v0.8.59: release tracker — TUI mouse-report leak, runtime safety, and current issue/PR queue

[Hmbown]

Goal

Ship v0.8.59 as a stabilization + maintainer-queue release after v0.8.58. The release must include the TUI mouse-report input leak fix observed on macOS, then triage the newly tagged maintainer-request PRs and issue mentions before cutting the release.

v0.8.58 release commit timestamp checked locally: 2026-06-10 23:06:44 -0700.

Release-blocking fix: raw SGR mouse reports leak into composer

Observed failure: the composer fills with raw mouse-coordinate tails such as:

;76;20M35;74;22M35;73;23M...

Likely root cause: the terminal/crossterm parser can consume the ESC[< prefix from SGR mouse reports and deliver only the coordinate tail as ordinary Char key events. The existing composer sanitizer stripped these sequences only when app.use_mouse_capture was true. That is not sufficient because a killed/crashed/orphaned TUI, focus recovery race, or host terminal bug can leave mouse-reporting mode active even when the next App instance did not request mouse capture.

Local patch exists on branch fix/tui-mouse-report-leak:

• crates/tui/src/tui/app.rs
• make strip_raw_mouse_reports_from_input() run defensively regardless of use_mouse_capture
• add regression tests for full SGR reports and tail-only bursts when mouse capture is disabled
• preserve normal coordinate-like text such as Size 12;34M

Acceptance:

• Land the fix/tui-mouse-report-leak patch or equivalent.
• Composer strips full SGR mouse fragments like [<35;44;18M even when use_mouse_capture = false.
• Composer strips tail-only leaked bursts like ;76;20M35;74;22M35;73;23M... even when use_mouse_capture = false.
• Composer keeps legitimate text like Size 12;34M.
• Add/keep tests covering composer_strips_* and composer_keeps_* cases.
• Verify cargo test -p codewhale-tui composer_strips.
• Verify cargo test -p codewhale-tui composer_keeps.
• Verify cargo build -p codewhale-tui and cargo fmt -p codewhale-tui --check.

New open issues since v0.8.58

• v0.8.57 fatal_bug_report_runtime_prompt_autonomous_loop #3061 v0.8.57 fatal_bug_report_runtime_prompt_autonomous_loop — safety/runtime bug; treat as release-blocking until explicitly fixed or deferred with rationale.
• land #3059 land — bug issue currently has template body only; needs title/body cleanup or closure as insufficient repro.
• Is it necessary to generate a .codewhale in every folder? #3058 Is it necessary to generate a .codewhale in every folder? — workspace hygiene enhancement; decide whether v0.8.59 should stop eager .codewhale creation or defer.

Maintainer review requests tagged for v0.8.59

Clean / likely mergeable after review:

• feat(i18n): localize ToolFamily labels (10 MessageIds) #2901 feat(i18n): localize ToolFamily labels (10 MessageIds) — CLEAN; contributor rebased and explicitly asked for merge.
• fix(tools): apply strict mode per schema #3062 fix(tools): apply strict mode per schema — CLEAN; likely related to v0.8.58: Tool-schema sanitization hardening — land sanitize_for_responses, per-tool strict mode, preserve dropped constraints #3017; review test caveats and merge if acceptable.
• feat(cli): track provider source and customize unsupported TUI errors #3011 feat(cli): track provider source and customize unsupported TUI errors — CLEAN.
• feat(config): implement verbosity settings with normal and concise modes #3052 feat(config): implement verbosity settings with normal and concise modes — CLEAN.
• docs(prompt): clarify Constitution trust framing #3008 docs(prompt): clarify Constitution trust framing — CLEAN.
• refactor(config): extract provider metadata into data-driven registry #3005 refactor(config): extract provider metadata into data-driven registry — CLEAN.
• feat(voice): add /voice slash command for speech-to-text input #3051 feat(voice): add /voice slash command for speech-to-text input — CLEAN; decide whether this belongs in a stabilization release or should wait.
• feat(tui): dispatch hotbar slots from number keys #3056 feat(tui): dispatch hotbar slots from number keys — CLEAN; decide whether this belongs in a stabilization release or should wait.

Blocked / needs owner action before merge:

• fix(update): detect legacy deepseek/deepseek-tui binary and print migration instructions #3013 fix(update): detect legacy deepseek/deepseek-tui binary and print migration instructions — BLOCKED.
• docs: add Upgrading from deepseek-tui section to README #3053 docs: add Upgrading from deepseek-tui section to README — BLOCKED.

