Add LiteLLM defaults and TUI tool UX

[Zochory]

Description

Adds LiteLLM provider defaults and settings logic, introduces a permissioned tool loop with @file inlining, and improves command menu interactivity. Updates bridge runbook/docs and bumps JS/Python dependencies.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code refactoring
• Performance improvement
• Test addition or update
• Dependency update

Related Issues

Fixes #
Related to #

Changes Made

• Add LiteLLM/provider default handling and OpenAI-compatible config resolution
• Add tool loop with permissions + @file inlining, and enhance command menu UX
• Update docs/AGENTS/runbooks and bump dependencies

Screenshots (if applicable)

Testing

Test Configuration

• OS: macOS 26.3
• Terminal: Conductor CLI
• Bun Version: 1.2.10

Test Cases

• Tested basic chat functionality
• Tested command system
• Tested mention system
• Tested keyboard shortcuts
• Tested with real API endpoint
• Tested error handling
• Ran type checking (bun run typecheck)
• Tested in multiple terminal emulators
• Other: _______________

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings or errors
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published
• I have checked my code and corrected any misspellings
• I have updated the CHANGELOG.md file (if applicable)

Breaking Changes

Additional Notes

Reviewer Checklist

• Code quality is acceptable
• Tests are adequate
• Documentation is updated
• No security concerns
• Performance impact is acceptable
• Breaking changes are justified and documented

[coderabbitai]

Caution

Review failed

The pull request is closed.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • LiteLLM provider support and provider defaulting/switching
  • Coding Agent Tools: opt-in tool execution (read/list/write/run) with per-tool permissions, auto-approve, and tool execution flow
  • New /provider and /tools commands; select-style prompts and richer prompt UI (selects, tool prompts)
  • Async @file mentions that inline file contents with size/permission handling

• Documentation

  • Expanded docs and plans for LiteLLM, provider behavior, and Coding Agent tooling

• Tests

  • Added tests for model parsing, LLM config, mentions, provider defaults, tools, and permissions

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Adds LiteLLM provider support and centralized LLM configuration; implements a permissioned coding-agent tool framework (parse/execute/permissions/prompt); surfaces provider and tools controls in CLI/UI and command handlers; wires tool execution into submit/stream flows; updates docs, defaults, deps, and tests.

Changes

Cohort / File(s)	Summary
Env & Bridge runtime \.env.example, bridge/run.sh	Add LITELLM_* env vars and LLM_PROVIDER; run.sh maps LITELLM_* → OPENAI_* when present and updates warning text.
Docs & Guides AGENTS.md, PLANS.md, README.md, bridge/README.md, docs/...	Document LiteLLM proxy, provider handling, new /provider & /tools commands, Coding Agent tools, ExecPlans, and usage examples.
Storage & Types src/storage.ts, src/types.ts	Add provider and structured tools to AppSettings; new types LlmProvider, PermissionMode; UISuggestion adds keywords/requiresValue; Prompt adds select variant.
LLM config & input helpers src/llm/config.ts, src/llm/providerDefaults.ts, src/llm/models.ts, src/llm/input.ts	New resolver resolveLlmConfig, getAuthHeader, resolveResponsesUrl, applyProviderDefaults, parseModelList, and buildResponsesInput(history) to normalize provider/base/model (incl. LiteLLM heuristics).
API surface & services src/api.ts, src/services/streamingService.ts, src/services/commandService.ts, src/sse.ts	Remove legacy OPENAI_* exports from src/api.ts; re-export buildResponsesInput; streaming service now resolves config via resolveLlmConfig(settings) and accepts settings; SSE delta extraction broadened; add command routing for provider & tools.
Tool framework src/tools/index.ts, src/tools/permissions.ts, src/tools/prompt.ts	New parser parseToolCalls, executor executeToolCall (read_file/list_dir/write_file/run_command) with bounds/truncation; resolveToolPermission enforces external/doom-loop/auto-approve logic; buildToolSystemPrompt generates system prompt when enabled.
App integration & orchestration src/index.tsx, src/mentionHandlers.ts	Introduce tool queue/state, system-prompt injection, parse-on-complete, per-call permission prompts and execution, append tool results into history; add async mention expansion formatMessageWithMentionsAsync.
Commands & handlers src/commands.ts, src/commandHandlers.ts, src/services/commandService.ts	Add provider and tools commands, requiresValue flags, interactive provider selection with applyProviderDefaults, and new handlers handleProviderCommand / handleToolsCommand.
UI & Hooks src/cliHelp.ts, src/components/*, src/hooks/*, src/components/PromptOverlay.tsx, src/components/InputArea.tsx, src/components/SettingsMenu.tsx	Surface Provider/Tools in status/help; MessageList segments messages; SuggestionList improves highlight/detail panel; PromptOverlay adds select support; InputArea gains isFocused; settings UI becomes section-aware; hooks accept new fields and streaming onComplete.
Tests tests/*	New/updated tests for LLM config, mention expansion, provider defaults, model parsing, tool parsing/execution, permissions; streaming test now passes explicit settings.
Dependencies & bridge package.json, bridge/requirements.txt, bridge/requirements-dev.txt	Bump front-end and bridge dependencies (React/@OpenTui), FastAPI/uvicorn, pydantic, pytest version; remove recursive -r in dev requirements.
Removed docs .trae/documents/*	Delete multiple long-form planning/design documents under .trae/documents/.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant App as Client App
    participant Responses as Responses API
    participant Parser as Tool Parser
    participant Perms as Permission Resolver
    participant Executor as Tool Executor

