Upstream changes detected: Gemini CLI, Codex CLI (App Server Protocol), GitHub Copilot CLI, Qwen Code

[github-actions]

This issue was opened automatically by upstream-watch.yml on 2026-06-15 because at least one upstream project this plugin depends on shipped a new release.

Detected changes

Gemini CLI — v0.45.2 → v0.46.0

• Release: Release v0.46.0 (published 2026-06-10)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/gemini.mjs. Watch for changes to ACP handshake, model alias resolution, MCP support, or new approval modes.

Release notes excerpt

What's Changed

• fix(core): harden PTY resize against native crashes by @scidomino in fix(core): harden PTY resize against native crashes google-gemini/gemini-cli#27496
• Changelog for v0.45.0-preview.0 by @gemini-cli-robot in Changelog for v0.45.0-preview.0 google-gemini/gemini-cli#27495
• Changelog for v0.44.0 by @gemini-cli-robot in Changelog for v0.44.0 google-gemini/gemini-cli#27569
• fix(cli): prevent spam loop when preferredEditor is invalid by @Niralisj in fix(cli): prevent spam loop when preferredEditor is invalid google-gemini/gemini-cli#25324
• Adding quote by @scidomino in Adding quote google-gemini/gemini-cli#27571
• Transition to flash GA model when experiment flag is present. by @DavidAPierce in Transition to flash GA model when experiment flag is present. google-gemini/gemini-cli#27570
• chore(ci): add optimized PR size labeler and batch workflows by @sripasg in chore(ci): add optimized PR size labeler and batch workflows google-gemini/gemini-cli#27616
• fix(ci): use pull_request_target trigger to grant write access on fork PRs by @sripasg in fix(ci): use pull_request_target trigger to grant write access on fork PRs google-gemini/gemini-cli#27637
• fix(patch): cherry-pick e4315b3 to release/v0.46.0-preview.0-pr-27645 to patch version v0.46.0-preview.0 and create version 0.46.0-preview.1 by @gemini-cli-robot in fix(patch): cherry-pick e4315b3 to release/v0.46.0-preview.0-pr-27645 to patch version v0.46.0-preview.0 and create version 0.46.0-preview.1 google-gemini/gemini-cli#27655
• fix(patch): cherry-pick f40498d to release/v0.46.0-preview.1-pr-27676 to patch version v0.46.0-preview.1 and create version 0.46.0-preview.2 by @gemini-cli-robot in fix(patch): cherry-pick f40498d to release/v0.46.0-preview.1-pr-27676 to patch version v0.46.0-preview.1 and create version 0.46.0-preview.2 google-gemini/gemini-cli#27699
• fix(patch): cherry-pick f08b4af to release/v0.46.0-preview.2-pr-27749 to patch version v0.46.0-preview.2 and create version 0.46.0-preview.3 by @gemini-cli-robot in fix(patch): cherry-pick f08b4af to release/v0.46.0-preview.2-pr-27749 to patch version v0.46.0-preview.2 and create version 0.46.0-preview.3 google-gemini/gemini-cli#27768
  Full Changelog: google-gemini/gemini-cli@v0.45.3...v0.46.0

Codex CLI (App Server Protocol) — rust-v0.137.0 → rust-v0.139.0

• Release: 0.139.0 (published 2026-06-09)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/codex.mjs and app-server.mjs. Watch for sandbox mode changes, new approval policies, or app-server protocol updates.

Release notes excerpt

New Features

• Code mode can now call standalone web search directly, including from nested JavaScript tool calls, and receive plaintext search results. (#26719)
• Tool and connector input schemas now preserve oneOf and allOf, and large schemas keep more shallow structure when compacted, improving compatibility with richer MCP tools. (#24118, #27084)
• codex doctor now includes editor and pager environment details in the local report while redacting raw values in JSON output. (#27081)
• Plugin marketplace automation is more informative and responsive: codex plugin marketplace list --json now includes each marketplace source, and plugin lists can return from the cached remote catalog before refreshing in the background. (#27009, #26932)

