Summary
- Allow write_file and edit_file to create or modify files under
~/.agents/skills.
- Keep the global skills exception constrained to that directory and
preserve existing project-path behavior.
- Document global skill file editing support in the built-in
create-skill instructions.
Tests
- cargo fmt -p agent
- cargo test -p agent global_skill_file
- cargo test -p agent
test_create_directory_allows_global_skill_directory
Release Notes:
- Fixed agent file editing for global skills
---------
Co-authored-by: Richard Feldman <oss@rtfeldman.com>
Ensures that we show the error message of the `edit_file`/`write_file`
tools in the UI
Release Notes:
- agent: Fixed an issue where errors would not show up in the UI if an
edit tool call failed
Format `read_file` tool output in `cat -n` style: each line is prefixed
with its line number right-aligned in a 6-character field, followed by a
single tab, followed by the line's original content (newlines preserved,
including CRLF). Numbering reflects the actual file lines, so a ranged
read starting at line 42 emits `42` for its first line, not `1`.
For large files, content returned by `get_buffer_content_or_outline` is
**not** prefixed:
- The symbol outline path already conveys structure via its `[L100-150]`
annotations.
- The truncated first-1KB fallback (used when a file exceeds
`AUTO_OUTLINE_SIZE` and has no parseable outline) is wrapped in a
synthetic `# First 1KB of …` header, so its lines don't correspond to
real file line numbers.
Both cases are reported via `BufferContent::is_synthetic` (renamed from
`is_outline`).
Also updates the `edit_file` tool's input doc to describe the prefix
format and tell the model to strip it before constructing `old_text` /
`new_text`, preserving the original indentation that appears after the
tab.
Updates how we render `read_file` tool call outputs in the UI
(screenshots included in comments below).
Also fixes an existing bug where `read_file` tool call outputs would not
re-render their content code block when an older thread was restored
(the tool's `replay` hook was missing).
Closes AI-226
Release Notes:
- Improved how `read_file` tool output renders in the agent panel, with
a line-number gutter, and fixed it not re-rendering on restored threads
---------
Co-authored-by: zed-zippy[bot] <234243425+zed-zippy[bot]@users.noreply.github.com>
Treat `.agents/skills/` (project-local) and `~/.agents/skills/` (global)
as **sensitive paths**, on par with `.zed/` and the global config
directory. The agent's built-in editing tools (`edit_file`,
`write_file`, `create_directory`, `delete_path`, `move_path`,
`copy_path`) now require explicit user authorization before modifying
anything inside those paths, because the contents of skill files control
agent behavior.
This protection is worth landing on its own, ahead of Zed adding its own
skills support: other agents (e.g. Claude Code) already write skill
files into these locations, so a Zed installation may already have
skills on disk that should not be silently editable by the agent.
Also tightens the **pre-existing `.zed/` check** to compare path
components case-insensitively. macOS and Windows use case-insensitive
filesystems by default, so without this fix a malicious settings author
could bypass the local-settings classifier with `.ZED/settings.json`
(the canonicalized inode would match, but the path-component comparison
would miss it). The new `.agents/skills/` check has the same hazard and
now shares a single `component_matches_ignore_ascii_case` helper with
the `.zed/` check.
Introduces the `agent_skills` crate, scoped for now to just the path
constants and helpers (`global_skills_dir`,
`project_skills_relative_path`, `SKILL_FILE_NAME`) so the
tool-permission machinery can recognize the agent skills tree without
depending on a skill discovery / parsing / loading layer. Those will
land in follow-up PRs.
Closes AI-217
Release Notes:
- Agent: Require user confirmation before letting tools modify files
inside `.agents/skills/` (per-project) or `~/.agents/skills/` (global),
so skills installed by any agent are protected from unsolicited edits
---------
Co-authored-by: MartinYe1234 <52641447+MartinYe1234@users.noreply.github.com>
Co-authored-by: Martin Ye <martinye022@gmail.com>
Co-authored-by: Danilo Leal <daniloleal09@gmail.com>
Streamline the instructions around communication, tool use, planning,
and project roots.
