v2.4.2

Stability: an unexpected error no longer crashes Codeep to a garbled terminal — it's logged, your conversation is saved, and recoverable background errors keep the session alive. Also fixes codeep account occasionally linking without storing the sync token.

Fixed

• Crash resilience — added global uncaughtException / unhandledRejection
  handlers. A stray throw deep in the agent loop used to kill the process with the
  terminal still in raw mode + alternate screen (leaving your shell garbled), or
  vanish silently. Now an uncaught exception restores the terminal, logs the cause,
  and best-effort saves the conversation before exiting; an unhandled promise
  rejection (e.g. a failed background sync) surfaces as a warning and keeps the TUI
  running instead of tearing it down.
• codeep account sync token — account linking now waits for the sync token
  before completing. The server could briefly report the login authorized before
  the token was issued, so the CLI linked the account but stored no token, leaving
  codeep account sync failing with "Not linked to codeep.dev". Pairs with the
  matching codeep.dev fix.

v2.4.1

MiniMax M3: the new MiniMax flagship replaces M2.7 across all three MiniMax providers (subscription, pay-per-use, China), with updated pricing and context window so cost tracking stays accurate.

Changed

• MiniMax M3 (MiniMax-M3) replaces MiniMax-M2.7 as the model + default for
  the minimax, minimax-api, and minimax-cn providers. Pricing updated to the
  standard rate $0.60 / $2.40 per 1M tokens (input / output) and context window
  to 512K, so /cost and the dashboard bill it correctly. The native macOS / iOS
  apps get the same update via the shared CodeepCore catalog.
• README provider list is now generic (model families, not pinned versions) —
  it no longer needs editing every time a provider ships a new model.

v2.4.0

New models (Claude Opus 4.8, Gemini 3.5 Flash) plus a better local-model experience: browse a curated catalog of coding models, remove models, and see on-disk sizes — all from /model.

Added

• Claude Opus 4.8 — added to the Anthropic provider and set as the new
  default model. Pricing: $5 / $25 per 1M tokens (input / output), 1M context.
• Gemini 3.5 Flash (gemini-3.5-flash) — replaces the preview Flash in the
  Google provider list. Pricing: $1.50 / $9.00 per 1M tokens, 1M context.
• /model browse (Ollama) — a curated catalog of recommended local coding
  models (Qwen2.5 Coder, DeepSeek Coder V2, Llama 3.1, DeepSeek R1, …) with
  parameter sizes, rough VRAM, and an agent-mode suitability hint. Pick one to
  pull it. Mirrors the MCP/skills catalog pattern.
• /model rm <name> (Ollama) — remove a locally-installed model to reclaim
  disk, without leaving Codeep. Remote-server guard like /model pull.
• On-disk size in /model picker — the Ollama model list now shows each
  model's size on disk alongside the agent-mode hint.
• Native Ollama API (beta, opt-in) — set Ollama Native API (beta) → On
  in /settings to route Ollama through its native /api/chat endpoint instead
  of the OpenAI-compatible /v1 shim. Honors num_ctx (the model uses its
  full context window instead of Ollama's small default) and keep_alive
  (keeps the model resident, avoiding reload latency every turn). Tunable via
  ollamaKeepAlive (default 30m) and ollamaNumCtx (0 = auto-detect via
  /api/show). Off by default — existing transport unchanged unless you opt
  in. Verified against Ollama 0.24 (chat, streaming, usage, native tool calls);
  marked beta while it gets coverage across more models and longer sessions.
  Please report issues at https://github.com/VladoIvankovic/Codeep/issues —
  feedback decides when it becomes the default.

Notes

• Pricing tables (/cost, dashboard) updated so the new models bill at the
  right rates. Previous models (Opus 4.7 / 4.6, Flash preview) stay listed for
  back-compat. VS Code/Zed inherit the new catalog automatically over ACP; the
  native macOS / iOS apps get the same update via the shared CodeepCore catalog.
• /model browse and /model rm shell out to the local ollama binary, so
  they only run when Ollama is local (remote servers get an SSH hint instead).

v2.3.1

Profile sync everywhere: codeep account sync/push now carry your user profile too, and a new /me sync pushes it from any surface.

