CodeWhale v0.8.64

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.64

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Each platform also has bare, unarchived binaries attached below (codewhale-<platform> and codewhale-tui-<platform>) — these are what the npm wrapper and the in-app codewhale update download, whereas the .tar.gz / .zip archives above are the recommended manual download and additionally bundle an install script. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.64

Added

• Seamless auto-compaction defaults. Known large-context routes now keep
  automatic compaction on by default while carrying summaries forward through
  the stable prompt path, reducing surprise context loss without changing
  explicit opt-out behavior.
• Runtime web automation readiness. Local app automation gains a
  loopback-only dev-server readiness primitive so agents can wait for TCP and
  optional HTTP health checks before browser verification. Harvested from
  #3376 by @cyq1017.
• Model and integration polish. /model pro and /model flash shortcuts
  now resolve to the current DeepSeek V4 routes while preserving existing model
  IDs. Harvested from #3350 by @KUK4. The WeCom bridge landed with
  maintainer follow-up hardening for state permissions and chat-facing error
  reporting, from #3370 by @pkeging.

Fixed

• Security and trust-boundary hardening. Project-local config can no longer
  loosen user-owned shell or instruction-file policy, file edits now require a
  fresh read of the target file, git history inputs reject option-shaped or
  control-character revisions, interactive execution surfaces require approval,
  and local tool paths are narrowed through workspace/root validation.
• Runtime and diagnostics redaction. Generated runtime/app-server tokens,
  raw session lineage identifiers, provider registry drift values, review
  receipt internals, and webhook URLs are no longer echoed into human-facing
  logs or diagnostics.
• Network and alert safety. Provider TLS verification bypass requests now
  fail closed, fleet alert webhooks require HTTPS, fetch URL hostnames are
  resolved before requests, and runtime mobile auth no longer relies on
  token-bearing URLs.
• Path-state hardening. Config sibling files, project MCP cwd values,
  runtime thread store files, sub-agent state, project-local state roots, and
  app-server sidecar config paths now resolve through checked roots before
  reads/writes.
• Release CI repair. Nightly cross-target builds install Rust targets
  explicitly and retry transient cargo failures; auto-tag runs are serialized
  and treat an already-created remote tag as a no-op. Safe slices harvested
  from #3374 by @donglovejava.
• Provider wait and sidebar regressions. Provider-wait footers suppress
  noisy countdowns until useful while keeping timeout warnings visible,
  harvested from #3375 by @idling11. The pinned sidebar can render at a
  narrower 64-column boundary, harvested from #3371 by @donglovejava.
• Delegated server cleanup. Delegated serve / app-server children gain
  OS-level parent-death cleanup on supported platforms, completing the #3259
  follow-up from #3378 and #3317 by @wuisabel-gif.
• ACP and sandbox correctness. ACP sessions preserve multi-turn
  conversation history across prompt turns, harvested from #3372 by @xulongzhe.
  Worktree Git metadata writes are allowed through sandbox policy without
  broad trust-mode escalation, from #3356 by @cyq1017 and the #3355 report by
  @linletian.

Changed

• Community and dependency harvests. The release train carries focused
  community-credit slices from #3379 by @greyfreedom, #3348 by @nightt5879,
  #3346 by @hongqitai, #3345/#3333 by @cyq1017, and Dependabot updates for
  windows, toml, tokio, lru, similar, and web tooling security locks.
• Public release surface cleanup. Benchmark-specific materials were kept
  out of the public release repo; benchmark source fragments belong in the
  separate codewhale-bench lane.

Contributor credits for this release live in the changelog entry above —
thank you to everyone whose reports, PRs, reviews, and reproductions shaped it.

See CHANGELOG.md for full notes and docs/CHANGELOG_ARCHIVE.md for older releases.

v0.8.63

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.63

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Each platform also has bare, unarchived binaries attached below (codewhale-<platform> and codewhale-tui-<platform>) — these are what the npm wrapper and the in-app codewhale update download, whereas the .tar.gz / .zip archives above are the recommended manual download and additionally bundle an install script. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.63

Added

• Sub-agent fanout safeguards (#3318, #3319). High-fanout Workflow runs can
  now queue and drain more agents than the instantaneous concurrency cap by
  default, with [subagents] max_admitted available to tune that bounded
  admission population. Distinct agent calls are no longer capped by the
  per-turn loop guard before runtime launch concurrency and provider
  rate-limit backoff can apply. [subagents] token_budget applies a shared
  aggregate token ceiling to a root agent run and its descendants.
• Per-worker sub-agent token enforcement (#3321). A token_budget /
  max_tokens set on an individual agent call now bounds that single worker
  mid-run: once its accumulated model tokens exceed the cap it stops cleanly
  with a budget_exhausted status instead of running to max_steps. This
  complements the scope-level admission gate (#3319) — the per-worker cap stops
  one runaway worker, the scope cap bounds total fan-out — without
  double-counting. Harvested from #3321 by @donglovejava.
• Provider-specific sub-agent fanout config. [subagents.providers.<provider>]
  profiles now override enabled, max_concurrent, max_admitted,
  launch_concurrency, max_depth, token budget, API timeout, and heartbeat
  timeout for the active provider. Use broad direct-API profiles such as
  [subagents.providers.deepseek] and tighter subscription profiles such as
  [subagents.providers.glm]; /config subagents status shows both global
  and active-provider resolved values.
• Sub-agent control and isolation. The single agent tool now exposes
  status, peek, and cancel actions for running children, and accepts
  worktree: true to create an isolated git worktree/branch for parallel edit
  lanes instead of requiring callers to hand-roll a cwd.

