refactor(insight): update insight page assets and styles

feat: add new insight page with Vite setup
feat(insight): add insight command and server for personalized programming insights
2026-01-16 13:59:14 +00:00 · 2026-01-16 14:57:21 +08:00 · 2026-01-16 14:49:40 +08:00 · 2026-01-16 13:38:31 +08:00 · 2026-01-15 09:00:11 +08:00 · 2026-01-15 08:56:58 +08:00
270 changed files with 55763 additions and 2599 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+* @tanzhenxin @DennisYu07 @gwinthis @LaZzyMan @pomelo-nwu @Mingholy
+# SDK TypeScript package changes require review from Mingholy
+packages/sdk-typescript/** @Mingholy
--- a/.github/workflows/release-sdk.yml
+++ b/.github/workflows/release-sdk.yml
@@ -241,7 +241,7 @@ jobs:
          ${{ steps.vars.outputs.is_dry_run == 'false' && steps.vars.outputs.is_nightly == 'false' && steps.vars.outputs.is_preview == 'false' }}
        id: 'pr'
        env:
-          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          GITHUB_TOKEN: '${{ secrets.CI_BOT_PAT }}'
          RELEASE_BRANCH: '${{ steps.release_branch.outputs.BRANCH_NAME }}'
          RELEASE_TAG: '${{ steps.version.outputs.RELEASE_TAG }}'
        run: |-
@@ -258,26 +258,15 @@ jobs:

          echo "PR_URL=${pr_url}" >> "${GITHUB_OUTPUT}"

-      - name: 'Wait for CI checks to complete'
-        if: |-
-          ${{ steps.vars.outputs.is_dry_run == 'false' && steps.vars.outputs.is_nightly == 'false' && steps.vars.outputs.is_preview == 'false' }}
-        env:
-          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
-          PR_URL: '${{ steps.pr.outputs.PR_URL }}'
-        run: |-
-          set -euo pipefail
-          echo "Waiting for CI checks to complete..."
-          gh pr checks "${PR_URL}" --watch --interval 30
-
      - name: 'Enable auto-merge for release PR'
        if: |-
          ${{ steps.vars.outputs.is_dry_run == 'false' && steps.vars.outputs.is_nightly == 'false' && steps.vars.outputs.is_preview == 'false' }}
        env:
-          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          GITHUB_TOKEN: '${{ secrets.CI_BOT_PAT }}'
          PR_URL: '${{ steps.pr.outputs.PR_URL }}'
        run: |-
          set -euo pipefail
-          gh pr merge "${PR_URL}" --merge --auto
+          gh pr merge "${PR_URL}" --merge --auto --delete-branch

      - name: 'Create Issue on Failure'
        if: |-
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,7 @@ package-lock.json
 .idea
 *.iml
 .cursor
+.qoder

 # OS metadata
 .DS_Store
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ Qwen Code is an open-source AI agent for the terminal, optimized for [Qwen3-Code
 - **OpenAI-compatible, OAuth free tier**: use an OpenAI-compatible API, or sign in with Qwen OAuth to get 2,000 free requests/day.
 - **Open-source, co-evolving**: both the framework and the Qwen3-Coder model are open-source—and they ship and evolve together.
 - **Agentic workflow, feature-rich**: rich built-in tools (Skills, SubAgents, Plan Mode) for a full agentic workflow and a Claude Code-like experience.
- **Terminal-first, IDE-friendly**: built for developers who live in the command line, with optional integration for VS Code and Zed.
+- **Terminal-first, IDE-friendly**: built for developers who live in the command line, with optional integration for VS Code, Zed, and JetBrains IDEs.

 ## Installation

@@ -137,10 +137,11 @@ Use `-p` to run Qwen Code without the interactive UI—ideal for scripts, automa

 #### IDE integration

-Use Qwen Code inside your editor (VS Code and Zed):
+Use Qwen Code inside your editor (VS Code, Zed, and JetBrains IDEs):

 - [Use in VS Code](https://qwenlm.github.io/qwen-code-docs/en/users/integration-vscode/)
 - [Use in Zed](https://qwenlm.github.io/qwen-code-docs/en/users/integration-zed/)
+- [Use in JetBrains IDEs](https://qwenlm.github.io/qwen-code-docs/en/users/integration-jetbrains/)

 #### TypeScript SDK

@@ -200,6 +201,11 @@ If you encounter issues, check the [troubleshooting guide](https://qwenlm.github

 To report a bug from within the CLI, run `/bug` and include a short title and repro steps.

+## Connect with Us
+
+- Discord: https://discord.gg/ycKBjdNd
+- Dingtalk: https://qr.dingtalk.com/action/joingroup?code=v1,k1,+FX6Gf/ZDlTahTIRi8AEQhIaBlqykA0j+eBKKdhLeAE=&_dt_no_comment=1&origin=1
+
 ## Acknowledgments

 This project is based on [Google Gemini CLI](https://github.com/google-gemini/gemini-cli). We acknowledge and appreciate the excellent work of the Gemini CLI team. Our main contribution focuses on parser-level adaptations to better support Qwen-Coder models.
--- a/docs/developers/_meta.ts
+++ b/docs/developers/_meta.ts
@@ -11,6 +11,7 @@ export default {
    type: 'separator',
  },
  'sdk-typescript': 'Typescript SDK',
+  'sdk-java': 'Java SDK(alpha)',
  'Dive Into Qwen Code': {
    title: 'Dive Into Qwen Code',
    type: 'separator',
--- a/docs/developers/sdk-java.md
+++ b/docs/developers/sdk-java.md
@@ -0,0 +1,312 @@
+# Qwen Code Java SDK
+
+The Qwen Code Java SDK is a minimum experimental SDK for programmatic access to Qwen Code functionality. It provides a Java interface to interact with the Qwen Code CLI, allowing developers to integrate Qwen Code capabilities into their Java applications.
+
+## Requirements
+
+- Java >= 1.8
+- Maven >= 3.6.0 (for building from source)
+- qwen-code >= 0.5.0
+
+### Dependencies
+
+- **Logging**: ch.qos.logback:logback-classic
+- **Utilities**: org.apache.commons:commons-lang3
+- **JSON Processing**: com.alibaba.fastjson2:fastjson2
+- **Testing**: JUnit 5 (org.junit.jupiter:junit-jupiter)
+
+## Installation
+
+Add the following dependency to your Maven `pom.xml`:
+
+```xml
+<dependency>
+    <groupId>com.alibaba</groupId>
+    <artifactId>qwencode-sdk</artifactId>
+    <version>{$version}</version>
+</dependency>
+```
+
+Or if using Gradle, add to your `build.gradle`:
+
+```gradle
+implementation 'com.alibaba:qwencode-sdk:{$version}'
+```
+
+## Building and Running
+
+### Build Commands
+
+```bash
+# Compile the project
+mvn compile
+
+# Run tests
+mvn test
+
+# Package the JAR
+mvn package
+
+# Install to local repository
+mvn install
+```
+
+## Quick Start
+
+The simplest way to use the SDK is through the `QwenCodeCli.simpleQuery()` method:
+
+```java
+public static void runSimpleExample() {
+    List<String> result = QwenCodeCli.simpleQuery("hello world");
+    result.forEach(logger::info);
+}
+```
+
+For more advanced usage with custom transport options:
+
+```java
+public static void runTransportOptionsExample() {
+    TransportOptions options = new TransportOptions()
+            .setModel("qwen3-coder-flash")
+            .setPermissionMode(PermissionMode.AUTO_EDIT)
+            .setCwd("./")
+            .setEnv(new HashMap<String, String>() {{put("CUSTOM_VAR", "value");}})
+            .setIncludePartialMessages(true)
+            .setTurnTimeout(new Timeout(120L, TimeUnit.SECONDS))
+            .setMessageTimeout(new Timeout(90L, TimeUnit.SECONDS))
+            .setAllowedTools(Arrays.asList("read_file", "write_file", "list_directory"));
+
+    List<String> result = QwenCodeCli.simpleQuery("who are you, what are your capabilities?", options);
+    result.forEach(logger::info);
+}
+```
+
+For streaming content handling with custom content consumers:
+
+```java
+public static void runStreamingExample() {
+    QwenCodeCli.simpleQuery("who are you, what are your capabilities?",
+            new TransportOptions().setMessageTimeout(new Timeout(10L, TimeUnit.SECONDS)), new AssistantContentSimpleConsumers() {
+
+                @Override
+                public void onText(Session session, TextAssistantContent textAssistantContent) {
+                    logger.info("Text content received: {}", textAssistantContent.getText());
+                }
+
+                @Override
+                public void onThinking(Session session, ThingkingAssistantContent thingkingAssistantContent) {
+                    logger.info("Thinking content received: {}", thingkingAssistantContent.getThinking());
+                }
+
+                @Override
+                public void onToolUse(Session session, ToolUseAssistantContent toolUseContent) {
+                    logger.info("Tool use content received: {} with arguments: {}",
+                            toolUseContent, toolUseContent.getInput());
+                }
+
+                @Override
+                public void onToolResult(Session session, ToolResultAssistantContent toolResultContent) {
+                    logger.info("Tool result content received: {}", toolResultContent.getContent());
+                }
+
+                @Override
+                public void onOtherContent(Session session, AssistantContent<?> other) {
+                    logger.info("Other content received: {}", other);
+                }
+
+                @Override
+                public void onUsage(Session session, AssistantUsage assistantUsage) {
+                    logger.info("Usage information received: Input tokens: {}, Output tokens: {}",
+                            assistantUsage.getUsage().getInputTokens(), assistantUsage.getUsage().getOutputTokens());
+                }
+            }.setDefaultPermissionOperation(Operation.allow));
+    logger.info("Streaming example completed.");
+}
+```
+
+other examples see src/test/java/com/alibaba/qwen/code/cli/example
+
+## Architecture
+
+The SDK follows a layered architecture:
+
+- **API Layer**: Provides the main entry points through `QwenCodeCli` class with simple static methods for basic usage
+- **Session Layer**: Manages communication sessions with the Qwen Code CLI through the `Session` class
+- **Transport Layer**: Handles the communication mechanism between the SDK and CLI process (currently using process transport via `ProcessTransport`)
+- **Protocol Layer**: Defines data structures for communication based on the CLI protocol
+- **Utils**: Common utilities for concurrent execution, timeout handling, and error management
+
+## Key Features
+
+### Permission Modes
+
+The SDK supports different permission modes for controlling tool execution:
+
+- **`default`**: Write tools are denied unless approved via `canUseTool` callback or in `allowedTools`. Read-only tools execute without confirmation.
+- **`plan`**: Blocks all write tools, instructing AI to present a plan first.
+- **`auto-edit`**: Auto-approve edit tools (edit, write_file) while other tools require confirmation.
+- **`yolo`**: All tools execute automatically without confirmation.
+
+### Session Event Consumers and Assistant Content Consumers
+
+The SDK provides two key interfaces for handling events and content from the CLI:
+
+#### SessionEventConsumers Interface
+
+The `SessionEventConsumers` interface provides callbacks for different types of messages during a session:
+
+- `onSystemMessage`: Handles system messages from the CLI (receives Session and SDKSystemMessage)
+- `onResultMessage`: Handles result messages from the CLI (receives Session and SDKResultMessage)
+- `onAssistantMessage`: Handles assistant messages (AI responses) (receives Session and SDKAssistantMessage)
+- `onPartialAssistantMessage`: Handles partial assistant messages during streaming (receives Session and SDKPartialAssistantMessage)
+- `onUserMessage`: Handles user messages (receives Session and SDKUserMessage)
+- `onOtherMessage`: Handles other types of messages (receives Session and String message)
+- `onControlResponse`: Handles control responses (receives Session and CLIControlResponse)
+- `onControlRequest`: Handles control requests (receives Session and CLIControlRequest, returns CLIControlResponse)
+- `onPermissionRequest`: Handles permission requests (receives Session and CLIControlRequest<CLIControlPermissionRequest>, returns Behavior)
+
+#### AssistantContentConsumers Interface
+
+The `AssistantContentConsumers` interface handles different types of content within assistant messages:
+
+- `onText`: Handles text content (receives Session and TextAssistantContent)
+- `onThinking`: Handles thinking content (receives Session and ThingkingAssistantContent)
+- `onToolUse`: Handles tool use content (receives Session and ToolUseAssistantContent)
+- `onToolResult`: Handles tool result content (receives Session and ToolResultAssistantContent)
+- `onOtherContent`: Handles other content types (receives Session and AssistantContent)
+- `onUsage`: Handles usage information (receives Session and AssistantUsage)
+- `onPermissionRequest`: Handles permission requests (receives Session and CLIControlPermissionRequest, returns Behavior)
+- `onOtherControlRequest`: Handles other control requests (receives Session and ControlRequestPayload, returns ControlResponsePayload)
+
+#### Relationship Between the Interfaces
+
+**Important Note on Event Hierarchy:**
+
+- `SessionEventConsumers` is the **high-level** event processor that handles different message types (system, assistant, user, etc.)
+- `AssistantContentConsumers` is the **low-level** content processor that handles different types of content within assistant messages (text, tools, thinking, etc.)
+
+**Processor Relationship:**
+
+- `SessionEventConsumers` → `AssistantContentConsumers` (SessionEventConsumers uses AssistantContentConsumers to process content within assistant messages)
+
+**Event Derivation Relationships:**
+
+- `onAssistantMessage` → `onText`, `onThinking`, `onToolUse`, `onToolResult`, `onOtherContent`, `onUsage`
+- `onPartialAssistantMessage` → `onText`, `onThinking`, `onToolUse`, `onToolResult`, `onOtherContent`
+- `onControlRequest` → `onPermissionRequest`, `onOtherControlRequest`
+
+**Event Timeout Relationships:**
+
+Each event handler method has a corresponding timeout method that allows customizing the timeout behavior for that specific event:
+
+- `onSystemMessage` ↔ `onSystemMessageTimeout`
+- `onResultMessage` ↔ `onResultMessageTimeout`
+- `onAssistantMessage` ↔ `onAssistantMessageTimeout`
+- `onPartialAssistantMessage` ↔ `onPartialAssistantMessageTimeout`
+- `onUserMessage` ↔ `onUserMessageTimeout`
+- `onOtherMessage` ↔ `onOtherMessageTimeout`
+- `onControlResponse` ↔ `onControlResponseTimeout`
+- `onControlRequest` ↔ `onControlRequestTimeout`
+
+For AssistantContentConsumers timeout methods:
+
+- `onText` ↔ `onTextTimeout`
+- `onThinking` ↔ `onThinkingTimeout`
+- `onToolUse` ↔ `onToolUseTimeout`
+- `onToolResult` ↔ `onToolResultTimeout`
+- `onOtherContent` ↔ `onOtherContentTimeout`
+- `onPermissionRequest` ↔ `onPermissionRequestTimeout`
+- `onOtherControlRequest` ↔ `onOtherControlRequestTimeout`
+
+**Default Timeout Values:**
+
+- `SessionEventSimpleConsumers` default timeout: 180 seconds (Timeout.TIMEOUT_180_SECONDS)
+- `AssistantContentSimpleConsumers` default timeout: 60 seconds (Timeout.TIMEOUT_60_SECONDS)
+
+**Timeout Hierarchy Requirements:**
+
+For proper operation, the following timeout relationships should be maintained:
+
+- `onAssistantMessageTimeout` return value should be greater than `onTextTimeout`, `onThinkingTimeout`, `onToolUseTimeout`, `onToolResultTimeout`, and `onOtherContentTimeout` return values
+- `onControlRequestTimeout` return value should be greater than `onPermissionRequestTimeout` and `onOtherControlRequestTimeout` return values
+
+### Transport Options
+
+The `TransportOptions` class allows configuration of how the SDK communicates with the Qwen Code CLI:
+
+- `pathToQwenExecutable`: Path to the Qwen Code CLI executable
+- `cwd`: Working directory for the CLI process
+- `model`: AI model to use for the session
+- `permissionMode`: Permission mode that controls tool execution
+- `env`: Environment variables to pass to the CLI process
+- `maxSessionTurns`: Limits the number of conversation turns in a session
+- `coreTools`: List of core tools that should be available to the AI
+- `excludeTools`: List of tools to exclude from being available to the AI
+- `allowedTools`: List of tools that are pre-approved for use without additional confirmation
+- `authType`: Authentication type to use for the session
+- `includePartialMessages`: Enables receiving partial messages during streaming responses
+- `skillsEnable`: Enables or disables skills functionality for the session
+- `turnTimeout`: Timeout for a complete turn of conversation
+- `messageTimeout`: Timeout for individual messages within a turn
+- `resumeSessionId`: ID of a previous session to resume
+- `otherOptions`: Additional command-line options to pass to the CLI
+
+### Session Control Features
+
+- **Session creation**: Use `QwenCodeCli.newSession()` to create a new session with custom options
+- **Session management**: The `Session` class provides methods to send prompts, handle responses, and manage session state
+- **Session cleanup**: Always close sessions using `session.close()` to properly terminate the CLI process
+- **Session resumption**: Use `setResumeSessionId()` in `TransportOptions` to resume a previous session
+- **Session interruption**: Use `session.interrupt()` to interrupt a currently running prompt
+- **Dynamic model switching**: Use `session.setModel()` to change the model during a session
+- **Dynamic permission mode switching**: Use `session.setPermissionMode()` to change the permission mode during a session
+
+### Thread Pool Configuration
+
+The SDK uses a thread pool for managing concurrent operations with the following default configuration:
+
+- **Core Pool Size**: 30 threads
+- **Maximum Pool Size**: 100 threads
+- **Keep-Alive Time**: 60 seconds
+- **Queue Capacity**: 300 tasks (using LinkedBlockingQueue)
+- **Thread Naming**: "qwen_code_cli-pool-{number}"
+- **Daemon Threads**: false
+- **Rejected Execution Handler**: CallerRunsPolicy
+
+## Error Handling
+
+The SDK provides specific exception types for different error scenarios:
+
+- `SessionControlException`: Thrown when there's an issue with session control (creation, initialization, etc.)
+- `SessionSendPromptException`: Thrown when there's an issue sending a prompt or receiving a response
+- `SessionClosedException`: Thrown when attempting to use a closed session
+
+## FAQ / Troubleshooting
+
+### Q: Do I need to install the Qwen CLI separately?
+
+A: yes, requires Qwen CLI 0.5.5 or higher.
+
+### Q: What Java versions are supported?
+
+A: The SDK requires Java 1.8 or higher.
+
+### Q: How do I handle long-running requests?
+
+A: The SDK includes timeout utilities. You can configure timeouts using the `Timeout` class in `TransportOptions`.
+
+### Q: Why are some tools not executing?
+
+A: This is likely due to permission modes. Check your permission mode settings and consider using `allowedTools` to pre-approve certain tools.
+
+### Q: How do I resume a previous session?
+
+A: Use the `setResumeSessionId()` method in `TransportOptions` to resume a previous session.
+
+### Q: Can I customize the environment for the CLI process?
+
+A: Yes, use the `setEnv()` method in `TransportOptions` to pass environment variables to the CLI process.
+
+## License
+
+Apache-2.0 - see [LICENSE](./LICENSE) for details.
--- a/docs/developers/tools/_meta.ts
+++ b/docs/developers/tools/_meta.ts
@@ -10,4 +10,5 @@ export default {
  'web-search': 'Web Search',
  memory: 'Memory',
  'mcp-server': 'MCP Servers',
+  sandbox: 'Sandboxing',
 };
--- a/docs/developers/tools/sandbox.md
+++ b/docs/developers/tools/sandbox.md
@@ -0,0 +1,90 @@
+## Customizing the sandbox environment (Docker/Podman)
+
+### Currently, the project does not support the use of the BUILD_SANDBOX function after installation through the npm package
+
+1. To build a custom sandbox, you need to access the build scripts (scripts/build_sandbox.js) in the source code repository.
+2. These build scripts are not included in the packages released by npm.
+3. The code contains hard-coded path checks that explicitly reject build requests from non-source code environments.
+
+If you need extra tools inside the container (e.g., `git`, `python`, `rg`), create a custom Dockerfile, The specific operation is as follows
+
+#### 1、Clone qwen code project first, https://github.com/QwenLM/qwen-code.git
+
+#### 2、Make sure you perform the following operation in the source code repository directory
+
+```bash
+# 1. First, install the dependencies of the project
+npm install
+
+# 2. Build the Qwen Code project
+npm run build
+
+# 3. Verify that the dist directory has been generated
+ls -la packages/cli/dist/
+
+# 4. Create a global link in the CLI package directory
+cd packages/cli
+npm link
+
+# 5. Verification link (it should now point to the source code)
+which qwen
+# Expected output: /xxx/xxx/.nvm/versions/node/v24.11.1/bin/qwen
+# Or similar paths, but it should be a symbolic link
+
+# 6. For details of the symbolic link, you can see the specific source code path
+ls -la $(dirname $(which qwen))/../lib/node_modules/@qwen-code/qwen-code
+# It should show that this is a symbolic link pointing to your source code directory
+
+# 7.Test the version of qwen
+qwen -v
+# npm link will overwrite the global qwen. To avoid being unable to distinguish the same version number, you can uninstall the global CLI first
+```
+
+#### 3、Create your sandbox Dockerfile under the root directory of your own project
+
+- Path: `.qwen/sandbox.Dockerfile`
+
+- Official mirror image address:https://github.com/QwenLM/qwen-code/pkgs/container/qwen-code
+
+```bash
+# Based on the official Qwen sandbox image (It is recommended to explicitly specify the version)
+FROM ghcr.io/qwenlm/qwen-code:sha-570ec43
+# Add your extra tools here
+RUN apt-get update && apt-get install -y \
+    git \
+    python3 \
+    ripgrep
+```
+
+#### 4、Create the first sandbox image under the root directory of your project
+
+```bash
+GEMINI_SANDBOX=docker BUILD_SANDBOX=1 qwen -s
+# Observe whether the sandbox version of the tool you launched is consistent with the version of your custom image. If they are consistent, the startup will be successful
+```
+
+This builds a project-specific image based on the default sandbox image.
+
+#### Remove npm link
+
+- If you want to restore the official CLI of qwen, please remove the npm link
+
+```bash
+# Method 1: Unlink globally
+npm unlink -g @qwen-code/qwen-code
+
+# Method 2: Remove it in the packages/cli directory
+cd packages/cli
+npm unlink
+
+# Verification has been lifted
+which qwen
+# It should display "qwen not found"
+
+# Reinstall the global version if necessary
+npm install -g @qwen-code/qwen-code
+
+# Verification Recovery
+which qwen
+qwen --version
+```
--- a/docs/users/_meta.ts
+++ b/docs/users/_meta.ts
@@ -12,6 +12,7 @@ export default {
  },
  'integration-vscode': 'Visual Studio Code',
  'integration-zed': 'Zed IDE',
+  'integration-jetbrains': 'JetBrains IDEs',
  'integration-github-action': 'Github Actions',
  'Code with Qwen Code': {
    type: 'separator',
--- a/docs/users/configuration/settings.md
+++ b/docs/users/configuration/settings.md
@@ -104,7 +104,7 @@ Settings are organized into categories. All settings should be placed within the
 | `model.name`                                       | string  | The Qwen model to use for conversations.                                                                                                                                                                                                                                                                                                                               | `undefined` |
 | `model.maxSessionTurns`                            | number  | Maximum number of user/model/tool turns to keep in a session. -1 means unlimited.                                                                                                                                                                                                                                                                                      | `-1`        |
 | `model.summarizeToolOutput`                        | object  | Enables or disables the summarization of tool output. You can specify the token budget for the summarization using the `tokenBudget` setting. Note: Currently only the `run_shell_command` tool is supported. For example `{"run_shell_command": {"tokenBudget": 2000}}`                                                                                               | `undefined` |
-| `model.generationConfig`                           | object  | Advanced overrides passed to the underlying content generator. Supports request controls such as `timeout`, `maxRetries`, and `disableCacheControl`, along with fine-tuning knobs under `samplingParams` (for example `temperature`, `top_p`, `max_tokens`). Leave unset to rely on provider defaults.                                                                 | `undefined` |
+| `model.generationConfig`                           | object  | Advanced overrides passed to the underlying content generator. Supports request controls such as `timeout`, `maxRetries`, `disableCacheControl`, and `customHeaders` (custom HTTP headers for API requests), along with fine-tuning knobs under `samplingParams` (for example `temperature`, `top_p`, `max_tokens`). Leave unset to rely on provider defaults.         | `undefined` |
 | `model.chatCompression.contextPercentageThreshold` | number  | Sets the threshold for chat history compression as a percentage of the model's total token limit. This is a value between 0 and 1 that applies to both automatic compression and the manual `/compress` command. For example, a value of `0.6` will trigger compression when the chat history exceeds 60% of the token limit. Use `0` to disable compression entirely. | `0.7`       |
 | `model.skipNextSpeakerCheck`                       | boolean | Skip the next speaker check.                                                                                                                                                                                                                                                                                                                                           | `false`     |
 | `model.skipLoopDetection`                          | boolean | Disables loop detection checks. Loop detection prevents infinite loops in AI responses but can generate false positives that interrupt legitimate workflows. Enable this option if you experience frequent false positive loop detection interruptions.                                                                                                                | `false`     |
@@ -114,12 +114,16 @@ Settings are organized into categories. All settings should be placed within the

 **Example model.generationConfig:**

-```
+```json
 {
  "model": {
    "generationConfig": {
      "timeout": 60000,
      "disableCacheControl": false,
+      "customHeaders": {
+        "X-Request-ID": "req-123",
+        "X-User-ID": "user-456"
+      },
      "samplingParams": {
        "temperature": 0.2,
        "top_p": 0.8,
@@ -130,12 +134,107 @@ Settings are organized into categories. All settings should be placed within the
 }
 ```

+The `customHeaders` field allows you to add custom HTTP headers to all API requests. This is useful for request tracing, monitoring, API gateway routing, or when different models require different headers. If `customHeaders` is defined in `modelProviders[].generationConfig.customHeaders`, it will be used directly; otherwise, headers from `model.generationConfig.customHeaders` will be used. No merging occurs between the two levels.
+
 **model.openAILoggingDir examples:**

 - `"~/qwen-logs"` - Logs to `~/qwen-logs` directory
 - `"./custom-logs"` - Logs to `./custom-logs` relative to current directory
 - `"/tmp/openai-logs"` - Logs to absolute path `/tmp/openai-logs`

+#### modelProviders
+
+Use `modelProviders` to declare curated model lists per auth type that the `/model` picker can switch between. Keys must be valid auth types (`openai`, `anthropic`, `gemini`, `vertex-ai`, etc.). Each entry requires an `id` and **must include `envKey`**, with optional `name`, `description`, `baseUrl`, and `generationConfig`. Credentials are never persisted in settings; the runtime reads them from `process.env[envKey]`. Qwen OAuth models remain hard-coded and cannot be overridden.
+
+##### Example
+
+```json
+{
+  "modelProviders": {
+    "openai": [
+      {
+        "id": "gpt-4o",
+        "name": "GPT-4o",
+        "envKey": "OPENAI_API_KEY",
+        "baseUrl": "https://api.openai.com/v1",
+        "generationConfig": {
+          "timeout": 60000,
+          "maxRetries": 3,
+          "customHeaders": {
+            "X-Model-Version": "v1.0",
+            "X-Request-Priority": "high"
+          },
+          "samplingParams": { "temperature": 0.2 }
+        }
+      }
+    ],
+    "anthropic": [
+      {
+        "id": "claude-3-5-sonnet",
+        "envKey": "ANTHROPIC_API_KEY",
+        "baseUrl": "https://api.anthropic.com/v1"
+      }
+    ],
+    "gemini": [
+      {
+        "id": "gemini-2.0-flash",
+        "name": "Gemini 2.0 Flash",
+        "envKey": "GEMINI_API_KEY",
+        "baseUrl": "https://generativelanguage.googleapis.com"
+      }
+    ],
+    "vertex-ai": [
+      {
+        "id": "gemini-1.5-pro-vertex",
+        "envKey": "GOOGLE_API_KEY",
+        "baseUrl": "https://generativelanguage.googleapis.com"
+      }
+    ]
+  }
+}
+```
+
+> [!note]
+> Only the `/model` command exposes non-default auth types. Anthropic, Gemini, Vertex AI, etc., must be defined via `modelProviders`. The `/auth` command intentionally lists only the built-in Qwen OAuth and OpenAI flows.
+
+##### Resolution layers and atomicity
+
+The effective auth/model/credential values are chosen per field using the following precedence (first present wins). You can combine `--auth-type` with `--model` to point directly at a provider entry; these CLI flags run before other layers.
+
+| Layer (highest → lowest)   | authType                            | model                                           | apiKey                                              | baseUrl                                              | apiKeyEnvKey           | proxy                             |
+| -------------------------- | ----------------------------------- | ----------------------------------------------- | --------------------------------------------------- | ---------------------------------------------------- | ---------------------- | --------------------------------- |
+| Programmatic overrides     | `/auth `                            | `/auth` input                                   | `/auth` input                                       | `/auth` input                                        | —                      | —                                 |
+| Model provider selection   | —                                   | `modelProvider.id`                              | `env[modelProvider.envKey]`                         | `modelProvider.baseUrl`                              | `modelProvider.envKey` | —                                 |
+| CLI arguments              | `--auth-type`                       | `--model`                                       | `--openaiApiKey` (or provider-specific equivalents) | `--openaiBaseUrl` (or provider-specific equivalents) | —                      | —                                 |
+| Environment variables      | —                                   | Provider-specific mapping (e.g. `OPENAI_MODEL`) | Provider-specific mapping (e.g. `OPENAI_API_KEY`)   | Provider-specific mapping (e.g. `OPENAI_BASE_URL`)   | —                      | —                                 |
+| Settings (`settings.json`) | `security.auth.selectedType`        | `model.name`                                    | `security.auth.apiKey`                              | `security.auth.baseUrl`                              | —                      | —                                 |
+| Default / computed         | Falls back to `AuthType.QWEN_OAUTH` | Built-in default (OpenAI ⇒ `qwen3-coder-plus`)  | —                                                   | —                                                    | —                      | `Config.getProxy()` if configured |
+
+\*When present, CLI auth flags override settings. Otherwise, `security.auth.selectedType` or the implicit default determine the auth type. Qwen OAuth and OpenAI are the only auth types surfaced without extra configuration.
+
+Model-provider sourced values are applied atomically: once a provider model is active, every field it defines is protected from lower layers until you manually clear credentials via `/auth`. The final `generationConfig` is the projection across all layers—lower layers only fill gaps left by higher ones, and the provider layer remains impenetrable.
+
+The merge strategy for `modelProviders` is REPLACE: the entire `modelProviders` from project settings will override the corresponding section in user settings, rather than merging the two.
+
+##### Generation config layering
+
+Per-field precedence for `generationConfig`:
+
+1. Programmatic overrides (e.g. runtime `/model`, `/auth` changes)
+2. `modelProviders[authType][].generationConfig`
+3. `settings.model.generationConfig`
+4. Content-generator defaults (`getDefaultGenerationConfig` for OpenAI, `getParameterValue` for Gemini, etc.)
+
+`samplingParams` and `customHeaders` are both treated atomically; provider values replace the entire object. If `modelProviders[].generationConfig` defines these fields, they are used directly; otherwise, values from `model.generationConfig` are used. No merging occurs between provider and global configuration levels. Defaults from the content generator apply last so each provider retains its tuned baseline.
+
+##### Selection persistence and recommendations
+
+> [!important]
+> Define `modelProviders` in the user-scope `~/.qwen/settings.json` whenever possible and avoid persisting credential overrides in any scope. Keeping the provider catalog in user settings prevents merge/override conflicts between project and user scopes and ensures `/auth` and `/model` updates always write back to a consistent scope.
+
+- `/model` and `/auth` persist `model.name` (where applicable) and `security.auth.selectedType` to the closest writable scope that already defines `modelProviders`; otherwise they fall back to the user scope. This keeps workspace/user files in sync with the active provider catalog.
+- Without `modelProviders`, the resolver mixes CLI/env/settings layers, which is fine for single-provider setups but cumbersome when frequently switching. Define provider catalogs whenever multi-model workflows are common so that switches stay atomic, source-attributed, and debuggable.
+
 #### context

 | Setting                                           | Type                       | Description                                                                                                                                                                                                                                                                                                                                                           | Default     |
@@ -381,7 +480,7 @@ Arguments passed directly when running the CLI can override other configurations
 | `--telemetry-otlp-protocol`  |       | Sets the OTLP protocol for telemetry (`grpc` or `http`).                                                                                                                                |                                        | Defaults to `grpc`. See [telemetry](../../developers/development/telemetry) for more information.                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
 | `--telemetry-log-prompts`    |       | Enables logging of prompts for telemetry.                                                                                                                                               |                                        | See [telemetry](../../developers/development/telemetry) for more information.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | `--checkpointing`            |       | Enables [checkpointing](../features/checkpointing).                                                                                                                                     |                                        |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
-| `--experimental-acp`         |       | Enables ACP mode (Agent Control Protocol). Useful for IDE/editor integrations like [Zed](../integration-zed).                                                                           |                                        | Experimental.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+| `--acp`                      |       | Enables ACP mode (Agent Client Protocol). Useful for IDE/editor integrations like [Zed](../integration-zed).                                                                            |                                        | Stable. Replaces the deprecated `--experimental-acp` flag.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
 | `--experimental-skills`      |       | Enables experimental [Agent Skills](../features/skills) (registers the `skill` tool and loads Skills from `.qwen/skills/` and `~/.qwen/skills/`).                                       |                                        | Experimental.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | `--extensions`               | `-e`  | Specifies a list of extensions to use for the session.                                                                                                                                  | Extension names                        | If not provided, all available extensions are used. Use the special term `qwen -e none` to disable all extensions. Example: `qwen -e my-extension -e my-other-extension`                                                                                                                                                                                                                                                                                                                                                                                        |
 | `--list-extensions`          | `-l`  | Lists all available extensions and exits.                                                                                                                                               |                                        |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
--- a/docs/users/features/commands.md
+++ b/docs/users/features/commands.md
@@ -59,6 +59,7 @@ Commands for managing AI tools and models.
 | ---------------- | --------------------------------------------- | --------------------------------------------- |
 | `/mcp`           | List configured MCP servers and tools         | `/mcp`, `/mcp desc`                           |
 | `/tools`         | Display currently available tool list         | `/tools`, `/tools desc`                       |
+| `/skills`        | List and run available skills (experimental)  | `/skills`, `/skills <name>`                   |
 | `/approval-mode` | Change approval mode for tool usage           | `/approval-mode <mode (auto-edit)> --project` |
 | →`plan`          | Analysis only, no execution                   | Secure review                                 |
 | →`default`       | Require approval for edits                    | Daily use                                     |
--- a/docs/users/features/sandbox.md
+++ b/docs/users/features/sandbox.md
@@ -49,6 +49,8 @@ Cross-platform sandboxing with complete process isolation.

 By default, Qwen Code uses a published sandbox image (configured in the CLI package) and will pull it as needed.

+The container sandbox mounts your workspace and your `~/.qwen` directory into the container so auth and settings persist between runs.
+
 **Best for**: Strong isolation on any OS, consistent tooling inside a known image.

 ### Choosing a method
@@ -157,22 +159,13 @@ For a working allowlist-style proxy example, see: [Example Proxy Script](/develo

 ## Linux UID/GID handling

-The sandbox automatically handles user permissions on Linux. Override these permissions with:
+On Linux, Qwen Code defaults to enabling UID/GID mapping so the sandbox runs as your user (and reuses the mounted `~/.qwen`). Override with:

