Replace the blanket /var/folders read-write path with the resolved $TMPDIR
environment variable, which points to the per-user, per-session temp
directory (e.g. /private/var/folders/xx/xxxx/T/). This prevents the sandbox
from granting read-write access to all users' temp files on the system.

Bash process substitution (e.g. <(command)) creates FIFOs under
/proc/self/fd/ that need write access. Change from fs_read() to fs_all()
so these FIFOs can be written to by the shell.

Move the hardcoded dotfile lists from sandbox_macos.rs and sandbox_linux.rs
into shared constants (READ_ONLY_DOTFILES, READ_WRITE_DOTFILES) on
SandboxConfig so both platform implementations use the same canonical list
in the same order.

Add .bash_history and .zsh_history as READ_WRITE_DOTFILES so shells can
persist command history without silent failures or error messages.

Extract sandbox code from the terminal crate into the dedicated sandbox crate,
adding always-on process tracking for reliable terminal cleanup.

Phase 1 - Crate extraction:
- Move sandbox_exec, sandbox_macos, sandbox_linux, sandbox_tests to sandbox crate
- Move SandboxConfig, ResolvedSystemPaths from terminal_settings to sandbox crate
- Add SandboxConfig::resolve_if_enabled() shared helper, replacing duplicated
  resolution logic in project and acp_thread crates
- Terminal crate re-exports types for backward compatibility

Phase 2 - Session fingerprint (macOS):
- Add SessionFingerprint type with UUID-based marker directories
- Add FFI bindings for sandbox_check() for process identification
- Embed fingerprint rules in SBPL profiles (placed last for correct priority)
- Add fingerprint-only profile for tracking without restrictions
- Support both profile modes in sandbox_exec_main()

Phase 3 - Convergent cleanup (macOS):
- Add process enumeration via libproc APIs (proc_listallpids + proc_pidinfo)
- Implement kill_all_processes() scan-and-kill loop: killpg then repeatedly
  enumerate by UID, skip zombies, filter by fingerprint, SIGKILL matches
- Add SessionTracker platform-agnostic wrapper
- Terminal::Drop now spawns a dedicated cleanup thread

Phase 4 - cgroups v2 (Linux):
- Add CgroupSession type under systemd user slice
- Support atomic kill via cgroup.kill with fallback to iterating cgroup.procs
- Graceful degradation when cgroups unavailable

Phase 5 - Always-on wrapper:
- TerminalBuilder::new() always creates SessionTracker and wraps shell
- SandboxExecConfig carries fingerprint_uuid, cgroup_path, tracking_only
- Disabled in test mode (test binary doesn't handle --sandbox-exec)

Phase 7 - Code review fixes:
- Change (allow signal) to (allow signal (target children))
- Propagate current_exe() error with ? instead of silent fallback
- Replace let _ = write!(...) with .unwrap()
- Add tests for additional_executable_paths and canonicalize_paths with symlinks

Add a new sandbox crate as the future home for OS-level sandboxing code
(currently in the terminal crate). The README documents:

- Always-on process tracking for reliable cleanup, even without sandbox
  restrictions configured
- macOS: convergent cleanup using Seatbelt sandbox fingerprinting with
  sandbox_check() to find escaped processes, replacing the current
  killpg + timer approach
- macOS: two-point fingerprint design (allow/deny sibling paths) that
  uniquely identifies session processes without false positives
- Linux: cgroups v2 for inescapable process lifetime management
- Signal scoping rationale ((target children) vs bare (allow signal))
- Alternatives considered and rejected: audit sessions, Endpoint
  Security, XNU coalitions, temp copies, symlinks, setsid blocking, VMs

Tests now go through the complete production path:
SandboxConfig → SandboxExecConfig → JSON → parse → SandboxConfig →
canonicalize → env_clear().envs(filtered) → pre_exec sandbox → exec.

Landlock now returns hard errors for PartiallyEnforced and NotEnforced
instead of silently running unsandboxed. If the user opted into
sandboxing and the kernel can't enforce it, the terminal must not spawn.

This PR makes the "Open Project" button in the sidebar also open the
"Recent Projects" popover, while also anchoring that popover to the the
button on the sidebar instead.

Release Notes:

- N/A

Closes #ISSUE

Before you mark this PR as ready for review, make sure that you have:
- [ ] Added a solid test coverage and/or screenshots from doing manual
testing
- [ ] Done a self-review taking into account security and performance
aspects
- [ ] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Release Notes:

- N/A

---------

Co-authored-by: Ben Kunkle <ben@zed.dev>

Follow-up https://github.com/zed-industries/zed/pull/51090

Adds workspace error notifications for project panel drag-and-drop moves
that fail on rename conflicts.

