Closes #48596

Release Notes:

- N/A

Fixes #36818

Release Notes:

- Added new `global_lsp_settings.request_timeout` setting to configure
the maximum timeout duration for LSP-related operations.

Code inspired by [prior
implementation](https://github.com/zed-industries/zed/pull/38443),
though with a few tweaks here & there (like using `serde:default` and
keeping the pre-defined constant in the LSP file).

---------

Co-authored-by: Kirill Bulatov <mail4score@gmail.com>
Co-authored-by: Kirill Bulatov <kirill@zed.dev>

re: https://github.com/zed-industries/zed/pull/48624
using the UI font could cause a visual bug when the cursor was over the
folded text
before:
<img width="191" height="48" alt="image"
src="https://github.com/user-attachments/assets/def0be7d-6fb3-4890-be47-cafee67558a3"
/>
after:
<img width="194" height="47" alt="image"
src="https://github.com/user-attachments/assets/a9b6fb8b-5646-4bd5-9108-b6f792f4571e"
/>

changing the color is of course just opinionated but i think it looks
better and makes more sense as a placeholder

Release Notes:

- N/A

This PR updates the deprecated `rootPath` field in the LSP
`InitializeParams` for backwards compatibility with language servers
that still rely on this field.

### Issue

Some language servers (notably the Salesforce Apex Language Server) only
read from the deprecated `rootPath` field in the LSP initialize request
and do not use `rootUri` or `workspaceFolders`.

When Zed sends `root_path: None`, these language servers fail to
initialize because they cannot determine the workspace root.

Example error from the Apex Language Server:
```
NullPointerException
  at apex.jorje.lsp.impl.db.nddb.NdApexIndex.getToolsStoragePath(NdApexIndex.java:723)
```

The Apex LSP's initialize handler does:
```java
serverSetup.setRootPath(params.getRootPath());
```

VSCode's LanguageClient sends both `rootPath` and `rootUri` for
backwards compatibility:

https://github.com/microsoft/vscode-languageserver-node/blob/main/client/src/common/client.ts#L1434

### Fix

Derive `rootPath` from the existing `root_uri` field when building the
initialize params. The LSP spec states that if both `rootPath` and
`rootUri` are provided, `rootUri` wins, so this change should be
backwards compatible and won't affect language servers that properly use
`rootUri`<sup>(1)</sup>.


---

(1) [LSP Specification -
InitializeParams](https://microsoft.github.io/language-server-protocol/specifications/lsp/3.17/specification/#initializeParams)
- notes that `rootPath` is deprecated in favor of `workspaceFolders`,
but for backwards compatibility it should still be provided when
possible.


Release Notes:

- Improved compatibility with legacy language servers

Follow-up of https://github.com/zed-industries/zed/pull/48611

Release Notes:

- N/A

This PR hardens the authorization flow for all file and directory tools.

## Sensitive settings protection

All file/directory tools (copy, move, create_directory, delete, save,
edit, streaming_edit) now detect and protect sensitive settings paths:
- Paths inside `.zed/` directories (local settings)
- Paths inside the global config directory (`~/.config/zed/` or
equivalent)

Even when the global default is `allow`, modifications to these paths
require explicit confirmation. The authorization dialog title is
annotated with "(local settings)" or "(settings)" to inform the user.

`sensitive_settings_kind` walks up ancestor directories to handle paths
where intermediate subdirectories don't exist yet (e.g.
`~/.config/zed/new_subdir/evil.json`).

## Deferred filesystem operations

Copy, move, create_directory, and delete tools now defer all
project/filesystem operations until after the user authorizes the
action. Previously, some tools began resolving project paths or
traversing directories before authorization.

## streaming_edit_file permissions

`streaming_edit_file` now shares `edit_file`'s tool name for permission
checks, ensuring consistent permission rules between the two edit tool
variants. The duplicated authorization logic is replaced by a shared
`authorize_file_edit` function.

## Copy/move pattern extraction

Copy and move tools now include both source and destination paths in
their permission context (`input_value`). The always-allow pattern is
extracted from the common parent directory of both paths, ensuring the
pattern covers future checks against both.

