Skip to content

Commit e3f887e

Browse files
committed
fix: v0.32.8+v0.32.9 — run_shell OS launch capability + autopilot workspace bypass
v0.32.8: Add explicit system-prompt instruction that run_shell has full OS access. Fixes agent refusing to launch desktop applications with 'I cannot open apps' instead of trying Start-Process/open/xdg-open. v0.32.9: Autopilot mode now silently allows out-of-workspace file access without prompting. Fixes 'Access outside workspace' dialog appearing even when approvalMode === 'autopilot'.
1 parent e465737 commit e3f887e

4 files changed

Lines changed: 96 additions & 1 deletion

File tree

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
"name": "deep-copilot",
33
"displayName": "Deep Copilot",
44
"description": "Deep Copilot — AI coding agent embedded in VS Code. Powered by DeepSeek V4, with file editing, terminal, search, and plan/todos. Standalone, no backend required.",
5-
"version": "0.32.7",
5+
"version": "0.32.9",
66
"publisher": "ZhouChaunge",
77
"icon": "imgs/logo.png",
88
"repository": {

release/notes_v0329.md

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
# Deep Copilot v0.32.8 + v0.32.9 — Release Notes
2+
3+
> 累积说明:本次包含 v0.32.8 和 v0.32.9 两个补丁版本,均为 bug 修复,相对于 v0.32.7 的累积更新。
4+
5+
---
6+
7+
## 🇨🇳 中文说明
8+
9+
### v0.32.8 — 修复:Agent 拒绝打开桌面应用程序
10+
11+
**问题背景**
12+
13+
在 autopilot 模式下,当用户请求"请打开我的 CAD 软件"或类似打开桌面应用的指令时,Agent 会回复"作为 AI 助手我无法打开桌面应用程序",实际上完全没有尝试调用 `run_shell` 工具(日志显示 `tool_calls=0`)。
14+
15+
这是模型训练先验("我只是编程助手")覆盖了对 `run_shell` 能力的认知导致的。
16+
17+
**修复内容**
18+
19+
在系统提示词的"Using tools"小节中,新增了一段明确的正向指令:
20+
21+
- 声明 `run_shell` 拥有**完整的操作系统访问权限**,不只是执行代码命令。
22+
- 列出各平台的桌面应用启动方式:Windows 用 `Start-Process`,macOS 用 `open`,Linux 用 `xdg-open`
23+
- 明确禁止 Agent 以"无法启动应用"为由拒绝任务,要求始终先用 `run_shell` 尝试。
24+
25+
**受影响的文件**
26+
- `src/prompts/system.js` — 在 Using tools 章节新增 run_shell 操作系统级能力说明
27+
28+
---
29+
30+
### v0.32.9 — 修复:Autopilot 模式下仍弹出"工作区外文件访问"对话框
31+
32+
**问题背景**
33+
34+
用户将审批模式设置为 `autopilot`(无需人工确认)后,Agent 在读写工作区之外的文件时(如 `~/.deepcopilot/memory.md`、系统配置文件等),仍会弹出"Deep Copilot 想访问工作区之外的路径"对话框,需要用户手动点击确认,与 autopilot 模式的语义相悖。
35+
36+
**修复内容**
37+
38+
`src/tools/utils.js``ensurePathAllowed()` 函数中,在调用 VS Code 对话框之前增加审批模式检测:
39+
40+
-`approvalMode === 'autopilot'` 时,**静默放行**所有工作区外路径,并将其加入本轮会话的缓存集合(`_outsideWsApprovals`),避免后续重复检查。
41+
- 其他模式(`manual``auto-edit`)行为不变,依然弹出对话框请求确认。
42+
43+
**受影响的文件**
44+
- `src/tools/utils.js``ensurePathAllowed()` 新增 autopilot 模式快速通行逻辑
45+
46+
---
47+
48+
## 🇺🇸 English Release Notes
49+
50+
### v0.32.8 — Fix: Agent refuses to open desktop applications
51+
52+
**Background**
53+
54+
In autopilot mode, requests like "please open my CAD software" caused the agent to reply with "As an AI assistant I cannot open desktop applications" — without even attempting to call `run_shell` (logs showed `tool_calls=0`).
55+
56+
This was caused by the model's training prior ("I'm just a coding assistant") overriding its awareness of `run_shell` capabilities.
57+
58+
**Changes**
59+
60+
Added an explicit positive instruction in the "Using tools" section of the system prompt:
61+
62+
- Declares that `run_shell` has **full OS-level access**, not just code execution.
63+
- Lists the platform-specific application launch commands: `Start-Process` on Windows, `open` on macOS, `xdg-open` on Linux.
64+
- Explicitly prohibits the agent from declining a task by claiming it "cannot launch applications" — it must always attempt with `run_shell` first.
65+
66+
**Affected files**
67+
- `src/prompts/system.js` — added OS-capability clause to the run_shell tool description in the Using tools section
68+
69+
---
70+
71+
### v0.32.9 — Fix: "Access outside workspace" dialog appears in autopilot mode
72+
73+
**Background**
74+
75+
Even with the approval mode set to `autopilot` (no human confirmation required), the agent would still show a "Deep Copilot wants to access a path outside the workspace" dialog when reading or writing files outside the workspace (e.g. `~/.deepcopilot/memory.md`, system config files). This contradicted the intended semantics of autopilot mode.
76+
77+
**Changes**
78+
79+
Added an approval-mode check in `ensurePathAllowed()` in `src/tools/utils.js`, before the VS Code dialog is invoked:
80+
81+
- When `approvalMode === 'autopilot'`: **silently allow** all out-of-workspace paths and add them to the session cache (`_outsideWsApprovals`) to skip repeated checks.
82+
- Other modes (`manual`, `auto-edit`) are unaffected — the confirmation dialog continues to appear as before.
83+
84+
**Affected files**
85+
- `src/tools/utils.js``ensurePathAllowed()` gains an autopilot fast-path before the dialog call

