@tencent-ai/codebuddy-code 2.71.1 → 2.72.0-next.6c5fd20.20260402

package/dist/web-ui/docs/en/cli/http-api.md

@@ -0,0 +1,401 @@
+# CodeBuddy Code HTTP API <sup>Beta</sup>
+
+> **Beta**: This API is in Beta. Interfaces may be adjusted. Feedback is welcome.
+
+CodeBuddy Code provides two public interface sets for developers building Agent applications:
+
+- **REST API** (`/api/v1/*`) — Stateless HTTP request/response, suitable for webhook integration, management operations, and simple queries
+- **ACP** (`/api/v1/acp`) — Stateful streaming protocol (JSON-RPC over SSE), suitable for building full Agent client applications
+
+## Quick Start
+
+### Starting the HTTP Service
+
+```bash
+codebuddy --serve --port 8080 --session-id my-session
+```
+
+### API Documentation (Swagger UI)
+
+Once the service is running, visit:
+
+- **Interactive docs**: `http://127.0.0.1:8080/api/docs`
+- **OpenAPI spec**: `http://127.0.0.1:8080/api/openapi.json`
+
+Swagger UI provides an interactive testing interface for all public endpoints.
+
+### Verify the Service
+
+```bash
+curl http://127.0.0.1:8080/api/v1/health
+# {"data":{"status":"ok","uptime":12.3,"platforms":["generic","wecom","wechat-kf"]}}
+```
+
+## API Layers
+
+| Layer | Route Prefix | Compatibility Promise | Description |
+|-------|-------------|----------------------|-------------|
+| **Public REST API** | `/api/v1/*` | Semantic versioning, no breaking changes | Covered in this document |
+| **Public ACP Protocol** | `/api/v1/acp` | Follows ACP specification | Full conversation capabilities, see [ACP Documentation](https://agentclientprotocol.com) |
+| **Internal RPC** | `/internal/*` | No compatibility guarantee | For internal CLI use, not publicly available |
+
+## Authentication
+
+Two modes are supported (controlled by environment variable `CODEBUDDY_GATEWAY_AUTH`):
+
+| Mode | Value | Description |
+|------|-------|-------------|
+| No authentication | `none` (default) | For local development, no authentication required |
+| Password authentication | `password` | Automatically enabled for remote access |
+
+Password authentication supports the following methods (any one passing is sufficient):
+
+```bash
+# Bearer Token
+curl -H "Authorization: Bearer YOUR_PASSWORD" http://host:port/api/v1/sessions
+
+# URL parameter
+curl http://host:port/api/v1/sessions?password=YOUR_PASSWORD
+```
+
+## Response Format
+
+All `/api/v1/*` endpoints use a unified envelope format:
+
+```jsonc
+// Success
+{
+    "data": { ... }
+}
+
+// Error
+{
+    "error": {
+        "code": "AUTH_REQUIRED",      // Machine-readable error code
+        "message": "Authentication required"  // Human-readable description
+    }
+}
+```
+
+## Endpoint Overview
+
+### System
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/health` | Health check |
+| GET | `/api/v1/info` | Environment info (version, OS, CWD, etc.) |
+| GET | `/api/v1/metrics` | System resource metrics (aligned with E2B envd) |
+| GET | `/api/v1/envs` | Environment variables (aligned with E2B envd) |
+
+### Authentication
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/auth/status` | Get authentication status |
+| POST | `/api/v1/auth/login` | Password login, returns token |
+
+### Runs (Agent Execution)
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/v1/runs` | Initiate Agent execution (async, returns runId) |
+| GET | `/api/v1/runs/:runId` | Query execution status |
+| GET | `/api/v1/runs/:runId/stream` | SSE streaming of execution results |
+| POST | `/api/v1/runs/:runId/cancel` | Cancel execution |
+
+### Webhooks (Third-party Platform Integration)
