github Hmbown/CodeWhale v0.8.59
on GitHub

3 hours ago

CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm package deepseek-tui is
deprecated and receives no further releases. Users coming from
v0.8.x legacy deepseek / deepseek-tui names should migrate
with docs/REBRAND.md.

Install

Recommended — npm (one command, both binaries)

npm install -g codewhale

The wrapper downloads both binaries from this Release and places them in the same directory.

Docker / GHCR

docker run --rm -it \
  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
  -v ~/.deepseek:/home/codewhale/.deepseek \
  ghcr.io/hmbown/codewhale:v0.8.59

The image ships the codewhale dispatcher and codewhale-tui runtime. The latest tag is also updated on release.

Cargo (Linux / macOS)

cargo install codewhale-cli codewhale-tui --locked

Both crates are required — codewhale-cli produces the codewhale dispatcher and codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a MISSING_COMPANION_BINARY error.

Manual download — platform archives (recommended)

Each archive below contains both the codewhale dispatcher and codewhale-tui runtime, plus an install script:

Platform Archive Install script
Linux x64 codewhale-linux-x64.tar.gz install.sh
Linux ARM64 codewhale-linux-arm64.tar.gz install.sh
Linux RISC-V codewhale-linux-riscv64.tar.gz install.sh
macOS x64 codewhale-macos-x64.tar.gz install.sh
macOS ARM codewhale-macos-arm64.tar.gz install.sh
Windows x64 (installer) CodeWhaleSetup.exe NSIS setup
Windows x64 codewhale-windows-x64.zip install.bat
Windows x64 (portable) codewhale-windows-x64-portable.zip

Unix (Linux / macOS): 

tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.sh

Windows:

  • For the installer path, run CodeWhaleSetup.exe; it installs both binaries under %LOCALAPPDATA%\Programs\CodeWhale\bin and adds that directory to the current-user PATH.
  • Extract codewhale-windows-x64.zip
  • Run install.bat (copies to %USERPROFILE%\bin)
  • Add %USERPROFILE%\bin to your PATH

The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.

Individual binaries are also attached below for scripting and the npm wrapper. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.

Verify (recommended)

Download the checksum manifests from this Release and verify: 

# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt

# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt

# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txt

What's in v0.8.59

Added

  • Moonshot Kimi K2.7 Code model. The Moonshot/Kimi provider now defaults to
    kimi-k2.7-code, recognizes kimi/kimi-k2 aliases for that model, keeps
    explicit kimi-k2.6 selectable, and adds the OpenRouter
    moonshotai/kimi-k2.7-code registry row.
  • Concise verbosity mode (#3052). CLI noninteractive launches now default
    to concise prompt/output discipline unless overridden by config, env, or
    --verbosity, while interactive TUI launches remain normal by default.
    Thanks @cyq1017 for the PR.
  • Ephemeral generated project context (#3058). Opening CodeWhale in a
    directory with no instruction files now keeps the bounded generated project
    overview in memory instead of creating .codewhale/instructions.md.
  • ACP registry auth metadata (#1447). The ACP stdio adapter now advertises
    terminal authentication setup in initialize.authMethods, matching the
    registry's validation requirement.
  • Sidebar context menus (#3065). Right-clicking the sidebar no longer shows
    Paste; clickable sidebar rows now offer their row command as the first
    context action.
  • Sidebar hover popovers (#3088). Streaming turns now keep sidebar hover
    popovers responsive while continuing to throttle transcript/body mouse
    motion.
  • Dark-theme selection contrast (#3074, thanks @drpars). Session, config,
    help, context-menu, and approval selections now use the muted selection
    background instead of the bright accent color.
  • Cursor-style activity metadata rows (#3146). Dense successful tool-run
    summaries now render as a single muted Explored ... / Updated metadata
    row, include short command-family labels for successful generic verifier
    groups, and keep keyboard/mouse expansion and detail inspection intact.
  • Provider-wait observability (#3095). Footer stall reasons now name the
    active provider/model route, idle seconds vs stream budget, and whether a
    fanout plan is still at 0 running or dispatch is pending. Structured
    provider-wait incidents log once per turn from the main tick loop (not on
    every footer redraw).
  • Interactive fanout launch gate (#3095). Direct sub-agent children queue
    behind a configurable semaphore ([subagents] interactive_max_launch,
    default 4) with a visible queued: waiting for an interactive fanout slot
    reason before their first model step.
  • Goal lifecycle controls. /goal is now the primary command surface for
    session goals, with pause, resume, complete, blocked, and clear
    controls while /hunt remains a compatibility alias.
  • Persistent thread-goal API. App-server clients can now set, get, and clear
    durable thread goals through thread/goal/set, thread/goal/get, and
    thread/goal/clear, backed by the state store with Codex-style status and
    token/time accounting fields.
  • Command-boundary ownership layers (#2888/#3055). Built-in slash command
    metadata now lives in commands/registry.rs, slash parsing in
    commands/parse.rs, and handlers under group-owned command areas, preserving
    the existing dispatch surface while reducing future commands/mod.rs churn.
  • Approval-rule source metadata (#1186/#2971). Runtime API
    approval.required events now include optional matched_rule metadata when
    an execution-policy rule caused the prompt. Thanks @greyfreedom for the PR
    and @Ram9199 for the audit-semantics discussion.
  • Localized tool-family labels (#2901). Tool activity labels for read,
    patch, run, find, delegate, fanout, RLM, verify, think, and generic tool
    work now route through the shipped locale tables. Thanks @gordonlu for the
    PR.
  • Localized config section labels (#2918). The interactive config view now
    localizes section and session/saved scope labels while preserving English
    search terms. Thanks @gordonlu for the PR.
  • Localized config editor labels (#2919). The config editor modal now
    localizes edit labels, default/unavailable placeholders, and effective
    currency hints. Thanks @gordonlu for the PR.
  • Hotbar number-key dispatch (#3056). Bare 1-8 now trigger bound
    hotbar slots only when the composer is empty, while Alt+1-Alt+8 trigger
    slots regardless of composer text and overlays keep key ownership. Thanks
    @reidliu41 for the PR.
  • Voice dictation commands (#3051). /voice, /voice-send, and
    /voice-control now record through sox/rec/arecord, transcribe via the
    active provider's chat-completions API, and insert transcripts at the
    composer cursor. The voice.toggle hotbar action dispatches the real voice
    command, with help and status text localized across all seven shipped
    locales. Thanks @HUQIANTAO for the PR.
  • Thread rewind and snapshot restore API (#2808). GUI clients can now call
    POST /v1/threads/{id}/undo, /patch-undo, and /retry to fork, roll back,
    or rerun recent thread turns, plus POST /v1/snapshots/{id}/restore to
    restore a workspace snapshot by id. Thanks @bengao168 for the PR.
  • Active provider fallback chain (#2773). Configured fallback_providers
    now build an ordered primary-plus-fallback route that the TUI can report,
    advance through, and reset with /provider fallback reset, including footer
    visibility for fallback state. Thanks @idling11 for the PR.
  • Provider metadata registry (#3005). Built-in provider ids, display names,
    defaults, env vars, config keys, aliases, and wire formats now live in a
    shared metadata registry, with the provider drift check covering the registry
    contract. Thanks @sximelon for the PR.
  • Hugging Face provider route (#2879). Hugging Face Inference Providers now
    have first-class config, env, docs, and registry coverage for the
    OpenAI-compatible router, including huggingface/hugging-face/
    hugging_face/hf aliases and HUGGINGFACE_*/HF_* env fallbacks. Thanks
    @mvanhorn for the PR.