 ```bash
 export SANDBOX_SET_UID_GID=true   # Force host UID/GID
 export SANDBOX_SET_UID_GID=false  # Disable UID/GID mapping
 ```

-## Customizing the sandbox environment (Docker/Podman)
-
-If you need extra tools inside the container (e.g., `git`, `python`, `rg`), create a custom Dockerfile:
-
- Path: `.qwen/sandbox.Dockerfile`
- Then run with: `BUILD_SANDBOX=1 qwen -s ...`
-
-This builds a project-specific image based on the default sandbox image.
-
 ## Troubleshooting

 ### Common issues
--- a/docs/users/features/skills.md
+++ b/docs/users/features/skills.md
@@ -27,6 +27,14 @@ Agent Skills package expertise into discoverable capabilities. Each Skill consis

 Skills are **model-invoked** — the model autonomously decides when to use them based on your request and the Skill’s description. This is different from slash commands, which are **user-invoked** (you explicitly type `/command`).

+If you want to invoke a Skill explicitly, use the `/skills` slash command:
+
+```bash
+/skills <skill-name>
+```
+
+The `/skills` command is only available when you run with `--experimental-skills`. Use autocomplete to browse available Skills and descriptions.
+
 ### Benefits

 - Extend Qwen Code for your workflows
--- a/docs/users/integration-jetbrains.md
+++ b/docs/users/integration-jetbrains.md
@@ -0,0 +1,57 @@
+# JetBrains IDEs
+
+> JetBrains IDEs provide native support for AI coding assistants through the Agent Client Protocol (ACP). This integration allows you to use Qwen Code directly within your JetBrains IDE with real-time code suggestions.
+
+### Features
+
+- **Native agent experience**: Integrated AI assistant panel within your JetBrains IDE
+- **Agent Client Protocol**: Full support for ACP enabling advanced IDE interactions
+- **Symbol management**: #-mention files to add them to the conversation context
+- **Conversation history**: Access to past conversations within the IDE
+
+### Requirements
+
+- JetBrains IDE with ACP support (IntelliJ IDEA, WebStorm, PyCharm, etc.)
+- Qwen Code CLI installed
+
+### Installation
+
+1. Install Qwen Code CLI:
+
+   ```bash
+   npm install -g @qwen-code/qwen-code
+   ```
+
+2. Open your JetBrains IDE and navigate to AI Chat tool window.
+
+3. Click the 3-dot menu in the upper-right corner and select **Configure ACP Agent** and configure Qwen Code with the following settings:
+
+```json
+{
+  "agent_servers": {
+    "qwen": {
+      "command": "/path/to/qwen",
+      "args": ["--acp"],
+      "env": {}
+    }
+  }
+}
+```
+
+4. The Qwen Code agent should now be available in the AI Assistant panel
+
+![Qwen Code in JetBrains AI Chat](https://img.alicdn.com/imgextra/i3/O1CN01ZxYel21y433Ci6eg0_!!6000000006524-2-tps-2774-1494.png)
+
+## Troubleshooting
+
+### Agent not appearing
+
+- Run `qwen --version` in terminal to verify installation
+- Ensure your JetBrains IDE version supports ACP
+- Restart your JetBrains IDE
+
+### Qwen Code not responding
+
+- Check your internet connection
+- Verify CLI works by running `qwen` in terminal
+- [File an issue on GitHub](https://github.com/qwenlm/qwen-code/issues) if the problem persists
--- a/docs/users/integration-vscode.md
+++ b/docs/users/integration-vscode.md
@@ -18,23 +18,17 @@

 ### Requirements

- VS Code 1.98.0 or higher
+- VS Code 1.85.0 or higher

 ### Installation

-1. Install Qwen Code CLI:
-
-   ```bash
-   npm install -g qwen-code
-   ```
-
-2. Download and install the extension from the [Visual Studio Code Extension Marketplace](https://marketplace.visualstudio.com/items?itemName=qwenlm.qwen-code-vscode-ide-companion).
+Download and install the extension from the [Visual Studio Code Extension Marketplace](https://marketplace.visualstudio.com/items?itemName=qwenlm.qwen-code-vscode-ide-companion).

 ## Troubleshooting

 ### Extension not installing

- Ensure you have VS Code 1.98.0 or higher
+- Ensure you have VS Code 1.85.0 or higher
 - Check that VS Code has permission to install extensions
 - Try installing directly from the Marketplace website

--- a/docs/users/integration-zed.md
+++ b/docs/users/integration-zed.md
@@ -1,6 +1,6 @@
 # Zed Editor

-> Zed Editor provides native support for AI coding assistants through the Agent Control Protocol (ACP). This integration allows you to use Qwen Code directly within Zed's interface with real-time code suggestions.
+> Zed Editor provides native support for AI coding assistants through the Agent Client Protocol (ACP). This integration allows you to use Qwen Code directly within Zed's interface with real-time code suggestions.

 ![Zed Editor Overview](https://img.alicdn.com/imgextra/i1/O1CN01aAhU311GwEoNh27FP_!!6000000000686-2-tps-3024-1898.png)

@@ -20,9 +20,9 @@

 1. Install Qwen Code CLI:

-   ```bash
-   npm install -g qwen-code
-   ```
+```bash
+npm install -g @qwen-code/qwen-code
+```

 2. Download and install [Zed Editor](https://zed.dev/)

@@ -32,7 +32,7 @@
 "Qwen Code": {
  "type": "custom",
  "command": "qwen",
-  "args": ["--experimental-acp"],
+  "args": ["--acp"],
  "env": {}
 }
 ```
--- a/docs/users/overview.md
+++ b/docs/users/overview.md
@@ -1,5 +1,6 @@
 # Qwen Code overview
-[![@qwen-code/qwen-code downloads](https://img.shields.io/npm/dw/@qwen-code/qwen-code.svg)](https://npm-compare.com/@qwen-code/qwen-code) 
+
+[![@qwen-code/qwen-code downloads](https://img.shields.io/npm/dw/@qwen-code/qwen-code.svg)](https://npm-compare.com/@qwen-code/qwen-code)
 [![@qwen-code/qwen-code version](https://img.shields.io/npm/v/@qwen-code/qwen-code.svg)](https://www.npmjs.com/package/@qwen-code/qwen-code)

 > Learn about Qwen Code, Qwen's agentic coding tool that lives in your terminal and helps you turn ideas into code faster than ever before.
--- a/docs/users/quickstart.md
+++ b/docs/users/quickstart.md
@@ -159,7 +159,7 @@ Qwen Code will:

 ### Test out other common workflows

-There are a number of ways to work with Claude:
+There are a number of ways to work with Qwen Code:

 **Refactor code**

--- a/docs/users/support/troubleshooting.md
+++ b/docs/users/support/troubleshooting.md
@@ -9,11 +9,18 @@ This guide provides solutions to common issues and debugging tips, including top

 ## Authentication or login errors

- **Error: `UNABLE_TO_GET_ISSUER_CERT_LOCALLY` or `unable to get local issuer certificate`**
+- **Error: `UNABLE_TO_GET_ISSUER_CERT_LOCALLY`, `UNABLE_TO_VERIFY_LEAF_SIGNATURE`, or `unable to get local issuer certificate`**
  - **Cause:** You may be on a corporate network with a firewall that intercepts and inspects SSL/TLS traffic. This often requires a custom root CA certificate to be trusted by Node.js.
  - **Solution:** Set the `NODE_EXTRA_CA_CERTS` environment variable to the absolute path of your corporate root CA certificate file.
    - Example: `export NODE_EXTRA_CA_CERTS=/path/to/your/corporate-ca.crt`

+- **Error: `Device authorization flow failed: fetch failed`**
+  - **Cause:** Node.js could not reach Qwen OAuth endpoints (often a proxy or SSL/TLS trust issue). When available, Qwen Code will also print the underlying error cause (for example: `UNABLE_TO_VERIFY_LEAF_SIGNATURE`).
+  - **Solution:**
+    - Confirm you can access `https://chat.qwen.ai` from the same machine/network.
+    - If you are behind a proxy, set it via `qwen --proxy <url>` (or the `proxy` setting in `settings.json`).
+    - If your network uses a corporate TLS inspection CA, set `NODE_EXTRA_CA_CERTS` as described above.
+
 - **Issue: Unable to display UI after authentication failure**
  - **Cause:** If authentication fails after selecting an authentication type, the `security.auth.selectedType` setting may be persisted in `settings.json`. On restart, the CLI may get stuck trying to authenticate with the failed auth type and fail to display the UI.
  - **Solution:** Clear the `security.auth.selectedType` configuration item in your `settings.json` file:
--- a/eslint.config.js
+++ b/eslint.config.js
@@ -26,6 +26,7 @@ export default tseslint.config(
      'dist/**',
      'docs-site/.next/**',
      'docs-site/out/**',
+      'packages/cli/src/services/insight-page/**',
    ],
  },
  eslint.configs.recommended,
--- a/integration-tests/acp-integration.test.ts
+++ b/integration-tests/acp-integration.test.ts
@@ -80,10 +80,11 @@ type PermissionHandler = (

 /**
 * Sets up an ACP test environment with all necessary utilities.
+ * @param useNewFlag - If true, uses --acp; if false, uses --experimental-acp (for backward compatibility testing)
 */
 function setupAcpTest(
  rig: TestRig,
-  options?: { permissionHandler?: PermissionHandler },
+  options?: { permissionHandler?: PermissionHandler; useNewFlag?: boolean },
 ) {
  const pending = new Map<number, PendingRequest>();
  let nextRequestId = 1;
@@ -95,9 +96,13 @@ function setupAcpTest(
  const permissionHandler =
    options?.permissionHandler ?? (() => ({ optionId: 'proceed_once' }));

+  // Use --acp by default, but allow testing with --experimental-acp for backward compatibility
+  const acpFlag =
+    options?.useNewFlag !== false ? '--acp' : '--experimental-acp';
+
  const agent = spawn(
    'node',
-    [rig.bundlePath, '--experimental-acp', '--no-chat-recording'],
+    [rig.bundlePath, acpFlag, '--no-chat-recording'],
    {
      cwd: rig.testDir!,
      stdio: ['pipe', 'pipe', 'pipe'],
@@ -621,3 +626,99 @@ function setupAcpTest(
    }
  });
 });
+
+(IS_SANDBOX ? describe.skip : describe)(
+  'acp flag backward compatibility',
+  () => {
+    it('should work with deprecated --experimental-acp flag and show warning', async () => {
+      const rig = new TestRig();
+      rig.setup('acp backward compatibility');
+
+      const { sendRequest, cleanup, stderr } = setupAcpTest(rig, {
+        useNewFlag: false,
+      });
+
+      try {
+        const initResult = await sendRequest('initialize', {
+          protocolVersion: 1,
+          clientCapabilities: {
+            fs: { readTextFile: true, writeTextFile: true },
+          },
+        });
+        expect(initResult).toBeDefined();
+
+        // Verify deprecation warning is shown
+        const stderrOutput = stderr.join('');
+        expect(stderrOutput).toContain('--experimental-acp is deprecated');
+        expect(stderrOutput).toContain('Please use --acp instead');
+
+        await sendRequest('authenticate', { methodId: 'openai' });
+
+        const newSession = (await sendRequest('session/new', {
+          cwd: rig.testDir!,
+          mcpServers: [],
+        })) as { sessionId: string };
+        expect(newSession.sessionId).toBeTruthy();
+
+        // Verify functionality still works
+        const promptResult = await sendRequest('session/prompt', {
+          sessionId: newSession.sessionId,
+          prompt: [{ type: 'text', text: 'Say hello.' }],
+        });
+        expect(promptResult).toBeDefined();
+      } catch (e) {
+        if (stderr.length) {
+          console.error('Agent stderr:', stderr.join(''));
+        }
+        throw e;
+      } finally {
+        await cleanup();
+      }
+    });
+
+    it('should work with new --acp flag without warnings', async () => {
+      const rig = new TestRig();
+      rig.setup('acp new flag');
+
+      const { sendRequest, cleanup, stderr } = setupAcpTest(rig, {
+        useNewFlag: true,
+      });
+
+      try {
+        const initResult = await sendRequest('initialize', {
+          protocolVersion: 1,
+          clientCapabilities: {
+            fs: { readTextFile: true, writeTextFile: true },
+          },
+        });
+        expect(initResult).toBeDefined();
+
+        // Verify no deprecation warning is shown
+        const stderrOutput = stderr.join('');
+        expect(stderrOutput).not.toContain('--experimental-acp is deprecated');
+
+        await sendRequest('authenticate', { methodId: 'openai' });
+
+        const newSession = (await sendRequest('session/new', {
+          cwd: rig.testDir!,
+          mcpServers: [],
+        })) as { sessionId: string };
+        expect(newSession.sessionId).toBeTruthy();
+
+        // Verify functionality works
+        const promptResult = await sendRequest('session/prompt', {
+          sessionId: newSession.sessionId,
+          prompt: [{ type: 'text', text: 'Say hello.' }],
+        });
+        expect(promptResult).toBeDefined();
+      } catch (e) {
+        if (stderr.length) {
+          console.error('Agent stderr:', stderr.join(''));
+        }
+        throw e;
+      } finally {
+        await cleanup();
+      }
+    });
+  },
+);
--- a/integration-tests/sdk-typescript/permission-control.test.ts
+++ b/integration-tests/sdk-typescript/permission-control.test.ts
@@ -831,7 +831,7 @@ describe('Permission Control (E2E)', () => {
        TEST_TIMEOUT,
      );

-      it(
+      it.skip(
        'should execute dangerous commands without confirmation',
        async () => {
          const q = query({
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.6.0-preview.2",
+  "version": "0.7.1",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@qwen-code/qwen-code",
-      "version": "0.6.0-preview.2",
+      "version": "0.7.1",
      "workspaces": [
        "packages/*"
      ],
@@ -6216,10 +6216,7 @@
      "version": "4.0.3",
      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
-      "dev": true,
      "license": "MIT",
-      "optional": true,
-      "peer": true,
      "dependencies": {
        "readdirp": "^4.0.1"
      },
@@ -13882,10 +13879,7 @@
      "version": "4.1.2",
      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
      "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==",
-      "dev": true,
      "license": "MIT",
-      "optional": true,
-      "peer": true,
      "engines": {
        "node": ">= 14.18.0"
      },
@@ -17316,7 +17310,7 @@
    },
    "packages/cli": {
      "name": "@qwen-code/qwen-code",
-      "version": "0.6.0-preview.2",
+      "version": "0.7.1",
      "dependencies": {
        "@google/genai": "1.30.0",
        "@iarna/toml": "^2.2.5",
@@ -17953,7 +17947,7 @@
    },
    "packages/core": {
      "name": "@qwen-code/qwen-code-core",
-      "version": "0.6.0-preview.2",
+      "version": "0.7.1",
      "hasInstallScript": true,
      "dependencies": {
        "@anthropic-ai/sdk": "^0.36.1",
@@ -17974,6 +17968,7 @@
        "ajv-formats": "^3.0.0",
        "async-mutex": "^0.5.0",
        "chardet": "^2.1.0",
+        "chokidar": "^4.0.3",
        "diff": "^7.0.0",
        "dotenv": "^17.1.0",
        "fast-levenshtein": "^2.0.6",
@@ -18593,7 +18588,7 @@
    },
    "packages/sdk-typescript": {
      "name": "@qwen-code/sdk",
-      "version": "0.1.0",
+      "version": "0.1.3",
      "license": "Apache-2.0",
      "dependencies": {
        "@modelcontextprotocol/sdk": "^1.25.1",
@@ -21413,7 +21408,7 @@
    },
    "packages/test-utils": {
      "name": "@qwen-code/qwen-code-test-utils",
-      "version": "0.6.0-preview.2",
+      "version": "0.7.1",
      "dev": true,
      "license": "Apache-2.0",
      "devDependencies": {
@@ -21425,7 +21420,7 @@
    },
    "packages/vscode-ide-companion": {
      "name": "qwen-code-vscode-ide-companion",
-      "version": "0.6.0-preview.2",
+      "version": "0.7.1",
      "license": "LICENSE",
      "dependencies": {
        "@modelcontextprotocol/sdk": "^1.25.1",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.6.0-preview.2",
+  "version": "0.7.1",
  "engines": {
    "node": ">=20.0.0"
  },
@@ -13,7 +13,7 @@
    "url": "git+https://github.com/QwenLM/qwen-code.git"
  },
  "config": {
-    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.6.0-preview.2"
+    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.7.1"
  },
  "scripts": {
    "start": "cross-env node scripts/start.js",
@@ -125,7 +125,7 @@
  "lint-staged": {
    "*.{js,jsx,ts,tsx}": [
      "prettier --write",
-      "eslint --fix --max-warnings 0"
+      "eslint --fix --max-warnings 0 --no-warn-ignored"
    ],
    "*.{json,md}": [
      "prettier --write"
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.6.0-preview.2",
+  "version": "0.7.1",
  "description": "Qwen Code",
  "repository": {
    "type": "git",
@@ -33,7 +33,7 @@
    "dist"
  ],
  "config": {
-    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.6.0-preview.2"
+    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.7.1"
  },
  "dependencies": {
    "@google/genai": "1.30.0",
--- a/packages/cli/src/config/auth.test.ts
+++ b/packages/cli/src/config/auth.test.ts
@@ -1,41 +1,112 @@
 /**
 * @license
- * Copyright 2025 Google LLC
+ * Copyright 2025 Qwen Team
 * SPDX-License-Identifier: Apache-2.0
 */

 import { AuthType } from '@qwen-code/qwen-code-core';
 import { vi } from 'vitest';
 import { validateAuthMethod } from './auth.js';
+import * as settings from './settings.js';

 vi.mock('./settings.js', () => ({
  loadEnvironment: vi.fn(),
  loadSettings: vi.fn().mockReturnValue({
-    merged: vi.fn().mockReturnValue({}),
+    merged: {},
  }),
 }));

 describe('validateAuthMethod', () => {
  beforeEach(() => {
    vi.resetModules();
+    // Reset mock to default
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {},
+    } as ReturnType<typeof settings.loadSettings>);
  });

  afterEach(() => {
    vi.unstubAllEnvs();
+    delete process.env['OPENAI_API_KEY'];
+    delete process.env['CUSTOM_API_KEY'];
+    delete process.env['GEMINI_API_KEY'];
+    delete process.env['GEMINI_API_KEY_ALTERED'];
+    delete process.env['ANTHROPIC_API_KEY'];
+    delete process.env['ANTHROPIC_BASE_URL'];
+    delete process.env['GOOGLE_API_KEY'];
  });

-  it('should return null for USE_OPENAI', () => {
+  it('should return null for USE_OPENAI with default env key', () => {
    process.env['OPENAI_API_KEY'] = 'fake-key';
    expect(validateAuthMethod(AuthType.USE_OPENAI)).toBeNull();
  });

-  it('should return an error message for USE_OPENAI if OPENAI_API_KEY is not set', () => {
-    delete process.env['OPENAI_API_KEY'];
+  it('should return an error message for USE_OPENAI if no API key is available', () => {
    expect(validateAuthMethod(AuthType.USE_OPENAI)).toBe(
-      'OPENAI_API_KEY environment variable not found. You can enter it interactively or add it to your .env file.',
+      "Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the 'OPENAI_API_KEY' environment variable.",
    );
  });

+  it('should return null for USE_OPENAI with custom envKey from modelProviders', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'custom-model' },
+        modelProviders: {
+          openai: [{ id: 'custom-model', envKey: 'CUSTOM_API_KEY' }],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['CUSTOM_API_KEY'] = 'custom-key';
+
+    expect(validateAuthMethod(AuthType.USE_OPENAI)).toBeNull();
+  });
+
+  it('should return error with custom envKey hint when modelProviders envKey is set but env var is missing', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'custom-model' },
+        modelProviders: {
+          openai: [{ id: 'custom-model', envKey: 'CUSTOM_API_KEY' }],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+
+    const result = validateAuthMethod(AuthType.USE_OPENAI);
+    expect(result).toContain('CUSTOM_API_KEY');
+  });
+
+  it('should return null for USE_GEMINI with custom envKey', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'gemini-1.5-flash' },
+        modelProviders: {
+          gemini: [
+            { id: 'gemini-1.5-flash', envKey: 'GEMINI_API_KEY_ALTERED' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['GEMINI_API_KEY_ALTERED'] = 'altered-key';
+
+    expect(validateAuthMethod(AuthType.USE_GEMINI)).toBeNull();
+  });
+
+  it('should return error with custom envKey for USE_GEMINI when env var is missing', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'gemini-1.5-flash' },
+        modelProviders: {
+          gemini: [
+            { id: 'gemini-1.5-flash', envKey: 'GEMINI_API_KEY_ALTERED' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+
+    const result = validateAuthMethod(AuthType.USE_GEMINI);
+    expect(result).toContain('GEMINI_API_KEY_ALTERED');
+  });
+
  it('should return null for QWEN_OAUTH', () => {
    expect(validateAuthMethod(AuthType.QWEN_OAUTH)).toBeNull();
  });
@@ -45,4 +116,115 @@ describe('validateAuthMethod', () => {
      'Invalid auth method selected.',
    );
  });
+
+  it('should return null for USE_ANTHROPIC with custom envKey and baseUrl', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'claude-3' },
+        modelProviders: {
+          anthropic: [
+            {
+              id: 'claude-3',
+              envKey: 'CUSTOM_ANTHROPIC_KEY',
+              baseUrl: 'https://api.anthropic.com',
+            },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['CUSTOM_ANTHROPIC_KEY'] = 'custom-anthropic-key';
+
+    expect(validateAuthMethod(AuthType.USE_ANTHROPIC)).toBeNull();
+  });
+
+  it('should return error for USE_ANTHROPIC when baseUrl is missing', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'claude-3' },
+        modelProviders: {
+          anthropic: [{ id: 'claude-3', envKey: 'CUSTOM_ANTHROPIC_KEY' }],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['CUSTOM_ANTHROPIC_KEY'] = 'custom-key';
+
+    const result = validateAuthMethod(AuthType.USE_ANTHROPIC);
+    expect(result).toContain('modelProviders[].baseUrl');
+  });
+
+  it('should return null for USE_VERTEX_AI with custom envKey', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'vertex-model' },
+        modelProviders: {
+          'vertex-ai': [
+            { id: 'vertex-model', envKey: 'GOOGLE_API_KEY_VERTEX' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['GOOGLE_API_KEY_VERTEX'] = 'vertex-key';
+
+    expect(validateAuthMethod(AuthType.USE_VERTEX_AI)).toBeNull();
+  });
+
+  it('should use config.modelsConfig.getModel() when Config is provided', () => {
+    // Settings has a different model
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'settings-model' },
+        modelProviders: {
+          openai: [
+            { id: 'settings-model', envKey: 'SETTINGS_API_KEY' },
+            { id: 'cli-model', envKey: 'CLI_API_KEY' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+
+    // Mock Config object that returns a different model (e.g., from CLI args)
+    const mockConfig = {
+      modelsConfig: {
+        getModel: vi.fn().mockReturnValue('cli-model'),
+      },
+    } as unknown as import('@qwen-code/qwen-code-core').Config;
+
+    // Set the env key for the CLI model, not the settings model
+    process.env['CLI_API_KEY'] = 'cli-key';
+
+    // Should use 'cli-model' from config.modelsConfig.getModel(), not 'settings-model'
+    const result = validateAuthMethod(AuthType.USE_OPENAI, mockConfig);
+    expect(result).toBeNull();
+    expect(mockConfig.modelsConfig.getModel).toHaveBeenCalled();
+  });
+
+  it('should fail validation when Config provides different model without matching env key', () => {
+    // Clean up any existing env keys first
+    delete process.env['CLI_API_KEY'];
+    delete process.env['SETTINGS_API_KEY'];
+    delete process.env['OPENAI_API_KEY'];
+
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'settings-model' },
+        modelProviders: {
+          openai: [
+            { id: 'settings-model', envKey: 'SETTINGS_API_KEY' },
+            { id: 'cli-model', envKey: 'CLI_API_KEY' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+
+    const mockConfig = {
+      modelsConfig: {
+        getModel: vi.fn().mockReturnValue('cli-model'),
+      },
+    } as unknown as import('@qwen-code/qwen-code-core').Config;
+
+    // Don't set CLI_API_KEY - validation should fail
+    const result = validateAuthMethod(AuthType.USE_OPENAI, mockConfig);
+    expect(result).not.toBeNull();
+    expect(result).toContain('CLI_API_KEY');
+  });
 });
--- a/packages/cli/src/config/auth.ts
+++ b/packages/cli/src/config/auth.ts
@@ -1,21 +1,169 @@
 /**
 * @license
- * Copyright 2025 Google LLC
+ * Copyright 2025 Qwen Team
 * SPDX-License-Identifier: Apache-2.0
 */

-import { AuthType } from '@qwen-code/qwen-code-core';
-import { loadEnvironment, loadSettings } from './settings.js';
+import {
+  AuthType,
+  type Config,
+  type ModelProvidersConfig,
+  type ProviderModelConfig,
+} from '@qwen-code/qwen-code-core';
+import { loadEnvironment, loadSettings, type Settings } from './settings.js';
+import { t } from '../i18n/index.js';