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/webhooks/:platform` | Platform URL verification (WeCom, etc.) |
+| POST | `/api/v1/webhooks/:platform` | Platform message webhook entry |
+
+Supported platforms: `generic`, `wecom` (WeCom), `wechat-kf` (WeChat Customer Service)
+
+### Sessions
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/sessions` | Get session list |
+| DELETE | `/api/v1/sessions/:id` | Delete session |
+| POST | `/api/v1/sessions/:id/rename` | Rename session |
+
+### PTY (Terminal)
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/v1/pty` | Create PTY session |
+| GET | `/api/v1/pty` | List PTY sessions |
+| GET | `/api/v1/pty/:id` | Query PTY session |
+| DELETE | `/api/v1/pty/:id` | Destroy PTY session |
+| GET | `/api/v1/pty/:id/output` | SSE streaming of PTY output (replaces WebSocket) |
+| POST | `/api/v1/pty/:id/input/send` | Send PTY input (aligned with E2B Process.SendInput) |
+| POST | `/api/v1/pty/:id/resize` | Resize PTY (aligned with E2B Process.Update) |
+| WebSocket | `/api/v1/pty/:id/ws` | PTY bidirectional data transport (legacy compatible) |
+
+### Instances
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/instances` | Get instance list |
+| POST | `/api/v1/instances` | Add remote instance |
+| DELETE | `/api/v1/instances/:id` | Delete instance |
+
+### Channels (Remote Control)
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/channels` | Get client list |
+| POST | `/api/v1/channels/:type/:id/start` | Start client |
+| POST | `/api/v1/channels/:type/:id/stop` | Stop client |
+| POST | `/api/v1/channels/wechat` | Create WeChat instance |
+| POST | `/api/v1/channels/wecom` | Create WeCom instance |
+
+### Filesystem (E2B Compatible)
+
+File content operations (aligned with E2B envd HTTP endpoints):
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/files/download?path=...` | Download file (aligned with E2B envd GET /files) |
+| POST | `/api/v1/files/upload?path=...` | Upload file (aligned with E2B envd POST /files) |
+| POST | `/api/v1/files/compose` | Compose multiple files (aligned with E2B envd POST /files/compose) |
+
+File operations (aligned with E2B filesystem.proto):
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/v1/fs/stat` | Get file/directory info (aligned with Filesystem.Stat) |
+| POST | `/api/v1/fs/list` | List directory contents (aligned with Filesystem.ListDir) |
+| POST | `/api/v1/fs/mkdir` | Create directory (aligned with Filesystem.MakeDir) |
+| POST | `/api/v1/fs/remove` | Remove file/directory (aligned with Filesystem.Remove) |
+| POST | `/api/v1/fs/move` | Move/rename (aligned with Filesystem.Move) |
+
+File watching (aligned with E2B filesystem.proto):
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/v1/fs/watch` | Streaming directory watch SSE (aligned with Filesystem.WatchDir) |
+| POST | `/api/v1/fs/watcher/create` | Create watcher (aligned with Filesystem.CreateWatcher) |
+| POST | `/api/v1/fs/watcher/events` | Get watcher events (aligned with Filesystem.GetWatcherEvents) |
+| POST | `/api/v1/fs/watcher/remove` | Remove watcher (aligned with Filesystem.RemoveWatcher) |
+
+CBC enhancements:
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/fs/search?query=...` | Fuzzy file search (based on ripgrep, no E2B equivalent) |
+
+### Process Management (E2B Compatible)
+
+Aligned with E2B process.proto, mapping gRPC methods to REST endpoints:
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/v1/process/start` | Start process (aligned with Process.Start, supports SSE/JSON) |
+| GET | `/api/v1/process/list` | List running processes (aligned with Process.List) |
