Skip to content

v2.0.0

Latest

Choose a tag to compare

@cuiyuebing cuiyuebing released this 10 Jul 11:34
d0b9194

What's Changed

✨ Added

Core Architecture

  • Runtime 2.0: Refactor the kernel based on AgentScope 2.0 (#5078, #4846, #5018, #5552)
  • Agent OS Driver: Unified management of MCP/A2A/ACP connections, encrypted credential storage, and per-call approval policy (#5067)
  • Loop Engineering: New Loop gate design with three Loop templates: Normal Mode / Mission Mode / Goal Mode (#5665, #5727)
  • Governance & Sandbox: Policy engine with allow/deny/ask rules, ToolGuard detectors merged into a single policy evaluation path, and a generalized governance pattern for plugins (#5088, #5546, #5301)

Context Management

  • Scroll Context: SQLite-backed working history (history.db) with FTS5 full-text search, eviction index, turn-level persistence, and a sandboxed recall_history_python REPL for on-demand recall of older turns. 30-day default retention, auto-imports existing sessions on startup (#5321)
  • Native Compression: Refactor using AgentScope 2.0's built-in context compression strategy (#5309)

Long-term Memory

  • ReMe v0.4.0 backend: Replace the in-house memory runtime with ReMe v0.4.0 — vector store, auto-tracking, and retrieval are now handled by the ReMe v0.4.0 library (#5349)
  • Turn-based tracking: Memory writes now happen per-turn via middleware, no longer tied to session close (#5540)
  • Usage-aware search: Memory search now considers recency and frequency; backend-specific embedding model selection added to config UI (#5820)
  • ADBPG REST mode: ADBPG memory backend switched to REST-only, with auto search (#5296)
  • Search UI simplification: Cleaner memory search display, metadata fields reduced to essentials (#5482)
  • 'none' backend: Config option to fully disable the memory system for lightweight deployments (#5732)

Terminal UI (TUI)

  • Full-screen TUI: A textual-based terminal chat app (qwenpaw tui) — streaming output, tool-call rendering, status bar, and session management all in the terminal (#5032)
  • Project-scoped sessions: TUI can launch a Coding Mode session scoped to a specific project directory (#5448)
  • Context-usage bar: Live token/context usage indicator in the TUI status bar (#5673)
  • ACP commands in TUI: /approve, /deny inline approval commands + transcript panel improvements (#5443, #5714)

Console & UI

  • Approval card: Larger action buttons, clearer diff preview, one-click approve/deny (#5855)
  • Long text upload: Paste or upload large text blocks directly into the chat input (#5854)
  • Session-level tool approval: Override global tool policy per session (#5685, #5832)
  • Non-owner banner: Show "view-only" banner when viewing someone else's session tab (#5664)
  • Mobile layouts: Responsive CSS + drawer-based navigation for all console pages (#5444#5470)
  • Tools page split view: Enabled vs. available tools shown in separate columns; per-tool config-aware toggle (#5509, #5604)
  • Skill market improvements: Star/download counts, enabled/disabled split, auto-sync from CDN (#5521, #5706, #5639)
  • Channels page dual layout: Enabled channels on top, available below (#5504)
  • Coding Mode 50/50 split: Chat panel takes half the viewport (#5473)
  • Hidden folders in project browser: . prefixed directories now selectable (#5828)
  • Session drawer: Date-grouped sessions with inline search (#5728)
  • Token usage popover: Ring chart showing token/context usage per turn, restored for Runtime 2.0 (#5493, #5544)
  • Inbox filters: Filter push notifications by source type (#5522)
  • Message anchors: Jump-to-message navigator for user turns (#5515)
  • Request timeout: Configurable HTTP timeout + AbortSignal propagation for backend calls (#5764)

Model Providers

  • OpenAI Response API: New provider for the OpenAI Response API format (#5519)
  • DashScope updates: Qwen3.7 + DeepSeek V4 added to built-in model list; extra_body passthrough for generate_kwargs; per-model thinking relay toggle (#5646, #5491, #5687, #5730)
  • GitHub Models: Migrate to new API endpoint; support fine-grained PATs (#5735)
  • Telegram custom base URL: api_base_url config for self-hosted Telegram Bot API servers (#5651)