-export function validateAuthMethod(authMethod: string): string | null {
+/**
+ * Default environment variable names for each auth type
+ */
+const DEFAULT_ENV_KEYS: Record<string, string> = {
+  [AuthType.USE_OPENAI]: 'OPENAI_API_KEY',
+  [AuthType.USE_ANTHROPIC]: 'ANTHROPIC_API_KEY',
+  [AuthType.USE_GEMINI]: 'GEMINI_API_KEY',
+  [AuthType.USE_VERTEX_AI]: 'GOOGLE_API_KEY',
+};
+
+/**
+ * Find model configuration from modelProviders by authType and modelId
+ */
+function findModelConfig(
+  modelProviders: ModelProvidersConfig | undefined,
+  authType: string,
+  modelId: string | undefined,
+): ProviderModelConfig | undefined {
+  if (!modelProviders || !modelId) {
+    return undefined;
+  }
+
+  const models = modelProviders[authType];
+  if (!Array.isArray(models)) {
+    return undefined;
+  }
+
+  return models.find((m) => m.id === modelId);
+}
+
+/**
+ * Check if API key is available for the given auth type and model configuration.
+ * Prioritizes custom envKey from modelProviders over default environment variables.
+ */
+function hasApiKeyForAuth(
+  authType: string,
+  settings: Settings,
+  config?: Config,
+): {
+  hasKey: boolean;
+  checkedEnvKey: string | undefined;
+  isExplicitEnvKey: boolean;
+} {
+  const modelProviders = settings.modelProviders as
+    | ModelProvidersConfig
+    | undefined;
+
+  // Use config.modelsConfig.getModel() if available for accurate model ID resolution
+  // that accounts for CLI args, env vars, and settings. Fall back to settings.model.name.
+  const modelId = config?.modelsConfig.getModel() ?? settings.model?.name;
+
+  // Try to find model-specific envKey from modelProviders
+  const modelConfig = findModelConfig(modelProviders, authType, modelId);
+  if (modelConfig?.envKey) {
+    // Explicit envKey configured - only check this env var, no apiKey fallback
+    const hasKey = !!process.env[modelConfig.envKey];
+    return {
+      hasKey,
+      checkedEnvKey: modelConfig.envKey,
+      isExplicitEnvKey: true,
+    };
+  }
+
+  // Using default environment variable - apiKey fallback is allowed
+  const defaultEnvKey = DEFAULT_ENV_KEYS[authType];
+  if (defaultEnvKey) {
+    const hasKey = !!process.env[defaultEnvKey];
+    if (hasKey) {
+      return { hasKey, checkedEnvKey: defaultEnvKey, isExplicitEnvKey: false };
+    }
+  }
+
+  // Also check settings.security.auth.apiKey as fallback (only for default env key)
+  if (settings.security?.auth?.apiKey) {
+    return {
+      hasKey: true,
+      checkedEnvKey: defaultEnvKey || undefined,
+      isExplicitEnvKey: false,
+    };
+  }
+
+  return {
+    hasKey: false,
+    checkedEnvKey: defaultEnvKey,
+    isExplicitEnvKey: false,
+  };
+}
+
+/**
+ * Generate API key error message based on auth check result.
+ * Returns null if API key is present, otherwise returns the appropriate error message.
+ */
+function getApiKeyError(
+  authMethod: string,
+  settings: Settings,
+  config?: Config,
+): string | null {
+  const { hasKey, checkedEnvKey, isExplicitEnvKey } = hasApiKeyForAuth(
+    authMethod,
+    settings,
+    config,
+  );
+  if (hasKey) {
+    return null;
+  }
+
+  const envKeyHint = checkedEnvKey || DEFAULT_ENV_KEYS[authMethod];
+  if (isExplicitEnvKey) {
+    return t(
+      '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.',
+      { envKeyHint },
+    );
+  }
+  return t(
+    '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.',
+    { envKeyHint },
+  );
+}
+
+/**
+ * Validate that the required credentials and configuration exist for the given auth method.
+ */
+export function validateAuthMethod(
+  authMethod: string,
+  config?: Config,
+): string | null {
  const settings = loadSettings();
  loadEnvironment(settings.merged);

  if (authMethod === AuthType.USE_OPENAI) {
-    const hasApiKey =
-      process.env['OPENAI_API_KEY'] || settings.merged.security?.auth?.apiKey;
-    if (!hasApiKey) {
-      return 'OPENAI_API_KEY environment variable not found. You can enter it interactively or add it to your .env file.';
+    const { hasKey, checkedEnvKey, isExplicitEnvKey } = hasApiKeyForAuth(
+      authMethod,
+      settings.merged,
+      config,
+    );
+    if (!hasKey) {
+      const envKeyHint = checkedEnvKey
+        ? `'${checkedEnvKey}'`
+        : "'OPENAI_API_KEY'";
+      if (isExplicitEnvKey) {
+        // Explicit envKey configured - only suggest setting the env var
+        return t(
+          'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.',
+          { envKeyHint },
+        );
+      }
+      // Default env key - can use either apiKey or env var
+      return t(
+        'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.',
+        { envKeyHint },
+      );
    }
    return null;
  }
@@ -27,36 +175,49 @@ export function validateAuthMethod(authMethod: string): string | null {
  }

  if (authMethod === AuthType.USE_ANTHROPIC) {
-    const hasApiKey = process.env['ANTHROPIC_API_KEY'];
-    if (!hasApiKey) {
-      return 'ANTHROPIC_API_KEY environment variable not found.';
+    const apiKeyError = getApiKeyError(authMethod, settings.merged, config);
+    if (apiKeyError) {
+      return apiKeyError;
    }

-    const hasBaseUrl = process.env['ANTHROPIC_BASE_URL'];
-    if (!hasBaseUrl) {
-      return 'ANTHROPIC_BASE_URL environment variable not found.';
+    // Check baseUrl - can come from modelProviders or environment
+    const modelProviders = settings.merged.modelProviders as
+      | ModelProvidersConfig
+      | undefined;
+    // Use config.modelsConfig.getModel() if available for accurate model ID
+    const modelId =
+      config?.modelsConfig.getModel() ?? settings.merged.model?.name;
+    const modelConfig = findModelConfig(modelProviders, authMethod, modelId);
+
+    if (modelConfig && !modelConfig.baseUrl) {
+      return t(
+        'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.',
+      );
+    }
+    if (!modelConfig && !process.env['ANTHROPIC_BASE_URL']) {
+      return t('ANTHROPIC_BASE_URL environment variable not found.');
    }

    return null;
  }

  if (authMethod === AuthType.USE_GEMINI) {
-    const hasApiKey = process.env['GEMINI_API_KEY'];
-    if (!hasApiKey) {
-      return 'GEMINI_API_KEY environment variable not found. Please set it in your .env file or environment variables.';
+    const apiKeyError = getApiKeyError(authMethod, settings.merged, config);
+    if (apiKeyError) {
+      return apiKeyError;
    }
    return null;
  }

  if (authMethod === AuthType.USE_VERTEX_AI) {
-    const hasApiKey = process.env['GOOGLE_API_KEY'];
-    if (!hasApiKey) {
-      return 'GOOGLE_API_KEY environment variable not found. Please set it in your .env file or environment variables.';
+    const apiKeyError = getApiKeyError(authMethod, settings.merged, config);
+    if (apiKeyError) {
+      return apiKeyError;
    }

    process.env['GOOGLE_GENAI_USE_VERTEXAI'] = 'true';
    return null;
  }

-  return 'Invalid auth method selected.';
+  return t('Invalid auth method selected.');
 }
--- a/packages/cli/src/config/config.test.ts
+++ b/packages/cli/src/config/config.test.ts
@@ -77,10 +77,8 @@ vi.mock('read-package-up', () => ({
  ),
 }));

-vi.mock('@qwen-code/qwen-code-core', async () => {
-  const actualServer = await vi.importActual<typeof ServerConfig>(
-    '@qwen-code/qwen-code-core',
-  );
+vi.mock('@qwen-code/qwen-code-core', async (importOriginal) => {
+  const actualServer = await importOriginal<typeof ServerConfig>();
  return {
    ...actualServer,
    IdeClient: {
@@ -1597,6 +1595,58 @@ describe('Approval mode tool exclusion logic', () => {
    expect(excludedTools).toContain(WriteFileTool.Name);
  });

+  it('should not exclude a tool explicitly allowed in tools.allowed', async () => {
+    process.argv = ['node', 'script.js', '-p', 'test'];
+    const argv = await parseArguments({} as Settings);
+    const settings: Settings = {
+      tools: {
+        allowed: [ShellTool.Name],
+      },
+    };
+    const extensions: Extension[] = [];
+
+    const config = await loadCliConfig(
+      settings,
+      extensions,
+      new ExtensionEnablementManager(
+        ExtensionStorage.getUserExtensionsDir(),
+        argv.extensions,
+      ),
+      argv,
+    );
+
+    const excludedTools = config.getExcludeTools();
+    expect(excludedTools).not.toContain(ShellTool.Name);
+    expect(excludedTools).toContain(EditTool.Name);
+    expect(excludedTools).toContain(WriteFileTool.Name);
+  });
+
+  it('should not exclude a tool explicitly allowed in tools.core', async () => {
+    process.argv = ['node', 'script.js', '-p', 'test'];
+    const argv = await parseArguments({} as Settings);
+    const settings: Settings = {
+      tools: {
+        core: [ShellTool.Name],
+      },
+    };
+    const extensions: Extension[] = [];
+
+    const config = await loadCliConfig(
+      settings,
+      extensions,
+      new ExtensionEnablementManager(
+        ExtensionStorage.getUserExtensionsDir(),
+        argv.extensions,
+      ),
+      argv,
+    );
+
+    const excludedTools = config.getExcludeTools();
+    expect(excludedTools).not.toContain(ShellTool.Name);
+    expect(excludedTools).toContain(EditTool.Name);
+    expect(excludedTools).toContain(WriteFileTool.Name);
+  });
+
  it('should exclude only shell tools in non-interactive mode with auto-edit approval mode', async () => {
    process.argv = [
      'node',
--- a/packages/cli/src/config/config.ts
+++ b/packages/cli/src/config/config.ts
@@ -10,25 +10,31 @@ import {
  Config,
  DEFAULT_QWEN_EMBEDDING_MODEL,
  DEFAULT_MEMORY_FILE_FILTERING_OPTIONS,
-  EditTool,
  FileDiscoveryService,
  getCurrentGeminiMdFilename,
  loadServerHierarchicalMemory,
  setGeminiMdFilename as setServerGeminiMdFilename,
-  ShellTool,
-  WriteFileTool,
  resolveTelemetrySettings,
  FatalConfigError,
  Storage,
  InputFormat,
  OutputFormat,
+  isToolEnabled,
  SessionService,
  type ResumedSessionData,
  type FileFilteringOptions,
  type MCPServerConfig,
+  type ToolName,
+  EditTool,
+  ShellTool,
+  WriteFileTool,
 } from '@qwen-code/qwen-code-core';
 import { extensionsCommand } from '../commands/extensions.js';
 import type { Settings } from './settings.js';
+import {
+  resolveCliGenerationConfig,
+  getAuthTypeFromEnv,
+} from '../utils/modelConfigUtils.js';
 import yargs, { type Argv } from 'yargs';
 import { hideBin } from 'yargs/helpers';
 import * as fs from 'node:fs';
@@ -111,6 +117,7 @@ export interface CliArgs {
  telemetryOutfile: string | undefined;
  allowedMcpServerNames: string[] | undefined;
  allowedTools: string[] | undefined;
+  acp: boolean | undefined;
  experimentalAcp: boolean | undefined;
  experimentalSkills: boolean | undefined;
  extensions: string[] | undefined;
@@ -163,7 +170,17 @@ function normalizeOutputFormat(
 }

 export async function parseArguments(settings: Settings): Promise<CliArgs> {
-  const rawArgv = hideBin(process.argv);
+  let rawArgv = hideBin(process.argv);
+
+  // hack: if the first argument is the CLI entry point, remove it
+  if (
+    rawArgv.length > 0 &&
+    (rawArgv[0].endsWith('/dist/qwen-cli/cli.js') ||
+      rawArgv[0].endsWith('/dist/cli.js'))
+  ) {
+    rawArgv = rawArgv.slice(1);
+  }
+
  const yargsInstance = yargs(rawArgv)
    .locale('en')
    .scriptName('qwen')
@@ -304,10 +321,16 @@ export async function parseArguments(settings: Settings): Promise<CliArgs> {
          description: 'Enables checkpointing of file edits',
          default: false,
        })
-        .option('experimental-acp', {
+        .option('acp', {
          type: 'boolean',
          description: 'Starts the agent in ACP mode',
        })
+        .option('experimental-acp', {
+          type: 'boolean',
+          description:
+            'Starts the agent in ACP mode (deprecated, use --acp instead)',
+          hidden: true,
+        })
        .option('experimental-skills', {
          type: 'boolean',
          description: 'Enable experimental Skills feature',
@@ -589,8 +612,19 @@ export async function parseArguments(settings: Settings): Promise<CliArgs> {
  // The import format is now only controlled by settings.memoryImportFormat
  // We no longer accept it as a CLI argument

-  // Apply ACP fallback: if experimental-acp is present but no explicit --channel, treat as ACP
-  if (result['experimentalAcp'] && !result['channel']) {
+  // Handle deprecated --experimental-acp flag
+  if (result['experimentalAcp']) {
+    console.warn(
+      '\x1b[33m⚠ Warning: --experimental-acp is deprecated and will be removed in a future release. Please use --acp instead.\x1b[0m',
+    );
+    // Map experimental-acp to acp if acp is not explicitly set
+    if (!result['acp']) {
+      (result as Record<string, unknown>)['acp'] = true;
+    }
+  }
+
+  // Apply ACP fallback: if acp or experimental-acp is present but no explicit --channel, treat as ACP
+  if ((result['acp'] || result['experimentalAcp']) && !result['channel']) {
    (result as Record<string, unknown>)['channel'] = 'ACP';
  }

@@ -818,20 +852,44 @@ export async function loadCliConfig(
  // However, if stream-json input is used, control can be requested via JSON messages,
  // so tools should not be excluded in that case.
  const extraExcludes: string[] = [];
-  if (
-    !interactive &&
-    !argv.experimentalAcp &&
-    inputFormat !== InputFormat.STREAM_JSON
-  ) {
+  const resolvedCoreTools = argv.coreTools || settings.tools?.core || [];
+  const resolvedAllowedTools =
+    argv.allowedTools || settings.tools?.allowed || [];
+  const isExplicitlyEnabled = (toolName: ToolName): boolean => {
+    if (resolvedCoreTools.length > 0) {
+      if (isToolEnabled(toolName, resolvedCoreTools, [])) {
+        return true;
+      }
+    }
+    if (resolvedAllowedTools.length > 0) {
+      if (isToolEnabled(toolName, resolvedAllowedTools, [])) {
+        return true;
+      }
+    }
+    return false;
+  };
+  const excludeUnlessExplicit = (toolName: ToolName): void => {
+    if (!isExplicitlyEnabled(toolName)) {
+      extraExcludes.push(toolName);
+    }
+  };
+
+  // ACP mode check: must include both --acp (current) and --experimental-acp (deprecated).
+  // Without this check, edit, write_file, run_shell_command would be excluded in ACP mode.
+  const isAcpMode = argv.acp || argv.experimentalAcp;
+  if (!interactive && !isAcpMode && inputFormat !== InputFormat.STREAM_JSON) {
    switch (approvalMode) {
      case ApprovalMode.PLAN:
      case ApprovalMode.DEFAULT:
-        // In default non-interactive mode, all tools that require approval are excluded.
-        extraExcludes.push(ShellTool.Name, EditTool.Name, WriteFileTool.Name);
+        // In default non-interactive mode, all tools that require approval are excluded,
+        // unless explicitly enabled via coreTools/allowedTools.
+        excludeUnlessExplicit(ShellTool.Name as ToolName);
+        excludeUnlessExplicit(EditTool.Name as ToolName);
+        excludeUnlessExplicit(WriteFileTool.Name as ToolName);
        break;
      case ApprovalMode.AUTO_EDIT:
        // In auto-edit non-interactive mode, only tools that still require a prompt are excluded.
-        extraExcludes.push(ShellTool.Name);
+        excludeUnlessExplicit(ShellTool.Name as ToolName);
        break;
      case ApprovalMode.YOLO:
        // No extra excludes for YOLO mode.
@@ -879,28 +937,25 @@ export async function loadCliConfig(

  const selectedAuthType =
    (argv.authType as AuthType | undefined) ||
-    settings.security?.auth?.selectedType;
+    settings.security?.auth?.selectedType ||
+    /* getAuthTypeFromEnv means no authType was explicitly provided, we infer the authType from env vars */
+    getAuthTypeFromEnv();

-  const apiKey =
-    (selectedAuthType === AuthType.USE_OPENAI
-      ? argv.openaiApiKey ||
-        process.env['OPENAI_API_KEY'] ||
-        settings.security?.auth?.apiKey
-      : '') || '';
-  const baseUrl =
-    (selectedAuthType === AuthType.USE_OPENAI
-      ? argv.openaiBaseUrl ||
-        process.env['OPENAI_BASE_URL'] ||
-        settings.security?.auth?.baseUrl
-      : '') || '';
-  const resolvedModel =
-    argv.model ||
-    (selectedAuthType === AuthType.USE_OPENAI
-      ? process.env['OPENAI_MODEL'] ||
-        process.env['QWEN_MODEL'] ||
-        settings.model?.name
-      : '') ||
-    '';
+  // Unified resolution of generation config with source attribution
+  const resolvedCliConfig = resolveCliGenerationConfig({
+    argv: {
+      model: argv.model,
+      openaiApiKey: argv.openaiApiKey,
+      openaiBaseUrl: argv.openaiBaseUrl,
+      openaiLogging: argv.openaiLogging,
+      openaiLoggingDir: argv.openaiLoggingDir,
+    },
+    settings,
+    selectedAuthType,
+    env: process.env as Record<string, string | undefined>,
+  });
+
+  const { model: resolvedModel } = resolvedCliConfig;

  const sandboxConfig = await loadSandboxConfig(settings, argv);
  const screenReader =
@@ -934,6 +989,8 @@ export async function loadCliConfig(
    }
  }

+  const modelProvidersConfig = settings.modelProviders;
+
  return new Config({
    sessionId,
    sessionData,
@@ -981,7 +1038,7 @@ export async function loadCliConfig(
    sessionTokenLimit: settings.model?.sessionTokenLimit ?? -1,
    maxSessionTurns:
      argv.maxSessionTurns ?? settings.model?.maxSessionTurns ?? -1,
-    experimentalZedIntegration: argv.experimentalAcp || false,
+    experimentalZedIntegration: argv.acp || argv.experimentalAcp || false,
    experimentalSkills: argv.experimentalSkills || false,
    listExtensions: argv.listExtensions || false,
    extensions: allExtensions,
@@ -991,24 +1048,11 @@ export async function loadCliConfig(
    inputFormat,
    outputFormat,
    includePartialMessages,
-    generationConfig: {
-      ...(settings.model?.generationConfig || {}),
-      model: resolvedModel,
-      apiKey,
-      baseUrl,
-      enableOpenAILogging:
-        (typeof argv.openaiLogging === 'undefined'
-          ? settings.model?.enableOpenAILogging
-          : argv.openaiLogging) ?? false,
-      openAILoggingDir:
-        argv.openaiLoggingDir || settings.model?.openAILoggingDir,
-    },
+    modelProvidersConfig,
+    generationConfigSources: resolvedCliConfig.sources,
+    generationConfig: resolvedCliConfig.generationConfig,
    cliVersion: await getCliVersion(),
-    webSearch: buildWebSearchConfig(
-      argv,
-      settings,
-      settings.security?.auth?.selectedType,
-    ),
+    webSearch: buildWebSearchConfig(argv, settings, selectedAuthType),
    summarizeToolOutput: settings.model?.summarizeToolOutput,
    ideMode,
    chatCompression: settings.model?.chatCompression,
--- a/packages/cli/src/config/modelProvidersScope.test.ts
+++ b/packages/cli/src/config/modelProvidersScope.test.ts
@@ -0,0 +1,87 @@
+/**
+ * @license
+ * Copyright 2025 Qwen Team
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, expect, it } from 'vitest';
+import { SettingScope } from './settings.js';
+import { getPersistScopeForModelSelection } from './modelProvidersScope.js';
+
+function makeSettings({
+  isTrusted,
+  userModelProviders,
+  workspaceModelProviders,
+}: {
+  isTrusted: boolean;
+  userModelProviders?: unknown;
+  workspaceModelProviders?: unknown;
+}) {
+  const userSettings: Record<string, unknown> = {};
+  const workspaceSettings: Record<string, unknown> = {};
+
+  // When undefined, treat as "not present in this scope" (the key is omitted),
+  // matching how LoadedSettings is shaped when a settings file doesn't define it.
+  if (userModelProviders !== undefined) {
+    userSettings['modelProviders'] = userModelProviders;
+  }
+  if (workspaceModelProviders !== undefined) {
+    workspaceSettings['modelProviders'] = workspaceModelProviders;
+  }
+
+  return {
+    isTrusted,
+    user: { settings: userSettings },
+    workspace: { settings: workspaceSettings },
+  } as unknown as import('./settings.js').LoadedSettings;
+}
+
+describe('getPersistScopeForModelSelection', () => {
+  it('prefers workspace when trusted and workspace defines modelProviders', () => {
+    const settings = makeSettings({
+      isTrusted: true,
+      workspaceModelProviders: {},
+      userModelProviders: { anything: true },
+    });
+
+    expect(getPersistScopeForModelSelection(settings)).toBe(
+      SettingScope.Workspace,
+    );
+  });
+
+  it('falls back to user when workspace does not define modelProviders', () => {
+    const settings = makeSettings({
+      isTrusted: true,
+      workspaceModelProviders: undefined,
+      userModelProviders: {},
+    });
+
+    expect(getPersistScopeForModelSelection(settings)).toBe(SettingScope.User);
+  });
+
+  it('ignores workspace modelProviders when workspace is untrusted', () => {
+    const settings = makeSettings({
+      isTrusted: false,
+      workspaceModelProviders: {},
+      userModelProviders: undefined,
+    });
+
+    expect(getPersistScopeForModelSelection(settings)).toBe(SettingScope.User);
+  });
+
+  it('falls back to legacy trust heuristic when neither scope defines modelProviders', () => {
+    const trusted = makeSettings({
+      isTrusted: true,
+      userModelProviders: undefined,
+      workspaceModelProviders: undefined,
+    });
+    expect(getPersistScopeForModelSelection(trusted)).toBe(SettingScope.User);
+
+    const untrusted = makeSettings({
+      isTrusted: false,
+      userModelProviders: undefined,
+      workspaceModelProviders: undefined,
+    });
+    expect(getPersistScopeForModelSelection(untrusted)).toBe(SettingScope.User);
+  });
+});
--- a/packages/cli/src/config/modelProvidersScope.ts
+++ b/packages/cli/src/config/modelProvidersScope.ts
@@ -0,0 +1,48 @@
+/**
+ * @license
+ * Copyright 2025 Qwen Team
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { SettingScope, type LoadedSettings } from './settings.js';
+
+function hasOwnModelProviders(settingsObj: unknown): boolean {
+  if (!settingsObj || typeof settingsObj !== 'object') {
+    return false;
+  }
+  const obj = settingsObj as Record<string, unknown>;
+  // Treat an explicitly configured empty object (modelProviders: {}) as "owned"
+  // by this scope, which is important when mergeStrategy is REPLACE.
+  return Object.prototype.hasOwnProperty.call(obj, 'modelProviders');
+}
+
+/**
+ * Returns which writable scope (Workspace/User) owns the effective modelProviders
+ * configuration.
+ *
+ * Note: Workspace scope is only considered when the workspace is trusted.
+ */
+export function getModelProvidersOwnerScope(
+  settings: LoadedSettings,
+): SettingScope | undefined {
+  if (settings.isTrusted && hasOwnModelProviders(settings.workspace.settings)) {
+    return SettingScope.Workspace;
+  }
+
+  if (hasOwnModelProviders(settings.user.settings)) {
+    return SettingScope.User;
+  }
+
+  return undefined;
+}
+
+/**
+ * Choose the settings scope to persist a model selection.
+ * Prefer persisting back to the scope that contains the effective modelProviders
+ * config, otherwise fall back to the legacy trust-based heuristic.
+ */
+export function getPersistScopeForModelSelection(
+  settings: LoadedSettings,
+): SettingScope {
+  return getModelProvidersOwnerScope(settings) ?? SettingScope.User;
+}
--- a/packages/cli/src/config/settings.test.ts
+++ b/packages/cli/src/config/settings.test.ts
@@ -55,6 +55,7 @@ import { disableExtension } from './extension.js';

 // These imports will get the versions from the vi.mock('./settings.js', ...) factory.
 import {
+  getSettingsWarnings,
  loadSettings,
  USER_SETTINGS_PATH, // This IS the mocked path.
  getSystemSettingsPath,
@@ -418,6 +419,86 @@ describe('Settings Loading and Merging', () => {
      });
    });

+    it('should warn about ignored legacy keys in a v2 settings file', () => {
+      (mockFsExistsSync as Mock).mockImplementation(
+        (p: fs.PathLike) => p === USER_SETTINGS_PATH,
+      );
+      const userSettingsContent = {
+        [SETTINGS_VERSION_KEY]: SETTINGS_VERSION,
+        usageStatisticsEnabled: false,
+      };
+      (fs.readFileSync as Mock).mockImplementation(
+        (p: fs.PathOrFileDescriptor) => {
+          if (p === USER_SETTINGS_PATH)
+            return JSON.stringify(userSettingsContent);
+          return '{}';
+        },
+      );
+
+      const settings = loadSettings(MOCK_WORKSPACE_DIR);
+
+      expect(getSettingsWarnings(settings)).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining(
+            "Legacy setting 'usageStatisticsEnabled' will be ignored",
+          ),
+        ]),
+      );
+      expect(getSettingsWarnings(settings)).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining("'privacy.usageStatisticsEnabled'"),
+        ]),
+      );
+    });
+
+    it('should warn about unknown top-level keys in a v2 settings file', () => {
+      (mockFsExistsSync as Mock).mockImplementation(
+        (p: fs.PathLike) => p === USER_SETTINGS_PATH,
+      );
+      const userSettingsContent = {
+        [SETTINGS_VERSION_KEY]: SETTINGS_VERSION,
+        someUnknownKey: 'value',
+      };
+      (fs.readFileSync as Mock).mockImplementation(
+        (p: fs.PathOrFileDescriptor) => {
+          if (p === USER_SETTINGS_PATH)
+            return JSON.stringify(userSettingsContent);
+          return '{}';
+        },
+      );
+
+      const settings = loadSettings(MOCK_WORKSPACE_DIR);
+
+      expect(getSettingsWarnings(settings)).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining(
+            "Unknown setting 'someUnknownKey' will be ignored",
+          ),
+        ]),
+      );
+    });
+
+    it('should not warn for valid v2 container keys', () => {
+      (mockFsExistsSync as Mock).mockImplementation(
+        (p: fs.PathLike) => p === USER_SETTINGS_PATH,
+      );
+      const userSettingsContent = {
+        [SETTINGS_VERSION_KEY]: SETTINGS_VERSION,
+        model: { name: 'qwen-coder' },
+      };
+      (fs.readFileSync as Mock).mockImplementation(
+        (p: fs.PathOrFileDescriptor) => {
+          if (p === USER_SETTINGS_PATH)
+            return JSON.stringify(userSettingsContent);
+          return '{}';
+        },
+      );
+
+      const settings = loadSettings(MOCK_WORKSPACE_DIR);
+
+      expect(getSettingsWarnings(settings)).toEqual([]);
+    });
+
    it('should rewrite allowedTools to tools.allowed during migration', () => {
      (mockFsExistsSync as Mock).mockImplementation(
        (p: fs.PathLike) => p === USER_SETTINGS_PATH,
--- a/packages/cli/src/config/settings.ts
+++ b/packages/cli/src/config/settings.ts
@@ -344,6 +344,97 @@ const KNOWN_V2_CONTAINERS = new Set(
  Object.values(MIGRATION_MAP).map((path) => path.split('.')[0]),
 );

+function getSettingsFileKeyWarnings(
+  settings: Record<string, unknown>,
+  settingsFilePath: string,
+): string[] {
+  const version = settings[SETTINGS_VERSION_KEY];
+  if (typeof version !== 'number' || version < SETTINGS_VERSION) {
+    return [];
+  }
+
+  const warnings: string[] = [];
+  const ignoredLegacyKeys = new Set<string>();
+
+  // Ignored legacy keys (V1 top-level keys that moved to a nested V2 path).
+  for (const [oldKey, newPath] of Object.entries(MIGRATION_MAP)) {
+    if (oldKey === newPath) {
+      continue;
+    }
+    if (!(oldKey in settings)) {
+      continue;
+    }
+
+    const oldValue = settings[oldKey];
+
+    // If this key is a V2 container (like 'model') and it's already an object,
+    // it's likely already in V2 format. Don't warn.
+    if (
+      KNOWN_V2_CONTAINERS.has(oldKey) &&
+      typeof oldValue === 'object' &&
+      oldValue !== null &&
+      !Array.isArray(oldValue)
+    ) {
+      continue;
+    }
+
+    ignoredLegacyKeys.add(oldKey);
+    warnings.push(
+      `⚠️  Legacy setting '${oldKey}' will be ignored in ${settingsFilePath}. Please use '${newPath}' instead.`,
+    );
+  }
+
+  // Unknown top-level keys.
+  const schemaKeys = new Set(Object.keys(getSettingsSchema()));
+  for (const key of Object.keys(settings)) {
+    if (key === SETTINGS_VERSION_KEY) {
+      continue;
+    }
+    if (ignoredLegacyKeys.has(key)) {
+      continue;
+    }
+    if (schemaKeys.has(key)) {
+      continue;
+    }
+
+    warnings.push(
+      `⚠️  Unknown setting '${key}' will be ignored in ${settingsFilePath}.`,
+    );
+  }
+
+  return warnings;
+}
+
+/**
+ * Collects warnings for ignored legacy and unknown settings keys.
+ *
+ * For `$version: 2` settings files, we do not apply implicit migrations.
+ * Instead, we surface actionable, de-duplicated warnings in the terminal UI.
+ */
+export function getSettingsWarnings(loadedSettings: LoadedSettings): string[] {
+  const warningSet = new Set<string>();
+
+  for (const scope of [SettingScope.User, SettingScope.Workspace]) {
+    const settingsFile = loadedSettings.forScope(scope);
+    if (settingsFile.rawJson === undefined) {
+      continue; // File not present / not loaded.
+    }
+    const settingsObject = settingsFile.originalSettings as unknown as Record<
+      string,
+      unknown
+    >;
+
+    for (const warning of getSettingsFileKeyWarnings(
+      settingsObject,
+      settingsFile.path,
+    )) {
+      warningSet.add(warning);
+    }
+  }
+
+  return [...warningSet];
+}
+
 export function migrateSettingsToV1(
  v2Settings: Record<string, unknown>,
 ): Record<string, unknown> {
--- a/packages/cli/src/config/settingsSchema.ts
+++ b/packages/cli/src/config/settingsSchema.ts
@@ -10,6 +10,7 @@ import type {
  TelemetrySettings,
  AuthType,
  ChatCompressionSettings,
+  ModelProvidersConfig,
 } from '@qwen-code/qwen-code-core';
 import {
  ApprovalMode,
@@ -102,6 +103,19 @@ const SETTINGS_SCHEMA = {
    mergeStrategy: MergeStrategy.SHALLOW_MERGE,
  },

