Merge pull request #1464 from xuewenjie123/fix/windows-background-terminal-execute-x

fix(shell): prevent console window flash on Windows for foreground tasks
test: update shellExecutionService test for Windows spawn config changes
2026-01-13 20:39:14 +00:00 · 2026-01-12 11:48:10 +08:00 · 2026-01-12 11:22:54 +08:00 · 2026-01-12 11:08:47 +08:00 · 2026-01-12 11:04:05 +08:00 · 2026-01-10 14:31:08 +08:00
5 changed files with 26 additions and 34 deletions
--- a/docs/users/features/sandbox.md
+++ b/docs/users/features/sandbox.md
@@ -49,6 +49,8 @@ Cross-platform sandboxing with complete process isolation.

 By default, Qwen Code uses a published sandbox image (configured in the CLI package) and will pull it as needed.

+The container sandbox mounts your workspace and your `~/.qwen` directory into the container so auth and settings persist between runs.
+
 **Best for**: Strong isolation on any OS, consistent tooling inside a known image.

 ### Choosing a method
@@ -157,7 +159,7 @@ For a working allowlist-style proxy example, see: [Example Proxy Script](/develo

 ## Linux UID/GID handling

-The sandbox automatically handles user permissions on Linux. Override these permissions with:
+On Linux, Qwen Code defaults to enabling UID/GID mapping so the sandbox runs as your user (and reuses the mounted `~/.qwen`). Override with:

 ```bash
 export SANDBOX_SET_UID_GID=true   # Force host UID/GID
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@@ -8,7 +8,6 @@ import { exec, execSync, spawn, type ChildProcess } from 'node:child_process';
 import os from 'node:os';
 import path from 'node:path';
 import fs from 'node:fs';
-import { readFile } from 'node:fs/promises';
 import { fileURLToPath } from 'node:url';
 import { quote, parse } from 'shell-quote';
 import {
@@ -50,16 +49,16 @@ const BUILTIN_SEATBELT_PROFILES = [

 /**
 * Determines whether the sandbox container should be run with the current user's UID and GID.
- * This is often necessary on Linux systems (especially Debian/Ubuntu based) when using
- * rootful Docker without userns-remap configured, to avoid permission issues with
+ * This is often necessary on Linux systems when using rootful Docker without userns-remap
+ * configured, to avoid permission issues with
 * mounted volumes.
 *
 * The behavior is controlled by the `SANDBOX_SET_UID_GID` environment variable:
 * - If `SANDBOX_SET_UID_GID` is "1" or "true", this function returns `true`.
 * - If `SANDBOX_SET_UID_GID` is "0" or "false", this function returns `false`.
 * - If `SANDBOX_SET_UID_GID` is not set:
- *   - On Debian/Ubuntu Linux, it defaults to `true`.
- *   - On other OSes, or if OS detection fails, it defaults to `false`.
+ *   - On Linux, it defaults to `true`.
+ *   - On other OSes, it defaults to `false`.
 *
 * For more context on running Docker containers as non-root, see:
 * https://medium.com/redbubble/running-a-docker-container-as-a-non-root-user-7d2e00f8ee15
@@ -76,31 +75,20 @@ async function shouldUseCurrentUserInSandbox(): Promise<boolean> {
    return false;
  }

-  // If environment variable is not explicitly set, check for Debian/Ubuntu Linux
  if (os.platform() === 'linux') {
-    try {
-      const osReleaseContent = await readFile('/etc/os-release', 'utf8');
-      if (
-        osReleaseContent.includes('ID=debian') ||
-        osReleaseContent.includes('ID=ubuntu') ||
-        osReleaseContent.match(/^ID_LIKE=.*debian.*/m) || // Covers derivatives
-        osReleaseContent.match(/^ID_LIKE=.*ubuntu.*/m) // Covers derivatives
-      ) {
-        // note here and below we use console.error for informational messages on stderr
-        console.error(
-          'INFO: Defaulting to use current user UID/GID for Debian/Ubuntu-based Linux.',
-        );
-        return true;
-      }
-    } catch (_err) {
-      // Silently ignore if /etc/os-release is not found or unreadable.
-      // The default (false) will be applied in this case.
