fix: batch merge of bug fixes (PR #281) - issues #2700, #2702, #2703, #2704, #2706, #2708, #2710, #2711, #2712, #2714

Fixes:
- #2700: Piped Input Corrupts Terminal Raw Mode State - Check TTY before TUI mode
- #2702: Panic Messages Don't Suggest RUST_BACKTRACE - Add panic hooks with helpful debugging tips
- #2703: Missing --frequency-penalty and --presence-penalty flags
- #2704: Missing --stop flag for stop sequences
- #2706: Running with sudo Creates Root-Owned Config Files - Use original user's home
- #2708: Worker Threads Not Properly Joined During Shutdown - Add cleanup method
- #2710: --timeout Doesn't Apply to TCP Connection Phase - Add connect_timeout
- #2711: Missing --logprobs flag for token probabilities
- #2712: Missing --n flag for multiple completions
- #2714: Missing --best-of flag for best completion selection

Author: factorydroid

cortex-cli/src/exec_cmd.rs

@@ -334,6 +334,41 @@ pub struct ExecCli {
     /// Supports glob patterns like "*.test.js" or "node_modules/**".
     #[arg(long = "exclude", action = clap::ArgAction::Append, value_name = "PATTERN")]
     pub exclude_patterns: Vec<String>,
+
+    // ═══════════════════════════════════════════════════════════════════════════
+    // LLM Generation Parameters (Issues #2703, #2704, #2711, #2712, #2714)
+    // ═══════════════════════════════════════════════════════════════════════════
+    /// Frequency penalty (-2.0 to 2.0).
+    /// Positive values penalize tokens based on their frequency in the text so far,
+    /// decreasing the likelihood of repeating the same content verbatim.
+    #[arg(long = "frequency-penalty")]
+    pub frequency_penalty: Option<f32>,
+
+    /// Presence penalty (-2.0 to 2.0).
+    /// Positive values penalize new tokens based on whether they appear in the text so far,
+    /// increasing the likelihood of talking about new topics.
+    #[arg(long = "presence-penalty")]
+    pub presence_penalty: Option<f32>,
+
+    /// Stop sequences (can be specified multiple times).
+    /// Generation will stop when any of these sequences is encountered.
+    #[arg(long = "stop", action = clap::ArgAction::Append)]
+    pub stop_sequences: Vec<String>,
+
+    /// Request log probabilities for output tokens.
+    /// Returns the log probabilities of the most likely tokens (up to 5).
+    #[arg(long = "logprobs")]
+    pub logprobs: Option<u8>,
+
+    /// Number of completions to generate.
+    /// Returns multiple independent completions for the same prompt.
+    #[arg(short = 'n', long = "n")]
+    pub num_completions: Option<u32>,
+
+    /// Generate best_of completions and return the best one.
+    /// Must be greater than n if n is specified.
+    #[arg(long = "best-of")]
+    pub best_of: Option<u32>,
 }
 
 impl ExecCli {

cortex-cli/src/main.rs

@@ -867,6 +867,9 @@ async fn main() -> Result<()> {
     // Install Ctrl+C handler to restore terminal state before exiting
     cortex_cli::install_cleanup_handler();
 
+    // Install panic hook that suggests RUST_BACKTRACE for debugging
+    cortex_cli::install_panic_hook();
+
     let cli = Cli::parse();
 
     // Handle color mode - set NO_COLOR env if --color never is used
@@ -1047,6 +1050,31 @@ async fn main() -> Result<()> {
 
 async fn run_tui(initial_prompt: Option<String>, args: &InteractiveArgs) -> Result<()> {
     use cortex_common::resolve_model_alias;
+    use std::io::IsTerminal;
+
+    // Check if stdin is a TTY before enabling TUI mode
+    // If stdin is piped, we cannot use raw mode safely
+    if !io::stdin().is_terminal() {
+        // When stdin is piped, fall back to run mode instead of TUI
+        // This prevents terminal raw mode corruption
+        bail!(
+            "Interactive TUI requires a terminal (stdin is not a TTY).\n\
+             For piped input, use 'cortex run' or 'cortex exec' instead:\n\
+             \n\
+             Examples:\n\
+             \x20 echo \"your prompt\" | cortex run\n\
+             \x20 cat prompt.txt | cortex exec\n\
+             \x20 cortex run \"your prompt\""
+        );
+    }
+
+    // Check if stdout is a TTY
+    if !io::stdout().is_terminal() {
+        bail!(
+            "Interactive TUI requires a terminal (stdout is not a TTY).\n\
+             For non-interactive output, use 'cortex run' or 'cortex exec' instead."
+        );
+    }
 
