@tencent-ai/codebuddy-code 2.109.0 → 2.109.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/dist/codebuddy-headless.js +8 -8
  3. package/dist/codebuddy.js +9 -9
  4. package/dist/web-ui/docs/cn/cli/cli-reference.md +8 -3
  5. package/dist/web-ui/docs/cn/cli/env-vars.md +2 -1
  6. package/dist/web-ui/docs/cn/cli/iam.md +9 -5
  7. package/dist/web-ui/docs/cn/cli/interactive-mode.md +2 -2
  8. package/dist/web-ui/docs/cn/cli/permission-modes.md +373 -101
  9. package/dist/web-ui/docs/cn/cli/permissions.md +36 -14
  10. package/dist/web-ui/docs/cn/cli/prewarm.md +135 -0
  11. package/dist/web-ui/docs/cn/cli/release-notes/README.md +14 -0
  12. package/dist/web-ui/docs/cn/cli/release-notes/v2.106.0.md +48 -0
  13. package/dist/web-ui/docs/cn/cli/release-notes/v2.106.1.md +13 -0
  14. package/dist/web-ui/docs/cn/cli/release-notes/v2.106.2.md +24 -0
  15. package/dist/web-ui/docs/cn/cli/release-notes/v2.106.3.md +14 -0
  16. package/dist/web-ui/docs/cn/cli/release-notes/v2.106.4.md +24 -0
  17. package/dist/web-ui/docs/cn/cli/release-notes/v2.106.5.md +18 -0
  18. package/dist/web-ui/docs/cn/cli/release-notes/v2.106.6.md +15 -0
  19. package/dist/web-ui/docs/cn/cli/release-notes/v2.106.7.md +13 -0
  20. package/dist/web-ui/docs/cn/cli/release-notes/v2.107.0.md +30 -0
  21. package/dist/web-ui/docs/cn/cli/release-notes/v2.108.0.md +20 -0
  22. package/dist/web-ui/docs/cn/cli/release-notes/v2.108.1.md +15 -0
  23. package/dist/web-ui/docs/cn/cli/release-notes/v2.108.2.md +13 -0
  24. package/dist/web-ui/docs/cn/cli/release-notes/v2.109.0.md +24 -0
  25. package/dist/web-ui/docs/cn/cli/settings.md +166 -2
  26. package/dist/web-ui/docs/en/cli/cli-reference.md +15 -10
  27. package/dist/web-ui/docs/en/cli/env-vars.md +6 -5
  28. package/dist/web-ui/docs/en/cli/iam.md +9 -5
  29. package/dist/web-ui/docs/en/cli/interactive-mode.md +3 -3
  30. package/dist/web-ui/docs/en/cli/permission-modes.md +373 -101
  31. package/dist/web-ui/docs/en/cli/permissions.md +46 -24
  32. package/dist/web-ui/docs/en/cli/prewarm.md +125 -0
  33. package/dist/web-ui/docs/en/cli/release-notes/README.md +14 -0
  34. package/dist/web-ui/docs/en/cli/release-notes/v2.106.0.md +48 -0
  35. package/dist/web-ui/docs/en/cli/release-notes/v2.106.1.md +13 -0
  36. package/dist/web-ui/docs/en/cli/release-notes/v2.106.2.md +24 -0
  37. package/dist/web-ui/docs/en/cli/release-notes/v2.106.3.md +14 -0
  38. package/dist/web-ui/docs/en/cli/release-notes/v2.106.4.md +24 -0
  39. package/dist/web-ui/docs/en/cli/release-notes/v2.106.5.md +18 -0
  40. package/dist/web-ui/docs/en/cli/release-notes/v2.106.6.md +15 -0
  41. package/dist/web-ui/docs/en/cli/release-notes/v2.106.7.md +13 -0
  42. package/dist/web-ui/docs/en/cli/release-notes/v2.107.0.md +30 -0
  43. package/dist/web-ui/docs/en/cli/release-notes/v2.108.0.md +20 -0
  44. package/dist/web-ui/docs/en/cli/release-notes/v2.108.1.md +15 -0
  45. package/dist/web-ui/docs/en/cli/release-notes/v2.108.2.md +13 -0
  46. package/dist/web-ui/docs/en/cli/release-notes/v2.109.0.md +24 -0
  47. package/dist/web-ui/docs/en/cli/settings.md +166 -2
  48. package/dist/web-ui/docs/search-index-en.json +1 -1
  49. package/dist/web-ui/docs/search-index-zh.json +1 -1
  50. package/dist/web-ui/docs/sidebar-en.json +1 -1
  51. package/dist/web-ui/docs/sidebar-zh.json +1 -1
  52. package/package.json +1 -1
  53. package/product.cloudhosted.json +2 -2
  54. package/product.internal.json +2 -2
  55. package/product.ioa.json +2 -2
  56. package/product.json +2 -2
  57. package/product.selfhosted.json +2 -2
@@ -4,22 +4,43 @@
4
4
 
5
5
  ## Permission System Overview
6
6
 
7
- CodeBuddy Code uses a layered evaluation mechanism to balance capability and security. Before each tool call, the following eight phases are evaluated in order:
7
+ CodeBuddy Code's permission system is not just "look at the current mode" — it is a layered evaluation chain. For each tool call, the determination roughly follows this order:
8
8
 
