Upstream changes detected: ACP spec, Gemini CLI, Codex CLI (App Server Protocol), GitHub Copilot CLI, Qwen Code

[github-actions]

This issue was opened automatically by upstream-watch.yml on 2026-06-01 because at least one upstream project this plugin depends on shipped a new release.

Detected changes

ACP spec — v0.13.3 → v0.13.5

• Release: v0.13.5 (published 2026-06-01)
• Why this matters for the plugin: Defines the JSON-RPC methods the plugin's acp-client.mjs implements. Spec changes can introduce new methods we should handle (e.g. terminal/*, session/request_permission, cursor/ask_question).

Release notes excerpt

Added

• (schema) Experiment annotating lenient deserialize opportunities (#1328)
• Stabilize additionalDirectories for sessions (#1327)
• (unstable) Remove unstable session model API (#1325)
• (unstable-v2) Remove dedicated session modes and models apis from v2 (#1324)
• (unstable) Add v2 enum extension RFD and fallbacks (#1304)

Other

• Move existing protocol docs to v1 (#1326)
• Add some draft v2 protocol docs and schema (#1306)

Gemini CLI — v0.43.0 → v0.44.1

• Release: Release v0.44.1 (published 2026-05-28)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/gemini.mjs. Watch for changes to ACP handshake, model alias resolution, MCP support, or new approval modes.

Release notes excerpt

What's Changed

• fix(patch): cherry-pick bd53951 to release/v0.44.0-pr-27496 [CONFLICTS] by @gemini-cli-robot in fix(patch): cherry-pick bd53951 to release/v0.44.0-pr-27496 [CONFLICTS] google-gemini/gemini-cli#27534
  Full Changelog: google-gemini/gemini-cli@v0.44.0...v0.44.1

Codex CLI (App Server Protocol) — rust-v0.133.0 → rust-v0.136.0

• Release: 0.136.0 (published 2026-06-01)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/codex.mjs and app-server.mjs. Watch for sandbox mode changes, new approval policies, or app-server protocol updates.

Release notes excerpt

New Features

• TUI markdown now keeps web links clickable with OSC 8 metadata, and cramped tables switch to readable key/value records without losing link targets. (#24472, #24636, #24825)
• Sessions can now be archived from the TUI with /archive or from the CLI with codex archive / codex unarchive; archived sessions are protected from resume/fork until restored. (#25027, #25021)
• App-server integrations can resume a thread with its initial turns page, see richer MCP server status, and launch stdio mode with codex app-server --stdio. (#23534, #24698, #24940)
• Remote execution setup now supports CODEX_API_KEY registration for approved OpenAI hosts, while remote-control websockets use short-lived server tokens instead of ChatGPT access tokens. (#24666, #24141)
• Windows admins get an alpha codex sandbox setup --elevated provisioning path, plus requirements support for allowed Windows sandbox implementations. (#24831, #23766)
• A feature-gated standalone image generation extension can run through the native Codex image artifact completion pipeline. (#24723, #24972)

Bug Fixes

• ChatGPT auth refreshes tokens before the five-minute expiry window and shows a relogin-required path for reused refresh tokens instead of collapsing into a generic cloud error. (#23546, #24830)
• Command-safety hardening prevents /diff from running repository-provided Git helpers/hooks, avoids PowerShell parser execution on non-Windows hosts, and rejects browser-origin exec-server websocket handshakes. (#24954, #24946, #24947)
• Sandboxed commands clean up more reliably after interruptions or denied Windows network attempts, and deny read rules stay enforced for safe-command and approval-bypass paths. (#22729, #19880, #23943)
• Resumed TUI sessions seed prompt history from the session transcript, multiline hook output renders as separate rows, and Vim normal-mode editing behaves correctly. (#24298, #24965, #25022)
• App-server filesystem watchers debounce later batches correctly, and standalone web search calls now show and restore completed search activity. (#24716, #24693)
• Bedrock auth now falls back to AWS_REGION / AWS_DEFAULT_REGION, and unsupported Bedrock GPT service tiers are no longer advertised or sent. (#25171, #25318)

Documentation

• Python SDK beta docs and package metadata now present the standard pip install openai-codex path, refreshed quickstarts, API reference, FAQ, and examples. (#24836, #24866, #24868, #24870)
• Python SDK examples and docs now use the public CodexConfig name for configuring Codex / AsyncCodex. (#24800)
• The bundled OpenAI Docs skill was updated with current Codex manual routing and a cached manual fetch helper. (#24914)
• Built-in tool schema descriptions now clarify defaults, optional fields, bounds, and enums across shell, Code Mode, MCP, image, goal, plan, multi-agent, and related tools. (#24794)
• App-server and exec-server docs now cover API-key remote registration, --stdio, runtime extra skill roots, and remote-control server-token behavior. (#24666, #24940, #24977, #24141)

