- **project search: Stream result buffers sooner in remote scenarios**
- **Fix remote server build**

Closes #ISSUE

Release Notes:

- Improved performance of project search in remote projects.

---------

Co-authored-by: Smit <smit@zed.dev>
Co-authored-by: Zed Zippy <234243425+zed-zippy[bot]@users.noreply.github.com>
Co-authored-by: Smit Barmase <heysmitbarmase@gmail.com>
Co-authored-by: Conrad <conrad@zed.dev>

Summary
This PR fixes an issue where Python virtual environments (`venv`, `uv`,
etc.) were not automatically activated when opening a terminal using
PowerShell 7.

Details
`ShellKind` distinguishes between the legacy Windows PowerShell
(`ShellKind::PowerShell`) and the newer PowerShell 7
(`ShellKind::Pwsh`). Previously, the logic in
`resolve_venv_activation_scripts` only checked for
`ShellKind::PowerShell`, causing `activate.ps1` resolution to fail for
`Pwsh` users.
This change adds `ShellKind::Pwsh` to the resolution list, mapping it to
`activate.ps1` just like the legacy PowerShell.

Release Notes:

- Fixed Python virtual environments not automatically activating in
PowerShell 7

Add a `match_quotes` parameter to the `vim::Matching` action that
controls whether the `%` motion should treat quote characters (', ", `)
as matching pairs.

In Neovim, `%` only matches bracket pairs (([{}])), not quotes. Zed's
existing behavior includes quote matching, which some users prefer. To
preserve backwards compatibility while allowing users to opt into
Neovim's behavior, this PR:

1. Adds an optional `match_quotes` boolean parameter to the
   `vim::Matching` action
2. Updates the default vim keymap to use ["vim::Matching", {
   "match_quotes": true }], preserving Zed's current behavior
3. Users who prefer Neovim's behavior can rebind `%` in their keymap:

```
{
    "context": "VimControl && !menu",
    "bindings": {
        "%": ["vim::Matching", { "match_quotes": false }]
    }
}
```

When `match_quotes` is `false`, the `%` motion will skip over quote
characters and only match brackets/parentheses, matching Neovim's
default behavior.

Release Notes:

- vim: Added match_quotes parameter to the vim::Matching action to control
whether % matches quote characters

---------

Co-authored-by: dino <dinojoaocosta@gmail.com>

Scopes the history to the individual panes and paves the way for history
per external agent.

Release Notes:

- N/A

Closes #ISSUE

Release Notes:

- N/A *or* Added/Fixed/Improved ...

The visual test infrastructure changes in #46324 accidentally switched
from `settings::init(cx)` to `SettingsStore::test(cx)`, which uses
Courier font instead of the real Zed fonts (IBM Plex Sans / Lilex).

This restores the correct font loading:
1. Load embedded fonts with `Assets.load_fonts(cx)`
2. Use `settings::init(cx)` to get the real default settings with proper
fonts

Release Notes:

- N/A

Editable region was different for Zeta2 and Teacher, leading to "Edits
outside of editable region" errors.

Release Notes:

- N/A

Co-authored-by: Agus Zubiaga <agus@zed.dev>

This pollutes tasks and similar with a `connection closed` message
otherwise.

Release Notes:

- Fixed terminal tool for agents ending with `connection closed` on
remote hosts polluting context

This happens when a user's default branch has different remote and local
versions on their system. Because we would get a diff using just a
branch name without including it's remote name as well

This is a better default because it's far less confusing from a user's
perspective to debug what's going on.

Release Notes:

- git: Fix BranchDiff showing incorrect diffs when default local branch
is out of sync with the remote default branch

Fixes #41220

Co-authored-by: dino <dinojoaocosta@gmail.com>

Closes #41220

Release Notes:

- Rust: Fixed diagnostics being stale when working across path
dependencies

---------

Co-authored-by: dino <dinojoaocosta@gmail.com>

This PR adds the total and per-file number of lines added and removed
per thread, using the same logic to compute these as in the commit view.
Here's how they show up in the UI:

<img width="500" height="514" alt="Screenshot 2026-01-09 at 11  27@2x"
src="https://github.com/user-attachments/assets/e3a4a14f-a4ee-4e95-a77b-86d14914e9d6"
/>

Release Notes:

- Agent: Added the total and per-file number of lines added and removed
in a thread.

