+ - run_shell_command
183
+ ---
184
+ ```
185
+
186
+ If both `tools` and `disallowedTools` are set, the allowlist is applied first, then the blocklist removes from that set.
187
+
188
+ **MCP tools** follow the same rules. If a subagent has no `tools` list, it inherits all MCP tools from the parent session. If a subagent has an explicit `tools` list, it only gets MCP tools that are explicitly named in that list.
189
+
190
+ The `disallowedTools` field supports MCP server-level patterns:
191
+
192
+ - `mcp__server__tool_name` β€” blocks a specific MCP tool
193
+ - `mcp__server` β€” blocks all tools from that MCP server
194
+
195
+ ```
196
+ ---
197
+ name: no-slack
198
+ description: Agent without Slack access
199
+ disallowedTools:
200
+ - mcp__slack
201
+ ---
202
+ ```
203
+
121
204
  #### Example Usage
122
205
 
123
206
  ```
@@ -500,7 +583,8 @@ Always follow these standards:
500
583
 
501
584
  ## Security Considerations
502
585
 
503
- - **Tool Restrictions**: Subagents only have access to their configured tools
586
+ - **Tool Restrictions**: Use `tools` to limit which tools a subagent can access, or `disallowedTools` to block specific tools while inheriting everything else
587
+ - **Permission Mode**: Subagents inherit their parent's permission mode by default. Plan-mode sessions cannot escalate to auto-edit through delegated agents. Privileged modes (auto-edit, yolo) are blocked in untrusted folders.
504
588
  - **Sandboxing**: All tool execution follows the same security model as direct tool use
505
589
  - **Audit Trail**: All Subagents actions are logged and visible in real-time
506
590
  - **Access Control**: Project and user-level separation provides appropriate boundaries
package/bundled/qc-helper/docs/features/tips.md ADDED
@@ -0,0 +1,54 @@
1
+ # Contextual Tips
2
+
3
+ Qwen Code includes a contextual tips system that helps you discover features and stay aware of session state.
4
+
5
+ ## Startup Tips
6
+
7
+ Each time you launch Qwen Code, a tip is shown in the header area. Tips are selected by priority first, then rotated across sessions using LRU (least-recently-used) scheduling among tips of the same priority, so you see a different tip each time.
8
+
9
+ New users see onboarding-focused tips during their first sessions:
10
+
11
+ | Sessions | Example tips |
12
+ | -------- | ---------------------------------------------------- |
13
+ | < 5 | Slash commands (`/`), Tab autocomplete |
14
+ | < 10 | `QWEN.md` project context, `--continue` / `--resume` |
15
+ | < 15 | Shell commands with `!` prefix |
16
+
17
+ After that, tips rotate through general features like `/compress`, `/approval-mode`, `/insight`, `/btw`, and more.
18
+
19
+ ## Post-Response Tips
20
+
21
+ During a conversation, Qwen Code monitors your context window usage and shows tips when action may be needed:
22
+
23
+ | Context usage | Condition | Tip |
24
+ | ------------- | ------------------------------ | ------------------------------------------------- |
25
+ | 50-80% | After a few prompts in session | Suggests `/compress` to free up context |
26
+ | 80-95% | β€” | Warns context is getting full |
27
+ | >= 95% | β€” | Urgent: run `/compress` now or `/new` to continue |
28
+
29
+ Post-response tips have per-tip cooldowns to avoid being repetitive.
30
+
31
+ ## Tip History
32
+
33
+ Tip display history is persisted at `~/.qwen/tip_history.json`. This file tracks:
34
+
35
+ - Session count (used for new-user tip selection)
36
+ - Which tips have been shown and when (used for LRU rotation and cooldown)
37
+
38
+ You can safely delete this file to reset tip history.
39
+
40
+ ## Disabling Tips
41
+
42
+ To hide all tips (both startup and post-response), set `ui.hideTips` to `true` in `~/.qwen/settings.json`:
43
+
44
+ ```json
45
+ {
46
+ "ui": {
47
+ "hideTips": true
48
+ }
49
+ }
50
+ ```
51
+
52
+ You can also toggle this in the settings dialog via the `/settings` command.
53
+
54
+ Tips are also automatically hidden when screen reader mode is enabled.
package/bundled/qc-helper/docs/support/tos-privacy.md CHANGED
@@ -6,7 +6,7 @@ Qwen Code is an open-source AI coding assistant tool maintained by the Qwen Code
6
6
 
7
7
  Qwen Code supports three authentication methods to access AI models. Your authentication method determines which terms of service and privacy policies apply to your usage:
8
8
 
9
- 1. **Qwen OAuth** β€” Log in with your qwen.ai account (free daily quota)
9
+ 1. **Qwen OAuth** β€” Log in with your qwen.ai account (free daily quota, ending 2026-04-15)
10
10
  2. **Alibaba Cloud Coding Plan** β€” Use an API key from Alibaba Cloud
11
11
  3. **API Key** β€” Bring your own API key
12
12