Skip to content

V0_8_61_ISSUE_CLOSURES.md

Latest commit

 

History

History
240 lines (157 loc) · 51.7 KB

V0_8_61_ISSUE_CLOSURES.md

File metadata and controls

240 lines (157 loc) · 51.7 KB

Counts confirmed: 30 close, 33 keep-open, 1 duplicate, 0 already-closed, 64 unique total. Categories are mutually exclusive. Here is the merged manifest.

CodeWhale v0.8.61 — Release Closure Manifest

This manifest merges the per-cluster issue-closure drafts (Trains 1–6 plus the harvested-PR / distribution / legacy-paths / leftover-milestone cluster) into one release-gated record. Issues that appeared in more than one cluster are deduplicated to a single entry (most complete draft retained). One intentionally-unused placeholder row (#3072-dup-guard) was discarded.

Summary

Disposition Count
Close on release 30
Keep open (partial / deferred) 33
Duplicate (community PR closed in favor of landed work) 1
Already closed 0
Total unique issues / PRs 64

Ready to close on release

Each item below is verified as fully resolved on the v0.8.61 branch. Post the blockquoted comment and close only after the release ships (see "How to use").

  • #3227 — Isolate provider/model routes per session; reject mismatched provider+model tuples

Shipped in v0.8.61 (Train 1 — route/model isolation). Provider and model state is now session-local instead of leaking through a shared global, and the engine rejects a mismatched provider+model tuple at the route boundary rather than silently resolving to a default route (commit a0d7ec8d4 'fix(tui): isolate provider/model routes per session + reject mismatched tuples', across config.rs, settings.rs, commands/groups/core/core.rs, and ui.rs, with route-tuple validation tests). This was the lead fix for the release because a bad route poisons every downstream test. Thanks for the detailed report — closing as resolved in 0.8.61.

  • #3204 — Route-effective context-window metadata + preflight over-limit + stop retrying context_length_exceeded

Fully fixed in v0.8.61 (Train 1 — route/model isolation). All five asks are met: context limits are route-effective (the Codex route is capped at 400k effective tokens while public gpt-5.5 metadata stays ~1.05M); before each dispatch the turn loop estimates input and runs emergency compaction instead of sending when over the route budget (preflight); on a provider context_length_exceeded rejection it runs bounded recovery (max 2 attempts) then stops with a single actionable 'run /compact or /clear' message instead of re-looping the identical payload; and the status line / prompt context window use the effective routed model. Route budgets are now derived from the shared context-budget service (commit 8af3ab4d3 'fix(engine): derive route budgets from context service', with route_context_budget_uses_shared_budget_service + the OpenAI-Codex 400k-vs-displayed coverage). Closing as resolved in 0.8.61.

  • #3213 — Split model-facing runtime capabilities from human-facing mode labels

Shipped in v0.8.61 (Train 1). The per-turn runtime tag no longer leaks human-facing UI branding (mode="yolo"/approval="auto"/allow_shell) to the model; it now carries a capability-shaped posture derived from the effective tool context, while AppMode labels stay where humans read them (header/footer/status). Landed in commit d14bf7699 'fix(tui): hide mode labels from runtime prompt' (engine.rs + prompts.rs runtime-policy reference rewritten, with engine tests asserting the banned mode/approval tokens are gone). Note: the coverage matrix written before the train work landed still listed this as unimplemented — the implementation has since shipped. Closing as resolved in 0.8.61.

  • #3212 — Make independent shell/verifier work default to background jobs with nonblocking waits + completion notification

Shipped in v0.8.61 (Train 2 — shell nonblocking). The defining behavior change landed: exec_shell_wait now defaults to a nonblocking snapshot (wait defaults to false, shell.rs), background shell and verifier starts are marked auto-notifying, and a once-only ShellCompletionEvent is injected into the runtime transcript so a parent turn is notified on completion instead of polling as a barrier (commit 15aa2ca80 'feat(shell): notify completed background jobs'). The tool descriptions were reframed accordingly — background returns immediately and notifies, exec_shell_wait is for early output, and blocking now requires an explicit wait=true at a true dependency — with shell/tests coverage. Combined with the already-landed detached background verifiers and nonblocking sub-agent eval/steering, this satisfies the issue's central ask. Closing as resolved in 0.8.61.

  • #2475 — YOLO mode strands the run on an MCP stdio proxy startup/connection prompt instead of JSON-RPC

Fixed in v0.8.61 (Train 2). The MCP JSON-RPC receive loop now bounds each read with the effective MCP read timeout and disconnects the stream when a server emits non-JSON prompt text, returning a hard, redacted tool/connection error instead of blocking — so YOLO / non-interactive runs fail clearly instead of hanging on an MCP startup prompt like Burp's 'Allow Burp MCP connection' (commit 7f988806e 'fix(mcp): bound prompt-blocked stdio reads', with recv_times_out_waiting_for_mcp_response_and_disconnects plus the existing invalid-JSON-preview test now asserting the connection goes Disconnected). This is the degrade-to-error determinism fix the issue asked for, on top of the earlier diagnostic-preview slice. Closing as resolved in 0.8.61.

  • #1791 — Synchronous tools (file_search, grep_files, list_dir) block turn_loop cancellation

Fully fixed in v0.8.61 (Train 2). The exact long-term fix the issue proposed is implemented for all three tools: ToolContext now carries the cancellation token (with_cancel_token), and file_search/grep_files/list_dir each run under spawn_blocking with a timeout and call check_cancelled between iterations (per walker batch, per file, per line, per directory entry). Regression tests cover it (test_file_search_respects_cancel_token plus list_dir cancellation tests), and the two linked PRs (#1790 file_search, #1839 grep_files) plus the list_dir path have all landed. A synchronous search can no longer hold a turn open against an Esc. Closing as resolved in 0.8.61.

  • #3226 — Parent-visible worker interaction contract (recommended action per worker)

Shipped in v0.8.61 (Train 3 — worker/fleet convergence). Workers now carry an explicit, parent-visible interaction contract: each worker projects a recommended action (commit a59249d8b, feat(subagents): add worker recommended actions, with runtime_api + agent_eval/agent_open exposure) and the real lifecycle states are projected through to the sidebar and tool-facing status rather than a hardcoded 'running' (8e45d6569, fix(subagents): project worker lifecycle states). Both landed with tests in crates/tui/src/tools/subagent/tests.rs. This gives the parent a clear 'what should I do with this worker' signal per worker, which is what the issue asked for. Closing as done.

