chore: vscode 1.2.22

fix: redirect Winston logger to stderr to prevent IPC stream corruption + fix binary tests (#11914)

fix: redirect Winston logger to stderr to prevent IPC stream corruption + fix binary tests (#11914)

chore vscode 1.2.21

fix: remove Ollama template-based tool support gate (#11905) * fix: let explicit capabilities.tools override Ollama template tool detection The Ollama provider checks the model template from /api/show for a `.Tools` placeholder to decide whether to pass tools to the API. For newer models (e.g. qwen3.5) whose templates may not yet include `.Tools`, this silently strips tools from the request — even when the user explicitly sets `capabilities: tools: true` in config.yaml. Use nullish coalescing so an explicit capabilities.tools setting always wins, with the template heuristic as a fallback. * remove verbose comments * remove templateSupportsTools check; trust upstream tool support detection * fix: remove extra blank line to pass prettier check

fix: remove Ollama template-based tool support gate (#11905) * fix: let explicit capabilities.tools override Ollama template tool detection The Ollama provider checks the model template from /api/show for a `.Tools` placeholder to decide whether to pass tools to the API. For newer models (e.g. qwen3.5) whose templates may not yet include `.Tools`, this silently strips tools from the request — even when the user explicitly sets `capabilities: tools: true` in config.yaml. Use nullish coalescing so an explicit capabilities.tools setting always wins, with the template heuristic as a fallback. * remove verbose comments * remove templateSupportsTools check; trust upstream tool support detection * fix: remove extra blank line to pass prettier check

chore: v1.2.20 vs code

fix(intellij): handle square brackets in file paths for autocomplete (#11474) * fix(intellij): handle square brackets in file paths for autocomplete Use File.toURI() instead of URI constructor for Windows two-slash file:// URIs to properly percent-encode special characters like [ ]. Fixes #10978. * test(intellij): strengthen Windows URI assertions for bracket encoding Verify that square brackets are percent-encoded and drive letter and directory structure are preserved in parsed URI path. * fix(intellij): make Windows bracket test cross-platform The CI runs on Linux where C: is not a drive letter. Assert that brackets are encoded and structure is preserved without platform-specific path assumptions. * fix: use cross-platform URI constructor instead of File.toURI() File.toURI() is platform-dependent — on non-Windows hosts it treats Windows drive paths (e.g. C:/Users/...) as relative paths, producing corrupted URIs. The multi-arg URI(scheme, host, path, fragment) constructor is pure RFC 2396 string manipulation and works identically on all platforms. Also strengthens the Windows bracket test with exact equality assertions instead of loose contains/assertFalse checks. * chore: remove verbose comments for minimal diff --------- Co-authored-by: Dallin Romney <dallinromney@gmail.com>

fix(intellij): handle square brackets in file paths for autocomplete (#11474) * fix(intellij): handle square brackets in file paths for autocomplete Use File.toURI() instead of URI constructor for Windows two-slash file:// URIs to properly percent-encode special characters like [ ]. Fixes #10978. * test(intellij): strengthen Windows URI assertions for bracket encoding Verify that square brackets are percent-encoded and drive letter and directory structure are preserved in parsed URI path. * fix(intellij): make Windows bracket test cross-platform The CI runs on Linux where C: is not a drive letter. Assert that brackets are encoded and structure is preserved without platform-specific path assumptions. * fix: use cross-platform URI constructor instead of File.toURI() File.toURI() is platform-dependent — on non-Windows hosts it treats Windows drive paths (e.g. C:/Users/...) as relative paths, producing corrupted URIs. The multi-arg URI(scheme, host, path, fragment) constructor is pure RFC 2396 string manipulation and works identically on all platforms. Also strengthens the Windows bracket test with exact equality assertions instead of loose contains/assertFalse checks. * chore: remove verbose comments for minimal diff --------- Co-authored-by: Dallin Romney <dallinromney@gmail.com>

fix(intellij): handle square brackets in file paths for autocomplete (#11474) * fix(intellij): handle square brackets in file paths for autocomplete Use File.toURI() instead of URI constructor for Windows two-slash file:// URIs to properly percent-encode special characters like [ ]. Fixes #10978. * test(intellij): strengthen Windows URI assertions for bracket encoding Verify that square brackets are percent-encoded and drive letter and directory structure are preserved in parsed URI path. * fix(intellij): make Windows bracket test cross-platform The CI runs on Linux where C: is not a drive letter. Assert that brackets are encoded and structure is preserved without platform-specific path assumptions. * fix: use cross-platform URI constructor instead of File.toURI() File.toURI() is platform-dependent — on non-Windows hosts it treats Windows drive paths (e.g. C:/Users/...) as relative paths, producing corrupted URIs. The multi-arg URI(scheme, host, path, fragment) constructor is pure RFC 2396 string manipulation and works identically on all platforms. Also strengthens the Windows bracket test with exact equality assertions instead of loose contains/assertFalse checks. * chore: remove verbose comments for minimal diff --------- Co-authored-by: Dallin Romney <dallinromney@gmail.com>

fix: resolve critical and high security vulnerabilities (#11848) * fix: resolve critical and high security vulnerabilities across packages Bump vulnerable dependencies and remove unused `request` package to address ~351 of ~394 npm audit vulnerabilities reported by GitHub. * fix: handle nullable textContent from @mozilla/readability v0.6.0 readability.textContent can be undefined in v0.6.0, add nullish coalescing to satisfy ArticleComponent.body type constraint.