    User->>App: Submit message
    App->>Responses: Stream request (resolveLlmConfig(settings) + optional tool-system prompt)
    Responses-->>App: Assistant response

    App->>Parser: parseToolCalls(response)
    Parser-->>App: [ToolCall...]

    loop per ToolCall
        App->>Perms: resolveToolPermission(call, settings, cwd, isDoomLoop)
        alt deny
            Perms-->>App: deny (reason)
            App->>User: Notify denial
        else ask
            App->>User: Prompt for approval
            User-->>App: Approve / Deny
            alt approved
                App->>Executor: executeToolCall(call, options)
            else denied
                App-->>App: Skip execution
            end
        else allow
            App->>Executor: executeToolCall(call, options)
        end
        Executor-->>App: ToolResult
        App->>App: Append formatted tool result to history
        App->>Responses: Continue/reprompt with tool results
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~65 minutes

Possibly related PRs

• Add LiteLLM defaults and TUI tool UX #17 — Large overlap: LiteLLM provider, provider-defaults, tools parsing/execution, and related src/llm and src/tools files.
• Dev #9 — Touches UI components and hooks (MessageList, PromptOverlay, SuggestionList) that overlap with visual and interaction changes here.
• Handoff #4 — Overlaps bridge/runtime and AF-related docs/bridge changes (bridge/run.sh, bridge/README.md).

Poem

🐰 I nibble through code, byte by byte,

LiteLLM wakes and tools take flight,
I hop to check each permission gate,
I run, I read, then I update,
Tests pass — carrots feel just right.

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description covers the main changes and type of change but is missing several template sections: no detailed Description paragraph, no Screenshots, incomplete Testing section with unchecked items, incomplete Checklist with several unchecked critical items (code comments, CHANGELOG), and no Related Issues specified.	Expand the Description section with more detail, add Testing evidence or justification for unchecked items, complete the Checklist (especially CHANGELOG.md and comments), and add Related Issues if applicable.
Docstring Coverage	⚠️ Warning	Docstring coverage is 19.72% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main changes: adding LiteLLM defaults and TUI tool UX improvements, which align with the primary objectives of the PR.

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 406b6a3 and c19d8fa.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (55)

• .env.example
• .trae/documents/Enhance AF Workflows Web UI_ Dropdown, Themes, Agents, Messaging, Scrolling, Tests, Docs.md
• .trae/documents/Enhance TUI CLI with Workflow Mode and AF Backend.md
• .trae/documents/Integrate Handoff Workflows into QLAW TUI.md
• .trae/documents/Progressive Enhancements for Workflows Web UI.md
• .trae/documents/Publishable qlaw-cli v0.1.5 (Bun-based CLI).md
• .trae/documents/QLAW CLI Analysis, Cleanup, Docs, Version 0.1.5, QA.md
• .trae/documents/QLAW CLI Codebase Analysis + Proposed Improvements.md
• .trae/documents/QLAW CLI Experience Enhancements.md
• AGENTS.md
• PLANS.md
• README.md
• bridge/README.md
• bridge/requirements-dev.txt
• bridge/requirements.txt
• bridge/run.sh
• docs/API-INTEGRATION.md
• docs/ARCHITECTURE.md
• package.json
• src/api.ts
• src/cliHelp.ts
• src/commandHandlers.ts
• src/commands.ts
• src/components/InputArea.tsx
• src/components/MessageList.tsx
• src/components/PromptOverlay.tsx
• src/components/SettingsMenu.tsx
• src/components/StatusLine.tsx
• src/components/SuggestionList.tsx
• src/hooks/useInputMode.ts
• src/hooks/useKeyboardShortcuts.ts
• src/hooks/useSettings.ts
• src/hooks/useStreaming.ts
• src/index.tsx
• src/llm/config.ts
• src/llm/input.ts
• src/llm/models.ts
• src/llm/providerDefaults.ts
• src/mentionHandlers.ts
• src/services/commandService.ts
• src/services/streamingService.ts
• src/sse.ts
• src/storage.ts
• src/suggest.ts
• src/tools/index.ts
• src/tools/permissions.ts
• src/tools/prompt.ts
• src/types.ts
• tests/llmConfig.test.ts
• tests/mentionHandlers.test.ts
• tests/models.test.ts
• tests/providerDefaults.test.ts
• tests/streamingService.test.ts
• tests/tools.test.ts
• tests/toolsPermissions.test.ts

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @Zochory, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly modernizes the CLI by integrating LiteLLM for flexible model provider support and introducing powerful coding agent capabilities. It allows the AI to interact with the local file system and execute commands in a controlled, permissioned environment, greatly expanding its utility for development tasks. Concurrently, the user experience for interacting with commands and mentions has been refined, and underlying dependencies have been brought up to date.

