Upstream changes detected: Gemini CLI, Codex CLI (App Server Protocol), GitHub Copilot CLI, Qwen Code

[github-actions]

This issue was opened automatically by upstream-watch.yml on 2026-05-11 because at least one upstream project this plugin depends on shipped a new release.

Detected changes

Gemini CLI — v0.40.1 → v0.41.2

• Release: Release v0.41.2 (published 2026-05-06)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/gemini.mjs. Watch for changes to ACP handshake, model alias resolution, MCP support, or new approval modes.

Release notes excerpt

What's Changed

• fix(patch): cherry-pick 02995ba to release/v0.41.1-pr-26568 to patch version v0.41.1 and create version 0.41.2 by @gemini-cli-robot in fix(patch): cherry-pick 02995ba to release/v0.41.1-pr-26568 to patch version v0.41.1 and create version 0.41.2 google-gemini/gemini-cli#26589
  Full Changelog: google-gemini/gemini-cli@v0.41.1...v0.41.2

Codex CLI (App Server Protocol) — rust-v0.128.0 → rust-v0.130.0

• Release: 0.130.0 (published 2026-05-08)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/codex.mjs and app-server.mjs. Watch for sandbox mode changes, new approval policies, or app-server protocol updates.

Release notes excerpt

New Features

• Plugin details now show bundled hooks, and plugin sharing exposes link metadata plus discoverability controls. (#21447, #21495, #21637)
• Added codex remote-control as a simpler entrypoint for starting a headless, remotely controllable app-server. (#21424)
• App-server clients can page large threads with unloaded, summary, or full turn item views. (#21566)
• Bedrock auth can now use AWS console-login credentials from aws login profiles. (#21623)
• view_image can resolve files through the selected environment for multi-environment sessions. (#21143)

Bug Fixes

• Live app-server threads now pick up config changes without requiring a restart. (#21187)
• Turn diffs stay accurate across apply-patch operations, including partial failures that still mutated files. (#21180, #21518)
• Thread summaries, renames, resume, and fork paths work better through ThreadStore, including threads without local rollout paths. (#21264, #21265, #21266)
• Remote compaction now emits response.processed for v2 streams and avoids sending service_tier on API-key compact requests. (#21642, #21676)
• Windows sandbox setup now grants sandbox users access to the desktop runtime binary cache. (#21564)
• Removed stale “research preview” wording from the codex exec startup banner. (#21683)

Documentation

• Fixed issue templates so CLI reports keep the intended guidance, labels apply correctly, and feature requests link to the right contributing docs. (#21685, #21686, #21688)
• Updated install and tooling docs to consistently use cargo install --locked. (#21592)

Chores

• Added a faster Cargo profiling build profile and disabled empty doctest targets to speed up Rust development loops. (#21574, #21584)
• Hardened dependency and CI hygiene with fully qualified GitHub Action pins, a Dependabot cooldown, and a cargo-shear upgrade. (#21436, #21547, #21599)
• Simplified internal surfaces by removing unused device-key APIs, extra skills roots, the remote thread-store implementation, and string-keyed MCP tool maps. (#21487, #21485, #21596, #21454)
• Added configurable OpenTelemetry trace metadata and richer review/feedback analytics for better debugging and triage. (#21556, #18747, #21434, #21498)

Changelog

Full Changelog: openai/codex@rust-v0.129.0...rust-v0.130.0

• #21494 [codex] fix PluginListParams test initializer @xli-oai
• #21447 Show plugin hooks in plugin details @abhinav-oai
• #21356 feat: make built-in MCPs first-class runtime servers @jif-oai
• #21180 Make turn diff tracking operation backed @jif-oai
• #21498 [codex] add account id to feedback uploads @pakrym-oai
• #21487 device-key: clean up unused crate @euroelessar
• #21518 fix: preserve exact turn diffs after partial apply_patch failures @jif-oai

…(release notes truncated; click the link above for the full text)

GitHub Copilot CLI — v1.0.40 → v1.0.44

• Release: 1.0.44 (published 2026-05-08)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/copilot.mjs. Watch for ACP changes, slash-command additions/removals, or auth flow changes.