## Save tool improvements

- Authorization title now shows only the paths that need confirmation,
not all paths
- Title is annotated with "(local settings)" or "(settings)" for
sensitive paths

Release Notes:

- File and directory tool operations now require confirmation before
modifying sensitive settings paths.

Builds on top of #48620 to add explicit test coverage for the exact
bypass scenarios reported by users:

- `rm -rf /etc/../` — path traversal via single parent dir that
normalizes to `/`
- `rm -rf --no-preserve-root /` — long flag without `=value` that could
bypass the old regex
- `rm --no-preserve-root -rf /` — long flag positioned before short
flags
- `rm / -rf --no-preserve-root` — trailing long flag without `=value`
after the path operand
- `sudo rm -rf /`, `sudo rm -rf /*`, `sudo rm -rf --no-preserve-root /`
— sudo-prefixed variants

All of these cases are already correctly blocked by the hardened regex
patterns and path normalization logic added in #48620. These tests
confirm that the reported bypasses are addressed and guard against
regressions.

Release Notes:

- N/A

Release Notes:

- N/A

This PR improves the shell command parser to correctly handle I/O
redirects, here-documents, and compound command constructs. Previously,
commands hidden inside redirect targets, here-document bodies, or
function definition redirects could go undetected by the permission
system.

## Changes

- **Redirect handling**: Capture I/O redirects on simple commands,
compound commands (`if`/`while`/`for`/`case`/subshells/brace groups),
and function definitions
- **Nested command extraction**: Extract commands from redirect file
targets (e.g. `> $(dangerous_cmd)`) and here-document bodies
- **Bare redirect rejection**: Return `None` for bare redirects with no
command name (e.g. `> /etc/passwd`), which forces confirmation
- **Compound command redirects**: Apply redirects on compound commands
to their inner body commands
- **Fail-closed error handling**: `extract_commands_from_word` and
`normalize_word_piece_into` now return `None` on parse failures instead
of silently succeeding
- **Test coverage**: Extensive tests for quoted redirect targets,
no-space redirects, clobber operators, fd-to-fd redirects, pipe+redirect
combinations, function definition redirects, and more

Release Notes:

- Improved shell command parsing to correctly detect commands hidden in
I/O redirects, here-documents, and compound command constructs.

MCP tool names can contain colons (e.g. `mcp:server:tool`), which broke
the `splitn(3, ':')` parsing of always-allow/always-deny pattern option
IDs. This switches to newline (`\n`) as the delimiter between tool name
and pattern, since newlines cannot appear in either component.

## Changes

- **Option ID format**: Changed from
`always_allow_pattern:{tool}:{pattern}` to
`always_allow_pattern:{tool}\n{pattern}`
- **Response parsing**: Replaced `splitn(3, ':')` with `strip_prefix` +
`split_once('\n')`
- **Error logging**: Added `log::error!` when pattern parsing fails
(previously silent)
- **Tests**: Updated test assertions in `agent` and `agent_ui` crates

No release notes because granular tool permissions are still
feature-flagged.

Release Notes:

- N/A

This PR hardens the terminal tool's hardcoded security rules for
destructive commands like `rm -rf /`, and adds path normalization to
prevent traversal-based bypasses.

## Path normalization

Adds `normalize_path` which resolves `..`, `.`, and redundant path
separators, and `decide_permission_for_path` which checks permissions
against both raw and normalized paths (taking the most restrictive
result). This prevents attacks like `rm -rf /tmp/../../` which
previously bypassed the `rm -rf /` rule.

## rm command expansion

Adds `expand_rm_to_single_path_commands` which splits multi-argument rm
commands into individual single-path commands for checking. This catches
cases like `rm -rf /tmp /` where the dangerous path is the second
argument.