Remove the `now` tool and also clean up several tool descriptions.
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
---------
Co-authored-by: Bennet Bo Fenner <bennetbo@gmx.de>
Before:
1. Agent tries to edit unsaved file
2. Tool call fails with error telling the agent to ask the user to save
or discard edits
3. User types save/restore
4. Agent uses save/restore tool
https://github.com/user-attachments/assets/c94dd361-e8e0-48ee-be31-da8afe594419
After:
1. Agent tries to edit unsaved file
2. User is prompted to save/restore file
3. User accepts/rejects or saves/discards file manually
https://github.com/user-attachments/assets/1d98a0c4-4420-4426-94f2-42355de230be
Release Notes:
- agent: Improved UX when agent tries to edit unsaved buffer
---------
Co-authored-by: Ben Brandt <benjamin.j.brandt@gmail.com>
In the case where the model would respond with `new_text` before
`old_text`, we would just emit an empty `old_text`, because the parsing
layer was operating under the assumption that `old_text` occurs before
`new_text`.
We now hold back new text chunks if we receive them first, and only emit
them once old_text is complete.
In addition to that we also need to handle the case where the first
chunk contains `old_text` and `new_text`. In that case we don't know
which one of the two fields have finished streaming, since we can't rely
on the ordering anymore. Therefore we hold back all events until we
receive the full edit, and emit a single OldTextChunk (done = true) and
a single NewTextChunk (done = true)
Closes#55398
Release Notes:
- agent: Fixed an issue where editing would sometimes fail for specific
models (Deepseek v4)
Splits the edit tool into two separate tools `write_file` (previously
`mode = write`), and `edit_file` (previously `mode = edit`).
This makes the JSON schema for the `edit_tool` much simpler. We've seen
models (especially older ones) struggle with providing `mode = edit +
edits` and `mode = write + content` fields. This seems to improve eval
scores for Sonnet 4.6 slightly.
Also added two unit evals to ensure that the model uses the tool to
create new/override existing files
Release Notes:
- N/A
---------
Co-authored-by: Ben Brandt <benjamin.j.brandt@gmail.com>
Previously schemars generated oneOf variants for these enums (because we
added inline comments), making the schemas more complicated than they
had to be.
E.g. `edit_file` `mode`
Before:
```json
{
"mode": {
"description": "The mode of operation on the file. Possible values:\n- 'write': Replace the entire contents of the file. If the file doesn't exist, it will be created. Requires 'content' field.\n- 'edit': Make granular edits to an existing file. Requires 'edits' field.\n\nWhen a file already exists or you just created it, prefer editing it as opposed to recreating it from scratch.",
"oneOf": [
{
"description": "Overwrite the file with new content (replacing any existing content).\nIf the file does not exist, it will be created.",
"type": "string",
"const": "write"
},
{
"description": "Make granular edits to an existing file",
"type": "string",
"const": "edit"
}
]
}
}
```
After:
```json
{
"mode": {
"description": "The mode of operation on the file. Possible values:\n- 'write': Replace the entire contents of the file. If the file doesn't exist, it will be created. Requires 'content' field.\n- 'edit': Make granular edits to an existing file. Requires 'edits' field.\n\nWhen a file already exists or you just created it, prefer editing it as opposed to recreating it from scratch.",
"type": "string",
"enum": ["write", "edit"]
}
}
```
Release Notes:
- N/A
We did not really use it in practice (we would only display it in the
tool card header until we received a path), so as is it just wastes
tokens. Therefore removing it.
Release Notes:
- agent: Reduce token usage when LLM edits file
Ports some changes introduced in #51165 out to make merge conflicts
easier to handle.
Splits the `Pipeline` into two separate types for mode edit/write so we
don't need to maintain that invariant inside the pipeline/in the parser
Also moves the parser to be a submodule of `edit_file_tool`
Release Notes:
- N/A
Does not actually seem useful to the LLM to include `Failed to receive
tool input: ...` in the error message. We now only include the actual
error.