  • #1806 — Sub-agent hardcoded 120s API timeout

Fixed in v0.8.61 (Train 3 — worker convergence). The 120s is now only a default: [subagents] api_timeout_secs is parsed and resolved/clamped by subagent_api_timeout_secs() against DEFAULT=120 / MIN=1 / MAX=1800 (crates/tui/src/config.rs, comments cite #1806/#1808), threaded through Config::subagent_api_timeout -> SubAgentRuntime::with_step_api_timeout so the per-step API call uses the configured value. Your two related asks are also covered: default sub-agents inherit the full parent registry including write_file (full-registry inheritance, the old read-only default is deprecated), and an API-timeout now preserves a continuable checkpoint that agent_eval resumes from (SubAgentStatus::Interrupted + checkpoint, tested by api_timeout_preserves_checkpoint_and_agent_eval_continues_from_it). Closing as fixed; thanks for the clear minimum-fix spec.

  • #3203 — Make queued steering reliable and add Ctrl+S send

Shipped in v0.8.61 (Train 5 — composer/steering). Ctrl+S now sends the queued/draft message first and only falls back to draft-stash when there is nothing to send; Ctrl+Enter (with Cmd+Enter mapped onto it via the CONTROL modifier) force-steers into a busy turn instead of being swallowed, including while the model is waiting on tools or child workers. We also added indexed /queue send support and visible queued-follow-up row actions, plus regression tests covering Ctrl/Cmd+Enter steering during a model-waiting turn (crates/tui/src/tui/ui.rs, ui/tests.rs). The v0.8.60 nonblocking eval/steering groundwork carried this the rest of the way. Closing as resolved in 0.8.61.

  • #2054 — Composer can enter queued-steer edit state without clear mode feedback

Addressed in v0.8.61 (Train 5 — composer clarity). The Pending inputs widget now distinguishes "Queued follow-up:" vs "Steer pending:" states explicitly, and we added the row-level send-now/drop/clear affordances the issue called for (via indexed /queue actions) plus guarding on the single-key path into queued-draft edit so it only fires when the state is visually obvious. Covered by composer/pending-input render and steering tests (crates/tui/src/tui/widgets/pending_input_preview.rs, ui.rs, ui/tests.rs). Closing as resolved in 0.8.61.

  • #3188 — Show the actual Git repo/workspace identity in the TUI status surface

Shipped in v0.8.61 (Train 5 — TUI clarity). The footer status chip now shows concise workspace identity sourced strictly from workspace/git detection (never model narration or config): "Repo: @ " in a git repo (carrying the detached: form for detached HEAD) and "Repo: (no git)" outside a repo instead of hiding the chip. Width-aware format_repo_identity keeps identity over branch under pressure and truncates the name rather than collapsing to a bare prefix, with tests across git/non-git/detached/narrow-width states (crates/tui/src/tui/workspace_context.rs, footer_ui.rs). Closing as resolved in 0.8.61.

  • #3190 — Surface token throughput during streaming

Shipped in v0.8.61 (Train 5). The footer now surfaces output token throughput while a turn is streaming, backed by a rolling-window smoother in the resource_telemetry module, gated by config for footer-noise-averse users, and quiet when the provider exposes no usable token deltas. Includes smoothing-math and narrow-terminal/unavailable-data tests (crates/tui/src/resource_telemetry.rs, tui/footer_ui.rs, ui/tests.rs). Closing as resolved in 0.8.61. (Note: the v0.8.61 coverage matrix mislabeled this number as a README task — the shipped work matches this issue's actual tok/s ask.)

  • #2982 — Clearly display busy or free

Resolved across v0.8.60+v0.8.61 (Train 5). The logic half landed in v0.8.60 (mode/thinking changes are locked while a turn is busy, with a status message and regression test). v0.8.61 adds the at-a-glance visual the issue asked for: a persistent idle/busy activity chip in the footer that keeps compacting/purging and active-work labels distinct, driven by the same flags the working-strip already aggregates, with footer rendering tests (crates/tui/src/tui/footer_ui.rs, widgets/footer.rs, ui/tests.rs). Closing as resolved in 0.8.61.

  • #3028 — Clickable TUI sidebar: click-to-act on task/agent rows plus stop targets

Resolved in v0.8.61 (Train 5). The click-to-act dispatch layer was already in place (left-click routes a row's command through the command-palette pipeline; background-task rows route to /jobs or /task with cancel only for running/queued). v0.8.61 adds the stop targets the issue requested — a stop-zone hit test and stop affordances on running background-task/agent rows — with action-mapping and click-resolution tests (crates/tui/src/tui/mouse_ui.rs, sidebar.rs, subagent_routing.rs, ui/tests.rs). Closing as resolved in 0.8.61.

  • #3078 — Parameterize model-specific facts in the constitution prompt

Resolved in v0.8.61 (Train 5 — prompt layer). The constitution prompt is parameterized per-model: non-DeepSeek models no longer receive V4/one-million-token/$0.14 claims, DeepSeek keeps its full self-model, unknown models get honest fallbacks ({context_window_note}/{subagent_economics}/{model_thinking_note}/{model_characteristics}), no unresolved placeholders survive, and substitution is once-per-session/cache-stable. The targeted compose_prompt_for_* tests pass on the release branch (crates/tui/src/prompts.rs, pricing.rs, prompts/constitution.md). Closing as resolved in 0.8.61. (A tiny optional follow-up — genericizing two incidental static prose strings — can ride along the next constitution edit.)

  • #963 — Word-wrap truncation of long CJK text

Resolved in v0.8.61 (Train 5). The markdown renderer was rebuilt into a width-independent parse + width-dependent render that hard-breaks overlong/no-whitespace runs at character boundaries using unicode-width, so the original CJK overflow/truncation class no longer occurs. v0.8.61 pins this with an explicit no-whitespace Han-character regression fixture asserting every line stays within terminal width while full content is preserved (crates/tui/src/tui/markdown_render.rs). Closing as resolved in 0.8.61. Thanks for the original report on the legacy ~/.deepseek build.