Fixed

• Mode and tool catalog correctness. Core action tools remain discoverable
  in the model-facing catalog/tool search, and a consistency self-check flags
  registered handlers that drift out of the advertised catalog. Review-looking
  prompts in explicit Agent/YOLO mode now keep the requested mode and tools,
  with only an advisory review hint.
• Sub-agent orchestration recovery. Child agents now retry transient
  provider header/SSE timeouts before failing, and parent runs synthesize missed
  child completions from terminal child state so orchestration cannot hang on a
  lost completion event.
• DeepSeek thinking tool calls. DeepSeek chat-completions requests now omit
  explicit tool_choice whenever reasoning/thinking is enabled, avoiding
  provider rejections while leaving no-thinking routes unchanged.
• Task sidebar shortcuts and attribution. Ctrl-K stays palette/emacs-kill,
  while Ctrl-X is scoped to Tasks-sidebar background shell cancellation. Shell
  jobs launched by sub-agents now render with their child-agent owner in the
  Tasks sidebar and transcript.
• Benchmark-turn recovery and context economy. Repeated read-only search
  loop blocks now return guidance instead of fatal tool failures, Python build
  failures that are missing setuptools include an install/retry hint, long
  foreground shell timeouts steer models toward background execution, and noisy
  shell/test/web outputs are compacted earlier for large-context routes.
• Config display redaction. codew config get/list now recursively masks
  token-, secret-, password-, credential-, and authorization-like keys inside
  unknown extras tables and redacts sensitive HTTP header values before
  printing config output.
• Queued follow-up hints and force-steer keys. The pending-input preview now
  advertises Ctrl+S send now whenever queued follow-ups exist, and
  Ctrl/Cmd+Enter force-steering also accepts the common Ctrl+J terminal
  encoding while a turn is running.
• Sidebar default visibility restored (#3328). New and upgraded sessions
  now use a pinned composed sidebar by default when the terminal is wide
  enough, so live Agents and Tasks surface without opting back into idle
  auto-collapse. Older settings files that captured the v0.8.62 auto-collapse
  default now migrate to pinned unless /sidebar auto --save records an
  explicit opt-in. /sidebar now reports when width or auto-collapse
  suppresses rendering instead of saying the sidebar is visible. Reported by
  @dxfq.
• JavaScript execution proxy env handling (#3273, #3331). js_execution
  now enables Node's environment-proxy mode when proxy variables are present,
  mirrors lowercase proxy variables for the child process, and backfills
  HTTP_PROXY / HTTPS_PROXY from ALL_PROXY. Reported by @lordwedggie and
  harvested from #3331 by @cyq1017.
• Legacy app-server non-loopback auth hardening (#3258). Bare
  codewhale app-server --host 0.0.0.0 now fails fast unless an explicit
  --auth-token or CODEWHALE_APP_SERVER_TOKEN is supplied, keeping generated
  one-time cwapp_* tokens loopback-only.
• Legacy .deepseek state write-path migration (#3240). State subdirectories
  (sessions, slop_ledger, trophies, catalog) are now always written under
  ~/.codewhale/, and the first write of a subdir relocates any pre-existing
  ~/.deepseek/<sub> contents into the primary location so the legacy tree stops
  growing while old data is preserved. The read resolver still finds legacy data
  for backfill until each subdir migrates. Reported by @Final527; onboarding
  marker slice from #3302 by @nightt5879.
• State subdir validation on Windows (#3240). State path hardening now
  rejects rooted/prefixed subdir strings such as /etc before resolving or
  migrating state directories, keeping the .codewhale write resolver inside
  its state root across platforms.

Contributor credits for this release live in the changelog entry above —
thank you to everyone whose reports, PRs, reviews, and reproductions shaped it.

See CHANGELOG.md for full notes and docs/CHANGELOG_ARCHIVE.md for older releases.

v0.8.62

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.62

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Each platform also has bare, unarchived binaries attached below (codewhale-<platform> and codewhale-tui-<platform>) — these are what the npm wrapper and the in-app codewhale update download, whereas the .tar.gz / .zip archives above are the recommended manual download and additionally bundle an install script. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.62