Release Notes:

- N/A

Benchmarks that depend on remote server would not rebuild the remote
server binary outside of dev builds. Let dependants of remote opt into
building the binary even in release builds.

Release Notes:

- N/A

This PR moves the `responses` module to its own module in the `open_ai`
crate.

Release Notes:

- N/A

I saw that this test is failing at head, with what turns out to be a
dependency on the test environment umask.

This removes the over-strict assertions about permissions from extracted
zips when permissions aren't preserved. I tested locally that it passes
with 022, 002, 077.

Also, some of the comments and variable names seemed to be out of date
for this test, in which the file is not executable, so I changed/removed
them.

cc @MrSubidubi 

follows on from #45515


Before:

```
mbp@amorfati ~/s/zed> umask 002
mbp@amorfati ~/s/zed> cargo nextest run -p util archive::tests::test_extract_zip_sets_default_permissions
    Finished `test` profile [unoptimized + debuginfo] target(s) in 0.21s
────────────
 Nextest run ID de9e0712-0db1-4e4e-8c9f-421bb68ed23c with nextest profile: default
    Starting 1 test across 1 binary (71 tests skipped)
        FAIL [   0.003s] util archive::tests::test_extract_zip_sets_default_permissions
  stdout ───

    running 1 test
    test archive::tests::test_extract_zip_sets_default_permissions ... FAILED

    failures:

    failures:
        archive::tests::test_extract_zip_sets_default_permissions

    test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 71 filtered out; finished in 0.00s

  stderr ───

    thread 'archive::tests::test_extract_zip_sets_default_permissions' (755934) panicked at crates/util/src/archive.rs:290:13:
    assertion `left == right` failed: Expected default set of permissions for unzipped file with no permissions set.
      left: 436
     right: 420
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```


Closes #ISSUE

Release Notes:

- N/A

Release Notes:

- N/A

Closes #46340

Release Notes:

- Fixed an issue where HTML tags where highlighted as JSX components.

Release Notes:

- N/A

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Fixing a regression I introduced in
https://github.com/zed-industries/zed/pull/45625. Diagnostic hover
popovers should only scroll vertically, not horizontally, as the content
should wrap.

Release Notes:

- N/A

Sometimes github issues are created without following the template, and
if they don't receive the `state:needs triage` label from a template,
it's easy for us to miss them. Well, not anymore, thanks to this new
github workflow.
As an extra measure, the label is also added on reopened issues. All of
this only applies only to actions carried out by people outside of the
staff team.

Release Notes:

- N/A

This PR removes the `GET /contributors` and `POST /contributors`
endpoints.

The former was not in use anywhere, and the latter has been moved to
Cloud.

Part of CLO-33.

Release Notes:

- N/A

Right now agent extensions can specify icon paths that point anywhere.
This changes it so that they can only specify icon paths that are
subdirectories of the extension's root dir.

Release Notes:

- Restrict agent server extension icon paths to subdirectories of the
extension's root directory

The default behavior for Vim search with `*` and `#` in normal mode is
to initiate a search and immediately jump to the next or previous match
respectively.

This behavior can be annoying, so Vim has many plugins to address this
specifically:

- [vim-asterisk](https://github.com/haya14busa/vim-asterisk)
-
[vim-SearchHighlighting](https://github.com/inkarkat/vim-SearchHighlighting)
- [vim-tranquille](https://github.com/RRethy/vim-tranquille)

This PR tries to emulate this behavior natively keeping up with Zed's
sane defaults and deviating from vanilla Vim when it makes sense.


Release Notes:

- Vim: `*` and `#` search doesn't jump immediately to next / previous
search.

Release Notes:

- N/A

This PR improves the visual test infrastructure:

- Adds controllable foreground executor for deterministic task
scheduling
- Adds tooltip hover testing capability
- Improves error handling in visual test runner
- Includes planning documentation for the approach

Release Notes:

- N/A

This PR adds the foundation for the subagents feature:

- Add `SubagentsFeatureFlag` with staff-disabled default
- Create `SubagentTool` struct with input schema for
task/summary/context-low prompts
- Register `SubagentTool` conditionally when feature flag is enabled
- Tool returns stub message 'not yet implemented' for now

Release Notes:

- N/A

---------

Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: Mikayla Maki <mikayla@zed.dev>