+| POST | `/api/v1/process/connect` | Connect to process SSE stream (aligned with Process.Connect) |
+| POST | `/api/v1/process/input/send` | Send stdin (aligned with Process.SendInput) |
+| POST | `/api/v1/process/input/stream` | Stream stdin (aligned with Process.StreamInput) |
+| POST | `/api/v1/process/signal/send` | Send signal (aligned with Process.SendSignal) |
+| POST | `/api/v1/process/stdin/close` | Close stdin (aligned with Process.CloseStdin) |
+| POST | `/api/v1/process/update` | Update process config such as PTY resize (aligned with Process.Update) |
+
+### ACP (Agent Client Protocol)
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/v1/acp/connect` | Establish ACP connection, returns connectionId and sessionToken |
+| GET | `/api/v1/acp` | SSE notification subscription (requires acp-connection-id Header) |
+| POST | `/api/v1/acp` | Send JSON-RPC requests (newSession, prompt, cancelRun, etc.) |
+| DELETE | `/api/v1/acp` | Disconnect |
+
+### File Changes (Checkpoint)
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/file-changes/diff?path=...` | Get diff content for a single file |
+| GET | `/api/v1/file-changes/checkpoints` | List checkpoints available for rollback |
+| POST | `/api/v1/file-changes/revert` | Revert file changes or rollback to a checkpoint |
+
+### Task Templates
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/v1/tasks/templates` | Get task templates |
+| POST | `/api/v1/tasks/templates/refresh` | Refresh (trigger AI recommendations) |
+
+## Usage Examples
+
+### Health Check
+
+```bash
+curl http://127.0.0.1:8080/api/v1/health
+```
+
+### Initiate Agent Execution
+
+```bash
+# Send message
+curl -X POST http://127.0.0.1:8080/api/v1/runs \
+  -H "Content-Type: application/json" \
+  -d '{"text": "Help me analyze code performance", "sender": {"id": "dev", "name": "Developer"}}'
+
+# Response: {"data": {"runId": "uuid-xxx", "status": "accepted"}}
+
+# Get results via SSE stream
+curl http://127.0.0.1:8080/api/v1/runs/uuid-xxx/stream
+```
+
+### PTY Terminal Management
+
+```bash
+# Create terminal
+curl -X POST http://127.0.0.1:8080/api/v1/pty \
+  -H "Content-Type: application/json" \
+  -d '{"cols": 120, "rows": 40}'
+
+# List terminals
+curl http://127.0.0.1:8080/api/v1/pty
+
+# SSE streaming output (replaces WebSocket)
+curl http://127.0.0.1:8080/api/v1/pty/SESSION_ID/output
+
+# Send input
+curl -X POST http://127.0.0.1:8080/api/v1/pty/SESSION_ID/input/send \
+  -H "Content-Type: application/json" \
+  -d '{"data": "ls -la\n"}'
+
+# Resize
+curl -X POST http://127.0.0.1:8080/api/v1/pty/SESSION_ID/resize \
+  -H "Content-Type: application/json" \
+  -d '{"cols": 200, "rows": 50}'
+
+# Destroy terminal
+curl -X DELETE http://127.0.0.1:8080/api/v1/pty/SESSION_ID
+```
+
+### Filesystem Operations (E2B Compatible)
+
+```bash
+# Download file
+curl "http://127.0.0.1:8080/api/v1/files/download?path=/tmp/test.txt"
+
+# Upload file
+curl -X POST "http://127.0.0.1:8080/api/v1/files/upload?path=/tmp/upload.txt" \
+  -H "Content-Type: application/octet-stream" \
+  --data-binary @local-file.txt
+
+# Get file info
+curl -X POST http://127.0.0.1:8080/api/v1/fs/stat \
+  -H "Content-Type: application/json" \
+  -d '{"path": "/tmp"}'
+
+# List directory
+curl -X POST http://127.0.0.1:8080/api/v1/fs/list \
+  -H "Content-Type: application/json" \
+  -d '{"path": "/tmp", "depth": 2}'
+
+# Create directory
+curl -X POST http://127.0.0.1:8080/api/v1/fs/mkdir \
+  -H "Content-Type: application/json" \
+  -d '{"path": "/tmp/new-dir"}'
+
+# Fuzzy file search (CBC enhancement)
+curl "http://127.0.0.1:8080/api/v1/fs/search?query=component&limit=10"