Release notes excerpt

2026-05-08

• Path completion in /add-dir no longer flickers or gets intercepted by @ and # pickers
• Slash commands can now appear mid-input, and multiple skills can be invoked in a single message
• userPromptSubmitted hooks can now handle requests directly, bypassing the LLM and returning a response without making a model call
• Faster /user list and /user switch for multi-account users
• Add optional prerelease argument to copilot update and /update to fetch the latest prerelease build
• Shell commands via ! prefix work correctly with all shell configurations
• Shell aliases and rc file settings now work in ! commands
• Quota display correctly shows remaining usage for Free users instead of always showing 100% used
• Tool permissions granted in autopilot mode are preserved after /clear
• Effort level applies correctly when switching models via the /model picker
• Pressing Ctrl+C while a permission prompt is pending no longer causes the CLI to hang
• Project info remains visible in slash command picker when no results match
• Invalid URL entries in settings.json no longer crash CLI startup and are skipped with a warning
• Timeline shows the resolved model for rubber-duck sub-agents (e.g. Rubber-duck(claude-opus-4.7))

Qwen Code — v0.15.6 → v0.15.10

• Release: Release v0.15.10 (published 2026-05-10)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/qwen.mjs. Watch for ACP support changes (the --acp flag graduated from --experimental-acp recently).

Release notes excerpt

What's Changed

• chore(release): v0.15.9 by @qwen-code-ci-bot in chore(release): v0.15.9 QwenLM/qwen-code#3971
• fix(cli): validate /model command arguments by @yiliang114 in fix(cli): validate /model command arguments QwenLM/qwen-code#3963
• fix(core): log the OpenAI request actually sent on the wire by @tanzhenxin in fix(core): log the OpenAI request actually sent on the wire QwenLM/qwen-code#3767
• fix(core): drop disabled MCP server from health status registry by @BZ-D in fix(core): drop disabled MCP server from health status registry QwenLM/qwen-code#3916
• test(cli): drop wait-dependent SessionPicker search tests (closes #3977) by @qqqys in test(cli): drop wait-dependent SessionPicker search tests (closes #3977) QwenLM/qwen-code#3978
• feat(core): add reactive compression on context overflow by @doudouOUC in feat(core): add reactive compression on context overflow QwenLM/qwen-code#3879
• fix(core): filter Mistral reasoning content at request boundary by @cyphercodes in fix(core): filter Mistral reasoning content at request boundary QwenLM/qwen-code#3882
• fix(cli): preserve comments and formatting in settings.json during migration write-back by @B-A-M-N in fix(cli): preserve comments and formatting in settings.json during migration write-back QwenLM/qwen-code#3861
• [codex] fix monitor notifications for subagents by @doudouOUC in [codex] fix monitor notifications for subagents QwenLM/qwen-code#3933
• feat(memory): add autoSkill background project skill extraction by @LaZzyMan in feat(memory): add autoSkill background project skill extraction QwenLM/qwen-code#3673
• feat(cli): improve slash command discovery by @LaZzyMan in feat(cli): improve slash command discovery QwenLM/qwen-code#3736
• fix(cli): unfreeze Ctrl+O compact-mode toggle on long conversations by @chiga0 in fix(cli): unfreeze Ctrl+O compact-mode toggle on long conversations QwenLM/qwen-code#3905
• feat(core): support QWEN_HOME env var to customize config directory by @tanzhenxin in feat(core): support QWEN_HOME env var to customize config directory QwenLM/qwen-code#2953
• feat(vscode): add message edit/rewind and message metadata UI by @DragonnZhang in feat(vscode): add message edit/rewind and message metadata UI QwenLM/qwen-code#3762
• fix(cli): replace clearTerminal with targeted repaint on resize by @chiga0 in fix(cli): replace clearTerminal with targeted repaint on resize QwenLM/qwen-code#3967
• feat(telemetry) suppress OpenTelemetry diagnostics from UI by @doudouOUC in feat(telemetry) suppress OpenTelemetry diagnostics from UI QwenLM/qwen-code#3986
• fix(core): harden reactive compression follow-ups by @doudouOUC in fix(core): harden reactive compression follow-ups QwenLM/qwen-code#3985
• fix(core): throttle shell tool live text updates by @chiga0 in fix(core): throttle shell tool live text updates QwenLM/qwen-code#3902
• feat: add /diff command and git diff statistics utility by @BZ-D in feat: add /diff command and git diff statistics utility QwenLM/qwen-code#3491
• fix(core): unify Edit/WriteFile prior-read with Claude Code; close #3964 + #3945 by @wenshao in fix(core): unify Edit/WriteFile prior-read with Claude Code; close #3964 + #3945 QwenLM/qwen-code#4002
• feat(tools): add ToolSearch for on-demand loading of deferred tool schemas by @wenshao in feat(tools): add ToolSearch for on-demand loading of deferred tool schemas QwenLM/qwen-code#3589
  Full Changelog: QwenLM/qwen-code@v0.15.9...v0.15.10