Changed

• GLM-5.2 is now the default direct Z.AI model. DEFAULT_ZAI_MODEL resolves
  to GLM-5.2 in both codewhale-tui and codewhale-config; the glm-5.1
  alias still resolves to GLM-5.1 (the defaulting was decoupled from the alias
  arm so it no longer tracks the default). Docs and config.example.toml no
  longer describe GLM-5.2 as an opt-in preview.
• GLM-5-Turbo registered as a real model and wired as the faster/explore
  sub-agent sibling for the GLM family: a GLM-5.2 parent routes
  faster/explore children to GLM-5-Turbo (direct Z.ai) and z-ai/glm-5-turbo
  (OpenRouter), instead of down to GLM-5.1. GLM-5.1 and GLM-5-Turbo themselves
  have no cheaper tier and keep children on the parent.
• type: "explore" sub-agents default to model_strength: "faster". Bounded
  read-only lookup/search/status work now uses the cheaper same-family sibling
  automatically, unless an explicit model or model_strength: "same" is
  supplied. Non-explore roles keep the conservative same default.
• GPT-5.5 / OpenAI Codex faster route stays on GPT-5.5 with reasoning
  resolved to low (the Codex Responses API has no true off, so the resolved
  effort is now honest low rather than off silently rewritten). No
  DeepSeek/GLM fallback is fabricated when no cheaper same-provider sibling
  exists. DeepSeek Pro→Flash routing and its no-thinking faster lane are
  unchanged.
• Base prompt / delegate skill guidance updated to encourage parallel
  read-only exploration (2-4 type: "explore" sub-agents) for broad repo,
  version, branch, benchmark, and API-surface investigations, while keeping
  architecture, integration, and final verification in the parent. The
  delegate skill examples now use provider-neutral model_strength instead of
  hardcoded DeepSeek model ids.
• Agent synthesis guardrails. The base constitution now frames tools around
  sufficient evidence rather than open-ended persistence: extra reads, searches,
  and delegation must target a missing fact, and agents should answer with
  limits instead of broadening searches indefinitely. The runtime loop guard
  now blocks duplicate read-only/delegated calls earlier and caps repeated
  broad lookup/delegation loops in a single turn with a synthesis-forcing tool
  error. Guard metadata distinguishes exact duplicates
  (identical_tool_call) from no-progress loops (no_progress_tool_loop).
• Sub-agent handoff and visibility. Direct sub-agent completions are drained
  before the next parent model request, so finished children can wake the main
  model promptly instead of waiting for an empty-tool-use branch or idle engine
  path. Nested sub-agents now report completions to their immediate parent
  inbox; the main model still receives only direct-child completions, avoiding
  grandchild floods while preserving nested evidence flow. Sub-agent output
  guidance now requires child-agent provenance when a sub-agent relies on a
  child report: cite the child agent_id and the child's EVIDENCE line(s), and
  do not present child findings as directly verified facts. The sidebar orders
  sub-agents as a parent/child tree and annotates nested rows with parent and
  depth information in hover text.
• Sub-agent summary provenance (#2652). A sub-agent's free-text result is now
  explicitly treated as an unverified self-report rather than confirmed
  evidence. The completion sentinel carries summary_kind: complete | truncated
  so the parent model can branch on whether it saw the full report or a clipped
  excerpt. Short summaries (≤ 12,000 chars) get a soft "re-verify material
  claims" suffix; longer ones are head+tail truncated with an honest marker
  stating the elided middle is not retrievable via retrieve_tool_result.
  Every summary therefore carries exactly one boundary marker, never both.
• Provider metadata centralization. Provider env vars, config keys, aliases,
  and auth hints are now resolved through the shared ProviderMetadata registry
  across codewhale-config, codewhale-tui, and codewhale-cli, reducing drift
  between the provider picker, codewhale auth, doctor --json, and setup
  hints.

Added

• Agent clarification questions (#3102). Agents now have a first-class
  request_user_input tool to ask the user structured clarifying questions
  through a modal UI surface instead of only emitting a chat message and hoping
  the user notices. Mirrors the approval/secret-request flow the harness
  already used for permissions. The tool accepts 1-3 questions, each with a
  header, an id, 2-4 selectable options (label + description), and
  allow_free_text / multi_select flags (both default to false for
  back-compat). Input is validated up front with actionable errors. Wired
  across all layers: the request_user_input tool, engine handling
  (turn_loop → approval), an interactive TUI modal (UserInputView) with
  full keyboard navigation, and the runtime protocol
  (EventFrame::UserInputRequest + AppRequest::SubmitUserInput) so headless
  / app-server clients can answer programmatically. Parity tests cover the
  wire round-trip and the omitted-flags default.
• Transcript hyperlinks — out-of-band OSC 8 (#3029). Clickable file /
  file:line / URL links now reach the terminal through a column-drift-safe
  path. Link payloads are embedded in-band by the markdown renderer, then
  extracted out of the ratatui buffer cells and re-emitted out-of-band by
  ColorCompatBackend — so the ESC bytes never occupy display columns or
  corrupt selection. Supporting terminals get live hyperlinks; others see the
  label text unchanged. Clipboard/selection extraction strips residual codes as
  defense-in-depth.
• CodeWhale-only skill discovery gate (#3296). New
  [skills].scan_codewhale_only = true limits session-time skill discovery to
  CodeWhale-owned roots (<workspace>/.codewhale/skills, ~/.codewhale/skills,
  and any explicit skills_dir) while ignoring cross-tool directories such as
  .claude/skills, .opencode/skills, .cursor/skills, and ~/.agents/skills.
  The default remains the broad compatibility scan.
• Permission/ask runtime rules (#3295). Sibling permissions.toml ask-only
  rules are now loaded by the TUI engine and applied to exec_shell before
  Auto/session approval shortcuts. Matching ask rules force an approval prompt
  in otherwise auto-approved flows and are rejected under
  approval_mode = "never".
• Runtime API no-auth documentation. docs/RUNTIME_API.md now documents
  codewhale app-server --insecure-no-auth ...

v0.8.61

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.61

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Each platform also has bare, unarchived binaries attached below (codewhale-<platform> and codewhale-tui-<platform>) — these are what the npm wrapper and the in-app codewhale update download, whereas the .tar.gz / .zip archives above are the recommended manual download and additionally bundle an install script. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.61

This release lands the runtime control plane for multi-agent work: the TUI stays
responsive while sub-agents run, sub-agents converge toward fleet-style durable workers
with per-role model routing, and provider/model routes are isolated per session. It also
folds in several community contributions.