Channels

  • Matrix streaming: Edit-in-place streaming, no longer sends a new message per chunk (#5585)
  • Plugin-registered channels: Plugins can register custom channel types with a JSON schema that auto-generates config UI (#4693)
  • Per-channel debounce toggle: no_text_debounce flag so fast channels don't batch messages (#5617)
  • Slack: Full channel implementation with multimodal attachments, thread replies, and streaming (#5193)
  • DingTalk private deploy: api_endpoint config for on-prem DingTalk instances (#5111)
  • Azure Bot channel: Azure Bot channel added as a plugin, with i18n/custom-icon/doc_url support for plugin channels (#5849)
  • Discord attachments: Download to local media_dir, serve via static file route (#5468)

Desktop

  • Tauri migration: Desktop build moved from Electron to Tauri — smaller binary, native webview, NSIS installer on Windows (#5734, #4669, #4041)
  • Bundled ACP runtime: Node.js runtime + ACP modules ship inside the desktop package for out-of-box agent communication (#5814, #5794)
  • DevTools gesture: 8× logo click opens Chromium DevTools for debugging (#5805)

Security & Sandbox

  • Windows AppContainer sandbox: Code execution isolated via Windows native AppContainer API (#5525)
  • Linux bubblewrap sandbox: Mount namespace isolation via bwrap for Linux code execution (#5310)
  • Cron tool-safety toggle: Per-job flag to require/skip tool approval for scheduled tasks (#5847)
  • Dangerous command detection: ToolGuard detects find -delete and similar destructive shell patterns (#5843)
  • Access policy: Declarative allow/deny/ask rules evaluated per capability call

Plugins

  • AgentScope middleware hooks: Plugins can register AgentScope-compatible middleware with semver versioning (#5221)
  • Version-gated catalog: Plugin market and CDN only show plugins compatible with the running QwenPaw version (#5661)
  • Lifecycle hooks: on_uninstall hook, validator fixes, and public skill-provider API for plugin authors (#5008)

Tools

  • web_search and web_fetch: Built-in web search and fetch tools with product identity (#5890)
  • grep_search show_file option: Add show_file flag to display matched file content (#5840)
  • Tool error passthrough: Tool result error state forwarded to frontend for better UX (#5912)

CLI

  • cron update: Edit schedule/prompt/config of existing cron jobs without delete+recreate (#5210)

Observability

  • Langfuse 2.0: Trace grouping restored via hook integration; each agent loop is a Langfuse generation span (#5511)

🔄 Changed

  • relay_reasoning: preserve_thinking renamed to relay_reasoning; defaults to off for DashScope to avoid duplicate reasoning in output (#5876)
  • Rate limiting: Multi-dimensional (IP + user + endpoint) rate limiting with configurable windows (#5738)
  • Memory lifecycle: /compact command reworked; new /system_prompt command; search state simplified to avoid stale embeddings (#5450, #5815)
  • SessionItem component: All session renderers consolidated into one SessionItem component (#5754)
  • Skill UI: SkillPool/SkillMarket components refactored; removed dead CSS (#5753, #5532)
  • Plan Mode removed: Agent config no longer includes plan_mode; UI references cleaned up (#5605, #5618)
  • Plugin version retention: Old plugin versions kept on disk after update; failed-load state cleaned up on next boot (#5695)

🐛 Fixed

Context & Memory

  • Eviction no longer removes the active turn; graduated pressure relief prevents OOM on large tool outputs (#5765)
  • Live turn anchored with a seam banner so the model knows where eviction ends (#5871)
  • Evicted spans without headlines now get auto-generated labels in the index (#5848)
  • Strip headline markers from HTTP history path (#5672)
  • Adjust system prompt wording to stop the model from writing every observation to memory (#5629)
  • Truncate oversized tool results before context insertion to prevent token overflow (#5510)