Chores

• Python SDK releases can now be staged and published independently from runtime releases using python-v* tags while preserving the reviewed runtime dependency pin. (#24828, #24872)
• Updated MCP dependencies to rmcp 1.7.0 and refreshed compatibility code. (#24763)
• Refreshed Amazon Bedrock catalog metadata, including GPT-5.5, removal of unsupported OSS entries, and default-tier-only GPT model behavior. (#24701, #24960, #25318)
• Removed the stale app-server debug-client pieces and cleaned up the workspace after deletion. (#25063, #25064, #25065, #25066, #25067, #25068, #25069, #25070, #25075)
• Trimmed CI/build maintenance by moving Bazel Windows jobs to Codex runners, removing the libubsan workaround, and reverting the startup benchmark that broke musl builders. (#24952, #24782, #24937)

Changelog

Full Changelog: openai/codex@rust-v0.135.0...rust-v0.136.0

• #22729 fix(linux-sandbox): preserve shell cleanup on interruption @viyatb-oai
• #24472 feat(tui): add OSC 8 web links to rich content @fcoury-oai

…(release notes truncated; click the link above for the full text)

GitHub Copilot CLI — v1.0.54 → v1.0.57

• Release: 1.0.57 (published 2026-06-01)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/copilot.mjs. Watch for ACP changes, slash-command additions/removals, or auth flow changes.

Release notes excerpt

2026-06-01

• Actionable error message shown when GitHub API rate limit is hit during copilot update
• Plugin slash commands (/plugin install, uninstall, update, marketplace add/remove/browse) now show immediate feedback while the operation is in progress
• Canceling a running shell command (Ctrl+C on a !command, or aborting an agent command — including in sandboxed and background-promoted shells) now terminates the whole process tree instead of leaving orphaned processes running
• Canvas providers can return file:// URLs in open results for local file previews
• Symlinked directories appear in /cwd completion suggestions
• In Azure DevOps-only repositories, the built-in GitHub MCP server now exposes only the web_search tool instead of being fully disabled
• Quota footer shows remaining requests as a rounded percentage
• /lsp show, /lsp test, and /lsp reload correctly discover project LSP config when the CLI is launched from a subdirectory
• MCP server timeout configuration is preserved after tools list changes
• /skills add and /skills remove correctly handle paths wrapped in quotes (e.g., from Windows Explorer "Copy as path")
• Running copilot with an unquoted multi-word prompt now shows a helpful "quote your prompt" hint instead of a raw commander error
• Default networking transport is now HTTP/1.1, improving reliability on some network paths. Opt into HTTP/2 with COPILOT_ENABLE_HTTP2=1.
• Plugins auto-installed from repository settings no longer leak into user global config
• Grep tool correctly handles tsx and jsx as file type filters
• COPILOT_HOME is honored for the server discovery registry directory
• Click a diff line with the mouse to select it in diff mode
• Ctrl+C and other modified keys work correctly inside tmux
• @-mention file search matches files regardless of query letter casing
• copilot plugin marketplace list now honors repo-level extraKnownMarketplaces settings from .github/copilot/settings.json
• Queued prompts in the footer are capped to a single line, preventing them from pushing session messages off screen
• MCP servers configured with npx --registry are no longer incorrectly blocked by policy
• Session no longer hangs indefinitely after an error occurs during internal event processing
• Installed plugins no longer include the .git directory from the plugin source repository
• New reasoning after tool calls appears at the bottom of the timeline instead of above earlier output
• Pasting text copied from a browser, editor, or terminal no longer leaves a stray empty line, broken box-drawing lines, or a misplaced cursor in the prompt
• preToolUse hook errors now deny the tool call instead of silently allowing execution
• Session resume works correctly after a crash that left partial data in the session log
• High-contrast diff backgrounds use darker colors to improve text readability
• Add showTipsOnStartup setting to control whether startup tips are shown

…(release notes truncated; click the link above for the full text)

Qwen Code — v0.16.1 → v0.17.0

• Release: Release v0.17.0 (published 2026-05-29)
• Why this matters for the plugin: Drives plugins/multi/scripts/lib/adapters/qwen.mjs. Watch for ACP support changes (the --acp flag graduated from --experimental-acp recently).