+  // Model providers configuration grouped by authType
+  modelProviders: {
+    type: 'object',
+    label: 'Model Providers',
+    category: 'Model',
+    requiresRestart: false,
+    default: {} as ModelProvidersConfig,
+    description:
+      'Model providers configuration grouped by authType. Each authType contains an array of model configurations.',
+    showInDialog: false,
+    mergeStrategy: MergeStrategy.REPLACE,
+  },
+
  general: {
    type: 'object',
    label: 'General',
@@ -202,6 +216,7 @@ const SETTINGS_SCHEMA = {
          { value: 'en', label: 'English' },
          { value: 'zh', label: '中文 (Chinese)' },
          { value: 'ru', label: 'Русский (Russian)' },
+          { value: 'de', label: 'Deutsch (German)' },
        ],
      },
      terminalBell: {
--- a/packages/cli/src/core/initializer.ts
+++ b/packages/cli/src/core/initializer.ts
@@ -45,7 +45,9 @@ export async function initializeApp(
  // Auto-detect and set LLM output language on first use
  initializeLlmOutputLanguage();

-  const authType = settings.merged.security?.auth?.selectedType;
+  // Use authType from modelsConfig which respects CLI --auth-type argument
+  // over settings.security.auth.selectedType
+  const authType = config.modelsConfig.getCurrentAuthType();
  const authError = await performInitialAuth(config, authType);

  // Fallback to user select when initial authentication fails
@@ -59,7 +61,7 @@ export async function initializeApp(
  const themeError = validateTheme(settings);

  const shouldOpenAuthDialog =
-    settings.merged.security?.auth?.selectedType === undefined || !!authError;
+    !config.modelsConfig.wasAuthTypeExplicitlyProvided() || !!authError;

  if (config.getIdeMode()) {
    const ideClient = await IdeClient.getInstance();
--- a/packages/cli/src/gemini.test.tsx
+++ b/packages/cli/src/gemini.test.tsx
@@ -87,6 +87,15 @@ vi.mock('./config/sandboxConfig.js', () => ({
  loadSandboxConfig: vi.fn(),
 }));

+vi.mock('./core/initializer.js', () => ({
+  initializeApp: vi.fn().mockResolvedValue({
+    authError: null,
+    themeError: null,
+    shouldOpenAuthDialog: false,
+    geminiMdFileCount: 0,
+  }),
+}));
+
 describe('gemini.tsx main function', () => {
  let originalEnvGeminiSandbox: string | undefined;
  let originalEnvSandbox: string | undefined;
@@ -362,7 +371,6 @@ describe('gemini.tsx main function', () => {
    expect(inputArg).toBe('hello stream');

    expect(validateAuthSpy).toHaveBeenCalledWith(
-      undefined,
      undefined,
      configStub,
      expect.any(Object),
@@ -460,6 +468,7 @@ describe('gemini.tsx main function kitty protocol', () => {
      telemetryOutfile: undefined,
      allowedMcpServerNames: undefined,
      allowedTools: undefined,
+      acp: undefined,
      experimentalAcp: undefined,
      experimentalSkills: undefined,
      extensions: undefined,
@@ -639,4 +648,37 @@ describe('startInteractiveUI', () => {
    await new Promise((resolve) => setTimeout(resolve, 0));
    expect(checkForUpdates).toHaveBeenCalledTimes(1);
  });
+
+  it('should not check for updates when update nag is disabled', async () => {
+    const { checkForUpdates } = await import('./ui/utils/updateCheck.js');
+
+    const mockInitializationResult = {
+      authError: null,
+      themeError: null,
+      shouldOpenAuthDialog: false,
+      geminiMdFileCount: 0,
+    };
+
+    const settingsWithUpdateNagDisabled = {
+      merged: {
+        general: {
+          disableUpdateNag: true,
+        },
+        ui: {
+          hideWindowTitle: false,
+        },
+      },
+    } as LoadedSettings;
+
+    await startInteractiveUI(
+      mockConfig,
+      settingsWithUpdateNagDisabled,
+      mockStartupWarnings,
+      mockWorkspaceRoot,
+      mockInitializationResult,
+    );
+
+    await new Promise((resolve) => setTimeout(resolve, 0));
+    expect(checkForUpdates).not.toHaveBeenCalled();
+  });
 });
--- a/packages/cli/src/gemini.tsx
+++ b/packages/cli/src/gemini.tsx
@@ -4,7 +4,7 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import type { Config, AuthType } from '@qwen-code/qwen-code-core';
+import type { Config } from '@qwen-code/qwen-code-core';
 import { InputFormat, logUserPrompt } from '@qwen-code/qwen-code-core';
 import { render } from 'ink';
 import dns from 'node:dns';
@@ -17,7 +17,11 @@ import * as cliConfig from './config/config.js';
 import { loadCliConfig, parseArguments } from './config/config.js';
 import { ExtensionStorage, loadExtensions } from './config/extension.js';
 import type { DnsResolutionOrder, LoadedSettings } from './config/settings.js';
-import { loadSettings, migrateDeprecatedSettings } from './config/settings.js';
+import {
+  getSettingsWarnings,
+  loadSettings,
+  migrateDeprecatedSettings,
+} from './config/settings.js';
 import {
  initializeApp,
  type InitializationResult,
@@ -183,16 +187,18 @@ export async function startInteractiveUI(
    },
  );

-  checkForUpdates()
-    .then((info) => {
-      handleAutoUpdate(info, settings, config.getProjectRoot());
-    })
-    .catch((err) => {
-      // Silently ignore update check errors.
-      if (config.getDebugMode()) {
-        console.error('Update check failed:', err);
-      }
-    });
+  if (!settings.merged.general?.disableUpdateNag) {
+    checkForUpdates()
+      .then((info) => {
+        handleAutoUpdate(info, settings, config.getProjectRoot());
+      })
+      .catch((err) => {
+        // Silently ignore update check errors.
+        if (config.getDebugMode()) {
+          console.error('Update check failed:', err);
+        }
+      });
+  }

  registerCleanup(() => instance.unmount());
 }
@@ -250,22 +256,20 @@ export async function main() {
        argv,
      );

-      if (
-        settings.merged.security?.auth?.selectedType &&
-        !settings.merged.security?.auth?.useExternal
-      ) {
+      if (!settings.merged.security?.auth?.useExternal) {
        // Validate authentication here because the sandbox will interfere with the Oauth2 web redirect.
        try {
-          const err = validateAuthMethod(
-            settings.merged.security.auth.selectedType,
-          );
-          if (err) {
-            throw new Error(err);
-          }
+          const authType = partialConfig.modelsConfig.getCurrentAuthType();
+          // Fresh users may not have selected/persisted an authType yet.
+          // In that case, defer auth prompting/selection to the main interactive flow.
+          if (authType) {
+            const err = validateAuthMethod(authType, partialConfig);
+            if (err) {
+              throw new Error(err);
+            }

-          await partialConfig.refreshAuth(
-            settings.merged.security.auth.selectedType,
-          );
+            await partialConfig.refreshAuth(authType);
+          }
        } catch (err) {
          console.error('Error authenticating:', err);
          process.exit(1);
@@ -342,6 +346,7 @@ export async function main() {
      extensionEnablementManager,
      argv,
    );
+    registerCleanup(() => config.shutdown());

    if (config.getListExtensions()) {
      console.log('Installed extensions:');
@@ -400,12 +405,15 @@ export async function main() {

    let input = config.getQuestion();
    const startupWarnings = [
-      ...(await getStartupWarnings()),
-      ...(await getUserStartupWarnings({
-        workspaceRoot: process.cwd(),
-        useRipgrep: settings.merged.tools?.useRipgrep ?? true,
-        useBuiltinRipgrep: settings.merged.tools?.useBuiltinRipgrep ?? true,
-      })),
+      ...new Set([
+        ...(await getStartupWarnings()),
+        ...(await getUserStartupWarnings({
+          workspaceRoot: process.cwd(),
+          useRipgrep: settings.merged.tools?.useRipgrep ?? true,
+          useBuiltinRipgrep: settings.merged.tools?.useBuiltinRipgrep ?? true,
+        })),
+        ...getSettingsWarnings(settings),
+      ]),
    ];

    // Render UI, passing necessary config values. Check that there is no command line question.
@@ -438,8 +446,6 @@ export async function main() {
    }

    const nonInteractiveConfig = await validateNonInteractiveAuth(
-      (argv.authType as AuthType) ||
-        settings.merged.security?.auth?.selectedType,
      settings.merged.security?.auth?.useExternal,
      config,
      settings,
--- a/packages/cli/src/i18n/locales/de.js
+++ b/packages/cli/src/i18n/locales/de.js
--- a/packages/cli/src/i18n/locales/en.js
+++ b/packages/cli/src/i18n/locales/en.js
@@ -89,6 +89,9 @@ export default {
  'No tools available': 'No tools available',
  'View or change the approval mode for tool usage':
    'View or change the approval mode for tool usage',
+  'Invalid approval mode "{{arg}}". Valid modes: {{modes}}':
+    'Invalid approval mode "{{arg}}". Valid modes: {{modes}}',
+  'Approval mode set to "{{mode}}"': 'Approval mode set to "{{mode}}"',
  'View or change the language setting': 'View or change the language setting',
  'change the theme': 'change the theme',
  'Select Theme': 'Select Theme',
@@ -767,6 +770,21 @@ export default {
    'Authentication timed out. Please try again.',
  'Waiting for auth... (Press ESC or CTRL+C to cancel)':
    'Waiting for auth... (Press ESC or CTRL+C to cancel)',
+  'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.':
+    'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.',
+  '{{envKeyHint}} environment variable not found.':
+    '{{envKeyHint}} environment variable not found.',
+  '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.':
+    '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.',
+  '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.':
+    '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.',
+  'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.':
+    'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.',
+  'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.':
+    'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.',
+  'ANTHROPIC_BASE_URL environment variable not found.':
+    'ANTHROPIC_BASE_URL environment variable not found.',
+  'Invalid auth method selected.': 'Invalid auth method selected.',
  'Failed to authenticate. Message: {{message}}':
    'Failed to authenticate. Message: {{message}}',
  'Authenticated successfully with {{authType}} credentials.':
@@ -788,6 +806,15 @@ export default {
  // ============================================================================
  'Select Model': 'Select Model',
  '(Press Esc to close)': '(Press Esc to close)',
+  'Current (effective) configuration': 'Current (effective) configuration',
+  AuthType: 'AuthType',
+  'API Key': 'API Key',
+  unset: 'unset',
+  '(default)': '(default)',
+  '(set)': '(set)',
+  '(not set)': '(not set)',
+  "Failed to switch model to '{{modelId}}'.\n\n{{error}}":
+    "Failed to switch model to '{{modelId}}'.\n\n{{error}}",
  'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)':
    'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)',
  'The latest Qwen Vision model from Alibaba Cloud ModelStudio (version: qwen3-vl-plus-2025-09-23)':
@@ -1037,7 +1064,6 @@ export default {
    'Applying percussive maintenance...',
    'Searching for the correct USB orientation...',
    'Ensuring the magic smoke stays inside the wires...',
-    'Rewriting in Rust for no particular reason...',
    'Trying to exit Vim...',
    'Spinning up the hamster wheel...',
    "That's not a bug, it's an undocumented feature...",
--- a/packages/cli/src/i18n/locales/ru.js
+++ b/packages/cli/src/i18n/locales/ru.js
@@ -89,6 +89,10 @@ export default {
  'No tools available': 'Нет доступных инструментов',
  'View or change the approval mode for tool usage':
    'Просмотр или изменение режима подтверждения для использования инструментов',
+  'Invalid approval mode "{{arg}}". Valid modes: {{modes}}':
+    'Недопустимый режим подтверждения "{{arg}}". Допустимые режимы: {{modes}}',
+  'Approval mode set to "{{mode}}"':
+    'Режим подтверждения установлен на "{{mode}}"',
  'View or change the language setting':
    'Просмотр или изменение настроек языка',
  'change the theme': 'Изменение темы',
@@ -782,6 +786,21 @@ export default {
    'Время ожидания авторизации истекло. Пожалуйста, попробуйте снова.',
  'Waiting for auth... (Press ESC or CTRL+C to cancel)':
    'Ожидание авторизации... (Нажмите ESC или CTRL+C для отмены)',
+  'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.':
+    'Отсутствует API-ключ для аутентификации, совместимой с OpenAI. Укажите settings.security.auth.apiKey или переменную окружения {{envKeyHint}}.',
+  '{{envKeyHint}} environment variable not found.':
+    'Переменная окружения {{envKeyHint}} не найдена.',
+  '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.':
+    'Переменная окружения {{envKeyHint}} не найдена. Укажите её в файле .env или среди системных переменных.',
+  '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.':
+    'Переменная окружения {{envKeyHint}} не найдена (или установите settings.security.auth.apiKey). Укажите её в файле .env или среди системных переменных.',
+  'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.':
+    'Отсутствует API-ключ для аутентификации, совместимой с OpenAI. Установите переменную окружения {{envKeyHint}}.',
+  'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.':
+    'У провайдера Anthropic отсутствует обязательный baseUrl в modelProviders[].baseUrl.',
+  'ANTHROPIC_BASE_URL environment variable not found.':
+    'Переменная окружения ANTHROPIC_BASE_URL не найдена.',
+  'Invalid auth method selected.': 'Выбран недопустимый метод авторизации.',
  'Failed to authenticate. Message: {{message}}':
    'Не удалось авторизоваться. Сообщение: {{message}}',
  'Authenticated successfully with {{authType}} credentials.':
@@ -803,6 +822,15 @@ export default {
  // ============================================================================
  'Select Model': 'Выбрать модель',
  '(Press Esc to close)': '(Нажмите Esc для закрытия)',
+  'Current (effective) configuration': 'Текущая (фактическая) конфигурация',
+  AuthType: 'Тип авторизации',
+  'API Key': 'API-ключ',
+  unset: 'не задано',
+  '(default)': '(по умолчанию)',
+  '(set)': '(установлено)',
+  '(not set)': '(не задано)',
+  "Failed to switch model to '{{modelId}}'.\n\n{{error}}":
+    "Не удалось переключиться на модель '{{modelId}}'.\n\n{{error}}",
  'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)':
    'Последняя модель Qwen Coder от Alibaba Cloud ModelStudio (версия: qwen3-coder-plus-2025-09-23)',
  'The latest Qwen Vision model from Alibaba Cloud ModelStudio (version: qwen3-vl-plus-2025-09-23)':
@@ -1056,7 +1084,6 @@ export default {
    'Провожу настройку методом тыка...',
    'Ищем, какой стороной вставлять флешку...',
    'Следим, чтобы волшебный дым не вышел из проводов...',
-    'Переписываем всё на Rust без особой причины...',
    'Пытаемся выйти из Vim...',
    'Раскручиваем колесо для хомяка...',
    'Это не баг, а фича...',
--- a/packages/cli/src/i18n/locales/zh.js
+++ b/packages/cli/src/i18n/locales/zh.js
@@ -88,6 +88,9 @@ export default {
  'No tools available': '没有可用工具',
  'View or change the approval mode for tool usage':
    '查看或更改工具使用的审批模式',
+  'Invalid approval mode "{{arg}}". Valid modes: {{modes}}':
+    '无效的审批模式 "{{arg}}"。有效模式：{{modes}}',
+  'Approval mode set to "{{mode}}"': '审批模式已设置为 "{{mode}}"',
  'View or change the language setting': '查看或更改语言设置',
  'change the theme': '更改主题',
  'Select Theme': '选择主题',
@@ -725,6 +728,21 @@ export default {
  'Authentication timed out. Please try again.': '认证超时。请重试。',
  'Waiting for auth... (Press ESC or CTRL+C to cancel)':
    '正在等待认证...（按 ESC 或 CTRL+C 取消）',
+  'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.':
+    '缺少 OpenAI 兼容认证的 API 密钥。请设置 settings.security.auth.apiKey 或设置 {{envKeyHint}} 环境变量。',
+  '{{envKeyHint}} environment variable not found.':
+    '未找到 {{envKeyHint}} 环境变量。',
+  '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.':
+    '未找到 {{envKeyHint}} 环境变量。请在 .env 文件或系统环境变量中进行设置。',
+  '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.':
+    '未找到 {{envKeyHint}} 环境变量（或设置 settings.security.auth.apiKey）。请在 .env 文件或系统环境变量中进行设置。',
+  'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.':
+    '缺少 OpenAI 兼容认证的 API 密钥。请设置 {{envKeyHint}} 环境变量。',
+  'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.':
+    'Anthropic 提供商缺少必需的 baseUrl，请在 modelProviders[].baseUrl 中配置。',
+  'ANTHROPIC_BASE_URL environment variable not found.':
+    '未找到 ANTHROPIC_BASE_URL 环境变量。',
+  'Invalid auth method selected.': '选择了无效的认证方式。',
  'Failed to authenticate. Message: {{message}}': '认证失败。消息：{{message}}',
  'Authenticated successfully with {{authType}} credentials.':
    '使用 {{authType}} 凭据成功认证。',
@@ -744,6 +762,15 @@ export default {
  // ============================================================================
  'Select Model': '选择模型',
  '(Press Esc to close)': '（按 Esc 关闭）',
+  'Current (effective) configuration': '当前（实际生效）配置',
+  AuthType: '认证方式',
+  'API Key': 'API 密钥',
+  unset: '未设置',
+  '(default)': '(默认)',
+  '(set)': '(已设置)',
+  '(not set)': '(未设置)',
+  "Failed to switch model to '{{modelId}}'.\n\n{{error}}":
+    "无法切换到模型 '{{modelId}}'.\n\n{{error}}",
  'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)':
    '来自阿里云 ModelStudio 的最新 Qwen Coder 模型（版本：qwen3-coder-plus-2025-09-23）',
  'The latest Qwen Vision model from Alibaba Cloud ModelStudio (version: qwen3-vl-plus-2025-09-23)':
--- a/packages/cli/src/nonInteractive/io/BaseJsonOutputAdapter.test.ts
+++ b/packages/cli/src/nonInteractive/io/BaseJsonOutputAdapter.test.ts
@@ -630,6 +630,67 @@ describe('BaseJsonOutputAdapter', () => {

      expect(state.blocks).toHaveLength(0);
    });
+
+    it('should preserve whitespace in thinking content', () => {
+      const state = adapter.exposeCreateMessageState();
+      adapter.startAssistantMessage();
+
+      adapter.exposeAppendThinking(
+        state,
+        '',
+        'The user just said "Hello"',
+        null,
+      );
+
+      expect(state.blocks).toHaveLength(1);
+      expect(state.blocks[0]).toMatchObject({
+        type: 'thinking',
+        thinking: 'The user just said "Hello"',
+      });
+      // Verify spaces are preserved
+      const block = state.blocks[0] as { thinking: string };
+      expect(block.thinking).toContain('user just');
+      expect(block.thinking).not.toContain('userjust');
+    });
+
+    it('should preserve whitespace when appending multiple thinking fragments', () => {
+      const state = adapter.exposeCreateMessageState();
+      adapter.startAssistantMessage();
+
+      // Simulate streaming thinking content in fragments
+      adapter.exposeAppendThinking(state, '', 'The user just', null);
+      adapter.exposeAppendThinking(state, '', ' said "Hello"', null);
+      adapter.exposeAppendThinking(
+        state,
+        '',
+        '. This is a simple greeting',
+        null,
+      );
+
+      expect(state.blocks).toHaveLength(1);
+      const block = state.blocks[0] as { thinking: string };
+      // Verify the complete text with all spaces preserved
+      expect(block.thinking).toBe(
+        'The user just said "Hello". This is a simple greeting',
+      );
+      // Verify specific space preservation
+      expect(block.thinking).toContain('user just ');
+      expect(block.thinking).toContain(' said');
+      expect(block.thinking).toContain('". This');
+      expect(block.thinking).not.toContain('userjust');
+      expect(block.thinking).not.toContain('justsaid');
+    });
+
+    it('should preserve leading and trailing whitespace in description', () => {
+      const state = adapter.exposeCreateMessageState();
+      adapter.startAssistantMessage();
+
+      adapter.exposeAppendThinking(state, '', '  content with spaces  ', null);
+
+      expect(state.blocks).toHaveLength(1);
+      const block = state.blocks[0] as { thinking: string };
+      expect(block.thinking).toBe('  content with spaces  ');
+    });
  });

  describe('appendToolUse', () => {
--- a/packages/cli/src/nonInteractive/io/BaseJsonOutputAdapter.ts
+++ b/packages/cli/src/nonInteractive/io/BaseJsonOutputAdapter.ts
@@ -816,9 +816,18 @@ export abstract class BaseJsonOutputAdapter {
    parentToolUseId?: string | null,
  ): void {
    const actualParentToolUseId = parentToolUseId ?? null;
-    const fragment = [subject?.trim(), description?.trim()]
-      .filter((value) => value && value.length > 0)
-      .join(': ');
+
+    // Build fragment without trimming to preserve whitespace in streaming content
+    // Only filter out null/undefined/empty values
+    const parts: string[] = [];
+    if (subject && subject.length > 0) {
+      parts.push(subject);
+    }
+    if (description && description.length > 0) {
+      parts.push(description);
+    }
+
+    const fragment = parts.join(': ');
    if (!fragment) {
      return;
    }
--- a/packages/cli/src/nonInteractive/io/StreamJsonOutputAdapter.test.ts
+++ b/packages/cli/src/nonInteractive/io/StreamJsonOutputAdapter.test.ts
@@ -323,6 +323,68 @@ describe('StreamJsonOutputAdapter', () => {
      });
    });

+    it('should preserve whitespace in thinking content (issue #1356)', () => {
+      adapter.processEvent({
+        type: GeminiEventType.Thought,
+        value: {
+          subject: '',
+          description: 'The user just said "Hello"',
+        },
+      });
+
+      const message = adapter.finalizeAssistantMessage();
+      expect(message.message.content).toHaveLength(1);
+      const block = message.message.content[0] as {
+        type: string;
+        thinking: string;
+      };
+      expect(block.type).toBe('thinking');
+      expect(block.thinking).toBe('The user just said "Hello"');
+      // Verify spaces are preserved
+      expect(block.thinking).toContain('user just');
+      expect(block.thinking).not.toContain('userjust');
+    });
+
+    it('should preserve whitespace when streaming multiple thinking fragments (issue #1356)', () => {
+      // Simulate streaming thinking content in multiple events
+      adapter.processEvent({
+        type: GeminiEventType.Thought,
+        value: {
+          subject: '',
+          description: 'The user just',
+        },
+      });
+      adapter.processEvent({
+        type: GeminiEventType.Thought,
+        value: {
+          subject: '',
+          description: ' said "Hello"',
+        },
+      });
+      adapter.processEvent({
+        type: GeminiEventType.Thought,
+        value: {
+          subject: '',
+          description: '. This is a simple greeting',
+        },
+      });
+
+      const message = adapter.finalizeAssistantMessage();
+      expect(message.message.content).toHaveLength(1);
+      const block = message.message.content[0] as {
+        type: string;
+        thinking: string;
+      };
+      expect(block.thinking).toBe(
+        'The user just said "Hello". This is a simple greeting',
+      );
+      // Verify specific spaces are preserved
+      expect(block.thinking).toContain('user just ');
+      expect(block.thinking).toContain(' said');
+      expect(block.thinking).not.toContain('userjust');
+      expect(block.thinking).not.toContain('justsaid');
+    });
+
    it('should append tool use from ToolCallRequest events', () => {
      adapter.processEvent({
        type: GeminiEventType.ToolCallRequest,
--- a/packages/cli/src/nonInteractiveCli.test.ts
+++ b/packages/cli/src/nonInteractiveCli.test.ts
@@ -298,7 +298,9 @@ describe('runNonInteractive', () => {
      mockConfig,
      expect.objectContaining({ name: 'testTool' }),
      expect.any(AbortSignal),
-      undefined,
+      expect.objectContaining({
+        outputUpdateHandler: expect.any(Function),
+      }),
    );
    // Verify first call has isContinuation: false
    expect(mockGeminiClient.sendMessageStream).toHaveBeenNthCalledWith(
@@ -771,6 +773,52 @@ describe('runNonInteractive', () => {
    );
  });

+  it('should handle API errors in text mode and exit with error code', async () => {
+    (mockConfig.getOutputFormat as Mock).mockReturnValue(OutputFormat.TEXT);
+    setupMetricsMock();
+
+    // Simulate an API error event (like 401 unauthorized)
+    const apiErrorEvent: ServerGeminiStreamEvent = {
+      type: GeminiEventType.Error,
+      value: {
+        error: {
+          message: '401 Incorrect API key provided',
+          status: 401,
+        },
+      },
+    };
+
+    mockGeminiClient.sendMessageStream.mockReturnValue(
+      createStreamFromEvents([apiErrorEvent]),
+    );
+
+    let thrownError: Error | null = null;
+    try {
+      await runNonInteractive(
+        mockConfig,
+        mockSettings,
+        'Test input',
+        'prompt-id-api-error',
+      );
+      // Should not reach here
+      expect.fail('Expected error to be thrown');
+    } catch (error) {
+      thrownError = error as Error;
+    }
+
+    // Should throw with the API error message
+    expect(thrownError).toBeTruthy();
+    expect(thrownError?.message).toContain('401');
+    expect(thrownError?.message).toContain('Incorrect API key provided');
+
+    // Verify error was written to stderr
+    expect(processStderrSpy).toHaveBeenCalled();
+    const stderrCalls = processStderrSpy.mock.calls;
+    const errorOutput = stderrCalls.map((call) => call[0]).join('');
+    expect(errorOutput).toContain('401');
+    expect(errorOutput).toContain('Incorrect API key provided');
+  });
+
  it('should handle FatalInputError with custom exit code in JSON format', async () => {
    (mockConfig.getOutputFormat as Mock).mockReturnValue(OutputFormat.JSON);
    setupMetricsMock();
@@ -1777,4 +1825,84 @@ describe('runNonInteractive', () => {
      { isContinuation: false },
    );
  });
+
+  it('should print tool output to console in text mode (non-Task tools)', async () => {
+    // Test that tool output is printed to stdout in text mode
+    const toolCallEvent: ServerGeminiStreamEvent = {
+      type: GeminiEventType.ToolCallRequest,
+      value: {
+        callId: 'tool-1',
+        name: 'run_in_terminal',
+        args: { command: 'npm outdated' },
+        isClientInitiated: false,
+        prompt_id: 'prompt-id-tool-output',
+      },
+    };
+
+    // Mock tool execution with outputUpdateHandler being called
+    mockCoreExecuteToolCall.mockImplementation(
+      async (_config, _request, _signal, options) => {
+        // Simulate tool calling outputUpdateHandler with output chunks
+        if (options?.outputUpdateHandler) {
+          options.outputUpdateHandler('tool-1', 'Package outdated\n');
+          options.outputUpdateHandler('tool-1', 'npm@1.0.0 -> npm@2.0.0\n');
+        }
+        return {
+          responseParts: [
+            {
+              functionResponse: {
+                id: 'tool-1',
+                name: 'run_in_terminal',
+                response: {
+                  output: 'Package outdated\nnpm@1.0.0 -> npm@2.0.0',
+                },
+              },
+            },
+          ],
+        };
+      },
+    );
+
+    const firstCallEvents: ServerGeminiStreamEvent[] = [
+      toolCallEvent,
+      {
+        type: GeminiEventType.Finished,
+        value: { reason: undefined, usageMetadata: { totalTokenCount: 5 } },
+      },
+    ];
+
+    const secondCallEvents: ServerGeminiStreamEvent[] = [
+      { type: GeminiEventType.Content, value: 'Dependencies checked' },
+      {
+        type: GeminiEventType.Finished,
+        value: { reason: undefined, usageMetadata: { totalTokenCount: 3 } },
+      },
+    ];
+
+    mockGeminiClient.sendMessageStream
+      .mockReturnValueOnce(createStreamFromEvents(firstCallEvents))
+      .mockReturnValueOnce(createStreamFromEvents(secondCallEvents));
+
+    await runNonInteractive(
+      mockConfig,
+      mockSettings,
+      'Check dependencies',
+      'prompt-id-tool-output',
+    );
+
+    // Verify that executeToolCall was called with outputUpdateHandler
+    expect(mockCoreExecuteToolCall).toHaveBeenCalledWith(
+      mockConfig,
+      expect.objectContaining({ name: 'run_in_terminal' }),
+      expect.any(AbortSignal),
+      expect.objectContaining({
+        outputUpdateHandler: expect.any(Function),
+      }),
+    );
+
+    // Verify tool output was written to stdout
+    expect(processStdoutSpy).toHaveBeenCalledWith('Package outdated\n');
+    expect(processStdoutSpy).toHaveBeenCalledWith('npm@1.0.0 -> npm@2.0.0\n');
+    expect(processStdoutSpy).toHaveBeenCalledWith('Dependencies checked');
+  });
 });
--- a/packages/cli/src/nonInteractiveCli.ts
+++ b/packages/cli/src/nonInteractiveCli.ts
@@ -4,7 +4,11 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import type { Config, ToolCallRequestInfo } from '@qwen-code/qwen-code-core';
+import type {
+  Config,
+  ToolCallRequestInfo,
+  ToolResultDisplay,
+} from '@qwen-code/qwen-code-core';
 import { isSlashCommand } from './ui/utils/commandUtils.js';
 import type { LoadedSettings } from './config/settings.js';
 import {
@@ -308,6 +312,8 @@ export async function runNonInteractive(
                config.getContentGeneratorConfig()?.authType,
              );
              process.stderr.write(`${errorText}\n`);
+              // Throw error to exit with non-zero code
+              throw new Error(errorText);
            }
          }
        }
@@ -333,7 +339,7 @@ export async function runNonInteractive(
                ? options.controlService.permission.getToolCallUpdateCallback()
                : undefined;