Release Notes:

- N/A

Release Notes:

- Fixed code block scrollbars flashing on vertical scroll


before:

When there are many code blocks, scrolling through markdown will display
a horizontal scrollbar (when the mouse is not inside a code block).


https://github.com/user-attachments/assets/1fae36ec-5a3f-4283-b54f-e5cb4f45646b




after:

When scrolling markdown, do not display the horizontal scrollbar when
the mouse is not in a code block.


https://github.com/user-attachments/assets/0c0f2016-9b18-4055-87a6-4f508dbfd193

---------

Signed-off-by: Xiaobo Liu <cppcoffee@gmail.com>

These are edge cases, but there are a few ways you can get into a state
where you are setting favorites for registry agents and we don't have
the setting yet. This prioritizes `type: registry` for agents that we
have in the registry, especially the previous built-ins.

Release Notes:

- N/A

Closes #46661

This PR changes `fs.rename` to use the platform’s atomic no-overwrite
rename on all platforms when `overwrite` is `false`. This fixes a case
where concurrent renames to the same target could race past a separate
metadata check and end up overwriting each other.

In Project Panel, we can still rename entries in parallel without
worrying about OS internals not handling it correctly or making these
renames sequential.

Release Notes:

- Fixed an issue in the Project Panel where conflicting file moves could
overwrite each other instead of leaving the losing file in place.

This PR takes a different approach to permissions for
assign-reviewers.yml and better filters external PRs for now.

Before you mark this PR as ready for review, make sure that you have:
- ~~[ ] Added a solid test coverage and/or screenshots from doing manual
testing~~
- [x] Done a self-review taking into account security and performance
aspects
- ~~[ ] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)~~

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Release Notes:

- Fixed ability to select audio input/output devices for legacy
(non-experimental/rodio-enabled) audio.

Add custom `Deserialize` implementations for `AgentType` and
`ExternalAgent` to map old built-in variant names to current custom
agent names, while still accepting current serialized formats.

Release Notes:

- N/A

This pull request adds a new GitHub Actions workflow to automate
reviewer assignment for pull requests. The workflow leverages the
`codeowner-coordinator` repository to intelligently assign the most
relevant teams as reviewers based on the changes in the PR. This should
streamline the review process and ensure the right teams are notified.

**Automated Reviewer Assignment Workflow:**

* Introduced `.github/workflows/assign-reviewers.yml`, a workflow that
triggers on PR open and ready-for-review events to assign 1-2 relevant
teams as reviewers using a script from the
`zed-industries/codeowner-coordinator` repository.
* The workflow checks out the coordinator repo, sets up Python, installs
dependencies, and runs the assignment script with the necessary
environment variables.
* Reviewer assignment is only performed for PRs originating from within
the organization for now.
* The output of the reviewer assignment step is maintained as an Actions
artifact for later inspection or debugging.

Closes #ISSUE

Before you mark this PR as ready for review, make sure that you have:
- [ ] ~~Added a solid test coverage and/or screenshots from doing manual
testing~~
- [x] Done a self-review taking into account security and performance
aspects
- [ ] ~~Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)~~

Release Notes:

- N/A

The "Expand All Files"/"Collapse All Files" button in `BufferSearchBar`
was broken for `SplittableEditor`, which is used in the project diff
view. It was happening because `ProjectDiff::as_searchable` returns an
handle to the `SplittableEditor`, which the search bar implementation
then tries to downcast to an `Editor`, which the `SplittableEditor` did
not support, so both the expand/collapse all buttons, as well as the
collapse state were broken.

Unfortunately this was accidentally introduced in
https://github.com/zed-industries/zed/pull/48773 , so this Pull Request
updates the `Item` implementation for `SplittableEditor` in order for it
to be able to act as an `Editor`.

Release Notes:

- Fix the "Expand All Files"/"Collapse All Files" button in the project
diff view

---------

Co-authored-by: Tom Houlé <tom@tomhoule.com>

Fixes #50835

### Problem :
The "View AI Settings" button on the Welcome page was always rendered
regardless of the disable_ai setting. This made it visible (and
non-functional) for users who had AI disabled, which was confusing.

### Fix :
- Adds an optional visibility: Option<fn(&App) -> bool> predicate field
to SectionEntry
- At render time, Section::render uses filter_map to skip entries whose
predicate returns false.
- The "View AI Settings" entry is given a predicate that checks
!DisableAiSettings::get_global(cx).disable_ai, matching the same pattern
used in `title_bar.rs` and `quick_action_bar.rs`.
- All other entries have visibility: None, meaning they are always shown
— no behaviour change for them.