9
9
  | Phase | Check | Behavior on match |
10
- | :---- | :---- | :---------------- |
11
- | 1 | **Deny rules** | Reject immediately, with the highest priority |
12
- | 2 | **Trusted Allow rules** (user / cli / flag / session / policy / project under a trusted directory / `--allowedTools`) | Allow immediately, and **can bypass command safety checks** |
13
- | 3 | **Command safety check** (interactive only) | Force confirmation for high-risk / dangerous commands |
14
- | 4 | **Ask rules** | Force confirmation |
15
- | 5 | **Bypass mode short-circuit** | Allow directly in `bypassPermissions` mode; downgrade to default when `disableBypassPermissionsMode` is enabled |
16
- | 6 | **Untrusted Allow rules** (project / local outside trusted directories, plus command / sandbox sources) | Allow, but **cannot bypass command safety checks** |
17
- | 7 | **Permission Mode strategy** | Decide whether approval is required based on the current [Permission Mode](permission-modes.md) |
18
- | 8 | dontAsk / async agent fallback | Convert `ask` to `deny` in print / async agent scenarios to avoid deadlock |
10
+ | :--- | :--- | :--- |
11
+ | 0 | **Hooks / interactive tool exceptions** | `PreToolUse` can directly allow / deny / ask; tools like `AskUserQuestion` inherently require interaction |
12
+ | 1 | **Deny rules** | Reject immediately, highest priority |
13
+ | 2 | **Trusted Allow rules** (user / CLI / session / policy / trusted project rules / `--allowedTools`) | Allow immediately, and **can bypass command safety checks** |
14
+ | 3 | **Command safety check** (interactive only) | Force confirmation for high-risk Bash commands |
15
+ | 4 | **Ask rules** | Force ask |
16
+ | 5 | **Bypass mode short-circuit** | `bypassPermissions` allows most actions here; if disabled, it degrades |
17
+ | 6 | **Untrusted Allow rules** (untrusted project rules, command / sandbox sources) | Can allow, but **cannot** bypass command safety checks from the previous step |
18
+ | 7 | **Permission Mode baseline strategy** | The current [Permission Mode](permission-modes.md) decides whether the default is allow or ask |
19
+ | 8 | **Non-interactive fallback** | When no approval dialog can be shown, converts unresolved `ask` to `deny` |
20
+ | 9 | **`dontAsk` / `auto` final catch** | `dontAsk` rewrites ask to deny; `auto` only handles ask and delegates to the classifier |
19
21
 
20
- > **Key point**: deny always takes precedence, and allow is split into two layers: "trusted" and "untrusted". Before the project root is listed as a trusted directory, allow rules in `.codebuddy/settings.json` **cannot bypass the command safety gate**. This is designed to prevent malicious repositories from bypassing local safety protections by pushing their own settings into team PRs.
22
+ > **Key point 1**: `deny` always takes precedence.
23
+ >
24
+ > **Key point 2**: CodeBuddy splits `allow` into "trusted allow" and "untrusted allow" layers. Before you explicitly trust a project directory, `allow` rules in the repository's `.codebuddy/settings.json` / `.codebuddy/settings.local.json` **cannot bypass command safety checks**. This prevents malicious repositories from silently widening local security boundaries by committing their own settings.
25
+ >
26
+ > **Key point 3**: `auto` is not a replacement for the entire chain — it only handles "actions that would still result in ask at the end"; explicit `ask` rules do not enter the classifier.
21
27
 
22
- Read-only tools (Read / Grep / Glob, etc.) do not prompt for approval by default inside trusted directories. Editing tools and Bash always go through the full phase chain.
28
+ Read-only tools (Read / Grep / Glob, etc.) do not prompt for approval by default inside trusted directories. Edit, Bash, and most side-effect tools go through the full evaluation chain.
29
+
30
+ ### Which Takes Precedence: Permission Modes or Rules?
31
+
32
+ The permission system can be understood as two layers:
33
+
34
+ - **Rule layer**: `deny` / `ask` / `allow`
35
+ - **Mode layer**: `default` / `acceptEdits` / `auto` / `dontAsk` / ...
36
+
37
+ In CodeBuddy, **rules typically take precedence over modes**. The most important examples:
38
+
39
+ - `deny` takes effect before any mode
40
+ - Explicit `ask` rules take effect before `auto`, so manual confirmation is still required
41
+ - `dontAsk` does not bypass rules; it only rewrites the final `ask` result to `deny`
42
+ - `bypassPermissions` does not erase preceding rules; `deny` / `ask` can still block it
43
+ - In interactive sessions, dangerous Bash commands may still enter ask due to safety checks, even under `bypassPermissions`
23
44
 
24
45
  ## Three Rule Behaviors
25
46
 
@@ -50,7 +71,7 @@ When **"Yes, don't ask again"** is selected in the dialog, CodeBuddy writes the
50
71
  ### CLI Startup Arguments
51
72
 
52
73
  | Argument | Purpose |
53
- | :------- | :------ |
74
+ | :--- | :--- |
54
75
  | `--allowedTools <tools...>` | Process-level temporary allow rules. Separated by spaces or commas. Example: `--allowedTools "Bash(git:*) Edit"` |
55
76
  | `--disallowedTools <tools...>` | Process-level temporary deny rules. Same as above |
56
77
  | `--add-dir <path>` | Add an extra directory to the trusted directory scope (affects whether Read requires confirmation) |
@@ -58,10 +79,10 @@ When **"Yes, don't ask again"** is selected in the dialog, CodeBuddy writes the
58
79
 