Added

• WhaleFlow runtime foundations — worker runtime profiles (role / permissions / shell /
  tools / model-route, with non-escalating child derivation), a cross-provider model registry
  with offline catalog hydration, and provider-readiness / context-budget / provider-adapter /
  resource-telemetry services. (#3217, #3071, #3072, #3073)
• Per-role, heterogeneous-model sub-agent routing — sub-agents can be assigned a model and
  provider per role (e.g. scout vs. synthesis; verifiers route to a fast model). (#2027, #1768)
• Durable goal mode — cross-turn goal progress with token/time accounting and a
  verifier-as-judge gate before a goal may complete. (#3215, #891, #1976, #2058, #2029)
• Parent-visible worker interaction contract — a recommended action per worker. (#3226)
• Maintainer GitHub workflow skills; ACP registry submission prepared. (#3192)
• OpenAI-compatible /v1/chat/completions endpoint on the legacy app-server HTTP transport,
  provider-neutral, with model registry resolution and configured-credential forwarding.

Changed

• Sub-agents converge toward fleet-style durable workers — real worker lifecycle states are
  projected to the sidebar instead of a hardcoded "running", and a sub-agent returns a structured
  needs-input checkpoint instead of parking. (#3226, #3096, #3154)
• The per-turn runtime tag exposes capability posture instead of human-facing mode labels. (#3213)
• Independent shell and verifier work defaults to background jobs with nonblocking waits and a
  completion notification; blocking now requires an explicit wait. (#3212)
• Sub-agent launches now expose explicit model_strength and thinking controls to the model
  instead of hidden child-model auto-routing; explore work is documented as a good fit for
  faster models and thinking: "off".
• Plan mode is strictly read-only (no shell tools), consistent with its runtime posture.
• /swarm is gated behind the durable worker substrate. (#3218)
• Legacy deepseek install/update path resolves to codewhale. (#2960, #2924, #2917)

Fixed

• TUI freeze when multiple sub-agents spawn (launch blocker) — the terminal input pump runs
  off the render thread, AgentProgress events are coalesced, and sub-agents no longer park on
  input with no orchestrator to answer; a six-worker stress test guards input/render/cancel
  liveness. (#3216, #3096)
• Idle sub-agent completion notifications now resume the parent turn instead of waiting for a
  later user message; thanks @giovanni-paolilla for the deadlock report (#3266).
• Provider/model route isolation — provider and model state is session-local, and a
  mismatched provider+model tuple is rejected at the route boundary. (#3227)
• Route-effective context-window metadata, over-limit preflight, and bounded recovery from
  context_length_exceeded instead of re-looping. (#3204)
• Synchronous tools (file_search, grep_files, list_dir) are cancellable and no longer hold
  a turn open against cancellation. (#1791)
• MCP stdio proxy startup prompts no longer strand YOLO / non-interactive runs. (#2475)
• Stalled / failed background-shell recovery; configurable sub-agent API timeout. (#1737, #1786, #1806)
• Composer: reliable queued steering + Ctrl+S send (#3203, #3224); footer busy/idle indicator
  (#2982); CJK word-wrap (#963); clickable sidebar stop targets (#3028); live token throughput
  (#3190); auto-expiring terminal sub-agent cards (#3078).
• Linux glibc preflight in the installer/update path with a clear error. (#3207, #1067)
• Self-update retries transient GitHub metadata/asset failures and falls back from the GitHub
  REST API to the public releases/latest redirect before constructing release asset URLs. (#3232)
• Provider picker lists providers in neutral alphabetical order instead of hard-coding DeepSeek first; the active provider stays pre-selected. (#3076)
• Work sidebar no longer shows stale phase now: / phase next: strategy rows once the checklist
  is 100% complete.
• Plan mode no longer shortcuts investigation for requests that name a repository, URL, version,
  release, build state, benchmark, bug, PR, issue, API surface, or local code path.
• Oversized pasted text stays editable in the composer, with a file backup appended at submit
  time for model access; thanks @idling11 (#3267, closes #3263).
• Bare digit keys 1-8 now insert text instead of firing hotbar slots; use Alt+digit for
  hotbar actions. Thanks @wjq2026 for the report and @DieMoe233 for the paste-path note (#3243).
• Kimi/Moonshot tool schemas normalize empty function parameters to a root object schema; thanks
  @jghwwnq for the provider repro (#3265).
• Novita defaults to its OpenAI-compatible /openai/v1 endpoint so chat completions no longer
  404 out of the box; thanks @buko for the report and endpoint verification (#3255).
• Dependency security: ws pinned to 8.21.0 across npm packages to close remote memory-exhaustion
  DoS (dependabot).

