v0.1.26

Changelog

v0.1.26

✨ Features

• Gateway Mode (vibecoding gateway)

  • New HTTP server exposing a standard OpenAI Chat Completions API (/v1/chat/completions, /v1/models, /health)
  • Any OpenAI-compatible client (Cursor, Continue, Open WebUI, Python SDK, etc.) can connect directly
  • Streaming (SSE) and non-streaming responses fully supported
  • Backend powered by VibeCoding agent loop with tool execution transparent to the caller

• Multi-Session Support

  • Built-in SessionPool for concurrent sessions, each with isolated agent, tools, and message history
  • Session association via x_session_id in request body; auto-created when absent
  • Configurable idle timeout (session.idleTimeoutSeconds) and max session limit (session.maxSessions)

• Sub-Agent Support in Gateway

  • Optional enableSubAgents config to enable multi-agent orchestration in gateway mode
  • Reuses existing AgentFactory / AgentManager / sub-agent tools with no core agent changes

• Bearer Token Authentication

  • Configurable via gateway.json with auth.enabled and auth.tokens list
  • Disabled by default; /health endpoint always unauthenticated

• Slash Commands via API

  • /clear, /mode, /model, /models, /sessions, /compact, /status, /skill, /skills, /help
  • Triggered when the last user message starts with /; processed at gateway layer without invoking LLM
  • Responses use standard OpenAI format with x_command extension field

• Tool Visibility Configuration (toolVisibility.mode)

  • "content" (default): tool status sent as text in content field during streaming
  • "sse_event": tool status sent as extended SSE events for custom clients
  • "none": fully transparent, client sees only final text

• System Prompt Handling (systemPromptMode)

  • "append" (default): client system messages appended to built-in system prompt
  • "ignore": client system messages discarded entirely

• Security: allowedWorkDirs

  • Directory whitelist for x_working_dir request-level overrides with path-separator-aware prefix matching
  • Three-layer security model: L1 auth + L2 directory control + L3 sandbox (bwrap)

• Sandbox Support in Gateway

  • Configurable via gateway.json sandbox.enabled / sandbox.level or --sandbox flag
  • Inherits detailed sandbox settings (allowedRead, deniedPaths, etc.) from settings.json

• Gateway Configuration (gateway.json)

  • Independent config file at ~/.config/vibecoding/gateway.json
  • Covers: listen address, auth, mode, sandbox, workingDir, allowedWorkDirs, session management, CORS, tool visibility, system prompt mode, request timeout, concurrency limit, logging
  • vibecoding --init-gateway to generate template; --force to overwrite

• Request Timeout & Concurrency

  • requestTimeoutSeconds (default 1800s); streaming keeps alive as long as data flows
  • maxConcurrentRequests (default 0 = unlimited)

📝 Docs

• Added docs/gateway-proposal.md with full architecture, API design, security model, and implementation plan
• Updated AGENTS.md version note

v0.1.25

v0.1.25

✨ Features

• Multi-Agent Mode

  • Added opt-in --multi-agent support across CLI, TUI, and ACP mode
  • Added AgentManager, EventRouter, and per-agent registries so agents have isolated tools, job managers, sessions, messages, and context
  • Added subagent_spawn, subagent_status, subagent_send, and subagent_destroy tools for delegated background work
  • Added multi-agent prompt guidance and safeguards that prevent nested sub-agent spawning

• Cron Task Support

  • Added internal/cron with persistent cron store and scheduler coverage
  • Added /cron command entry points in multi-agent TUI workflows

• Provider Vendor Adapter Layer

  • Added vendor adapter registration in internal/provider/vendor*.go
  • Centralized provider/model creation in internal/provider/factory
  • Added vendor detection for DeepSeek, Xiaomi, Kimi, MiniMax, Seed, Qianfan, Bailian, Gitee, OpenRouter, Together, Groq, Fireworks, OpenAI, and Anthropic
  • Preserved existing provider config format while allowing vendor-specific defaults and generic OpenAI/Anthropic-compatible fallback
  • Added model compat handling for thinking formats, reasoning effort support, max token field selection, adaptive Anthropic thinking, and DeepSeek/Xiaomi assistant reasoning_content