59
80
  ### Configuration Files
60
81
 
61
- See [Settings Configuration](settings.md) for details. CodeBuddy merges these four scopes:
82
+ See [Settings Configuration](settings.md) for details. CodeBuddy merges these 4 scopes:
62
83
 
63
84
  | Scope | Path |
64
- | :---- | :--- |
85
+ | :----- | :--- |
65
86
  | user | `~/.codebuddy/settings.json` |
66
87
  | project | `<repo>/.codebuddy/settings.json` (committed to git) |
67
88
  | project-local | `<repo>/.codebuddy/settings.local.json` (not committed to git, local override) |
@@ -76,7 +97,7 @@ Rule form: `Tool` or `Tool(specifier)`.
76
97
  Remove the parentheses to match all calls to a tool:
77
98
 
78
99
  | Rule | Meaning |
79
- | :--- | :------ |
100
+ | :--- | :--- |
80
101
  | `Bash` | All Bash commands |
81
102
  | `WebFetch` | All web fetches |
82
103
  | `Read` | All file reads |
@@ -89,7 +110,7 @@ Remove the parentheses to match all calls to a tool:
89
110
  Write arguments inside the parentheses:
90
111
 
91
112
  | Rule | Matches |
92
- | :--- | :------ |
113
+ | :--- | :--- |
93
114
  | `Bash(npm run build)` | Exact match for `npm run build` |
94
115
  | `Bash(npm:*)` or `Bash(npm *)` | All commands starting with `npm` |
95
116
  | `Read(./.env)` | `.env` in the current directory |
@@ -107,7 +128,7 @@ Write arguments inside the parentheses:
107
128
  Bash rules support three syntax forms:
108
129
 
109
130
  | Syntax | Meaning | Example |
110
- | :----- | :------ | :------ |
131
+ | :--- | :--- | :--- |
111
132
  | Exact match | The pattern is exactly equal to the command | `Bash(npm run build)` only matches `npm run build` |
112
133
  | `:*` prefix | The pattern ends with `:*` → matches the first word / multi-word prefix of the command | `Bash(git:*)` matches `git status` / `git push origin main` |
113
134
  | Wildcard | When the pattern contains `*`, matches as a bash glob pattern (**`*` can cross `/`**) | `Bash(npm run *)` matches `npm run build`; `Bash(ls *)` matches `ls -al /tmp/x` |
@@ -140,7 +161,7 @@ Commands containing `>` / `<` / `>>` / `<<` / `&>` require an **exact match** un
140
161
  File rules use glob matching and perform three layers of path normalization:
141
162
 
142
163
  | pattern | Explanation | Example |
143
- | :------ | :---------- | :------ |
164
+ | :------ | :--- | :--- |
144
165
  | `//path` | Absolute filesystem path | `Read(//etc/hosts)` |
145
166
  | `~/path` | Starting from the user's home directory | `Read(~/.zshrc)` |
146
167
  | `/path` | Starting from the project root | `Edit(/src/**/*.ts)` |
@@ -167,7 +188,7 @@ Supports the `domain:` prefix for hostname matching (including subdomains).
167
188
  MCP tools are named in the format `mcp__<server>__<tool>`. Rules support three granularities:
168
189
 
169
190
  | Rule | Matches |
170
- | :--- | :------ |
191
+ | :--- | :--- |
171
192
  | `mcp__puppeteer` | All tools of the entire puppeteer server |
172
193
  | `mcp__puppeteer__*` | Same as above (wildcard form) |
173
194
  | `mcp__puppeteer__navigate` | Only the navigate tool |
@@ -211,7 +232,7 @@ By default, CodeBuddy only considers the **current working directory** trusted.
211
232
  Several ways to expand the trusted scope:
212
233
 
213
234
  | Method | Persistence |
214
- | :----- | :---------- |
235
+ | :--- | :--- |
215
236
  | `--add-dir <path>` startup argument | Process-level |
216
237
  | `/add-dir` command within a session | Session-level |
217
238
  | `permissions.additionalDirectories` setting | Persistent |
@@ -263,15 +284,16 @@ The `PreToolUse` hook in the [Hooks system](hooks-guide.md) runs before permissi
263
284
  Hook exit code semantics:
264
285
 
265
286
  | Exit code | Behavior |
266
- | :-------- | :------- |
287
+ | :----- | :--- |
267
288
  | `0` + JSON decision | Execute according to `permissionDecision` (allow / ask / deny) in the JSON |
268
289
  | `2` | Block (stderr content is passed back to the model) |
269
290
  | Other non-0 | Non-blocking error (shown but allowed) |
270
291
 
271
292
  Notes:
272
293
 
273
- - **deny / ask rules always take effect before hooks**. A hook returning `"allow"` cannot bypass deny in settings
274
- - However, **blocking hooks** (exit code 2) can short-circuit allow rules before Phase 1, so you can "allow all Bash first, but use hooks to separately block a few specific commands"
294
+ - The structured `permissionDecision` from `PreToolUse` takes effect before regular permission rules: `allow` / `deny` / `ask` directly allows, rejects, or forces confirmation respectively
295
+ - Blocking hooks (exit code 2) can also short-circuit before regular allow rules, so you can "allow all Bash first, but use hooks to separately block a few specific commands"
296
+ - If you need unconditional hard boundaries, it is still recommended to prioritize `permissions.deny` for unified auditing in `/permissions` and settings
275
297
 