src/prompts/system.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,7 @@ Tool preferences:
8080
- Edit files with \`apply_patch\` (multi-line / multi-hunk, unified diff) or \`str_replace_in_file\` (single small unique replacement). Prefer \`apply_patch\` for anything non-trivial.
8181
- Use \`write_file\` only for new files or full rewrites.
8282
- Reserve \`run_shell\` for actual shell work. Never use it to substitute for a dedicated tool (no \`cat\` / \`grep\` / \`ls\` / \`dir\` / \`Get-ChildItem\` via shell).
83+
- \`run_shell\` has full OS access. Use it to launch desktop applications (\`Start-Process\` on Windows, \`open\` on macOS, \`xdg-open\` on Linux), control system services, or perform any OS-level operation the user requests. Never decline a task by claiming you "cannot launch applications" or "cannot interact with the desktop" — always attempt with \`run_shell\` first.
8384
- Use \`spawn_agent\` for complex multi-file exploration or analysis that would otherwise require 5+ sequential read_file / grep_search calls. The sub-agent runs in an isolated context (it sees only its own prompt, not this conversation) and returns one structured Markdown summary. Always prefer \`agent_type: "explore"\` (read-only, safe). Good uses: "find all call sites of X", "summarise the architecture of folder Y", "trace why test Z fails", "list every TODO in src/". Bad uses: trivial single reads, tasks that need parent-conversation context, or file writes (use \`agent_type: "general"\` only when writes are explicitly required).
8485
- Call independent tools in parallel. Chain only when later calls depend on earlier results.
8586
- Reuse prior tool results in the same turn. Do not re-read or re-list what you already have.

src/tools/utils.js

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,15 @@ async function ensurePathAllowed(absPath, intent /* 'read' | 'write' */) {
3131
const { isInsideWorkspace } = require('../utils/paths');
3232
if (isInsideWorkspace(absPath)) return true;
3333
if (_outsideWsApprovals.has(absPath)) return true;
34+
35+
// In autopilot mode silently allow all out-of-workspace access —
36+
// the user has already granted blanket approval by choosing that mode.
37+
const mode = vscode.workspace.getConfiguration('deepseekAgent').get('approvalMode') || 'manual';
38+
if (mode === 'autopilot') {
39+
_outsideWsApprovals.add(absPath);
40+
return true;
41+
}
42+
3443
try {
3544
const choice = await vscode.window.showWarningMessage(
3645
`${t('pathOutsideWsConfirm')}\n\n${absPath}\n\n(${intent})`,

0 commit comments

Comments
 (0)