-            // Only pass outputUpdateHandler for Task tool
+            // Create output handler for Task tool (for subagent execution)
            const isTaskTool = finalRequestInfo.name === 'task';
            const taskToolProgress = isTaskTool
              ? createTaskToolProgressHandler(
@@ -343,20 +349,41 @@ export async function runNonInteractive(
                )
              : undefined;
            const taskToolProgressHandler = taskToolProgress?.handler;
+
+            // Create output handler for non-Task tools in text mode (for console output)
+            const nonTaskOutputHandler =
+              !isTaskTool && !adapter
+                ? (callId: string, outputChunk: ToolResultDisplay) => {
+                    // Print tool output to console in text mode
+                    if (typeof outputChunk === 'string') {
+                      process.stdout.write(outputChunk);
+                    } else if (
+                      outputChunk &&
+                      typeof outputChunk === 'object' &&
+                      'ansiOutput' in outputChunk
+                    ) {
+                      // Handle ANSI output - just print as string for now
+                      process.stdout.write(String(outputChunk.ansiOutput));
+                    }
+                  }
+                : undefined;
+
+            // Combine output handlers
+            const outputUpdateHandler =
+              taskToolProgressHandler || nonTaskOutputHandler;
+
            const toolResponse = await executeToolCall(
              config,
              finalRequestInfo,
              abortController.signal,
-              isTaskTool && taskToolProgressHandler
+              outputUpdateHandler || toolCallUpdateCallback
                ? {
-                    outputUpdateHandler: taskToolProgressHandler,
-                    onToolCallsUpdate: toolCallUpdateCallback,
-                  }
-                : toolCallUpdateCallback
-                  ? {
+                    ...(outputUpdateHandler && { outputUpdateHandler }),
+                    ...(toolCallUpdateCallback && {
                      onToolCallsUpdate: toolCallUpdateCallback,
-                    }
-                  : undefined,
+                    }),
+                  }
+                : undefined,
            );

            // Note: In JSON mode, subagent messages are automatically added to the main
--- a/packages/cli/src/services/BuiltinCommandLoader.ts
+++ b/packages/cli/src/services/BuiltinCommandLoader.ts
@@ -31,6 +31,7 @@ import { quitCommand } from '../ui/commands/quitCommand.js';
 import { restoreCommand } from '../ui/commands/restoreCommand.js';
 import { resumeCommand } from '../ui/commands/resumeCommand.js';
 import { settingsCommand } from '../ui/commands/settingsCommand.js';
+import { skillsCommand } from '../ui/commands/skillsCommand.js';
 import { statsCommand } from '../ui/commands/statsCommand.js';
 import { summaryCommand } from '../ui/commands/summaryCommand.js';
 import { terminalSetupCommand } from '../ui/commands/terminalSetupCommand.js';
@@ -38,6 +39,7 @@ import { themeCommand } from '../ui/commands/themeCommand.js';
 import { toolsCommand } from '../ui/commands/toolsCommand.js';
 import { vimCommand } from '../ui/commands/vimCommand.js';
 import { setupGithubCommand } from '../ui/commands/setupGithubCommand.js';
+import { insightCommand } from '../ui/commands/insightCommand.js';

 /**
 * Loads the core, hard-coded slash commands that are an integral part
@@ -78,6 +80,7 @@ export class BuiltinCommandLoader implements ICommandLoader {
      quitCommand,
      restoreCommand(this.config),
      resumeCommand,
+      ...(this.config?.getExperimentalSkills?.() ? [skillsCommand] : []),
      statsCommand,
      summaryCommand,
      themeCommand,
@@ -86,6 +89,7 @@ export class BuiltinCommandLoader implements ICommandLoader {
      vimCommand,
      setupGithubCommand,
      terminalSetupCommand,
+      insightCommand,
    ];

    return allDefinitions.filter((cmd): cmd is SlashCommand => cmd !== null);
--- a/packages/cli/src/services/insight-page/README.md
+++ b/packages/cli/src/services/insight-page/README.md
@@ -0,0 +1,120 @@
+# Qwen Code Insights Page
+
+A React-based visualization dashboard for displaying coding activity insights and statistics.
+
+## Development
+
+This application consists of two parts:
+
+1. **Backend (Express Server)**: Serves API endpoints and processes chat history data
+2. **Frontend (Vite + React)**: Development server with HMR
+
+### Running in Development Mode
+
+You need to run both the backend and frontend servers:
+
+**Terminal 1 - Backend Server (Port 3001):**
+
+```bash
+pnpm dev:server
+```
+
+**Terminal 2 - Frontend Dev Server (Port 3000):**
+
+```bash
+pnpm dev
+```
+
+Then open <http://localhost:3000> in your browser.
+
+The Vite dev server will proxy `/api` requests to the backend server at port 3001.
+
+### Building for Production
+
+```bash
+pnpm build
+```
+
+This compiles TypeScript and builds the React application. The output will be in the `dist/` directory.
+
+In production, the Express server serves both the static files and API endpoints from a single port.
+
+## Architecture
+
+- **Frontend**: React + TypeScript + Vite + Chart.js
+- **Backend**: Express + Node.js
+- **Data Source**: JSONL chat history files from `~/.qwen/projects/*/chats/`
+
+## Original Vite Template Info
+
+This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
+
+Currently, two official plugins are available:
+
+- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) (or [oxc](https://oxc.rs) when used in [rolldown-vite](https://vite.dev/guide/rolldown)) for Fast Refresh
+- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
+
+## React Compiler
+
+The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see [this documentation](https://react.dev/learn/react-compiler/installation).
+
+## Expanding the ESLint configuration
+
+If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:
+
+```js
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+
+      // Remove tseslint.configs.recommended and replace with this
+      tseslint.configs.recommendedTypeChecked,
+      // Alternatively, use this for stricter rules
+      tseslint.configs.strictTypeChecked,
+      // Optionally, add this for stylistic rules
+      tseslint.configs.stylisticTypeChecked,
+
+      // Other configs...
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+]);
+```
+
+You can also install [eslint-plugin-react-x](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-x) and [eslint-plugin-react-dom](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-dom) for React-specific lint rules:
+
+```js
+// eslint.config.js
+import reactX from 'eslint-plugin-react-x';
+import reactDom from 'eslint-plugin-react-dom';
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+      // Enable lint rules for React
+      reactX.configs['recommended-typescript'],
+      // Enable lint rules for React DOM
+      reactDom.configs.recommended,
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+]);
+```
--- a/packages/cli/src/services/insight-page/index.html
+++ b/packages/cli/src/services/insight-page/index.html
@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/qwen.png" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Qwen Code Insight</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
--- a/packages/cli/src/services/insight-page/package.json
+++ b/packages/cli/src/services/insight-page/package.json
@@ -0,0 +1,42 @@
+{
+  "name": "insight-page",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "dev:server": "BASE_DIR=$HOME/.qwen/projects PORT=3001 tsx ../insightServer.ts",
+    "build": "tsc -b && vite build",
+    "lint": "eslint .",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "@uiw/react-heat-map": "^2.3.3",
+    "chart.js": "^4.5.1",
+    "html2canvas": "^1.4.1",
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.1",
+    "@types/node": "^24.10.1",
+    "@types/react": "^19.2.5",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^5.1.1",
+    "autoprefixer": "^10.4.20",
+    "eslint": "^9.39.1",
+    "eslint-plugin-react-hooks": "^7.0.1",
+    "eslint-plugin-react-refresh": "^0.4.24",
+    "globals": "^16.5.0",
+    "postcss": "^8.4.49",
+    "tailwindcss": "^3.4.17",
+    "typescript": "~5.9.3",
+    "typescript-eslint": "^8.46.4",
+    "vite": "npm:rolldown-vite@7.2.5"
+  },
+  "pnpm": {
+    "overrides": {
+      "vite": "npm:rolldown-vite@7.2.5"
+    }
+  }
+}
--- a/packages/cli/src/services/insight-page/pnpm-lock.yaml
+++ b/packages/cli/src/services/insight-page/pnpm-lock.yaml
--- a/packages/cli/src/services/insight-page/postcss.config.js
+++ b/packages/cli/src/services/insight-page/postcss.config.js
@@ -0,0 +1,6 @@
+export default {
+  plugins: {
+    tailwindcss: {},
+    autoprefixer: {},
+  },
+};
--- a/packages/cli/src/services/insight-page/public/qwen.png
+++ b/packages/cli/src/services/insight-page/public/qwen.png
--- a/packages/cli/src/services/insight-page/src/App.tsx
+++ b/packages/cli/src/services/insight-page/src/App.tsx
@@ -0,0 +1,395 @@
+import { useEffect, useRef, useState, type CSSProperties } from 'react';
+import {
+  Chart,
+  LineController,
+  LineElement,
+  BarController,
+  BarElement,
+  CategoryScale,
+  LinearScale,
+  PointElement,
+  Legend,
+  Title,
+  Tooltip,
+} from 'chart.js';
+import type { ChartConfiguration } from 'chart.js';
+import HeatMap from '@uiw/react-heat-map';
+import html2canvas from 'html2canvas';
+
+// Register Chart.js components
+Chart.register(
+  LineController,
+  LineElement,
+  BarController,
+  BarElement,
+  CategoryScale,
+  LinearScale,
+  PointElement,
+  Legend,
+  Title,
+  Tooltip,
+);
+
+interface UsageMetadata {
+  input: number;
+  output: number;
+  total: number;
+}
+
+interface InsightData {
+  heatmap: { [date: string]: number };
+  tokenUsage: { [date: string]: UsageMetadata };
+  currentStreak: number;
+  longestStreak: number;
+  longestWorkDate: string | null;
+  longestWorkDuration: number;
+  activeHours: { [hour: number]: number };
+  latestActiveTime: string | null;
+  achievements: Array<{
+    id: string;
+    name: string;
+    description: string;
+  }>;
+}
+
+function App() {
+  const [insights, setInsights] = useState<InsightData | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+  const hourChartRef = useRef<HTMLCanvasElement>(null);
+  const hourChartInstance = useRef<Chart | null>(null);
+  const containerRef = useRef<HTMLDivElement>(null);
+
+  // Load insights data
+  useEffect(() => {
+    const loadInsights = async () => {
+      try {
+        setLoading(true);
+        const response = await fetch('/api/insights');
+        if (!response.ok) {
+          throw new Error('Failed to fetch insights');
+        }
+        const data: InsightData = await response.json();
+        setInsights(data);
+        setError(null);
+      } catch (err) {
+        setError((err as Error).message);
+        setInsights(null);
+      } finally {
+        setLoading(false);
+      }
+    };
+
+    loadInsights();
+  }, []);
+
+  // Create hour chart when insights change
+  useEffect(() => {
+    if (!insights || !hourChartRef.current) return;
+
+    // Destroy existing chart if it exists
+    if (hourChartInstance.current) {
+      hourChartInstance.current.destroy();
+    }
+
+    const labels = Array.from({ length: 24 }, (_, i) => `${i}:00`);
+    const data = labels.map((_, i) => insights.activeHours[i] || 0);
+
+    const ctx = hourChartRef.current.getContext('2d');
+    if (!ctx) return;
+
+    hourChartInstance.current = new Chart(ctx, {
+      type: 'bar',
+      data: {
+        labels,
+        datasets: [
+          {
+            label: 'Activity per Hour',
+            data,
+            backgroundColor: 'rgba(52, 152, 219, 0.7)',
+            borderColor: 'rgba(52, 152, 219, 1)',
+            borderWidth: 1,
+          },
+        ],
+      },
+      options: {
+        indexAxis: 'y',
+        responsive: true,
+        maintainAspectRatio: false,
+        scales: {
+          x: {
+            beginAtZero: true,
+          },
+        },
+        plugins: {
+          legend: {
+            display: false,
+          },
+        },
+      } as ChartConfiguration['options'],
+    });
+  }, [insights]);
+
+  const handleExport = async () => {
+    if (!containerRef.current) return;
+
+    try {
+      const button = document.getElementById('export-btn') as HTMLButtonElement;
+      button.style.display = 'none';
+
+      const canvas = await html2canvas(containerRef.current, {
+        scale: 2,
+        useCORS: true,
+        logging: false,
+      });
+
+      const imgData = canvas.toDataURL('image/png');
+      const link = document.createElement('a');
+      link.href = imgData;
+      link.download = `qwen-insights-${new Date().toISOString().slice(0, 10)}.png`;
+      link.click();
+
+      button.style.display = 'block';
+    } catch (err) {
+      console.error('Error capturing image:', err);
+      alert('Failed to export image. Please try again.');
+    }
+  };
+
+  if (loading) {
+    return (
+      <div className="flex min-h-screen items-center justify-center bg-gradient-to-br from-slate-50 via-white to-slate-100">
+        <div className="glass-card px-8 py-6 text-center">
+          <h2 className="text-xl font-semibold text-slate-900">
+            Loading insights...
+          </h2>
+          <p className="mt-2 text-sm text-slate-600">
+            Fetching your coding patterns
+          </p>
+        </div>
+      </div>
+    );
+  }
+
+  if (error || !insights) {
+    return (
+      <div className="flex min-h-screen items-center justify-center bg-gradient-to-br from-slate-50 via-white to-slate-100">
+        <div className="glass-card px-8 py-6 text-center">
+          <h2 className="text-xl font-semibold text-rose-700">
+            Error loading insights
+          </h2>
+          <p className="mt-2 text-sm text-slate-600">
+            {error || 'Please try again later.'}
+          </p>
+        </div>
+      </div>
+    );
+  }
+
+  // Prepare heatmap data for react-heat-map
+  const heatmapData = Object.entries(insights.heatmap).map(([date, count]) => ({
+    date,
+    count,
+  }));
+
+  const cardClass = 'glass-card p-6';
+  const sectionTitleClass =
+    'text-lg font-semibold tracking-tight text-slate-900';
+  const captionClass = 'text-sm font-medium text-slate-500';
+
+  return (
+    <div className="min-h-screen" ref={containerRef}>
+      <div className="mx-auto max-w-6xl px-6 py-10 md:py-12">
+        <header className="mb-8 space-y-3 text-center">
+          <p className="text-xs font-semibold uppercase tracking-[0.2em] text-slate-500">
+            Insights
+          </p>
+          <h1 className="text-3xl font-semibold text-slate-900 md:text-4xl">
+            Qwen Code Insights
+          </h1>
+          <p className="text-sm text-slate-600">
+            Your personalized coding journey and patterns
+          </p>
+        </header>
+
+        <div className="grid gap-4 md:grid-cols-3 md:gap-6">
+          <div className={`${cardClass} h-full`}>
+            <div className="flex items-start justify-between">
+              <div>
+                <p className={captionClass}>Current Streak</p>
+                <p className="mt-1 text-4xl font-bold text-slate-900">
+                  {insights.currentStreak}
+                  <span className="ml-2 text-base font-semibold text-slate-500">
+                    days
+                  </span>
+                </p>
+              </div>
+              <span className="rounded-full bg-emerald-50 px-4 py-2 text-sm font-semibold text-emerald-700">
+                Longest {insights.longestStreak}d
+              </span>
+            </div>
+          </div>
+
+          <div className={`${cardClass} h-full`}>
+            <div className="flex items-center justify-between">
+              <h3 className={sectionTitleClass}>Active Hours</h3>
+              <span className="rounded-full bg-slate-100 px-3 py-1 text-xs font-semibold text-slate-600">
+                24h
+              </span>
+            </div>
+            <div className="mt-4 h-56 w-full">
+              <canvas ref={hourChartRef}></canvas>
+            </div>
+          </div>
+
+          <div className={`${cardClass} h-full space-y-3`}>
+            <h3 className={sectionTitleClass}>Work Session</h3>
+            <div className="grid grid-cols-2 gap-3 text-sm text-slate-700">
+              <div className="rounded-xl bg-slate-50 px-3 py-2">
+                <p className="text-xs font-semibold uppercase tracking-wide text-slate-500">
+                  Longest
+                </p>
+                <p className="mt-1 text-lg font-semibold text-slate-900">
+                  {insights.longestWorkDuration}m
+                </p>
+              </div>
+              <div className="rounded-xl bg-slate-50 px-3 py-2">
+                <p className="text-xs font-semibold uppercase tracking-wide text-slate-500">
+                  Date
+                </p>
+                <p className="mt-1 text-lg font-semibold text-slate-900">
+                  {insights.longestWorkDate || '-'}
+                </p>
+              </div>
+              <div className="col-span-2 rounded-xl bg-slate-50 px-3 py-2">
+                <p className="text-xs font-semibold uppercase tracking-wide text-slate-500">
+                  Last Active
+                </p>
+                <p className="mt-1 text-lg font-semibold text-slate-900">
+                  {insights.latestActiveTime || '-'}
+                </p>
+              </div>
+            </div>
+          </div>
+        </div>
+
+        <div className={`${cardClass} mt-4 space-y-4 md:mt-6`}>
+          <div className="flex items-center justify-between">
+            <h3 className={sectionTitleClass}>Activity Heatmap</h3>
+            <span className="text-xs font-semibold text-slate-500">
+              Past year
+            </span>
+          </div>
+          <div className="overflow-x-auto">
+            <div className="min-w-[720px] rounded-xl border border-slate-100 bg-white/70 p-4 shadow-inner shadow-slate-100">
+              <HeatMap
+                value={heatmapData}
+                width={1000}
+                style={{ color: '#0f172a' } satisfies CSSProperties}
+                startDate={
+                  new Date(new Date().setFullYear(new Date().getFullYear() - 1))
+                }
+                endDate={new Date()}
+                rectSize={14}
+                legendCellSize={12}
+                rectProps={{
+                  rx: 2,
+                }}
+                panelColors={{
+                  0: '#e2e8f0',
+                  2: '#a5d8ff',
+                  4: '#74c0fc',
+                  10: '#339af0',
+                  20: '#1c7ed6',
+                }}
+              />
+            </div>
+          </div>
+        </div>
+
+        <div className={`${cardClass} mt-4 md:mt-6`}>
+          <div className="space-y-3">
+            <h3 className={sectionTitleClass}>Token Usage</h3>
+            <div className="grid grid-cols-3 gap-3">
+              <div className="rounded-xl bg-slate-50 px-4 py-3">
+                <p className="text-xs font-semibold uppercase tracking-wide text-slate-500">
+                  Input
+                </p>
+                <p className="mt-1 text-2xl font-bold text-slate-900">
+                  {Object.values(insights.tokenUsage)
+                    .reduce((acc, usage) => acc + usage.input, 0)
+                    .toLocaleString()}
+                </p>
+              </div>
+              <div className="rounded-xl bg-slate-50 px-4 py-3">
+                <p className="text-xs font-semibold uppercase tracking-wide text-slate-500">
+                  Output
+                </p>
+                <p className="mt-1 text-2xl font-bold text-slate-900">
+                  {Object.values(insights.tokenUsage)
+                    .reduce((acc, usage) => acc + usage.output, 0)
+                    .toLocaleString()}
+                </p>
+              </div>
+              <div className="rounded-xl bg-slate-50 px-4 py-3">
+                <p className="text-xs font-semibold uppercase tracking-wide text-slate-500">
+                  Total
+                </p>
+                <p className="mt-1 text-2xl font-bold text-slate-900">
+                  {Object.values(insights.tokenUsage)
+                    .reduce((acc, usage) => acc + usage.total, 0)
+                    .toLocaleString()}
+                </p>
+              </div>
+            </div>
+          </div>
+        </div>
+
+        <div className={`${cardClass} mt-4 space-y-4 md:mt-6`}>
+          <div className="flex items-center justify-between">
+            <h3 className={sectionTitleClass}>Achievements</h3>
+            <span className="text-xs font-semibold text-slate-500">
+              {insights.achievements.length} total
+            </span>
+          </div>
+          {insights.achievements.length === 0 ? (
+            <p className="text-sm text-slate-600">
+              No achievements yet. Keep coding!
+            </p>
+          ) : (
+            <div className="divide-y divide-slate-200">
+              {insights.achievements.map((achievement) => (
+                <div
+                  key={achievement.id}
+                  className="flex flex-col gap-1 py-3 text-left"
+                >
+                  <span className="text-base font-semibold text-slate-900">
+                    {achievement.name}
+                  </span>
+                  <p className="text-sm text-slate-600">
+                    {achievement.description}
+                  </p>
+                </div>
+              ))}
+            </div>
+          )}
+        </div>
+
+        <div className="mt-6 flex justify-center">
+          <button
+            id="export-btn"
+            className="group inline-flex items-center gap-2 rounded-full bg-slate-900 px-5 py-3 text-sm font-semibold text-white shadow-soft transition focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-slate-400 hover:-translate-y-[1px] hover:shadow-lg active:translate-y-[1px]"
+            onClick={handleExport}
+          >
+            Export as Image
+            <span className="text-slate-200 transition group-hover:translate-x-0.5">
+              →
+            </span>
+          </button>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+export default App;
--- a/packages/cli/src/services/insight-page/src/index.css
+++ b/packages/cli/src/services/insight-page/src/index.css
@@ -0,0 +1,15 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+@layer base {
+  body {
+    @apply min-h-screen bg-gradient-to-br from-slate-50 via-white to-slate-100 text-slate-900 antialiased;
+  }
+}
+
+@layer components {
+  .glass-card {
+    @apply rounded-2xl border border-slate-200 bg-white/80 shadow-soft backdrop-blur;
+  }
+}
--- a/packages/cli/src/services/insight-page/src/main.tsx
+++ b/packages/cli/src/services/insight-page/src/main.tsx
@@ -0,0 +1,10 @@
+import { StrictMode } from 'react';
+import { createRoot } from 'react-dom/client';
+import './index.css';
+import App from './App.tsx';
+
+createRoot(document.getElementById('root')!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+);
--- a/packages/cli/src/services/insight-page/tailwind.config.ts
+++ b/packages/cli/src/services/insight-page/tailwind.config.ts
@@ -0,0 +1,18 @@
+import type { Config } from 'tailwindcss';
+
+const config: Config = {
+  content: ['./index.html', './src/**/*.{ts,tsx}'],
+  theme: {
+    extend: {
+      boxShadow: {
+        soft: '0 10px 40px rgba(15, 23, 42, 0.08)',
+      },
+      borderRadius: {
+        xl: '1.25rem',
+      },
+    },
+  },
+  plugins: [],
+};
+
+export default config;
--- a/packages/cli/src/services/insight-page/tsconfig.app.json
+++ b/packages/cli/src/services/insight-page/tsconfig.app.json
@@ -0,0 +1,28 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
+    "target": "ES2022",
+    "useDefineForClassFields": true,
+    "lib": ["ES2022", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "types": ["vite/client"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+    "jsx": "react-jsx",
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["src"]
+}
--- a/packages/cli/src/services/insight-page/tsconfig.json
+++ b/packages/cli/src/services/insight-page/tsconfig.json
@@ -0,0 +1,7 @@
+{
+  "files": [],
+  "references": [
+    { "path": "./tsconfig.app.json" },
+    { "path": "./tsconfig.node.json" }
+  ]
+}
--- a/packages/cli/src/services/insight-page/tsconfig.node.json
+++ b/packages/cli/src/services/insight-page/tsconfig.node.json
@@ -0,0 +1,26 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
+    "target": "ES2023",
+    "lib": ["ES2023"],
+    "module": "ESNext",
+    "types": ["node"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["vite.config.ts"]
+}
--- a/packages/cli/src/services/insight-page/views/assets/index-CV6J1oXz.css
+++ b/packages/cli/src/services/insight-page/views/assets/index-CV6J1oXz.css
--- a/packages/cli/src/services/insight-page/views/assets/index-D7obW1Jn.js
+++ b/packages/cli/src/services/insight-page/views/assets/index-D7obW1Jn.js
--- a/packages/cli/src/services/insight-page/views/index.html
+++ b/packages/cli/src/services/insight-page/views/index.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/qwen.png" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>insight-page</title>
+    <script type="module" crossorigin src="/assets/index-D7obW1Jn.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-CV6J1oXz.css">
+  </head>
+  <body>
+    <div id="root"></div>
+  </body>
+</html>
--- a/packages/cli/src/services/insight-page/views/qwen.png
+++ b/packages/cli/src/services/insight-page/views/qwen.png
--- a/packages/cli/src/services/insight-page/vite.config.ts
+++ b/packages/cli/src/services/insight-page/vite.config.ts
@@ -0,0 +1,19 @@
+import { defineConfig } from 'vite';
+import react from '@vitejs/plugin-react';
+
+// https://vite.dev/config/
+export default defineConfig({
+  plugins: [react()],
+  build: {
+    outDir: 'views',
+  },
+  server: {
+    port: 3000,
+    proxy: {
+      '/api': {
+        target: 'http://localhost:3001',
+        changeOrigin: true,
+      },
+    },
+  },
+});
--- a/packages/cli/src/services/insightServer.ts
+++ b/packages/cli/src/services/insightServer.ts
@@ -0,0 +1,404 @@
+/**
+ * @license
+ * Copyright 2025 Qwen Code
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import express from 'express';
+import fs from 'fs/promises';
+import path, { dirname } from 'path';
+import { fileURLToPath } from 'url';
+import type { ChatRecord } from '@qwen-code/qwen-code-core';
+import { read } from '@qwen-code/qwen-code-core/src/utils/jsonl-utils.js';
+
+interface StreakData {
+  currentStreak: number;
+  longestStreak: number;
+  dates: string[];
+}
+
+// For heat map data
+interface HeatMapData {
+  [date: string]: number;
+}
+
+// For token usage data
+interface TokenUsageData {
+  [date: string]: {
+    input: number;
+    output: number;
+    total: number;
+  };
+}
+
+// For achievement data
+interface AchievementData {
+  id: string;
+  name: string;
+  description: string;
+}
+
+// For the final insight data
+interface InsightData {
+  heatmap: HeatMapData;
+  tokenUsage: TokenUsageData;
+  currentStreak: number;
+  longestStreak: number;
+  longestWorkDate: string | null;
+  longestWorkDuration: number; // in minutes
+  activeHours: { [hour: number]: number };
+  latestActiveTime: string | null;
+  achievements: AchievementData[];
+}
+
+function debugLog(message: string) {
+  const timestamp = new Date().toISOString();
+  const logMessage = `[${timestamp}] ${message}\n`;
+  console.log(logMessage);
+}
+
+debugLog('Insight server starting...');
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+const app = express();
+const PORT = process.env['PORT'];
+const BASE_DIR = process.env['BASE_DIR'];
+
+if (!BASE_DIR) {
+  debugLog('BASE_DIR environment variable is required');
+  process.exit(1);
+}
+
+// Serve static assets from the views/assets directory
+app.use(
+  '/assets',
+  express.static(path.join(__dirname, 'insight-page', 'views', 'assets')),
+);
+
+app.get('/', (_req, res) => {
+  res.sendFile(path.join(__dirname, 'insight-page', 'views', 'index.html'));
+});
+
+// API endpoint to get insight data
+app.get('/api/insights', async (_req, res) => {
+  try {
+    debugLog('Received request for insights data');
+    const insights = await generateInsights(BASE_DIR);
+    res.json(insights);
+  } catch (error) {
+    debugLog(`Error generating insights: ${error}`);
+    res.status(500).json({ error: 'Failed to generate insights' });
+  }
+});
+
+// Process chat files from all projects in the base directory and generate insights
+async function generateInsights(baseDir: string): Promise<InsightData> {
+  // Initialize data structures
+  const heatmap: HeatMapData = {};
+  const tokenUsage: TokenUsageData = {};
+  const activeHours: { [hour: number]: number } = {};
+  const sessionStartTimes: { [sessionId: string]: Date } = {};
+  const sessionEndTimes: { [sessionId: string]: Date } = {};
+
+  try {
+    // Get all project directories in the base directory
+    const projectDirs = await fs.readdir(baseDir);
+
+    // Process each project directory
+    for (const projectDir of projectDirs) {
+      const projectPath = path.join(baseDir, projectDir);
+      const stats = await fs.stat(projectPath);
+
+      // Only process if it's a directory
+      if (stats.isDirectory()) {
+        const chatsDir = path.join(projectPath, 'chats');
+
+        let chatFiles: string[] = [];
+        try {
+          // Get all chat files in the chats directory
+          const files = await fs.readdir(chatsDir);
+          chatFiles = files.filter((file) => file.endsWith('.jsonl'));
+        } catch (error) {
+          if ((error as NodeJS.ErrnoException).code !== 'ENOENT') {
+            debugLog(
+              `Error reading chats directory for project ${projectDir}: ${error}`,
+            );
+          }
+          // Continue to next project if chats directory doesn't exist
+          continue;
+        }
+
+        // Process each chat file in this project
+        for (const file of chatFiles) {
+          const filePath = path.join(chatsDir, file);
+          const records = await read<ChatRecord>(filePath);
+
+          // Process each record
+          for (const record of records) {
+            const timestamp = new Date(record.timestamp);
+            const dateKey = formatDate(timestamp);
+            const hour = timestamp.getHours();
+
+            // Update heatmap (count of interactions per day)
+            heatmap[dateKey] = (heatmap[dateKey] || 0) + 1;
+
+            // Update active hours
+            activeHours[hour] = (activeHours[hour] || 0) + 1;
+
+            // Update token usage
+            if (record.usageMetadata) {
+              const usage = tokenUsage[dateKey] || {
+                input: 0,
+                output: 0,
+                total: 0,
+              };
+
+              usage.input += record.usageMetadata.promptTokenCount || 0;
+              usage.output += record.usageMetadata.candidatesTokenCount || 0;
+              usage.total += record.usageMetadata.totalTokenCount || 0;
+
+              tokenUsage[dateKey] = usage;
+            }
+
+            // Track session times
+            if (!sessionStartTimes[record.sessionId]) {
+              sessionStartTimes[record.sessionId] = timestamp;
+            }
+            sessionEndTimes[record.sessionId] = timestamp;
+          }
+        }
+      }
+    }
+  } catch (error) {
+    if ((error as NodeJS.ErrnoException).code === 'ENOENT') {
+      // Base directory doesn't exist, return empty insights
+      debugLog(`Base directory does not exist: ${baseDir}`);
+    } else {
+      debugLog(`Error reading base directory: ${error}`);
+    }
+  }
+
+  // Calculate streak data
+  const streakData = calculateStreaks(Object.keys(heatmap));
+
+  // Calculate longest work session
+  let longestWorkDuration = 0;
+  let longestWorkDate: string | null = null;
+  for (const sessionId in sessionStartTimes) {
+    const start = sessionStartTimes[sessionId];
+    const end = sessionEndTimes[sessionId];
+    const durationMinutes = Math.round(
+      (end.getTime() - start.getTime()) / (1000 * 60),
+    );
+
+    if (durationMinutes > longestWorkDuration) {
+      longestWorkDuration = durationMinutes;
+      longestWorkDate = formatDate(start);
+    }
+  }
+
+  // Calculate latest active time
+  let latestActiveTime: string | null = null;
+  let latestTimestamp = new Date(0);
+  for (const dateStr in heatmap) {
+    const date = new Date(dateStr);
+    if (date > latestTimestamp) {
+      latestTimestamp = date;
+      latestActiveTime = date.toLocaleTimeString([], {
+        hour: '2-digit',
+        minute: '2-digit',
+      });
+    }
+  }
+
+  // Calculate achievements
+  const achievements = calculateAchievements(activeHours, heatmap, tokenUsage);
+
+  return {
+    heatmap,
+    tokenUsage,
+    currentStreak: streakData.currentStreak,
+    longestStreak: streakData.longestStreak,
+    longestWorkDate,
+    longestWorkDuration,
+    activeHours,
+    latestActiveTime,
+    achievements,
+  };
+}
+
+// Helper function to format date as YYYY-MM-DD
+function formatDate(date: Date): string {
+  return date.toISOString().split('T')[0];
+}
+
+// Calculate streaks from activity dates
+function calculateStreaks(dates: string[]): StreakData {
+  if (dates.length === 0) {
+    return { currentStreak: 0, longestStreak: 0, dates: [] };
+  }
+
+  // Convert string dates to Date objects and sort them
+  const dateObjects = dates.map((dateStr) => new Date(dateStr));
+  dateObjects.sort((a, b) => a.getTime() - b.getTime());
+
+  let currentStreak = 1;
+  let maxStreak = 1;
+  let currentDate = new Date(dateObjects[0]);
+  currentDate.setHours(0, 0, 0, 0); // Normalize to start of day
+
+  for (let i = 1; i < dateObjects.length; i++) {
+    const nextDate = new Date(dateObjects[i]);
+    nextDate.setHours(0, 0, 0, 0); // Normalize to start of day
+
+    // Calculate difference in days
+    const diffDays = Math.floor(
+      (nextDate.getTime() - currentDate.getTime()) / (1000 * 60 * 60 * 24),
+    );
+
+    if (diffDays === 1) {
+      // Consecutive day
+      currentStreak++;
+      maxStreak = Math.max(maxStreak, currentStreak);
+    } else if (diffDays > 1) {
+      // Gap in streak
+      currentStreak = 1;
+    }
+    // If diffDays === 0, same day, so streak continues
+
+    currentDate = nextDate;
+  }
+
+  // Check if the streak is still ongoing (if last activity was yesterday or today)
+  const today = new Date();
+  today.setHours(0, 0, 0, 0);
+  const yesterday = new Date(today);
+  yesterday.setDate(yesterday.getDate() - 1);
+
+  if (
+    currentDate.getTime() === today.getTime() ||
+    currentDate.getTime() === yesterday.getTime()
+  ) {
+    // The streak might still be active, so we don't reset it
+  }
+
+  return {
+    currentStreak,
+    longestStreak: maxStreak,
+    dates,
+  };
+}
+
+// Calculate achievements based on user behavior
+function calculateAchievements(
+  activeHours: { [hour: number]: number },
+  heatmap: HeatMapData,
+  _tokenUsage: TokenUsageData,
+): AchievementData[] {
+  const achievements: AchievementData[] = [];
+
+  // Total activities
+  const totalActivities = Object.values(heatmap).reduce(
+    (sum, count) => sum + count,
+    0,
+  );
+
+  // Total tokens used - commented out since it's not currently used
+  // const totalTokens = Object.values(tokenUsage).reduce((sum, usage) => sum + usage.total, 0);
+
+  // Total sessions
+  const totalSessions = Object.keys(heatmap).length;
+
+  // Calculate percentage of activity per hour
+  const totalHourlyActivity = Object.values(activeHours).reduce(
+    (sum, count) => sum + count,
+    0,
+  );
+  if (totalHourlyActivity > 0) {
+    // Midnight debugger: 20% of sessions happen between 12AM-5AM
+    const midnightActivity =
+      (activeHours[0] || 0) +
+      (activeHours[1] || 0) +
+      (activeHours[2] || 0) +
+      (activeHours[3] || 0) +
+      (activeHours[4] || 0) +
+      (activeHours[5] || 0);
+
+    if (midnightActivity / totalHourlyActivity >= 0.2) {
+      achievements.push({
+        id: 'midnight-debugger',
+        name: 'Midnight Debugger',
+        description: '20% of your sessions happen between 12AM-5AM',
+      });
+    }
+
+    // Morning coder: 20% of sessions happen between 6AM-9AM
+    const morningActivity =
+      (activeHours[6] || 0) +
+      (activeHours[7] || 0) +
+      (activeHours[8] || 0) +
+      (activeHours[9] || 0);
+
+    if (morningActivity / totalHourlyActivity >= 0.2) {
+      achievements.push({
+        id: 'morning-coder',
+        name: 'Morning Coder',
+        description: '20% of your sessions happen between 6AM-9AM',
+      });
+    }
+  }
+
+  // Patient king: average conversation length >= 10 exchanges
+  if (totalSessions > 0) {
+    const avgExchanges = totalActivities / totalSessions;
+    if (avgExchanges >= 10) {
+      achievements.push({
+        id: 'patient-king',
+        name: 'Patient King',
+        description: 'Your average conversation length is 10+ exchanges',
+      });
+    }
+  }
+
+  // Quick finisher: 70% of sessions have <= 2 exchanges
+  let quickSessions = 0;
+  // Since we don't have per-session exchange counts easily available,
+  // we'll estimate based on the distribution of activities
+  if (totalSessions > 0) {
+    // This is a simplified calculation - in a real implementation,
+    // we'd need to count exchanges per session
+    const avgPerSession = totalActivities / totalSessions;
+    if (avgPerSession <= 2) {
+      // Estimate based on low average
+      quickSessions = Math.floor(totalSessions * 0.7);
+    }
+
+    if (quickSessions / totalSessions >= 0.7) {
+      achievements.push({
+        id: 'quick-finisher',
+        name: 'Quick Finisher',
+        description: '70% of your sessions end in 2 exchanges or fewer',
+      });
+    }
+  }
+
+  // Explorer: for users with insufficient data or default
+  if (achievements.length === 0) {
+    achievements.push({
+      id: 'explorer',
+      name: 'Explorer',
+      description: 'Getting started with Qwen Code',
+    });
+  }
+
+  return achievements;
+}
+
+// Start the server
+app.listen(PORT, () => {
+  debugLog(`Server running at http://localhost:${PORT}/`);
+  debugLog(`Analyzing projects in: ${BASE_DIR}`);
+  debugLog('Server is running. Press Ctrl+C to stop.');
+});
--- a/packages/cli/src/services/prompt-processors/shellProcessor.test.ts
+++ b/packages/cli/src/services/prompt-processors/shellProcessor.test.ts
@@ -72,6 +72,7 @@ describe('ShellProcessor', () => {
      getApprovalMode: vi.fn().mockReturnValue(ApprovalMode.DEFAULT),
      getShouldUseNodePtyShell: vi.fn().mockReturnValue(false),
      getShellExecutionConfig: vi.fn().mockReturnValue({}),
+      getAllowedTools: vi.fn().mockReturnValue([]),
    };