chore: vscode 1.2.19

fix: vLLM provider should respect user-configured contextLength and model (#11868) * fix: respect user-configured maxTokens and contextLength for autocomplete Two fixes for autocomplete's maxTokens not being respected (#6003): 1. vLLM provider: _setupCompletionOptions() unconditionally overwrote the user's contextLength and model with server-reported values. Now user-explicit settings take priority over auto-detected values. 2. Autocomplete pipeline: renderPromptWithTokenLimit() returned completionOptions without maxTokens, relying on an implicit merge deeper in the call stack. Now maxTokens is explicitly included in the returned completionOptions so the value flows through to the API request reliably. * remove verbose comments from Vllm provider * style: fix prettier formatting * fix: only set maxTokens when llm provides a value * remove defensive-only maxTokens pass-through from autocomplete pipeline

chore: vscode 1.2.18

fix: restrict terminal childProcess.spawn to local-only environments (#10538) fix: restrict childProcess.spawn to local-only environments childProcess.spawn executes on the extension host machine. With extensionKind: ["ui", "workspace"], the extension host almost always runs locally. For any remote workspace (SSH, WSL, Dev Container, Codespaces, tunnel), spawning locally either runs commands on the wrong machine or fails with ENOENT when the local shell doesn't exist in the extension host context. Replace ENABLED_FOR_REMOTES (which listed all remote types) with LOCAL_ONLY (just "" and "local"). All remote types now fall through to ide.runCommand() which delegates to VS Code's integrated terminal and executes in the correct remote environment. The isWindowsHostWithRemote guard is removed as it is now redundant — the platform-agnostic check handles all cases. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

fix: restrict terminal childProcess.spawn to local-only environments (#10538) fix: restrict childProcess.spawn to local-only environments childProcess.spawn executes on the extension host machine. With extensionKind: ["ui", "workspace"], the extension host almost always runs locally. For any remote workspace (SSH, WSL, Dev Container, Codespaces, tunnel), spawning locally either runs commands on the wrong machine or fails with ENOENT when the local shell doesn't exist in the extension host context. Replace ENABLED_FOR_REMOTES (which listed all remote types) with LOCAL_ONLY (just "" and "local"). All remote types now fall through to ide.runCommand() which delegates to VS Code's integrated terminal and executes in the correct remote environment. The isWindowsHostWithRemote guard is removed as it is now redundant — the platform-agnostic check handles all cases. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

chore: vscode 1.2.17

[Snyk] Security upgrade undici from 6.21.3 to 6.24.0 (#11397) * fix: extensions/vscode/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNDICI-15518061 - https://snyk.io/vuln/SNYK-JS-UNDICI-15518064 - https://snyk.io/vuln/SNYK-JS-UNDICI-15518068 - https://snyk.io/vuln/SNYK-JS-UNDICI-15518070 - https://snyk.io/vuln/SNYK-JS-UNDICI-15518072 * chore: undicci update --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Dallin Romney <dallinromney@gmail.com>

[Snyk] Security upgrade undici from 6.21.3 to 6.24.0 (#11397) * fix: extensions/vscode/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNDICI-15518061 - https://snyk.io/vuln/SNYK-JS-UNDICI-15518064 - https://snyk.io/vuln/SNYK-JS-UNDICI-15518068 - https://snyk.io/vuln/SNYK-JS-UNDICI-15518070 - https://snyk.io/vuln/SNYK-JS-UNDICI-15518072 * chore: undicci update --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Dallin Romney <dallinromney@gmail.com>

feat: add hooks system for CLI event interception (#11029) * feat: add hooks system for CLI event interception Adds a Claude Code-compatible hooks system that allows external handlers (shell commands, HTTP endpoints) to intercept and respond to CLI events. Supports 16 event types with regex-based matching, typed inputs/outputs, sync/async execution, and multi-source config merging. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: register HookService in service container The fireHook.ts module references services.hooks, which requires the HookService to be registered in the service container and exposed in the services object. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: resolve eslint errors in hooks files and services/index.ts Fix unused imports, import ordering, and negated condition lint errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: handle EPIPE errors on hook stdin writes When a hook command exits before we finish writing to stdin, an EPIPE error is emitted. Add an error handler to suppress it gracefully. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: skip hookRunner tests on Windows The hookRunner tests use /bin/sh syntax (>&2, single-quote echo, sleep) that is incompatible with Windows cmd.exe. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: address cubic review - utf8 encoding, regex, EPIPE handling - Use setEncoding("utf8") on stdout/stderr instead of data.toString() to prevent multi-byte character corruption at buffer boundaries - Fix env var interpolation regex to use alternation instead of independent optionals, preventing unbalanced brace matching - Only suppress EPIPE errors on stdin, log other errors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove AI slop from hookRunner.ts * Update AGENTS.md to document hooks system * Fix React hooks best practices in useService.ts * fix: correct indentation in useService.ts for prettier Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: remove invalid eslint-disable for react-hooks/exhaustive-deps The react-hooks eslint plugin is not configured in the CLI package, so the disable comment causes an eslint error. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: continue[bot] <230936708+continue[bot]@users.noreply.github.com>