Dependabot review requests tagged for v0.8.59:

• chore(deps): bump reqwest from 0.13.1 to 0.13.4 #3001 chore(deps): bump reqwest from 0.13.1 to 0.13.4 — CLEAN.
• chore(deps): bump rustls from 0.23.36 to 0.23.40 #3002 chore(deps): bump rustls from 0.23.36 to 0.23.40 — CLEAN.
• chore(deps): bump clap_complete from 4.5.65 to 4.6.5 #3003 chore/deps): bump clap_complete from 4.5.65 to 4.6.5 — CLEAN.

Mentioned issues and unread maintainer-attention threads tagged for v0.8.59

Already captured in the earlier mention sweep:

• Add to acp-registry #1447 Add to acp-registry — new concrete blocker: ACP registry requires authMethods with at least one agent or terminal; CodeWhale currently returns empty authMethods from crates/tui/src/acp_server.rs.
• SSE多智能体并行在windows11下依旧45s超时，并且还出现了UI错乱的问题 #1679 SSE多智能体并行在windows11下依旧45s超时，并且还出现了UI错乱的问题 — Windows sub-agent timeout/UI corruption; latest mention asks for compatibility around failed sub-agent handoff and /compact failing while a sub-agent is present.

Added from unread GitHub mention notifications on 2026-06-11:

• 如何强制让模型推理的时候是特定语言的思考链路，而不是默认英文。 #683 如何强制让模型推理的时候是特定语言的思考链路，而不是默认英文。
• Two issues occur during first-time initialization and configuration #759 Two issues occur during first-time initialization and configuration
• bug: thinking collapse - multiple root causes causing thinking blocks to freeze, truncate silently, or drop reasoning_content #861 bug: thinking collapse - multiple root causes causing thinking blocks to freeze, truncate silently, or drop reasoning_content
• Add vision_model registration & vision tools for image input support #868 Add vision_model registration & vision tools for image input support
• word wrap #963 word wrap
• 报错：Stream stalled: no data received for 90s, closing stream。 #1060 报错：Stream stalled: no data received for 90s, closing stream。
• Language has been configured to Chinese, but "thinking" outputs are still in English #1118 Language has been configured to Chinese, but "thinking" outputs are still in English
• There still seems to be some problems with cache hits缓存命中方面似乎还是有些问题 #1120 There still seems to be some problems with cache hits缓存命中方面似乎还是有些问题
• feat(execpolicy): add typed persistent permission rules #1186 feat(execpolicy): add typed persistent permission rules
• Always stuck, I don't know the status of task! #1190 Always stuck, I don't know the status of task!
• deepseek-linux-x64 0.8.28 火绒报告病毒：Trojan/Linux.Agent.bp #1422 deepseek-linux-x64 0.8.28 火绒报告病毒：Trojan/Linux.Agent.bp
• Proposal: universal PreToolUse/PostToolUse hook layer for Cancel/Pause/Resume across all action types #1917 Proposal: universal PreToolUse/PostToolUse hook layer for Cancel/Pause/Resume across all action types
• Clipboard copy silently fails on non-wlroots Wayland compositors (e.g. niri) / 在非 wlroots 的 Wayland 合成器上剪贴板复制静默失败 (e.g. niri) #1920 Clipboard copy silently fails on non-wlroots Wayland compositors (e.g. niri)
• Feature Request: Provider fallback chain — auto-switch on API failure #2574 Feature Request: Provider fallback chain — auto-switch on API failure
• UI refactor needed #2766 UI refactor needed
• Refactor command dispatch from monolithic match to modular strategy pattern #2791 Refactor command dispatch from monolithic match to modular strategy pattern

Left out of the v0.8.59 sweep because they are explicitly future-release or roadmap items already tied to v0.9.0: #471, #472, #473, #474, #475, #476, #477, #478, #479, #481, #534, and #582.

Older open PRs with recent activity to decide before release

• feat(prompt): exclude Calm personality overlay from default prompt path (#2953) #3010 feat(prompt): exclude Calm personality overlay from default prompt path (#2953) — DIRTY.
• feat(bench): improve cli-compare harness with real Harbor integration #3009 feat(bench): improve cli-compare harness with real Harbor integration — CLEAN, but not part of the maintainer-request sweep.

Suggested release policy

• Keep v0.8.59 focused: ship the TUI leak fix plus clean, review-requested PRs that are low-risk.
• Do not include dirty/blocked PRs unless their owners rebase and CI is green.
• Treat v0.8.57 fatal_bug_report_runtime_prompt_autonomous_loop #3061 as the main safety decision: either fix before release or explicitly split v0.8.59 into a TUI hotfix and schedule runtime-safety work immediately after.
• For feature-sized PRs (feat(voice): add /voice slash command for speech-to-text input #3051 voice, feat(tui): dispatch hotbar slots from number keys #3056 hotbar dispatch), make an explicit include/defer call instead of letting them drift in by label alone.