Co-authored-by: Yara <yara@zed.dev>

This builds on https://github.com/zed-industries/zed/pull/46112 (which
should be merged first) and adds the permission evaluation logic and
integrates it with the terminal tool as part of the tool permissions
feature. This is a separate PR for [stacked
diffs](https://newsletter.pragmaticengineer.com/p/stacked-diffs) to make
review easier.

## Changes

- **Add `tool_permissions.rs`** with `decide_permission()` function that
implements:
  - `deny > confirm > allow` precedence hierarchy (security-critical)
  - Case-sensitive and case-insensitive regex matching
  - Integration with existing `always_allow_tool_actions` setting
  - Comprehensive unit tests (15 tests)

- **Integrate with terminal tool**:
  - Commands matching deny rules are blocked immediately with an error
  - Commands matching allow rules proceed without confirmation dialog
  - Commands requiring confirmation show the dialog as before
  - Added integration tests for deny and allow rule scenarios

Co-Authored-By: Claude Opus 4.5

Release Notes:

- N/A

---------

Co-authored-by: Amp <amp@ampcode.com>

When focus is on the conversation part of the agent panel (not the
message editor), pressing Escape now interrupts the running thread.
Previously, Escape only worked when the message editor had focus.

Release Notes:

- Pressing Esc when the agent panel is focused now interrupts the
running thread even if the text input box is not specifically focused.

Reverts zed-industries/zed#46179

⚠️ Don't merge this until we confirm that it fixes the performance
regression when saving buffers while scrolling ⚠️

This PR removes the `GET /contributor` endpoint from Collab, as it has
been moved to Cloud.

Release Notes:

- N/A

Implements visual tests for breakpoint hover states in the editor gutter
with three states:
1. **No hover** - just line numbers
2. **Hover with indicator** - blue circle appears next to the line
3. **Hover with tooltip** - shows 'Set breakpoint' with F9 keybinding

- Added `VisualTestPlatform` that combines real Mac rendering with
controllable `TestDispatcher` for deterministic task scheduling and time
control
- Added `VisualTestAppContext::with_asset_source()` to enable SVG icon
rendering in visual tests (uses real Assets instead of empty source)
- Added F9 keybinding for ToggleBreakpoint so tooltip shows the
keybinding
- Removed debug `eprintln!` statements from editor, element, svg, and
window

The `VisualTestPlatform` enables `advance_clock()` which is essential
for testing time-based behaviors like tooltip delays. Without
deterministic time control, tests for hover states and tooltips would be
flaky.

Release Notes:

- N/A

This PR adds some clean up to the worktree picker: making sure that
worktree names render just one line, even when they might have multiple
lines (that was making each line item break for me), removing
superfluous icons, and making the footer controls more consistent with
the branch picker, where the buttons change to "Create..." if you're in
a state where the only match is the one to create a new worktree.


https://github.com/user-attachments/assets/e63aa8c9-b5a0-443d-a2ab-7759daed10d1

Release Notes:

- Git: Fixed some UI bugs in the worktree picker as well as improved the
UX for creating worktrees based off of the current or default branch.

I really enjoyed this feature in Claude Code. Helps me get a sense of
how effortful something is.

Release Notes:

- Added a "show_turn_stats" setting, default to false, that shows the
timer and the number of tokens down.

This makes running `predict` with the teacher model much faster, when
there are many examples.

Release Notes:

- N/A

---------

Co-authored-by: Ben Kunkle <ben@zed.dev>

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[aws-sdk-bedrockruntime](https://redirect.github.com/awslabs/aws-sdk-rust)
| workspace.dependencies | minor | `1.112.0` → `1.113.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[GHSA-g59m-gf8j-gjf5](https://redirect.github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-g59m-gf8j-gjf5)

## **Summary**
This notification is related to the use of specific values for the
region input field when calling AWS services. An actor with access to
the environment in which the SDK is used could set the region input
field to an invalid value.

A defense-in-depth enhancement has been implemented in the AWS SDK for
Rust. This enhancement validates that a region used to construct an
endpoint URL is a valid host label. The change was released on November
6, 2025. This advisory is informational to help customers understand