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Closes #ISSUE
Release Notes:
- agent: Improve reliability when LLM edits file
Testing out Niko's new SDK design
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
As part of the work that is being developed for the Project Panel's Undo
& Redo system, in
https://github.com/zed-industries/zed/tree/5039-create-redo , we're
implementing an asynchronous task queue which simply receives a message
with the operation/change that is meant to be carried out, in order to
ensure these run in a sequential fashion.
While trying to use `futures_channel::mpsc::Receiver`, it was noted that
`recv` method was not available so this Pull Request updates the
`futures` crate to `0.3.32`, where it is available.
This version also deprecates `try_next` in favor of `try_recv` so this
Pull Request updates existing callers of `try_next` to use `try_recv`,
which was mostly updating the expected return type from
`Result<Option<T>>` to `Result<T>`.
Co-authored-by: Yara <git@yara.blue>
This PR moves the `CompletionIntent` enum from the `cloud_llm_client`
crate to the `language_model` crate, as it is no longer part of the
Cloud interface.
Release Notes:
- N/A
Many editors such as vim and emacs support "modelines", a comment at the
beginning of the file that allows the file type to be explicitly
specified along with per-file specific settings
- The amount of configurations, style and settings mapping cannot be
handled in one go, so this opens up a lot of potential improvements.
- I left out the possiblity to have "zed" specific modelines for now,
but this could be potentially interesting.
- Mapping the mode or filetype to zed language names isn't obvious
either. We may want to make it configurable.
This is my first contribution to zed, be kind. I struggled a bit to find
the right place to add those settings. I use a similar approach as done
with editorconfig (merge_with_editorconfig). There might be better ways.
Closes#4762
Release Notes:
- Add basic emacs/vim modeline support.
Supersedes #41899, changes:
- limit reading to the first and last 1kb
- add documentation
- more variables handled
- add Arc around ModelineSettings to avoid extra cloning
- changed the way mode -> language mapping is done, thanks to
`modeline_aliases` language config
- drop vim ex: support
- made "Local Variables:" handling a separate commit, so we can drop it
easily
- various code style improvements
---------
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Conrad Irwin <conrad.irwin@gmail.com>
Follow-up to the terminal permission params refactor, addressing
@benbrandt's [review
feedback](https://github.com/zed-industries/zed/pull/51782#pullrequestreview-2926899804)
about string formatting leaking into the UI layer.
## Changes
### Outcome construction moved to acp_thread
- Added `PermissionOptionChoice::build_outcome(is_allow)` — builds a
`SelectedPermissionOutcome` from a choice, attaching
`SelectedPermissionParams::Terminal` when the choice carries
`sub_patterns`.
- Added
`PermissionOptions::build_outcome_for_checked_patterns(checked_indices,
is_allow)` — handles the `DropdownWithPatterns` per-command checklist
flow, returning `None` when zero patterns are checked (degrading to
once).
The UI's `authorize_with_granularity` no longer does any
`format!("always_allow:{}",...)` string formatting or
`SelectedPermissionParams` construction.
### `option_kind` folded into `SelectedPermissionOutcome`
`SelectedPermissionOutcome` now carries `option_kind:
acp::PermissionOptionKind`, eliminating the separate parameter that was
threaded through the entire `authorize_tool_call` chain:
```
ThreadView::authorize_tool_call
→ Conversation::authorize_tool_call
→ AcpThread::authorize_tool_call
```
Every signature in this chain dropped one parameter.
### `SelectedPermissionParams` removed from UI imports
The type is now only referenced by `acp_thread` (construction) and
`agent` (consumption). The UI passes `SelectedPermissionOutcome`
opaquely.
Release Notes:
- N/A
## Summary
Adds a new permission UI for terminal pipeline commands (e.g. `cargo
test | tail`) that lets users selectively always-allow individual
commands in the pipeline, rather than only offering a blanket
always-allow for the first command.
## Screenshot
<img width="464" height="293" alt="Screenshot 2026-03-18 at 3 27 48 PM"
src="https://github.com/user-attachments/assets/e027eeec-c2b3-4f73-a596-95f42a9adad2"
/>
Release notes:
- The terminal permissions UI now allows you to select individual
subcommands independently.