     let mut config = cortex_engine::Config::default();
 

cortex-cli/src/run_cmd.rs

@@ -212,6 +212,41 @@ pub struct RunCli {
     /// Number of times to retry failed requests (default: 0).
     #[arg(long = "retry", default_value_t = 0)]
     pub retry: u32,
+
+    // ═══════════════════════════════════════════════════════════════════════════
+    // LLM Generation Parameters (Issues #2703, #2704, #2711, #2712, #2714)
+    // ═══════════════════════════════════════════════════════════════════════════
+    /// Frequency penalty (-2.0 to 2.0).
+    /// Positive values penalize tokens based on their frequency in the text so far,
+    /// decreasing the likelihood of repeating the same content verbatim.
+    #[arg(long = "frequency-penalty")]
+    pub frequency_penalty: Option<f32>,
+
+    /// Presence penalty (-2.0 to 2.0).
+    /// Positive values penalize new tokens based on whether they appear in the text so far,
+    /// increasing the likelihood of talking about new topics.
+    #[arg(long = "presence-penalty")]
+    pub presence_penalty: Option<f32>,
+
+    /// Stop sequences (can be specified multiple times).
+    /// Generation will stop when any of these sequences is encountered.
+    #[arg(long = "stop", action = clap::ArgAction::Append)]
+    pub stop_sequences: Vec<String>,
+
+    /// Request log probabilities for output tokens.
+    /// Returns the log probabilities of the most likely tokens (up to 5).
+    #[arg(long = "logprobs")]
+    pub logprobs: Option<u8>,
+
+    /// Number of completions to generate.
+    /// Returns multiple independent completions for the same prompt.
+    #[arg(long = "n")]
+    pub num_completions: Option<u32>,
+
+    /// Generate best_of completions and return the best one.
+    /// Must be greater than n if n is specified.
+    #[arg(long = "best-of")]
+    pub best_of: Option<u32>,
 }
 
 /// Tool display information for formatted output.

cortex-cli/src/scrape_cmd.rs

@@ -120,8 +120,10 @@ impl ScrapeCommand {
             .cookie_store(true);
 
         // Override timeout if specified (0 means no timeout)
+        // Apply timeout to both connection phase and overall request
         if self.timeout > 0 {
-            client_builder = client_builder.timeout(Duration::from_secs(self.timeout));
+            let timeout = Duration::from_secs(self.timeout);
+            client_builder = client_builder.timeout(timeout).connect_timeout(timeout); // Ensure TCP connection respects timeout too
         }
 
         // Override user agent if specified

cortex-engine/src/api_client.rs

@@ -79,12 +79,12 @@ pub fn create_health_check_client() -> Result<Client> {
 /// All clients include:
 /// - User-Agent: `cortex-cli/{version}`
 /// - tcp_nodelay: true (for lower latency)
-/// - Specified timeout
+/// - Specified timeout (applies to both connect and overall request)
 pub fn create_client_with_timeout(timeout: Duration) -> Result<Client> {
     Client::builder()
         .user_agent(USER_AGENT)
         .timeout(timeout)
-        .connect_timeout(DEFAULT_CONNECT_TIMEOUT)
+        .connect_timeout(timeout) // Apply timeout to TCP connection phase as well (#2710)
         .tcp_nodelay(true)
         .build()
         .map_err(|e| CortexError::Internal(format!("Failed to build HTTP client: {e}")))
@@ -114,6 +114,7 @@ pub fn create_client_with_timeouts(
 /// Creates an HTTP client builder with standard configuration.
 ///
 /// Use this when you need to customize the client further before building.
+/// Note: The timeout is applied to both the TCP connection phase and the overall request.
 ///
 /// # Example
 /// ```ignore
@@ -125,6 +126,7 @@ pub fn create_client_builder() -> reqwest::ClientBuilder {
     Client::builder()
         .user_agent(USER_AGENT)
         .timeout(DEFAULT_TIMEOUT)
+        .connect_timeout(DEFAULT_TIMEOUT) // Apply timeout to TCP connection phase as well
         .tcp_nodelay(true)
 }
 