their responsibilities regarding configuration security.

## **Impact**
Customer applications could be configured to improperly route AWS API
calls to non-existent or non-AWS hosts. While the SDK was functioning
safely within the requirements of the shared responsibility model,
additional safeguards have been added to support secure customer
implementations.

**Impacted versions**: All versions prior to [November 6, 2025
release](https://redirect.github.com/awslabs/aws-sdk-rust/releases/tag/release-2025-11-06)

## **Patches**
On November 6, 2025, an enhancement [1] was made to the AWS SDK for Rust
release, which validates the formatting of a region, providing
additional safeguards.

## **Workarounds**
No workarounds are needed, but as always developers should ensure that
their application is following security best practices:
- Implement proper input validation in your application code
- Update to the latest AWS SDK for Rust release on a regular basis
- Follow AWS security best practices [2] for SDK configuration

## **References**
Contact AWS Security via the vulnerability reporting page or email
[aws-security@amazon.com](mailto:aws-security@amazon.com).

## **Acknowledgement**
AWS Security thanks Guy Arazi for bringing these customer security
considerations to our attention through the coordinated disclosure
process.

[1]
[https://github.com/smithy-lang/smithy-rs/pull/4383](https://redirect.github.com/smithy-lang/smithy-rs/pull/4383)
[2] https://docs.aws.amazon.com/sdk-for-rust/latest/dg/security.html

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [aws-sdk-kinesis](https://redirect.github.com/awslabs/aws-sdk-rust) |
dependencies | minor | `1.91.0` → `1.95.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[GHSA-g59m-gf8j-gjf5](https://redirect.github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-g59m-gf8j-gjf5)

## **Summary**
This notification is related to the use of specific values for the
region input field when calling AWS services. An actor with access to
the environment in which the SDK is used could set the region input
field to an invalid value.

A defense-in-depth enhancement has been implemented in the AWS SDK for
Rust. This enhancement validates that a region used to construct an
endpoint URL is a valid host label. The change was released on November
6, 2025. This advisory is informational to help customers understand
their responsibilities regarding configuration security.

## **Impact**
Customer applications could be configured to improperly route AWS API
calls to non-existent or non-AWS hosts. While the SDK was functioning
safely within the requirements of the shared responsibility model,
additional safeguards have been added to support secure customer
implementations.

**Impacted versions**: All versions prior to [November 6, 2025
release](https://redirect.github.com/awslabs/aws-sdk-rust/releases/tag/release-2025-11-06)

## **Patches**
On November 6, 2025, an enhancement [1] was made to the AWS SDK for Rust
release, which validates the formatting of a region, providing
additional safeguards.

## **Workarounds**
No workarounds are needed, but as always developers should ensure that
their application is following security best practices:
- Implement proper input validation in your application code
- Update to the latest AWS SDK for Rust release on a regular basis
- Follow AWS security best practices [2] for SDK configuration

## **References**
Contact AWS Security via the vulnerability reporting page or email
[aws-security@amazon.com](mailto:aws-security@amazon.com).

## **Acknowledgement**
AWS Security thanks Guy Arazi for bringing these customer security
considerations to our attention through the coordinated disclosure
process.

[1]
[https://github.com/smithy-lang/smithy-rs/pull/4383](https://redirect.github.com/smithy-lang/smithy-rs/pull/4383)
[2] https://docs.aws.amazon.com/sdk-for-rust/latest/dg/security.html

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [aws-sdk-s3](https://redirect.github.com/awslabs/aws-sdk-rust) |
dependencies | minor | `1.108.0` → `1.112.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[GHSA-g59m-gf8j-gjf5](https://redirect.github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-g59m-gf8j-gjf5)

## **Summary**
This notification is related to the use of specific values for the
region input field when calling AWS services. An actor with access to
the environment in which the SDK is used could set the region input
field to an invalid value.

A defense-in-depth enhancement has been implemented in the AWS SDK for
Rust. This enhancement validates that a region used to construct an
endpoint URL is a valid host label. The change was released on November