  • #3201 — Revive cost tracking for non-DeepSeek models (expanded pricing table)

Shipped in v0.8.61. Harvested and landed as commit 1faf782a1 (Distribution/pricing area). pricing.rs now carries curated USD-only rows for moonshotai/kimi-k2.6, z-ai/glm-5.1, minimax/minimax-m3, arcee-ai/trinity-large-thinking, openai/gpt-5.5(+pro) and the qwen3.6/3.7 family via usd_only_pricing(...), plus has_pricing_for_model and a curated_usd_only_models_have_pricing_and_accrue_cost test. Thank you @mvanhorn — this directly fixes the dead non-DeepSeek cost tracking in #3066, which we are closing alongside. Authorship and credit preserved on the commit.

  • #3197 — Rename DEEPSEEK_BLUE to WHALE_ACCENT_PRIMARY in consumer code

Shipped in v0.8.61. Harvested and landed as commit ecf700690 (TUI palette area). Every real consumer now references WHALE_ACCENT_PRIMARY (60 references); only the two intentional #[deprecated] aliases (DEEPSEEK_BLUE / DEEPSEEK_BLUE_RGB) remain pointing at the same RGB, so the visual appearance is unchanged and DEEPSEEK_SKY is left intact. Thank you @nightt5879 — this resolves #3069, which we are closing alongside. Alias removal is the future cleanup the deprecation notes already schedule.

  • #3195 — telegram: keep polling while turns stream

Shipped in v0.8.61. Harvested and landed as commits 95499ddda + 796211c6d (Telegram bridge). The poll loop no longer awaits a streaming turn, and the turn-lifecycle status reply is aligned. Thank you @cyq1017 — authorship preserved. This is the polling fix tracked under #2966; note #2966's broader serial-dispatch/approval-deadlock work stays on its own milestone.

  • #3220 — Limit mobile event history to prevent freezes

Shipped in v0.8.61. Harvested and landed as commit 1d1467e1a (mobile/runtime event history). Bounding the mobile event history removes a freeze vector under sustained activity. Thank you @RobertEmprechtinger — authorship and Harvested-from credit preserved on the commit. Refs the fanout-responsiveness work in #3216.

  • #3199 — runtime-api: add PUT /v1/sessions endpoint for engine-based session save

Shipped in v0.8.61. Harvested and landed as commit 3be9b63c8 (Runtime API). PUT /v1/sessions now saves a thread's live engine snapshot via a oneshot channel (authoritative token counts + message ordering, matching the TUI build_session_snapshot path), complementing the reconstruct-from-turn-items POST. It also fixes the silent-swallow bug so only NotFound falls back to a new session while other I/O errors propagate. Thank you @gaord — authorship preserved. Completes the session-save slice of #2808 (now closed).

  • #3221 — exec: honour DEEPSEEK_BASE_URL and DEEPSEEK_MODEL env vars

Shipped in v0.8.61. Harvested and landed as commit a9db74817 (exec/CLI). resolve_exec_model now falls back to CODEWHALE_MODEL/DEEPSEEK_MODEL, the exec handler reads DEEPSEEK_BASE_URL onto the config before client creation, and deepseek_base_url tries the env override before the provider default — so 'codewhale --provider ... --base-url --model auto exec' works without a wrapper. Thank you @hongchen1993 — authorship and Harvested-from credit preserved. Refs the route-effective model work in #3205.

  • #3066 — Cost tracking is dead for all non-DeepSeek models — pricing table needs expansion

Fixed in v0.8.61 (Distribution/pricing). The expanded USD pricing table, has_pricing_for_model, and accrual tests all landed via @mvanhorn's harvested PR #3201 (commit 1faf782a1): kimi-k2.6, glm-5.1, minimax-m3, trinity-large-thinking, gpt-5.5(+pro), and the qwen3.6/3.7 family now resolve real pricing and accrue cost; unknown models still return None. The deeper provider+model SKU pricing engine with provenance/unknown-state metadata is tracked separately as #3085 for the model-lab track.

  • #3069 — Rename DEEPSEEK_BLUE to WHALE_ACCENT_PRIMARY in consumer code

Done in v0.8.61 (TUI palette). Landed via @nightt5879's harvested PR #3197 (commit ecf700690): all real consumers now use WHALE_ACCENT_PRIMARY; the only remaining DEEPSEEK_BLUE references are the two #[deprecated] aliases, which keep the identical RGB so appearance is unchanged. Closing as resolved; alias removal is the scheduled future cleanup.

  • #2960 — Fix rebrand update path — deepseek update and npm updates fail to reach codewhale

Fixed in v0.8.61 (Distribution train). (1) Self-update no longer dies with a spawn error: update.rs detects a legacy deepseek* binary and prints per-install-method migration commands (npm/cargo/Homebrew/release). (2) The deprecated npm package declares itself not-republished with a postinstall deprecation banner pointing at docs/REBRAND.md. (3) README and docs/REBRAND.md carry the full cargo/npm/brew migration section. Closing with credit to the reporters; the equivalent independent community PR #3013 (@cyq1017) is closed as duplicate of this landed work. Note: the partial gap where a legacy deepseek update shim with no installed codewhale shows a bare not-found message is tracked separately as #2917 (keep-open).

  • #3208 — Two Linux release artifacts (bare binary vs .tar.gz) are confusing

Clarified in v0.8.61 (Distribution train, commit f1ae7a6db). Not a bug — both artifacts are intentional: codewhale-linux-x64 is the bare CLI dispatcher binary that the in-app updater and npm wrapper download, and codewhale-linux-x64.tar.gz is the platform bundle (CLI + TUI + install.sh) for manual installs. The release-body generator and docs/INSTALL.md now explain why both exist side by side, so the releases page is self-explanatory. Closing as resolved (documentation).