276
298
  ## Working with Sandboxing
277
299
 
@@ -0,0 +1,125 @@
1
+ # Prewarm Process Usage Guide
2
+
3
+ > Applicable to: `@tencent-ai/codebuddy-code` (`cbc` / `codebuddy`)
4
+
5
+ The prewarm process lets `cbc` **complete cold startup and suspend** (load bundle → container initialization → authentication → product configuration → MCP discovery), so that when awakened via local IPC it only needs to bind a working directory and can immediately serve. This is ideal for scenarios requiring "sub-second session startup" (e.g., serve/acp gateways, session pools, scheduler pre-launch).
6
+
7
+ **Benefit**: Local benchmarks show single-session startup wait reduced from approximately **3.7s** to **~1ms**.
8
+
9
+ > Disabled by default. Only enabled when `--prewarm` is explicitly passed; does not affect any existing usage.
10
+
11
+ ## Quick Start
12
+
13
+ ### 1. Start a Prewarmed Process (Standby)
14
+
15
+ ```bash
16
+ cbc --prewarm --prewarm-id pool1
17
+ ```
18
+
19
+ The process will complete cold startup, then suspend at a local IPC endpoint in standby (without binding a working directory):
20
+ - macOS / Linux: unix socket `/tmp/codebuddy-prewarm-pool1.sock` (permission `0600`, current user only)
21
+ - Windows: named pipe `\\.\pipe\codebuddy-prewarm-pool1`
22
+
23
+ `--prewarm-id` can be omitted; defaults to using the process PID as the identifier.
24
+
25
+ ### 2. List / Activate (Lightweight Management Command `cbc-prewarm`)
26
+
27
+ `cbc-prewarm` is a pure Node zero-dependency lightweight command that does not load the main program bundle and returns in milliseconds.
28
+
29
+ ```bash
30
+ # List prewarmed processes discovered on the current machine
31
+ cbc-prewarm list
32
+
33
+ # Health check
34
+ cbc-prewarm ping pool1
35
+
36
+ # Query status (idle / activating / active)
37
+ cbc-prewarm status pool1
38
+
39
+ # Activate: bind to target working directory and start serving
40
+ cbc-prewarm activate pool1 --cwd /path/to/project -- --serve
41
+ ```
42
+
43
+ Arguments after `--` in `activate` are passed through to the awakened process (equivalent to normal `cbc <args>`).
44
+ After activation, the process `chdir`s to `--cwd`, enters the corresponding mode based on the passed-through arguments (e.g., `--serve` / `--acp`), and proactively closes the IPC socket (one-time activation; afterwards it communicates through its own service port).
45
+
46
+ > **`--cwd` is optional**: When omitted, the prewarmed process retains the working directory from cold startup (no `chdir`, no cwd change broadcast). This is suitable for callers that don't need to switch directories and just want to reuse the prewarmed container. Only pass `--cwd` when you need to bind to a specific project directory.
47
+
48
+ > **Mode is unrestricted**: The passed-through arguments can be any normal `cbc` arguments. Persistent modes like `--serve`, `--acp`, etc. all take effect as-is — the prewarmed process has no restrictions or rewrites on modes. Pass `--serve` / `--acp` for persistent services; without a persistent mode flag, it takes the one-shot command path, exiting after execution (headless with no TTY).
49
+
50
+ ## External Program Integration (IPC Protocol)
51
+
52
+ To activate a prewarmed process from your own program, connect to the local socket / pipe and send one line of JSON (NDJSON, one message per line), then read one line of JSON response.
53
+
54
+ ### Address Convention
55
+
56
+ ```
57
+ macOS/Linux : /tmp/codebuddy-prewarm-<id>.sock
58
+ Windows : \\.\pipe\codebuddy-prewarm-<id>
59
+ ```
60
+
61
+ ### Messages
62
+
63
+ ```jsonc
64
+ // Health check
65
+ { "cmd": "ping" }
66
+ // → { "ok": true, "cmd": "ping", "status": "idle", "pid": 12345 }
67
+
68
+ // Query status
69
+ { "cmd": "status" }
70
+ // → { "ok": true, "status": "idle"|"activating"|"active", "cwd": "...", "endpoint": "..." }
71
+
72
+ // Activate (cwd is optional — omit to retain cold-start cwd; args are passed through to cbc)
73
+ { "cmd": "activate", "cwd": "/path/to/project", "args": ["--serve"], "sessionId": "optional" }
74
+ // → { "ok": true, "cmd": "activate", "status": "activating", "cwd": "..." }
75
+ ```
76
+
77
+ `activate` can only succeed once; repeated activations return `{ ok: false, error: "already activated" }`.
78
+
79
+ ### Node.js Example
80
+
81
+ ```js
82
+ const net = require('net');
83
+
84
+ function prewarmAddr(id) {
85
+ return process.platform === 'win32'
86
+ ? `\\\\.\\pipe\\codebuddy-prewarm-${id}`
87
+ : `/tmp/codebuddy-prewarm-${id}.sock`;
88
+ }
89
+
90
+ function activate(id, { cwd, args = [] }) {
91
+ return new Promise((resolve, reject) => {
92
+ const sock = net.connect(prewarmAddr(id), () => {
93
+ sock.write(JSON.stringify({ cmd: 'activate', cwd, args }) + '\n');
94
+ });
95
+ let buf = '';
96
+ sock.on('data', d => {
97
+ buf += d;
98
+ const nl = buf.indexOf('\n');
99
+ if (nl >= 0) { sock.end(); resolve(JSON.parse(buf.slice(0, nl))); }
100
+ });
101
+ sock.on('error', reject);
102
+ });
103
+ }
104
+
105
+ // Activate pool1, bind to target directory and start in serve mode
106
+ const res = await activate('pool1', { cwd: '/Users/me/project-A', args: ['--serve'] });
107
+ console.log(res); // { ok: true, cmd: 'activate', status: 'activating', cwd: '...' }
108
+ ```
109
+
110
+ ## Behavior and Constraints
111
+
112
+ - **One process, one session**: Each prewarmed process binds to a working directory only once in its lifetime (at the moment of activation), then is discarded. To serve multiple directories, prewarm multiple processes (with different `--prewarm-id` values), each independent and non-interfering.
113
+ - **Working directory isolation**: After activation, the process `chdir`s and broadcasts a cwd change. File watchers automatically rebind, and project-level caches (settings / memory / skills / plugins / product configuration) are automatically invalidated and rescanned, ensuring no stale configuration from the temporary prewarm directory is read.
114
+ - **USER-level configuration sharing**: User-level settings / authentication / MCP under `~/.codebuddy/` are naturally shared across all prewarmed processes.
115
+ - **Security**: Unix socket permissions are tightened to `0600` (owner only), preventing other users on the same machine from connecting and hijacking.
116
+ - **Exit cleanup**: Graceful exit (SIGINT/SIGTERM) or completion of activation automatically cleans up the socket; sockets left behind by SIGKILL are automatically overwritten on the next startup with the same id.
117
+
118
+ ## Configuration
119
+
120
+ Prewarm-related parameters can only be configured via CLI flags: `--prewarm` / `--prewarm-id <id>` / `--prewarm-force`.
121
+
122
+ ## Related
123
+
124
+ - Benchmark and performance data: [scripts/benchmark/README.md](../../scripts/benchmark/README.md)
125
+ - CLI parameter reference: [cli-reference.md](cli-reference.md)
@@ -17,6 +17,20 @@ Difference from CHANGELOG.md:
17
17
 