Fixed

  • SSE data lines without spaces (#3152). Chat Completions, Responses, and
    Anthropic stream readers now accept both data: {...} and data:{...} SSE
    frames, matching the spec and preventing providers that omit the optional
    space from streaming empty output. Thanks @wgeeker for the PR.
  • Runtime thread detail N+1 reads (#3141). get_thread_detail now scans
    persisted turn items once and groups them by turn instead of reading the
    items directory once per turn, preserving item order while keeping large
    thread detail loads responsive.
  • Project-local hook trust boundary (#3140). .codewhale/hooks.toml is now
    loaded only after the workspace is trusted in user-owned config, matching the
    project-local MCP trust model while preserving the documented shell-command
    hook contract.
  • Skill registry sync latency (#3139). /skills sync now syncs registry
    entries with bounded ordered concurrency, so network latency no longer stacks
    one skill at a time while output order stays deterministic.
  • SiliconFlow China provider config (#2893/#2895). siliconflow-CN
    now reads its own [providers.siliconflow_cn] / [providers.siliconflow-CN]
    table and falls back to [providers.siliconflow] only for unset
    api_key/base_url/model fields. Thanks @Artenx for the report and
    @idling11 for the PR.
  • Self-update download timeout (#3006). codewhale update now applies a
    five-minute HTTP client timeout so blocked or very slow GitHub release
    downloads fail instead of hanging indefinitely. Thanks @New2Niu for the PR.
  • Legacy deepseek update migration (#2960/#3013/#3053). Running
    deepseek update or deepseek-tui update from a pre-rebrand install now
    returns copy-pasteable npm, Cargo, Homebrew, and manual-binary migration
    steps instead of trying to spawn a missing codewhale binary. README and
    rebrand docs now cover the same upgrade path. Thanks @jazzi and
    @tiangangQiu for the reports, @cyq1017 for the update-path PR, and
    @angus-guo for the README PR.
  • Short codew shim delegation. The codew convenience binary now
    prefers the sibling codewhale dispatcher installed next to it before
    falling back to PATH, preventing fresh local builds or installs from
    accidentally invoking an older global dispatcher.
  • Constitution trust wording (#2950/#3008). The base prompt now explains
    that "begins with an A" means a baseline of trust, not a literal output
    formatting rule. Thanks @cyq1017 for the PR.
  • TUI provider-source recovery (#3007/#3011). Unsupported interactive
    providers now report whether the value came from --provider, environment,
    or config. Config-sourced unsupported providers fall back to DeepSeek without
    forwarding stale keyring secrets. Thanks @cyq1017 for the PR.
  • Exec auto-model handoff (#3148). codewhale exec --model auto now
    survives the CLI/TUI boundary by honoring the CodeWhale model env alias and
    legacy DeepSeek model handoff before falling back to provider defaults.
    Thanks @hongchen1993 for the PR.
  • macOS shortcut modifiers (#2938/#2943). Ctrl-like shortcuts that are
    reported as SUPER by macOS terminals now work for backgrounding tasks and
    sidebar-focus chords without rewriting clipboard shortcuts. Thanks @idling11
    for the PR.
  • TUI mouse-report leak (#3063/#3067). Strip raw SGR mouse coordinate
    tails from the composer even when use_mouse_capture is false, covering
    orphaned terminal reporting state after crashes or focus races.
  • Interrupted sub-agent lifecycle (#3080). API-timeout interruptions now
    emit MailboxMessage::Interrupted, render terminal interrupted cards, and
    reconcile stale running fanout counts from manager snapshots.
  • OpenAI Codex stream diagnostics and active tool collapse (#3146). The
    Responses bridge now reports nested response.failed /
    response.incomplete errors instead of unknown, and dense successful
    in-flight tool bursts collapse into the same calm activity metadata row as
    committed history.
  • OpenAI Codex reasoning tiers. Switching from DeepSeek to openai-codex
    now normalizes stale reasoning state into Responses-compatible
    low/medium/high/xhigh tiers. Startup, /config, and the model
    picker now display Codex labels instead of leaking DeepSeek
    off/max names, while Codex still reports as a Responses payload
    provider. The Responses request builder also clamps legacy minimal input
    to low and has regression coverage that Codex requests use
    reasoning.effort, not DeepSeek thinking fields.
  • OpenAI Codex context metadata (#3070). The gpt-5.5 default and
    CodeWhale aliases now use OpenAI's documented 1,050,000-token context window
    and 128,000 max-output metadata for context pressure, prompts, and doctor
    capability output.
  • OpenRouter Nemotron 3 Ultra preset. The OpenRouter preset and model
    registry now emit nvidia/nemotron-3-ultra-550b-a55b while keeping the old
    Ultra aliases compatible.
  • OpenRouter auth after MiMo switches (#3064). Switching from Xiaomi MiMo
    to OpenRouter now has regression coverage for preflight key failures and
    Bearer auth header isolation before any request can be dispatched.
  • Responses strict-tool schema compatibility (#3062/#3017/#1883). Responses
    function tools now preserve per-tool strict-mode compatibility, keep optional
    strict-schema fields nullable, and append deterministic constraint notes when
    root composition groups must be flattened for Responses.
  • Runtime prompt autonomous loop guard (#3061). Runtime policy reference
    now explicitly forbids initiating new work when <runtime_prompt> is the
    only new turn content and no tool/sub-agent handoff is pending.
  • Goal runtime status sync. Goal token budgets and active/paused/complete
    status now sync into the engine alongside the objective, and model-visible
    update_goal can only mark goals complete or blocked.

Contributors

  • Devin session work on #3080/#3095 (PRs #3103, #3104, #3106) — Hunter Bown
    (maintainer integration/cherry-pick on codex/v0.8.59-release-ready).
  • Nightt (@nightt5879) for the Responses strict-tool schema hardening in PR
    #3062.
  • yekern (@yekern) for the #3061 runtime-prompt loop safety report and repro
    that shaped the dispatch guard.
  • Paulo Aboim Pinto (@aboimpinto) for the staged command-boundary design and
    Layer 3 registry/parser extraction in PR #2888, plus the #2851/#2791/#2870
    architecture stream that guided the grouped command areas in #3055.

Contributor credits for this release live in the changelog entry above —
thank you to everyone whose reports, PRs, reviews, and reproductions shaped it.

See CHANGELOG.md for full notes and docs/CHANGELOG_ARCHIVE.md for older releases.

Check out latest releases or
releases around Hmbown/CodeWhale v0.8.59

Don't miss a new CodeWhale release

NewReleases is sending notifications on new releases.

Get notifications