    context = createMockCommandContext({
@@ -196,6 +197,35 @@ describe('ShellProcessor', () => {
    );
  });

+  it('should NOT throw ConfirmationRequiredError when a command matches allowedTools', async () => {
+    const processor = new ShellProcessor('test-command');
+    const prompt: PromptPipelineContent = createPromptPipelineContent(
+      'Do something dangerous: !{rm -rf /}',
+    );
+    mockCheckCommandPermissions.mockReturnValue({
+      allAllowed: false,
+      disallowedCommands: ['rm -rf /'],
+    });
+    (mockConfig.getAllowedTools as Mock).mockReturnValue([
+      'ShellTool(rm -rf /)',
+    ]);
+    mockShellExecute.mockReturnValue({
+      result: Promise.resolve({ ...SUCCESS_RESULT, output: 'deleted' }),
+    });
+
+    const result = await processor.process(prompt, context);
+
+    expect(mockShellExecute).toHaveBeenCalledWith(
+      'rm -rf /',
+      expect.any(String),
+      expect.any(Function),
+      expect.any(Object),
+      false,
+      expect.any(Object),
+    );
+    expect(result).toEqual([{ text: 'Do something dangerous: deleted' }]);
+  });
+
  it('should NOT throw ConfirmationRequiredError if a command is not allowed but approval mode is YOLO', async () => {
    const processor = new ShellProcessor('test-command');
    const prompt: PromptPipelineContent = createPromptPipelineContent(
--- a/packages/cli/src/services/prompt-processors/shellProcessor.ts
+++ b/packages/cli/src/services/prompt-processors/shellProcessor.ts
@@ -7,11 +7,13 @@
 import {
  ApprovalMode,
  checkCommandPermissions,
+  doesToolInvocationMatch,
  escapeShellArg,
  getShellConfiguration,
  ShellExecutionService,
  flatMapTextParts,
 } from '@qwen-code/qwen-code-core';
+import type { AnyToolInvocation } from '@qwen-code/qwen-code-core';

 import type { CommandContext } from '../../ui/commands/types.js';
 import type { IPromptProcessor, PromptPipelineContent } from './types.js';
@@ -124,6 +126,15 @@ export class ShellProcessor implements IPromptProcessor {
      // Security check on the final, escaped command string.
      const { allAllowed, disallowedCommands, blockReason, isHardDenial } =
        checkCommandPermissions(command, config, sessionShellAllowlist);
+      const allowedTools = config.getAllowedTools() || [];
+      const invocation = {
+        params: { command },
+      } as AnyToolInvocation;
+      const isAllowedBySettings = doesToolInvocationMatch(
+        'run_shell_command',
+        invocation,
+        allowedTools,
+      );

      if (!allAllowed) {
        if (isHardDenial) {
@@ -132,10 +143,17 @@ export class ShellProcessor implements IPromptProcessor {
          );
        }

-        // If not a hard denial, respect YOLO mode and auto-approve.
-        if (config.getApprovalMode() !== ApprovalMode.YOLO) {
-          disallowedCommands.forEach((uc) => commandsToConfirm.add(uc));
+        // If the command is allowed by settings, skip confirmation.
+        if (isAllowedBySettings) {
+          continue;
        }
+
+        // If not a hard denial, respect YOLO mode and auto-approve.
+        if (config.getApprovalMode() === ApprovalMode.YOLO) {
+          continue;
+        }
+
+        disallowedCommands.forEach((uc) => commandsToConfirm.add(uc));
      }
    }

--- a/packages/cli/src/test-utils/render.tsx
+++ b/packages/cli/src/test-utils/render.tsx
@@ -6,10 +6,12 @@

 import { render } from 'ink-testing-library';
 import type React from 'react';
+import type { Config } from '@qwen-code/qwen-code-core';
 import { LoadedSettings } from '../config/settings.js';
 import { KeypressProvider } from '../ui/contexts/KeypressContext.js';
 import { SettingsContext } from '../ui/contexts/SettingsContext.js';
 import { ShellFocusContext } from '../ui/contexts/ShellFocusContext.js';
+import { ConfigContext } from '../ui/contexts/ConfigContext.js';

 const mockSettings = new LoadedSettings(
  { path: '', settings: {}, originalSettings: {} },
@@ -22,14 +24,24 @@ const mockSettings = new LoadedSettings(

 export const renderWithProviders = (
  component: React.ReactElement,
-  { shellFocus = true, settings = mockSettings } = {},
+  {
+    shellFocus = true,
+    settings = mockSettings,
+    config = undefined,
+  }: {
+    shellFocus?: boolean;
+    settings?: LoadedSettings;
+    config?: Config;
+  } = {},
 ): ReturnType<typeof render> =>
  render(
    <SettingsContext.Provider value={settings}>
-      <ShellFocusContext.Provider value={shellFocus}>
-        <KeypressProvider kittyProtocolEnabled={true}>
-          {component}
-        </KeypressProvider>
-      </ShellFocusContext.Provider>
+      <ConfigContext.Provider value={config}>
+        <ShellFocusContext.Provider value={shellFocus}>
+          <KeypressProvider kittyProtocolEnabled={true}>
+            {component}
+          </KeypressProvider>
+        </ShellFocusContext.Provider>
+      </ConfigContext.Provider>
    </SettingsContext.Provider>,
  );
--- a/packages/cli/src/ui/AppContainer.tsx
+++ b/packages/cli/src/ui/AppContainer.tsx
@@ -32,7 +32,6 @@ import {
  type Config,
  type IdeInfo,
  type IdeContext,
-  DEFAULT_GEMINI_FLASH_MODEL,
  IdeClient,
  ideContextStore,
  getErrorMessage,
@@ -180,15 +179,10 @@ export const AppContainer = (props: AppContainerProps) => {
    [],
  );

-  // Helper to determine the effective model, considering the fallback state.
-  const getEffectiveModel = useCallback(() => {
-    if (config.isInFallbackMode()) {
-      return DEFAULT_GEMINI_FLASH_MODEL;
-    }
-    return config.getModel();
-  }, [config]);
+  // Helper to determine the current model (polled, since Config has no model-change event).
+  const getCurrentModel = useCallback(() => config.getModel(), [config]);

-  const [currentModel, setCurrentModel] = useState(getEffectiveModel());
+  const [currentModel, setCurrentModel] = useState(getCurrentModel());

  const [isConfigInitialized, setConfigInitialized] = useState(false);

@@ -241,12 +235,12 @@ export const AppContainer = (props: AppContainerProps) => {
    [historyManager.addItem],
  );

-  // Watch for model changes (e.g., from Flash fallback)
+  // Watch for model changes (e.g., user switches model via /model)
  useEffect(() => {
    const checkModelChange = () => {
-      const effectiveModel = getEffectiveModel();
-      if (effectiveModel !== currentModel) {
-        setCurrentModel(effectiveModel);
+      const model = getCurrentModel();
+      if (model !== currentModel) {
+        setCurrentModel(model);
      }
    };

@@ -254,7 +248,7 @@ export const AppContainer = (props: AppContainerProps) => {
    const interval = setInterval(checkModelChange, 1000); // Check every second

    return () => clearInterval(interval);
-  }, [config, currentModel, getEffectiveModel]);
+  }, [config, currentModel, getCurrentModel]);

  const {
    consoleMessages,
@@ -376,37 +370,36 @@ export const AppContainer = (props: AppContainerProps) => {
  // Check for enforced auth type mismatch
  useEffect(() => {
    // Check for initialization error first
+    const currentAuthType = config.modelsConfig.getCurrentAuthType();

    if (
      settings.merged.security?.auth?.enforcedType &&
-      settings.merged.security?.auth.selectedType &&
-      settings.merged.security?.auth.enforcedType !==
-        settings.merged.security?.auth.selectedType
+      currentAuthType &&
+      settings.merged.security?.auth.enforcedType !== currentAuthType
    ) {
      onAuthError(
        t(
          'Authentication is enforced to be {{enforcedType}}, but you are currently using {{currentType}}.',
          {
-            enforcedType: settings.merged.security?.auth.enforcedType,
-            currentType: settings.merged.security?.auth.selectedType,
+            enforcedType: String(settings.merged.security?.auth.enforcedType),
+            currentType: String(currentAuthType),
          },
        ),
      );
-    } else if (
-      settings.merged.security?.auth?.selectedType &&
-      !settings.merged.security?.auth?.useExternal
-    ) {
-      const error = validateAuthMethod(
-        settings.merged.security.auth.selectedType,
-      );
-      if (error) {
-        onAuthError(error);
+    } else if (!settings.merged.security?.auth?.useExternal) {
+      // If no authType is selected yet, allow the auth UI flow to prompt the user.
+      // Only validate credentials once a concrete authType exists.
+      if (currentAuthType) {
+        const error = validateAuthMethod(currentAuthType, config);
+        if (error) {
+          onAuthError(error);
+        }
      }
    }
  }, [
-    settings.merged.security?.auth?.selectedType,
    settings.merged.security?.auth?.enforcedType,
    settings.merged.security?.auth?.useExternal,
+    config,
    onAuthError,
  ]);

@@ -925,7 +918,12 @@ export const AppContainer = (props: AppContainerProps) => {
  const handleIdePromptComplete = useCallback(
    (result: IdeIntegrationNudgeResult) => {
      if (result.userSelection === 'yes') {
-        handleSlashCommand('/ide install');
+        // Check whether the extension has been pre-installed
+        if (result.isExtensionPreInstalled) {
+          handleSlashCommand('/ide enable');
+        } else {
+          handleSlashCommand('/ide install');
+        }
        settings.setValue(SettingScope.User, 'ide.hasSeenNudge', true);
      } else if (result.userSelection === 'dismiss') {
        settings.setValue(SettingScope.User, 'ide.hasSeenNudge', true);
--- a/packages/cli/src/ui/IdeIntegrationNudge.tsx
+++ b/packages/cli/src/ui/IdeIntegrationNudge.tsx
@@ -38,6 +38,7 @@ export function IdeIntegrationNudge({
  );

  const { displayName: ideName } = ide;
+  const isInSandbox = !!process.env['SANDBOX'];
  // Assume extension is already installed if the env variables are set.
  const isExtensionPreInstalled =
    !!process.env['QWEN_CODE_IDE_SERVER_PORT'] &&
@@ -70,13 +71,15 @@ export function IdeIntegrationNudge({
    },
  ];

-  const installText = isExtensionPreInstalled
-    ? `If you select Yes, the CLI will have access to your open files and display diffs directly in ${
-        ideName ?? 'your editor'
-      }.`
-    : `If you select Yes, we'll install an extension that allows the CLI to access your open files and display diffs directly in ${
-        ideName ?? 'your editor'
-      }.`;
+  const installText = isInSandbox
+    ? `Note: In sandbox environments, IDE integration requires manual setup on the host system. If you select Yes, you'll receive instructions on how to set this up.`
+    : isExtensionPreInstalled
+      ? `If you select Yes, the CLI will connect to your ${
+          ideName ?? 'editor'
+        } and have access to your open files and display diffs directly.`
+      : `If you select Yes, we'll install an extension that allows the CLI to access your open files and display diffs directly in ${
+          ideName ?? 'your editor'
+        }.`;

  return (
    <Box
--- a/packages/cli/src/ui/auth/AuthDialog.test.tsx
+++ b/packages/cli/src/ui/auth/AuthDialog.test.tsx
@@ -6,7 +6,8 @@

 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { AuthDialog } from './AuthDialog.js';
-import { LoadedSettings, SettingScope } from '../../config/settings.js';
+import { LoadedSettings } from '../../config/settings.js';
+import type { Config } from '@qwen-code/qwen-code-core';
 import { AuthType } from '@qwen-code/qwen-code-core';
 import { renderWithProviders } from '../../test-utils/render.js';
 import { UIStateContext } from '../contexts/UIStateContext.js';
@@ -43,17 +44,24 @@ const renderAuthDialog = (
  settings: LoadedSettings,
  uiStateOverrides: Partial<UIState> = {},
  uiActionsOverrides: Partial<UIActions> = {},
+  configAuthType: AuthType | undefined = undefined,
+  configApiKey: string | undefined = undefined,
 ) => {
  const uiState = createMockUIState(uiStateOverrides);
  const uiActions = createMockUIActions(uiActionsOverrides);

+  const mockConfig = {
+    getAuthType: vi.fn(() => configAuthType),
+    getContentGeneratorConfig: vi.fn(() => ({ apiKey: configApiKey })),
+  } as unknown as Config;
+
  return renderWithProviders(
    <UIStateContext.Provider value={uiState}>
      <UIActionsContext.Provider value={uiActions}>
        <AuthDialog />
      </UIActionsContext.Provider>
    </UIStateContext.Provider>,
-    { settings },
+    { settings, config: mockConfig },
  );
 };

@@ -421,6 +429,7 @@ describe('AuthDialog', () => {
      settings,
      {},
      { handleAuthSelect },
+      undefined, // config.getAuthType() returns undefined
    );
    await wait();

@@ -475,6 +484,7 @@ describe('AuthDialog', () => {
      settings,
      { authError: 'Initial error' },
      { handleAuthSelect },
+      undefined, // config.getAuthType() returns undefined
    );
    await wait();

@@ -528,6 +538,7 @@ describe('AuthDialog', () => {
      settings,
      {},
      { handleAuthSelect },
+      AuthType.USE_OPENAI, // config.getAuthType() returns USE_OPENAI
    );
    await wait();

@@ -536,7 +547,7 @@ describe('AuthDialog', () => {
    await wait();

    // Should call handleAuthSelect with undefined to exit
-    expect(handleAuthSelect).toHaveBeenCalledWith(undefined, SettingScope.User);
+    expect(handleAuthSelect).toHaveBeenCalledWith(undefined);
    unmount();
  });
 });
--- a/packages/cli/src/ui/auth/AuthDialog.tsx
+++ b/packages/cli/src/ui/auth/AuthDialog.tsx
@@ -8,13 +8,12 @@ import type React from 'react';
 import { useState } from 'react';
 import { AuthType } from '@qwen-code/qwen-code-core';
 import { Box, Text } from 'ink';
-import { SettingScope } from '../../config/settings.js';
 import { Colors } from '../colors.js';
 import { useKeypress } from '../hooks/useKeypress.js';
 import { RadioButtonSelect } from '../components/shared/RadioButtonSelect.js';
 import { useUIState } from '../contexts/UIStateContext.js';
 import { useUIActions } from '../contexts/UIActionsContext.js';
-import { useSettings } from '../contexts/SettingsContext.js';
+import { useConfig } from '../contexts/ConfigContext.js';
 import { t } from '../../i18n/index.js';

 function parseDefaultAuthType(
@@ -32,7 +31,7 @@ function parseDefaultAuthType(
 export function AuthDialog(): React.JSX.Element {
  const { pendingAuthType, authError } = useUIState();
  const { handleAuthSelect: onAuthSelect } = useUIActions();
-  const settings = useSettings();
+  const config = useConfig();

  const [errorMessage, setErrorMessage] = useState<string | null>(null);
  const [selectedIndex, setSelectedIndex] = useState<number | null>(null);
@@ -58,9 +57,10 @@ export function AuthDialog(): React.JSX.Element {
        return item.value === pendingAuthType;
      }

-      // Priority 2: settings.merged.security?.auth?.selectedType
-      if (settings.merged.security?.auth?.selectedType) {
-        return item.value === settings.merged.security?.auth?.selectedType;
+      // Priority 2: config.getAuthType() - the source of truth
+      const currentAuthType = config.getAuthType();
+      if (currentAuthType) {
+        return item.value === currentAuthType;
      }

      // Priority 3: QWEN_DEFAULT_AUTH_TYPE env var
@@ -76,7 +76,7 @@ export function AuthDialog(): React.JSX.Element {
    }),
  );

-  const hasApiKey = Boolean(settings.merged.security?.auth?.apiKey);
+  const hasApiKey = Boolean(config.getContentGeneratorConfig()?.apiKey);
  const currentSelectedAuthType =
    selectedIndex !== null
      ? items[selectedIndex]?.value
@@ -84,7 +84,7 @@ export function AuthDialog(): React.JSX.Element {

  const handleAuthSelect = async (authMethod: AuthType) => {
    setErrorMessage(null);
-    await onAuthSelect(authMethod, SettingScope.User);
+    await onAuthSelect(authMethod);
  };

  const handleHighlight = (authMethod: AuthType) => {
@@ -100,7 +100,7 @@ export function AuthDialog(): React.JSX.Element {
        if (errorMessage) {
          return;
        }
-        if (settings.merged.security?.auth?.selectedType === undefined) {
+        if (config.getAuthType() === undefined) {
          // Prevent exiting if no auth method is set
          setErrorMessage(
            t(
@@ -109,7 +109,7 @@ export function AuthDialog(): React.JSX.Element {
          );
          return;
        }
-        onAuthSelect(undefined, SettingScope.User);
+        onAuthSelect(undefined);
      }
    },
    { isActive: true },
--- a/packages/cli/src/ui/auth/useAuth.ts
+++ b/packages/cli/src/ui/auth/useAuth.ts
@@ -4,16 +4,16 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import type { Config } from '@qwen-code/qwen-code-core';
+import type { Config, ModelProvidersConfig } from '@qwen-code/qwen-code-core';
 import {
  AuthEvent,
  AuthType,
-  clearCachedCredentialFile,
  getErrorMessage,
  logAuth,
 } from '@qwen-code/qwen-code-core';
 import { useCallback, useEffect, useState } from 'react';
-import type { LoadedSettings, SettingScope } from '../../config/settings.js';
+import type { LoadedSettings } from '../../config/settings.js';
+import { getPersistScopeForModelSelection } from '../../config/modelProvidersScope.js';
 import type { OpenAICredentials } from '../components/OpenAIKeyPrompt.js';
 import { useQwenAuth } from '../hooks/useQwenAuth.js';
 import { AuthState, MessageType } from '../types.js';
@@ -27,8 +27,7 @@ export const useAuthCommand = (
  config: Config,
  addItem: (item: Omit<HistoryItem, 'id'>, timestamp: number) => void,
 ) => {
-  const unAuthenticated =
-    settings.merged.security?.auth?.selectedType === undefined;
+  const unAuthenticated = config.getAuthType() === undefined;

  const [authState, setAuthState] = useState<AuthState>(
    unAuthenticated ? AuthState.Updating : AuthState.Unauthenticated,
@@ -81,35 +80,46 @@ export const useAuthCommand = (
  );

  const handleAuthSuccess = useCallback(
-    async (
-      authType: AuthType,
-      scope: SettingScope,
-      credentials?: OpenAICredentials,
-    ) => {
+    async (authType: AuthType, credentials?: OpenAICredentials) => {
      try {
-        settings.setValue(scope, 'security.auth.selectedType', authType);
+        const authTypeScope = getPersistScopeForModelSelection(settings);
+
+        // Persist authType
+        settings.setValue(
+          authTypeScope,
+          'security.auth.selectedType',
+          authType,
+        );
+
+        // Persist model from ContentGenerator config (handles fallback cases)
+        // This ensures that when syncAfterAuthRefresh falls back to default model,
+        // it gets persisted to settings.json
+        const contentGeneratorConfig = config.getContentGeneratorConfig();
+        if (contentGeneratorConfig?.model) {
+          settings.setValue(
+            authTypeScope,
+            'model.name',
+            contentGeneratorConfig.model,
+          );
+        }

        // Only update credentials if not switching to QWEN_OAUTH,
        // so that OpenAI credentials are preserved when switching to QWEN_OAUTH.
        if (authType !== AuthType.QWEN_OAUTH && credentials) {
          if (credentials?.apiKey != null) {
            settings.setValue(
-              scope,
+              authTypeScope,
              'security.auth.apiKey',
              credentials.apiKey,
            );
          }
          if (credentials?.baseUrl != null) {
            settings.setValue(
-              scope,
+              authTypeScope,
              'security.auth.baseUrl',
              credentials.baseUrl,
            );
          }
-          if (credentials?.model != null) {
-            settings.setValue(scope, 'model.name', credentials.model);
-          }
-          await clearCachedCredentialFile();
        }
      } catch (error) {
        handleAuthFailure(error);
@@ -141,14 +151,10 @@ export const useAuthCommand = (
  );

  const performAuth = useCallback(
-    async (
-      authType: AuthType,
-      scope: SettingScope,
-      credentials?: OpenAICredentials,
-    ) => {
+    async (authType: AuthType, credentials?: OpenAICredentials) => {
      try {
        await config.refreshAuth(authType);
-        handleAuthSuccess(authType, scope, credentials);
+        handleAuthSuccess(authType, credentials);
      } catch (e) {
        handleAuthFailure(e);
      }
@@ -156,18 +162,51 @@ export const useAuthCommand = (
    [config, handleAuthSuccess, handleAuthFailure],
  );

+  const isProviderManagedModel = useCallback(
+    (authType: AuthType, modelId: string | undefined) => {
+      if (!modelId) {
+        return false;
+      }
+
+      const modelProviders = settings.merged.modelProviders as
+        | ModelProvidersConfig
+        | undefined;
+      if (!modelProviders) {
+        return false;
+      }
+      const providerModels = modelProviders[authType];
+      if (!Array.isArray(providerModels)) {
+        return false;
+      }
+      return providerModels.some(
+        (providerModel) => providerModel.id === modelId,
+      );
+    },
+    [settings],
+  );
+
  const handleAuthSelect = useCallback(
-    async (
-      authType: AuthType | undefined,
-      scope: SettingScope,
-      credentials?: OpenAICredentials,
-    ) => {
+    async (authType: AuthType | undefined, credentials?: OpenAICredentials) => {
      if (!authType) {
        setIsAuthDialogOpen(false);
        setAuthError(null);
        return;
      }

+      if (
+        authType === AuthType.USE_OPENAI &&
+        credentials?.model &&
+        isProviderManagedModel(authType, credentials.model)
+      ) {
+        onAuthError(
+          t(
+            'Model "{{modelName}}" is managed via settings.modelProviders. Please complete the fields in settings, or use another model id.',
+            { modelName: credentials.model },
+          ),
+        );
+        return;
+      }
+
      setPendingAuthType(authType);
      setAuthError(null);
      setIsAuthDialogOpen(false);
@@ -180,14 +219,14 @@ export const useAuthCommand = (
            baseUrl: credentials.baseUrl,
            model: credentials.model,
          });
-          await performAuth(authType, scope, credentials);
+          await performAuth(authType, credentials);
        }
        return;
      }

-      await performAuth(authType, scope);
+      await performAuth(authType);
    },
-    [config, performAuth],
+    [config, performAuth, isProviderManagedModel, onAuthError],
  );

  const openAuthDialog = useCallback(() => {
--- a/packages/cli/src/ui/commands/approvalModeCommand.test.ts
+++ b/packages/cli/src/ui/commands/approvalModeCommand.test.ts
@@ -4,31 +4,28 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import { describe, it, expect } from 'vitest';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { approvalModeCommand } from './approvalModeCommand.js';
 import {
  type CommandContext,
  CommandKind,
  type OpenDialogActionReturn,
+  type MessageActionReturn,
 } from './types.js';
 import { createMockCommandContext } from '../../test-utils/mockCommandContext.js';
-import type { LoadedSettings } from '../../config/settings.js';

 describe('approvalModeCommand', () => {
  let mockContext: CommandContext;
+  let mockSetApprovalMode: ReturnType<typeof vi.fn>;

  beforeEach(() => {
+    mockSetApprovalMode = vi.fn();
    mockContext = createMockCommandContext({
      services: {
        config: {
          getApprovalMode: () => 'default',
-          setApprovalMode: () => {},
+          setApprovalMode: mockSetApprovalMode,
        },
-        settings: {
-          merged: {},
-          setValue: () => {},
-          forScope: () => ({}),
-        } as unknown as LoadedSettings,
      },
    });
  });
@@ -41,7 +38,7 @@ describe('approvalModeCommand', () => {
    expect(approvalModeCommand.kind).toBe(CommandKind.BUILT_IN);
  });

-  it('should open approval mode dialog when invoked', async () => {
+  it('should open approval mode dialog when invoked without arguments', async () => {
    const result = (await approvalModeCommand.action?.(
      mockContext,
      '',
@@ -51,16 +48,123 @@ describe('approvalModeCommand', () => {
    expect(result.dialog).toBe('approval-mode');
  });