+```
+
+### Process Management (E2B Compatible)
+
+```bash
+# Start process (JSON mode)
+curl -X POST http://127.0.0.1:8080/api/v1/process/start \
+  -H "Content-Type: application/json" \
+  -d '{"process": {"cmd": "python3", "args": ["script.py"]}, "tag": "my-script"}'
+
+# Start process (SSE streaming output)
+curl -X POST http://127.0.0.1:8080/api/v1/process/start \
+  -H "Content-Type: application/json" \
+  -H "Accept: text/event-stream" \
+  -d '{"process": {"cmd": "python3", "args": ["script.py"]}}'
+
+# List running processes
+curl http://127.0.0.1:8080/api/v1/process/list
+
+# Send stdin
+curl -X POST http://127.0.0.1:8080/api/v1/process/input/send \
+  -H "Content-Type: application/json" \
+  -d '{"process": {"pid": 12345}, "input": {"stdin": "hello\n"}}'
+
+# Send signal (SIGTERM)
+curl -X POST http://127.0.0.1:8080/api/v1/process/signal/send \
+  -H "Content-Type: application/json" \
+  -d '{"process": {"tag": "my-script"}, "signal": 15}'
+
+# System metrics
+curl http://127.0.0.1:8080/api/v1/metrics
+```
+
+### Session Management
+
+```bash
+# Get session list
+curl http://127.0.0.1:8080/api/v1/sessions
+
+# Rename session
+curl -X POST http://127.0.0.1:8080/api/v1/sessions/SESSION_ID/rename \
+  -H "Content-Type: application/json" \
+  -d '{"name": "Performance Optimization Discussion"}'
+```
+
+### File Change Management
+
+```bash
+# Get file diff (requires file to be tracked in a checkpoint)
+curl "http://127.0.0.1:8080/api/v1/file-changes/diff?path=/path/to/file.ts"
+# Response: {"path": "/path/to/file.ts", "oldText": "...", "newText": "..."}
+
+# List checkpoints available for rollback
+curl http://127.0.0.1:8080/api/v1/file-changes/checkpoints
+# Response: {"checkpoints": [{"id": "xxx", "label": "...", "createdAt": 1234567890, "files": [...], "additions": 5, "deletions": 2}]}
+
+# Revert changes by file
+curl -X POST http://127.0.0.1:8080/api/v1/file-changes/revert \
+  -H "Content-Type: application/json" \
+  -d '{"paths": ["/path/to/file.ts"]}'
+# Response: {"success": true, "revertedFiles": ["/path/to/file.ts"]}
+
+# Rollback to a specific checkpoint
+curl -X POST http://127.0.0.1:8080/api/v1/file-changes/revert \
+  -H "Content-Type: application/json" \
+  -d '{"checkpointId": "checkpoint-uuid", "scope": "CodeAndConversation"}'
+# scope options: "Code" (revert files only), "Conversation" (revert conversation only), "CodeAndConversation" (revert all)
+
+# Revert all changes (rollback to the earliest checkpoint)
+curl -X POST http://127.0.0.1:8080/api/v1/file-changes/revert \
+  -H "Content-Type: application/json" \
+  -d '{}'
+```
+
+## Error Codes
+
+| Error Code | HTTP Status | Description |
+|------------|------------|-------------|
+| `AUTH_REQUIRED` | 401 | Authentication required |
+| `AUTH_INVALID` | 401 | Invalid authentication |
+| `AUTH_RATE_LIMITED` | 429 | Too many login attempts |
+| `NOT_FOUND` | 404 | Resource not found |
+| `BAD_REQUEST` | 400 | Invalid request parameters |
+| `RATE_LIMITED` | 429 | Request rate too high |
+| `INTERNAL_ERROR` | 500 | Internal server error |
+| `SESSION_NOT_FOUND` | 404 | Session not found |
+| `SESSION_DELETE_CURRENT` | 400 | Cannot delete current session |
+| `TERMINAL_NOT_FOUND` | 404 | PTY not found |
+| `PROCESS_NOT_FOUND` | 404 | Process not found |
+| `PATH_REQUIRED` | 400 | Missing path parameter |
+| `PATH_NOT_DIRECTORY` | 400 | Path is not a directory |
+| `INSUFFICIENT_STORAGE` | 507 | Insufficient disk space |
+| `RUN_NOT_FOUND` | 404 | Run not found |
+| `PLATFORM_UNSUPPORTED` | 400 | Unsupported webhook platform |
+| `SIGNATURE_INVALID` | 403 | Signature verification failed |