Highlights

• LiteLLM Integration: Added comprehensive support for LiteLLM, allowing the CLI to use LiteLLM-compatible proxies and model identifiers. This includes new environment variables, configuration settings, and automatic provider detection.
• Coding Agent Tools: Introduced a permissioned tool execution loop, enabling the AI to request and execute file system (read, list, write) and shell commands. Tools can be enabled/disabled, auto-approved for safe operations, and permissions can be fine-tuned via new commands and settings.
• Enhanced UX for Mentions and Commands: The @file mention now inlines file contents directly into the prompt (with truncation for safety). The command menu and suggestion list have been improved with better interactivity, query matching, and detailed information for selected commands/mentions.
• Dependency Updates: Key JavaScript (Bun, OpenTUI, React) and Python (FastAPI, Uvicorn, Azure SDKs) dependencies have been updated to their latest versions, ensuring stability and access to new features.
• Documentation Updates: The AGENTS.md, README.md, and docs/API-INTEGRATION.md files have been updated to reflect the new LiteLLM configuration options, coding agent tools, and enhanced mention functionality.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces significant new functionality, including support for LiteLLM providers and a comprehensive, permissioned tool execution loop for the coding agent. The changes are well-structured, with new logic correctly organized into llm and tools directories. The implementation of the tool loop, with its security considerations like permission levels and doom-loop detection, is particularly well-executed. The documentation has also been thoroughly updated to reflect these new features. My review includes a few suggestions to simplify some of the new logic and improve maintainability, particularly around environment variable handling and the structure of a large new command handler.

[gemini-code-assist]

The logic for setting fallback environment variables and issuing a warning can be simplified to avoid redundant checks. The current implementation checks for missing OPENAI_* variables twice. You can combine these into a single, clearer block. The inner check for LITELLM_* variables is also redundant, as the parameter expansion ${VAR:-${FALLBACK:-}} safely handles cases where the fallback is empty.

Suggested change

	if [[ -z "${OPENAI_BASE_URL:-}" || -z "${OPENAI_API_KEY:-}" || -z "${OPENAI_MODEL:-}" ]]; then
	if [[ -n "${LITELLM_BASE_URL:-}" || -n "${LITELLM_API_KEY:-}" || -n "${LITELLM_MODEL:-}" ]]; then
	export OPENAI_BASE_URL="${OPENAI_BASE_URL:-${LITELLM_BASE_URL:-}}"
	export OPENAI_API_KEY="${OPENAI_API_KEY:-${LITELLM_API_KEY:-}}"
	export OPENAI_MODEL="${OPENAI_MODEL:-${LITELLM_MODEL:-}}"
	fi
	fi
	if [[ -z "${OPENAI_BASE_URL:-}" || -z "${OPENAI_API_KEY:-}" || -z "${OPENAI_MODEL:-}" ]]; then
	echo "[warn] OPENAI_BASE_URL / OPENAI_API_KEY / OPENAI_MODEL not set."
	echo " The bridge uses OpenAIChatClient by default. Set these to a real backend."
	echo " The bridge uses OpenAIChatClient by default. Set these or LITELLM_* vars."
	fi
	# If core OpenAI vars are not fully set, try to populate them from LiteLLM vars.
	if [[ -z "${OPENAI_BASE_URL:-}" || -z "${OPENAI_API_KEY:-}" || -z "${OPENAI_MODEL:-}" ]]; then
	export OPENAI_BASE_URL="${OPENAI_BASE_URL:-${LITELLM_BASE_URL:-}}"
	export OPENAI_API_KEY="${OPENAI_API_KEY:-${LITELLM_API_KEY:-}}"
	export OPENAI_MODEL="${OPENAI_MODEL:-${LITELLM_MODEL:-}}"
	# After attempting the fallback, if vars are still missing, issue a warning.
	if [[ -z "${OPENAI_BASE_URL:-}" || -z "${OPENAI_API_KEY:-}" || -z "${OPENAI_MODEL:-}" ]]; then
	echo "[warn] OPENAI_BASE_URL / OPENAI_API_KEY / OPENAI_MODEL not set."
	echo " The bridge uses OpenAIChatClient by default. Set these or LITELLM_* vars."
	fi
	fi

[gemini-code-assist]

The handleToolsCommand function is quite long and handles multiple subcommands (on, off, auto, perm). To improve readability and maintainability, consider refactoring this into smaller, more focused functions for each subcommand (e.g., handleToolsPermissionCommand, handleToolsToggleCommand).

