@tencent-ai/agent-sdk 0.3.169-dev.e3066bb.202606081524 → 0.3.171

package/cli/CHANGELOG.md

@@ -7,6 +7,38 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 
 ## [未发布]
 
+## [2.105.0] - 2026-06-09
+
+### 🎉 新功能
+
+- **Dynamic Workflow（动态编排）**：新增 `Workflow` 工具，支持在单条会话里调度数十个子代理协同跑大型多步任务（深度研究、跨文件重构、批量分析）。脚本走确定性沙箱执行，禁用 `Date.now` / `Math.random` / `new Date()` 等不确定性 API。工具默认走延迟加载（`deferLoading`），仅在用户显式触发或语义检索时激活，不占用默认上下文。
+- **Deep Research（深度研究）**：内置深度研究 workflow + `/deep-research` 斜杠命令；用户可一句话发起多角度并行研究，进度由后台任务通知统一回流。
+- **UltraCode 长程思考**：在用户输入或会话元信息出现 `ultracode` 关键词时自动注入提醒上下文，引导模型进入更深思考；可通过 `/effort` 命令切换 effort 等级。
+- **`/workflows` 工作台**：TUI 新增 Workflows 面板，查看活跃 / 历史 run、保存自定义脚本、一键 resume。
+- **`/save-workflow` 命令**：把当前内联脚本保存为命名 workflow（用户级或项目级），后续可通过 `name` 引用。
+- **后台任务统一通道**：Workflow 与 Bash `run_in_background`、PowerShell 后台任务复用同一 `<task-notification>` 通道，模型用 `TaskOutput` 工具拉取完整结果。
+- **Workflow 暂停 / 恢复**：Workflow 运行支持暂停（pause）与重启（restart），可在长任务中安全中断与续跑。
+- **Workflow 详情面板增强**：Workflows 面板支持查看运行中工作流的实时状态、Agent 子任务列表与暂停 / 恢复操作。
+- **会话标题事件**：stream-json 输出新增 AI 生成标题事件，便于上层客户端同步展示会话标题。
+- **禁用内置模型开关**：新增 `CODEBUDDY_DISABLE_BUILTIN_MODELS` 环境变量，置为 `1` / `true` 时剥离打包内置的静态模型列表，`/model` 列表只保留云端接口模型、`models.json` 自定义模型与 `ACC_PRODUCT_CONFIG_V3` 注入的模型。
+
+### 🔧 改进
+
+- **Tool Search 增强**：扩展工具发现能力，配合延迟加载工具（含 Workflow）按需激活。
+- **TaskOutput 工具增强**：支持后台任务输出文件管理与流式拉取。
+- **WebFetch 工具优化**：调整重定向与缓存语义。
+- **Tasks 面板**：新增任务详情面板与列表面板，组织展示更清晰。
+- **Workflow 总开关**：环境变量 `CODEBUDDY_DISABLE_WORKFLOWS=1` 或 settings.json `disableWorkflows: true` 任一为真即关闭 Workflow 全套能力（工具、关键词拦截、effort 切换）。
+- **内置 workflow 资源外置**：内置 workflow 脚本统一迁移到 `builtin/workflows/` 目录，新增内置 workflow 仅需丢入文件即可被自动发现，无需改代码。
+- **Workflow 持久化扩展**：journal / durability 增补字段以支持暂停状态与 Agent 派生信息的恢复。
+- **权限保存位置文案**：统一权限规则保存位置的描述文案为 `Saved in <path>`，修正此前 `Saved in at` / `Checked in at` 风格不一致的问题。
+
+### 🐛 修复
+
+- **/add-dir 目录联想**：修复输入 `/add-dir ` 加空格（尚未输入路径）时误触发目录选择器、回车被当作选中首个目录并直接发送的问题；现在参数为空时不再列举目录，行为与预期一致。
+- **专享版模型列表为空 / 不对**：修复 custom-token 登录时，若 JWT `iss` 为 Keycloak realm 形式（末段不含 `sso-` 前缀）导致 `enterpriseId` 解析失败、`/model` 列表退化为内置默认模型的问题。现在 `enterpriseId` 优先读取配置显式提供的 `authentication.attributes.enterpriseId`，再回退到 JWT 解析。
+- **CLI loading 异常消失**：修复使用子代理调研类对话时主会话 loading 状态被子代理拖到 idle 导致 loading 突然消失、但对话仍在继续输出的问题；主会话的运行状态现在只由自身状态机推进，子代理仅通过 phase 通道驱动 loading 显示。
+
 ## [2.103.4] - 2026-06-08
 
 ### 🔧 改进
@@ -255,7 +287,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 
 ### 🎉 新功能
 
-- **OpenTelemetry 自定义上报（traces）**：支持通过 OTel 标准环境变量将内部 traces 上报到自有 Collector。启用开关 `CODEBUDDY_CODE_ENABLE_TELEMETRY=1`（兼容 legacy 别名 `CLAUDE_CODE_ENABLE_TELEMETRY`），支持 `OTEL_EXPORTER_OTLP_ENDPOINT` / `OTEL_EXPORTER_OTLP_HEADERS` / `OTEL_SERVICE_NAME` 等标准变量。详见 `docs/monitoring.md`。 #41061
+- **OpenTelemetry 自定义上报（traces）**：支持通过 OTel 标准环境变量将内部 traces 上报到自有 Collector。启用开关 `CODEBUDDY_CODE_ENABLE_TELEMETRY=1`，支持 `OTEL_EXPORTER_OTLP_ENDPOINT` / `OTEL_EXPORTER_OTLP_HEADERS` / `OTEL_SERVICE_NAME` 等标准变量。详见 `docs/monitoring.md`。 #41061
 - **沙箱生态资产目录白名单**：沙箱安全策略默认允许 WorkBuddy 生态资产目录和跨平台技能目录写入，减少插件、技能与连接器的访问受限问题。 #42876
 