18
18
  <!-- New versions are automatically added here -->
19
19
 
20
+ - [v2.109.0](./v2.109.0.md) - 2026-06-19
21
+
22
+ - [v2.108.2](./v2.108.2.md) - 2026-06-18
23
+ - [v2.108.1](./v2.108.1.md) - 2026-06-18
24
+ - [v2.108.0](./v2.108.0.md) - 2026-06-18
25
+ - [v2.107.0](./v2.107.0.md) - 2026-06-17
26
+ - [v2.106.7](./v2.106.7.md) - 2026-06-16
27
+ - [v2.106.6](./v2.106.6.md) - 2026-06-16
28
+ - [v2.106.5](./v2.106.5.md) - 2026-06-16
29
+ - [v2.106.4](./v2.106.4.md) - 2026-06-15
30
+ - [v2.106.3](./v2.106.3.md) - 2026-06-13
31
+ - [v2.106.2](./v2.106.2.md) - 2026-06-13
32
+ - [v2.106.1](./v2.106.1.md) - 2026-06-12
33
+ - [v2.106.0](./v2.106.0.md) - 2026-06-12
20
34
  - [v2.105.2](./v2.105.2.md) - 2026-06-10
21
35
  - [v2.105.1](./v2.105.1.md) - 2026-06-10
22
36
 