6, 2025. This advisory is informational to help customers understand
their responsibilities regarding configuration security.

## **Impact**
Customer applications could be configured to improperly route AWS API
calls to non-existent or non-AWS hosts. While the SDK was functioning
safely within the requirements of the shared responsibility model,
additional safeguards have been added to support secure customer
implementations.

**Impacted versions**: All versions prior to [November 6, 2025
release](https://redirect.github.com/awslabs/aws-sdk-rust/releases/tag/release-2025-11-06)

## **Patches**
On November 6, 2025, an enhancement [1] was made to the AWS SDK for Rust
release, which validates the formatting of a region, providing
additional safeguards.

## **Workarounds**
No workarounds are needed, but as always developers should ensure that
their application is following security best practices:
- Implement proper input validation in your application code
- Update to the latest AWS SDK for Rust release on a regular basis
- Follow AWS security best practices [2] for SDK configuration

## **References**
Contact AWS Security via the vulnerability reporting page or email
[aws-security@amazon.com](mailto:aws-security@amazon.com).

## **Acknowledgement**
AWS Security thanks Guy Arazi for bringing these customer security
considerations to our attention through the coordinated disclosure
process.

[1]
[https://github.com/smithy-lang/smithy-rs/pull/4383](https://redirect.github.com/smithy-lang/smithy-rs/pull/4383)
[2] https://docs.aws.amazon.com/sdk-for-rust/latest/dg/security.html

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Tackling this as I noticed a bug in the agent panel where the button to
delete a thread, which appeared only on hover, stopped showing up. PRs
#43324 and #45437 fixed stuff in applying hover styles through
`.hover()` but broke the `.on_hover()` callback. Problem was that both
methods were sharing the same `element_state.hover_state` but running at
different phases. The solution here was to add a new independent state
field for the hover listener (`hover_listener_state`) while the hover
style method keeps using `hover_state`.

Release Notes:

- Agent: Fixed a bug where the button to delete a thread stopped showing
up.

This PR removes the const generics limitation from the data table
component, enabling tables with a dynamic number of columns determined
at runtime.

**Context:**  
This is the next infrastructure step split out from the [original CSV
preview draft PR](https://github.com/zed-industries/zed/pull/44344). The
draft PR remains open as a reference and will continue to be decomposed
into smaller, reviewable pieces.

**Details:**  
- Introduces a `TableRow` newtype to enforce column count invariants at
runtime, replacing the previous const generic approach. It's api surface
is larger than is currently used, as it's planned to be used in CSV
feature itself.
- Refactors the data table and all usages (including the keymap editor)
to work with runtime column counts.
- This change is foundational for supporting CSV preview and other
features that require flexible, dynamic tables.
- Performance impact has not been formally measured, but there is no
noticeable slowdown in practice.

---

Release Notes:
- N/A (internal infrastructure change, no user impact)

---------

Co-authored-by: Anthony Eid <anthony@zed.dev>

Adds granular per-tool permission settings for the Zed agent with
regex-based rules.

Release Notes:

- N/A

---------

Co-authored-by: Amp <amp@ampcode.com>

Release Notes:

- N/A

---------

Co-authored-by: Oleksiy Syvokon <oleksiy.syvokon@gmail.com>
Co-authored-by: Agus Zubiaga <agus@zed.dev>
Co-authored-by: Ben Kunkle <ben@zed.dev>

Just some housekeeping UI clean up on the configuration instructions for
Bedrock.

Release Notes:

- N/A

Whoops

Release Notes:

- N/A

Some code got added to `workspace` that prevents us from running tests
for the `edit_prediction(cli)` crates specifically without the
`test-support` feature flag.

Release Notes:

- N/A

Co-authored-by: Ben Kunkle <ben@zed.dev>

One _character_ change to fix the dividing border in the agent panel's
profile tooltip. 😬

Release Notes:

- N/A

This PR fixes visual tests to use the actual Zed fonts (IBM Plex Sans /
Lilex) instead of Courier.

Release Notes:

- N/A

Closes #45776

It didn't enable multiline mode before `¯\_(ツ)_/¯`. If there is a reason
this fix won't work please let me know but it seems like this one was
just an easy fix.

Release Notes:
- Improved multiline regex behavior

Release Notes:

- N/A

---------

Co-authored-by: Yara <yara@zed.dev>