-  it('should open approval mode dialog with arguments (ignored)', async () => {
+  it('should open approval mode dialog when invoked with whitespace only', async () => {
    const result = (await approvalModeCommand.action?.(
      mockContext,
-      'some arguments',
+      '   ',
    )) as OpenDialogActionReturn;

    expect(result.type).toBe('dialog');
    expect(result.dialog).toBe('approval-mode');
  });

+  describe('direct mode setting (session-only)', () => {
+    it('should set approval mode to "plan" when argument is "plan"', async () => {
+      const result = (await approvalModeCommand.action?.(
+        mockContext,
+        'plan',
+      )) as MessageActionReturn;
+
+      expect(result.type).toBe('message');
+      expect(result.messageType).toBe('info');
+      expect(result.content).toContain('plan');
+      expect(mockSetApprovalMode).toHaveBeenCalledWith('plan');
+    });
+
+    it('should set approval mode to "yolo" when argument is "yolo"', async () => {
+      const result = (await approvalModeCommand.action?.(
+        mockContext,
+        'yolo',
+      )) as MessageActionReturn;
+
+      expect(result.type).toBe('message');
+      expect(result.messageType).toBe('info');
+      expect(result.content).toContain('yolo');
+      expect(mockSetApprovalMode).toHaveBeenCalledWith('yolo');
+    });
+
+    it('should set approval mode to "auto-edit" when argument is "auto-edit"', async () => {
+      const result = (await approvalModeCommand.action?.(
+        mockContext,
+        'auto-edit',
+      )) as MessageActionReturn;
+
+      expect(result.type).toBe('message');
+      expect(result.messageType).toBe('info');
+      expect(result.content).toContain('auto-edit');
+      expect(mockSetApprovalMode).toHaveBeenCalledWith('auto-edit');
+    });
+
+    it('should set approval mode to "default" when argument is "default"', async () => {
+      const result = (await approvalModeCommand.action?.(
+        mockContext,
+        'default',
+      )) as MessageActionReturn;
+
+      expect(result.type).toBe('message');
+      expect(result.messageType).toBe('info');
+      expect(result.content).toContain('default');
+      expect(mockSetApprovalMode).toHaveBeenCalledWith('default');
+    });
+
+    it('should be case-insensitive for mode argument', async () => {
+      const result = (await approvalModeCommand.action?.(
+        mockContext,
+        'YOLO',
+      )) as MessageActionReturn;
+
+      expect(result.type).toBe('message');
+      expect(result.messageType).toBe('info');
+      expect(mockSetApprovalMode).toHaveBeenCalledWith('yolo');
+    });
+
+    it('should handle argument with leading/trailing whitespace', async () => {
+      const result = (await approvalModeCommand.action?.(
+        mockContext,
+        '  plan  ',
+      )) as MessageActionReturn;
+
+      expect(result.type).toBe('message');
+      expect(result.messageType).toBe('info');
+      expect(mockSetApprovalMode).toHaveBeenCalledWith('plan');
+    });
+  });
+
+  describe('invalid mode argument', () => {
+    it('should return error for invalid mode', async () => {
+      const result = (await approvalModeCommand.action?.(
+        mockContext,
+        'invalid-mode',
+      )) as MessageActionReturn;
+
+      expect(result.type).toBe('message');
+      expect(result.messageType).toBe('error');
+      expect(result.content).toContain('invalid-mode');
+      expect(result.content).toContain('plan');
+      expect(result.content).toContain('yolo');
+      expect(mockSetApprovalMode).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('untrusted folder handling', () => {
+    it('should return error when setApprovalMode throws (e.g., untrusted folder)', async () => {
+      const errorMessage =
+        'Cannot enable privileged approval modes in an untrusted folder.';
+      mockSetApprovalMode.mockImplementation(() => {
+        throw new Error(errorMessage);
+      });
+
+      const result = (await approvalModeCommand.action?.(
+        mockContext,
+        'yolo',
+      )) as MessageActionReturn;
+
+      expect(result.type).toBe('message');
+      expect(result.messageType).toBe('error');
+      expect(result.content).toBe(errorMessage);
+    });
+  });
+
  it('should not have subcommands', () => {
    expect(approvalModeCommand.subCommands).toBeUndefined();
  });
--- a/packages/cli/src/ui/commands/approvalModeCommand.ts
+++ b/packages/cli/src/ui/commands/approvalModeCommand.ts
@@ -8,9 +8,25 @@ import type {
  SlashCommand,
  CommandContext,
  OpenDialogActionReturn,
+  MessageActionReturn,
 } from './types.js';
 import { CommandKind } from './types.js';
 import { t } from '../../i18n/index.js';
+import type { ApprovalMode } from '@qwen-code/qwen-code-core';
+import { APPROVAL_MODES } from '@qwen-code/qwen-code-core';
+
+/**
+ * Parses the argument string and returns the corresponding ApprovalMode if valid.
+ * Returns undefined if the argument is empty or not a valid mode.
+ */
+function parseApprovalModeArg(arg: string): ApprovalMode | undefined {
+  const trimmed = arg.trim().toLowerCase();
+  if (!trimmed) {
+    return undefined;
+  }
+  // Match against valid approval modes (case-insensitive)
+  return APPROVAL_MODES.find((mode) => mode.toLowerCase() === trimmed);
+}

 export const approvalModeCommand: SlashCommand = {
  name: 'approval-mode',
@@ -19,10 +35,49 @@ export const approvalModeCommand: SlashCommand = {
  },
  kind: CommandKind.BUILT_IN,
  action: async (
-    _context: CommandContext,
-    _args: string,
-  ): Promise<OpenDialogActionReturn> => ({
-    type: 'dialog',
-    dialog: 'approval-mode',
-  }),
+    context: CommandContext,
+    args: string,
+  ): Promise<OpenDialogActionReturn | MessageActionReturn> => {
+    const mode = parseApprovalModeArg(args);
+
+    // If no argument provided, open the dialog
+    if (!args.trim()) {
+      return {
+        type: 'dialog',
+        dialog: 'approval-mode',
+      };
+    }
+
+    // If invalid argument, return error message with valid options
+    if (!mode) {
+      return {
+        type: 'message',
+        messageType: 'error',
+        content: t('Invalid approval mode "{{arg}}". Valid modes: {{modes}}', {
+          arg: args.trim(),
+          modes: APPROVAL_MODES.join(', '),
+        }),
+      };
+    }
+
+    // Set the mode for current session only (not persisted)
+    const { config } = context.services;
+    if (config) {
+      try {
+        config.setApprovalMode(mode);
+      } catch (e) {
+        return {
+          type: 'message',
+          messageType: 'error',
+          content: (e as Error).message,
+        };
+      }
+    }
+
+    return {
+      type: 'message',
+      messageType: 'info',
+      content: t('Approval mode set to "{{mode}}"', { mode }),
+    };
+  },
 };
--- a/packages/cli/src/ui/commands/ideCommand.ts
+++ b/packages/cli/src/ui/commands/ideCommand.ts
@@ -191,11 +191,23 @@ export const ideCommand = async (): Promise<SlashCommand> => {
    kind: CommandKind.BUILT_IN,
    action: async (context) => {
      const installer = getIdeInstaller(currentIDE);
+      const isSandBox = !!process.env['SANDBOX'];
+      if (isSandBox) {
+        context.ui.addItem(
+          {
+            type: 'info',
+            text: `IDE integration needs to be installed on the host. If you have already installed it, you can directly connect the ide`,
+          },
+          Date.now(),
+        );
+        return;
+      }
      if (!installer) {
+        const ideName = ideClient.getDetectedIdeDisplayName();
        context.ui.addItem(
          {
            type: 'error',
-            text: `No installer is available for ${ideClient.getDetectedIdeDisplayName()}. Please install the '${QWEN_CODE_COMPANION_EXTENSION_NAME}' extension manually from the marketplace.`,
+            text: `Automatic installation is not supported for ${ideName}. Please install the '${QWEN_CODE_COMPANION_EXTENSION_NAME}' extension manually from the marketplace.`,
          },
          Date.now(),
        );
--- a/packages/cli/src/ui/commands/insightCommand.ts
+++ b/packages/cli/src/ui/commands/insightCommand.ts
@@ -0,0 +1,190 @@
+/**
+ * @license
+ * Copyright 2025 Qwen Code
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import type { CommandContext, SlashCommand } from './types.js';
+import { CommandKind } from './types.js';
+import { MessageType } from '../types.js';
+import { t } from '../../i18n/index.js';
+import { spawn } from 'child_process';
+import { join } from 'path';
+import os from 'os';
+import { registerCleanup } from '../../utils/cleanup.js';
+import net from 'net';
+
+// Track the insight server subprocess so we can terminate it on quit
+let insightServerProcess: import('child_process').ChildProcess | null = null;
+
+// Find an available port starting from a default port
+async function findAvailablePort(startingPort: number = 3000): Promise<number> {
+  return new Promise((resolve, reject) => {
+    let port = startingPort;
+
+    const checkPort = () => {
+      const server = net.createServer();
+
+      server.listen(port, () => {
+        server.once('close', () => {
+          resolve(port);
+        });
+        server.close();
+      });
+
+      server.on('error', (err: NodeJS.ErrnoException) => {
+        if (err.code === 'EADDRINUSE') {
+          port++; // Try next port
+          checkPort();
+        } else {
+          reject(err);
+        }
+      });
+    };
+
+    checkPort();
+  });
+}
+
+export const insightCommand: SlashCommand = {
+  name: 'insight',
+  get description() {
+    return t(
+      'generate personalized programming insights from your chat history',
+    );
+  },
+  kind: CommandKind.BUILT_IN,
+  action: async (context: CommandContext) => {
+    try {
+      context.ui.setDebugMessage(t('Starting insight server...'));
+
+      // If there's an existing insight server process, terminate it first
+      if (insightServerProcess && !insightServerProcess.killed) {
+        insightServerProcess.kill();
+        insightServerProcess = null;
+      }
+
+      // Find an available port
+      const availablePort = await findAvailablePort(3000);
+
+      const projectsDir = join(os.homedir(), '.qwen', 'projects');
+
+      // Path to the insight server script
+      const insightScriptPath = join(
+        process.cwd(),
+        'packages',
+        'cli',
+        'src',
+        'services',
+        'insightServer.ts',
+      );
+
+      // Spawn the insight server process
+      const serverProcess = spawn('npx', ['tsx', insightScriptPath], {
+        stdio: 'pipe',
+        env: {
+          ...process.env,
+          NODE_ENV: 'production',
+          BASE_DIR: projectsDir,
+          PORT: String(availablePort),
+        },
+      });
+
+      // Store the server process for cleanup
+      insightServerProcess = serverProcess;
+
+      // Register cleanup function to terminate the server process on quit
+      registerCleanup(() => {
+        if (insightServerProcess && !insightServerProcess.killed) {
+          insightServerProcess.kill();
+          insightServerProcess = null;
+        }
+      });
+
+      serverProcess.stderr.on('data', (data) => {
+        // Forward error output to parent process stderr
+        process.stderr.write(`Insight server error: ${data}`);
+
+        context.ui.addItem(
+          {
+            type: MessageType.ERROR,
+            text: `Insight server error: ${data.toString()}`,
+          },
+          Date.now(),
+        );
+      });
+
+      serverProcess.on('close', (code) => {
+        console.log(`Insight server process exited with code ${code}`);
+        context.ui.setDebugMessage(t('Insight server stopped.'));
+        // Reset the reference when the process closes
+        if (insightServerProcess === serverProcess) {
+          insightServerProcess = null;
+        }
+      });
+
+      const url = `http://localhost:${availablePort}`;
+
+      // Open browser automatically
+      const openBrowser = async () => {
+        try {
+          const { exec } = await import('child_process');
+          const { promisify } = await import('util');
+          const execAsync = promisify(exec);
+
+          switch (process.platform) {
+            case 'darwin': // macOS
+              await execAsync(`open ${url}`);
+              break;
+            case 'win32': // Windows
+              await execAsync(`start ${url}`);
+              break;
+            default: // Linux and others
+              await execAsync(`xdg-open ${url}`);
+          }
+
+          context.ui.addItem(
+            {
+              type: MessageType.INFO,
+              text: `Insight server started. Visit: ${url}`,
+            },
+            Date.now(),
+          );
+        } catch (err) {
+          console.error('Failed to open browser automatically:', err);
+          context.ui.addItem(
+            {
+              type: MessageType.INFO,
+              text: `Insight server started. Please visit: ${url}`,
+            },
+            Date.now(),
+          );
+        }
+      };
+
+      // Wait for the server to start (give it some time to bind to the port)
+      setTimeout(openBrowser, 1000);
+
+      // Inform the user that the server is running
+      context.ui.addItem(
+        {
+          type: MessageType.INFO,
+          text: t(
+            'Insight server started. Check your browser for the visualization.',
+          ),
+        },
+        Date.now(),
+      );
+    } catch (error) {
+      context.ui.addItem(
+        {
+          type: MessageType.ERROR,
+          text: t('Failed to start insight server: {{error}}', {
+            error: (error as Error).message,
+          }),
+        },
+        Date.now(),
+      );
+    }
+  },
+};
--- a/packages/cli/src/ui/commands/memoryCommand.test.ts
+++ b/packages/cli/src/ui/commands/memoryCommand.test.ts
@@ -11,9 +11,14 @@ import type { SlashCommand, type CommandContext } from './types.js';
 import { createMockCommandContext } from '../../test-utils/mockCommandContext.js';
 import { MessageType } from '../types.js';
 import type { LoadedSettings } from '../../config/settings.js';
+import { readFile } from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
 import {
  getErrorMessage,
  loadServerHierarchicalMemory,
+  QWEN_DIR,
+  setGeminiMdFilename,
  type FileDiscoveryService,
  type LoadServerHierarchicalMemoryResponse,
 } from '@qwen-code/qwen-code-core';
@@ -31,7 +36,18 @@ vi.mock('@qwen-code/qwen-code-core', async (importOriginal) => {
  };
 });

+vi.mock('node:fs/promises', () => {
+  const readFile = vi.fn();
+  return {
+    readFile,
+    default: {
+      readFile,
+    },
+  };
+});
+
 const mockLoadServerHierarchicalMemory = loadServerHierarchicalMemory as Mock;
+const mockReadFile = readFile as unknown as Mock;

 describe('memoryCommand', () => {
  let mockContext: CommandContext;
@@ -52,6 +68,10 @@ describe('memoryCommand', () => {
    let mockGetGeminiMdFileCount: Mock;

    beforeEach(() => {
+      setGeminiMdFilename('QWEN.md');
+      mockReadFile.mockReset();
+      vi.restoreAllMocks();
+
      showCommand = getSubCommand('show');

      mockGetUserMemory = vi.fn();
@@ -102,6 +122,52 @@ describe('memoryCommand', () => {
        expect.any(Number),
      );
    });
+
+    it('should show project memory from the configured context file', async () => {
+      const projectCommand = showCommand.subCommands?.find(
+        (cmd) => cmd.name === '--project',
+      );
+      if (!projectCommand?.action) throw new Error('Command has no action');
+
+      setGeminiMdFilename('AGENTS.md');
+      vi.spyOn(process, 'cwd').mockReturnValue('/test/project');
+      mockReadFile.mockResolvedValue('project memory');
+
+      await projectCommand.action(mockContext, '');
+
+      const expectedProjectPath = path.join('/test/project', 'AGENTS.md');
+      expect(mockReadFile).toHaveBeenCalledWith(expectedProjectPath, 'utf-8');
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: expect.stringContaining(expectedProjectPath),
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should show global memory from the configured context file', async () => {
+      const globalCommand = showCommand.subCommands?.find(
+        (cmd) => cmd.name === '--global',
+      );
+      if (!globalCommand?.action) throw new Error('Command has no action');
+
+      setGeminiMdFilename('AGENTS.md');
+      vi.spyOn(os, 'homedir').mockReturnValue('/home/user');
+      mockReadFile.mockResolvedValue('global memory');
+
+      await globalCommand.action(mockContext, '');
+
+      const expectedGlobalPath = path.join('/home/user', QWEN_DIR, 'AGENTS.md');
+      expect(mockReadFile).toHaveBeenCalledWith(expectedGlobalPath, 'utf-8');
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: expect.stringContaining('Global memory content'),
+        },
+        expect.any(Number),
+      );
+    });
  });

  describe('/memory add', () => {
--- a/packages/cli/src/ui/commands/memoryCommand.ts
+++ b/packages/cli/src/ui/commands/memoryCommand.ts
@@ -6,12 +6,13 @@

 import {
  getErrorMessage,
+  getCurrentGeminiMdFilename,
  loadServerHierarchicalMemory,
  QWEN_DIR,
 } from '@qwen-code/qwen-code-core';
 import path from 'node:path';
-import os from 'os';
-import fs from 'fs/promises';
+import os from 'node:os';
+import fs from 'node:fs/promises';
 import { MessageType } from '../types.js';
 import type { SlashCommand, SlashCommandActionReturn } from './types.js';
 import { CommandKind } from './types.js';
@@ -56,7 +57,12 @@ export const memoryCommand: SlashCommand = {
          kind: CommandKind.BUILT_IN,
          action: async (context) => {
            try {
-              const projectMemoryPath = path.join(process.cwd(), 'QWEN.md');
+              const workingDir =
+                context.services.config?.getWorkingDir?.() ?? process.cwd();
+              const projectMemoryPath = path.join(
+                workingDir,
+                getCurrentGeminiMdFilename(),
+              );
              const memoryContent = await fs.readFile(
                projectMemoryPath,
                'utf-8',
@@ -104,7 +110,7 @@ export const memoryCommand: SlashCommand = {
              const globalMemoryPath = path.join(
                os.homedir(),
                QWEN_DIR,
-                'QWEN.md',
+                getCurrentGeminiMdFilename(),
              );
              const globalMemoryContent = await fs.readFile(
                globalMemoryPath,
--- a/packages/cli/src/ui/commands/modelCommand.test.ts
+++ b/packages/cli/src/ui/commands/modelCommand.test.ts
@@ -13,12 +13,6 @@ import {
  type ContentGeneratorConfig,
  type Config,
 } from '@qwen-code/qwen-code-core';
-import * as availableModelsModule from '../models/availableModels.js';
-
-// Mock the availableModels module
-vi.mock('../models/availableModels.js', () => ({
-  getAvailableModelsForAuthType: vi.fn(),
-}));

 // Helper function to create a mock config
 function createMockConfig(
@@ -31,9 +25,6 @@ function createMockConfig(

 describe('modelCommand', () => {
  let mockContext: CommandContext;
-  const mockGetAvailableModelsForAuthType = vi.mocked(
-    availableModelsModule.getAvailableModelsForAuthType,
-  );

  beforeEach(() => {
    mockContext = createMockCommandContext();
@@ -87,10 +78,6 @@ describe('modelCommand', () => {
  });

  it('should return dialog action for QWEN_OAUTH auth type', async () => {
-    mockGetAvailableModelsForAuthType.mockReturnValue([
-      { id: 'qwen3-coder-plus', label: 'qwen3-coder-plus' },
-    ]);
-
    const mockConfig = createMockConfig({
      model: 'test-model',
      authType: AuthType.QWEN_OAUTH,
@@ -105,11 +92,7 @@ describe('modelCommand', () => {
    });
  });

-  it('should return dialog action for USE_OPENAI auth type when model is available', async () => {
-    mockGetAvailableModelsForAuthType.mockReturnValue([
-      { id: 'gpt-4', label: 'gpt-4' },
-    ]);
-
+  it('should return dialog action for USE_OPENAI auth type', async () => {
    const mockConfig = createMockConfig({
      model: 'test-model',
      authType: AuthType.USE_OPENAI,
@@ -124,28 +107,7 @@ describe('modelCommand', () => {
    });
  });

-  it('should return error for USE_OPENAI auth type when no model is available', async () => {
-    mockGetAvailableModelsForAuthType.mockReturnValue([]);
-
-    const mockConfig = createMockConfig({
-      model: 'test-model',
-      authType: AuthType.USE_OPENAI,
-    });
-    mockContext.services.config = mockConfig as Config;
-
-    const result = await modelCommand.action!(mockContext, '');
-
-    expect(result).toEqual({
-      type: 'message',
-      messageType: 'error',
-      content:
-        'No models available for the current authentication type (openai).',
-    });
-  });
-
-  it('should return error for unsupported auth types', async () => {
-    mockGetAvailableModelsForAuthType.mockReturnValue([]);
-
+  it('should return dialog action for unsupported auth types', async () => {
    const mockConfig = createMockConfig({
      model: 'test-model',
      authType: 'UNSUPPORTED_AUTH_TYPE' as AuthType,
@@ -155,10 +117,8 @@ describe('modelCommand', () => {
    const result = await modelCommand.action!(mockContext, '');

    expect(result).toEqual({
-      type: 'message',
-      messageType: 'error',
-      content:
-        'No models available for the current authentication type (UNSUPPORTED_AUTH_TYPE).',
+      type: 'dialog',
+      dialog: 'model',
    });
  });

--- a/packages/cli/src/ui/commands/modelCommand.ts
+++ b/packages/cli/src/ui/commands/modelCommand.ts
@@ -11,7 +11,6 @@ import type {
  MessageActionReturn,
 } from './types.js';
 import { CommandKind } from './types.js';
-import { getAvailableModelsForAuthType } from '../models/availableModels.js';
 import { t } from '../../i18n/index.js';

 export const modelCommand: SlashCommand = {
@@ -30,7 +29,7 @@ export const modelCommand: SlashCommand = {
      return {
        type: 'message',
        messageType: 'error',
-        content: 'Configuration not available.',
+        content: t('Configuration not available.'),
      };
    }

@@ -52,22 +51,6 @@ export const modelCommand: SlashCommand = {
      };
    }

-    const availableModels = getAvailableModelsForAuthType(authType);
-
-    if (availableModels.length === 0) {
-      return {
-        type: 'message',
-        messageType: 'error',
-        content: t(
-          'No models available for the current authentication type ({{authType}}).',
-          {
-            authType,
-          },
-        ),
-      };
-    }
-
-    // Trigger model selection dialog
    return {
      type: 'dialog',
      dialog: 'model',
--- a/packages/cli/src/ui/commands/skillsCommand.ts
+++ b/packages/cli/src/ui/commands/skillsCommand.ts
@@ -0,0 +1,132 @@
+/**
+ * @license
+ * Copyright 2025 Qwen
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  CommandKind,
+  type CommandCompletionItem,
+  type CommandContext,
+  type SlashCommand,
+} from './types.js';
+import { MessageType, type HistoryItemSkillsList } from '../types.js';
+import { t } from '../../i18n/index.js';
+import { AsyncFzf } from 'fzf';
+import type { SkillConfig } from '@qwen-code/qwen-code-core';
+
+export const skillsCommand: SlashCommand = {
+  name: 'skills',
+  get description() {
+    return t('List available skills.');
+  },
+  kind: CommandKind.BUILT_IN,
+  action: async (context: CommandContext, args?: string) => {
+    const rawArgs = args?.trim() ?? '';
+    const [skillName = ''] = rawArgs.split(/\s+/);
+
+    const skillManager = context.services.config?.getSkillManager();
+    if (!skillManager) {
+      context.ui.addItem(
+        {
+          type: MessageType.ERROR,
+          text: t('Could not retrieve skill manager.'),
+        },
+        Date.now(),
+      );
+      return;
+    }
+
+    const skills = await skillManager.listSkills();
+    if (skills.length === 0) {
+      context.ui.addItem(
+        {
+          type: MessageType.INFO,
+          text: t('No skills are currently available.'),
+        },
+        Date.now(),
+      );
+      return;
+    }
+
+    if (!skillName) {
+      const sortedSkills = [...skills].sort((left, right) =>
+        left.name.localeCompare(right.name),
+      );
+      const skillsListItem: HistoryItemSkillsList = {
+        type: MessageType.SKILLS_LIST,
+        skills: sortedSkills.map((skill) => ({ name: skill.name })),
+      };
+      context.ui.addItem(skillsListItem, Date.now());
+      return;
+    }
+    const normalizedName = skillName.toLowerCase();
+    const hasSkill = skills.some(
+      (skill) => skill.name.toLowerCase() === normalizedName,
+    );
+
+    if (!hasSkill) {
+      context.ui.addItem(
+        {
+          type: MessageType.ERROR,
+          text: t('Unknown skill: {{name}}', { name: skillName }),
+        },
+        Date.now(),
+      );
+      return;
+    }
+
+    const rawInput = context.invocation?.raw ?? `/skills ${rawArgs}`;
+    return {
+      type: 'submit_prompt',
+      content: [{ text: rawInput }],
+    };
+  },
+  completion: async (
+    context: CommandContext,
+    partialArg: string,
+  ): Promise<CommandCompletionItem[]> => {
+    const skillManager = context.services.config?.getSkillManager();
+    if (!skillManager) {
+      return [];
+    }
+
+    const skills = await skillManager.listSkills();
+    const normalizedPartial = partialArg.trim();
+    const matches = await getSkillMatches(skills, normalizedPartial);
+
+    return matches.map((skill) => ({
+      value: skill.name,
+      description: skill.description,
+    }));
+  },
+};
+
+async function getSkillMatches(
+  skills: SkillConfig[],
+  query: string,
+): Promise<SkillConfig[]> {
+  if (!query) {
+    return skills;
+  }
+
+  const names = skills.map((skill) => skill.name);
+  const skillMap = new Map(skills.map((skill) => [skill.name, skill]));
+
+  try {
+    const fzf = new AsyncFzf(names, {
+      fuzzy: 'v2',
+      casing: 'case-insensitive',
+    });
+    const results = (await fzf.find(query)) as Array<{ item: string }>;
+    return results
+      .map((result) => skillMap.get(result.item))
+      .filter((skill): skill is SkillConfig => !!skill);
+  } catch (error) {
+    console.error('[skillsCommand] Fuzzy match failed:', error);
+    const lowerQuery = query.toLowerCase();
+    return skills.filter((skill) =>
+      skill.name.toLowerCase().startsWith(lowerQuery),
+    );
+  }
+}
--- a/packages/cli/src/ui/commands/types.ts
+++ b/packages/cli/src/ui/commands/types.ts
@@ -209,6 +209,12 @@ export enum CommandKind {
  MCP_PROMPT = 'mcp-prompt',
 }

+export interface CommandCompletionItem {
+  value: string;
+  label?: string;
+  description?: string;
+}
+
 // The standardized contract for any command in the system.
 export interface SlashCommand {
  name: string;
@@ -234,7 +240,7 @@ export interface SlashCommand {
  completion?: (
    context: CommandContext,
    partialArg: string,
-  ) => Promise<string[]>;
+  ) => Promise<Array<string | CommandCompletionItem> | null>;

  subCommands?: SlashCommand[];
 }
--- a/packages/cli/src/ui/components/ApprovalModeDialog.tsx
+++ b/packages/cli/src/ui/components/ApprovalModeDialog.tsx
@@ -54,7 +54,7 @@ export function ApprovalModeDialog({
 }: ApprovalModeDialogProps): React.JSX.Element {
  // Start with User scope by default
  const [selectedScope, setSelectedScope] = useState<SettingScope>(
-    SettingScope.User,
+    SettingScope.Workspace,
  );

  // Track the currently highlighted approval mode
--- a/packages/cli/src/ui/components/DialogManager.tsx
+++ b/packages/cli/src/ui/components/DialogManager.tsx
@@ -25,7 +25,6 @@ import { useUIState } from '../contexts/UIStateContext.js';
 import { useUIActions } from '../contexts/UIActionsContext.js';
 import { useConfig } from '../contexts/ConfigContext.js';
 import { useSettings } from '../contexts/SettingsContext.js';
-import { SettingScope } from '../../config/settings.js';
 import { AuthState } from '../types.js';
 import { AuthType } from '@qwen-code/qwen-code-core';
 import process from 'node:process';
@@ -202,7 +201,7 @@ export const DialogManager = ({
      return (
        <OpenAIKeyPrompt
          onSubmit={(apiKey, baseUrl, model) => {
-            uiActions.handleAuthSelect(AuthType.USE_OPENAI, SettingScope.User, {
+            uiActions.handleAuthSelect(AuthType.USE_OPENAI, {
              apiKey,
              baseUrl,
              model,
--- a/packages/cli/src/ui/components/HistoryItemDisplay.tsx
+++ b/packages/cli/src/ui/components/HistoryItemDisplay.tsx
@@ -30,6 +30,7 @@ import { Help } from './Help.js';
 import type { SlashCommand } from '../commands/types.js';
 import { ExtensionsList } from './views/ExtensionsList.js';
 import { getMCPServerStatus } from '@qwen-code/qwen-code-core';
+import { SkillsList } from './views/SkillsList.js';
 import { ToolsList } from './views/ToolsList.js';
 import { McpStatus } from './views/McpStatus.js';

@@ -153,6 +154,9 @@ const HistoryItemDisplayComponent: React.FC<HistoryItemDisplayProps> = ({
          showDescriptions={itemForDisplay.showDescriptions}
        />
      )}
+      {itemForDisplay.type === 'skills_list' && (
+        <SkillsList skills={itemForDisplay.skills} />
+      )}
      {itemForDisplay.type === 'mcp_status' && (
        <McpStatus {...itemForDisplay} serverStatus={getMCPServerStatus} />
      )}
--- a/packages/cli/src/ui/components/ModelDialog.test.tsx
+++ b/packages/cli/src/ui/components/ModelDialog.test.tsx
@@ -10,7 +10,11 @@ import { ModelDialog } from './ModelDialog.js';
 import { useKeypress } from '../hooks/useKeypress.js';
 import { DescriptiveRadioButtonSelect } from './shared/DescriptiveRadioButtonSelect.js';
 import { ConfigContext } from '../contexts/ConfigContext.js';
+import { SettingsContext } from '../contexts/SettingsContext.js';
 import type { Config } from '@qwen-code/qwen-code-core';
+import { AuthType } from '@qwen-code/qwen-code-core';
+import type { LoadedSettings } from '../../config/settings.js';
+import { SettingScope } from '../../config/settings.js';
 import {
  AVAILABLE_MODELS_QWEN,
  MAINLINE_CODER,
@@ -36,18 +40,29 @@ const renderComponent = (
  };
  const combinedProps = { ...defaultProps, ...props };

+  const mockSettings = {
+    isTrusted: true,
+    user: { settings: {} },
+    workspace: { settings: {} },
+    setValue: vi.fn(),
+  } as unknown as LoadedSettings;
+
  const mockConfig = contextValue
    ? ({
        // --- Functions used by ModelDialog ---
        getModel: vi.fn(() => MAINLINE_CODER),
-        setModel: vi.fn(),
+        setModel: vi.fn().mockResolvedValue(undefined),
+        switchModel: vi.fn().mockResolvedValue(undefined),
        getAuthType: vi.fn(() => 'qwen-oauth'),