@@ -0,0 +1,48 @@
1
+ # 🚀 CodeBuddy Code v2.106.0 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |-----------|---------|
7
+ | CodeBuddy Code CLI | v2.106.0 |
8
+ | Agent SDK JS | v0.3.174 |
9
+ | Agent SDK Python | v0.3.173 |
10
+
11
+ ## ✨ New Features
12
+
13
+ ### MCP Apps Interactive Interface
14
+
15
+ CodeBuddy Code now supports MCP servers declaring interactive HTML tool interfaces, rendered in the Web UI as secure sandboxed iframes. Tool results are no longer limited to displaying text — this is ideal for forms, charts, visual configuration, and other rich interactive scenarios.
16
+
17
+ ### MCP Apps Bidirectional Interaction
18
+
19
+ MCP Apps can now collaborate bidirectionally with CodeBuddy Code:
20
+
21
+ - UI can write content back to the conversation, supporting both direct sending and filling into the input box for further editing
22
+ - UI can inject model context for the next conversation turn
23
+ - UI can request display mode switching, trigger file downloads, and notify resource destruction
24
+ - Reverse tool invocations from within the iframe require user authorization first, ensuring security and control
25
+
26
+ ### Tool Defer Loading Override
27
+
28
+ The `--tools` parameter and custom agent frontmatter `tools` field now support `Defer(...)` / `NoDefer(...)` modifiers. Users can temporarily adjust whether tools are lazily loaded at the session or agent level without modifying global configuration.
29
+
30
+ ## 🔧 Improvements
31
+
32
+ - **MCP Apps display experience**: Interactive interfaces are now persistently displayed below tool cards, no longer requiring expansion of tool call details to see the main content
33
+ - **Authorization experience optimization**: After selecting "Always Allow" for the same server / tool, no repeated prompts appear within the session; auto-approve mode automatically grants permission
34
+ - **Loading experience optimization**: During history replay, loading states are only shown when resource retrieval exceeds 200ms, reducing flickering
35
+ - **Reverse invocation stability**: Reverse tool calls from the same session / server are queued for sequential execution, preventing concurrent overload from blocking the approval flow
36
+ - **MCP Apps logging**: iframe logs can be synced to the console by level; warning and above levels display deduplicated bottom-right notifications
37
+ - **Prompt suggestion cost optimization**: Next-turn prompt suggestions now use a lightweight model and condensed context for generation, reducing token costs
38
+
39
+ ## 🐛 Bug Fixes
40
+
41
+ - **MCP tool description drift**: Fixed an issue where prompts retained filtered tools when MCP server connection state changed, reducing model mis-invocations of non-existent tools
42
+ - **Team credit double counting**: Fixed an issue where multiple usage updates for the same message caused credits to be accumulated repeatedly
43
+ - **Cross-version upgrade configuration anomaly**: Fixed an issue where old version product configuration cache polluted new version configuration, reducing post-upgrade configuration behavior anomalies
44
+ - **Trace ID drift**: Fixed an issue where subagent / team agent inherited incorrect rootRequestId in multi-turn conversations, ensuring consistent end-to-end tracing IDs within a single conversation
45
+ - **Team credit statistics accuracy**: Fixed inaccurate statistics caused by requestId tampering in Team scenarios and usage not being correctly forwarded in detached mode
46
+ - **Request cancellation error display**: Cancelling a request now shows a more user-friendly "cancelled" message instead of exposing underlying JSON-RPC structure
47
+ - **MCP Apps history restoration**: Fixed an issue where interactive interfaces no longer displayed after refreshing the Web UI
48
+ - **MCP Apps authorization race condition**: Fixed an authorization matching error where `No active interruption to resolve` could occur during reverse tool invocations
@@ -0,0 +1,13 @@
1
+ # 🚀 CodeBuddy Code v2.106.1 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |-----------|---------|
7
+ | CodeBuddy Code CLI | v2.106.1 |
8
+ | Agent SDK JS | v0.3.175 |
9
+ | Agent SDK Python | v0.3.174 |
10
+
11
+ ## 🐛 Bug Fixes
12
+
13
+ - **Delete key not working (iTerm2 Natural Text Editing preset)**: Fixed an issue where pressing the Forward Delete key (⌦) on an external keyboard had no effect in the input box when iTerm2 loaded the "Natural Text Editing" preset. This preset remaps the physical Delete key to send the Ctrl-D code point. It is now handled according to common editor conventions: when the input is non-empty and there are characters after the cursor, the character after the cursor is deleted; when the input is empty, the "double-press Ctrl-D to exit" interaction is preserved.
@@ -0,0 +1,24 @@
1
+ # CodeBuddy Code v2.106.2 Release
2
+
3
+ ## Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.106.2 |
8
+ | Agent SDK JS | v0.3.176 |
9
+ | Agent SDK Python | v0.3.175 |
10
+
11
+ ## New Features
12
+
13
+ ### Stop Hook Prompt Type Support
14
+
15
+ Added E2E test coverage for the prompt-type Stop hook lifecycle and robustness validation, ensuring correct Stop hook behavior when triggered by prompt events.
16
+
17
+ ## Improvements
18
+
19
+ - **Prompt Hook Diagnostics Enhancement**: Improved log output when prompt hook execution fails, now including the event name and specific error details to facilitate troubleshooting Stop hook issues
20
+ - **DeferExecuteTool Image Support**: When MCP tools return image content, it is now automatically converted to a structured format for the downstream processing pipeline
21
+
22
+ ## Bug Fixes
23
+
24
+ None
@@ -0,0 +1,14 @@
1
+ # 🚀 CodeBuddy Code v2.106.3 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.106.3 |
8
+ | Agent SDK JS | v0.3.177 |
9
+ | Agent SDK Python | v0.3.176 |
10
+
11
+ ## 🐛 Bug Fixes
12
+
13
