CodeWhale is the canonical project, command, npm package, and
release-asset name. The legacy npm packagedeepseek-tuiis
deprecated and receives no further releases. Users coming from
v0.8.x legacydeepseek/deepseek-tuinames should migrate
withdocs/REBRAND.md.
Install
Recommended — npm (one command, both binaries)
npm install -g codewhaleThe wrapper downloads the matched runtime binaries from this Release and places them in the same directory.
Docker / GHCR
docker run --rm -it \
-e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-v ~/.deepseek:/home/codewhale/.deepseek \
ghcr.io/hmbown/codewhale:v0.8.66The image ships the codewhale dispatcher, codew shim, and codewhale-tui runtime. The latest tag is also updated on release.
Cargo (Linux / macOS)
cargo install codewhale-cli codewhale-tui --lockedBoth crates are required — codewhale-cli produces the codewhale dispatcher and codew shim, while codewhale-tui produces the interactive runtime that the dispatcher delegates to. Installing only one crate will fail at runtime with a MISSING_COMPANION_BINARY error.
Manual download — platform archives (recommended)
Each archive below contains the codewhale dispatcher, codew shim, and codewhale-tui runtime, plus an install script:
| Platform | Archive | Install script |
|---|---|---|
| Linux x64 | codewhale-linux-x64.tar.gz
| install.sh
|
| Linux ARM64 | codewhale-linux-arm64.tar.gz
| install.sh
|
| Linux RISC-V | codewhale-linux-riscv64.tar.gz
| install.sh
|
| macOS x64 | codewhale-macos-x64.tar.gz
| install.sh
|
| macOS ARM | codewhale-macos-arm64.tar.gz
| install.sh
|
| Windows x64 (installer) | CodeWhaleSetup.exe
| NSIS setup |
| Windows x64 | codewhale-windows-x64.zip
| install.bat
|
| Windows x64 (portable) | codewhale-windows-x64-portable.zip
| — |
Unix (Linux / macOS):
tar xzf codewhale-<platform>.tar.gz
cd codewhale-<platform>
./install.shWindows:
- For the installer path, run
CodeWhaleSetup.exe; it installscodewhale.exe,codew.exe, andcodewhale-tui.exeunder%LOCALAPPDATA%\Programs\CodeWhale\binand adds that directory to the current-user PATH. - Extract
codewhale-windows-x64.zip - Run
install.bat(copies to%USERPROFILE%\bin) - Add
%USERPROFILE%\binto your PATH
The portable Windows archive skips the install script — extract and run from any directory. The NSIS installer is currently unsigned and may trigger Windows SmartScreen until a signing certificate is wired into the release pipeline.
Each platform also has bare, unarchived binaries attached below (codewhale-<platform>, codew-<platform>, and codewhale-tui-<platform>) — the npm wrapper and the in-app codewhale update download the matched runtime binaries, whereas the .tar.gz / .zip archives above are the recommended manual download and additionally bundle an install script. The legacy npm package deepseek-tui is deprecated and is not republished. For migration from v0.8.x legacy binary names, see docs/REBRAND.md.
Verify (recommended)
Download the checksum manifests from this Release and verify:
# Linux — archive bundles
sha256sum -c codewhale-bundles-sha256.txt
# Linux — individual binaries
sha256sum -c codewhale-artifacts-sha256.txt
# macOS
shasum -a 256 -c codewhale-bundles-sha256.txt
shasum -a 256 -c codewhale-artifacts-sha256.txtWhat's in v0.8.66
Added
- Added
codewhale doctor/codewhale doctor --jsonlegacy-state
diagnostics that compare known~/.deepseekstate paths with their
~/.codewhalecounterparts and flag unmigrated or dual-root data (#3727). - Added Sakana AI Fugu as a first-class OpenAI-compatible provider with
sakana/fugualiases,FUGU_API_KEY/SAKANA_API_KEYdiscovery,
provider-picker wiring, model completions, and provider docs. Harvested from
#3748 by @lerugray. - Added WhaleFlow-to-Fleet launch-shape validation: the default Fleet workflow
contract allows up to 100 total agents and 5 recursive rings, requires
bounded loops/expands before launch, and preserves per-slot model selection. - Added a read-only
/config ask-rulesview for the resolved
permissions.tomlpath, file status, rule count, and configured
tool/command/path ask rules. Merged from #3569 by @greyfreedom. - Added provider-level
context_windowoverrides so OpenAI-compatible
gateways and self-hosted providers can budget against their real model
context window (#3545). - Added the native
codewshim to release archives, Windows installer inputs,
local release-asset preparation, and checksum verification so manual installs
receive the same short command that Cargo installs build. - Added OpenModel as a first-class Anthropic Messages provider, with config,
CLI, provider picker, docs, and registry coverage. Harvested from #3585 by
@noaft. - Added WeCom Bridge deployment and security documentation, with shipped
runtime/bridge commands and approval-timeout environment guidance. Harvested
from #3640 by @pkeging. - Added a token/cache/cost
scorecardcommand for offline release gating,
baseline regression checks, and per-turn cost visibility (#3388). Stream-JSON
exec metadata now also reports conservativeinput_analysisand
visible_final_answer_chars, so benchmark harnesses can measure transcript
growth and final-answer bloat without guessing (#2956, #2957). - Added a release evidence ledger for v0.8.66 and opened the external ACP
registry submission for CodeWhale after validating the published
codewhale@0.8.65ACP auth handshake against the upstream registry checker
(#3192). - Added a typed
[verifier]config table for the verifier-preview lane, with
enabledand the shippedverdict_policy = "hunt"mapping documented and
validated (#2093). - Added Hotbar
Alt+1–Alt+8quick-slot switching with decision-card key
disambiguation, plus an introductory card that explains and can dismiss the
Hotbar (#3796, #3788). - Release/docs hygiene: guarded public install/version snippets and the npm
codewhaleBinaryVersionpointer against drift, madecheck-docs/check-facts
fail on stale snippets or unmapped providers, and stoppedsync-changelog
from dropping a release when only[Unreleased]exists (#3767, #3768, #3769,
#3770, #3771, #3772).
