v2.5.0

New: codeep review (offline, CI-friendly code review) and Continue (a paused-at-the-limit run resumes when you say "continue" instead of dead-ending). Plus a fix where file edits or skill params containing a $ could be written corrupted.

Added

• codeep review — a headless, deterministic code review you can drop into
  CI (no API key, no TUI). Reviews the files you pass (or your unstaged git
  changes, falling back to a src/ scan), prints a markdown report or --json,
  and exits non-zero when an issue at or above --fail-on <error|warning|info|none>
  is found (default error). Pairs with a GitHub Action to gate PRs.
• Continue after a safety limit. When the agent reaches its step or time
  limit it no longer dead-ends — the run pauses with a clear, resumable notice
  (⏸ Paused … say **continue** to pick up where it left off) instead of looking
  like a failure, and saying continue resumes it with full context. Works in
  the TUI and in ACP clients (Zed, the VS Code extension).

Fixed

• Edits containing $ are written literally. edit_file (and the diff
  preview) applied replacements with String.replace(text, newText), which
  interprets $&, $$, $1 etc. in the replacement — so any edit whose new
  text contained $ (template literals, shell variables, regex) was silently
  corrupted on write. Replacements are now inserted verbatim.
• Skill parameter expansion is $-safe and literal. ${param} substitution
  had the same $-interpretation bug in the value, and interpolated the param
  name into a regex unescaped (so a . over-matched and a ( could throw).
  Both are fixed.

v2.4.2

Stability: an unexpected error no longer crashes Codeep to a garbled terminal — it's logged, your conversation is saved, and recoverable background errors keep the session alive. Also fixes codeep account occasionally linking without storing the sync token.

Fixed

• Crash resilience — added global uncaughtException / unhandledRejection
  handlers. A stray throw deep in the agent loop used to kill the process with the
  terminal still in raw mode + alternate screen (leaving your shell garbled), or
  vanish silently. Now an uncaught exception restores the terminal, logs the cause,
  and best-effort saves the conversation before exiting; an unhandled promise
  rejection (e.g. a failed background sync) surfaces as a warning and keeps the TUI
  running instead of tearing it down.
• codeep account sync token — account linking now waits for the sync token
  before completing. The server could briefly report the login authorized before
  the token was issued, so the CLI linked the account but stored no token, leaving
  codeep account sync failing with "Not linked to codeep.dev". Pairs with the
  matching codeep.dev fix.

v2.4.1

MiniMax M3: the new MiniMax flagship replaces M2.7 across all three MiniMax providers (subscription, pay-per-use, China), with updated pricing and context window so cost tracking stays accurate.

Changed

• MiniMax M3 (MiniMax-M3) replaces MiniMax-M2.7 as the model + default for
  the minimax, minimax-api, and minimax-cn providers. Pricing updated to the
  standard rate $0.60 / $2.40 per 1M tokens (input / output) and context window
  to 512K, so /cost and the dashboard bill it correctly. The native macOS / iOS
  apps get the same update via the shared CodeepCore catalog.
• README provider list is now generic (model families, not pinned versions) —
  it no longer needs editing every time a provider ships a new model.

v2.4.0

New models (Claude Opus 4.8, Gemini 3.5 Flash) plus a better local-model experience: browse a curated catalog of coding models, remove models, and see on-disk sizes — all from /model.

Added

• Claude Opus 4.8 — added to the Anthropic provider and set as the new
  default model. Pricing: $5 / $25 per 1M tokens (input / output), 1M context.
• Gemini 3.5 Flash (gemini-3.5-flash) — replaces the preview Flash in the
  Google provider list. Pricing: $1.50 / $9.00 per 1M tokens, 1M context.
• /model browse (Ollama) — a curated catalog of recommended local coding
  models (Qwen2.5 Coder, DeepSeek Coder V2, Llama 3.1, DeepSeek R1, …) with
  parameter sizes, rough VRAM, and an agent-mode suitability hint. Pick one to
  pull it. Mirrors the MCP/skills catalog pattern.
• /model rm <name> (Ollama) — remove a locally-installed model to reclaim
  disk, without leaving Codeep. Remote-server guard like /model pull.
• On-disk size in /model picker — the Ollama model list now shows each
  model's size on disk alongside the agent-mode hint.
• Native Ollama API (beta, opt-in) — set Ollama Native API (beta) → On
  in /settings to route Ollama through its native /api/chat endpoint instead
  of the OpenAI-compatible /v1 shim. Honors num_ctx (the model uses its
  full context window instead of Ollama's small default) and keep_alive
  (keeps the model resident, avoiding reload latency every turn). Tunable via
  ollamaKeepAlive (default 30m) and ollamaNumCtx (0 = auto-detect via
  /api/show). Off by default — existing transport unchanged unless you opt
  in. Verified against Ollama 0.24 (chat, streaming, usage, native tool calls);
  marked beta while it gets coverage across more models and longer sessions.
  Please report issues at https://github.com/VladoIvankovic/Codeep/issues —
  feedback decides when it becomes the default.