Additionally, the toolMap (lines 366-379) is defined inside the function. Since it's a constant mapping, it would be better to define it as a const at the module level. This avoids re-creating the object on every function call.

[gemini-code-assist]

The fallback logic for the custom provider could lead to unexpected behavior. When provider is 'custom', the code falls back to OPENAI_* and LITELLM_* environment variables if settings are not provided. A user selecting a 'custom' provider likely intends to provide all connection details manually via settings. Mixing a custom endpoint from settings with an API key or model from a different provider's environment variables could cause connection failures or unexpected costs.

Consider making the custom provider rely only on values from settings and not fall back to environment variables to make its behavior more predictable.

[gemini-code-assist]

The splitIntoSegments function is a great addition for handling multiple code blocks. However, the regular expression /```(\\w+)?\\n([\\s\\S]*?)```/g might not correctly handle code blocks that don't have a newline immediately after the language identifier (e.g., ```python). While less common, it's a possible edge case. A more robust regex could be /```(\\w+)?(?:\\n|\\s)([\\s\\S]*?)```/g to allow for optional whitespace.

[Copilot]

Pull request overview

This PR modernizes qlaw-cli with LiteLLM provider support, introduces a permissioned coding agent tool system with file inlining, and refreshes dependencies. It adds significant new functionality including tool execution with configurable permissions, enhanced command menu UX with highlighted matching, and multi-provider configuration logic.

Key changes include:

• LiteLLM provider defaults and OpenAI-compatible config resolution with auto-detection
• Tool loop implementation with permission system (allow/ask/deny) for file operations and shell commands
• Enhanced @file mentions that inline actual file contents instead of just referencing them

Reviewed changes

Copilot reviewed 35 out of 36 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
src/types.ts	Adds LlmProvider and PermissionMode types, extends AppSettings with provider and tools configuration
src/tools/index.ts	New tool execution system with parsing, validation, and result formatting for read/list/write/run operations
src/tools/permissions.ts	Permission resolution logic with external directory and doom-loop protection
src/tools/prompt.ts	System prompt generation for tool-enabled conversations
src/llm/config.ts	Provider resolution and auth header logic supporting OpenAI, Azure, LiteLLM, and custom backends
src/llm/providerDefaults.ts	Provider-specific default handling and env variable fallback chains
src/llm/input.ts	Extracted prompt building logic for Responses API compatibility
src/services/streamingService.ts	Updated to use new config resolution and accept settings parameter
src/services/commandService.ts	Registers new /provider and /tools commands
src/index.tsx	Implements tool queue loop, async @file handling, and permission prompts in main app logic
src/hooks/useStreaming.ts	Adds onComplete callback for tool detection after streaming
src/hooks/useSettings.ts	Adds Coding Agent section with tools and auto-approve toggles, provider field
src/hooks/useInputMode.ts	Passes keywords field to UI suggestions
src/components/SuggestionList.tsx	Enhanced with query highlighting, action hints, and expanded detail view
src/components/StatusLine.tsx	Shows provider, model, and tools status in footer
src/components/MessageList.tsx	Implements multi-code-block rendering with segment parsing
src/mentionHandlers.ts	Adds async file reading and inlining for @file mentions with truncation
src/storage.ts	Adds LiteLLM env vars and tools configuration to defaults
src/sse.ts	Additional delta extraction patterns for broader compatibility
src/commandHandlers.ts	Implements /provider and /tools commands with permission management
src/commands.ts	Registers provider and tools in command metadata
src/cliHelp.ts	Updates status display to include provider and tools
src/api.ts	Simplified to re-export buildResponsesInput from llm/input
tests/streamingService.test.ts	Updated test to include settings parameter and new env vars
docs/ARCHITECTURE.md	Documents new llm/ and tools/ modules
docs/API-INTEGRATION.md	Adds LiteLLM proxy configuration section
docs/AGENTS.md	Documents coding agent tools and permissions
README.md	Adds LiteLLM and tools documentation
PLANS.md	New execution plan document
bridge/run.sh	Adds LITELLM_* to OPENAI_* fallback logic
bridge/requirements.txt	Updates Python dependency versions
bridge/requirements-dev.txt	Updates pytest version
bridge/README.md	Documents LiteLLM configuration
package.json	Bumps @OpenTui and React dependencies
bun.lock	Reflects updated dependency versions
.env.example	Adds LiteLLM environment variable examples

Comments suppressed due to low confidence (1)

src/index.tsx:442

• The handleSubmit callback is declared as async but the command execution path (lines 434-443) calls handleExecuteCommand without awaiting it. This could lead to race conditions where the input is cleared before the command completes, or errors from command execution might not be properly caught. Either await the call or ensure proper error handling for the fire-and-forget pattern.

    if (input.startsWith("/")) {
      const parts = input.slice(1).split(" ");
      const cmd = parts[0];
      const args = parts.slice(1).join(" ");
      if (cmd) {
        handleExecuteCommand(cmd, args);
      }
      setInput("");
      return;

[Copilot]

The regex pattern has incorrectly escaped backslashes. In JavaScript regex, \\w should be \w, and \\n should be \n, and \\s should be \s. The double backslashes will match literal backslashes in the string rather than the intended character classes and escape sequences. This will prevent code blocks from being properly detected and parsed.