-      console.warn(
-        'Warning: Could not read /etc/os-release to auto-detect Debian/Ubuntu for UID/GID default.',
+    const debugEnv = [process.env['DEBUG'], process.env['DEBUG_MODE']].some(
+      (v) => v === 'true' || v === '1',
+    );
+    if (debugEnv) {
+      // Use stderr so it doesn't clutter normal STDOUT output (e.g. in `--prompt` runs).
+      console.error(
+        'INFO: Using current user UID/GID in Linux sandbox. Set SANDBOX_SET_UID_GID=false to disable.',
      );
    }
+    return true;
  }
-  return false; // Default to false if no other condition is met
+
+  return false;
 }

 // docker does not allow container names to contain ':' or '/', so we
--- a/packages/core/src/qwen/qwenOAuth2.ts
+++ b/packages/core/src/qwen/qwenOAuth2.ts
@@ -593,12 +593,12 @@ async function authWithQwenDeviceFlow(
    qwenOAuth2Events.emit(QwenOAuth2Event.AuthUri, deviceAuth);

    const showFallbackMessage = () => {
-      process.stdout.write('\n=== Qwen OAuth Device Authorization ===');
-      process.stdout.write(
+      console.log('\n=== Qwen OAuth Device Authorization ===');
+      console.log(
        'Please visit the following URL in your browser to authorize:',
      );
-      process.stdout.write(`\n${deviceAuth.verification_uri_complete}\n`);
-      process.stdout.write('Waiting for authorization to complete...\n');
+      console.log(`\n${deviceAuth.verification_uri_complete}\n`);
+      console.log('Waiting for authorization to complete...\n');
    };

    // Always show the fallback message in non-interactive environments to ensure
--- a/packages/core/src/services/shellExecutionService.test.ts
+++ b/packages/core/src/services/shellExecutionService.test.ts
@@ -818,7 +818,7 @@ describe('ShellExecutionService child_process fallback', () => {
  });

  describe('Platform-Specific Behavior', () => {
-    it('should use cmd.exe on Windows', async () => {
+    it('should use cmd.exe and hide window on Windows', async () => {
      mockPlatform.mockReturnValue('win32');
      await simulateExecution('dir "foo bar"', (cp) =>
        cp.emit('exit', 0, null),
@@ -829,7 +829,8 @@ describe('ShellExecutionService child_process fallback', () => {
        [],
        expect.objectContaining({
          shell: true,
-          detached: true,
+          detached: false,
+          windowsHide: true,
        }),
      );
    });
--- a/packages/core/src/services/shellExecutionService.ts
+++ b/packages/core/src/services/shellExecutionService.ts
@@ -229,7 +229,8 @@ export class ShellExecutionService {
        stdio: ['ignore', 'pipe', 'pipe'],
        windowsVerbatimArguments: true,
        shell: isWindows ? true : 'bash',
-        detached: true,
+        detached: !isWindows,
+        windowsHide: isWindows,
        env: {
          ...process.env,
          QWEN_CODE: '1',
Author	SHA1	Message	Date
tanzhenxin	2f6b0b233a	Merge pull request #1464 from xuewenjie123/fix/windows-background-terminal-execute-x fix(shell): prevent console window flash on Windows for foreground tasks	2026-01-12 11:48:10 +08:00
xuewenjie	9a8ce605c5	test: update shellExecutionService test for Windows spawn config changes	2026-01-12 11:22:54 +08:00
tanzhenxin	afc693a4ab	Merge pull request #1453 from liqiongyu/fix/1359-sandbox-uidgid-default-linux fix(cli): default sandbox UID/GID mapping on Linux	2026-01-12 11:08:47 +08:00
xuewenjie	7173cba844	fix(shell): prevent console window flash on Windows for foreground tasks	2026-01-12 11:04:05 +08:00
liqoingyu	9b78c17638	fix(cli): default sandbox UID/GID mapping on Linux Fixes #1359. Default container sandboxing on Linux to use host UID/GID so qwen runs under a user that matches the mounted home directory and persists auth/settings in ~/.qwen. Also gate the informational log behind DEBUG/DEBUG_MODE and clarify docs about Linux UID/GID mapping and ~/.qwen persistence.	2026-01-10 14:31:08 +08:00