Notes

• Pricing tables (/cost, dashboard) updated so the new models bill at the
  right rates. Previous models (Opus 4.7 / 4.6, Flash preview) stay listed for
  back-compat. VS Code/Zed inherit the new catalog automatically over ACP; the
  native macOS / iOS apps get the same update via the shared CodeepCore catalog.
• /model browse and /model rm shell out to the local ollama binary, so
  they only run when Ollama is local (remote servers get an SSH hint instead).

v2.3.1

Profile sync everywhere: codeep account sync/push now carry your user profile too, and a new /me sync pushes it from any surface.

Fixed

• codeep account sync / account push now include your user profile. They
  synced keys + personalities + commands but skipped ~/.codeep/profile.md;
  now the profile rides along (additive pull — never clobbers a local profile).

Added

• /me sync — push your profile to the dashboard (and additive-pull) right
  from the profile command, reachable on every surface (TUI, ACP/Zed, and the
  VS Code chat).

v2.3.0

Codeep gets personal and gains a team: a user profile (/me) makes it adapt to you across every surface, and multi-agent delegation lets it hand self-contained sub-tasks to specialist sub-agents that run in their own context.

Added — Personalization

• User profile (/me). A durable, human-readable description of you, injected
  into the agent's system prompt on every run so it adapts to how you work
  without you repeating yourself. Two scopes: global ~/.codeep/profile.md
  (reply language, response style, default stack, universal "always / never")
  and project .codeep/profile.md (your role, goals, constraints for this repo).
  Manage with /me, /me init [project], and /me on / /me off. Flows to
  every surface because they share the same files.
• Opt-in profile auto-learn. /me learn on lets Codeep quietly extract your
  durable preferences from sessions — one cheap, throttled LLM pass at session
  save — and merge them into a separate profile.learned.md (global + project),
  kept apart from your hand-written file so it's never clobbered. /me learn
  runs it once on demand, /me learn project scopes to this repo, /me forget
  clears it. Off by default; gated by autoLearnProfile.
• Profile sync. codeep account sync pushes your global profile.md to the
  codeep.dev dashboard (where it's editable) and pulls it to new machines. Pull
  is additive — a web edit never overwrites an existing local profile.
• /me in ACP. Zed, VS Code, and any ACP client can view and manage the
  profile, not just the terminal.

Added — Multi-agent delegation

• Sub-agents + the delegate tool. The agent can delegate a self-contained
  sub-task to a specialist that runs in its OWN fresh context window and returns
  only a summary — so the main context stays small and each sub-task runs with a
  tuned persona and a scoped toolset. Four built-ins: planner (read-only
  planning), researcher (read-only explorer), reviewer (read-only senior
  review), tester (writes + runs tests). Run /agents to list them.
• Custom sub-agents. Define your own with a frontmatter .md in
  .codeep/agents/<name>.md (project) or ~/.codeep/agents/ (global): name,
  description, a tools allowlist, optional model override, personality
  preset, and maxIterations budget. Mirrors the personalities/skills pattern.
• Auto-review pipeline. Enable Agent Auto-Review (agentAutoReview, off
  by default) and after any run that changes files, Codeep automatically
  delegates to the reviewer and appends its findings — a review stage that
  always happens, without relying on the model to self-delegate one.
• /agents surfaced in the TUI and ACP (Zed / VS Code).

Notes

• Profile is local-first and opt-in: injection is gated by userProfile (default
  on), auto-learn by autoLearnProfile (default off). Nothing reaches the
  dashboard unless you run codeep account sync.
• Sub-agent tool scoping is enforced at dispatch — a researcher can't write
  files even if it tries. Sub-agents inherit your profile, project rules, and
  permission prompts, and their file changes are covered by /undo (they record
  into the parent's session). Delegation depth is capped at 1; model overrides
  are sequential-safe.

v2.1.4

Long agent runs no longer silently forget how they started — when prior chat history overflows the context budget, the dropped older messages are summarized instead of just truncated. Plus a command-whitelist hardening.