 ### 🔧 功能改进
@@ -345,23 +377,23 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 
 ### 🎉 新功能
 
-- **快捷键系统**：参考 Claude Code 架构实现完整的快捷键系统，支持上下文条件、弦序列（如 Ctrl+X Ctrl+K）、用户自定义覆盖。配置文件存储在 `~/.codebuddy/keybindings.json`，支持 16 个上下文与 60+ 动作。新增 `/keybindings` 命令、REST API（`/api/v1/keybindings`）以及 Web UI 可视化配置（按上下文分组、搜索、录制、冲突检测、中英文国际化）。
-- **Skill / Subagent Frontmatter Hooks**：对齐 Claude Code 行为，支持在 `.codebuddy/agents/*.md` 与 `.codebuddy/skills/*/SKILL.md` 的 YAML frontmatter 中配置 `hooks:` 字段，在子代理 / fork skill 生命周期内自动注册和清理。支持 `command` / `prompt` / `agent` / `http` 四种 hook 类型、`once: true` 自动移除、event matcher 语义。**默认安全闸门**：非 product 内置来源的 frontmatter hooks 默认禁用（含本地与插件市场），需在 `settings.json` 中开启 `allowUntrustedFrontmatterHooks: true` 才生效。
-- **Hook 事件与参数对齐 Claude Code（A/B 批次）**：新增 6 个 hook 事件（PostToolUseFailure、SubagentStart、StopFailure、PostCompact、ConfigChange、InstructionsLoaded），工具事件 payload 增加 `tool_use_id` / `permission_mode` 等字段，Stop / SubagentStop 事件新增 `last_assistant_message`，SubagentStop 增加 `agent_id` / `agent_type` / `agent_transcript_path`，Notification 增加 `title`，SessionEnd 原因扩充。新增 hook 异步协议（`{"async": true, "asyncTimeout": N}` 立即放行）；PostToolUse 支持 MCP 工具的 `updatedMCPToolOutput` 覆盖；SessionStart 支持 `initialUserMessage` 注入首轮上下文。
+- **快捷键系统**：参考同类工具架构实现完整的快捷键系统，支持上下文条件、弦序列（如 Ctrl+X Ctrl+K）、用户自定义覆盖。配置文件存储在 `~/.codebuddy/keybindings.json`，支持 16 个上下文与 60+ 动作。新增 `/keybindings` 命令、REST API（`/api/v1/keybindings`）以及 Web UI 可视化配置（按上下文分组、搜索、录制、冲突检测、中英文国际化）。
+- **Skill / Subagent Frontmatter Hooks**：对齐同类工具行为，支持在 `.codebuddy/agents/*.md` 与 `.codebuddy/skills/*/SKILL.md` 的 YAML frontmatter 中配置 `hooks:` 字段，在子代理 / fork skill 生命周期内自动注册和清理。支持 `command` / `prompt` / `agent` / `http` 四种 hook 类型、`once: true` 自动移除、event matcher 语义。**默认安全闸门**：非 product 内置来源的 frontmatter hooks 默认禁用（含本地与插件市场），需在 `settings.json` 中开启 `allowUntrustedFrontmatterHooks: true` 才生效。
+- **Hook 事件与参数对齐（A/B 批次）**：新增 6 个 hook 事件（PostToolUseFailure、SubagentStart、StopFailure、PostCompact、ConfigChange、InstructionsLoaded），工具事件 payload 增加 `tool_use_id` / `permission_mode` 等字段，Stop / SubagentStop 事件新增 `last_assistant_message`，SubagentStop 增加 `agent_id` / `agent_type` / `agent_transcript_path`，Notification 增加 `title`，SessionEnd 原因扩充。新增 hook 异步协议（`{"async": true, "asyncTimeout": N}` 立即放行）；PostToolUse 支持 MCP 工具的 `updatedMCPToolOutput` 覆盖；SessionStart 支持 `initialUserMessage` 注入首轮上下文。
 - **Hook 事件扩展（C1 批次）**：新增 8 个 hook 事件 — PermissionRequest / PermissionDenied（权限审批前后可拦截）、TaskCreated / TaskCompleted（携带 task_id / teammate_name 等）、TeammateIdle（团队成员从忙碌转为空闲触发）、Setup（进程启动 / 维护阶段触发，stdout 可注入首轮上下文）、Elicitation / ElicitationResult（MCP elicitation 前后预留）。
-- **Hook 配置扩展（C2 批次）**：新增 `http` / `agent` 两种 hook type；新增 `if` permission rule 语法（如 `Bash(git *)` / `Write(*.ts)`）按工具名和参数匹配；新增 `shell` / `once` / `asyncRewake` / `allowedEnvVars` / `statusMessage` 字段；插件 hook 注入新环境变量 `CLAUDE_PLUGIN_DATA` / `CODEBUDDY_PLUGIN_DATA` 与展开的 `*_PLUGIN_OPTION_*`。
-- **Hook 文件监视（C3 批次）**：新增 `FileChanged`（SessionStart / Setup hook 通过 `hookSpecificOutput.watchPaths` 声明监视路径），`CwdChanged`（Bash / PowerShell 工具执行后若 cwd 变化自动触发）。Windows Git Bash 下 hook 子进程自动把 `CLAUDE_PROJECT_DIR` 等路径环境变量从 `C:\Users\foo` 规范化为 `/c/Users/foo`。
-- **Skills / 斜杠命令 / Subagent 变量占位符**：在 `.md` 文件中支持变量占位符替换，与 Claude Code 兼容。支持 `${CODEBUDDY_PLUGIN_ROOT}` / `${CODEBUDDY_SKILL_DIR}` / `${CODEBUDDY_SESSION_ID}` 以及任意大写环境变量（含 `${MY_ENV_VAR:-默认值}` 默认值语法），未设置的占位符原样保留。
+- **Hook 配置扩展（C2 批次）**：新增 `http` / `agent` 两种 hook type；新增 `if` permission rule 语法（如 `Bash(git *)` / `Write(*.ts)`）按工具名和参数匹配；新增 `shell` / `once` / `asyncRewake` / `allowedEnvVars` / `statusMessage` 字段；插件 hook 注入新环境变量 `CODEBUDDY_PLUGIN_DATA` 与展开的 `*_PLUGIN_OPTION_*`。
+- **Hook 文件监视（C3 批次）**：新增 `FileChanged`（SessionStart / Setup hook 通过 `hookSpecificOutput.watchPaths` 声明监视路径），`CwdChanged`（Bash / PowerShell 工具执行后若 cwd 变化自动触发）。Windows Git Bash 下 hook 子进程会自动规范化项目路径环境变量。
+- **Skills / 斜杠命令 / Subagent 变量占位符**：在 `.md` 文件中支持变量占位符替换。支持 `${CODEBUDDY_PLUGIN_ROOT}` / `${CODEBUDDY_SKILL_DIR}` / `${CODEBUDDY_SESSION_ID}` 以及任意大写环境变量（含 `${MY_ENV_VAR:-默认值}` 默认值语法），未设置的占位符原样保留。
 - **第三方插件市场自动更新**：新增 `autoUpdateThirdPartyMarketplaces` 产品配置和 `CODEBUDDY_AUTO_UPDATE_THIRD_PARTY_MARKETPLACES` 环境变量，支持全局启用第三方插件市场自动更新（优先级：settings env > process.env > 产品配置 > 默认关闭）。市场配置项新增 `autoUpdate` 可选字段。
 - **Remote Gateway `/api/v1/runs` 任务执行超时可配置**：默认超时从 10 分钟提升到 30 分钟；新增 `gateway.runTimeoutMs` settings 配置；新增 HTTP header `X-Codebuddy-Run-Timeout` 单次覆盖；设为 0 或负数关闭超时保护（覆盖优先级：header > settings > 默认）。
 - **Web UI PWA 自动更新**：前端每 15 分钟自动询问后端是否有新 Service Worker 版本，对话空闲时自动 reload，进行中弹 toast 保留"立即刷新"按钮，订阅运行状态在 Agent 空闲后自动刷新，确保不打扰正在进行的对话。
 - **UE 项目自动排除大仓噪声目录**：在 cwd 检测到 `*.uproject` 时自动在 Grep / Glob ripgrep 调用里叠加 `!Intermediate/` `!DerivedDataCache/` `!Saved/` `!Binaries/` `!Build/` `!.vs/` 排除，避免 Unreal Engine 项目编译产物污染搜索结果；可通过 `settings.disableUEAutoExclude: true` 关闭。Grep content 搜索默认增加 `--max-columns 500` 避免单行 MB 级内容打爆 stdout。
 - **ACP 文件系统方法**：在 ACP StreamManager 中实现 `fs/*` 系列方法（list / read / write / exists / makeDir / remove / rename / getInfo / watchDir / unwatch），支持 Desktop 通过 ACP JSON-RPC 协议访问工作目录文件系统，使"全部文件"标签页在 Desktop 中正常工作。
-- **Subagent frontmatter `skills:` 预加载**：对齐 Claude Code，子代理启动时把 frontmatter `skills:` 中列出的 skill 完整内容作为 `isMeta:true` user message 预注入子代理 history，支持 3 档 skill 名称 fallback。
+- **Subagent frontmatter `skills:` 预加载**：子代理启动时把 frontmatter `skills:` 中列出的 skill 完整内容作为 `isMeta:true` user message 预注入子代理 history，支持 3 档 skill 名称 fallback。
 
