v0.8.6: all 28 issues — P0 survivability, UX polish, feature completion#486
Conversation
…#373) #382: Collapse Steer/Queue/Immediate into one mental model - decide_submit_disposition now returns Queue for all busy states - Ctrl+Enter forces a steer into the current turn - Composer hints simplified: send / queue (N) / offline - Updated tests for new disposition behavior #373: Wire shell jobs into Tasks sidebar panel - Task panel now merges live shell jobs from ShellManager - Footer count and panel count now agree - Periodic refresh includes shell job snapshots Verification: cargo test --workspace (1777 passed), clippy clean
…lism, longevity - Rewrite RLM section from 'specialty tool' to three-pattern capability guide (CHUNK / BATCH / RECURSE) so the model uses batch classification and self-critique, not just overflow handling. - Move sub-agent guidance from a 'don't' list to a positive Sub-Agent Strategy section. Sub-agents are for investigation AND implementation; spawn them for parallel independent work, not just final execution. - Add Parallel-First Heuristic — before firing any tool, scan for concurrent candidates. Batch independent reads/searches into one turn. - Add Verification Principle and Composition Pattern — verify before claiming, re-read the plan between phases, don't guess. - Bump thinking budget for code generation from Light to Medium. - Add Efficient Approvals section to Agent mode — present batch plans, request approval once, execute all writes in parallel. - Add Session Longevity section to AGENTS.md and agent mode — delegate, batch, compact at 60%, max 3 sequential turns. These changes directly address the 'mismanaged genius' pathology where a capable V4 model serialized work, underused sub-agents, and accumulated context until the session degraded. See PROMPT_ANALYSIS.md for the full gap analysis.
…ompletion ## P0 Runtime Survivability (#402) - Flipped capacity controller and compaction defaults from off→on - Added HISTORY_SOFT_CAP (5000 cells) with automatic batch-folding - Capped session persistence at 500 messages - Added compaction smoke test ## UI Fixes (#399, #400, #394) - Fixed text bleed-through: ChatWidget uses passed area, sidebar clears on bailout, defensive ink fill - Added history cap with placeholder - Git queries off UI thread (with sync fallback for tests) - File-tree async walk with loading placeholder ## Test Hygiene (#401) - Rewrote RLM test with structural assertions - Updated ignored test reasons to reference #402 - Added prose-assertion guideline ## Features (all 23+ issues) - #397 Goal mode (/goal with token budget tracking) - #396 Per-turn cache hit chip with threshold coloring - #395 Cycle-boundary visualization - #394 File-tree pane (Ctrl+E) - #393 /share session URL (HTML + gist upload) - #392 /model auto heuristic - #391 User-defined slash commands - #390 /profile hot-switch - #389 LSP diagnostics wiring - #388 Crash-recovery prompt (--fresh flag) - #387 Self-update (deepseek update) - #386 /init AGENTS.md bootstrap - #385 /diff session changes - #384 Surgical /undo (snapshot-based patch revert) - #383 /edit revise and resubmit - #382 Collapse Steer/Queue/Immediate - #380 Diff highlighting detection - #379 Smart clipboard Ctrl+Y - #378 Docs polish (README, ARCHITECTURE, CONTRIBUTING) - #377 Shrink App state (ComposerState, ViewportState, GoalState, SessionState) - #376 Native-copy escape (Shift bypass) - #375 Right-click context menu (hide/show cells) - #374 Clickable file:line styling - #373 Tasks panel shell jobs - #398 MCP Phase A (agent-style deepseek/deepseek-reply tools) ## Verification - cargo check: clean - cargo fmt: clean - cargo test: 1789 passed, 1 pre-existing flaky (restore order-dependent) - cargo clippy: 5 style warnings (non-blocking)
There was a problem hiding this comment.
Code Review
This pull request introduces version 0.8.6 of DeepSeek TUI, focusing on session survivability, UX enhancements, and architectural refactoring. Key additions include a file-tree pane, session goal tracking, sharing via Gists, self-update functionality, and user-defined slash commands. The App state has been refactored into sub-structs, and auto-compaction is now enabled by default. Feedback identifies a Windows-specific bug in the update logic, a security vulnerability regarding predictable temporary filenames, and performance inefficiencies in the MCP server and user command loading. Additionally, the string-based fallback logic for the undo command is noted as brittle.
| } | ||
|
|
||
| // Atomic rename | ||
| std::fs::rename(&tmp, target) |
There was a problem hiding this comment.
