Upstream changes detected: ACP spec, Gemini CLI, Codex CLI (App Server Protocol), GitHub Copilot CLI, Qwen Code

[github-actions]

This issue was opened automatically by upstream-watch.yml on 2026-06-22 because at least one upstream project this plugin depends on shipped a new release.

Detected changes

ACP spec — v0.13.6 → schema-v1.14.0

• Release: Schema v1.14.0 (published 2026-06-18)
• Why this matters for the plugin: Defines the JSON-RPC methods the plugin's acp-client.mjs implements. Spec changes can introduce new methods we should handle (e.g. terminal/*, session/request_permission, cursor/ask_question).

Release notes excerpt

Added

• Add unstable model config category (#1455)

Other

• Clean up missing documentation on various schemas and builder (#1454)
• various cleanups (#1453)
• Clarify schema release versioning docs (#1443)

Gemini CLI — v0.46.0 → v0.47.0

• Release: Release v0.47.0 (published 2026-06-18)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/gemini.mjs. Watch for changes to ACP handshake, model alias resolution, MCP support, or new approval modes.

Release notes excerpt

What's Changed

• chore(release): bump version to 0.47.0-nightly.20260602.gcfcecebe8 by @gemini-cli-robot in chore(release): bump version to 0.47.0-nightly.20260602.gcfcecebe8 google-gemini/gemini-cli#27644
• Changelog for v0.46.0-preview.0 by @gemini-cli-robot in Changelog for v0.46.0-preview.0 google-gemini/gemini-cli#27641
• Respect backend definitions for 3.5 flash and Update auto mode to use 3.5 flash when the flag is enabled. by @DavidAPierce in Respect backend definitions for 3.5 flash and Update auto mode to use 3.5 flash when the flag is enabled. google-gemini/gemini-cli#27645
• fix(policy): add EBUSY fallback and TOML parse recovery (#19919) by @krishdef7 in fix(policy): add EBUSY fallback and TOML parse recovery (#19919) google-gemini/gemini-cli#21541
• Changelog for v0.45.0 by @gemini-cli-robot in Changelog for v0.45.0 google-gemini/gemini-cli#27642
• update the max amount of times the Antigravity transition banner can be displayed. by @DavidAPierce in update the max amount of times the Antigravity transition banner can be displayed. google-gemini/gemini-cli#27676
• chore: remove experimental text from browser agent docs by @gsquared94 in chore: remove experimental text from browser agent docs google-gemini/gemini-cli#27746
• fix(core): implement atomic update in MCP tool discovery by @luisfelipe-alt in fix(core): implement atomic update in MCP tool discovery google-gemini/gemini-cli#27619
• Vertex ai model mapping fix by @DavidAPierce in Vertex ai model mapping fix google-gemini/gemini-cli#27749
• Add documentation and migration commands for Antigravity CLI by @DavidAPierce in Add documentation and migration commands for Antigravity CLI google-gemini/gemini-cli#27765
• Avoid persisting empty resume sessions by @SandyTao520 in Avoid persisting empty resume sessions google-gemini/gemini-cli#27770
  Full Changelog: google-gemini/gemini-cli@v0.46.0...v0.47.0

Codex CLI (App Server Protocol) — rust-v0.139.0 → rust-v0.141.0

• Release: 0.141.0 (published 2026-06-18)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/codex.mjs and app-server.mjs. Watch for sandbox mode changes, new approval policies, or app-server protocol updates.

Release notes excerpt

New Features

• Remote executors now use authenticated, end-to-end encrypted Noise relay channels. (#26242, #26245)
• Cross-platform remote execution now preserves executor-native working directories and shells, including filesystem permission paths across app-server and exec-server boundaries. (#27819, #27995, #28032, #28122, #28165, #28367)
• Selected executor plugins can activate their stdio MCP servers per thread; plugin discovery also adds a created-by-me marketplace and auth-specific curated catalogs. (#27870, #27884, #27893, #28203, #28383)
• App-server clients can list immediate child threads, correlate external-agent imports with detailed results, and read or redeem rate-limit reset credits. (#26662, #28008, #28143)
• Realtime clients can explicitly append speech, control how Codex responses enter conversations, and omit startup context. (#27917, #28405)
• TUI input prompts can auto-resolve after inactivity, with a countdown that pauses on interaction. (#28235)

Bug Fixes

• Hook trust bypass now persists through codex exec thread start and resume, while blocking PostToolUse hooks correctly reject code-mode tool calls. (#26434, #28365)
• Plugin capabilities now route consistently by authentication mode, deduplicate conflicting App/MCP declarations, and preserve remote marketplace ordering. (#27461, #27602, #27607, #27902, #27958, #28395)
• Windows sandbox execution repairs stale credentials automatically and gives PowerShell commands more time before backgrounding. (#27086, #27944)
• Idle exec-server relays remain connected, and steered user input immediately interrupts wait_agent. (#28286, #28341)
• Bundled SQLite is pinned to a version containing the WAL-reset corruption fix. (#27992)
• TLS connections now support P-521 certificate signatures commonly used by enterprise proxies. (#27706)