Suggested change

	const regex = /```(\\w+)?\\n([\\s\\S]*?)```/g;
	const regex = /```(\w+)?\n([\s\S]*?)```/g;

[Copilot]

The tool permission prompt message is generic and doesn't show which file path or command is about to be executed. For security and UX reasons, users should see exactly what operation they're approving. The prompt should include details like the path being read/written or the command being executed, especially for sensitive operations.

Suggested change

	setPrompt({
	type: "confirm",
	message: `Allow tool: ${call.tool}?`,
	const argsObject = (call as ToolCall).args || {};
	const hasArgs = argsObject && Object.keys(argsObject).length > 0;
	let argsPreview = hasArgs ? JSON.stringify(argsObject, null, 2) : "no arguments";
	const MAX_PREVIEW_LENGTH = 200;
	if (argsPreview.length > MAX_PREVIEW_LENGTH) {
	argsPreview = argsPreview.slice(0, MAX_PREVIEW_LENGTH) + "…";
	}
	const permissionMessage =
	`Allow tool "${call.tool}" to run in:\n` +
	` ${toolOptions.cwd}\n` +
	`with arguments:\n` +
	` ${argsPreview}\n\n` +
	`Proceed?`;
	setPrompt({
	type: "confirm",
	message: permissionMessage,

[Copilot]

The filter condition on line 172 checks if the content "startsWith('Tool ')" but the actual system messages created for tool results use the format "Tool {tool_name} (ok)" or "Tool {tool_name} (error)" from formatToolResult. This check will correctly filter these messages. However, the "Skipped tool" messages don't match this pattern and won't be filtered, which could lead to accumulating error messages in the conversation history.

Suggested change

	(m) => !(m.role === "system" && m.content.startsWith("Tool "))
	(m) =>
	!(
	m.role === "system" &&
	(m.content.startsWith("Tool ") || m.content.startsWith("Skipped tool"))
	)

[Copilot]

The documentation has a structural issue. Line 161 describing the @code mention is incorrectly placed after the "Coding Agent Tools" section header. This line should be moved up to be with the other mention examples (before line 156) to maintain proper section organization.

Suggested change

	### Coding Agent Tools
	When `/tools` is enabled, the assistant can request tool execution using fenced `tool` blocks.
	Permissions follow `allow | ask | deny` and can be configured via `/tools perm`.
	- `@code function example() { return true; }` will format as a code snippet
	- `@code function example() { return true; }` will format as a code snippet
	### Coding Agent Tools
	When `/tools` is enabled, the assistant can request tool execution using fenced `tool` blocks.
	Permissions follow `allow | ask | deny` and can be configured via `/tools perm`.

[Copilot]

The LLM configuration logic in src/llm/config.ts and src/llm/providerDefaults.ts lacks test coverage. These functions handle critical provider resolution and fallback logic, including inferProvider and applyProviderDefaults, which determine how different environment variables interact. Tests should verify the precedence rules and edge cases.

[Copilot]

The external path detection logic has a flaw. On Windows systems, path separators use backslashes (), but this code only checks for forward slash (/). This means paths within the project on Windows might incorrectly be flagged as external. Use path.sep instead of hardcoding "/" to ensure cross-platform compatibility.

[Copilot]

The run_command tool executes arbitrary shell commands without any validation or sanitization. This is a security risk as it could allow command injection if user input flows into the command argument. Consider adding validation, a command allowlist, or at minimum, clear warnings in documentation about the security implications of enabling this tool.

[Copilot]

The @file mention handler reads files without validating that the path is within the project directory. This could allow reading arbitrary files on the system if a malicious or compromised model requests sensitive files. Consider applying the same external path validation used in the tools permission system (isExternalPath) to prevent reading files outside the working directory.

[Copilot]

The new tool execution functionality in src/tools/index.ts, src/tools/permissions.ts, and src/tools/prompt.ts lacks test coverage. Given that the repository has comprehensive tests for other services (sse.test.ts, commandService.test.ts, etc.), these new security-sensitive features should also have corresponding test files to verify tool parsing, execution, permission resolution, and error handling.

[Copilot]

Character '\' is repeated in the same character class.

Suggested change

	const regex = /```(\\w+)?\\n([\\s\\S]*?)```/g;
	const regex = /```(\w+)?\n([\s\S]*?)```/g;

[Copilot]

Pull request overview

Copilot reviewed 46 out of 47 changed files in this pull request and generated 21 comments.