 ### 🔧 功能改进
 
-- **PowerShell 安全多层防御**：CLM 类型白名单（~90 类型对齐 Claude Code）、Git 安全防护（裸仓库攻击 / NTFS 8.3 短名 / archive 提取器检测）、危险 Cmdlet 分类（7 集合 + 120+ 别名）、破坏性命令 UI 警告（16 种模式）、Unicode 破折号支持（en/em/horizontal-bar）。
+- **PowerShell 安全多层防御**：CLM 类型白名单（约 90 类型）、Git 安全防护（裸仓库攻击 / NTFS 8.3 短名 / archive 提取器检测）、危险 Cmdlet 分类（7 集合 + 120+ 别名）、破坏性命令 UI 警告（16 种模式）、Unicode 破折号支持（en/em/horizontal-bar）。
 - **ACP 连接稳定性**：GET SSE 连接增加 30 秒心跳防止反向代理（cloudflared / nginx）回收；连接关闭时等待未完成的历史写入完成防止 JSONL 日志被截断。`idle_timeout` 场景增强诊断日志，便于会话长时间无更新时定位卡点。
 - **Bash 工具 timeout 提示动态化**：工具描述中"最大 timeout"数值原先写死 600000ms，即便用户调大 `BASH_MAX_TIMEOUT_MS` 模型看到的仍是旧值。现在描述动态注入 `bashMaxTimeoutMs` / `bashDefaultTimeoutMs`，与运行时实际 clamp 值保持一致；并引导模型长任务优先省略 `timeout` 参数。
 - **TUI 输入框 Ctrl+F / Ctrl+B 光标导航**：之前 Ctrl+F 被当普通字符插入、Ctrl+B 被静默吞掉，现支持 bash readline 风格的左右移动一字符，与已有 Ctrl+A / Ctrl+E / Ctrl+K / Ctrl+U 一致。多字节字符和 emoji 移动正确。
@@ -405,7 +437,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 - **Compact 自动渲染 XML 标签**：修复自动压缩触发时摘要在聊天界面被渲染为裸 `<conversation_history_summary>` / `<summary>` 标签的问题，与用户主动 `/compact` 走同一套 `compact_group` 渲染。聊天界面统一显示 `/compact`，内部命令 `/_compact` 在用户消息气泡中归一化；隐藏 `/_` 前缀的内部命令。
 - **Compact 失败保留用户消息**：长会话发送前自动压缩失败后会保存用户消息、结束本次请求并展示明确失败提示，避免静默卡住。
 - **Compact 历史 `Unknown content` 错误**：修复从历史会话继续对话时可能报 `Unknown content` 导致中断的问题。
-- **PTL 上下文超长恢复**：新增按 API 轮次精确截断历史的兜底机制，覆盖 Anthropic / Vertex / OpenAI / Gemini / 内部网关等主流模型错误文案。组合命令安全检查（`&&` / `;` / `|`）改为子命令独立评估并取最高等级。
+- **PTL 上下文超长恢复**：新增按 API 轮次精确截断历史的兜底机制，覆盖多类主流模型错误文案。组合命令安全检查（`&&` / `;` / `|`）改为子命令独立评估并取最高等级。
 - **空流自动重试**：识别上游 OpenAI 兼容网关只发占位 / 心跳帧后断开的"空流"场景，复用流超时重试管道（max=1）自动恢复；重试额度按 turn 重置。
 - **请求体超限恢复**：优化大上下文 / 大图片导致请求体超限时的自动恢复能力；`ModelProvider` axios 显式设 `maxBodyLength: Infinity, maxContentLength: Infinity`，避免打包内 `follow-redirects` 默认 10MB 上限本地拦截。
 - **模型错误兜底状态码**：`ModelErrorAnalyzer.analyze` 与 `ModelProvider` 外层 catch 未识别归因时兜底响应码由 `500 Internal Client Error` 调整为 `400 Client Error`。
@@ -455,7 +487,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 - **Worktree 相对 cwd**：修复 worktree 复用时未正确进入相对目录的问题。
 - **Web UI 编辑器保存清空文件**：`writeFile` 前端未显式设 Content-Type 被 body-parser.text() 中间件消费导致后端读到空 Buffer 写入磁盘；现前端显式设 `application/octet-stream`，后端对"空请求体 + 已存在非空文件 + 无 `allowEmpty=1`"返回 409 兜底，CodeEditor 改用 `defaultValue` + useEffect 守卫。
 - **Gateway CORS 静态资源**：开启 CORS 白名单时同源 IP 访问静态资源（首页 / `/assets/*` / Service Worker）被误拦的问题，浏览器 module script / modulepreload 静态资源不再参与 API CORS 白名单检查。
-- **anydev 远程 IDE `/ide` 命令**：新增 `CODEBUDDY_IDE_PORT` / `CODEBUDDY_IDE_HOST` / `CODEBUDDY_IDE_SKIP_VALID_CHECK` 环境变量（与 Claude Code `CLAUDE_CODE_*` 兼容），适配容器内无法访问宿主侧锁文件、IDE 在远程主机、容器内外路径不一致等场景。
+- **anydev 远程 IDE `/ide` 命令**：新增 `CODEBUDDY_IDE_PORT` / `CODEBUDDY_IDE_HOST` / `CODEBUDDY_IDE_SKIP_VALID_CHECK` 环境变量，适配容器内无法访问宿主侧锁文件、IDE 在远程主机、容器内外路径不一致等场景。
 - **Read 工具图片返回格式**：修复 Read 工具读取图片时返回数据结构不正确，现正确返回 image content block 格式。
 - **`@openai/agents-openai` patch**：修复 assistant 消息中 tool_calls 合并问题。
 - **历史登出闪烁**：账号退出时清除缓存消息，防止重新登录后短暂显示旧的 pending question。
@@ -577,7 +609,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 
 ### 🐛 问题修复
 