Chores

• Reduced latency and memory use in large, tool-heavy sessions by caching tool search and eliminating repeated request and history copies. (#27258, #27813, #28306, #28309, #28313, #28323, #28327)
• Bounded prompt-image caching to 64 MiB and feedback uploads to eight related threads. (#28294, #28332)
• Terminal resize reflow is now always enabled, ignoring obsolete disabled settings. (#27794)

Changelog

Full Changelog: openai/codex@rust-v0.140.0...rust-v0.141.0

• #28001 [codex] package Windows ARM64 on x64 @tamird
• #28032 [codex] Carry exec-server cwd as PathUri @anp-oai
• #27607 [codex] Dedupe plugin MCPs by app declaration name @felixxia-oai
• #27992 [codex] Pin bundled SQLite to fixed WAL-reset version @gpeal
• #28125 build: run buildifier from just fmt @anp-oai
• #28120 bazel: add PowerShell to Wine test harness @anp-oai
• #27819 path-uri: render native paths across platforms @anp-oai
• #28122 [codex] exec-server honors remote environment cwd and shell @anp-oai
• #26662 feat(app-server): filter threads by parent @btraut-openai
• #27884 Add selected-plugin precedence and attribution to the MCP catalog @jif-oai

…(release notes truncated; click the link above for the full text)

GitHub Copilot CLI — v1.0.62 → v1.0.63

• Release: 1.0.63 (published 2026-06-16)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/copilot.mjs. Watch for ACP changes, slash-command additions/removals, or auth flow changes.

Release notes excerpt

2026-06-15

• Blocked image attachments now explain what to do — enable vision via the "Editor preview features" policy, switch to a vision-capable model, or try a different image — instead of showing a confusing error.
• Options in --help output sort alphabetically, including options that have two long flags
• Auth validation errors (e.g., VPN or IP allowlist failures) are now shown in the sign-in banner with guidance to check network access
• Show fork-based pull requests in /pr and the branch PR badge
• Resume remote sessions when the local and remote repository names differ only by case
• Show the spill file path when read_bash output is too large
• Include recent local sessions in /chronicle standup
• Restore /responses WebSocket connections
• Retry transient 401 auth failures in HMAC and OAuth modes
• Press w in /diff to hide whitespace-only changes
• Add deferTools option to MCP server config to keep a server's tools always available, even when tool search is enabled
• Agent mode is tracked per session, so it no longer carries over when you create, clear, or switch sessions
• Pressing Enter opens the highlighted issue details
• Plan review menus work on strict OpenAI-compatible backends
• Prevent Windows crashes when the native runtime addon loads in a corrupted host process heap
• Recover from unreadable native document attachments by falling back to file-path uploads
• Keep reverse search aligned in the input footer while you search command history
• PostToolUse hook matchers (e.g. Edit|Write) are now honored instead of silently dropped, so formatters and linters run only after the tools they target
• Improve reliability of OpenAI, Anthropic, and Azure OpenAI requests
• Experimental: /rewind no longer requires git and restores only the files Copilot changed (leaving your own edits intact), with a conversation-only or conversation + files choice

Qwen Code — v0.18.1 → v0.18.5

• Release: Release v0.18.5 (published 2026-06-21)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/qwen.mjs. Watch for ACP support changes (the --acp flag graduated from --experimental-acp recently).