Bug Fixes

• codex resume --last "..." and codex fork --last "..." now treat the trailing argument as the initial prompt instead of misreading it as a session ID. (#26818)
• MCP startup warnings from subagents now stay in the thread that owns them, avoiding duplicate parent-thread alerts and stuck startup spinners in the TUI. (#26639)
• Image edits now use the exact referenced image file paths instead of guessing from conversation history, so attached-image edits land on the intended input. (#26486)
• Bare URLs with ~ in the path are now linkified end to end in the TUI instead of being truncated before the tilde. (#27088)
• Thread resets such as /new, /clear, and /fork no longer drop cloud-managed requirements or feature flags during TUI config reloads. (#25177)
• Sandbox execution now preserves approved escalation decisions and enforces configured proxy-only networking more consistently. (#24981, #27035)

Chores

• Release builds once again publish separate symbol archives with line tables, improving post-release crash symbolication without bringing back the earlier full-debug build slowdown. (#26202)
• The embedded V8 toolchain was updated to rusty_v8 149.2.0. (#26464)

Changelog

Full Changelog: openai/codex@rust-v0.138.0...rust-v0.139.0

• #26741 fix(remote-control): preserve enrollment on generic websocket 404s @apanasenko-oai
• #26804 fix(core-plugins): send Codex product SKU to plugin-service @ericning-o
• #26464 build(v8): update rusty_v8 to 149.2.0 @cconger
• #26895 ci: use bazel environment for BuildBuddy secret @bolinfest
• #24981 fix: preserve approval sandbox decisions in unified exec @bolinfest
• #26818 fix(tui): accept prompts with resume and fork @fcoury-oai
• #24820 deps: update starlark to 0.14.2 @bolinfest
• #26639 fix(tui): scope MCP startup status by thread @fcoury-oai
• #26719 [codex] Enable standalone web search in code mode @rka-oai
• #26632 feat: add v2 agent residency lru @jif-oai
• #26974 Ignore proc-macro-error2 advisory @jif-oai
• #26969 feat: count V2 concurrency by active execution @jif-oai
• #26994 Rename multi-agent v2 close_agent to interrupt_agent @jif-oai

…(release notes truncated; click the link above for the full text)

GitHub Copilot CLI — v1.0.60 → v1.0.62

• Release: 1.0.62 (published 2026-06-13)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/copilot.mjs. Watch for ACP changes, slash-command additions/removals, or auth flow changes.

Release notes excerpt

2026-06-13

• Ask and elicitation dialogs now scroll together with the timeline instead of taking over the screen, so a tall dialog no longer hides the agent's output — scroll up to read earlier output, then back down to the dialog
• Keep blank lines between reasoning summary sections
• Show user-typed colon terms in the search chip
• Plugins can now ship extensions, making them installable via the plugin marketplace
• Add content search, match highlighting, and n/N navigation in diff view
• Add /app slash command to open the GitHub app or a browser fallback
• Configure subagent model, reasoning effort, and context tier via user settings or the /subagents (also /agents) picker
• PowerShell redirect paths no longer trigger content-exclusion refusals
• WebSocket transport closes cleanly outside the Tokio runtime
• Shell tool errors now explain when a shell ID was stopped, completed, or reclaimed
• Voice runtime download dialog no longer reopens in a loop after an install failure
• Make the MCP server config form easier to use with a picker-based flow
• Show 'YOLO' (allow all) indicator in the footer and add allow-all state to custom statusLine.command
• Press / on the Issues or Pull Requests tab to search GitHub with server-side filtering
• Add session-scoped extensions and canvases
• Allow SDK clients to configure session memory through session.create and session.resume
• Automatically authenticate through corporate forward proxies using Kerberos/Negotiate (SPNEGO)
• Add file tree sidebar and inline comment editor to the /diff view
• Honor max_output_tokens for BYOK Responses providers
• MCP server names with dots and slashes map to valid Responses API namespaces
• Editor commands like code-insiders --wait launch correctly on Windows
• Load skills from symlinked directories outside the configured root
• Recover gracefully from oversized inline images instead of failing the turn
• An image attachment rejected because vision is disabled by policy or unsupported by the current model no longer poisons the rest of the session. The image is stripped from conversation history after the 400 so subsequent prompts succeed.
• Shells promoted to background from /tasks keep running after the turn ends
• Hide internal disabled tool messages from background helper agents
• Sandbox tool loads correctly when mxc-sdk is provided by the host environment
• Custom agents in nested .github/agents and .claude/agents directories are now discovered when the session is started from a subdirectory of the repository root
• Approving a tool permission prompt no longer causes a second prompt for the same tool call