-- **自定义模型兼容性**：修复自定义模型（如 `custom-local:xxx`）请求中残留 Anthropic 风格字段（`verbosity`、`reasoning_summary`、`reasoning_effort`）导致第三方 OpenAI 兼容接口返回 400 的问题
+- **自定义模型兼容性**：修复自定义模型（如 `custom-local:xxx`）请求中残留不兼容字段（`verbosity`、`reasoning_summary`、`reasoning_effort`）导致第三方 OpenAI 兼容接口返回 400 的问题
 
 ## [2.94.3] - 2026-04-29
 
@@ -1085,7 +1117,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 - **Windows PowerShell 工具**：新增原生 PowerShell 命令执行工具，支持 PowerShell 7+ 和 Windows PowerShell 5.1，自动检测版本并适配语法指导
 - **无 Git Bash 降级支持**：Windows 上未安装 Git Bash 时，自动禁用 Bash 工具，PowerShell 工具成为唯一 shell 工具，不再崩溃退出
 - **GLM-5.1 模型**：新增 GLM-5.1 及 GLM-5.1-ioa 模型配置
-- **Memory 系统对齐 Claude Code**：Typed Memory 默认启用，使用 4 种记忆类型（user/feedback/project/reference）结构化管理记忆
+- **Memory 系统增强**：Typed Memory 默认启用，使用 4 种记忆类型（user/feedback/project/reference）结构化管理记忆
 - **记忆相关性选择**：根据用户查询自动选择最多 5 个相关记忆注入上下文
 - **后台记忆提取**：对话结束后可自动从对话中提取记忆（需手动启用）
 - **记忆新鲜度管理**：超过 1 天的记忆附带陈旧警告，提醒验证后再使用
@@ -2159,7 +2191,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 
 - **Bash 内置子代理**：新增 Bash 专用子代理，专注于命令执行任务（git 操作、构建工具、测试执行等），使用轻量级模型快速响应
 - **命令注入检测**：新增 Bash 命令注入检测机制，拦截反引号替换、`$()` 命令替换、换行符注入等潜在危险命令
-- **命令前缀提取**：新增多词命令前缀提取功能，支持环境变量前缀、子命令识别，对齐 Claude Code policy_spec 规范
+- **命令前缀提取**：新增多词命令前缀提取功能，支持环境变量前缀、子命令识别，对齐通用 policy_spec 规范
 
 ### 🔧 功能改进
 
@@ -2955,7 +2987,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 
 ### 🐛 问题修复
 
-- **上下文窗口溢出**：修复 Claude 模型在高负载场景下 token 超限导致请求失败的问题
+- **上下文窗口溢出**：修复模型在高负载场景下 token 超限导致请求失败的问题
 - **Windows 配置路径**：修复 Windows 系统下全局配置路径错误（`%appdata%` 环境变量未正确展开）导致无法加载用户配置的问题
 
 ## [2.36.2] - 2026-01-17
@@ -3016,7 +3048,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 
 ### ✨ 新功能
 
-- **Anthropic API Key 支持**：新增 `--anthropic-api-key` 参数和 `ANTHROPIC_API_KEY` 环境变量支持，可直接使用 Anthropic API（需配合 `--anthropic-base-url` 使用）
+- **第三方 API Key 支持**：新增第三方模型 API Key 参数和对应环境变量支持，可直接使用第三方模型 API（需配合自定义 base URL 使用）
 
 ### 🔧 功能改进
 
@@ -3052,7 +3084,7 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 
 ### 🔧 功能改进
 