## Regex hardening

- **FLAGS**: Now accepts digits, underscores, and uppercase in long
flags (e.g. `--no-preserve-root`)
- **`--flag=value`**: Correctly matched as a single flag token  
- **Trailing flags**: Handles GNU rm's acceptance of flags after path
operands (e.g. `rm / -rf`)
- **`--` marker**: Detects end-of-options bypass attempts (e.g. `rm -rf
-- /`)
- **Whitespace**: Handles tabs and other whitespace, not just spaces

## `$HOME`/`${HOME}` handling

Normalizes the suffix after `$HOME`/`${HOME}` variable references so
that traversal attacks like `rm -rf $HOME/./` or `rm -rf ${HOME}/foo/..`
are correctly detected.

Release Notes:

- Strengthened terminal security rules to detect path traversal attacks
in destructive commands like `rm -rf`.

The two `unbounded_send` calls in `ToolCallEventStream`'s authorize
methods were using `.ok()` to silently discard send failures. This meant
that if the authorization channel was closed, the tool call would hang
indefinitely waiting for a response that would never come.

## Changes

- Both `authorize_third_party_tool` and `authorize` methods now use `if
let Err(error)` to detect send failures
- On failure, logs the error with `log::error!` and returns
`Task::ready(Err(...))` so callers get immediate, meaningful feedback

Release Notes:

- Tool authorization failures are now logged and reported instead of
being silently ignored.

Fine-grained tool streaming is now [generally available on all models
and
platforms](https://platform.claude.com/docs/en/release-notes/overview#february-5-2026)
as of February 5, 2026, so the `fine-grained-tool-streaming-2025-05-14`
beta header is officially listed as no longer needed.

See
https://github.com/zed-industries/zed/pull/48508#discussion_r2773653965

Release Notes:

- N/A

Closes #ISSUE

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Closes #ISSUE

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Follow-up of https://github.com/zed-industries/zed/pull/48611

Release Notes:

- N/A

This PR cleans up some `Cargo.toml` files after #48602.

Release Notes:

- N/A

- **build: remove assistant_slash_commands dependency in
assistant_text_thread**
- **diagnostics: Do not depend on search**
- **Remove terminal_view's dependency on search**
- **sever breadcrumbs <-> editor dep (for the sake of terminal_view)**

Release Notes:

- N/A

This PR updates the model selector to highlight the latest models that
are available through the Zed provider:

<img width="388" height="477" alt="Screenshot 2026-02-06 at 1 46 41 PM"
src="https://github.com/user-attachments/assets/70760399-ecf6-46e3-80a7-cb998216c192"
/>

Closes CLO-205.

Release Notes:

- Added a "Latest" indicator to highlight the latest models available
through the Zed provider.

Taking out unnecessary icons and description text, too!

Release Notes:

- N/A

Closes https://github.com/zed-industries/zed/issues/28091

Off in language settings by default: ` "lsp_folding_ranges": "off",`,
when enabled, disables tree-sitter indent-based folding and enables
fetching of LSP ones instead.
Falls back to tree-sitter if LSP-based one brings no results.

Release Notes:

- Added `textDocument/foldingRange` LSP support, use `
"lsp_folding_ranges": "on",` language settings to fetch and prefer the
LSP folds

Closes #ISSUE

Release Notes:

- Fixed an issue where the `git: diff` action would not respect the
active worktree

* split more logic away into its own modules for document colors, code
lens and inlay hints
* remove unnecessary cache_version for document colors

Release Notes:

- N/A

Previously, some settings migrations only operated on root-level keys
and missed settings nested under platform keys (`macos`, `linux`, etc.),
channel keys (`nightly`, `stable`, etc.), or profile blocks. This fixes
migrations to recurse into those nested locations.

Also fixes `m_2026_02_02` to gracefully skip when `edit_predictions` is
not an object (e.g. `true`) instead of bailing and aborting the entire
migration chain.

Release Notes:

- Fixed settings migrations to correctly handle settings nested under
platform, channel, or profile keys.

This PR adds support for setting the reasoning effort for OpenAI models
through the Zed provider.

This is gated behind the `cloud-thinking-effort` feature flag.