…(release notes truncated; click the link above for the full text)

Qwen Code — v0.17.1 → v0.18.1

• Release: Release v0.18.1 (published 2026-06-15)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/qwen.mjs. Watch for ACP support changes (the --acp flag graduated from --experimental-acp recently).

Release notes excerpt

What's Changed

• chore(release): v0.18.0 by @qwen-code-ci-bot in chore(release): v0.18.0 QwenLM/qwen-code#5050
• feat(daemon): gate direct session shell behind explicit opt-in by @doudouOUC in feat(daemon): gate direct session shell behind explicit opt-in QwenLM/qwen-code#5031
• fix(telemetry): Propagate daemon ACP trace context by @doudouOUC in fix(telemetry): Propagate daemon ACP trace context QwenLM/qwen-code#5047
• feat(core): persist oversized tool results to disk (#4095 Phase 4) by @doudouOUC in feat(core): persist oversized tool results to disk (#4095 Phase 4) QwenLM/qwen-code#5042
• fix(docs): update Coding Plan model list and fix stale references in developer docs by @DragonnZhang in fix(docs): update Coding Plan model list and fix stale references in developer docs QwenLM/qwen-code#5054
• feat(core,cli): bubble background subagent permission prompts to the parent session by @qqqys in feat(core,cli): bubble background subagent permission prompts to the parent session QwenLM/qwen-code#4955
• feat(core): let grep results satisfy prior-read checks by @he-yufeng in feat(core): let grep results satisfy prior-read checks QwenLM/qwen-code#5043
• chore: sync package-lock.json with packages/cli ws dependencies by @tanzhenxin in chore: sync package-lock.json with packages/cli ws dependencies QwenLM/qwen-code#5023
• feat(skills): support user-invocable frontmatter by @kkhomej33-netizen in feat(skills): support user-invocable frontmatter QwenLM/qwen-code#5037
• fix(daemon): Sanitize logs and type MCP restarts by @doudouOUC in fix(daemon): Sanitize logs and type MCP restarts QwenLM/qwen-code#5006
• fix(memory): avoid stale tool schema recall by @he-yufeng in fix(memory): avoid stale tool schema recall QwenLM/qwen-code#5058
• fix(core): eliminate OOM from debugResponses accumulation by @zzhenyao in fix(core): eliminate OOM from debugResponses accumulation QwenLM/qwen-code#4982
• feat(serve): deliver A2UI surfaces over MCP — bridge extraction and action endpoint by @qqqys in feat(serve): deliver A2UI surfaces over MCP — bridge extraction and action endpoint QwenLM/qwen-code#4961
• fix: enable fork subagents by default by @he-yufeng in fix: enable fork subagents by default QwenLM/qwen-code#4963
• refactor(web-shell): remove duplicate agents panel, contain SubAgent views by @wenshao in refactor(web-shell): remove duplicate agents panel, contain SubAgent views QwenLM/qwen-code#5059
• feat(mcp): project .mcp.json + workspace approval gating with aligned scope precedence (#4615) by @qqqys in feat(mcp): project .mcp.json + workspace approval gating with aligned scope precedence (#4615) QwenLM/qwen-code#4713
• fix(core): preserve background agent launch flags by @he-yufeng in fix(core): preserve background agent launch flags QwenLM/qwen-code#5061
• feat(web-shell): daemon web-shell improvements — token usage, settings, retry, streaming metrics, hidden commands by @ytahdn in feat(web-shell): daemon web-shell improvements — token usage, settings, retry, streaming metrics, hidden commands QwenLM/qwen-code#5066
• feat(web-shell): revamp floating todo panel interactions by @wenshao in feat(web-shell): revamp floating todo panel interactions QwenLM/qwen-code#5069
• fix(web-shell): improve slash command panel layering by @ytahdn in fix(web-shell): improve slash command panel layering QwenLM/qwen-code#5078
• feat(web-shell): show message time on hover by @wenshao in feat(web-shell): show message time on hover QwenLM/qwen-code#5079
• fix(serve): Add prompt queue backpressure by @doudouOUC in fix(serve): Add prompt queue backpressure QwenLM/qwen-code#5033
• feat(core): durable cron jobs — /loop tasks that survive restarts by @tanzhenxin in feat(core): durable cron jobs — /loop tasks that survive restarts QwenLM/qwen-code#5004
• fix(cli): show full plan for gate failures by @he-yufeng in fix(cli): show full plan for gate failures QwenLM/qwen-code#5077
• feat(web-shell): show time on parallel-agents box and sub-agent tools by @wenshao in feat(web-shell): show time on parallel-agents box and sub-agent tools QwenLM/qwen-code#5084
• feat(sdk,serve): DaemonTransport abstraction + ACP standard compliance by @chiga0 in feat(sdk,serve): DaemonTransport abstraction + ACP standard compliance QwenLM/qwen-code#5040
• fix(cli): submit fast tool results after stream end by @he-yufeng in fix(cli): submit fast tool results after stream end QwenLM/qwen-code#5071
• feat(core): Workflow P3 — agent({schema, agentType, model, isolation:'worktree'}) (#4721) by @LaZzyMan in feat(core): Workflow P3 — agent({schema, agentType, model, isolation:'worktree'}) (#4721) QwenLM/qwen-code#5034