  • #3068 — Audit and document legacy .deepseek/ compatibility paths

Done in v0.8.61 (Distribution train, commit dd4b295c3). docs/LEGACY_PATHS.md now tables each runtime .deepseek reference to its .codewhale target with a keep/deprecate/remove decision, covering the hardcoded call sites (skills, prompts handoff, workspace_trust, session_manager, skill_state, tools/skill, snapshot, workspace_discovery) and recommending keep-as-fallback to honor the v0.8.44 migration contract. The optional follow-up to route the remaining hardcoded sites through resolve_state_dir is noted as a separate small refactor, not part of this doc deliverable.

  • #3012 — Global ~/.codewhale/instructions.md is not auto-loaded

Fixed in v0.8.61 (commit 5b76bfc57). global_context_relative_paths() now honors .codewhale/instructions.md (plus .agents/ and legacy .deepseek/ variants) at the global level, inserted after the AGENTS.md variants and before WHALE.md to preserve the AGENTS > instructions > WHALE precedence, with a unit test asserting a ~/.codewhale/instructions.md body is loaded into global context. Closing as resolved.

  • #3058 — A .codewhale directory is generated in every cwd, even for Q&A

Resolved on the v0.8.61 branch. Project context is now ephemeral/in-memory (load_project_context sets source_path=None and the generated text states 'No .codewhale/instructions.md file was written'; landed in commit b424848f7), and sessions/snapshots/logs all resolve under $HOME/.codewhale. No startup or Q&A path creates a workspace-local .codewhale; the only workspace-local writers are on-demand (oversized pastes, fleet ledger, runtime-api state). A unit test already asserts loading context does not create a .codewhale directory. Closing; if any bare-launch repro in an empty dir still creates the dir, please reopen with the exact steps and we will extend the assertion to the full boot path.

  • #3214 — Post-merge branch hygiene checks for release/scratch branches

Done in v0.8.61 (Distribution train, commit efce397bee). Added scripts/release/branch-hygiene.sh plus a runbook step: it reports the current checkout, local+remote release tips, and main; detects branches already contained in origin/main or the release branch as safe deletes; enforces the contributor-preservation policy (never auto-delete a branch with unique non-Hunter commits unless merged/credited/preserved, naming branch+commits+author+keep-reason); defaults to dry-run and requires an explicit flag to delete. Closing as resolved.

Closed as duplicate

This is a community PR closed in favor of the equivalent landed work (not a defect).

  • #3013 — update: detect legacy deepseek/deepseek-tui binary and print migration instructions

Thank you @cyq1017 — the behavior you proposed is already in v0.8.61: crates/cli/src/update.rs detects a legacy deepseek* binary at the update entrypoint (is_legacy_binary) and bails with legacy_binary_message, which prints exact per-install-method migration commands (npm, cargo, Homebrew, release binaries), with tests covering legacy detection. This shipped as part of the rebrand update path that resolves #2960. Closing this PR as already-implemented/duplicate of that work rather than re-landing the same change; your independent report confirmed the fix direction and is appreciated. (Note: this PR is currently labeled v0.8.62 — the equivalent behavior is live in 0.8.61.)

Keep open (partial / deferred)

These shipped real progress in v0.8.61 but are intentionally not closed. The note states what remains.

  • #3205 — Route-effective model inventory + auto fleet model selector Partially landed in v0.8.61 (Train 1). The safe initial slice is in: a route-effective model inventory filtered to configured/authenticated providers (model_inventory.rs), a DeepSeek-flash-style auto selector that picks from that inventory via a small non-thinking router call and falls back to a heuristic, and auto dispatch now routes through the inventory instead of resolving to a mismatched default (commit 979a8a669 'fix(tui): route auto model dispatch through inventory'). The immediate misroute (#3202) is fixed. Keeping this open for the remaining acceptance work the maintainer carved out: (1) a typed fleet role model policy (explicit / inherit-default / open-auto with fast|reasoning|tool-heavy|cheap|local|high-context constraints) layered onto FleetRolePreset; (2) unifying codewhale model list on the same ModelInventory source; (3) selector reporting + a clear failure when no DeepSeek route is configured for auto. Tracked alongside #3167/#3154.

  • #3072 — Website parity with ja/vi README locales (i18n config, dictionaries, scalable switcher, Accept-Language) Not implemented in v0.8.61 — keeping open. The route structure under web/app/[locale] is already locale-ready, but the web i18n config still exposes only ['en','zh'], dictionaries hold only en.ts/zh.ts, and the locale switcher is a hard binary toggle. Remaining work: add 'ja'/'vi' to web/lib/i18n/config.ts, add ja.ts/vi.ts dictionaries mirroring the en.ts shape and register them in get-dictionary.ts, replace the binary toggle with a labeled multi-locale list, add explicit ja-JP/vi-VN Accept-Language primary-tag matching, and translate the public-page copy. This is a well-scoped translation + switcher-redesign effort (defer exact ja vs ja-JP aliasing to #3090 if that lands first); it was deliberately left out of the runtime-focused 0.8.61.

  • #3073 — Audit hard-coded model surfaces + docs/MODEL_METADATA.md + drift-prevention tests Partial in v0.8.61 (Train 1) — keeping open. Real progress shipped toward consolidating model facts: an offline model catalog is now bundled and hydrates model facts at startup (commit 9f1094d31 'feat(tui): hydrate model facts from offline catalog', adding model_catalog.rs + model_catalog.bundled.json), and the model picker now derives its hints from the registry (commit 975496e6a 'fix(tui): derive model picker hints from registry') rather than hard-coded strings. But the issue's named deliverables are not done: docs/MODEL_METADATA.md still does not exist, the scattered surfaces (config provider defaults, models.rs context-window match tables, router candidates, prompt facts) are not yet all delegated to one source, and there are no drift-prevention tests asserting every picker-visible / provider-default model id resolves to a registry entry. This stays an audit + documentation + lint-test epic (sequenced with #3071/#3072).

  • #3075 — Provider-aware /model picker that searches the whole catalog and selects provider+model together Partial in v0.8.61 (Train 1) — keeping open. The picker now exposes cross-provider catalog rows so you can see and select models from providers other than the active one (commit 65f60d2e5 'fix(tui): expose cross-provider catalog rows in model picker'), and the cross-provider apply path (selecting a row switches provider+model together) works. Still missing the core ask: there is no live search/filter input in the picker (handle_key still only handles Esc/Enter/arrows, no Char/Backspace and no query state), no 'Use "" with ' custom row, and rows are not yet rebuilt from an all-provider catalog with provenance badges. The remaining build seam is entirely within model_picker.rs (handle_key + picker_model_rows_for_app); will coordinate with the #3071/#3072 registry.