-- **模型显示**：优化模型选择器中 Claude 模型的显示效果
+- **模型显示**：优化模型选择器中模型的显示效果
 - **会话恢复**：改进历史会话的恢复显示逻辑
 - **输入体验**：修复中文输入法在某些场景下的交互问题
 
@@ -3566,5 +3598,5 @@ CodeBuddy Code 的所有重要更新都会记录在这里。
 ### ✨ 首次发布
 
 - 基础对话功能
-- Claude 模型支持
+- 模型支持
 - 命令行参数解析

package/cli/builtin/workflows/deep-research.workflow.js

@@ -0,0 +1,429 @@
+export const meta = {
+  name: 'deep-research',
+  description: 'Deep research harness — fan-out web searches, fetch sources, adversarially verify claims, synthesize a cited report.',
+  whenToUse: 'When the user wants a deep, multi-source, fact-checked research report on any topic. BEFORE invoking, check if the question is specific enough to research directly — if underspecified (e.g., "what car to buy" without budget/use-case/region), ask 2-3 clarifying questions to narrow scope. Then pass the refined question as args, weaving the answers in.',
+  phases: [{"title":"Scope","detail":"Decompose question (from args) into 5 search angles"},{"title":"Search","detail":"5 parallel WebSearch agents, one per angle"},{"title":"Fetch","detail":"URL-dedup, fetch top 15 sources, extract falsifiable claims"},{"title":"Verify","detail":"3-vote adversarial verification per claim (need 2/3 refutes to kill)"},{"title":"Synthesize","detail":"Merge semantic dupes, rank by confidence, cite sources"}],
+}
+
+// deep-research: Scope → pipeline(Search → URL-dedup → Fetch+Extract) → 3-vote Verify → Synthesize
+// Model compatibility: no `schema` param in agent() — deepseek-chat doesn't support
+// reasoning_effort + structured output simultaneously. Instead, models output JSON text
+// and we parse/validate manually.
+
+// ─── JSON extraction + validation helpers (replaces agent schema option) ───
+function extractJSON(text) {
+  if (typeof text !== 'string') return null
+  // Try ```json ... ``` block first, then ``` ... ```, then raw { }
+  const patterns = [
+    /```json\s*([\s\S]*?)```/,
+    /```\s*([\s\S]*?)```/,
+    /(\{[\s\S]*\})/,
+  ]
+  for (const pat of patterns) {
+    const m = text.match(pat)
+    if (m) {
+      try { return JSON.parse(m[1].trim()) } catch {}
+    }
+  }
+  return null
+}
+
+function validateJSON(data, schema) {
+  if (!data || typeof data !== 'object') return false
+  for (const key of (schema.required || [])) {
+    if (!(key in data)) return false
+    const val = data[key]
+    const prop = schema.properties?.[key]
+    if (prop) {
+      if (prop.type === 'array') {
+        if (!Array.isArray(val)) return false
+        if (prop.minItems && val.length < prop.minItems) return false
+        if (prop.maxItems && val.length > prop.maxItems) return false
+        if (prop.items) {
+          for (const item of val) {
+            if (prop.items.required) {
+              for (const r of prop.items.required) {
+                if (!(r in item)) return false
+              }
+            }
+            if (prop.items.properties && prop.items.properties.relevance) {
+              if (!['high','medium','low'].includes(item.relevance)) return false
+            }
+            if (prop.items.properties && prop.items.properties.importance) {
+              if (!['central','supporting','tangential'].includes(item.importance)) return false
+            }
+          }
+        }
+      } else if (prop.type === 'object') {
+        if (!val || typeof val !== 'object') return false
+      } else if (prop.type === 'string') {
+        if (typeof val !== 'string') return false
+      } else if (prop.type === 'boolean') {
+        if (typeof val !== 'boolean') return false
+      }
+      if (prop.enum && !prop.enum.includes(val)) return false
+    }
+  }
+  return true
+}
+
+function safeParse(text, schema, fallback = null) {
+  const parsed = extractJSON(text)
+  if (parsed && validateJSON(parsed, schema)) return parsed
+  return fallback
+}
+
+const VOTES_PER_CLAIM = 3
+const REFUTATIONS_REQUIRED = 2
+const MAX_FETCH = 15
+const MAX_VERIFY_CLAIMS = 25
+
+// ─── Schemas (for validation, not agent() calls) ───
+const SCOPE_SCHEMA = {
+  type: "object", required: ["question", "angles", "summary"],
+  properties: {
+    question: { type: "string" },
+    summary: { type: "string" },
+    angles: { type: "array", minItems: 3, maxItems: 6, items: {
+      type: "object", required: ["label", "query"],
+      properties: { label: { type: "string" }, query: { type: "string" }, rationale: { type: "string" } },
+    }},
+  },
+}
+const SEARCH_SCHEMA = {
+  type: "object", required: ["results"],
+  properties: {
+    results: { type: "array", maxItems: 6, items: {
+      type: "object", required: ["url", "title", "relevance"],
+      properties: {
+        url: { type: "string" }, title: { type: "string" }, snippet: { type: "string" },
+        relevance: { enum: ["high", "medium", "low"] },
+      },
+    }},
+  },
+}
+const EXTRACT_SCHEMA = {
+  type: "object", required: ["claims", "sourceQuality"],
+  properties: {
+    sourceQuality: { enum: ["primary", "secondary", "blog", "forum", "unreliable"] },
+    publishDate: { type: "string" },
+    claims: { type: "array", maxItems: 5, items: {
+      type: "object", required: ["claim", "quote", "importance"],
+      properties: { claim: { type: "string" }, quote: { type: "string" }, importance: { enum: ["central", "supporting", "tangential"] } },
+    }},
+  },
+}
+const VERDICT_SCHEMA = {
+  type: "object", required: ["refuted", "evidence", "confidence"],
+  properties: {
+    refuted: { type: "boolean" }, evidence: { type: "string" },
+    confidence: { enum: ["high", "medium", "low"] }, counterSource: { type: "string" },
+  },
+}
+const REPORT_SCHEMA = {