🐛 Bug Fixes

• Auto-initialized sessions on first append so sub-agents can write session entries without requiring explicit prior initialization
• Fixed sub-agent tests to wait for background runs and clean up spawned agents before temporary directory removal
• Preserved ACP Anthropic cache-control behavior while moving provider creation to the shared factory

📝 Docs

• Updated AGENTS.md with provider factory and vendor adapter guidance
• Replaced the multi-agent implementation checklist with a completed architecture/status document
• Removed the obsolete root todo.md

🧪 Testing

• Added coverage for provider vendor resolution, provider factory creation, OpenAI/Anthropic compat behavior, multi-agent manager/router/sub-agent flows, cron storage/scheduler behavior, and session auto-initialization
• Verified with make test (go test -v -race ./...)

v0.1.24

v0.1.24

✨ Features

• API Retry with Exponential Backoff
  • Automatic retry for transient errors (5xx, network failures, rate limits) on initial HTTP connection
  • Exponential backoff: baseDelay × 2^attempt, capped at 30 seconds
  • Does NOT retry on user abort (context.Canceled), 4xx client errors, or mid-stream failures
  • Configurable via retry settings (maxRetries, baseDelay, maxDelay)
  • Agent forwards retry events as status updates visible in TUI and print mode
  • ACP mode also receives retry configuration

🐛 Bug Fixes

• Anthropic cache_control Now Opt-In

  • Changed default cache_control behavior to off (was auto-enabled for official API base URL)
  • Require explicit cacheControl: true in provider config to enable prompt caching
  • ACP provider creation explicitly enables cache_control for Anthropic

• Anthropic Tool Result Grouping

  • Fixed consecutive toolResult messages to be grouped into a single user message
  • Anthropic API requires all tool_result blocks for preceding tool_use to appear together before other content
  • Image blocks from tool results are now appended after all result blocks in the same message

• Agent Tool-Only Loop Warning Ordering

  • Moved the no-text tool-loop warning to be injected after tool results are appended
  • Keeps assistant -> toolResult -> warning message ordering valid for provider and session transcripts
  • Warning messages are now also persisted to session storage

📝 Docs

• Comprehensive Configuration Documentation Rewrite
  • Added missing settings: cacheControl, idle compression, full sandbox fields (bwrapPath, allowedRead, allowedWrite, deniedPaths, passEnv, tmpSize), shellPath, shellCommandPrefix, sessionDir, skillsDir, theme, retry
  • Documented shell command apiKey format (!cmd) for password manager integration
  • Fixed key resolution order: config apiKey first, then derived env var
  • Fixed macOS config path: ~/Library/Application Support/vibecoding/
  • Added top-level fields reference table with all defaults
  • Added per-platform defaults for sandbox paths and env vars
  • Improved examples with Claude provider cacheControl, idle compression, project-level overrides, and custom sandbox paths

🧪 Testing

• Added retry tests covering IsRetryable, RetryDelay, and FormatRetryMessage
• Added Anthropic provider tests for consecutive tool result grouping
• Added a regression test covering tool-only warning placement after tool results

v0.1.22

Changelog

v0.1.22

✨ Features

• CLI/TUI MCP Auto-Loading
  • CLI/TUI startup now loads global and project mcp.json, connects configured MCP servers, and registers MCP tools before the agent tool list is frozen

🐛 Bug Fixes

• Markdown Rendering Style
  • Switched CLI print mode and TUI markdown rendering from Glamour auto-style detection to the fixed dark style for more consistent terminal output

🧪 Testing

• Added MCP config loader coverage for placeholder template filtering

🛠 Improvements

• Shared MCP Runtime
  • Moved MCP connection/tool registration out of ACP-only code into a shared runtime used by ACP and normal CLI/TUI sessions
  • Starter-template placeholder MCP servers are ignored during automatic startup loading

v0.1.21

Changelog

v0.1.21

✨ Features

• Plan/Apply Workflow

  • Added a built-in plan tool for structured task plans with pending, running, done, and failed step statuses
  • TUI now shows the current task plan and records plan updates in the transcript
  • Print mode and ACP now surface plan updates for non-interactive and editor-client flows