Notes

During local diagnosis, an orphaned /Users/hunter/.local/bin/codewhale-tui process was found under PID 5157 with revoked stdio and 100% CPU. That supports the defensive sanitizer change: terminal/reporting state can outlive the App state that originally enabled it.

[Hmbown]

Added to v0.8.59 after local TUI report on 2026-06-11:

• Provider switch to OpenRouter can drop Authorization header after MiMo session #3064 Provider switch to OpenRouter can drop Authorization header after MiMo session — switching from Xiaomi MiMo mimo-v2.5-pro to OpenRouter nemotron-3-ultra repeatedly fails with Authentication failed: Missing Authentication header; inspect provider-switch state propagation, OpenRouter api_key/header loading, and agent/background-task provider config paths.

[Hmbown]

Added #3098 as the promoted v0.8.59 execution roadmap. I also moved the open v0.8.60 issues into v0.8.59 and retitled the explicit v0.8.60 prefixes. The roadmap separates immediate reliability/TUI stabilization from provider/model metadata, context budgeting, sub-agent/headless workflow work, and docs/localization endcap, so agents have an execution order rather than a flat backlog.

[Hmbown]

v0.8.59 final-harvest progress update from scratch/v0.8.59-final-harvest:

• Closed already-covered release items after verification: v0.8.59: API-timeout interrupted sub-agents can leave fanout UI and task handles stuck running #3080, v0.8.59: Sub-agent fanout planning can leave the TUI stuck in provider wait with no backpressure or recovery #3095, v0.8.57 fatal_bug_report_runtime_prompt_autonomous_loop #3061, v0.8.59: Add prompt source map and context-usage report for rules, tools, memory, and skills #3143, v0.8.59: OpenRouter Nemotron preset uses invalid model ID #3094, Provider switch to OpenRouter can drop Authorization header after MiMo session #3064, OpenAI Codex/ChatGPT models need accurate context-window metadata and context pressure #3070, and PRs fix(tui): emit interrupted sub-agent lifecycle event and reconcile stale running cards (#3080) #3103, feat(tui): observable provider wait — route, idle budget, fanout preflight, incident log (#3095) #3104, feat(tui): queue interactive fanout launches behind a visible launch gate (#3095) #3106, feat(context): add prompt source map and context-usage report (#3143) #3150, fix(exec): resolve --model auto via DEEPSEEK_MODEL env and reorder ExecArgs #3148, fix(SSE): accept SSE data lines without space after colon #3152.
• Confirmed pr/0.8.59-mouse-leak has no remaining behavior to harvest beyond release commit e1a5f5c and existing sidebar context-menu tests; its old-base diff would regress live sidebar hover handling if applied wholesale.
• Added local commit 2d5f2d2 for Bug: MSBuild FileTracker Fails to Initialize — cmake --build Unusable in CodeWhale Shell #3147 and Bug:read_file panics on PDFs with non-Identity-H CMap fonts #3149: Windows shell child env now preserves/repairs CommonProgramFiles/CommonProgramW6432 variables, and PDF extraction panics are converted to tool errors in read_file/web_run.

Verification run includes full cargo test -p codewhale-tui (4551 passed, 4 ignored, plus integration suites), cargo build -p codewhale-tui, doctor --context-json JSON smoke, and focused tests listed on #3147/#3149.

Remaining release hygiene: cargo fmt --all -- --check fails on pre-existing formatting outside the local fix commit, so I left the broad fmt-only churn out of 2d5f2d2.

[Hmbown]

Release-finishing update: the final-harvest scratch branch has been published as origin/scratch/v0.8.59-final-harvest. It is one commit ahead of origin/codex/v0.8.59-release-ready with 2d5f2d23 (fix(release): harden Windows shell env and PDF extraction), covering the MSBuild FileTracker environment issue (#3147) and PDF non-Identity-H CMap panic guard (#3149). Mouse/sidebar leak issues #3065, #3067, and #3088 were verified already covered on the release branch and closed after focused tests.

[Hmbown]

Release update: opened #3176 targeting codex/v0.8.59-release-ready. It contains two narrow release-stability commits: a0724bc5 for #3147/#3149 and d921b567 for the Ghostty low-motion/fancy-animation guard (#1556). Verification now includes focused Ghostty/settings/config tests, focused PDF/env tests, cargo build -p codewhale-tui, git diff --check, and full cargo test -p codewhale-tui.

[Hmbown]

#3176 is merged into codex/v0.8.59-release-ready at 62e7f0e6. I closed #3147, #3149, and #1556 as landed. The release branch now has the final-harvest Windows/PDF fixes plus the Ghostty low-motion guard that prevents /config fancy_animations true from re-enabling the water strip in Ghostty.