package/dist/web-ui/docs/en/cli/release-notes/README.md

@@ -17,6 +17,11 @@ Difference from [CHANGELOG.md](../../CHANGELOG.md):
 
 <!-- New versions are automatically added here -->
 
+- [v2.71.1](./v2.71.1.md) - 2026-04-01
+- [v2.71.0](./v2.71.0.md) - 2026-04-01
+- [v2.70.1](./v2.70.1.md) - 2026-03-31
+- [v2.70.0](./v2.70.0.md) - 2026-03-31
+- [v2.69.0](./v2.69.0.md) - 2026-03-30
 - [v2.68.0](./v2.68.0.md) - 2026-03-30
 - [v2.67.0](./v2.67.0.md) - 2026-03-28
 - [v2.66.2](./v2.66.2.md) - 2026-03-26

package/dist/web-ui/docs/en/cli/release-notes/v2.69.0.md

@@ -0,0 +1,24 @@
+# CodeBuddy Code v2.69.0 Release
+
+## New Features
+
+### E2B Compatible API
+
+Fully aligned with the E2B open protocol, allowing CodeBuddy Code to be used as an E2B-compatible sandbox environment:
+
+- **File System API**: Added `/api/v1/fs/*` and `/api/v1/files/*` endpoints, supporting file read/write, directory operations, file watching, and other comprehensive file system capabilities
+- **Process Management API**: Added `/api/v1/process/*` endpoints, supporting process launching (PTY/pipe), input/output streaming, signal sending, and full lifecycle management
+- **System Metrics & Environment Variables API**: Added `/api/v1/metrics` and `/api/v1/envs` endpoints, providing CPU/memory/disk usage metrics and environment variable queries
+
+## Improvements
+
+- **PTY Terminal Enhancement**: Added SSE output streaming, HTTP input sending, and HTTP resize endpoints, providing a pure HTTP alternative to WebSocket
+- **Terminal Web UI Refactoring**: Migrated the frontend terminal component from WebSocket to SSE + HTTP communication, improving cross-platform compatibility
+- **Distributed Tracing**: Refactored the trace pipeline based on the Hook mechanism, supporting SDK-passed traceId for end-to-end tracing with automatic child Span creation for each tool call
+- **WeChat Multi-Instance Support**: Enabled simultaneous connections to multiple WeChat bot instances with automatic message routing to the correct client
+- **WeChat Media Messages**: Added support for receiving and sending images, files, voice, and video messages
+- **Chinese Quotation Mark Fix**: Automatically corrects Chinese quotation marks in model output to prevent JSON parsing failures in tool calls
+
+## Security Fixes
+
+- **WeCom SSRF Protection**: Added URL allowlist validation for WeCom bot media downloads, restricting access to official WeCom CDN domains only to prevent Server-Side Request Forgery attacks

package/dist/web-ui/docs/en/cli/release-notes/v2.70.0.md

@@ -0,0 +1,16 @@
+# CodeBuddy Code v2.70.0 Release
+
+## New Features
+
+### Model-Driven Built-in Command Invocation
+
+AI models can now directly execute certain built-in slash commands (such as /clear, /model, /config, /resume, /gateway, etc.) through the Skill tool, enabling model-proxied command execution in non-terminal scenarios like WebChat and WeChat without requiring users to manually type slash commands.
+
+- Commands like /model, /config, /resume now support a `list` subcommand to display available options in text format
+- The `disableModelInvocation` field provides unified control over whether built-in and custom commands can be invoked by the model
+
+## Improvements
+
+- **Instance Registration URL Simplification**: Merged localUrl/tunnelUrl into a unified url field, with the backend automatically determining the best reachable address, simplifying configuration
+- **Permission Dialog Stability**: Replaced the useEffect subscription pattern with useSyncExternalStore, completely resolving the race condition that occasionally prevented permission dialogs from appearing
+- **Session Permission Mode Persistence**: Fixed the issue where permission mode was reset when switching sessions in multi-instance scenarios