+  type: "object", required: ["summary", "findings", "caveats"],
+  properties: {
+    summary: { type: "string" },
+    findings: { type: "array", items: {
+      type: "object", required: ["claim", "confidence", "sources", "evidence"],
+      properties: {
+        claim: { type: "string" }, confidence: { enum: ["high", "medium", "low"] },
+        sources: { type: "array", items: { type: "string" } }, evidence: { type: "string" }, vote: { type: "string" },
+      },
+    }},
+    caveats: { type: "string" },
+    openQuestions: { type: "array", items: { type: "string" } },
+  },
+}
+
+// ─── Phase 0: Scope — decompose question into search angles ───
+phase("Scope")
+const QUESTION = (typeof args === "string" && args.trim()) || ""
+if (!QUESTION) {
+  return { error: "No research question provided. Pass it as args: Workflow({name: 'deep-research', args: '<question>'})." }
+}
+const scope = await agent(
+  "Decompose this research question into complementary search angles.\n\n" +
+  "## Question\n" + QUESTION + "\n\n" +
+  "## Task\n" +
+  "Generate 5 distinct web search queries that together cover the question from different angles. Pick angles that suit the question's domain. Examples:\n" +
+  "- broad/primary  · academic/technical  · recent news  · contrarian/skeptical  · practitioner/implementation\n" +
+  "- For medical: anatomy · common causes · serious differentials · authoritative refs · red flags\n" +
+  "- For tech: state-of-art · benchmarks · limitations · industry adoption · cost/tradeoffs\n\n" +
+  "Make queries specific enough to surface high-signal results. Avoid redundancy.\n" +
+  "Return ONLY valid JSON (no markdown, no explanation) matching this schema:\n" +
+  '{"question": "string", "summary": "string", "angles": [{"label": "string", "query": "string", "rationale": "string"}]}\n' +
+  "with 3-6 angles. The JSON object only — nothing before or after.",
+  { label: "scope", model: "lite" }
+)
+const scopeParsed = safeParse(scope, SCOPE_SCHEMA)
+if (!scopeParsed) {
+  return { error: "Scope agent returned no result — cannot decompose the research question." }
+}
+log("Q: " + QUESTION.slice(0, 80) + (QUESTION.length > 80 ? "…" : ""))
+log("Decomposed into " + scopeParsed.angles.length + " angles: " + scopeParsed.angles.map(a => a.label).join(", "))
+
+// ─── Dedup state — accumulates across searchers as they complete ───
+const normURL = u => {
+  try {
+    const p = new URL(u)
+    return (p.hostname.replace(/^www\./, "") + p.pathname.replace(/\/$/, "")).toLowerCase()
+  } catch { return u.toLowerCase() }
+}
+const seen = new Map()
+const dupes = []
+const budgetDropped = []
+const relRank = { high: 0, medium: 1, low: 2 }
+let fetchSlots = MAX_FETCH
+
+// ─── Prompts ───
+const SEARCH_PROMPT = (angle) =>
+  "## Web Searcher: " + angle.label + "\n\n" +
+  "Research question: \"" + QUESTION + "\"\n\n" +
+  "Your angle: **" + angle.label + "** — " + (angle.rationale || "") + "\n" +
+  "Search query: `" + angle.query + "`\n\n" +
+  "## Task\nUse WebSearch with the query above (or a refined version). Return the top 4-6 most relevant results.\n" +
+  "Rank by relevance to the ORIGINAL question, not just the search query. Skip obvious SEO spam/content farms.\n" +
+  "Include a short snippet capturing why each result is relevant.\n\n" +
+  "Return ONLY valid JSON (no markdown, no explanation) matching:\n" +
+  '{"results": [{"url": "string", "title": "string", "snippet": "string", "relevance": "high|medium|low"}]}\n' +
+  "with 4-6 results. The JSON object only — nothing before or after."
+
+const FETCH_PROMPT = (source, angle) =>
+  "## Source Extractor\n\n" +
+  "Research question: \"" + QUESTION + "\"\n\n" +
+  "Fetch and extract key claims from this source:\n" +
+  "**URL:** " + source.url + "\n**Title:** " + source.title + "\n**Found via:** " + angle + " search\n\n" +
+  "## Task\n1. Use WebFetch to retrieve the page content.\n" +
+  "2. Assess source quality: primary research/institution? secondary reporting? blog/opinion? forum? unreliable?\n" +
+  "3. Extract 2-5 FALSIFIABLE claims that bear on the research question. Each claim must:\n" +
+  "   - be a concrete, checkable statement (not vague generalities)\n" +
+  "   - include a direct quote from the source as support\n" +
+  "   - be rated central/supporting/tangential to the research question\n" +
+  "4. Note publish date if available.\n\n" +
+  "If the fetch fails or the page is irrelevant/paywalled, return claims: [] and sourceQuality: \"unreliable\".\n\n" +
+  "Return ONLY valid JSON (no markdown, no explanation) matching:\n" +
+  '{"sourceQuality": "primary|secondary|blog|forum|unreliable", "publishDate": "string", "claims": [{"claim": "string", "quote": "string", "importance": "central|supporting|tangential"}]}\n' +
+  "with 2-5 claims per source. The JSON object only — nothing before or after."
+
+const VERIFY_PROMPT = (claim, v) =>
+  "## Adversarial Claim Verifier (voter " + (v + 1) + "/" + VOTES_PER_CLAIM + ")\n\n" +
+  "Be SKEPTICAL. Try to REFUTE this claim. ≥" + REFUTATIONS_REQUIRED + "/" + VOTES_PER_CLAIM + " refutations kill it.\n\n" +
+  "## Research question\n" + QUESTION + "\n\n" +
+  "## Claim under review\n\"" + claim.claim + "\"\n\n" +
+  "**Source:** " + claim.sourceUrl + " (" + claim.sourceQuality + ")\n" +
+  "**Supporting quote:** \"" + claim.quote + "\"\n\n" +
+  "## Checklist\n" +
+  "1. Is the claim actually supported by the quote, or is it an overreach/misread?\n" +
+  "2. WebSearch for contradicting evidence — does any credible source dispute or heavily qualify this?\n" +