Changed
- Deferred Auto mode from the user-facing mode picker, cycle, hotbar,
/mode
command, and runtime-thread mode overrides until it has a distinct prompt and
auto-review behavior; existingautomode text now folds back to Agent
instead of selecting a hollow mode, and approval modal copy no longer implies
the current mode is YOLO (#3730, #3733). - Clarified the Fleet setup surface and docs so Fleet is treated as the durable
sub-agent configuration layer while WhaleFlow is the agent-authored
orchestration plan that selects and monitors Fleet slots. - Slimmed the default Constitution prompt while keeping its required structural
anchors under regression coverage, reducing the static prompt footprint for
cache-sensitive turns (#2953). - Made the approval prompt inline and bottom-anchored instead of a full-screen
takeover, so context and controls stay visible while a tool awaits a decision
(#3799). - The Hotbar is now hidden by default until explicit setup opt-in (#3807); the
interactive Agent shell also defaults to approval-gated on with a shared
baseline (#3756). - Mode authority now resolves approval prompts through a single authority
source instead of per-surface checks (#3795).
Fixed
- Surfaced legacy state relocation with a user-visible migration notice whenever
~/.deepseek/<state>is moved or copied into~/.codewhale/<state>, so
upgraded users know their data was preserved and where the canonical state
now lives (#3726). - Restored legacy
.deepseek/sessionsvisibility for upgraded installs where
an empty~/.codewhale/sessionsdirectory already existed, by copying
missing legacy session entries into the primary CodeWhale session store
without overwriting newer data (#3724). - Calmed approval risk classification for read-only shell commands such as
codewhale --version,codewhale --help, andgit status --porcelainso
the modal no longer labels proven read-only shell as destructive (#3730). - Added provider/model route columns to
/cacheturn telemetry so DeepSeek
cache-hit regressions can be correlated with Auto route changes (#3738). - Fixed runtime API approval handling so workspace trust no longer auto-resolves
ordinary tool approvals; trust now only participates in full-access retry
decisions while YOLO/auto-approve remains the approval bypass (#3736). - Fixed modal surfaces so the shared view stack paints an opaque backdrop before
any overlay, while Plan/request-input popup interiors stay opaque and the Plan
confirmation footer keeps action choices visible on narrow terminals (#3732). - Added a turn-loop Plan-mode guard for file-writing tools and write-capable MCP
tools so Plan's "no writes" promise is enforced before approval or execution,
not only by the sandbox/catalog layer (#3734). - Preserved the durable review safety floor for publish-like shell actions in
YOLO mode, socargo publish,npm publish, and tag/release pushes force
approval instead of silently auto-approving (#3735). - Fixed Ctrl+O external-editor freezes where CodeWhale's terminal input pump
could keep reading keys while Vim/editor owned the terminal, especially in
Windows mintty/cygwin shells. Thanks @buko for the precise repro (#3657). - Hardened the OHOS dependency drift check against transient Cargo registry EOFs
by retrying the dependency graph probe before failing CI. - Updated the
/linksprovider fallback to the current CodeWhale docs URL and
added a Baidu Qianfan docs link. Harvested from #3621 by @noaft. - Hardened
CODEWHALE_TOOL_SURFACE=shell-onlyfor benchmark/exec runs: the
shell-only surface hides native tools from the model-visible catalog, and
unknownCODEWHALE_TOOL_SURFACEvalues now warn instead of silently falling
back to the full tool surface (#2954). - Sub-agent fanout and lock hot paths: preserved event-channel headroom for
progress events (#3783, thanks @cyq1017), let independent sub-agent starts
join a single parallel dispatch batch instead of serializing (#3801), rendered
the sub-agent sidebar/ListSubAgents from a read-only snapshot with bounded
cleanup (#3803), used nonblocking best-effort sends for ListSubAgents refresh
while still awaiting critical events (#3802), moved sub-agent state
persistence disk I/O off the manager write lock (#3805), and usedtry_lock
for shell-manager refresh in async UI paths (#3804). - Provenance: runtime continuations and
SubAgentHandoffnow inherit standing
YOLO authority, whileMemoryRecall,ImportedTranscript, and
AssistantGeneratedinputs remain guarded (#3817). - Approval honesty: labeled session-scoped approvals accurately instead of
"always", and surfaced approval decisions in tool results (#3766).
Contributor credits for this release live in the changelog entry above —
thank you to everyone whose reports, PRs, reviews, and reproductions shaped it.
See CHANGELOG.md for full notes and docs/CHANGELOG_ARCHIVE.md for older releases.