• Apply Confirmation

  • Added approval.confirmBeforeWrite to require approval before write and edit in agent mode
  • Enabled write/edit confirmation by default in generated settings
  • TUI approval prompts summarize write content by byte size instead of dumping full file content

• MCP Config Commands

  • Added /init_mcp to create project/global mcp.json with basic/full templates and optional --force
  • Added /mcps to list MCP servers from global and project mcp.json files
  • MCP config is now maintained in standalone mcp.json (separate from settings.json)

🧪 Testing

• Added coverage for the plan tool and write/edit approval gating
• Added HTTP-based MCP integration tests for tool/resource/prompt registration and callback paths
• Added SSE-based MCP integration tests for stream callbacks and message endpoint request/response flow

🛠 Improvements

• ACP MCP Hardening
  • Added MCP transport support for http and sse (alongside existing stdio)
  • Added MCP initialize/tool-discovery timeouts to avoid hanging ACP sessions
  • Added paginated tools/list fetching with upper page bounds
  • Added MCP resources/* and prompts/* discovery and tool registration
  • Added duplicate MCP server-name detection and MCP tool-name de-duplication
  • Added MCP inbound request/notification handling (ping, progress/logging/cancel notifications)
  • Added bridge for inbound sampling/createMessage to the active ACP provider/model
  • Added stricter close/error propagation

v0.1.20

v0.1.20

✨ Features

• Structured File Change Reporting
  • write and edit now attach structured file diff metadata to tool results
  • TUI tool details show full unified diffs while collapsed tool rows keep a compact +N -N summary
  • Print mode now emits clear file change summaries for non-interactive runs
  • ACP tool updates include diff metadata in raw output for compatible clients

🧪 Testing

• Added coverage for structured diff metadata from write and edit

---

v0.1.19

✨ Features

• TUI Tool Details Modal

  • Replaced Ctrl+O toggle-expand with a scrollable full-screen modal overlay showing all tool calls and results
  • Supports PgUp/PgDn, Up/Down, Home/End navigation; Esc/Ctrl+O/q to close
  • Tool headers now display file paths; removed content truncation in tool args display
  • Write tool results show diff summary in the one-line summary line
  • Key input is blocked while the modal is open to prevent accidental actions

• Write Tool Diff Summary

  • write tool now computes LCS-based line-level diff when overwriting files
  • Returns structured diff info (+N -N with line ranges) in the tool result
  • Skips diff computation for very large files (>200K line pairs) to avoid memory pressure

🛠 Improvements

• Unified Shell Args Across Sandbox Backends
  • All sandbox backends (none, mac, windows) now use platform.ShellArgs() for cmd.exe/PowerShell argument construction
  • Fixes Windows cmd.exe and PowerShell commands in sandboxed execution modes
  • ShellArgs now normalizes shell name to lowercase before matching

🧪 Testing

• Added TestNoneSandboxWrapCommandUsesPlatformShellArgs covering cmd.exe and PowerShell argument generation

v0.1.18

Changelog

v0.1.18

🐛 Bug Fixes

• TUI Nil Pointer Panic

  • Fixed a nil pointer panic in printMessageOnce when printedMessageIdx map was not initialized
  • Added nil check before accessing the map in the message printing logic

• Stream Commit Before Tool Execution

  • Added commitActiveStream() method to flush streaming content (thinking and assistant messages) to output before tool execution
  • Now properly commits active stream before EventToolCall and EventToolApprovalRequest handling
  • Ensures thinking and partial assistant responses are visible when tools run or approval is requested