On Windows, std::fs::rename will fail if the target file is the currently running executable. To support self-updating on Windows, you should first rename the current executable to a temporary name (e.g., deepseek.exe.old) and then move the new binary into the original location. This allows the OS to release the lock on the original filename.
| let config = Config::load(None, None).map_err(|e| RpcError { | ||
| code: -32000, | ||
| message: format!("Failed to load config: {e}"), | ||
| })?; | ||
| let client = DeepSeekClient::new(&config).map_err(|e| RpcError { | ||
| code: -32000, | ||
| message: format!("Failed to create DeepSeek client: {e}"), | ||
| })?; | ||
|
|
There was a problem hiding this comment.
The deepseek and deepseek-reply tool handlers reload the configuration and recreate the DeepSeekClient on every invocation. This is inefficient as it involves disk I/O for config loading and repeated initialization of the HTTP client. Consider initializing the client once and storing it in the McpServer struct to improve performance.
| require_approval: bool, | ||
| /// Thread-based conversation state for deepseek/deepseek-reply tools. | ||
| /// Maps thread_id -> ordered list of messages in the conversation. | ||
| threads: Arc<Mutex<HashMap<String, Vec<Message>>>>, |
There was a problem hiding this comment.
The threads HashMap stores conversation history for MCP-driven DeepSeek calls but lacks a mechanism for expiration or cleanup. In a long-running server process, this will lead to unbounded memory growth as new thread IDs are generated. Consider implementing a TTL-based eviction policy or a maximum capacity for the thread cache.
| /// lowercase. Files that fail to read are silently skipped. The directory | ||
| /// is re-scanned on every call so newly-added commands show up immediately | ||
| /// without requiring a restart. | ||
| pub fn load_user_commands() -> Vec<(String, String)> { |
There was a problem hiding this comment.
load_user_commands performs directory scanning and file reads on every call. Since this is invoked at the start of every command execution and during every autocomplete request, it introduces unnecessary disk I/O latency. Caching the commands in memory would significantly improve responsiveness.
|
|
||
| /// Write HTML to a temp file and return its path. | ||
| fn write_temp_html(html: &str) -> Result<PathBuf, String> { | ||
| let tmp = std::env::temp_dir().join(format!("deepseek-share-{}.html", std::process::id())); |
There was a problem hiding this comment.
Using a predictable filename in the system temporary directory is insecure and can lead to collisions or symlink attacks. Since the tempfile crate is already a project dependency, it should be used to create a secure, uniquely named temporary file.
| if result.message.as_deref().map_or(true, |m| { | ||
| m.starts_with("No snapshots found") | ||
| || m.starts_with("No tool or pre-turn") | ||
| || m.starts_with("Snapshot repo") | ||
| }) { |
There was a problem hiding this comment.
The logic for falling back to conversation undo relies on matching specific error message strings from patch_undo. This is brittle and will break if the error messages are updated or localized. It would be safer to have patch_undo return a structured error type or use a specific flag in CommandResult to indicate that no snapshots were found.
- Load /.deepseek/config.toml on startup and merge overrides - Add --no-project-config CLI flag to skip project config - Add merge_project_overrides to ConfigToml in deepseek-config crate - Add load_project_config helper function - Commented on #485 with design proposal Project config supports overriding: model, api_key, base_url, reasoning_effort, provider settings, network policy, LSP config, and snapshots config.
Bump workspace and npm wrapper metadata to 0.8.6, harden self-update and /share temp-file handling, and clean the rustdoc/rustfmt/clippy/Windows test blockers for the v0.8.6 release gate.
|
Local v0.8.6 release verification after
Also addressed the review blockers for secure |
v0.8.6 Sprint — Complete
All 28 issues with the v0.8.6 label are addressed in this PR.
P0: Session Survivability (#402)
Critical Fixes (#399, #400)
Test Hygiene (#401)
Feature Complete (23 issues)
Goal mode, cache hit chip, cycle-boundary, file-tree pane, /share, /model auto, user-defined commands, /profile, LSP wiring, crash-recovery, self-update, /init, /diff, surgical /undo, /edit, Steer/Queue collapse, diff highlighting, smart clipboard, docs polish, App state shrink, native-copy escape, context menu, Tasks panel shell jobs, MCP Phase A
Verification
cargo check: cleancargo fmt: cleancargo test: 1789 passed, 1 pre-existing flaky (restore order-dependent)cargo clippy: 5 style warnings (non-blocking)Closes #402 Closes #401 Closes #400 Closes #399 Closes #398 Closes #397 Closes #396 Closes #395 Closes #394 Closes #393 Closes #392 Closes #391 Closes #390 Closes #389 Closes #388 Closes #387 Closes #386 Closes #385 Closes #384 Closes #383 Closes #382 Closes #380 Closes #379 Closes #378 Closes #377 Closes #376 Closes #375 Closes #374 Closes #373