Fixed

• codeep account sync / account push now include your user profile. They
  synced keys + personalities + commands but skipped ~/.codeep/profile.md;
  now the profile rides along (additive pull — never clobbers a local profile).

Added

• /me sync — push your profile to the dashboard (and additive-pull) right
  from the profile command, reachable on every surface (TUI, ACP/Zed, and the
  VS Code chat).

v2.3.0

Codeep gets personal and gains a team: a user profile (/me) makes it adapt to you across every surface, and multi-agent delegation lets it hand self-contained sub-tasks to specialist sub-agents that run in their own context.

Added — Personalization

• User profile (/me). A durable, human-readable description of you, injected
  into the agent's system prompt on every run so it adapts to how you work
  without you repeating yourself. Two scopes: global ~/.codeep/profile.md
  (reply language, response style, default stack, universal "always / never")
  and project .codeep/profile.md (your role, goals, constraints for this repo).
  Manage with /me, /me init [project], and /me on / /me off. Flows to
  every surface because they share the same files.
• Opt-in profile auto-learn. /me learn on lets Codeep quietly extract your
  durable preferences from sessions — one cheap, throttled LLM pass at session
  save — and merge them into a separate profile.learned.md (global + project),
  kept apart from your hand-written file so it's never clobbered. /me learn
  runs it once on demand, /me learn project scopes to this repo, /me forget
  clears it. Off by default; gated by autoLearnProfile.
• Profile sync. codeep account sync pushes your global profile.md to the
  codeep.dev dashboard (where it's editable) and pulls it to new machines. Pull
  is additive — a web edit never overwrites an existing local profile.
• /me in ACP. Zed, VS Code, and any ACP client can view and manage the
  profile, not just the terminal.

Added — Multi-agent delegation

• Sub-agents + the delegate tool. The agent can delegate a self-contained
  sub-task to a specialist that runs in its OWN fresh context window and returns
  only a summary — so the main context stays small and each sub-task runs with a
  tuned persona and a scoped toolset. Four built-ins: planner (read-only
  planning), researcher (read-only explorer), reviewer (read-only senior
  review), tester (writes + runs tests). Run /agents to list them.
• Custom sub-agents. Define your own with a frontmatter .md in
  .codeep/agents/<name>.md (project) or ~/.codeep/agents/ (global): name,
  description, a tools allowlist, optional model override, personality
  preset, and maxIterations budget. Mirrors the personalities/skills pattern.
• Auto-review pipeline. Enable Agent Auto-Review (agentAutoReview, off
  by default) and after any run that changes files, Codeep automatically
  delegates to the reviewer and appends its findings — a review stage that
  always happens, without relying on the model to self-delegate one.
• /agents surfaced in the TUI and ACP (Zed / VS Code).

Notes

• Profile is local-first and opt-in: injection is gated by userProfile (default
  on), auto-learn by autoLearnProfile (default off). Nothing reaches the
  dashboard unless you run codeep account sync.
• Sub-agent tool scoping is enforced at dispatch — a researcher can't write
  files even if it tries. Sub-agents inherit your profile, project rules, and
  permission prompts, and their file changes are covered by /undo (they record
  into the parent's session). Delegation depth is capped at 1; model overrides
  are sequential-safe.

v2.1.4

Long agent runs no longer silently forget how they started — when prior chat history overflows the context budget, the dropped older messages are summarized instead of just truncated. Plus a command-whitelist hardening.