Community contributions

• Non-DeepSeek model pricing — thanks @mvanhorn (#3201)
• Telegram polling transport — thanks @cyq1017 (#3195)
• Mobile event history — thanks @RobertEmprechtinger (#3220)
• Runtime-API session save — thanks @gaord (#3199)
• Whale-accent rename — thanks @nightt5879 (#3197)
• DEEPSEEK_BASE_URL / MODEL honored in exec — thanks @hongchen1993 (#3221)
• VS Code read-only API documentation — thanks @cyq1017 (#3013)
• Atomic ask-only permission rule persistence — thanks @greyfreedom (#3233)
• DeepInfra provider support and release-surface follow-through — thanks @idling11 (#3235, closes #3231) and @nightt5879 (#3236)
• Editable oversized paste composer flow — thanks @idling11 (#3267, closes #3263)
• WeChat bridge (integrations/weixin-bridge via Feishu + Tencent OpenClaw) — thanks @VincentCorleone (#3206)
• Config robustness: atomic permission-rule save, one-time config .bak backup before the first changed write, CODEWHALE_HOME as primary config home, and accepting the dispatcher-written config shape (camelCase aliases + [features.enabled] table) so legacy/dual-written configs parse cleanly
• Dependency/CI bumps: docker login/qemu actions, softprops gh-release, download-artifact, vitest, @opennextjs/cloudflare, form-data, js-yaml, dompurify, ws

Contributor credits for th...

v0.8.60

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.60

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Individual binaries are also attached below for scripting and the npm wrapper. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.60

Added

• Agent Fleet real-run cutover (#3154/#3096). codewhale fleet run now
  launches durable workers through the headless codewhale exec --output-format stream-json path instead of the local simulation interpreter, with terminal
  worker events freeing leases so queued fleet tasks continue running.
• Read-only shell parallelism (#2983). The engine can now run conservative
  read-only shell calls in parallel, including strict bash/sh/zsh -c
  wrappers for whitelisted commands, while writes, stdin, background TTY work,
  redirects, pipes, command substitution, and follow-mode tails stay serial.
• Declarative JS/TS WhaleFlow authoring (#3097). WhaleFlow now accepts a
  compile-only workflow({...}) JavaScript/TypeScript authoring form that
  lowers into the existing WorkflowSpec validator without executing user
  JavaScript.
• Slash-menu Ctrl+P/Ctrl+N navigation (#3196). The slash command menu now
  supports Ctrl+P/Ctrl+N movement without letting the global file picker steal
  focus while the menu is open. Thanks @1Git2Clone for the PR.
• New models and first-party provider routes. This release adds
  GLM-5.2 (selectable on the Z.ai Coding Plan and over OpenRouter as
  z-ai/glm-5.2, alongside the existing GLM-5.1 default), a first-party
  Z.ai provider route, a first-party StepFun / StepFlash route
  (step-3.7-flash), and a first-party MiniMax route defaulting to
  MiniMax-M3 with the M2.7/M2.5/M2.1 family selectable (#3187/#3191).

Changed

• README and contributor credits. The README now has a shorter public
  overview and moves the full contributor ledger to docs/CONTRIBUTORS.md,
  preserving public thanks for DeepSeek,
  DataWhale,
  OpenWarp, and
  Open Design.
• Fleet-backed sub-agent direction. Runtime docs now state the intended
  cutover clearly: "sub-agent" is role/UX vocabulary, while durable detached
  work should converge on the fleet-backed worker lifecycle with retries,
  receipts, and ledgered inspection.

Fixed

• Sub-agent eval no longer blocks by default. agent_eval now returns the
  current projection immediately and delivers follow-up input without waiting
  for a running child to finish its provider call. Pass block:true for an
  intentional terminal wait.
• Z.ai GLM thinking traces. Direct Z.ai requests now use the documented
  thinking shape, preserve and replay reasoning_content, classify GLM
  reasoning streams as thinking output, and accept ultracode as a max-effort
  alias.
• Claude skill archive compatibility (#2743). /skill install keeps
  portable Claude-style skill folders supported while rejecting multi-skill
  Claude plugin archives clearly instead of silently installing only one skill
  and dropping plugin semantics. Thanks @AiurArtanis for the ecosystem request.

Contributor credits for this release live in the changelog entry above —
thank you to everyone whose reports, PRs, reviews, and reproductions shaped it.

See CHANGELOG.md for full notes and docs/CHANGELOG_ARCHIVE.md for older releases.

Contributors

Thanks to the community members whose PRs and ecosystem reports shaped v0.8.60:

• @1Git2Clone — slash-menu Ctrl+P/Ctrl+N navigation (#3196)
• @AiurArtanis — Claude skill archive compatibility (#2743)

And thank you to everyone who filed issues, tested builds, reviewed PRs, and shared reproductions across the v0.8.58–v0.8.60 release train.

v0.8.59

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.59

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Individual binaries are also attached below for scripting and the npm wrapper. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.59