package/dist/web-ui/docs/en/cli/release-notes/v2.70.1.md

@@ -0,0 +1,18 @@
+# CodeBuddy Code v2.70.1 Release
+
+## Security Fixes
+
+### CORS Cross-Origin Attack Protection
+
+Fixed a cross-origin request security vulnerability in the local Gateway service (`cbc --serve`). Previously, malicious web pages could use JavaScript to make cross-origin requests to the user's local localhost service, executing Agent commands or stealing output data.
+
+Key fixes:
+
+- Replaced the framework's default `Access-Control-Allow-Origin: *` with a precise allowlist mechanism, only permitting cross-origin requests from localhost, 127.0.0.1, and Tunnel URLs
+- Added Host header validation middleware to prevent DNS Rebinding attacks
+- Fixed CORS wildcard vulnerability on SSE streaming endpoints
+- Changed the default bind address from `0.0.0.0` to `127.0.0.1` to prevent the service from being exposed to the local network
+
+## Improvements
+
+- **Custom CORS Rules**: Support configuring allowed cross-origin sources via the `CODEBUDDY_CODE_CORS_ORIGINS` environment variable (comma-separated) or the `gateway.corsOrigins` Settings option, accommodating special use cases

package/dist/web-ui/docs/en/cli/release-notes/v2.71.0.md

@@ -0,0 +1,18 @@
+# CodeBuddy Code v2.71.0 Release
+
+## New Features
+
+### Web UI Code Editor
+
+The Web UI now includes file browsing and code editing capabilities, allowing you to view and edit project files directly in the browser:
+
+- **Directory Tree Navigation**: The left panel displays the project file structure for quick file access
+- **Multi-Tab Editing**: Open multiple files simultaneously and switch freely between tabs
+- **Monaco Editor**: Integrated with the same editor engine as VS Code, with syntax highlighting support
+- **Auto Save**: Edits are automatically saved without manual action
+- **File Drag & Drop**: Support for moving files via drag and drop
+- **Keyboard Shortcuts**: Common keyboard shortcuts supported for improved editing efficiency
+
+## Improvements
+
+- **Streaming Timeout Optimization**: Increased the default streaming response timeout and first token timeout from 2 minutes to 10 minutes, reducing timeout interruptions during complex tasks caused by slower model responses. Can still be customized via `CODEBUDDY_STREAM_TIMEOUT_MS` and `CODEBUDDY_FIRST_TOKEN_TIMEOUT_MS` environment variables

package/dist/web-ui/docs/en/cli/release-notes/v2.71.1.md

@@ -0,0 +1,7 @@
+# CodeBuddy Code v2.71.1 Release
+
+## Improvements
+
+- **SDK MCP Timeout Mechanism**: Replaced fixed timeouts with an AbortSignal cancellation mechanism, supporting long-running MCP tool calls and preventing complex tools from being unexpectedly interrupted by timeouts
+- **Reasoning Model Configuration**: Automatically defaults effort to high when thinking mode is enabled, ensuring the model actually produces reasoning output
+- **Product Configuration Fix**: Corrected a typo in the reasoning field of the model configuration

package/dist/web-ui/docs/en/cli/remote-control.md

@@ -94,7 +94,7 @@ winget install Cloudflare.cloudflared
 When `cloudflared` is not installed or the Tunnel fails to start, the Gateway automatically falls back to LAN mode. In this mode, only devices on the same network can access it.
 
 - Default listening port: `8321`
-- Listening address: `0.0.0.0` (all network interfaces)
+- Listening address: `127.0.0.1` by default (localhost only); use `--host 0.0.0.0` to listen on all network interfaces
 
 ## Security
 
@@ -172,7 +172,7 @@ You can configure Gateway-related options in `~/.codebuddy/settings.json`:
 
 | Environment Variable | Description |
 |:---------|:-----|
-| `CODEBUDDY_CORS_ORIGINS` | Additional allowed CORS origins (comma-separated) |
+| `CODEBUDDY_CODE_CORS_ORIGINS` | Additional allowed CORS origins (comma-separated) |
 