Release notes excerpt

What's Changed

• fix(core): require opt-in for plan mode prompt by @tt-a1i in fix(core): require opt-in for plan mode prompt QwenLM/qwen-code#5433
• test(core): drop duplicate gitdiff untracked count case by @tt-a1i in test(core): drop duplicate gitdiff untracked count case QwenLM/qwen-code#5468
• fix(core): evaluate ignore files named with dot prefixes by @tt-a1i in fix(core): evaluate ignore files named with dot prefixes QwenLM/qwen-code#5458
• fix(core): enforce shell directory workspace boundary by @tt-a1i in fix(core): enforce shell directory workspace boundary QwenLM/qwen-code#5454
• fix(core): validate lsp socket ports by @tt-a1i in fix(core): validate lsp socket ports QwenLM/qwen-code#5493
• fix(core): parse max output token env strictly by @tt-a1i in fix(core): parse max output token env strictly QwenLM/qwen-code#5491
• fix(core): detect providers by hostname by @tt-a1i in fix(core): detect providers by hostname QwenLM/qwen-code#5450
• fix(cli): validate ACP glob max results by @tt-a1i in fix(cli): validate ACP glob max results QwenLM/qwen-code#5480
• fix(core): allow dot-prefixed plans directories by @tt-a1i in fix(core): allow dot-prefixed plans directories QwenLM/qwen-code#5460
• fix(extensions): fetch http marketplaces with http client by @tt-a1i in fix(extensions): fetch http marketplaces with http client QwenLM/qwen-code#5452
• fix(cli): parse FORCE_HYPERLINK strictly by @tt-a1i in fix(cli): parse FORCE_HYPERLINK strictly QwenLM/qwen-code#5489
• fix(core): parse tool concurrency env strictly by @tt-a1i in fix(core): parse tool concurrency env strictly QwenLM/qwen-code#5496
• fix(cli): enforce custom theme home boundary by @tt-a1i in fix(cli): enforce custom theme home boundary QwenLM/qwen-code#5456
• fix(dingtalk): skip uppercase webhook reaction targets by @tt-a1i in fix(dingtalk): skip uppercase webhook reaction targets QwenLM/qwen-code#5466
• fix(desktop): accept uppercase icon URL schemes by @tt-a1i in fix(desktop): accept uppercase icon URL schemes QwenLM/qwen-code#5470
• fix(cli): reject partial session size values by @tt-a1i in fix(cli): reject partial session size values QwenLM/qwen-code#5475
• fix(telegram): clear typing intervals on disconnect by @tt-a1i in fix(telegram): clear typing intervals on disconnect QwenLM/qwen-code#5477
• fix(cli): respect installation path boundaries by @tt-a1i in fix(cli): respect installation path boundaries QwenLM/qwen-code#5441
• fix: accept uppercase endpoint URL schemes by @tt-a1i in fix: accept uppercase endpoint URL schemes QwenLM/qwen-code#5443
• fix(core): reject fractional computer-use integer strings by @tt-a1i in fix(core): reject fractional computer-use integer strings QwenLM/qwen-code#5500
• fix(core): match provider base URL slash variants by @tt-a1i in fix(core): match provider base URL slash variants QwenLM/qwen-code#5448
• fix(cli): enforce temp path boundaries for at-file by @tt-a1i in fix(cli): enforce temp path boundaries for at-file QwenLM/qwen-code#5446
• fix(desktop): preserve uppercase favicon URLs by @tt-a1i in fix(desktop): preserve uppercase favicon URLs QwenLM/qwen-code#5463
• fix(desktop): parse NO_PROXY ports strictly by @tt-a1i in fix(desktop): parse NO_PROXY ports strictly QwenLM/qwen-code#5498
• fix(serve): validate session reaper timeouts by @tt-a1i in fix(serve): validate session reaper timeouts QwenLM/qwen-code#5484
• fix(extensions): handle uppercase npm registry schemes by @tt-a1i in fix(extensions): handle uppercase npm registry schemes QwenLM/qwen-code#5437
• fix(core): add missing Token Plan models (qwen3.7-plus, glm-5.2, kimi-k2.7-code) by @huww98 in fix(core): add missing Token Plan models (qwen3.7-plus, glm-5.2, kimi-k2.7-code) QwenLM/qwen-code#5505
• fix(cli): wire ACP model-invocable commands by @tt-a1i in fix(cli): wire ACP model-invocable commands QwenLM/qwen-code#5504

…(release notes truncated; click the link above for the full text)

Also worth checking (manual — Copilot, please research these too)

• Cursor agent CLI — changelog: https://cursor.com/changelog · forum (bug reports): https://forum.cursor.com/c/bug-report/6
  • Drives plugins/multi/scripts/lib/adapters/cursor.mjs. The plugin currently works around the 2026.04.17-787b533 ACP regression (see maybeWarnAboutCursorVersion and ensureCursorAllowlist). When Cursor ships a fix, both workarounds can likely be simplified or removed.

Plugin files most likely to need updates

• plugins/multi/scripts/lib/acp-client.mjs (shared ACP JSON-RPC client; buildAutoApproveRequestHandler)
• plugins/multi/scripts/lib/acp-terminals.mjs (client-side terminal services)
• plugins/multi/scripts/lib/mcp-servers.mjs (MCP wiring for ACP session/new)
• plugins/multi/scripts/lib/adapters/{codex,gemini,cursor,copilot,qwen}.mjs (per-CLI adapters)
• plugins/multi/scripts/multi-cli-companion.mjs (companion runtime + dispatch)

What I'd like you to do, @copilot

1. Read the linked release notes for each detected change above, plus the manual-reference changelogs.
2. Compare what changed against the relevant adapter / shared code in this repo. Look specifically for:
   • New ACP methods we should handle in acp-client.mjs's buildAutoApproveRequestHandler
   • Renamed / deprecated CLI flags or model IDs hardcoded in any adapter
   • New CLI capabilities that obsolete a workaround we currently ship (e.g., the Cursor 2026.04.17 regression workaround in cursor.mjs — check if a newer Cursor release fixes it, and if so, propose removing maybeWarnAboutCursorVersion and the allowlist-injection or scoping it tighter)
   • Breaking changes that would silently break the plugin
3. For each change that warrants action, open a focused PR against master with the minimal fix. Reference the upstream release / commit / forum thread in the PR description.
4. If a detected change does NOT need any plugin update, reply on this issue with a short note saying "no plugin updates needed for X — reason: …" and close it.
5. If something is ambiguous (you can't tell from release notes whether the plugin is affected), ask in a comment rather than guessing.

You may use ACP_TRACE=1 and the rest of the diagnostic patterns documented in plugins/multi/skills/customize/SKILL.md if you want to verify behavior empirically.

---

State tracked in .github/upstream-state.json — bumped by this same workflow. If you want to suppress a noisy upstream from this watch, edit .github/scripts/upstream-watch.mjs.