        // --- Functions used by ClearcutLogger ---
        getUsageStatisticsEnabled: vi.fn(() => true),
        getSessionId: vi.fn(() => 'mock-session-id'),
        getDebugMode: vi.fn(() => false),
-        getContentGeneratorConfig: vi.fn(() => ({ authType: 'mock' })),
+        getContentGeneratorConfig: vi.fn(() => ({
+          authType: AuthType.QWEN_OAUTH,
+          model: MAINLINE_CODER,
+        })),
        getUseSmartEdit: vi.fn(() => false),
        getUseModelRouter: vi.fn(() => false),
        getProxy: vi.fn(() => undefined),
@@ -58,21 +73,27 @@ const renderComponent = (
    : undefined;

  const renderResult = render(
-    <ConfigContext.Provider value={mockConfig}>
-      <ModelDialog {...combinedProps} />
-    </ConfigContext.Provider>,
+    <SettingsContext.Provider value={mockSettings}>
+      <ConfigContext.Provider value={mockConfig}>
+        <ModelDialog {...combinedProps} />
+      </ConfigContext.Provider>
+    </SettingsContext.Provider>,
  );

  return {
    ...renderResult,
    props: combinedProps,
    mockConfig,
+    mockSettings,
  };
 };

 describe('<ModelDialog />', () => {
  beforeEach(() => {
    vi.clearAllMocks();
+    // Ensure env-based fallback models don't leak into this suite from the developer environment.
+    delete process.env['OPENAI_MODEL'];
+    delete process.env['ANTHROPIC_MODEL'];
  });

  afterEach(() => {
@@ -91,8 +112,12 @@ describe('<ModelDialog />', () => {

    const props = mockedSelect.mock.calls[0][0];
    expect(props.items).toHaveLength(AVAILABLE_MODELS_QWEN.length);
-    expect(props.items[0].value).toBe(MAINLINE_CODER);
-    expect(props.items[1].value).toBe(MAINLINE_VLM);
+    expect(props.items[0].value).toBe(
+      `${AuthType.QWEN_OAUTH}::${MAINLINE_CODER}`,
+    );
+    expect(props.items[1].value).toBe(
+      `${AuthType.QWEN_OAUTH}::${MAINLINE_VLM}`,
+    );
    expect(props.showNumbers).toBe(true);
  });

@@ -139,16 +164,93 @@ describe('<ModelDialog />', () => {
    expect(mockedSelect).toHaveBeenCalledTimes(1);
  });

-  it('calls config.setModel and onClose when DescriptiveRadioButtonSelect.onSelect is triggered', () => {
-    const { props, mockConfig } = renderComponent({}, {}); // Pass empty object for contextValue
+  it('calls config.switchModel and onClose when DescriptiveRadioButtonSelect.onSelect is triggered', async () => {
+    const { props, mockConfig, mockSettings } = renderComponent({}, {}); // Pass empty object for contextValue

    const childOnSelect = mockedSelect.mock.calls[0][0].onSelect;
    expect(childOnSelect).toBeDefined();

-    childOnSelect(MAINLINE_CODER);
+    await childOnSelect(`${AuthType.QWEN_OAUTH}::${MAINLINE_CODER}`);

-    // Assert against the default mock provided by renderComponent
-    expect(mockConfig?.setModel).toHaveBeenCalledWith(MAINLINE_CODER);
+    expect(mockConfig?.switchModel).toHaveBeenCalledWith(
+      AuthType.QWEN_OAUTH,
+      MAINLINE_CODER,
+      undefined,
+      {
+        reason: 'user_manual',
+        context: 'Model switched via /model dialog',
+      },
+    );
+    expect(mockSettings.setValue).toHaveBeenCalledWith(
+      SettingScope.User,
+      'model.name',
+      MAINLINE_CODER,
+    );
+    expect(mockSettings.setValue).toHaveBeenCalledWith(
+      SettingScope.User,
+      'security.auth.selectedType',
+      AuthType.QWEN_OAUTH,
+    );
+    expect(props.onClose).toHaveBeenCalledTimes(1);
+  });
+
+  it('calls config.switchModel and persists authType+model when selecting a different authType', async () => {
+    const switchModel = vi.fn().mockResolvedValue(undefined);
+    const getAuthType = vi.fn(() => AuthType.USE_OPENAI);
+    const getAvailableModelsForAuthType = vi.fn((t: AuthType) => {
+      if (t === AuthType.USE_OPENAI) {
+        return [{ id: 'gpt-4', label: 'GPT-4', authType: t }];
+      }
+      if (t === AuthType.QWEN_OAUTH) {
+        return AVAILABLE_MODELS_QWEN.map((m) => ({
+          id: m.id,
+          label: m.label,
+          authType: AuthType.QWEN_OAUTH,
+        }));
+      }
+      return [];
+    });
+
+    const mockConfigWithSwitchAuthType = {
+      getAuthType,
+      getModel: vi.fn(() => 'gpt-4'),
+      getContentGeneratorConfig: vi.fn(() => ({
+        authType: AuthType.QWEN_OAUTH,
+        model: MAINLINE_CODER,
+      })),
+      // Add switchModel to the mock object (not the type)
+      switchModel,
+      getAvailableModelsForAuthType,
+    };
+
+    const { props, mockSettings } = renderComponent(
+      {},
+      // Cast to Config to bypass type checking, matching the runtime behavior
+      mockConfigWithSwitchAuthType as unknown as Partial<Config>,
+    );
+
+    const childOnSelect = mockedSelect.mock.calls[0][0].onSelect;
+    await childOnSelect(`${AuthType.QWEN_OAUTH}::${MAINLINE_CODER}`);
+
+    expect(switchModel).toHaveBeenCalledWith(
+      AuthType.QWEN_OAUTH,
+      MAINLINE_CODER,
+      { requireCachedCredentials: true },
+      {
+        reason: 'user_manual',
+        context: 'AuthType+model switched via /model dialog',
+      },
+    );
+    expect(mockSettings.setValue).toHaveBeenCalledWith(
+      SettingScope.User,
+      'model.name',
+      MAINLINE_CODER,
+    );
+    expect(mockSettings.setValue).toHaveBeenCalledWith(
+      SettingScope.User,
+      'security.auth.selectedType',
+      AuthType.QWEN_OAUTH,
+    );
    expect(props.onClose).toHaveBeenCalledTimes(1);
  });

@@ -193,17 +295,25 @@ describe('<ModelDialog />', () => {
  it('updates initialIndex when config context changes', () => {
    const mockGetModel = vi.fn(() => MAINLINE_CODER);
    const mockGetAuthType = vi.fn(() => 'qwen-oauth');
+    const mockSettings = {
+      isTrusted: true,
+      user: { settings: {} },
+      workspace: { settings: {} },
+      setValue: vi.fn(),
+    } as unknown as LoadedSettings;
    const { rerender } = render(
-      <ConfigContext.Provider
-        value={
-          {
-            getModel: mockGetModel,
-            getAuthType: mockGetAuthType,
-          } as unknown as Config
-        }
-      >
-        <ModelDialog onClose={vi.fn()} />
-      </ConfigContext.Provider>,
+      <SettingsContext.Provider value={mockSettings}>
+        <ConfigContext.Provider
+          value={
+            {
+              getModel: mockGetModel,
+              getAuthType: mockGetAuthType,
+            } as unknown as Config
+          }
+        >
+          <ModelDialog onClose={vi.fn()} />
+        </ConfigContext.Provider>
+      </SettingsContext.Provider>,
    );

    expect(mockedSelect.mock.calls[0][0].initialIndex).toBe(0);
@@ -215,9 +325,11 @@ describe('<ModelDialog />', () => {
    } as unknown as Config;

    rerender(
-      <ConfigContext.Provider value={newMockConfig}>
-        <ModelDialog onClose={vi.fn()} />
-      </ConfigContext.Provider>,
+      <SettingsContext.Provider value={mockSettings}>
+        <ConfigContext.Provider value={newMockConfig}>
+          <ModelDialog onClose={vi.fn()} />
+        </ConfigContext.Provider>
+      </SettingsContext.Provider>,
    );

    // Should be called at least twice: initial render + re-render after context change
--- a/packages/cli/src/ui/components/ModelDialog.tsx
+++ b/packages/cli/src/ui/components/ModelDialog.tsx
@@ -5,52 +5,210 @@
 */

 import type React from 'react';
-import { useCallback, useContext, useMemo } from 'react';
+import { useCallback, useContext, useMemo, useState } from 'react';
 import { Box, Text } from 'ink';
 import {
  AuthType,
  ModelSlashCommandEvent,
  logModelSlashCommand,
+  type ContentGeneratorConfig,
+  type ContentGeneratorConfigSource,
+  type ContentGeneratorConfigSources,
 } from '@qwen-code/qwen-code-core';
 import { useKeypress } from '../hooks/useKeypress.js';
 import { theme } from '../semantic-colors.js';
 import { DescriptiveRadioButtonSelect } from './shared/DescriptiveRadioButtonSelect.js';
 import { ConfigContext } from '../contexts/ConfigContext.js';
+import { UIStateContext } from '../contexts/UIStateContext.js';
+import { useSettings } from '../contexts/SettingsContext.js';
 import {
  getAvailableModelsForAuthType,
  MAINLINE_CODER,
 } from '../models/availableModels.js';
+import { getPersistScopeForModelSelection } from '../../config/modelProvidersScope.js';
 import { t } from '../../i18n/index.js';

 interface ModelDialogProps {
  onClose: () => void;
 }

+function formatSourceBadge(
+  source: ContentGeneratorConfigSource | undefined,
+): string | undefined {
+  if (!source) return undefined;
+
+  switch (source.kind) {
+    case 'cli':
+      return source.detail ? `CLI ${source.detail}` : 'CLI';
+    case 'env':
+      return source.envKey ? `ENV ${source.envKey}` : 'ENV';
+    case 'settings':
+      return source.settingsPath
+        ? `Settings ${source.settingsPath}`
+        : 'Settings';
+    case 'modelProviders': {
+      const suffix =
+        source.authType && source.modelId
+          ? `${source.authType}:${source.modelId}`
+          : source.authType
+            ? `${source.authType}`
+            : source.modelId
+              ? `${source.modelId}`
+              : '';
+      return suffix ? `ModelProviders ${suffix}` : 'ModelProviders';
+    }
+    case 'default':
+      return source.detail ? `Default ${source.detail}` : 'Default';
+    case 'computed':
+      return source.detail ? `Computed ${source.detail}` : 'Computed';
+    case 'programmatic':
+      return source.detail ? `Programmatic ${source.detail}` : 'Programmatic';
+    case 'unknown':
+    default:
+      return undefined;
+  }
+}
+
+function readSourcesFromConfig(config: unknown): ContentGeneratorConfigSources {
+  if (!config) {
+    return {};
+  }
+  const maybe = config as {
+    getContentGeneratorConfigSources?: () => ContentGeneratorConfigSources;
+  };
+  return maybe.getContentGeneratorConfigSources?.() ?? {};
+}
+
+function maskApiKey(apiKey: string | undefined): string {
+  if (!apiKey) return '(not set)';
+  const trimmed = apiKey.trim();
+  if (trimmed.length === 0) return '(not set)';
+  if (trimmed.length <= 6) return '***';
+  const head = trimmed.slice(0, 3);
+  const tail = trimmed.slice(-4);
+  return `${head}…${tail}`;
+}
+
+function persistModelSelection(
+  settings: ReturnType<typeof useSettings>,
+  modelId: string,
+): void {
+  const scope = getPersistScopeForModelSelection(settings);
+  settings.setValue(scope, 'model.name', modelId);
+}
+
+function persistAuthTypeSelection(
+  settings: ReturnType<typeof useSettings>,
+  authType: AuthType,
+): void {
+  const scope = getPersistScopeForModelSelection(settings);
+  settings.setValue(scope, 'security.auth.selectedType', authType);
+}
+
+function ConfigRow({
+  label,
+  value,
+  badge,
+}: {
+  label: string;
+  value: React.ReactNode;
+  badge?: string;
+}): React.JSX.Element {
+  return (
+    <Box flexDirection="column">
+      <Box>
+        <Box minWidth={12} flexShrink={0}>
+          <Text color={theme.text.secondary}>{label}:</Text>
+        </Box>
+        <Box flexGrow={1} flexDirection="row" flexWrap="wrap">
+          <Text>{value}</Text>
+        </Box>
+      </Box>
+      {badge ? (
+        <Box>
+          <Box minWidth={12} flexShrink={0}>
+            <Text> </Text>
+          </Box>
+          <Box flexGrow={1}>
+            <Text color={theme.text.secondary}>{badge}</Text>
+          </Box>
+        </Box>
+      ) : null}
+    </Box>
+  );
+}
+
 export function ModelDialog({ onClose }: ModelDialogProps): React.JSX.Element {
  const config = useContext(ConfigContext);
+  const uiState = useContext(UIStateContext);
+  const settings = useSettings();

-  // Get auth type from config, default to QWEN_OAUTH if not available
-  const authType = config?.getAuthType() ?? AuthType.QWEN_OAUTH;
+  // Local error state for displaying errors within the dialog
+  const [errorMessage, setErrorMessage] = useState<string | null>(null);

-  // Get available models based on auth type
-  const availableModels = useMemo(
-    () => getAvailableModelsForAuthType(authType),
-    [authType],
-  );
+  const authType = config?.getAuthType();
+  const effectiveConfig =
+    (config?.getContentGeneratorConfig?.() as
+      | ContentGeneratorConfig
+      | undefined) ?? undefined;
+  const sources = readSourcesFromConfig(config);
+
+  const availableModelEntries = useMemo(() => {
+    const allAuthTypes = Object.values(AuthType) as AuthType[];
+    const modelsByAuthType = allAuthTypes
+      .map((t) => ({
+        authType: t,
+        models: getAvailableModelsForAuthType(t, config ?? undefined),
+      }))
+      .filter((x) => x.models.length > 0);
+
+    // Fixed order: qwen-oauth first, then others in a stable order
+    const authTypeOrder: AuthType[] = [
+      AuthType.QWEN_OAUTH,
+      AuthType.USE_OPENAI,
+      AuthType.USE_ANTHROPIC,
+      AuthType.USE_GEMINI,
+      AuthType.USE_VERTEX_AI,
+    ];
+
+    // Filter to only include authTypes that have models
+    const availableAuthTypes = new Set(modelsByAuthType.map((x) => x.authType));
+    const orderedAuthTypes = authTypeOrder.filter((t) =>
+      availableAuthTypes.has(t),
+    );
+
+    return orderedAuthTypes.flatMap((t) => {
+      const models =
+        modelsByAuthType.find((x) => x.authType === t)?.models ?? [];
+      return models.map((m) => ({ authType: t, model: m }));
+    });
+  }, [config]);

  const MODEL_OPTIONS = useMemo(
    () =>
-      availableModels.map((model) => ({
-        value: model.id,
-        title: model.label,
-        description: model.description || '',
-        key: model.id,
-      })),
-    [availableModels],
+      availableModelEntries.map(({ authType: t2, model }) => {
+        const value = `${t2}::${model.id}`;
+        const title = (
+          <Text>
+            <Text bold color={theme.text.accent}>
+              [{t2}]
+            </Text>
+            <Text>{` ${model.label}`}</Text>
+          </Text>
+        );
+        const description = model.description || '';
+        return {
+          value,
+          title,
+          description,
+          key: value,
+        };
+      }),
+    [availableModelEntries],
  );

-  // Determine the Preferred Model (read once when the dialog opens).
-  const preferredModel = config?.getModel() || MAINLINE_CODER;
+  const preferredModelId = config?.getModel() || MAINLINE_CODER;
+  const preferredKey = authType ? `${authType}::${preferredModelId}` : '';

  useKeypress(
    (key) => {
@@ -61,25 +219,83 @@ export function ModelDialog({ onClose }: ModelDialogProps): React.JSX.Element {
    { isActive: true },
  );

-  // Calculate the initial index based on the preferred model.
-  const initialIndex = useMemo(
-    () => MODEL_OPTIONS.findIndex((option) => option.value === preferredModel),
-    [MODEL_OPTIONS, preferredModel],
-  );
+  const initialIndex = useMemo(() => {
+    const index = MODEL_OPTIONS.findIndex(
+      (option) => option.value === preferredKey,
+    );
+    return index === -1 ? 0 : index;
+  }, [MODEL_OPTIONS, preferredKey]);

-  // Handle selection internally (Autonomous Dialog).
  const handleSelect = useCallback(
-    (model: string) => {
+    async (selected: string) => {
+      // Clear any previous error
+      setErrorMessage(null);
+
+      const sep = '::';
+      const idx = selected.indexOf(sep);
+      const selectedAuthType = (
+        idx >= 0 ? selected.slice(0, idx) : authType
+      ) as AuthType;
+      const modelId = idx >= 0 ? selected.slice(idx + sep.length) : selected;
+
      if (config) {
-        config.setModel(model);
-        const event = new ModelSlashCommandEvent(model);
+        try {
+          await config.switchModel(
+            selectedAuthType,
+            modelId,
+            selectedAuthType !== authType &&
+              selectedAuthType === AuthType.QWEN_OAUTH
+              ? { requireCachedCredentials: true }
+              : undefined,
+            {
+              reason: 'user_manual',
+              context:
+                selectedAuthType === authType
+                  ? 'Model switched via /model dialog'
+                  : 'AuthType+model switched via /model dialog',
+            },
+          );
+        } catch (e) {
+          const baseErrorMessage = e instanceof Error ? e.message : String(e);
+          setErrorMessage(
+            `Failed to switch model to '${modelId}'.\n\n${baseErrorMessage}`,
+          );
+          return;
+        }
+        const event = new ModelSlashCommandEvent(modelId);
        logModelSlashCommand(config, event);
+
+        const after = config.getContentGeneratorConfig?.() as
+          | ContentGeneratorConfig
+          | undefined;
+        const effectiveAuthType =
+          after?.authType ?? selectedAuthType ?? authType;
+        const effectiveModelId = after?.model ?? modelId;
+
+        persistModelSelection(settings, effectiveModelId);
+        persistAuthTypeSelection(settings, effectiveAuthType);
+
+        const baseUrl = after?.baseUrl ?? '(default)';
+        const maskedKey = maskApiKey(after?.apiKey);
+        uiState?.historyManager.addItem(
+          {
+            type: 'info',
+            text:
+              `authType: ${effectiveAuthType}\n` +
+              `Using model: ${effectiveModelId}\n` +
+              `Base URL: ${baseUrl}\n` +
+              `API key: ${maskedKey}`,
+          },
+          Date.now(),
+        );
      }
      onClose();
    },
-    [config, onClose],
+    [authType, config, onClose, settings, uiState, setErrorMessage],
  );

+  const hasModels = MODEL_OPTIONS.length > 0;
+
  return (
    <Box
      borderStyle="round"
@@ -89,14 +305,73 @@ export function ModelDialog({ onClose }: ModelDialogProps): React.JSX.Element {
      width="100%"
    >
      <Text bold>{t('Select Model')}</Text>
-      <Box marginTop={1}>
-        <DescriptiveRadioButtonSelect
-          items={MODEL_OPTIONS}
-          onSelect={handleSelect}
-          initialIndex={initialIndex}
-          showNumbers={true}
-        />
+
+      <Box marginTop={1} flexDirection="column">
+        <Text color={theme.text.secondary}>
+          {t('Current (effective) configuration')}
+        </Text>
+        <Box flexDirection="column" marginTop={1}>
+          <ConfigRow label="AuthType" value={authType} />
+          <ConfigRow
+            label="Model"
+            value={effectiveConfig?.model ?? config?.getModel?.() ?? ''}
+            badge={formatSourceBadge(sources['model'])}
+          />
+
+          {authType !== AuthType.QWEN_OAUTH && (
+            <>
+              <ConfigRow
+                label="Base URL"
+                value={effectiveConfig?.baseUrl ?? ''}
+                badge={formatSourceBadge(sources['baseUrl'])}
+              />
+              <ConfigRow
+                label="API Key"
+                value={effectiveConfig?.apiKey ? t('(set)') : t('(not set)')}
+                badge={formatSourceBadge(sources['apiKey'])}
+              />
+            </>
+          )}
+        </Box>
      </Box>
+
+      {!hasModels ? (
+        <Box marginTop={1} flexDirection="column">
+          <Text color={theme.status.warning}>
+            {t(
+              'No models available for the current authentication type ({{authType}}).',
+              {
+                authType: authType ? String(authType) : t('(none)'),
+              },
+            )}
+          </Text>
+          <Box marginTop={1}>
+            <Text color={theme.text.secondary}>
+              {t(
+                'Please configure models in settings.modelProviders or use environment variables.',
+              )}
+            </Text>
+          </Box>
+        </Box>
+      ) : (
+        <Box marginTop={1}>
+          <DescriptiveRadioButtonSelect
+            items={MODEL_OPTIONS}
+            onSelect={handleSelect}
+            initialIndex={initialIndex}
+            showNumbers={true}
+          />
+        </Box>
+      )}
+
+      {errorMessage && (
+        <Box marginTop={1} flexDirection="column" paddingX={1}>
+          <Text color={theme.status.error} wrap="wrap">
+            ✕ {errorMessage}
+          </Text>
+        </Box>
+      )}
+
      <Box marginTop={1} flexDirection="column">
        <Text color={theme.text.secondary}>{t('(Press Esc to close)')}</Text>
      </Box>
--- a/packages/cli/src/ui/components/StandaloneSessionPicker.tsx
+++ b/packages/cli/src/ui/components/StandaloneSessionPicker.tsx
@@ -87,7 +87,13 @@ export async function showResumeSessionPicker(
    let selectedId: string | undefined;

    const { unmount, waitUntilExit } = render(
-      <KeypressProvider kittyProtocolEnabled={false}>
+      <KeypressProvider
+        kittyProtocolEnabled={false}
+        pasteWorkaround={
+          process.platform === 'win32' ||
+          parseInt(process.versions.node.split('.')[0], 10) < 20
+        }
+      >
        <StandalonePickerScreen
          sessionService={sessionService}
          onSelect={(id) => {
--- a/packages/cli/src/ui/components/SuggestionsDisplay.tsx
+++ b/packages/cli/src/ui/components/SuggestionsDisplay.tsx
@@ -106,7 +106,7 @@ export function SuggestionsDisplay({
            </Box>

            {suggestion.description && (
-              <Box flexGrow={1} paddingLeft={3}>
+              <Box flexGrow={1} paddingLeft={2}>
                <Text color={textColor} wrap="truncate">
                  {suggestion.description}
                </Text>
--- a/packages/cli/src/ui/components/messages/InfoMessage.tsx
+++ b/packages/cli/src/ui/components/messages/InfoMessage.tsx
@@ -23,7 +23,7 @@ export const InfoMessage: React.FC<InfoMessageProps> = ({ text }) => {
  const prefixWidth = prefix.length;

  return (
-    <Box flexDirection="row" marginTop={1}>
+    <Box flexDirection="row" marginBottom={1}>
      <Box width={prefixWidth}>
        <Text color={theme.status.warning}>{prefix}</Text>
      </Box>
--- a/packages/cli/src/ui/components/messages/WarningMessage.tsx
+++ b/packages/cli/src/ui/components/messages/WarningMessage.tsx
@@ -18,7 +18,7 @@ export const WarningMessage: React.FC<WarningMessageProps> = ({ text }) => {
  const prefixWidth = 3;

  return (
-    <Box flexDirection="row" marginTop={1}>
+    <Box flexDirection="row" marginBottom={1}>
      <Box width={prefixWidth}>
        <Text color={Colors.AccentYellow}>{prefix}</Text>
      </Box>
--- a/packages/cli/src/ui/components/shared/DescriptiveRadioButtonSelect.tsx
+++ b/packages/cli/src/ui/components/shared/DescriptiveRadioButtonSelect.tsx
@@ -11,7 +11,7 @@ import { BaseSelectionList } from './BaseSelectionList.js';
 import type { SelectionListItem } from '../../hooks/useSelectionList.js';

 export interface DescriptiveRadioSelectItem<T> extends SelectionListItem<T> {
-  title: string;
+  title: React.ReactNode;
  description: string;
 }

--- a/packages/cli/src/ui/components/views/SkillsList.tsx
+++ b/packages/cli/src/ui/components/views/SkillsList.tsx
@@ -0,0 +1,36 @@
+/**
+ * @license
+ * Copyright 2025 Qwen
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import type React from 'react';
+import { Box, Text } from 'ink';
+import { theme } from '../../semantic-colors.js';
+import { type SkillDefinition } from '../../types.js';
+import { t } from '../../../i18n/index.js';
+
+interface SkillsListProps {
+  skills: readonly SkillDefinition[];
+}
+
+export const SkillsList: React.FC<SkillsListProps> = ({ skills }) => (
+  <Box flexDirection="column" marginBottom={1}>
+    <Text bold color={theme.text.primary}>
+      {t('Available skills:')}
+    </Text>
+    <Box height={1} />
+    {skills.length > 0 ? (
+      skills.map((skill) => (
+        <Box key={skill.name} flexDirection="row">
+          <Text color={theme.text.primary}>{'  '}- </Text>
+          <Text bold color={theme.text.accent}>
+            {skill.name}
+          </Text>
+        </Box>
+      ))
+    ) : (
+      <Text color={theme.text.primary}> {t('No skills available')}</Text>
+    )}
+  </Box>
+);
--- a/packages/cli/src/ui/contexts/UIActionsContext.tsx
+++ b/packages/cli/src/ui/contexts/UIActionsContext.tsx
@@ -30,7 +30,6 @@ export interface UIActions {
  ) => void;
  handleAuthSelect: (
    authType: AuthType | undefined,
-    scope: SettingScope,
    credentials?: OpenAICredentials,
  ) => Promise<void>;
  setAuthState: (state: AuthState) => void;
--- a/packages/cli/src/ui/hooks/useDialogClose.ts
+++ b/packages/cli/src/ui/hooks/useDialogClose.ts
@@ -25,7 +25,6 @@ export interface DialogCloseOptions {
  isAuthDialogOpen: boolean;
  handleAuthSelect: (
    authType: AuthType | undefined,
-    scope: SettingScope,
    credentials?: OpenAICredentials,
  ) => Promise<void>;
  pendingAuthType: AuthType | undefined;
--- a/packages/cli/src/ui/hooks/useGeminiStream.ts
+++ b/packages/cli/src/ui/hooks/useGeminiStream.ts
@@ -912,7 +912,7 @@ export const useGeminiStream = (
      // Reset quota error flag when starting a new query (not a continuation)
      if (!options?.isContinuation) {
        setModelSwitchedFromQuotaError(false);
-        config.setQuotaErrorOccurred(false);
+        // No quota-error / fallback routing mechanism currently; keep state minimal.
      }

      abortControllerRef.current = new AbortController();
--- a/packages/cli/src/ui/hooks/useLaunchEditor.ts
+++ b/packages/cli/src/ui/hooks/useLaunchEditor.ts
@@ -1,21 +1,58 @@
-/**
- * @license
- * Copyright 2025 Qwen
- * SPDX-License-Identifier: Apache-2.0
- */
-
 import { useCallback } from 'react';
 import { useStdin } from 'ink';
 import type { EditorType } from '@qwen-code/qwen-code-core';
+import {
+  editorCommands,
+  commandExists as coreCommandExists,
+} from '@qwen-code/qwen-code-core';
 import { spawnSync } from 'child_process';
 import { useSettings } from '../contexts/SettingsContext.js';

+/**
+ * Cache for command existence checks to avoid repeated execSync calls.
+ */
+const commandExistsCache = new Map<string, boolean>();
+
+/**
+ * Check if a command exists in the system with caching.
+ * Results are cached to improve performance in test environments.
+ */
+function commandExists(cmd: string): boolean {
+  if (commandExistsCache.has(cmd)) {
+    return commandExistsCache.get(cmd)!;
+  }
+
+  const exists = coreCommandExists(cmd);
+  commandExistsCache.set(cmd, exists);
+  return exists;
+}
+/**
+ * Get the actual executable command for an editor type.
+ */
+function getExecutableCommand(editorType: EditorType): string {
+  const commandConfig = editorCommands[editorType];
+  const commands =
+    process.platform === 'win32' ? commandConfig.win32 : commandConfig.default;
+
+  const availableCommand = commands.find((cmd) => commandExists(cmd));
+
+  if (!availableCommand) {
+    throw new Error(
+      `No available editor command found for ${editorType}. ` +
+        `Tried: ${commands.join(', ')}. ` +
+        `Please install one of these editors or set a different preferredEditor in settings.`,
+    );
+  }
+
+  return availableCommand;
+}
+
 /**
 * Determines the editor command to use based on user preferences and platform.
 */
 function getEditorCommand(preferredEditor?: EditorType): string {
  if (preferredEditor) {
-    return preferredEditor;
+    return getExecutableCommand(preferredEditor);
  }

  // Platform-specific defaults with UI preference for macOS
@@ -63,8 +100,14 @@ export function useLaunchEditor() {
      try {
        setRawMode?.(false);

+        // On Windows, .cmd and .bat files need shell: true
+        const needsShell =
+          process.platform === 'win32' &&
+          (editorCommand.endsWith('.cmd') || editorCommand.endsWith('.bat'));
+
        const { status, error } = spawnSync(editorCommand, editorArgs, {
          stdio: 'inherit',
+          shell: needsShell,
        });

        if (error) throw error;
--- a/packages/cli/src/ui/hooks/useSlashCompletion.test.ts
+++ b/packages/cli/src/ui/hooks/useSlashCompletion.test.ts
@@ -573,6 +573,45 @@ describe('useSlashCompletion', () => {
      });
    });

+    it('should map completion items with descriptions for argument suggestions', async () => {
+      const mockCompletionFn = vi.fn().mockResolvedValue([
+        { value: 'pdf', description: 'Create PDF documents' },
+        { value: 'xlsx', description: 'Work with spreadsheets' },
+      ]);
+
+      const slashCommands = [
+        createTestCommand({
+          name: 'skills',
+          description: 'List available skills',
+          completion: mockCompletionFn,
+        }),
+      ];
+
+      const { result } = renderHook(() =>
+        useTestHarnessForSlashCompletion(
+          true,
+          '/skills ',
+          slashCommands,
+          mockCommandContext,
+        ),
+      );
+
+      await waitFor(() => {
+        expect(result.current.suggestions).toEqual([
+          {
+            label: 'pdf',
+            value: 'pdf',
+            description: 'Create PDF documents',
+          },
+          {
+            label: 'xlsx',
+            value: 'xlsx',
+            description: 'Work with spreadsheets',
+          },
+        ]);
+      });
+    });
+
    it('should call command.completion with an empty string when args start with a space', async () => {
      const mockCompletionFn = vi
        .fn()
--- a/Show More
+++ b/Show More