 ## Instance Management
 

package/dist/web-ui/docs/en/cli/slash-commands.md

@@ -17,15 +17,15 @@ These commands are used to manage your CodeBuddy Code sessions. Here is the curr
 | `/add-dir` | `<path>` | ✅ Supported | Add a working directory. Specify the path of the directory to add. |
 | `/agents` | | ✅ Supported | Manage experimental AI agents |
 | `/compact`| | ✅ Supported | Compress context. |
-| `/config`| | ✅ Supported | View or modify local configuration, including response language, model, theme, and other settings. |
+| `/config`| `[list \| get \| set]` | ✅ Supported | View or modify local configuration. Opens an interactive panel when used without parameters, `list` lists current settings, `get <key>` reads a setting, `set <key> <value>` modifies a setting. |
 | `/context` | | ✅ Supported | Calculate the context token distribution for the current session. |
 | `/cost` | | ✅ Supported | Display session cost and token usage. |
 | `/init` | | ✅ Supported | Initialize a new CodeBuddy repository. |
 | `/mcp` | | ✅ Supported | Manage MCP connections. |
 | `/memory`| | ✅ Supported | Manage long-term memory |
-| `/model` | `[model-name]` | ✅ Supported | Switch or view the currently used AI model. Opens an interactive selection interface when used without parameters, or directly switches to the specified model when provided with a model name (e.g., `/model gpt-5-codex`). |
-| `/model:text-to-image` | `[model-id]` | ✅ Supported | Switch or view the currently used text-to-image model. Opens an interactive selection interface when used without parameters, or directly switches to the specified model when provided with a model ID. |
-| `/model:image-to-image` | `[model-id]` | ✅ Supported | Switch or view the currently used image-to-image model. Opens an interactive selection interface when used without parameters, or directly switches to the specified model when provided with a model ID. |
+| `/model` | `[list \| model-name]` | ✅ Supported | Switch or view the currently used AI model. Opens an interactive selection interface when used without parameters, `list` lists available models, or directly switches to the specified model when provided with a model name (e.g., `/model gpt-4o`). |
+| `/model:text-to-image` | `[list \| model-id]` | ✅ Supported | Switch or view the currently used text-to-image model. Opens an interactive selection interface when used without parameters, `list` lists available models, or directly switches to the specified model when provided with a model ID. |
+| `/model:image-to-image` | `[list \| model-id]` | ✅ Supported | Switch or view the currently used image-to-image model. Opens an interactive selection interface when used without parameters, `list` lists available models, or directly switches to the specified model when provided with a model ID. |
 | `/permissions` | | ✅ Supported | Manage tool permissions and workspace directory access permissions. |
 | `/plan` | | ✅ Supported | Preview the plan file content in the current plan mode. |
 | `/upgrade` | | ✅ Supported | Open the upgrade page in your browser to view premium features and subscription options. |
@@ -37,7 +37,7 @@ These commands are used to manage your CodeBuddy Code sessions. Here is the curr
 | `/theme` | | ✅ Supported | Open the theme selection panel, where you can select and preview different terminal themes (dark, light, colorblind-friendly, ANSI, etc.). |
 | `/export` | | ✅ Supported | Export the current conversation to a file or clipboard. |
 | `/feedback` | | ✅ Supported | Open the feedback page to submit bug reports or feature suggestions. |
-| `/resume` | | ✅ Supported | Resume a previous session. |
+| `/resume` | `[list \| session-id]` | ✅ Supported | Resume a previous session. Opens an interactive panel when used without parameters, `list` lists all sessions, or directly switches to the specified session when provided with a session-id. |
 | `/rewind` | | ✅ Supported | Rewind conversation to a previous message point. You can choose to rewind conversation only, code only, or both. See [Checkpointing](checkpointing.md) for details. |
 | `/sandbox` | | ✅ Supported | Manage Bash command sandbox mode and control security policies for command execution. See [Sandbox Documentation](bash-sandboxing.md) for details. |
 | `/stats` | | ✅ Supported | Display usage statistics, including token usage, model invocation counts, session duration, and other detailed data. Supports both overview and per-model classification views. |
@@ -282,7 +282,7 @@ Specify models for commands that require specific capabilities:
 ```markdown
 ---
 description: "Code complexity analysis"
-model: gemini-3.0-pro
+model: gemini-3.1-pro
 ---
 
 Analyze the complexity of this code...