  • #2027 — Route low-risk scout work to Flash by default, keep Pro for synthesis, with a visible route receipt Partial in v0.8.61 (Train 1) — keeping open. Sub-agent assignment now routes through WorkerRuntimeProfile::model so scout/tool roles get a provider-aware cheap lane with no-thinking request tuning, while synthesis roles inherit the session route and providers without a cheap tier stay on the parent model (commit 3761339bb 'fix(tui): route subagents by worker profile'). That delivers the Flash-for-scout / Pro-for-synthesis spirit at the role level. Still open per the issue's acceptance criteria: (1) a distinct work-shape scout classifier (GitHub triage / read-only search batches / status polling / large-log first pass) beyond role tagging; (2) a persisted route receipt explaining parent/child model + effort + why + cost-saving vs quality-preserving; (3) explicit Pro-gating of high-risk actions (merge/push/release/destructive) that overrides a Flash scout; (4) a conservative/aggressive config knob; (5) tests over the five route classes. Verified on-branch: no route-receipt/scout-classifier code yet.

  • #1768 — Per-sub-agent model selection (Option A done; global-default Option B remaining) Core request satisfied, one sub-item remaining — keeping open as a small follow-up. Per-sub-agent model selection (Option A) was already shipped: agent_open and the parallel spawn tool both expose an optional per-child model with explicit 'explicit wins over role/type defaults; omit to inherit' semantics, auto-routing covers unconfigured children, and availability/fallback error messaging exists. v0.8.61 additionally routes role defaults through WorkerRuntimeProfile::model (commit 3761339bb). What is genuinely still missing is Option B — a global sub_agent_default_model / sub_agent_fallback_model config field; I verified there is no such field in config today. The remaining work is to add the field near the provider model constants and thread it into the spawn resolution so an unset per-call model falls back to config-default then auto/inherit, with precedence tests. If you prefer, this can be closed as the per-task feature is done and the global default split into its own small issue.

  • #3211 — First-class permission profiles (read_only/workspace/full_access) + EffectivePermissions + /permissions picker Foundation + first real consumer landed in v0.8.61 (Train 2) — keeping open as the epic continues. The substrate is in: worker_profile.rs now defines PermissionSet, ShellPolicy (None/ReadOnly/Background/Full), ModelRoute and WorkerRuntimeProfile with a non-escalating derive_child intersection, and a typed shell permission profile is now wired into the real tool-setup/registry/shell path instead of a bare allow_shell boolean (commit aa2950eb3 'feat(tui): wire typed shell permission profile'). Still open (verified absent on-branch): the user-facing PermissionProfileId + EffectivePermissions abstraction, an unambiguous ApprovalPolicy and ExecutionPolicy, the /permissions picker (Read Only / Workspace / Full Access with a Full-Access confirm), and the monotonic project-overlay tightening. This remains a cross-cutting multi-PR epic (coordinated with #3212/#3213/#3217).

  • #1186 — Typed persistent permission rules (allow/deny/ask with deny>ask>allow precedence) Ask-only foundation present, full typed-rule epic remaining — keeping open. The first slice is in: config defines PermissionsToml { rules: Vec } + ruleset(), execpolicy implements Ruleset.ask_rules / with_ask_rules / matching_ask_rule / ask_rule_specificity, and tests prove typed ask rules parse while allow/deny shapes are deliberately rejected ('ask-only in this slice'). The remaining work is the real design/epic the issue thread sequences as a follow-up: extend the rule type with an allow/deny/ask decision enum, implement deny>ask>allow precedence in matching_ask_rule with tests, map legacy auto_allow/auto_deny into exec_shell decision rules for back-compat, and reuse bash-arity + workspace-relative glob matching for file paths. Scoped as the next slice after the ask-only/approval-flow work, not a 0.8.61 close.

  • #1786 — Shell PID hang + premature LIVE-state exit during long tasks Partially mitigated in v0.8.61 (Train 2) — keeping open. Several pieces landed: session-load now marks any persisted Running task Failed ('Interrupted by process restart; prior process is not attached') and refuses to requeue it, LIVE-state animation is cleared by resetting turn_started_at on turn end/reconcile, foreground hangs are bounded by a clamped timeout + SIGKILL of the whole process group, and v0.8.61 added heartbeat progress for long-running tools so turn liveness reflects healthy work plus surfacing silent running shell jobs as stale (commit b38f0ae7d 'fix(tui): recover stalled shell work'). Remaining design work the maintainer asked to keep open: a task_manager liveness/healthcheck that probes live runtime task ids in-session (not just on load) so a stalled task_shell_start cannot keep the Work list desynced, and reconciling the 'task done in Work list but agent still waiting' race between task_manager status and runtime turn state. Not a single safe patch.

  • #1737 — Failed shell command leaves TUI in indefinite in_progress with duplicate task_shell_wait rows and a still-running job Substantially advanced in v0.8.61 (Train 2) — keeping open for the last residuals. Real progress on the named symptoms: duplicate task_shell_wait live-tool rows are now collapsed without relying on changing output summaries, and silent background shell jobs surface as stale with a 'Background task running (no new output)' row plus a cancel hint (commit b38f0ae7d 'fix(tui): recover stalled shell work', with stale_background_job_row_shows_no_output_warning_and_cancel_hint). The earlier generic stuck-turn recovery (reconcile_turn_liveness) and /jobs cancel / exec_shell_cancel paths also cover the indefinite-in_progress and cancel asks. Remaining (verified on-branch): the sidebar still does not explicitly distinguish 'failed command + orphaned background job' from genuinely-working in_progress, and remember_stale_job is still #[allow(dead_code)] so restart-stale jobs aren't actually remembered yet. Closing once those two are wired; can be flipped to close if you consider the dedup + stale-row work sufficient.