@@ -137,6 +139,7 @@ pub fn create_blocking_client() -> Result<reqwest::blocking::Client> {
     reqwest::blocking::Client::builder()
         .user_agent(USER_AGENT)
         .timeout(DEFAULT_TIMEOUT)
+        .connect_timeout(DEFAULT_TIMEOUT) // Apply timeout to TCP connection phase as well
         .build()
         .map_err(|e| CortexError::Internal(format!("Failed to build blocking HTTP client: {e}")))
 }
@@ -146,6 +149,7 @@ pub fn create_blocking_client_with_timeout(timeout: Duration) -> Result<reqwest:
     reqwest::blocking::Client::builder()
         .user_agent(USER_AGENT)
         .timeout(timeout)
+        .connect_timeout(timeout) // Apply timeout to TCP connection phase as well
         .build()
         .map_err(|e| CortexError::Internal(format!("Failed to build blocking HTTP client: {e}")))
 }

cortex-engine/src/config/loader.rs

@@ -33,7 +33,11 @@ pub const CORTEX_CONFIG_DIR_ENV: &str = "CORTEX_CONFIG_DIR";
 /// Checks in order:
 /// 1. `CORTEX_CONFIG_DIR` environment variable
 /// 2. `CORTEX_HOME` environment variable
-/// 3. Default `~/.cortex` directory
+/// 3. Default `~/.cortex` directory (respecting SUDO_USER if running as root)
+///
+/// When running with sudo, this function detects SUDO_USER and uses that
+/// user's home directory instead of /root/.cortex to prevent creating
+/// root-owned config files in the user's home directory.
 pub fn find_cortex_home() -> std::io::Result<PathBuf> {
     // Check CORTEX_CONFIG_DIR environment variable first (new)
     if let Ok(val) = std::env::var(CORTEX_CONFIG_DIR_ENV) {
@@ -53,12 +57,117 @@ pub fn find_cortex_home() -> std::io::Result<PathBuf> {
         }
     }
 
-    // Default to ~/.cortex
-    let mut home = dirs::home_dir().ok_or_else(|| {
+    // Default to ~/.cortex, but respect SUDO_USER if running as root
+    let home = get_effective_home_dir()?;
+    let cortex_home = home.join(".cortex");
+    Ok(cortex_home)
+}
+
+/// Get the effective home directory, respecting SUDO_USER when running as root.
+///
+/// This prevents creating root-owned config files in the user's home directory
+/// when running cortex with sudo.
+fn get_effective_home_dir() -> std::io::Result<PathBuf> {
+    // Check if we're running as root (uid 0 on Unix)
+    #[cfg(unix)]
+    {
+        // Check if effective user is root
+        let is_root = unsafe { libc::geteuid() } == 0;
+
+        if is_root {
+            // Check for SUDO_USER to get the original user's home
+            if let Ok(sudo_user) = std::env::var("SUDO_USER") {
+                if !sudo_user.is_empty() && sudo_user != "root" {
+                    // Try to get the user's home directory from /etc/passwd
+                    if let Some(user_home) = get_user_home_dir(&sudo_user) {
+                        debug!(
+                            user = %sudo_user,
+                            home = %user_home.display(),
+                            "Using SUDO_USER's home directory"
+                        );
+                        return Ok(user_home);
+                    }
+                }
+            }
+
+            // Also check for SUDO_UID
+            if let Ok(sudo_uid) = std::env::var("SUDO_UID") {
+                if let Ok(uid) = sudo_uid.parse::<u32>() {
+                    if uid != 0 {
+                        if let Some(user_home) = get_user_home_dir_by_uid(uid) {
+                            debug!(
+                                uid = uid,
+                                home = %user_home.display(),
+                                "Using SUDO_UID's home directory"
+                            );
+                            return Ok(user_home);
+                        }
+                    }
+                }
+            }
+
+            // Warn if running as root without SUDO_USER
+            debug!("Running as root without SUDO_USER, using root's home directory");
+        }
+    }
+
+    // Fall back to normal home directory detection
+    dirs::home_dir().ok_or_else(|| {
         std::io::Error::new(std::io::ErrorKind::NotFound, "Home directory not found")
-    })?;
-    home.push(".cortex");
-    Ok(home)
+    })
+}
+
+/// Get a user's home directory by username.
+#[cfg(unix)]
+fn get_user_home_dir(username: &str) -> Option<PathBuf> {
+    use std::ffi::CString;
+
+    let username_c = CString::new(username).ok()?;
+    let passwd = unsafe { libc::getpwnam(username_c.as_ptr()) };
+
+    if passwd.is_null() {
+        return None;
+    }
+
+    let home_dir = unsafe {
+        let home = (*passwd).pw_dir;
+        if home.is_null() {
+            return None;
+        }
+        std::ffi::CStr::from_ptr(home).to_str().ok()?.to_string()
+    };
+
+    Some(PathBuf::from(home_dir))
+}
+
+/// Get a user's home directory by UID.
+#[cfg(unix)]
+fn get_user_home_dir_by_uid(uid: u32) -> Option<PathBuf> {
+    let passwd = unsafe { libc::getpwuid(uid) };
+
+    if passwd.is_null() {
+        return None;
+    }
+
+    let home_dir = unsafe {
+        let home = (*passwd).pw_dir;
+        if home.is_null() {
+            return None;
+        }
+        std::ffi::CStr::from_ptr(home).to_str().ok()?.to_string()
+    };
+
+    Some(PathBuf::from(home_dir))
+}
+
+#[cfg(not(unix))]
+fn get_user_home_dir(_username: &str) -> Option<PathBuf> {
+    None
+}
+
+#[cfg(not(unix))]
+fn get_user_home_dir_by_uid(_uid: u32) -> Option<PathBuf> {
+    None
 }
 