Providers & Tool Schemas

  • OpenAI Responses API formatting and reasoning_content compatibility fixed (#5920)
  • Responses API function_call names preserved correctly (#5913)
  • Fix reasoning_content alignment by improving base formatter drop prediction (#5865)
  • Fix provider-aware context threshold display (#5902)
  • Retry on OpenAI streaming errors that include a body status code (#5799)
  • Restore OpenRouter OAuth route accidentally dropped during Runtime 2.0 migration (#5806)
  • reasoning_content field errors in streaming no longer crash the response (#5582)
  • Tool schema sanitization: nullable fields, Gemini const, standalone type:null all handled (#5549, #5827, #5545)
  • Inline $ref/$defs for GLM models that don't support JSON Schema references (#5496)
  • Normalize MCP tool names for OpenAI API compliance; gracefully decode malformed tool input JSON (#5485, #5486)
  • Empty api_domain or missing proto descriptors no longer cause hard crashes on Yuanbao (#5804)
  • Only actually configured providers count toward the "online" indicator (#5537)
  • Gemini format_tools override to match their expected schema format (#5517)

Runtime & Agents

  • Interrupted turns now persist their partial state; empty cancel messages suppressed (#5838)
  • cancel_envelope properly yielded on task cancellation (#5674)
  • Workspace prompt files (.qwenpaw.md) and skill injection restored in system prompt assembly (#5396, #5680)
  • Remove stale language arg from memory section call (#5803)
  • spawn_subagent works again under Runtime 2.0 (#5660)
  • Using project_dir without coding_mode enabled no longer silently proceeds (#5640)
  • Self-paired tool messages (call + result from same turn) no longer dropped during message sanitation (#5792)
  • SSE envelope events aligned with v1 protocol format for backward compat (#5495)
  • Windows backslash paths converted to file:// URLs; reverse parsing fixed (#5635)
  • Handle TextBlock objects in offload_tool_result (#5831)
  • Leading whitespace before JSON objects no longer breaks parsing (#5766, #5841)
  • Content-safety image rejections no longer treated as "model can't do images" (#5533)
  • Loop gate state reset on new user turn; peer-reset on continuation (#5916)
  • Error envelope uses structured Error object for frontend SDK compatibility (#5905)
  • /stop isolated by user_id to prevent cross-user task cancellation (#5883)

Desktop

  • Python runtime download pinned to exact release URL (#5875)
  • Plugin dep install no longer cascades into a storm of concurrent pip processes (#5570)
  • Linux browser detection handles env-wrapped Exec lines in .desktop files (#5526)
  • PyInstaller spec and Tauri config fixed for release packaging (#5518)
  • Desktop screenshot tool now allowed in workspace governance (#5641)

TUI

  • Fix CJK/IME composition on macOS/Linux (#5671)
  • Improve approvals and warmup sessions (#5892)

Console & Chat

  • Fix rootSessionId assignment in approval request routing (#5886)
  • Mobile chat history drawer renders sessions correctly (#5744)
  • Remove white-space: pre-wrap from message bubbles (caused double line breaks) (#5596)
  • Preserve Markdown newlines in assistant messages (#5538)
  • Route plugin market detail links through the link guard (#5750)
  • Show stream completion timestamp (#5742)
  • Timestamp always visible; fix double /api prefix in fetch URLs (#5802)
  • Fix MCP access policy page layout (#5213)
  • Push tool-guard approval notifications to IM channels (#5601)
  • Plugin market compatibility labels now display correctly (#5926)
  • Auto-enable preview mode for image files in coding session (#5878)

MCP

  • Fix runtime approval level not properly propagated (#5864)
  • Invalid MCP server configs in agent.json no longer crash agent startup (#5755)

Channels

  • Split multi-segment streaming replies into separate message boxes (#5487)
  • Streaming end event uses event content as text (#5553)
  • Channel instance passed directly to notification path
  • Matrix encrypted media downloaded via nio library (#5059)
  • WeCom QR code URL extraction fixed (#5460)
  • DingTalk delivery failures now surfaced to the user (#5654)
  • Matrix token login failure due to duplicate auth parameters (#5873)
  • Telegram typing indicator fires before consume (#5700)