  • #3216 — Make multi-agent fanout durable + nonblocking; prove TUI stays live under six-worker fanout v0.8.61 update (Train 3 — worker/fleet convergence): we landed the two highest-value freeze fixes this issue was filed against. The parent turn no longer barriers on running sub-agents (should_hold_turn_for_subagents stopped holding solely on running children, commit 3d69f2642), the turn loop now observes the cancel token between tool batches so a wedged ~24s burst becomes a prompt interrupt (a6946812d), the input loop stays live under agent-progress storms (c497e51a8), and we added a six-worker progress-storm responsiveness test asserting input/render/cancel stay live (76af2a08d). Keeping this OPEN: the full ask — making default fanout run on the durable fleet-worker substrate (worker ids, leases, heartbeats, receipts) per docs/AGENT_RUNTIME.md, with an explicit agent_eval(block:true)/fleet-wait finalize and scheduler-owned backpressure — is the larger architecture epic and is still in progress. /swarm stays gated until that lands. Thanks for the precise UI-liveness diagnosis; it drove the storm test we now ship.

  • #3096 — Split sub-agents into a headless worker runtime with lightweight TUI projections v0.8.61 update (Train 3 — the heart of this release): meaningful slices of the convergence landed. Sub-agents now adopt the autonomous-to-completion contract — a worker never parks on input_rx.recv(); when it lacks info it returns a structured needs-input checkpoint on the completion channel so the parent wakes and can re-dispatch (commit 73ff50bd2). Worker lifecycle states are now projected to the TUI instead of a hardcoded 'running' (8e45d6569). This rides on the v0.8.60 substrate (docs/AGENT_RUNTIME.md, fleet-backed exec subprocesses, AgentWorkerSpec/Record + ledger, nonblocking agent_eval). Keeping OPEN as the tracking umbrella: the core acceptance — replacing the session-shaped SubAgentRuntime with a fleet-backed worker lifecycle for default sub-agents, building role tool profiles directly (shared seam with #426), and making the TUI a pure event subscriber — is multi-week work coordinated across #3142/#3154/#3159/#3178/#3097. Thank you for the architecture framing that shaped the whole train.

  • #3217 — Role-based effective runtime profiles for fleet/sub-agent workers (one shared resolver) v0.8.61 update (Train 3): the WorkerRuntimeProfile substrate landed and is now wired into real routing. We added the WorkerRuntimeProfile foundation (role/permissions/shell/tools/model-route/depth/background + non-escalating derive_child intersection, commit 52765e7a9), wired runtime worker profiles into the subagent/fleet paths (43cfb6bcd), and route sub-agent assignment through the profile's model so scout/tool roles get a provider-aware cheap lane while synthesis inherits the session route (3761339bb). Keeping OPEN: this is explicitly a multi-PR epic. The full target — one shared resolver both the fleet and agent_open paths call, the none/read-only/background/write shell-policy replacement for the allow_shell boolean, parent>=child capability-narrowing proofs, and inspection surfacing — is gated on #3211/#3212/#3205 and remains. Foundation is in; the convergence onto a single resolver is the remaining work.

  • #3154 — Agent Fleet control-plane EPIC for always-running verifiable work v0.8.61 update (Train 3): the local-first foundation is solid and continues to grow — protocol types, durable ledger, scheduler policy, local + SSH host adapters, the exec-worker cutover (FleetExecutor running workers as real exec subprocesses, commits 91cbaf281/d47431269), CLI passthrough (fleet init/run/status/inspect/logs/artifacts/interrupt/restart/stop), and docs/FLEET.md all shipped. Keeping this OPEN as the umbrella per your 2026-06-14 retarget: the large remaining pieces — long-lived manager with resume-from-ledger, persisted/debounced/idempotent planner wakeups, a real SSH remote proof, day-scale runbooks, and goal-controller integration — are deliberately post-gate work and stay tracked here.

  • #3166 — Agent Fleet end-to-end dogfood smoke (large local + soak + parity) v0.8.61 update (Train 3): a CI-safe multi-worker dogfood smoke with injected failure ships (commit 5106ecfb2; fleet_dogfood_smoke_run_two_local_workers_two_tasks in fleet/manager.rs), alongside the v0.8.60 fake-subprocess dogfood + real exec-worker cutover. Keeping OPEN per your 2026-06-14 scope note: the larger acceptance set — 10+ tasks / 3+ workers with stale/retry proof, Runtime API parity, an SSH worker smoke, endurance/soak (24h/72h), continuation wakeups, log-retention proof, and a /goal-controlled long run — remains follow-up work tracked here.

  • #3167 — Agent Fleet org chart + Fleet setup modal / role picker v0.8.61 update (Train 3): the config substrate is in — FleetRolePreset (description/tool_profile/tools/capabilities/timeout/trust_level), the fleet roles map, resolve_role, and built-in presets (smoke-runner/reviewer/builder/read-only) all exist in crates/config/src/lib.rs, and worker model routing now reads role profiles. Keeping OPEN: the retargeted product scope is still unbuilt — there is no Fleet setup modal in config_ui.rs, no /fleet party or /fleet roles command, no provider/model picker reusing configured providers, no UI-written persisted role->profile map, and no calmer-palette pass. Those are the remaining deliverables. Thanks for the org-chart framing.

  • #2211 — Sub-agent fanout + hidden worktrees saturate the TUI during release work v0.8.61 update (Train 3): the two slices you'd already surfaced are confirmed landed on this branch — the workspace-discovery skip-list (.worktrees/.claude/worktrees/.deepseek/snapshots) and running_count keeping finished-but-unreconciled Running agents counted so a burst can't refill the cap (regression test test_running_count_counts_running_agents_until_status_reconciles). The parent also no longer barriers on running sub-agents (3d69f2642) and cancellation is observed between tool batches (a6946812d). Keeping OPEN: the residual — fully nonblocking fanout/backpressure, saturated-cap queue-instead-of-reject behavior, and clearer active/completed/queued/stale sidebar states — is the same durable-worker redesign tracked under #3216. Tracking the remainder there rather than reimplementing here.