Release notes excerpt

What's Changed

• fix(cli): surface startup warnings on stderr before TUI render (#4448) by @kagura-agent in fix(cli): surface startup warnings on stderr before TUI render (#4448) QwenLM/qwen-code#4461
• fix(telemetry): improve LogToSpan bridge error info and TUI handling by @doudouOUC in fix(telemetry): improve LogToSpan bridge error info and TUI handling QwenLM/qwen-code#4482
• feat(channels): add Feishu (Lark) channel adapter by @yuanyuanAli in feat(channels): add Feishu (Lark) channel adapter QwenLM/qwen-code#4379
• feat(telemetry): foundation for skill-based RT optimization (P0+P1) by @gwinthis in feat(telemetry): foundation for skill-based RT optimization (P0+P1) QwenLM/qwen-code#4565
• fix(cli): track model-sent slash command history by @yiliang114 in fix(cli): track model-sent slash command history QwenLM/qwen-code#3826
• feat(computer-use): zero-config built-in via open-computer-use MCP by @LaZzyMan in feat(computer-use): zero-config built-in via open-computer-use MCP QwenLM/qwen-code#4590
• refactor(core)!: replace tail-preservation compaction with summary + restoration attachments by @LaZzyMan in refactor(core)!: replace tail-preservation compaction with summary + restoration attachments QwenLM/qwen-code#4599
• Emit PermissionDenied hooks for AUTO classifier blocks by @qqqys in Emit PermissionDenied hooks for AUTO classifier blocks QwenLM/qwen-code#4376
• chore(release): v0.16.2 by @qwen-code-ci-bot in chore(release): v0.16.2 QwenLM/qwen-code#4571
• fix(core): use undici fetch for IDE proxy requests by @he-yufeng in fix(core): use undici fetch for IDE proxy requests QwenLM/qwen-code#4607
• fix(core,cli): label screenshot-triggered compaction accurately in the auto-compact notice by @LaZzyMan in fix(core,cli): label screenshot-triggered compaction accurately in the auto-compact notice QwenLM/qwen-code#4623

New Contributors

• @kagura-agent made their first contribution in fix(cli): surface startup warnings on stderr before TUI render (#4448) QwenLM/qwen-code#4461
• @yuanyuanAli made their first contribution in feat(channels): add Feishu (Lark) channel adapter QwenLM/qwen-code#4379
• @he-yufeng made their first contribution in fix(core): use undici fetch for IDE proxy requests QwenLM/qwen-code#4607
  Full Changelog: QwenLM/qwen-code@v0.16.2...v0.17.0

Also worth checking (manual — Copilot, please research these too)

• Cursor agent CLI — changelog: https://cursor.com/changelog · forum (bug reports): https://forum.cursor.com/c/bug-report/6
  • Drives plugins/multi/scripts/lib/adapters/cursor.mjs. The plugin currently works around the 2026.04.17-787b533 ACP regression (see maybeWarnAboutCursorVersion and ensureCursorAllowlist). When Cursor ships a fix, both workarounds can likely be simplified or removed.

Plugin files most likely to need updates

• plugins/multi/scripts/lib/acp-client.mjs (shared ACP JSON-RPC client; buildAutoApproveRequestHandler)
• plugins/multi/scripts/lib/acp-terminals.mjs (client-side terminal services)
• plugins/multi/scripts/lib/mcp-servers.mjs (MCP wiring for ACP session/new)
• plugins/multi/scripts/lib/adapters/{codex,gemini,cursor,copilot,qwen}.mjs (per-CLI adapters)
• plugins/multi/scripts/multi-cli-companion.mjs (companion runtime + dispatch)

What I'd like you to do, @copilot

1. Read the linked release notes for each detected change above, plus the manual-reference changelogs.
2. Compare what changed against the relevant adapter / shared code in this repo. Look specifically for:
   • New ACP methods we should handle in acp-client.mjs's buildAutoApproveRequestHandler
   • Renamed / deprecated CLI flags or model IDs hardcoded in any adapter
   • New CLI capabilities that obsolete a workaround we currently ship (e.g., the Cursor 2026.04.17 regression workaround in cursor.mjs — check if a newer Cursor release fixes it, and if so, propose removing maybeWarnAboutCursorVersion and the allowlist-injection or scoping it tighter)
   • Breaking changes that would silently break the plugin
3. For each change that warrants action, open a focused PR against master with the minimal fix. Reference the upstream release / commit / forum thread in the PR description.
4. If a detected change does NOT need any plugin update, reply on this issue with a short note saying "no plugin updates needed for X — reason: …" and close it.
5. If something is ambiguous (you can't tell from release notes whether the plugin is affected), ask in a comment rather than guessing.

You may use ACP_TRACE=1 and the rest of the diagnostic patterns documented in plugins/multi/skills/customize/SKILL.md if you want to verify behavior empirically.

---

State tracked in .github/upstream-state.json — bumped by this same workflow. If you want to suppress a noisy upstream from this watch, edit .github/scripts/upstream-watch.mjs.