[Copilot]

The tool execution logic filters out system messages that start with "Tool " when building history for the API. However, this string-prefix check is fragile and could inadvertently filter out legitimate system messages that happen to start with "Tool ". Consider using a more robust approach like adding a metadata flag to tool-related messages or using a specific message type.

[Copilot]

The function guessLanguage returns language identifiers but some of the mappings may not align with common syntax highlighting libraries. For example, "jsx" and "tsx" are often aliased to "javascript" and "typescript" respectively in many highlighters. Consider documenting which syntax highlighting library is being targeted or ensuring these identifiers match the expected format.

[Copilot]

The provider inference logic uses model.includes("/") as a heuristic for LiteLLM-style models. However, this could produce false positives if a user sets a custom model name containing a slash for non-LiteLLM purposes. Consider adding a comment explaining this heuristic or making it more robust by checking for specific prefixes like "openai/", "anthropic/", etc.

[Copilot]

The handleToolsCommand function is very long (160+ lines) and handles multiple subcommands. Consider refactoring this into separate handler functions like handleToolsPermissionSubcommand, handleToolsToggleSubcommand, etc., to improve maintainability and testability.

[Copilot]

Test coverage is missing for the new LiteLLM provider configuration logic. The PR adds src/llm/config.ts and src/llm/providerDefaults.ts with complex provider resolution and default-handling logic, but no tests are included. Consider adding tests to verify provider inference, default resolution, and edge cases like missing environment variables.

[Copilot]

The write_file tool uses resolve(fullPath, "..") to get the parent directory, but this is fragile and could behave unexpectedly if fullPath ends with a slash or has other path quirks. Consider using path.dirname(fullPath) instead for more reliable parent directory resolution.

[Copilot]

The left/right arrow navigation logic for switching between settings sections uses complex index arithmetic that could be error-prone. The logic calculates ranges and wraps around, but if ranges is empty or if there's an off-by-one error, it could cause unexpected behavior. Consider adding a guard condition to handle edge cases or adding comments explaining the arithmetic.

[Copilot]

The function uses void runTool() to explicitly ignore the Promise. While this is correct, adding a comment explaining why the promise is intentionally not awaited would help future maintainers understand that this is deliberate and not an oversight.

[Copilot]

The complex ternary expressions for model, endpoint, and apiKey are difficult to read and maintain. Consider extracting this logic into a helper function like resolveLlmDefaults() that returns an object with these three properties. This would improve readability and testability.

[Copilot]

Character '\' is repeated in the same character class.

[Copilot]

Pull request overview

Copilot reviewed 48 out of 49 changed files in this pull request and generated 8 comments.

[Copilot]

The function buildApiKeySelectOptions exposes actual API keys in plain text in the select options. While this might be intentional for user convenience, it creates a potential security concern where API keys could be visible in logs, screenshots, or UI traces. Consider either masking these keys (showing only the last 4 characters) or adding a warning in the description about the security implications of displaying API keys.

[Copilot]

The run_command tool executes arbitrary shell commands without any validation or sanitization. While there's a permission system in place, once approved, any command can run. Consider adding command validation (e.g., disallowing certain dangerous commands like rm -rf /, shell escaping validation) or implementing a command whitelist/blacklist pattern to prevent accidental or malicious execution of destructive commands.

[Copilot]

The model detection logic at line 28-29 will match models like "o10", "o100", "o3-preview-beta" unexpectedly. The pattern lower.startsWith("o1") or lower.startsWith("o3") is too broad. Consider using more specific patterns like checking for exact model names (e.g., "o1-preview", "o1-mini") or a pattern that ensures word boundaries to avoid false positives.

[Copilot]

Line 74 assigns baseUrl to resolvedBaseUrl but this assignment is redundant. The variable resolvedBaseUrl can be removed, and line 80 should directly use baseUrl instead, simplifying the code.

[Copilot]

The initial value of masked is unused, since it is always overwritten.

[Copilot]

Pull request overview

Copilot reviewed 50 out of 51 changed files in this pull request and generated 7 comments.

[Copilot]

Lines 445-446 are unreachable code. The function always returns at line 439 or 443, so the code creating and returning a system message on lines 445-446 will never execute.

This appears to be dead code left over from refactoring. It should be removed to avoid confusion.

Suggested change

	const msg = `${promptMessage}\nCurrent: ${masked}\nUsage: /${settingKey} <value>`;
	return { systemMessage: { id: generateUniqueId(), role: "system", content: msg, timestamp: new Date() } };

[Copilot]

The external path detection has a logical issue. On line 18, the check !resolved.startsWith(root + "/") will incorrectly flag paths as external when they should be internal.

For example, if cwd is /home/user/project and path is /home/user/project-docs/file.txt, the resolved path starts with /home/user/project but is actually outside the project directory. The current logic would incorrectly allow this as internal.