Added

• Moonshot Kimi K2.7 Code model. The Moonshot/Kimi provider now defaults to
  kimi-k2.7-code, recognizes kimi/kimi-k2 aliases for that model, keeps
  explicit kimi-k2.6 selectable, and adds the OpenRouter
  moonshotai/kimi-k2.7-code registry row.
• Concise verbosity mode (#3052). CLI noninteractive launches now default
  to concise prompt/output discipline unless overridden by config, env, or
  --verbosity, while interactive TUI launches remain normal by default.
  Thanks @cyq1017 for the PR.
• Ephemeral generated project context (#3058). Opening CodeWhale in a
  directory with no instruction files now keeps the bounded generated project
  overview in memory instead of creating .codewhale/instructions.md.
• ACP registry auth metadata (#1447). The ACP stdio adapter now advertises
  terminal authentication setup in initialize.authMethods, matching the
  registry's validation requirement.
• Sidebar context menus (#3065). Right-clicking the sidebar no longer shows
  Paste; clickable sidebar rows now offer their row command as the first
  context action.
• Sidebar hover popovers (#3088). Streaming turns now keep sidebar hover
  popovers responsive while continuing to throttle transcript/body mouse
  motion.
• Dark-theme selection contrast (#3074, thanks @drpars). Session, config,
  help, context-menu, and approval selections now use the muted selection
  background instead of the bright accent color.
• Cursor-style activity metadata rows (#3146). Dense successful tool-run
  summaries now render as a single muted Explored ... / Updated metadata
  row, include short command-family labels for successful generic verifier
  groups, and keep keyboard/mouse expansion and detail inspection intact.
• Provider-wait observability (#3095). Footer stall reasons now name the
  active provider/model route, idle seconds vs stream budget, and whether a
  fanout plan is still at 0 running or dispatch is pending. Structured
  provider-wait incidents log once per turn from the main tick loop (not on
  every footer redraw).
• Interactive fanout launch gate (#3095). Direct sub-agent children queue
  behind a configurable semaphore ([subagents] interactive_max_launch,
  default 4) with a visible queued: waiting for an interactive fanout slot
  reason before their first model step.
• Goal lifecycle controls. /goal is now the primary command surface for
  session goals, with pause, resume, complete, blocked, and clear
  controls while /hunt remains a compatibility alias.
• Persistent thread-goal API. App-server clients can now set, get, and clear
  durable thread goals through thread/goal/set, thread/goal/get, and
  thread/goal/clear, backed by the state store with Codex-style status and
  token/time accounting fields.
• Command-boundary ownership layers (#2888/#3055). Built-in slash command
  metadata now lives in commands/registry.rs, slash parsing in
  commands/parse.rs, and handlers under group-owned command areas, preserving
  the existing dispatch surface while reducing future commands/mod.rs churn.
• Approval-rule source metadata (#1186/#2971). Runtime API
  approval.required events now include optional matched_rule metadata when
  an execution-policy rule caused the prompt. Thanks @greyfreedom for the PR
  and @Ram9199 for the audit-semantics discussion.
• Localized tool-family labels (#2901). Tool activity labels for read,
  patch, run, find, delegate, fanout, RLM, verify, think, and generic tool
  work now route through the shipped locale tables. Thanks @gordonlu for the
  PR.
• Localized config section labels (#2918). The interactive config view now
  localizes section and session/saved scope labels while preserving English
  search terms. Thanks @gordonlu for the PR.
• Localized config editor labels (#2919). The config editor modal now
  localizes edit labels, default/unavailable placeholders, and effective
  currency hints. Thanks @gordonlu for the PR.
• Hotbar number-key dispatch (#3056). Bare 1-8 now trigger bound
  hotbar slots only when the composer is empty, while Alt+1-Alt+8 trigger
  slots regardless of composer text and overlays keep key ownership. Thanks
  @reidliu41 for the PR.
• Voice dictation commands (#3051). /voice, /voice-send, and
  /voice-control now record through sox/rec/arecord, transcribe via the
  active provider's chat-completions API, and insert transcripts at the
  composer cursor. The voice.toggle hotbar action dispatches the real voice
  command, with help and status text localized across all seven shipped
  locales. Thanks @HUQIANTAO for the PR.
• Thread rewind and snapshot restore API (#2808). GUI clients can now call
  POST /v1/threads/{id}/undo, /patch-undo, and /retry to fork, roll back,
  or rerun recent thread turns, plus POST /v1/snapshots/{id}/restore to
  restore a workspace snapshot by id. Thanks @bengao168 for the PR.
• Active provider fallback chain (#2773). Configured fallback_providers
  now build an ordered primary-plus-fallback route that the TUI can report,
  advance through, and reset with /provider fallback reset, including footer
  visibility for fallback state. Thanks @idling11 for the PR.
• Provider metadata registry (#3005). Built-in provider ids, display names,
  defaults, env vars, config keys, aliases, and wire formats now live in a
  shared metadata registry, with the provider drift check covering the registry
  contract. Thanks @sximelon for the PR.
• Hugging Face provider route (#2879). Hugging Face Inference Providers now
  have first-class config, env, docs, and registry coverage for the
  OpenAI-compatible router, including huggingface/hugging-face/
  hugging_face/hf aliases and HUGGINGFACE_*/HF_* env fallbacks. Thanks
  @mvanhorn for the PR.