+  "3. Is the source quality sufficient for the claim's strength? (extraordinary claims need primary sources)\n" +
+  "4. Is the claim outdated? (check dates — old claims about fast-moving fields are suspect)\n" +
+  "5. Is this a marketing claim / press release / cherry-picked benchmark / forum speculation?\n\n" +
+  "**refuted=true** if: unsupported by quote / contradicted / low-quality source for strong claim / outdated / marketing fluff.\n" +
+  "**refuted=false** ONLY if: claim is well-supported, current, and source quality matches claim strength.\n" +
+  "Default to refuted=true if uncertain.\n\n" +
+  "Return ONLY valid JSON (no markdown, no explanation) matching:\n" +
+  '{"refuted": true|false, "evidence": "string", "confidence": "high|medium|low", "counterSource": "string"}\n' +
+  "The JSON object only — nothing before or after. Evidence MUST be specific."
+
+// ─── Pipeline: search → dedup → fetch+extract (no barrier) ───
+const searchResults = await pipeline(
+  scopeParsed.angles,
+
+  angle => agent(SEARCH_PROMPT(angle), {
+    label: "search:" + angle.label, phase: "Search", model: "lite"
+  }).then(r => {
+    const parsed = safeParse(r, SEARCH_SCHEMA)
+    if (!parsed) return null
+    log(angle.label + ": " + parsed.results.length + " results")
+    return { angle: angle.label, results: parsed.results }
+  }),
+
+  searchResult => {
+    const sorted = [...searchResult.results].sort((a, b) => relRank[a.relevance] - relRank[b.relevance])
+    const novel = sorted.filter(r => {
+      const key = normURL(r.url)
+      if (seen.has(key)) {
+        dupes.push({ ...r, angle: searchResult.angle, dupOf: seen.get(key) })
+        return false
+      }
+      if (fetchSlots <= 0 && relRank[r.relevance] >= 1) {
+        budgetDropped.push({ ...r, angle: searchResult.angle })
+        return false
+      }
+      seen.set(key, { angle: searchResult.angle, title: r.title })
+      fetchSlots--
+      return true
+    })
+    if (novel.length < searchResult.results.length) {
+      log(searchResult.angle + ": " + novel.length + " novel (" + (searchResult.results.length - novel.length) + " filtered)")
+    }
+    return parallel(
+      novel.map(source => () => {
+        // host 仅用作 agent label,解析失败也不阻断流程。
+        // search agent 返回的 url 经常不规范:缺 scheme 的裸域名 / markdown 链接
+        // 片段 / 整段标题塞进 url 字段。三层兜底,实在拿不到才回落 "unknown"。
+        let host = "unknown"
+        const raw = String(source.url || "").trim()
+        try {
+          host = new URL(raw).hostname.replace(/^www\./, "")
+        } catch {
+          // 1) 缺 scheme 的裸域名 → 补 https:// 再试
+          try {
+            host = new URL("https://" + raw.replace(/^\/+/, "")).hostname.replace(/^www\./, "")
+          } catch {
+            // 2) markdown 链接片段 / 杂乱字符串 → 正则抓第一个 host-like token。
+            //    `\b` 边界让 ".com)" / ".com," 这类后跟标点的也能命中。
+            const m = raw.match(/([a-z0-9-]+(?:\.[a-z0-9-]+)*\.[a-z]{2,})\b/i)
+            if (m) host = m[1].replace(/^www\./, "")
+          }
+        }
+        return agent(FETCH_PROMPT(source, searchResult.angle), {
+          label: "fetch:" + host,
+          phase: "Fetch", model: "lite",
+        }).then(ext => {
+          const parsed = safeParse(ext, EXTRACT_SCHEMA)
+          if (!parsed) return null
+          return {
+            url: source.url, title: source.title, angle: searchResult.angle,
+            sourceQuality: parsed.sourceQuality, publishDate: parsed.publishDate,
+            claims: parsed.claims.map(c => ({ ...c, sourceUrl: source.url, sourceQuality: parsed.sourceQuality })),
+          }
+        }).catch(e => {
+          log("fetch failed: " + source.url + " — " + (e.message || e))
+          return { url: source.url, title: source.title, angle: searchResult.angle, sourceQuality: "unreliable", claims: [] }
+        })
+      })
+    )
+  }
+)
+
+const allSources = searchResults.flat().filter(Boolean)
+const allClaims = allSources.flatMap(s => s.claims)
+const impRank = { central: 0, supporting: 1, tangential: 2 }
+const qualRank = { primary: 0, secondary: 1, blog: 2, forum: 3, unreliable: 4 }
+
+const rankedClaims = [...allClaims]
+  .sort((a, b) => (impRank[a.importance] - impRank[b.importance]) || (qualRank[a.sourceQuality] - qualRank[b.sourceQuality]))
+  .slice(0, MAX_VERIFY_CLAIMS)
+
+log("Fetched " + allSources.length + " sources → " + allClaims.length + " claims → verifying top " + rankedClaims.length)
+
+if (rankedClaims.length === 0) {
+  return {
+    question: QUESTION,
+    summary: "No claims extracted. " + allSources.length + " sources fetched, all empty/failed. " + dupes.length + " URL dupes, " + budgetDropped.length + " budget-dropped.",
+    findings: [], refuted: [], sources: allSources.map(s => ({ url: s.url, quality: s.sourceQuality })),
+    stats: { angles: scopeParsed.angles.length, sources: allSources.length, claims: 0, dupes: dupes.length },
+  }
+}
+
+// ─── Verify: 3-vote adversarial ───
+// Barrier here is intentional — claim pool must be fully assembled before ranking/verification.
+phase("Verify")
+const voted = (await parallel(
+  rankedClaims.map(claim => () =>
+    parallel(
+      Array.from({ length: VOTES_PER_CLAIM }, (_, v) => () =>
+          agent(VERIFY_PROMPT(claim, v), {
+            label: "v" + v + ":" + claim.claim.slice(0, 40),
+            phase: "Verify", model: "lite",
+          }).then(text => safeParse(text, VERDICT_SCHEMA))
+      )
+    ).then(verdicts => {
+      // A vote can be null (user-skip or agent error) — treat as abstain.
+      const valid = verdicts.filter(Boolean)
+      const refuted = valid.filter(v => v.refuted).length