  • #3215 — Make goal mode a durable cross-turn work loop (hub for #891/#1976/#2058) v0.8.61 update (Train 4 — goal mode): substantial slices of the durable goal loop landed. We added the GoalLoop orchestrator decision core (decide_continuation, commits d05c6709e/704de247d) and routed turn-loop continuation through it; goal progress now accrues durably via record_thread_goal_usage on the ThreadGoal store (875e5fd3a), and that accounting is bridged to a visible surface (e6784e538). This makes the continuation a real decision core with durable per-goal token/time accounting rather than only a bounded within-turn prompt injection. Keeping OPEN as the hub: fully unifying the three goal models (HuntState / runtime GoalState / durable ThreadGoal) onto one source of truth, and the complete cross-turn re-dispatch scheduler with the steering contract, is multi-system epic work that continues past this release. Thank you for the 9-step plan that anchored the whole train.

  • #891 — Codex-style /goal long-running task mode v0.8.61 update (Train 4): goal mode advanced via the #3215 hub. Goal mode already exists across all layers (/goal lifecycle set/clear/pause/resume/complete/blocked+budget, model-visible create_goal/get_goal/update_goal tools with mandatory completion evidence, durable ThreadGoalRecord storage, TUI bridge), and this release added the GoalLoop continuation decision core and durable per-goal token/time accounting (commits d05c6709e/704de247d/875e5fd3a/e6784e538). Keeping OPEN per your 2026-06-14 note that uses #891 as the acceptance sweep rather than standalone work: the full autonomous-loop + single-source-of-truth state bridge is owned by #3215 and is still converging. We'll close #891 against the #3215 acceptance criteria once unification completes.

  • #1976 — Goal mode persistent objective/workflow surface v0.8.61 update (Train 4): tracked as the UX/design reference for the goal-mode family; the concrete work lives in hub #3215, which advanced this release (GoalLoop decision core + durable per-goal token/time accounting + visible accounting bridge, commits d05c6709e/704de247d/875e5fd3a/e6784e538). The pieces exist (durable get/set/clear in core + app-server endpoints; the interactive /goal projection in the TUI) but the bridge unifying them into one durable contract is the remaining work, carried under #3215. Keeping OPEN and linked to #3215 rather than scheduling separate implementation, per your 2026-06-14 retarget.

  • #2058 — Full Codex goal-system port (9 phases, persistent loop, SQLite store, scheduler) v0.8.61 update (Train 4): the actionable near-term slice was carved into #3215, which advanced this release (durable per-goal accounting + the GoalLoop continuation decision core). This issue itself stays OPEN and out of the 0.8.61 gate: per your 2026-06-10 and 2026-06-14 comments the remainder is re-scoped to v0.9.0 as a WhaleFlow LoopUntil consumer (full continuation loop + SQLite goal store + scheduler), and it is not labeled v0.8.61. Tracking the durable-goal foundation under #3215 and the full port here for v0.9.0.

  • #3218 — Gate /swarm until the durable-worker substrate is real v0.8.61 update (Train 4): /swarm prompt-fanout is kept gated this release (commit 64409f7a9, fix(swarm): keep prompt fanout gated) so we don't promote the unsafe in-process agent_open-per-subtask pattern before the substrate holds. Keeping OPEN intentionally: the issue resolves only when /swarm is either rerouted through the durable Fleet/goal path or formally feature-gated, which is tied to the durable-worker (#3216), worker-profile (#3217), worker-model-routing (#3205), and goal-mode (#3215) epics that are still converging. Staying gated is the correct interim contract; we'll close this once /swarm rides the durable path. Thanks for flagging the unsafe default.

  • #2029 — Sub-agent checkpoint/continue across turns v0.8.61 update (Train 4): the substrate is largely landed and got the projection aliases you asked for. Interrupted (not Failed) state + a continuable SubAgentCheckpoint + agent_eval resume via continue_from_checkpoint already exist, and this release exposed needs_continuation and timed_out_with_checkpoint projection fields so interrupted workers can be checkpointed and continued across turns through the existing resume path (commit 9416a7a79). Keeping OPEN: a couple of acceptance items remain — per-[subagents] max_runtime/max_turns (only api_timeout_secs exists today; max_turns is fleet-level) and an end-to-end checkpoint->timeout->resume->complete test that proves the summary survives. Remaining work ties to #3216/#3217 per your 2026-06-14 note.

  • #3224 — Keyboard shortcut renovation for composer, queued steering, and terminal conflicts Partially addressed in v0.8.61 (Train 5). The highest-value slice landed: Ctrl+S send, Ctrl/Cmd+Enter steering into busy/model-wait turns with terminal-conflict handling, indexed /queue send, and visible queued-follow-up row actions, all with regressions (crates/tui/src/tui/ui.rs, ui/tests.rs). Keeping this open for the broader shortcut-renovation sweep it asks for — a full cross-surface audit/renovation of composer chords and discoverability beyond the queued-steering/terminal-conflict path delivered here. Tracking the remaining renovation work alongside the helper-hint audit (#3091/#3194).

  • #2666 — Agents need visible token context and resource usage during long tasks Partially advanced in v0.8.61 (Train 5). We landed the resource_telemetry foundation (token/time/budget accounting with a compact human summary) and a user-facing footer throughput display (crates/tui/src/resource_telemetry.rs, tui/footer_ui.rs). What remains, and why this stays open: the core ask is in-band, agent-visible telemetry pushed to the model itself during a run (context-pressure bucket, running child-agent count, cost-known/unknown wording appended to the runtime prompt), gated by a setting and kept volatile-content-last so it does not bust the prefix cache. That cross-cutting turn-loop + prompt-cache work is deferred; acceptance criteria (which signals, what cadence) still need to be defined as step one per the issue.

  • #3207 — Binary requires GLIBC_2.39 (Ubuntu 24.04), fails on Ubuntu 22.04 (glibc 2.35) Mitigated, not root-fixed, in v0.8.61 (Train 6). We added a client-side glibc preflight: codewhale update now scans downloaded Linux assets for their highest required GLIBC_ symbol and refuses to install a binary the host glibc cannot run, routing the user to a compatible install path instead of a cryptic loader crash; the npm wrapper and install.sh carry the same guard, with tests (crates/cli/src/update.rs, npm/codewhale/scripts/preflight-glibc.js, scripts/release/install.sh, docs/INSTALL.md). What remains: the release pipeline still builds x86_64/aarch64 linux-gnu natively on ubuntu-latest (glibc 2.39), so the published binary's floor is unchanged and 22.04 users are still blocked rather than served. The real fix — pin the gnu jobs to ubuntu-22.04, or ship a musl/static asset, or build in an older-glibc container — is a release-infra change (.github/workflows/release.yml + nightly.yml) we are keeping open as an owner decision.