+ - **Duplicate Session Title Generation**: Fixed an issue where session titles were generated repeatedly when user messages were in array form (e.g., containing images or multi-segment content). The title determination logic now correctly handles array message content and only triggers generation when visible text exists and is not a system reminder.
14
+ - **Duplicate Context Injection on Compressed Continuation**: Fixed an issue where user context was repeatedly injected into history when continuing a conversation after history compression, avoiding context redundancy and improving continuation accuracy.
@@ -0,0 +1,24 @@
1
+ # 🚀 CodeBuddy Code v2.106.4 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.106.4 |
8
+ | Agent SDK JS | v0.3.178 |
9
+ | Agent SDK Python | v0.3.177 |
10
+
11
+ ## ✨ New Features
12
+
13
+ ### WeChat Pay Authorization Card
14
+
15
+ Added client-side payment authorization card capability. When a tool execution requires user payment confirmation, CodeBuddy Code can display a payment card on the client, allowing users to authorize, cancel, or view payment results, with the response sent back to the executing task.
16
+
17
+ ## 🔧 Improvements
18
+
19
+ - **Sandbox Runtime Distribution**: Upgraded the built-in sandbox platform package version and improved platform artifact collection during the release packaging phase, enhancing sandbox runtime distribution consistency.
20
+ - **Payment Card Status Display**: Optimized payment final state feedback, providing more accurate display for payment success, incomplete, or timeout scenarios.
21
+
22
+ ## 🐛 Bug Fixes
23
+
24
+ - **MCP Dynamic Authorization State**: Fixed an issue where overly broad matching in MCP validation logic caused dynamic authorization states to be incorrectly cleared, preventing abnormal MCP configuration or authorization state issues.
@@ -0,0 +1,18 @@
1
+ # 🚀 CodeBuddy Code v2.106.5 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.106.5 |
8
+ | Agent SDK JS | v0.3.179 |
9
+ | Agent SDK Python | v0.3.178 |
10
+
11
+ ## 🐛 Bug Fixes
12
+
13
+ - **--help mode hanging**: Fixed an issue where the process could not exit when running `--help` due to async initialization blocking. Added timeout protection and interrupt support.
14
+ - **MCP server wait blocking**: Fixed an issue where MCP server startup wait blocked output in `--help` mode.
15
+ - **Outdated error recovery prompts**: Fixed an issue where the tool name list in system prompts was not updated to reflect current actual tool names after a tool call failure.
16
+ - **State stuck after main conversation ends**: Fixed an issue in interactive mode where the bottom loading status occasionally got stuck on "waiting for model" after the main task ended, with ESC unresponsive. Background auxiliary calls no longer incorrectly occupy the main session running state.
17
+ - **Glob search tool hanging**: Fixed an issue where the Glob tool could hang permanently in parallel search scenarios. Refactored the underlying search flow's completion determination and timeout control to ensure normal return even when hitting very large directories.
18
+ - **Multi-expert collaboration stuck**: Fixed an issue in multi-member collaboration scenarios where the lead could get stuck on "thinking" with no output when the last member completed. Ensures completion notifications are reliably delivered.
@@ -0,0 +1,15 @@
1
+ # 🚀 CodeBuddy Code v2.106.6 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.106.6 |
8
+ | Agent SDK JS | v0.3.180 |
9
+ | Agent SDK Python | v0.3.179 |
10
+
11
+ ## 🐛 Bug Fixes
12
+
13
+ - **Command execution compatibility**: Fixed an issue where command execution failed in non-POSIX login shells such as fish. Now automatically falls back to a compatible shell for command execution, avoiding direct errors caused by shell syntax incompatibility.
14
+ - **Custom model tool call stability**: Fixed an issue where tool calls failed when some models repeatedly sent tool call IDs in streaming responses, improving tool call pipeline stability.
15
+ - **Background task output reading**: Task output files are now written to temporary directories isolated by user and working directory, avoiding directory permission conflicts in shared environments that affected background task result reading.
@@ -0,0 +1,13 @@
1
+ # 🚀 CodeBuddy Code v2.106.7 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.106.7 |
8
+ | Agent SDK JS | v0.3.181 |
9
+ | Agent SDK Python | v0.3.180 |
10
+
11
+ ## 🔧 Improvements
12
+
13
+ - **Telemetry module maintenance**: Cleaned up telemetry-related code formatting to keep release build output stable and reduce irrelevant formatting differences in subsequent releases.
@@ -0,0 +1,30 @@
1
+ # 🚀 CodeBuddy Code v2.107.0 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.107.0 |
8
+ | Agent SDK JS | v0.3.182 |
9
+ | Agent SDK Python | v0.3.181 |
10
+
11
+ ## ✨ New Features
12
+
13
+ ### Prewarm Process
14
+
15
+ Added `--prewarm` standby mode, allowing CodeBuddy Code to complete startup initialization and suspend, then be awakened via local IPC and bound to a working directory when needed. A companion `cbc-prewarm` management command is provided, supporting listing, health checking, status querying, and activating prewarmed instances. This significantly reduces wait time in scenarios with frequent new session startups.
16
+
17
+ ## 🔧 Improvements
18
+
19
+ - **More unified prewarm configuration**: Prewarm capabilities are now uniformly controlled through `--prewarm`, `--prewarm-id`, and `--prewarm-force` CLI parameters, reducing troubleshooting costs caused by mixing environment variables and command-line options.
20
+ - **More reliable working directory switching**: Switching working directories now automatically refreshes file watchers and project-level caches, preventing settings, memories, skills, plugins, and product configurations from continuing to reference the old directory.
21
+ - **Clearer prewarm instance management**: `cbc-prewarm list` can now correctly discover standby instances; instances with the same `prewarmId` no longer compete with each other by default — only when `--prewarm-force` is explicitly passed will the old instance be taken over.