🧪 Testing

• Added TestHandleAgentEventCommitsStreamBeforeApproval regression test for stream commit ordering

v0.1.17

Changelog

v0.1.17

🛠 Improvements

• TUI Native Scrollback

  • Reworked TUI history rendering so completed messages are printed into the terminal's native scrollback instead of a fixed-height viewport
  • Removed the virtual scrollbar and mouse-capture approach; mouse wheel scrolling now uses normal terminal history behavior
  • Kept live streaming content, input, footer, context/cache status, and tool output controls in the Bubble Tea view

• TUI Request Timers

  • Added per-request elapsed time display while a response is running
  • Footer now keeps the last request duration after completion

• Event Loop Decoupling

  • Added shared agent event consumption helpers
  • Split the TUI agent-event bridge out of the main app file and reused the event loop from CLI print mode

• Windows Console Compatibility

  • Enabled Windows virtual terminal console modes where available for better PowerShell rendering on Windows 10

🐛 Bug Fixes

• Fixed a TUI startup deadlock caused by printing initial/session history before Bubble Tea had started consuming program messages
• Fixed an agent message-history data race found by go test -race
• Fixed mock provider cancellation handling for already-canceled contexts

🧪 Testing

• Full make test now passes with race detection
• Added TUI regression coverage for startup history printing without blocking
• Hardened tests that depend on local HTTP listeners or default home-directory session paths in restricted environments

v0.1.15

Changelog

v0.1.15

🐛 Bug Fixes

• Vendored Search Tool Availability

  • Fixed grep and find so they prepare embedded rg / fd binaries on demand instead of failing when vendored tools have not been extracted yet
  • Restored executable permissions for already-extracted vendored binaries to avoid permission denied failures on reuse

• Bash Tool Result Handling

  • Fixed bash tool responses to report stdout, stderr, working directory, and exit code in a stable structured format
  • Preserved non-zero command exits as normal tool results with explicit exit_code output instead of mixing shell failures into transport-level errors
  • Standardized empty stdout/stderr rendering as (no output) for more predictable downstream handling

Full Changelog: v0.1.14...v0.1.15

v0.1.14

Changelog

v0.1.14

🐛 Bug Fixes

• Session Continue Context Injection (-c)
  • Fixed a TUI state coupling issue where continued sessions could display history but fail to inject that history into the model context for follow-up prompts
  • Split session history state into separate UI-display and agent-injection flags to ensure resumed conversations keep prior context
  • Reset agent history-injection state consistently when the agent is recreated (abort/mode/model/skill/session switches)
  • Added missing TUI handlers for EventStatus and EventMessageStart so status/warning messages are rendered reliably

🧪 Testing

• Added regressions that cover:
  • history injection when UI history is already loaded
  • real startup ordering (Init() history load, then follow-up input) for continued sessions

---

v0.1.13

🐛 Bug Fixes

• Streaming Event and Tool Call Robustness

  • Preserved terminal agent events in the TUI event listener so done/error/status handling is not dropped during streaming
  • Added Anthropic thinking signature streaming and replay support, and surfaced SSE error events as proper stream errors
  • Generated fallback tool call IDs for OpenAI-compatible streamed tool calls when providers omit IDs, with an extra defensive fallback in the agent loop

• Sandbox Environment Inheritance

  • Fixed none sandbox execution so commands inherit the parent environment, including variables such as $HOME
  • Clarified bubblewrap environment override handling to match runtime behavior

🛠 Improvements

• Vendored Tool Build Flow

  • Unified build and distribution targets around prepare-vendored
  • Removed the old vendored-tools release step and deprecated the stale extract helper script

• Documentation Site Layout

  • Expanded the docs landing page content width for better large-screen readability

• Package Metadata

  • Updated npm package versions for installer packages

📖 Documentation

• Updated README and docs landing pages to highlight safer approval handling, unified cache metrics, and consistent provider debugging
• Simplified AGENTS.md guidance for repository agents

🧪 Testing

• Added bash tool output coverage for stdout-only, stderr-only, no-output, and non-zero exit cases
• Added TUI regression tests for status/warning rendering and done/error event passthrough
• Added OpenAI streaming regression coverage for tool calls with missing IDs