Also worth checking (manual — Copilot, please research these too)

• Cursor agent CLI — changelog: https://cursor.com/changelog · forum (bug reports): https://forum.cursor.com/c/bug-report/6
  • Drives plugins/multi/scripts/lib/adapters/cursor.mjs. The plugin currently works around the 2026.04.17-787b533 ACP regression (see maybeWarnAboutCursorVersion and ensureCursorAllowlist). When Cursor ships a fix, both workarounds can likely be simplified or removed.

Plugin files most likely to need updates

• plugins/multi/scripts/lib/acp-client.mjs (shared ACP JSON-RPC client; buildAutoApproveRequestHandler)
• plugins/multi/scripts/lib/acp-terminals.mjs (client-side terminal services)
• plugins/multi/scripts/lib/mcp-servers.mjs (MCP wiring for ACP session/new)
• plugins/multi/scripts/lib/adapters/{codex,gemini,cursor,copilot,qwen}.mjs (per-CLI adapters)
• plugins/multi/scripts/multi-cli-companion.mjs (companion runtime + dispatch)

What I'd like you to do, @copilot

1. Read the linked release notes for each detected change above, plus the manual-reference changelogs.
2. Compare what changed against the relevant adapter / shared code in this repo. Look specifically for:
   • New ACP methods we should handle in acp-client.mjs's buildAutoApproveRequestHandler
   • Renamed / deprecated CLI flags or model IDs hardcoded in any adapter
   • New CLI capabilities that obsolete a workaround we currently ship (e.g., the Cursor 2026.04.17 regression workaround in cursor.mjs — check if a newer Cursor release fixes it, and if so, propose removing maybeWarnAboutCursorVersion and the allowlist-injection or scoping it tighter)
   • Breaking changes that would silently break the plugin
3. For each change that warrants action, open a focused PR against master with the minimal fix. Reference the upstream release / commit / forum thread in the PR description.
4. If a detected change does NOT need any plugin update, reply on this issue with a short note saying "no plugin updates needed for X — reason: …" and close it.
5. If something is ambiguous (you can't tell from release notes whether the plugin is affected), ask in a comment rather than guessing.

You may use ACP_TRACE=1 and the rest of the diagnostic patterns documented in plugins/multi/skills/customize/SKILL.md if you want to verify behavior empirically.

---

State tracked in .github/upstream-state.json — bumped by this same workflow. If you want to suppress a noisy upstream from this watch, edit .github/scripts/upstream-watch.mjs.

[hyshuaige]

good idea