+      // Survive only if the claim was actually adjudicated: a quorum of
+      // valid votes AND fewer than REFUTATIONS_REQUIRED refuting. Too many
+      // abstentions = unverified, which must NOT pass into the report
+      // (otherwise all-abstain → refuted=0 → false survive).
+      const abstained = VOTES_PER_CLAIM - valid.length
+      const survives = valid.length >= REFUTATIONS_REQUIRED && refuted < REFUTATIONS_REQUIRED
+      log("\"" + claim.claim.slice(0, 50) + "…\": " + (valid.length - refuted) + "-" + refuted + (abstained > 0 ? " (" + abstained + " abstain)" : "") + " " + (survives ? "✓" : "✗"))
+      return { ...claim, verdicts: valid, refutedVotes: refuted, survives }
+    })
+  )
+)).filter(Boolean)
+
+const confirmed = voted.filter(c => c.survives)
+const killed = voted.filter(c => !c.survives)
+log("Verify done: " + voted.length + " claims → " + confirmed.length + " confirmed, " + killed.length + " killed")
+
+if (confirmed.length === 0) {
+  return {
+    question: QUESTION,
+    summary: "All " + voted.length + " claims refuted by adversarial verification. Research inconclusive — sources may be low-quality or claims overstated.",
+    findings: [],
+    refuted: killed.map(c => ({ claim: c.claim, vote: (c.verdicts.length - c.refutedVotes) + "-" + c.refutedVotes, source: c.sourceUrl })),
+    sources: allSources.map(s => ({ url: s.url, quality: s.sourceQuality, claimCount: s.claims.length })),
+    stats: { angles: scopeParsed.angles.length, sources: allSources.length, claims: allClaims.length, verified: voted.length, confirmed: 0, killed: killed.length },
+  }
+}
+
+// ─── Synthesize ───
+phase("Synthesize")
+const confRank = { high: 0, medium: 1, low: 2 }
+const block = confirmed.map((c, i) => {
+  const best = c.verdicts.filter(v => !v.refuted).sort((a, b) => confRank[a.confidence] - confRank[b.confidence])[0]
+  return "### [" + i + "] " + c.claim + "\n" +
+    "Vote: " + (c.verdicts.length - c.refutedVotes) + "-" + c.refutedVotes + " · Source: " + c.sourceUrl + " (" + c.sourceQuality + ")\n" +
+    "Quote: \"" + c.quote + "\"\nVerifier evidence (" + best.confidence + "): " + best.evidence + "\n"
+}).join("\n")
+
+const killedBlock = killed.length > 0
+  ? "\n## Refuted claims (for transparency)\n" +
+    killed.map(c => "- \"" + c.claim + "\" (" + c.sourceUrl + ", vote " + (c.verdicts.length - c.refutedVotes) + "-" + c.refutedVotes + ")").join("\n")
+  : ""
+
+const reportText = await agent(
+  "## Synthesis: research report\n\n" +
+  "**Question:** " + QUESTION + "\n\n" +
+  confirmed.length + " claims survived " + VOTES_PER_CLAIM + "-vote adversarial verification. Merge semantic duplicates and synthesize.\n\n" +
+  "## Confirmed claims\n" + block + "\n" + killedBlock + "\n\n" +
+  "## Instructions\n" +
+  "1. Identify claims that say the same thing — merge them, combine their sources.\n" +
+  "2. Group related claims into coherent findings. Each finding should directly address the research question.\n" +
+  "3. Assign confidence per finding: high (multiple primary sources, unanimous votes), medium (secondary sources or split votes), low (single source or blog-quality).\n" +
+  "4. Write a 3-5 sentence executive summary answering the research question.\n" +
+  "5. Note caveats: what's uncertain, what sources were weak, what time-sensitivity applies.\n" +
+  "6. List 2-4 open questions that emerged but weren't answered.\n\n" +
+  "Return ONLY valid JSON (no markdown, no explanation) matching:\n" +
+  '{"summary": "string", "findings": [{"claim": "string", "confidence": "high|medium|low", "sources": ["string"], "evidence": "string", "vote": "string"}], "caveats": "string", "openQuestions": ["string"]}\n' +
+  "The JSON object only — nothing before or after.",
+  { label: "synthesize", model: "lite" }
+)
+const report = safeParse(reportText, REPORT_SCHEMA)
+
+if (!report) {
+  // Synthesis skipped/errored — salvage the verified claims raw rather
+  // than throwing on report.findings and discarding the whole run.
+  return {
+    question: QUESTION,
+    summary: "Synthesis step was skipped or failed — returning " + confirmed.length + " verified claims unmerged.",
+    findings: [],
+    confirmed: confirmed.map(c => ({ claim: c.claim, source: c.sourceUrl, quote: c.quote, vote: (c.verdicts.length - c.refutedVotes) + "-" + c.refutedVotes })),
+    refuted: killed.map(c => ({ claim: c.claim, vote: (c.verdicts.length - c.refutedVotes) + "-" + c.refutedVotes, source: c.sourceUrl })),
+    sources: allSources.map(s => ({ url: s.url, quality: s.sourceQuality, claimCount: s.claims.length })),
+    stats: { angles: scopeParsed.angles.length, sources: allSources.length, claims: allClaims.length, verified: voted.length, confirmed: confirmed.length, killed: killed.length, afterSynthesis: 0 },
+  }
+}
+
+return {
+  question: QUESTION,
+  ...report,
+  refuted: killed.map(c => ({ claim: c.claim, vote: (c.verdicts.length - c.refutedVotes) + "-" + c.refutedVotes, source: c.sourceUrl })),
+  sources: allSources.map(s => ({ url: s.url, quality: s.sourceQuality, angle: s.angle, claimCount: s.claims.length })),
+  stats: {
+    angles: scopeParsed.angles.length,
+    sourcesFetched: allSources.length,
+    claimsExtracted: allClaims.length,
+    claimsVerified: voted.length,
+    confirmed: confirmed.length,
+    killed: killed.length,
+    afterSynthesis: report.findings.length,
+    urlDupes: dupes.length,
+    budgetDropped: budgetDropped.length,
+    agentCalls: 1 + scopeParsed.angles.length + allSources.length + (voted.length * VOTES_PER_CLAIM) + 1,
+  },
+}