Release Notes:

- N/A

Co-authored-by: Tom Houlé <tom@tomhoule.com>

In `streaming_edit_file_tool.rs`, edits are sorted in reverse order and
applied sequentially. If the LLM produces overlapping edit ranges, the
first applied edit shifts the buffer, and the second edit's range
targets stale offsets, leading to incorrect results.

This adds a `windows(2)` check on the sorted (descending by start) edits
that verifies each earlier-in-file range's end does not exceed the next
later-in-file range's start. The validation is done before entering the
buffer update closure so the error can propagate cleanly via
`anyhow::bail!`.

Release Notes:
- Fixed bug where streaming edits could apply edits incorrectly if the
model requested overlapping edit regions.

This PR renames the `cloud-thinking-toggle` feature flag to
`cloud-thinking-effort`.

This feature flag has expanded slightly in scope, so we want the name to
be more representative of what it gates.

Release Notes:

- N/A

Co-authored-by: Tom Houlé <tom@tomhoule.com>

By opening the corresponding positions in the corresponding main
buffers.

Release Notes:

- N/A

Closes #41373 

Release Notes:

- Ensures that XDG specs are followed on MacOS and Linux with backwards
compatibility.

Changes
-Added ```state_dir``` to get XDG_STATE_HOME on macos and linux, no
change to windows.
-Changed ```text_threads_dir``` to a fallback,
```text_threads_dir_fallback```
-Re-implemented ```text_threads_dir``` to use ```state_dir```

---------

Co-authored-by: AdamJedl <100023363+AdamJedl@users.noreply.github.com>

This commit updates the `paths::set_custom_data_dir` implementation so
as to always canonicalize the provided `dir`, even when dealing with an
absolute path.

This ensures that we correctly deal with symlinks and don't end up not
reacting to filesystem watcher events in this specific case. For
example, when using `--user-data-dir /tmp/zed` on macOS, since `/tmp` is
a symlink to `/private/tmp`, if any setting was changed, the application
would not react, as the event would be using
`/private/tmp/zed/config/settings.json`, while the watcher would be
looking out for `/tmp/zed/config/settings.json`.

Lastly, the canonicalization of the path is now done after
`std::fs::create_dir_all` is called, in order to guarantee that the
directory already exists at that point.

Release Notes:

- N/A

Release Notes:

- Added handling of custom blocks in the RHS editor by creating matching
dummy custom blocks rendered as spacer blocks in the LHS editor when in
split view.

This PR moves `selection` from `State` to `ProjectPanel`.

In async `update_visible_entries`, the `old.selection` copied into
`new_state` was never read or updated. After async completion, we
already either set the new selection (when provided) or keep the current
selection value. So storing `selection` in `State` was redundant.

This simplifies a confusing code path without changing behavior.

Release Notes:

- N/A

Follow-up of https://github.com/zed-industries/zed/pull/46356

Before:
<img width="719" height="217" alt="image"
src="https://github.com/user-attachments/assets/64464318-3b84-4129-9a12-721aaa6ae953"
/>

After:
<img width="686" height="213" alt="image"
src="https://github.com/user-attachments/assets/1776ced1-4367-4ad0-9e60-c3661e07675e"
/>


Release Notes:

- N/A

Prep for: https://github.com/zed-industries/zed/pull/46750

Edit-state cleanup in the Project Panel was inconsistent between Escape
cancel and blur. Blurring the filename editor during file/folder
creation could clear edit state without restoring the previous
selection.

This routes both paths through the same discard flow and adds test
coverage for the blur case.

Release Notes:

- Fixed an issue where blurring the filename editor in the Project Panel
could lose the previous selection while creating a file or folder.

In combination with auto-labeling staff PRs, this makes it possible to
see the community PRs with `-label:staff -label:bot` in the search query
on https://github.com/zed-industries/zed/pulls

Release Notes:

- N/A

Modifying the existing github workflow here instead of adding a new one
because we're already triggering on the same thing (new PR opened) and
checking the same thing (staff team membership) but throwing away the
result. Another CI job doing largely the same checks seemed unnecessary.

Release Notes:

- N/A