  • #2917 — deepseek update fails with 'not found on PATH or in sibling directory' after rename Partially addressed in v0.8.61 but the exact reported path is NOT fixed. The legacy guard fires when a deepseek*-named binary runs codewhale update (it bails with full reinstall guidance). But the reported invocation is deepseek update, which the codew_legacy_shim forwards to a codewhale that is absent, so the user still hits the bare shim NotFound message (codew_legacy_shim.rs:19-24,46-49) with no reinstall guidance. Remaining work: make the shim's NotFound branch emit the same migration guidance as legacy_binary_message, and decide product behavior for deepseek <subcommand> when codewhale is absent (the binary-naming/migration matrix needs a deliberate decision, not a string swap). Keeping open.

  • #2924 — Can't update via npm Keeping open as needs-info. The issue body is the unmodified bug template (no steps/expected/actual/logs/version) and no failure mode was supplied. The npm update path is sound in v0.8.61: npm install -g codewhale@latest re-downloads when the .version marker differs from the pinned codewhaleBinaryVersion, with retry/backoff, proxy support, checksum verify, and glibc preflight; update.rs also handles the most likely real cause (a legacy deepseek-tui binary) with an explicit reinstall message. Without a concrete repro there is no safe code change. @tiangangQiu, if you can share the codewhale/npm version, OS, and the exact error output we will reopen and dig in.

  • #1067 — Prebuilt Linux binaries require GLIBC_2.38/2.39 but server has glibc 2.35 Not closeable in v0.8.61. The npm wrapper added a preflight guard (preflight-glibc.js detects host glibc and refuses + routes to cargo/source), which improves the failure experience, but it does NOT make the binary compatible with glibc 2.35 — the gnu Linux targets still build on ubuntu-latest (glibc 2.39 floor) with no lower-glibc container, musl/static asset, or zig pinning. A real fix is a release.yml matrix change (lower-glibc container, musl/static x86_64, or cross/zig pinning) that must be dry-run against the release pipeline. Tracking as a release-channel task (issue also carries v0.8.69). Keeping open.

  • #3192 — Submit CodeWhale to the agentclientprotocol/registry Foundation prepared in v0.8.61 (commit 6efb61643 docs(acp): prepare registry submission), but this stays open by design. The deliverable is an external PR to agentclientprotocol/registry (reporter already opened registry issue #302), which cannot be completed from this repo, and the current stdio adapter is minimal: session/cancel is still a no-op stub (acp_server.rs:135) with no streaming/permission/fs capability surface. Remaining: decide whether the baseline adapter is registry-ready or whether cancel + richer session/update streaming should land first, then file the manifest entry and the external PR. Keeping open as an ACP-registry-readiness task; will not auto-land.

  • #3074 — Per-theme accent/selection color override for dark themes (Signal Gold unreadable) Foundation only in v0.8.61 (commit 833bbb040 feat(tui): add theme_override foundation for per-theme accent/selection colors). The substrate is in, but the user-facing capability the issue asks for is NOT yet wired: there is still no accent_color/selection_color override field threaded through palette construction with hex validation, and the dark-theme selection_bg contrast (gold-on-selection in tokyo-night/catppuccin-mocha/dracula/dark) is not yet audited/fixed against theme_qa_audit.rs. Remaining: thread the override into TuiPrefs + config schema and/or land the contrast-only legibility fix with theme_qa tests. Keeping open until the consumer ships.

  • #3004 — Resolve api_key dynamically via a user script/helper (apiKeyHelper-style) Not implemented in v0.8.61. There is no api_key_command/apiKeyHelper/credential_helper path today (only config-file > env > OS-keyring resolution). The design surface (precedence, in-process caching, redaction/security, cross-platform shell spawn) plus tests is real work, and both the maintainer intake note and a community comment signal lower priority. Remaining: add an optional api_key_command field to the provider/config structs and a resolution tier that runs the command, trims stdout, caches in-process, and never persists the value. Keeping open as a tracked enhancement.

  • #3076 — Alphabetize provider ordering in model/provider UI Foundation only in v0.8.61. A neutral-ordering helper landed (commit 6da8c5ae7 feat(config): add providers_sorted_for_display()), but it is not yet consumed by the pickers: ProviderKind::ALL still leads with DeepSeek and the model picker still lists the active provider first. Remaining: point /model and the provider picker/completion surfaces at providers_sorted_for_display() (keep the active provider highlighted but not hard-first), and add tests asserting display order is alphabetical and differs from ALL order. It also intersects the unmerged provider-aware search (#3075). Keeping open until the UI surfaces adopt the helper.

How to use

These draft comments are not yet posted and these issues are not yet closed. Posting each comment and closing the corresponding issue (or PR #3013 as duplicate) is gated on the v0.8.61 release actually shipping — i.e., the tag/GitHub Release is published and binaries are out. Until then this manifest is a staging document only.

Per repository stewardship policy, maintainer (Hunter) approval is required before any of these comments are posted, any issue is closed, or any release artifact is pushed. When the release lands and is approved:

  1. Post the blockquoted comment on each "Ready to close" issue, then close it as completed (reference v0.8.61).
  2. Post the duplicate comment on PR #3013 and close it as not-planned/duplicate of #2960.
  3. Leave every "Keep open" issue open; the remaining-work note may be posted as a v0.8.61 status update but the issue stays open against its tracked follow-up / milestone.
  4. Preserve contributor credit on all harvested-PR closures (#3201/@mvanhorn, #3197/@nightt5879, #3195/@cyq1017, #3220/@RobertEmprechtinger, #3199/@gaord, #3221/@hongchen1993) and on the linked issues they resolved (#3066, #3069).

If the release slips or is pulled, do not post or close — re-verify each "shipped in v0.8.61" claim against the actually-released commit first.