### Video :
[Screencast from 2026-03-06
20-18-43.webm](https://github.com/user-attachments/assets/cbfab423-3ef3-41dd-a9ab-cbae055eef6e)


Release Notes:

- Fixed the "View AI Settings" button being visible on the Welcome page
despite AI features being disabled in settings.

Before you mark this PR as ready for review, make sure that you have:
- [x] Added a solid test coverage and/or screenshots from doing manual
testing
- [x] Done a self-review taking into account security and performance
aspects
- [x] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)

Release Notes:

- N/A

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Fixes a bug that causes the new large agent panel message editor
overrides the ctrl-enter keyboard shortcut to trigger the inline
assistant, rather than sending a message

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Quality-of-life improvement for us Nix users - Zed built via `nix build`
will now correctly the git commit sha in its version

<img width="433" height="298" alt="image"
src="https://github.com/user-attachments/assets/b940ee4a-6914-4410-ba20-b50391282a4e"
/>

Release Notes:

- N/A

Release Notes:

- N/A

---------

Co-authored-by: Conrad Irwin <conrad.irwin@gmail.com>

Just adding this here as an utility component given we were doing
similar things on the sidebar, thread item, and list item. It'd be
probably useful, in the near future, to give this more methods so it's
more flexible.

Release Notes:

- N/A

Closes #50995 

Before you mark this PR as ready for review, make sure that you have:
- [ ] Added a solid test coverage and/or screenshots from doing manual
testing
- [x] Done a self-review taking into account security and performance
aspects
- [x] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)

Release Notes:

- Fixed extension author's list overflow

<img width="1326" height="369" alt="image"
src="https://github.com/user-attachments/assets/4b2cf9cb-d3c3-4d71-a4fd-9436fb7b1469"
/>

---------

Co-authored-by: Danilo Leal <daniloleal09@gmail.com>

Previously we didn't distinguish between an empty `.related_files[]` and
a case where context collection hadn't run yet. As a result, context
retrieval was always attempted for examples with empty `related_files`.

Release Notes:

- N/A

This PR adjusts the "View More" button in the sidebar to expose threads
in batches of 5. Once you've expanded the whole available set, a button
to collapse the list back to the default number appears at the bottom.
Similarly, as soon as you expand the list even once, a button in the
group header shows up that does the same thing.

No release notes because this is still under feature flag.

Release Notes:

- N/A

Release Notes:

- N/A

Related to AI-79.

Release Notes:

- N/A

Closes #ISSUE

Before you mark this PR as ready for review, make sure that you have:
- [ ] Added a solid test coverage and/or screenshots from doing manual
testing
- [ ] Done a self-review taking into account security and performance
aspects
- [ ] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Touching up the scenario in which the project header label is too big.
This uses the same gradient overlay treatment we're using for the thread
item component.

Release Notes:

- N/A

Extract data table modules into separate files

This PR extracts the `tests` and `table_row` modules from
`data_table.rs` into separate files to improve code organization. This
is preparatory work for the upcoming column width API rework (#2 in the
series), where separating mechanical changes from logical changes will
make the review easier.

The extraction was performed using rust-analyzer's "Extract module to
file" command.

**Context:**

This is part 1 of a 3-PR series improving data table column width
handling:
1. **This PR**: Extract modules into separate files (mechanical change)
2. [#51060](https://github.com/zed-industries/zed/pull/51060) -
Introduce width config enum for redistributable column widths (API
rework)
3. Implement independently resizable column widths (new feature)

The series builds on previously merged infrastructure:
- [#46341](https://github.com/zed-industries/zed/pull/46341) - Data
table dynamic column support
- [#46190](https://github.com/zed-industries/zed/pull/46190) - Variable
row height mode for data tables

Primary beneficiary: CSV preview feature
([#48207](https://github.com/zed-industries/zed/pull/48207))

Release Notes:

- N/A

This will help with test times (in some cases), as nextest cannot figure
out whether a given rdep is actually an alive edge of the build graph

Closes #ISSUE

Before you mark this PR as ready for review, make sure that you have:
- [ ] Added a solid test coverage and/or screenshots from doing manual
testing
- [ ] Done a self-review taking into account security and performance
aspects
- [ ] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)

Release Notes:

- N/A

This PR adds an action and keybinding to trigger the worktree dropdown
in the agent panel. This is still under a feature flag, so no release
notes yet.