The issue is that line 16 adds an empty string to root (which does nothing), and line 18 checks if the resolved path starts with root + "/". However, if resolved === root, we return false early (line 17), but we should also handle the case where resolved is actually a parent or sibling of root.

Consider using a more robust check that normalizes both paths and ensures resolved is actually a child of root, not just a string prefix match.

[Copilot]

The inferProvider function has redundant logic. Lines 57-58 both return "litellm", meaning the function will always default to "litellm" regardless of the URL or model.

The conditional check on line 57 (if (url.includes("litellm") || url.includes("/llm/") || (model && model.includes("/")))) is unnecessary since line 58 will execute regardless of whether the condition is true or false.

Consider clarifying the intent: if the default should always be "litellm", the entire if statement can be removed. If there should be different logic for detecting non-LiteLLM providers (like detecting actual OpenAI endpoints), that logic needs to be added before the default return.

[Copilot]

The @file mention handler reads arbitrary files from the filesystem without proper path validation or security checks. While it uses resolve(options.cwd, path), there's no validation to prevent path traversal attacks using sequences like ../../../etc/passwd.

This creates a security risk where:

1. A malicious user could craft prompts with @file ../../../sensitive-file to read files outside the project directory
2. An LLM could be manipulated through prompt injection to request sensitive files

Consider adding:

1. Path validation to ensure the resolved path stays within the project directory (similar to the tool permission system)
2. A whitelist of allowed file extensions or patterns
3. Checks against reading sensitive system files
4. Integration with the external_directory permission check from the tools system

[Copilot]

The confirmation prompt for tool execution doesn't display the tool arguments, making it difficult for users to make informed decisions about whether to approve a tool call. The prompt only shows "Allow tool: read_file?" without showing what file will be read or where it will write.

Consider enhancing the confirmation message to include relevant tool arguments, such as:

• For read_file/write_file: show the path
• For run_command: show the command
• For list_dir: show the directory

This would help users make better security decisions, especially for potentially dangerous operations.

[Copilot]

Unused variable setSettings.

Suggested change

	const { settings, setSettings, setMessages, setPrompt } = context;
	const { settings, setMessages, setPrompt } = context;

[Copilot]

The initial value of masked is unused, since it is always overwritten.

[Copilot]

Pull request overview

Copilot reviewed 55 out of 56 changed files in this pull request and generated 20 comments.

Comments suppressed due to low confidence (1)

src/commandHandlers.ts:261

• The /help command output references a "settings" section but doesn't include information about the new /tools command and its sub-commands (on/off/auto/perm). Consider adding a tools section to the help output to document the new functionality.

      },
    };
  }
  return {
    systemMessage: {
      id: generateUniqueId(),
      role: "system",
      content: "To clear, run: /clear confirm",
      timestamp: new Date(),
    },
  };
}

export function handleHelpCommand(): CommandResult {
  const systemMsg: Message = {
    id: generateUniqueId(),
    role: "system",
    content: `Help
general
  /help                Show help
  /clear [confirm]     Clear messages
  /status              Show status
  /theme               Toggle theme
  /terminal-setup      Configure terminal keys
settings
  /settings            Open settings panel
  /keybindings [...]   View or edit keybindings
ai
  /provider <name>     Set provider (openai/azure/litellm/custom)
  /model <name>        Set model
  /endpoint <url>      Set API base URL
  /api-key <key>       Set API key
  /tools [args]        Toggle tool execution (on/off/auto, perm ...)
  /af-bridge <url>     Set Agent Framework bridge
  /af-model <name>     Set Agent Framework model
foundry
  /login               Login to Azure
  /foundry-endpoint    Set Foundry Project Endpoint
  /agent               List and select Foundry Agent
workflow
  /mode <standard|workflow>  Switch mode
  /workflow            Workflow controls

[Copilot]

The continueWithToolResults function filters out system messages that start with "Tool " or "Skipped tool" on lines 175-177, but doesn't filter the toolSystemMessage or toolResultsMessage that it adds to the history. This could lead to duplicate system prompts accumulating across multiple tool loops.

[Copilot]

The handleSettingCommand function has complex branching logic with multiple return paths. When selectOptions are provided, it opens a prompt and returns early (line 454). When no options are provided, it calls openInputPrompt() and returns (line 457), but then has unreachable code after. Consider restructuring to make the flow clearer and remove dead code.

Suggested change

	}
	openInputPrompt();
	return { shouldReturn: true };
	} else {
	openInputPrompt();
	return { shouldReturn: true };
	}

[Copilot]

The AUTO_SELECT_VALUE constant is defined but only used in the /provider command. The "Auto (detect)" option sets the provider to undefined, which may not be the intended behavior. Consider whether this should clear the provider field or set it to an explicit "auto" string value.

[Copilot]

The maxFileBytes parameter is set to 10,000 but the test writes "hello" (5 bytes). Consider adding a test case that verifies truncation behavior when a file exceeds the maxFileBytes limit.