---------
Co-authored-by: Danilo Leal <daniloleal09@gmail.com>
Co-authored-by: Ben Brandt <benjamin.j.brandt@gmail.com>
Since the read times always correspond to an action log call anyway, we
can let the action log track this internally, and we don't have to
provide a reference to the Thread in as many tools.
Release Notes:
- N/A
---------
Co-authored-by: Bennet Bo Fenner <bennetbo@gmx.de>
Co-authored-by: MrSubidubi <dev@bahn.sh>
Removes unused `edit_agent_output` from `EditFileTool`. This makes it
easier to maintain compatibility between the `EditFileTool` and
`StreamingEditFileTool`.
Release Notes:
- N/A
This PR introduces a `ToolInput` struct which allows tools to receive
their inputs incrementally as they stream in. Right now no tool makes
use of the streaming APIs, will be used for the streaming edit file tool
in #50004
Release Notes:
- N/A
Fixes a regression introduced in #48545 (reasoning effort selector). We
saw edit file tool calls taking a long time (loading animation was
displayed, no diff) when using Opus 4.6. This was caused by Opus 4.6.
emitting thinking tokens even when the user explicitly disabled thinking
in the UI.
<img width="289" height="67" alt="image"
src="https://github.com/user-attachments/assets/090a99f8-9b07-4d25-9058-3706f9333396"
/>
In addition to the thinking tokens causing overhead, we were slowing
down file editing even more. because changing between
thinking/non-thinking between requests causes the cache to be
invalidated
([docs](https://platform.claude.com/docs/en/build-with-claude/prompt-caching#what-invalidates-the-cache)).
This PR ensures that we inherit the setting for enabling or disabling
thinking from the thread from which the edit tool was called.
Before you mark this PR as ready for review, make sure that you have:
- [x] Added a solid test coverage and/or screenshots from doing manual
testing
- [x] Done a self-review taking into account security and performance
aspects
- [x] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
Release Notes:
- Fixed an issue where editing files was taking a long time when using
Opus 4.6
---------
Co-authored-by: Zed Zippy <234243425+zed-zippy[bot]@users.noreply.github.com>
Previously we only had the ability to return anyhow errors, which
limited the amount of structured data we could send the model.
Now tools can also return structured data in the error cases, which is
super helpful for subagents in particular
Release Notes:
- N/A
It's possible that a given project/workspace has symlinks that go
outside the current directories. In order to alert the user of some
potential files the agent is accessing they may not be expecting, we ask
for permission first.
Release Notes:
- agent: Prompt for permission if the agent tries to access files whose
symlinks resolve outside the current workspace
This patch updates the description of the `edit_file` tool to recommend
models to use the `move_path` tool instead of the `terminal` tool to
move or rename files. The `move_path` tool is more specific and shall be
preferred as it provides a better UI and dedicated permissions.
Release Notes:
- N/A
This PR hardens the authorization flow for all file and directory tools.
## Sensitive settings protection
All file/directory tools (copy, move, create_directory, delete, save,
edit, streaming_edit) now detect and protect sensitive settings paths:
- Paths inside `.zed/` directories (local settings)
- Paths inside the global config directory (`~/.config/zed/` or
equivalent)
Even when the global default is `allow`, modifications to these paths
require explicit confirmation. The authorization dialog title is
annotated with "(local settings)" or "(settings)" to inform the user.
`sensitive_settings_kind` walks up ancestor directories to handle paths
where intermediate subdirectories don't exist yet (e.g.
`~/.config/zed/new_subdir/evil.json`).
## Deferred filesystem operations
Copy, move, create_directory, and delete tools now defer all
project/filesystem operations until after the user authorizes the
action. Previously, some tools began resolving project paths or
traversing directories before authorization.
## streaming_edit_file permissions
`streaming_edit_file` now shares `edit_file`'s tool name for permission
checks, ensuring consistent permission rules between the two edit tool
variants. The duplicated authorization logic is replaced by a shared
`authorize_file_edit` function.
## Copy/move pattern extraction
Copy and move tools now include both source and destination paths in
their permission context (`input_value`). The always-allow pattern is
extracted from the common parent directory of both paths, ensuring the
pattern covers future checks against both.