Cron

  • Run timestamps stored in the job's configured timezone (#5783)
  • Cron sessions properly isolated (#5494)
  • Sanitize malformed tool_call entries in cron history on load (#5475)
  • Heartbeat timeout now configurable (#5557)
  • Enabled cron jobs can be edited/deleted from the UI (#5483)

Security & Governance

  • Fix OFF mode incorrectly triggering approval popups (#5623)
  • Strict mode properly overrides ALLOW rules (#5682)
  • External runner hard-block policy strengthened (#5642)
  • Pet plugin approval hook was missing the scope param (#5830)
  • Split rm detection/extraction to prevent ${HOME} bypass (#5866)
  • macOS sandbox config had a missing closing bracket (#5454)

Memory

  • Heartbeat/cron requests skip auto-memory and search (#5592)

Workspace & Tools

  • Workspace detectors cache key updated (#5500)
  • Fix Playwright memory leak (#5686)
  • Skill market install queue cleared between installs (#5650)

Packaging & CI

  • Add project.urls to pyproject.toml for GitHub dependency graph (#5839)
  • ACP version pinned to 0.3.x (#5798)
  • Empty extra_flags expansion guarded for bash 3.2 on macOS (#5743)
  • Dead bootstrap step removed from Tauri CI (#5578)
  • supervisord restart limit added (#5613)

⚡ Performance

  • SidebarSessionList virtualized (react-window); polling deduplicated; date formatting cached (#5643)
  • Session switching no longer flashes blank; queue alert flicker resolved (#5559, #5683)
  • Shutdown tasks parallelized — close time cut by ~40% (#5469)
  • send_file_to_user caps file size to prevent memory spikes on large attachments (#5457)

🏗️ Infrastructure

  • Desktop verification extracted into reusable composite GitHub Actions (#5681)
  • Docker init: true added to prevent zombie accumulation (#5649)
  • QwenPaw review bot auto-comments on PRs with lint/style findings (#5736)
  • Windows nightly CI HTTP timeout raised; per-test hang safeguard added (#5627)

🧪 Testing

  • Crons module: 51 unit tests covering scheduling, execution, history (#5423)
  • Chats module: 38 unit tests for session CRUD and message handling (#5422)
  • Frontend M2: Stores + Hooks + Control page component tests (#5409)
  • Frontend M3-A: Agent hooks + Settings page tests (#5434)
  • Frontend M3-B: Inbox + API module tests (#5438)
  • E2E adapted for AgentScope 2.0 (#5542)
  • Desktop e2e verification added to release workflow (#5428)
  • Integration tests parallelized via pytest-xdist; coverage gate hardened (#5531)
  • Channels module unit tests (#5812)
  • Approvals module unit tests (#5811)
  • Inbox module unit tests (#5809)
  • Console contract-guard tests for 12 API modules (#5807)
  • Console hooks + stores unit tests (#5808)
  • Large session regression tests (#5810)
  • Integration tests: Sprint 4.1 covering /api/tool-calls/* + /api/console/chat/task (#5895)
  • Flaky test stabilization: retry decorators, dead /api/agent endpoint removed (#5507)

📖 Docs

  • Architecture page added (en + zh) explaining Runtime, Driver, Workspace layers (#5653)
  • TUI documentation page (#5644)
  • Security docs: Sandbox and Access Policy sections (#5621, #5678)
  • Context management rewritten around scroll + episodic memory model (#5614, #5631)
  • v1→v2 migration guide for plugin authors (#5752)
  • Roadmap and general docs updated for 2.0 (#5610, #5461)
  • HiClaw renamed to AgentTeams in all practice guides (#5636)
  • Blog section + SEO improvements on the website (#5697)
  • Langfuse docker deployment docs updated (#5380)
  • Whisper installation notes added to console docs (#5924)
  • Multi-language "tools" translations aligned (#5516)

New Contributors

Full Changelog: v1.1.12.post3...v2.0.0