[Copilot]

The permission mode "doom_loop" is a great safety feature, but consider adding test coverage for the doom loop detection logic (when the same tool is called 3+ times with identical arguments).

[Copilot]

The function inferProvider always returns "litellm" as the default on line 58, even when the URL doesn't contain litellm-specific patterns. This means any unknown provider will be treated as litellm. Consider returning "openai" as the fallback for standard OpenAI-compatible endpoints, or adding a "custom" provider type for truly unknown endpoints.

[Copilot]

The settingsSections sections now include a new "Providers" section with action items that mutate settings. However, these items have type: "info" which suggests they're informational, but they actually perform actions when activated. Consider using a different type name like "action" or "button" to better reflect their behavior.

[Copilot]

The regex pattern /```tool\s*([\s\S]*?)```/gi will match tool blocks anywhere in the text, including within code blocks or other contexts where they shouldn't be treated as tool calls. Consider making the regex more strict to only match tool blocks that appear on their own lines or adding validation to ensure they're not within other fenced code blocks.

[Copilot]

The pushToolCall function silently ignores tool names that don't match the four supported tools. Consider logging or returning a validation error when an unsupported tool name is encountered, so users understand why their tool call was ignored.

[Copilot]

The initial value of masked is unused, since it is always overwritten.

Suggested change

	const masked =
	options?.shouldMaskValue && typeof displayValue === "string"
	? displayValue
	? "***" + displayValue.slice(-4)
	: "Not set"
	: displayValue;

[Zochory]

@copilot open a new pull request to apply changes based on the comments in this thread

[Copilot]

@Zochory I've opened a new pull request, #18, to work on those changes. Once the pull request is ready, I'll request review from you.

[Zochory]

@copilot open a new pull request to apply changes based on the comments in this thread

[Copilot]

@Zochory I've opened a new pull request, #19, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

Pull request overview

Copilot reviewed 55 out of 56 changed files in this pull request and generated 22 comments.

[Copilot]

The MAX_PREVIEW_LENGTH constant is defined inline at line 256. For consistency with other configurable limits in the codebase (like maxFileBytes, maxDirEntries), consider moving this to a constant at the top of the file or making it part of the tool settings.

[Copilot]

The TOOL_PERMISSION_MAP includes multiple keys mapping to the same values (e.g., both "read" and "read_file" map to "read_file"). While this provides flexibility for user input, it's not clear from the code which aliases are canonical. Consider documenting the supported aliases in the command help text or adding a comment explaining why both formats are supported.

[Copilot]

The toolSignatureCountsRef is never reset except when a new user message is submitted. This means that if a tool is called 3+ times across different turns in the same session, it will be flagged as a doom loop even if the calls are legitimate. Consider adding a decay mechanism or resetting counts periodically to avoid false positives in long-running sessions.

[Copilot]

The test "returns empty array for undefined or empty" includes a test case with spaces (" "), but the implementation trims the input before checking if it's empty. The test correctly expects an empty array, but adding a comment explaining this edge case would improve test clarity.

[Copilot]

The logic in lines 89-90 has a fallback chain env.openaiModel || next.model, but if both are undefined, it leaves the model as undefined. This could lead to the same "Missing model" error that was fixed in other parts of the codebase. Consider either ensuring a default model is always set or documenting that this is intentional.

[Copilot]

The /tools perm command doesn't validate that rawMode is properly typed as PermissionMode before assigning it to settings. While the string check ensures it's one of "allow", "ask", or "deny", TypeScript won't recognize this as a type guard. Consider casting the value explicitly: [toolKey]: rawMode as PermissionMode for better type safety.

[Copilot]

The isExternalPath function has duplicated logic with a different implementation in src/mentionHandlers.ts (line 176). The implementations differ: the tools version checks isAbsolute(rel) while the mentionHandlers version does not. This inconsistency could lead to security issues if one implementation is more permissive than the other. Consider extracting this to a shared utility module to ensure consistent security checks across the codebase.

[Copilot]

The error message on line 32 suggests using multiple commands (/provider, /endpoint, /api-key, /model) but doesn't provide a clear order or priority for which to configure first. Consider improving the message to guide users through the configuration process more clearly, such as: "Missing LLM configuration. Set provider first with /provider, then configure /endpoint, /api-key, and /model."

[Copilot]

The permission message truncates args to 200 characters with an ellipsis, but this could cut off important information mid-value (e.g., in the middle of a file path or command). Consider truncating at word boundaries or adding a more structured preview format that shows complete key-value pairs up to the limit.

[Copilot]

The write_file tool uses mkdir with { recursive: true } to create parent directories, but it resolves the parent path using resolve(fullPath, ".."). This could potentially create directories outside the intended workspace if fullPath is manipulated. While isExternalPath should catch this in permissions, consider adding an additional safety check before creating directories to ensure they're within the allowed workspace.