…(release notes truncated; click the link above for the full text)

Also worth checking (manual — Copilot, please research these too)

• Cursor agent CLI — changelog: https://cursor.com/changelog · forum (bug reports): https://forum.cursor.com/c/bug-report/6
  • Drives plugins/multi/scripts/lib/adapters/cursor.mjs. The plugin currently works around the 2026.04.17-787b533 ACP regression (see maybeWarnAboutCursorVersion and ensureCursorAllowlist). When Cursor ships a fix, both workarounds can likely be simplified or removed.

Plugin files most likely to need updates

• plugins/multi/scripts/lib/acp-client.mjs (shared ACP JSON-RPC client; buildAutoApproveRequestHandler)
• plugins/multi/scripts/lib/acp-terminals.mjs (client-side terminal services)
• plugins/multi/scripts/lib/mcp-servers.mjs (MCP wiring for ACP session/new)
• plugins/multi/scripts/lib/adapters/{codex,gemini,cursor,copilot,qwen}.mjs (per-CLI adapters)
• plugins/multi/scripts/multi-cli-companion.mjs (companion runtime + dispatch)

What I'd like you to do, @copilot

1. Read the linked release notes for each detected change above, plus the manual-reference changelogs.
2. Compare what changed against the relevant adapter / shared code in this repo. Look specifically for:
   • New ACP methods we should handle in acp-client.mjs's buildAutoApproveRequestHandler
   • Renamed / deprecated CLI flags or model IDs hardcoded in any adapter
   • New CLI capabilities that obsolete a workaround we currently ship (e.g., the Cursor 2026.04.17 regression workaround in cursor.mjs — check if a newer Cursor release fixes it, and if so, propose removing maybeWarnAboutCursorVersion and the allowlist-injection or scoping it tighter)
   • Breaking changes that would silently break the plugin
3. For each change that warrants action, open a focused PR against master with the minimal fix. Reference the upstream release / commit / forum thread in the PR description.
4. If a detected change does NOT need any plugin update, reply on this issue with a short note saying "no plugin updates needed for X — reason: …" and close it.
5. If something is ambiguous (you can't tell from release notes whether the plugin is affected), ask in a comment rather than guessing.

You may use ACP_TRACE=1 and the rest of the diagnostic patterns documented in plugins/multi/skills/customize/SKILL.md if you want to verify behavior empirically.

---

State tracked in .github/upstream-state.json — bumped by this same workflow. If you want to suppress a noisy upstream from this watch, edit .github/scripts/upstream-watch.mjs.