This allows us to switch the prompt format without client-side changes.

If we want to experiment with prompt formats or models other than the
currently-deployed one, we can use the raw endpoint, and do prompt
construction and output processing on the client.

This also adds an optional environment parameter to the raw endpoint, so
that we can use that endpoint in the new scheme where we're deploying to
separate environments for different zeta prompt versions.

Release Notes:

- N/A

Closes: #48560

Release Notes:

- Fixed an issue where Zed would try to open all edited files in ~ if
your git config had a globalexludes in ~ that did not exist.

---------

Co-authored-by: Cole Miller <cole@zed.dev>

A collection of small independent fixes:

- **Visual test runner**: Replace ~20 instances of `.ok()` and `let _ =`
with `.log_err()` to avoid silently discarding errors per project
guidelines.
- **recent_projects**: Add missing `remote_connection/test-support` to
the `test-support` feature gate.
- **util/shell.rs**: Add doc comment on `supports_posix_chaining()`
explaining its relationship to tool permission pattern matching.

Release Notes:

- N/A

Reverts zed-industries/zed#48528

Release Notes:

- N/A

This PR adds the ability to set the thinking effort of a model.

Right now this only applies to Opus 4.6 through the Zed provider.

This is gated behind the `cloud-thinking-toggle` feature flag.

UI is still rough; needs a design pass:

<img width="639" height="163" alt="Screenshot 2026-02-05 at 7 45 54 PM"
src="https://github.com/user-attachments/assets/2b5a9ef8-74cd-498e-9c81-b92666572409"
/>

<img width="263" height="148" alt="Screenshot 2026-02-05 at 7 45 58 PM"
src="https://github.com/user-attachments/assets/40232cb0-1743-443b-b04c-5cd33065513d"
/>

Release Notes:

- N/A

Fixes a panic when using a search anchor from one side of a side-by-side
in the
other.

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Searching (and related vim stuff like `*`/`n`/`N`) now work in the LHS
of a
split diff.

Also fixes the bug with indent guides being visible through the spacer
checkerboard pattern.

Release Notes:

- N/A

This PR adds a new `enable_thinking` setting for the default model,
which controls whether the model uses thinking or not.

Release Notes:

- N/A

Closes #46506

Release Notes:

- Fixed an issue where the codestral URL used for credentials would be
different than the one used for requests causing authentication errors

This PR extends error telemetry coverage in the agent panel, building on
#46836 which added telemetry for thread errors.


`"Agent Panel Error Shown"` (extended)

Now also fires for:

- **Load errors** - when an agent fails to start 
- **Configuration errors** - when LLM provider setup is incomplete 

`"Agent Token Limit Warning"` (new event)

Fires when a thread approaches or exceeds its token/context limit. This
is tracked separately from errors because it's an informational warning,
not a failure.

## Implementation Notes

- All telemetry fires **once per error occurrence**, not on every render
- Load error telemetry fires in `handle_load_error()` when the error is
first received
- Token limit telemetry uses a flag to track state transitions (Normal →
Warning → Exceeded)
- Configuration error telemetry tracks the last emitted error kind to
avoid duplicates

Release Notes:

- N/A *or* Added/Fixed/Improved ...

---------

Co-authored-by: Michael Benfield <mbenfield@zed.dev>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

This PR adds a new `supported_effort_levels` method to the
`LanguageModel` trait.

This can be used to retrieve the list of effort levels that the model
supports, which will eventually be used to drive the UI for selecting
the thinking effort.

Right now this list will only be populated for Cloud models.

Release Notes:

- N/A

The provider dropdown and GitHub Copilot sign-in button were not
tab-navigable because they lacked tab_index. The copilot button
conditionally sets tab_index only when edit_prediction is true, since
it's also used in the agent configuration panel where tab navigation
isn't used.

Closes #48391

Release Notes:

- Fixed focus skipping provider dropdown and GitHub Copilot button in
edit prediction settings

Release Notes:

- N/A

Co-authored-by: Max <max@zed.dev>
Co-authored-by: Piotr <piotr@zed.dev>

Release Notes:

- N/A