Fixed

• SSE data lines without spaces (#3152). Chat Completions, Responses, and
  Anthropic stream readers now accept both data: {...} and data:{...} SSE
  frames, matching the spec and preventing providers that omit the optional
  space from streaming empty output. Thanks @wgeeker for the PR.
• Runtime thread detail N+1 reads (#3141). get_thread_detail now scans
  persisted turn items once and groups them by turn instead of reading the
  items directory once per turn, preserving item order while keeping large
  thread detail loads responsive.
• Project-local hook trust boundary (#3140). .codewhale/hooks.toml is now
  loaded only after the workspace is trusted in user-owned config, matching the
  project-local MCP trust model while preserving the documented shell-command
  hook contract.
• Skill registry sync latency (#3139). /skills sync now syncs registry
  entries with bounded ordered concurrency, so network latency no lo...

v0.8.58

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.58

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Individual binaries are also attached below for scripting and the npm wrapper. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.58

Added

• Native Anthropic provider. A dedicated Messages API adapter
  (/v1/messages with x-api-key auth) replaces OpenAI-dialect shims for
  Claude models: adaptive thinking with output_config.effort shaping,
  prompt-cache breakpoints (capped at 4, earliest dropped), signed-thinking
  replay via signature_delta, normalized cache-hit/miss usage telemetry,
  and SSE error envelopes. claude-opus-4-8, claude-sonnet-4-6, and
  claude-haiku-4-5 join the model registry; configure with
  ANTHROPIC_API_KEY (#3014).
• Hooks v2. tool_call_before hooks can now return a JSON decision —
  {"decision": "allow"|"deny"|"ask", "reason", "updatedInput", "additionalContext"} — with deny > ask > allow precedence across multiple
  hooks, last-writer-wins input rewriting, and concatenated context. Exit
  code 2 remains a legacy hard deny. Hooks support glob matchers and
  project-local .codewhale/hooks.toml (#3026).
• Clickable sidebar. Background-job rows show/cancel on click, the
  Ctrl+K hint row runs /jobs cancel-all, and agent rows open /subagents;
  row actions are built in the same pass as the rendered lines so a click
  can never target the wrong job (#3028).
• OSC 8 out-of-band hyperlink infrastructure with per-region open/close
  sequences that survive partial redraws (#3029).
• codewhale exec gains --allowed-tools, --disallowed-tools (deny wins),
  --max-turns, and --append-system-prompt (#3027).
• Constitution prompt source: YAML source-of-truth plus Python renderer for
  the system prompt, with the active prompt now served from
  constitution.md (#3015, renderer reconciliation still tracked).
• Agent-task issue template, labels, and runner protocol (#3021); remote
  smoke-test droplet loop hardening — gh CLI, swapfile, agent sessions
  (#3022).

Changed

• Sub-agent routing is provider-aware. DeepSeek ids are no longer
  hardcoded into model validation; routing works from per-provider
  big/cheap candidates, the network router is skipped when a provider has
  no cheap tier, and spawn-time model requests are validated against the
  active provider (#3018).
• Model-specific facts in the system prompt (context window, sub-agent
  pricing, thinking notes, architecture characteristics) are now templated
  per-model instead of hardcoded DeepSeek V4 claims, in both base.md and
  constitution.md (#3025).
• Provider capability lookups for Moonshot/OpenAI/Atlascloud resolve from
  per-model registry rows (bare and vendor-prefixed ids) instead of
  hardcoded 64K-era floors (#3023).
• Reasoning-effort now reaches Atlascloud (DeepSeek dialect), Moonshot
  (thinking enable/disable), and Ollama (think param) (#3024); Moonshot/
  Kimi models joined the reasoning-content provider and model gates (#3016).
• Transcript polish: compact tool-call cells without boilerplate (#3031),
  internal turn/agent ids hidden behind stable labels (#3030), and Ctrl+B
  now backgrounds the running foreground shell directly instead of opening
  a menu (#3032).
• The Tasks sidebar separates "Model reasoning" from "Background commands",
  and auth list reports the same active-credential source as
  auth status for openai-codex.

Fixed

• TUI freeze under sub-agent load. Rapid AgentProgress events
  saturated the render loop and starved terminal input; progress-driven
  repaints are now throttled to one per 100ms (#3033).
• Hooks on Windows. Hook commands were passed to cmd /C through
  CRT-style argument quoting, which injected literal \" sequences that
  cmd.exe never unescapes — JSON decisions could not parse. Commands now
  reach cmd.exe verbatim via raw_arg.
• Codex Responses: assistant tool results are converted to
  function_call_output items (multi-turn tool calling previously broke),
  tool schemas are sanitized for the Responses API, and maximum effort
  maps to xhigh (#3019, #3017 — both partially; retry/backoff and
  per-tool strict mode remain open).
• Better tool-denial and provider error messages harvested from PR #2933
  (#3020).

Contributor credits for this release live in the changelog entry above —
thank you to everyone whose reports, PRs, reviews, and reproductions shaped it.

See CHANGELOG.md for full notes and docs/CHANGELOG_ARCHIVE.md for older releases.

v0.8.57

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.57

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Individual binaries are also attached below for scripting and the npm wrapper. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.57

Added

• Turns now survive system sleep. When the host suspends mid-stream, the
  connection used to die on wake with Stream read error: error decoding response body and the turn was lost (#2990). The engine now stamps stream
  progress with both monotonic and wall-clock time; a large divergence on a
  stream error identifies a sleep/wake cycle, and the request is silently
  re-issued (up to the existing 3-retry budget) instead of failing the turn.
• One-command release prep. ./scripts/release/prepare-release.sh X.Y.Z
  bumps the workspace version, every internal crate dependency pin, the npm
  wrapper, and the README install-tag examples, refreshes Cargo.lock,
  regenerates the embedded TUI changelog slice and web facts, and runs
  check-versions.sh — the v0.8.56 release needed nine follow-up commits for
  exactly these sync points.
• .github/CODEOWNERS and .github/dependabot.yml (weekly cargo +
  github-actions updates, monthly npm for web/).