## Save tool improvements
- Authorization title now shows only the paths that need confirmation,
not all paths
- Title is annotated with "(local settings)" or "(settings)" for
sensitive paths
Release Notes:
- File and directory tool operations now require confirmation before
modifying sensitive settings paths.
This PR removes the `fn name()` default method from the `AgentTool`
trait (which just returned `Self::NAME`) and replaces all call sites
with direct use of the `NAME` associated constant. This lets us use it
as a single source of truth in macros that want to access it at compile
time.
This PR also replaces hardcoded tool name string literals throughout the
codebase with the corresponding `NAME` constants, so tool name
references stay in sync if a tool is renamed.
Intentionally not changed:
- **Display strings** like `"Thinking"` and `"Subagent"` (user-facing UI
labels)
- **Serde attributes** like `#[serde(rename = "thinking")]` (wire
format)
- **The test assertion** `assert_eq!(SubagentTool::NAME, "subagent")`
(replacing the literal would make it tautological)
- **MCP server names** like `"mcp:srv:terminal"` (not tool identifiers)
Release Notes:
- N/A
Many editors such as vim and emacs support "modelines", a comment at the
beginning of the file that allows the file type to be explicitly
specified along with per-file specific settings
- The amount of configurations, style and settings mapping cannot be
handled in one go, so this opens up a lot of potential improvements.
- I left out the possiblity to have "zed" specific modelines for now,
but this could be potentially interesting.
- Mapping the mode or filetype to zed language names isn't obvious
either. We may want to make it configurable.
This is my first contribution to zed, be kind. I struggled a bit to find
the right place to add those settings. I use a similar approach as done
with editorconfig (merge_with_editorconfig). There might be better ways.
Closes#4762
Release Notes:
- Add basic emacs/vim modeline support.
Supersedes #41899, changes:
- limit reading to the first and last 1kb
- add documentation
- more variables handled
- add Arc around ModelineSettings to avoid extra cloning
- changed the way mode -> language mapping is done, thanks to
`modeline_aliases` language config
- drop vim ex: support
- made "Local Variables:" handling a separate commit, so we can drop it
easily
- various code style improvements
---------
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Conrad Irwin <conrad.irwin@gmail.com>
## Problem
When subagents use the `edit_file` tool, it creates an `EditAgent` that
makes its own model request to get the edit instructions. These "nested"
requests compete with the parent subagent conversation requests for rate
limiter permits.
The rate limiter uses a semaphore with a limit of 4 concurrent requests
per model instance. When multiple subagents run in parallel:
1. 3 subagents each hold 1 permit for their ongoing conversation streams
(3 permits used)
2. When all 3 try to use `edit_file` simultaneously, their edit agents
need permits too
3. Only 1 edit agent can get the 4th permit; the other 2 block waiting
4. The blocked edit agents can't complete, so their parent subagent
conversations can't complete
5. The parent conversations hold their permits, so the blocked edit
agents stay blocked
6. **Deadlock**
## Solution
Added a `bypass_rate_limit` field to `LanguageModelRequest`. When set to
`true`, the request skips the rate limiter semaphore entirely. The
`EditAgent` sets this flag because its requests are already "part of" a
rate-limited parent request.
(No release notes because subagents are still feature-flagged.)
Release Notes:
- N/A
---------
Co-authored-by: Zed Zippy <234243425+zed-zippy[bot]@users.noreply.github.com>
Add permission checking to the remaining 7 tools that require granular
permissions:
- `edit_file`: Checks path against permission rules
- `delete_path`: Checks path against permission rules
- `move_path`: Checks both source and destination paths
- `create_directory`: Checks path against permission rules
- `save_file`: Checks all paths, denies if any are blocked
- `fetch`: Checks URL against permission rules
- `web_search`: Checks query against permission rules
Each tool follows the pattern established in PR #46155 (terminal tool):
- `Allow` = proceed without prompting
- `Deny` = return error immediately
- `Confirm` = prompt user for confirmation
The deny > confirm > allow precedence is enforced by the
`decide_permission_from_settings()` function.