Release Notes:

- N/A

Fixes ZED-517

Can be reproed by:

    Going into server options of the last server on your list.
    selecting "Remove server".
Clicking on the button AND issuing menu::Confirm action at the same time
(well, roughly the same time).

The result: OS pop-up is issued twice; if the user does confirm twice,
that's when that panic is hit.

Closes #ISSUE

Before you mark this PR as ready for review, make sure that you have:
- [ ] Added a solid test coverage and/or screenshots from doing manual
testing
- [ ] Done a self-review taking into account security and performance
aspects
- [ ] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)

Release Notes:

- Fixed a potential crash when deleting SSH servers too eagerly.

Add a `git::RestoreAndNext` action that restores the diff hunk at the
cursor and advances to the next hunk. In the git diff view, the default
restore keybinding (`cmd-alt-z` on macOS, `ctrl-k ctrl-r` on
Linux/Windows) is remapped to this action so users can quickly restore
hunks in sequence. Also refactor `go_to_hunk_before_or_after_position`
to accept a `wrap_around` parameter, eliminating duplicated
hunk-navigation logic in `do_stage_or_unstage_and_next` and
`restore_and_next`.

Release Notes:

- Added a `git: restore and next` action that restores the diff hunk at
  the cursor and moves to the next one. In the git diff view, the
  default restore keybinding (`cmd-alt-z` on macOS, `ctrl-k ctrl-r` on
  Linux/Windows) now triggers this action instead of `git: restore`.

---------

Co-authored-by: Afonso <4775087+afonsograca@users.noreply.github.com>

This adds checks to the extension CLI to ensure that tasks and semantic
token rules are actually valid for the compiled extensions.

Release Notes:

- N/A

Release Notes:

- N/A

Before if a user requested a manual update check while an automatic one
was going we were not showing the update status as automatic ones force
hide them. Now requesting a manual check while an automatic one is
already going will instead make it visible.


Release Notes:

- N/A *or* Added/Fixed/Improved ...

In `BlockMap::sync`, blocks within an edited region are sorted and
processed sequentially. Each block placement computes
`rows_before_block` by subtracting `new_transforms.summary().input_rows`
from the block's target position. The `Near`/`Below` cases have a guard
that skips the block if the target is already behind the current
progress, but `Above` and `Replace` were missing this guard.

When a `Replace` block (tie_break 0) is processed before an `Above`
block (tie_break 1) at the same or overlapping position, the `Replace`
block consumes multiple input rows, advancing `input_rows` past the
`Above` block's position. The subsequent `position - input_rows`
subtraction underflows on `u32`, producing a huge `RowDelta` that wraps
`wrap_row_end` past `wrap_row_start`, creating an inverted range that
propagates through the display map layers and panics as `begin <= end
(47 <= 0)` in a rope chunk slice.

Add underflow guards to `Above` and `Replace`, matching the existing
pattern in `Near`/`Below`.

Release Notes:

- Fixed a source of underflowing subtractions causing spurious panics

Fixes ZED-5M9

No test as I couldn't quite reproduce this, as the cause is mostly a
guess

Release Notes:

- Fixed a panic in `lsp_symbols_at_cursor` when dealing with diff hunks

- Add (literal "/") rule to SBPL for root directory path resolution
- Add /private/var/select read access for macOS shell selector symlink
- Canonicalize tempdir paths in tests to match SBPL canonical paths
- Set working directory in sandboxed child processes to project dir
- Fix env var filtering test: extra_env now subject to filtering
- Restrict test config read-write paths to /dev and /tmp only (not
  /var/folders) so sibling temp dirs can test sandbox enforcement

All 27 sandbox tests now pass.

Adds crates/terminal/src/sandbox_tests.rs with:
- Unit tests for SandboxExecConfig serialization roundtrip
- Unit tests for SandboxConfig::from_settings defaults and tilde expansion
- macOS SBPL profile generation tests (escaping, structure, path scoping)
- Integration tests using real kernel sandbox enforcement:
  - rm -rf blocked outside project
  - Writes succeed inside project directory
  - Reads blocked outside project
  - additional_read_write_paths grants access
  - additional_read_only_paths allows read, blocks write
  - Environment variable filtering
  - Network blocking (macOS)
  - Basic echo succeeds under sandbox

Some integration tests currently fail due to sandbox being too
restrictive for child process execution - to be debugged next.

An empty PathBuf could produce unpredictable sandbox rules. Using
"." ensures canonicalize_paths() can resolve it to a real absolute
path.

Instead of unsafely removing disallowed env vars from the process
environment, collect the allowed vars and pass them via env_clear()
and envs() on the exec Command. This is thread-safe, simpler, and
eliminates the unsafe block entirely.