Changed

• The changelog went on a diet. Root CHANGELOG.md now carries recent
  releases (v0.8.40+); older entries moved to docs/CHANGELOG_ARCHIVE.md.
  crates/tui/CHANGELOG.md — embedded into every binary for /change — is a
  generated 15-release slice (scripts/sync-changelog.sh), no longer a
  357 KB manual byte-for-byte copy (~300 KB smaller binaries).
• GitHub Release bodies are generated from the tagged version's changelog
  section (scripts/release/generate-release-body.sh) instead of a
  hardcoded workflow blob with a hand-pasted contributor list.
• check-versions.sh now also gates web/lib/facts.generated.ts and the
  README install-tag examples; the CNB mirror pipeline validates the pushed
  tag against Cargo.toml before generating release notes.
• Docs reorganized: internal design notes moved under docs/rfcs/; stale
  internal docs (old audits, handoffs, region-specific VM notes) removed.
• Agent-facing polish: the system prompt environment block reports
  codewhale_version (was deepseek_version), the legacy
  .deepseek/instructions.md path is no longer advertised in the prompt
  (still honored for back-compat), and oversized instruction files are
  truncated with an explicit […truncated: N bytes omitted] marker instead
  of a bare ellipsis.

Fixed

• Docker images build again. The release docker job failed for v0.8.56
  because the Dockerfile still copied the pre-rebrand deepseek /
  deepseek-tui binaries; they are now symlinks to the codewhale binaries
  inside the image, so legacy container entrypoints keep working.
• .devcontainer/devcontainer.json used the pre-rebrand container name,
  mount path, and deepseek remote user.
• Stale --bin deepseek examples, DeepSeek-TUI strings in /change
  output, and pre-rebrand doc comments.

Removed

• Unused dependencies: tracing-appender and zeroize (TUI crate),
  rustls (release crate); the orphaned vendor/schemaui-0.12.0 lockfile
  leftover and a machine-specific one-off scripts/verify_task.sh.

Contributor credits for this release live in the changelog entry above —
thank you to everyone whose reports, PRs, reviews, and reproductions shaped it.

See CHANGELOG.md for full notes and docs/CHANGELOG_ARCHIVE.md for older releases.

v0.8.56 — Community Harvest: localization, providers, prefix-cache stability, and fixes

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.56

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Individual binaries are also attached below for scripting and the npm wrapper. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

Contributors

Thanks to @sximelon, @cyq1017, @Artenx, @LHqweasd, @wywsoor,
@hsdbeebou, @mserrano11, @Dr3259, @yekern, @lioryx,
@puneetdixit200, @HUQIANTAO, @xyuai, @gaord, @shenjackyuanjie,
@AdityaVG13, @aboimpinto, @ousamabenyounes, @reidliu41,
@ljm3790865, @idling11, @h3c-hexin, @AresNing, @tdccccc,
@qiyuanlicn, @bevis-wong, @shuxiangxuebiancheng, @hongqitai,
@NASLXTO, @wuxixing, @linzhiqin2003, @merchloubna70-dot,
@mvanhorn, @Implementist, @jrcjrcc, @punkcanyang,
@yusufgurdogan, @LeoAlex0, @mo-vic, @AiurArtanis, @nasus9527,
and @lbcheng888 for reports, PRs, reviews, reproductions,
design direction, and harvested work that shaped v0.9.0.

Changelog

See CHANGELOG.md for the full notes for this release.

v0.8.55 — Together AI, OpenAI Codex, Model Catalog

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.55

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform	Archive	Install script
Linux x64	codewhale-linux-x64.tar.gz	install.sh
Linux ARM64	codewhale-linux-arm64.tar.gz	install.sh
Linux RISC-V	codewhale-linux-riscv64.tar.gz	install.sh
macOS x64	codewhale-macos-x64.tar.gz	install.sh
macOS ARM	codewhale-macos-arm64.tar.gz	install.sh
Windows x64 (installer)	CodeWhaleSetup.exe	NSIS setup
Windows x64	codewhale-windows-x64.zip	install.bat
Windows x64 (portable)	codewhale-windows-x64-portable.zip	—

Unix (Linux / macOS):

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

• For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
• Extract codewhale-windows-x64.zip
• Run install.bat (copies to %USERPROFILE%\bin)
• Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Individual binaries are also attached below for scripting and the npm wrapper. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify:

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

Contributors

Thanks to @sximelon, @cyq1017, @Artenx, @LHqweasd, @wywsoor,
@hsdbeebou, @mserrano11, @Dr3259, @yekern, @lioryx,
@puneetdixit200, @HUQIANTAO, @xyuai, @gaord, @shenjackyuanjie,
@AdityaVG13, @aboimpinto, @ousamabenyounes, @reidliu41,
@ljm3790865, @idling11, @h3c-hexin, @AresNing, @tdccccc,
@qiyuanlicn, @bevis-wong, @shuxiangxuebiancheng, @hongqitai,
@NASLXTO, @wuxixing, @linzhiqin2003, @merchloubna70-dot,
@mvanhorn, @Implementist, @jrcjrcc, @punkcanyang,
@yusufgurdogan, @LeoAlex0, @mo-vic, @AiurArtanis, @nasus9527,
and @lbcheng888 for reports, PRs, reviews, reproductions,
design direction, and harvested work that shaped v0.9.0.

Changelog

See CHANGELOG.md for the full notes for this release.