Security

• Inline code execution is blocked in agent mode. The command whitelist
  allowed interpreters like node/python/php, but their eval flags
  (node -e, python -c, php -r, deno eval, …) turned a whitelisted
  runtime into arbitrary code execution. Those flags are now rejected (including
  combined short clusters like -pe). Running a file (node app.js,
  python script.py) is unaffected. Defense-in-depth — the manual-mode
  permission prompt is still the primary gate.

Added

• Auto-summarized history. When the prior conversation exceeds the agent's
  context budget, Codeep now condenses the dropped (oldest) messages into a
  short recap — preserving early decisions, constraints, and unfinished threads
  — and injects it before the recent verbatim history. Previously those older
  messages were silently truncated. The recap is one cheap LLM call, made only
  on overflow and cached per session. Opt out with
  autoSummarizeHistory: false (falls back to plain truncation, no extra call).

v2.1.3

Security hardening: project hooks now require trust before they run, the web-fetch tool blocks internal/metadata addresses, and usage stats are sent with your sync token.

Security

• Hooks now require trust-on-first-use. Project-local .codeep/hooks/* run
  arbitrary shell, so a freshly-cloned repo could previously execute its scripts
  on your first tool call. Hooks in an unapproved workspace are now skipped
  until you run /hooks trust (revoke with /hooks untrust). /hooks and the
  welcome banner show the trust state. Your own already-set-up projects just need
  a one-time /hooks trust.
• SSRF guard on the fetch_url web tool. The agent can no longer be steered
  (e.g. via prompt injection) into fetching localhost, private/RFC1918, or
  link-local addresses — including the cloud metadata endpoint
  169.254.169.254. Only http/https are allowed, on the initial request and
  redirects. Your configured provider endpoints (Ollama, custom vLLM/Tailscale)
  are unaffected — they don't go through this tool.

Changed

• Stats reporting now sends the x-sync-token header. The dashboard derives
  your GitHub id from the token instead of trusting the githubId in the request
  body, closing a spoofing gap where anyone could forge usage events (or unarchive
  projects) for another user. Stats keep working on older CLIs — they're just
  recorded anonymously until you upgrade. No behavior change for you locally.

v2.1.2

ACP server enhancements that power the new Codeep VS Code 2.2 features — editor clients can now list models per provider and pin a provider, model, or custom endpoint over the protocol.

Added

• session/list_providers now returns model metadata — each provider
  carries its models (id + name), defaultModel, and a dynamicModels
  flag. Lets ACP clients (the VS Code model picker, Zed) build a provider →
  model selector without hardcoding a catalog. Backward-compatible: older
  clients ignore the extra fields.
• New session/set_config_option ids: provider and customBaseUrl.
  provider switches the active provider (and picks its default model +
  protocol); customBaseUrl sets the base URL for the custom
  (OpenAI-compatible) provider. These let editor settings drive provider /
  model / endpoint without hand-editing ~/.codeep/config.json.

Notes

• Pure additive ACP surface — no behavior change for the TUI or existing
  clients. The Codeep VS Code extension 2.2.0 builds on these.

v2.1.1

Codeep now works with any OpenAI-compatible endpoint — vLLM, LiteLLM, LM Studio, text-generation-webui. New "Custom (OpenAI-compatible)" provider with a configurable base URL, plus support for the standard OPENAI_BASE_URL env var. Fixes #1.

Added

• Custom (OpenAI-compatible) provider. Point Codeep at any self-hosted
  or proxied OpenAI-compatible server (vLLM, LiteLLM, LM Studio,
  text-generation-webui). Pick Custom (OpenAI-compatible) in the welcome
  flow or /provider, set the endpoint under /settings → Custom Base URL
  (config key customBaseUrl, e.g. http://host:8000/v1), then choose your
  model with /model (fetched live from the server's /models endpoint).
  No API key required; set one only if your endpoint enforces it.
• OPENAI_BASE_URL env var. The openai provider now honors
  OPENAI_BASE_URL (OpenAI-SDK convention), so an OpenAI-compatible proxy
  serving gpt-* model names works with zero config changes.