 /// Get the config file path, checking CORTEX_CONFIG env var first.

cortex-tui/src/runner/event_loop.rs

@@ -438,6 +438,10 @@ impl EventLoop {
         self.running.store(false, Ordering::SeqCst);
         let _ = engine_handle.await;
 
+        // Cleanup: abort all running background tasks to prevent orphaned threads
+        // This ensures clean process termination on shutdown
+        self.cleanup_background_tasks().await;
+
         // Export TUI captures if enabled
         if self.tui_capture.is_enabled() {
             // Take ownership of capture manager for export
@@ -4593,6 +4597,61 @@ impl EventLoop {
         }
     }
 
+    /// Cleanup all running background tasks during shutdown.
+    ///
+    /// This ensures that worker threads are properly joined or aborted
+    /// before the process exits, preventing orphaned threads and ensuring
+    /// clean termination.
+    async fn cleanup_background_tasks(&mut self) {
+        use tokio::time::{Duration, timeout};
+
+        tracing::debug!(
+            "Cleaning up background tasks: {} tool tasks, {} subagents, {} streaming",
+            self.running_tool_tasks.len(),
+            self.running_subagents.len(),
+            if self.streaming_task.is_some() { 1 } else { 0 }
+        );
+
+        // Signal cancellation for streaming
+        self.streaming_cancelled.store(true, Ordering::SeqCst);
+
+        // Abort streaming task
+        if let Some(task) = self.streaming_task.take() {
+            task.abort();
+        }
+        self.streaming_rx = None;
+
+        // Abort all running tool tasks with a timeout
+        let tool_tasks: Vec<_> = self.running_tool_tasks.drain().collect();
+        for (id, task) in tool_tasks {
+            tracing::debug!("Aborting tool task: {}", id);
+            task.abort();
+            // Give a brief moment for cleanup
+            let _ = timeout(Duration::from_millis(100), async {
+                let _ = task.await;
+            })
+            .await;
+        }
+
+        // Abort all running subagent tasks
+        let subagent_tasks: Vec<_> = self.running_subagents.drain().collect();
+        for (id, task) in subagent_tasks {
+            tracing::debug!("Aborting subagent task: {}", id);
+            task.abort();
+            let _ = timeout(Duration::from_millis(100), async {
+                let _ = task.await;
+            })
+            .await;
+        }
+
+        // Abort general background tasks
+        for task in self.background_tasks.drain(..) {
+            task.abort();
+        }
+
+        tracing::debug!("Background task cleanup complete");
+    }
+
     /// Handles a command result from the CommandExecutor.
     ///
     /// This method processes the result of a slash command execution and