Release Notes:
- N/A
---------
Co-authored-by: Amp <amp@ampcode.com>
PR #46306 changed cancellation to wait for tools to complete before
returning. This was correct behavior - it allows tools like terminal to
capture their output on cancellation. The real issue was that many tools
didn't check for cancellation, so they would continue running until they
finished.
## The Problem
When the user pressed Escape to cancel during a tool operation, tools
would continue running because they never checked for the cancellation
signal. The thread correctly waited for tools to complete (so terminal
could capture output), but tools like edit_file, grep, fetch, etc. would
just keep going.
## The Fix
Add cancellation handling to all tools using the same pattern as
`terminal_tool`: use `select!` to race between the tool's main work and
`event_stream.cancelled_by_user()`. When cancelled, tools break out of
their loops or return early.
## All Tools Now Cancellation-Aware
| Tool | Change |
|------|--------|
| `edit_file_tool` | Checks cancellation in edit event processing loop |
| `terminal_tool` | Already handled cancellation |
| `grep_tool` | Checks cancellation in search result iteration loop |
| `fetch_tool` | Checks cancellation during HTTP fetch |
| `web_search_tool` | Checks cancellation during web search |
| `find_path_tool` | Checks cancellation during path search |
| `read_file_tool` | Checks cancellation during buffer open |
| `copy_path_tool` | Checks cancellation during file copy |
| `move_path_tool` | Checks cancellation during file move/rename |
| `delete_path_tool` | Checks cancellation during delete operation |
| `create_directory_tool` | Checks cancellation during directory
creation |
| `save_file_tool` | Checks cancellation during buffer open and save |
| `restore_file_from_disk_tool` | Checks cancellation during buffer open
and reload |
| `open_tool` | Checks cancellation during authorization |
| `diagnostics_tool` | Checks cancellation during buffer open |
| `ContextServerTool` (MCP) | Checks cancellation during external server
calls |
**Synchronous tools (no async work, return immediately):**
- `list_directory_tool` - Reads worktree snapshot synchronously
- `now_tool` - Returns current time immediately
- `thinking_tool` - Returns immediately
## MCP Tools Automatically Handled
MCP tools (user-defined tools via context servers) are now automatically
cancellation-aware without any user action. The `ContextServerTool`
wrapper races the external server request against
`event_stream.cancelled_by_user()`.
## Testing
- Added `CancellationAwareTool` test helper that mirrors the
cancellation pattern
- Updated `test_cancellation_aware_tool_responds_to_cancellation` to
properly await the cancel task and verify the tool detected cancellation
Release Notes:
- Fixed a regression where pressing Escape wouldn't immediately cancel
in-progress tool operations
This re-introduces the `save_file` and `restore_file_from_disk` agent
tools that were reverted in #44949.
I pushed that original PR without trying it just to get the build off my
machine, but I had missed a step: the tools weren't added to the default
profile settings in `default.json`, so they were never enabled even
though the code was present.
## Changes
- Add `save_file` and `restore_file_from_disk` to the "write" profile in
`default.json`
- Add `Thread::has_tool()` method to check tool availability at runtime
- Make `edit_file_tool`'s dirty buffer error message conditional on
whether `save_file`/`restore_file_from_disk` tools are available (so the
agent gets appropriate guidance based on what tools it actually has)
- Update test to match new conditional error message behavior
Release Notes:
- Added `save_file` and `restore_file_from_disk` agent tools to handle
dirty buffers when editing files
Release Notes:
- Added `save_file` and `restore_file_from_disk` tools to the agent,
allowing it to resolve dirty buffer conflicts when editing files. When
the agent encounters a file with unsaved changes, it will now ask
whether you want to keep or discard those changes before proceeding.
Uses the latest version of the SDK + schema crate. A bit painful because
we needed to move to `#[non_exhaustive]` on all of these structs/enums,
but will be much easier going forward.
Also, since we depend on unstable features, I am pinning the version so
we don't accidentally introduce compilation errors from other update
cycles.
Release Notes:
- N/A