Fixed

• Custom base URLs were silently ignored for every provider except Ollama —
  requests always went to api.openai.com, and an unknown model fell back to
  the default. Base-URL resolution is now centralized (resolveBaseUrl) and
  applied consistently across every path — chat, agent (TUI + ACP/editor),
  /plan task planning, and API-key validation. (#1)
• Welcome flow no longer forces an API-key prompt for keyless providers
  (Ollama, Custom) — selecting one proceeds straight into the app.
• Test isolation: customCommands tests now run against an isolated HOME so a
  developer's global ~/.codeep/commands can't make the suite non-deterministic.

v2.1.0

Session memory: /recall <query> searches across all your saved sessions, --resume jumps straight back into the best match, --summarize asks the LLM what you accomplished, and sessions now get readable AI-generated titles instead of truncated first messages.

Added — /recall cross-session search

• /recall <query> scans every saved session in the active scope
  (project .codeep/sessions/ when in a project, else global
  ~/.codeep/sessions/), matches with AND semantics (every query term
  must appear), and ranks results by term-hit count plus a recency
  boost. Each result shows a context snippet and the session name.
• /recall <query> --resume loads the top-matching session
  directly into the current conversation — skips the list + /sessions
  picker dance. (TUI only; ACP shows results since it can't swap the
  client's conversation in place.)
• /recall <query> --summarize reads the matching sessions and
  returns a short LLM recap of what you actually accomplished across
  them — "ask your history a question". Works in TUI + ACP.
• No new dependency: in-memory JSON scan, fast for the realistic
  tens-to-hundreds-of-sessions case.

Added — portable personal config sync

• Personalities and custom commands now sync across your machines
  via codeep account sync (pull) and codeep account push. Global
  ones (~/.codeep/personalities/*.md, ~/.codeep/commands/*.md)
  travel with your account alongside API keys and profiles — set up a
  senior-reviewer personality or a /deploy command once, get it
  everywhere. New endpoints /api/personalities + /api/commands,
  new DB tables user_personalities + user_commands.
• Additive merge, never destructive: pull only writes files that
  don't already exist locally, so a sync can't clobber edits you
  haven't pushed. Last-write-wins on the server via upsert.
• Dashboard sections to view + delete synced personalities and
  commands at codeep.dev/dashboard (read + prune; editing stays in the
  CLI).
• Deliberately not synced: lifecycle hooks (arbitrary shell —
  syncing + auto-running on another machine is a security risk) and
  MCP server configs (contain tokens). Those stay local by design.

Added — AI-generated session titles

• Sessions now get a concise LLM-generated title ("OAuth2 migration
  for auth module") instead of the first user message truncated to 60
  chars ("help me with the…"). Generated once per session in the
  background after it has ≥3 messages — fire-and-forget on autosave,
  never blocks a save, never regenerates once set. Makes both
  /sessions and /recall dramatically more readable.
• Title priority: AI title > stored title > first-message fallback >
  session name. Stored under aiTitle in the session JSON.
• Opt-out: autoSessionTitle setting (default on). This is the
  only feature that makes a background API call you didn't explicitly
  request, so it's toggleable in /settings for privacy/cost-conscious
  users. Off → sessions keep the first-message title, zero background
  calls.

Changed

• /search description clarified to "search the current session"
  (vs /recall for cross-session) — the two were easy to confuse when
  both said "search history".

Fixed

• /sessions picker showed raw session ids (session-2026-05-20-757cbda5)
  instead of readable titles. Now shows the title (AI-generated > stored

  first-message) with a short date + message count, so the list is
  scannable.

• Models hallucinating their identity in chat mode. Asked "which
  model are you", GLM (and others) would claim to be Claude because the
  chat system prompt never stated the actual identity. Both the chat
  and agent system prompts now inject the real model + provider
  from config, so the answer is truthful. (Agent mode already said
  "never call yourself Claude" but didn't state the real model; now it
  does.)