22
+ - **ZIP marketplace leftover cleanup**: After successful installation or update, orphaned temporary zip files and extracted directories older than 1 hour under `~/.codebuddy/plugins/marketplaces/` are automatically cleaned up, reducing disk residuals.
23
+
24
+ ## 🐛 Bug Fixes
25
+
26
+ - **False idle notifications**: Fixed an issue where "waiting for input" notifications were repeatedly triggered while the agent was still outputting or executing tools, avoiding notification spam during busy periods.
27
+ - **Sandbox approval timeout experience**: Extended the sandbox command approval wait time to 30 minutes, treating timeouts as "user canceled", and automatically closing residual approval dialogs.
28
+ - **Workspace trust false error message**: Fixed an issue where `apiKeyHelper blocked` error messages persisted after workspace trust was completed, reducing the "already trusted but appears to have failed" confusion.
29
+ - **Task numbering order**: Fixed an issue where task numbers were inconsistent with the planned order when creating multiple tasks concurrently, making the task list better reflect the actual creation order.
30
+ - **fish shell safe-delete compatibility**: Fixed an issue where the safe-delete path restoration logic in fish and other non-POSIX shells would throw syntax errors before execution.
@@ -0,0 +1,20 @@
1
+ # 🚀 CodeBuddy Code v2.108.0 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.108.0 |
8
+ | Agent SDK JS | v0.3.183 |
9
+ | Agent SDK Python | v0.3.182 |
10
+
11
+ ## ✨ New Features
12
+
13
+ ### Model Switch Prompt
14
+
15
+ When a model is manually pinned in the project configuration, after the user persistently switches models via `/model`, CodeBuddy Code now explicitly notifies that the project configuration will still override the current selection after restart, and suggests removing the model setting from the project configuration to truly persist the new default model.
16
+
17
+ ## 🐛 Bug Fixes
18
+
19
+ - **More accurate request tracing**: Fixed an issue where multiple model requests in multi-turn conversations reused the same set of request identifiers. Now each HTTP request generates an independent `X-Request-ID`, making it easier to trace request chains.
20
+ - **More stable custom Agent configuration generation**: Fixed an issue where AI-generated custom Agent configurations could produce unparseable frontmatter in scenarios with multi-line descriptions or inheriting all tools, reducing cases where the configuration fails to load after generation.
@@ -0,0 +1,15 @@
1
+ # 🚀 CodeBuddy Code v2.108.1 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.108.1 |
8
+ | Agent SDK JS | v0.3.184 |
9
+ | Agent SDK Python | v0.3.183 |
10
+
11
+ ## 🐛 Bug Fixes
12
+
13
+ - **Expert team content output display anomaly**: Fixed an issue in multi-agent collaboration scenarios where adjacent streaming output fragments had drifting message grouping identifiers, causing "deep thinking" content to be split into multiple messages. Also fixed an issue where the same session was triggered to run concurrently due to race conditions, causing interleaved model streaming fragments.
14
+ - **Context summary sampling parameters aligned with main conversation**: Fixed an issue where summary requests bypassed the model configuration interceptor, resulting in missing sampling parameters such as temperature and reasoning. Summary requests now use the same model configuration as the main conversation.
15
+ - **safe-delete syntax error in fish shell**: Fixed a syntax error caused by empty bootstrap being concatenated into the command chain in fish shell, ensuring both regular shell commands and sandbox commands execute correctly.
@@ -0,0 +1,13 @@
1
+ # 🚀 CodeBuddy Code v2.108.2 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.108.2 |
8
+ | Agent SDK JS | v0.3.185 |
9
+ | Agent SDK Python | v0.3.184 |
10
+
11
+ ## 🐛 Bug Fixes
12
+
13
+ - **Conversation credit attribution**: Fixed an issue where request identifiers were reused across multi-turn conversations, which could cause credit consumption to be incorrectly attributed to the previous message turn. Credits are now accurately attributed to each conversation turn.
@@ -0,0 +1,24 @@
1
+ # 🚀 CodeBuddy Code v2.109.0 Release
2
+
3
+ ## 📦 Version Information
4
+
5
+ | Component | Version |
6
+ |------|------|
7
+ | CodeBuddy Code CLI | v2.109.0 |
8
+ | Agent SDK JS | v0.3.186 |
9
+ | Agent SDK Python | v0.3.185 |
10
+
11
+ ## ✨ New Features
12
+
13
+ ### Auto Permission Mode
14
+
15
+ Introducing the `auto` permission mode, which allows CodeBuddy Code to intelligently determine whether each tool invocation requires user approval while maintaining safe boundaries, reducing frequent confirmation prompts that interrupt continuous tasks.
16
+
17
+ - **Smart classification and passthrough**: Dynamically decides whether the current tool invocation can be executed directly based on operation risk, contextual semantics, and historical rejection records.
18
+ - **Secondary verification mechanism**: Adds a critique review step that double-checks classification results to reduce the probability of false approvals.
19
+ - **In-session rejection memory**: Records tool invocations that the user has manually rejected, preventing repeated requests for the same operation within a session.
20
+ - **Automatic permission context injection**: Automatically injects current permission constraints into the model, helping it more accurately understand the executable boundaries.
21
+
22
+ ## ⚠️ Upgrade Notes
23
+
24
+ - **Hook permission mode output change**: `HookInput.permission_mode` now outputs the actual runtime permission mode, which may include new values such as `plan`, `auto`, and `bypassPermissions`. If your custom hooks only handle the `default`, `acceptEdits`, and `dontAsk` cases, please update your branch logic accordingly.