Security

• Inline code execution is blocked in agent mode. The command whitelist
  allowed interpreters like node/python/php, but their eval flags
  (node -e, python -c, php -r, deno eval, …) turned a whitelisted
  runtime into arbitrary code execution. Those flags are now rejected (including
  combined short clusters like -pe). Running a file (node app.js,
  python script.py) is unaffected. Defense-in-depth — the manual-mode
  permission prompt is still the primary gate.

Added

• Auto-summarized history. When the prior conversation exceeds the agent's
  context budget, Codeep now condenses the dropped (oldest) messages into a
  short recap — preserving early decisions, constraints, and unfinished threads
  — and injects it before the recent verbatim history. Previously those older
  messages were silently truncated. The recap is one cheap LLM call, made only
  on overflow and cached per session. Opt out with
  autoSummarizeHistory: false (falls back to plain truncation, no extra call).

v2.1.3

Security hardening: project hooks now require trust before they run, the web-fetch tool blocks internal/metadata addresses, and usage stats are sent with your sync token.

Security

• Hooks now require trust-on-first-use. Project-local .codeep/hooks/* run
  arbitrary shell, so a freshly-cloned repo could previously execute its scripts
  on your first tool call. Hooks in an unapproved workspace are now skipped
  until you run /hooks trust (revoke with /hooks untrust). /hooks and the
  welcome banner show the trust state. Your own already-set-up projects just need
  a one-time /hooks trust.
• SSRF guard on the fetch_url web tool. The agent can no longer be steered
  (e.g. via prompt injection) into fetching localhost, private/RFC1918, or
  link-local addresses — including the cloud metadata endpoint
  169.254.169.254. Only http/https are allowed, on the initial request and
  redirects. Your configured provider endpoints (Ollama, custom vLLM/Tailscale)
  are unaffected — they don't go through this tool.

Changed

• Stats reporting now sends the x-sync-token header. The dashboard derives
  your GitHub id from the token instead of trusting the githubId in the request
  body, closing a spoofing gap where anyone could forge usage events (or unarchive
  projects) for another user. Stats keep working on older CLIs — they're just
  recorded anonymously until you upgrade. No behavior change for you locally.

v2.1.2

ACP server enhancements that power the new Codeep VS Code 2.2 features — editor clients can now list models per provider and pin a provider, model, or custom endpoint over the protocol.

Added

• session/list_providers now returns model metadata — each provider
  carries its models (id + name), defaultModel, and a dynamicModels
  flag. Lets ACP clients (the VS Code model picker, Zed) build a provider →
  model selector without hardcoding a catalog. Backward-compatible: older
  clients ignore the extra fields.
• New session/set_config_option ids: provider and customBaseUrl.
  provider switches the active provider (and picks its default model +
  protocol); customBaseUrl sets the base URL for the custom
  (OpenAI-compatible) provider. These let editor settings drive provider /
  model / endpoint without hand-editing ~/.codeep/config.json.

Notes

• Pure additive ACP surface — no behavior change for the TUI or existing
  clients. The Codeep VS Code extension 2.2.0 builds on these.

v2.1.1

Codeep now works with any OpenAI-compatible endpoint — vLLM, LiteLLM, LM Studio, text-generation-webui. New "Custom (OpenAI-compatible)" provider with a configurable base URL, plus support for the standard OPENAI_BASE_URL env var. Fixes #1.

Added

• Custom (OpenAI-compatible) provider. Point Codeep at any self-hosted
  or proxied OpenAI-compatible server (vLLM, LiteLLM, LM Studio,
  text-generation-webui). Pick Custom (OpenAI-compatible) in the welcome
  flow or /provider, set the endpoint under /settings → Custom Base URL
  (config key customBaseUrl, e.g. http://host:8000/v1), then choose your
  model with /model (fetched live from the server's /models endpoint).
  No API key required; set one only if your endpoint enforces it.
• OPENAI_BASE_URL env var. The openai provider now honors
  OPENAI_BASE_URL (OpenAI-SDK convention), so an OpenAI-compatible proxy
  serving gpt-* model names works with zero config changes.

Fixed

• Custom base URLs were silently ignored for every provider except Ollama —
  requests always went to api.openai.com, and an unknown model fell back to
  the default. Base-URL resolution is now centralized (resolveBaseUrl) and
  applied consistently across every path — chat, agent (TUI + ACP/editor),
  /plan task planning, and API-key validation. (#1)
• Welcome flow no longer forces an API-key prompt for keyless providers
  (Ollama, Custom) — selecting one proceeds straight into the app.
• Test isolation: customCommands tests now run against an isolated HOME so a
  developer's global ~/.codeep/commands can't make the suite non-deterministic.