fix code merge

Merge branch 'main' into feat/extension
fix test
2026-01-19 23:36:19 +00:00 · 2026-01-19 21:27:31 +08:00 · 2026-01-19 21:16:07 +08:00 · 2026-01-19 19:40:16 +08:00 · 2026-01-19 19:26:20 +08:00 · 2026-01-19 19:23:22 +08:00
282 changed files with 23477 additions and 9755 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+* @tanzhenxin @DennisYu07 @gwinthis @LaZzyMan @pomelo-nwu @Mingholy
+# SDK TypeScript package changes require review from Mingholy
+packages/sdk-typescript/** @Mingholy
--- a/.github/workflows/release-sdk.yml
+++ b/.github/workflows/release-sdk.yml
@@ -241,7 +241,7 @@ jobs:
          ${{ steps.vars.outputs.is_dry_run == 'false' && steps.vars.outputs.is_nightly == 'false' && steps.vars.outputs.is_preview == 'false' }}
        id: 'pr'
        env:
-          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          GITHUB_TOKEN: '${{ secrets.CI_BOT_PAT }}'
          RELEASE_BRANCH: '${{ steps.release_branch.outputs.BRANCH_NAME }}'
          RELEASE_TAG: '${{ steps.version.outputs.RELEASE_TAG }}'
        run: |-
@@ -258,26 +258,15 @@ jobs:

          echo "PR_URL=${pr_url}" >> "${GITHUB_OUTPUT}"

-      - name: 'Wait for CI checks to complete'
-        if: |-
-          ${{ steps.vars.outputs.is_dry_run == 'false' && steps.vars.outputs.is_nightly == 'false' && steps.vars.outputs.is_preview == 'false' }}
-        env:
-          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
-          PR_URL: '${{ steps.pr.outputs.PR_URL }}'
-        run: |-
-          set -euo pipefail
-          echo "Waiting for CI checks to complete..."
-          gh pr checks "${PR_URL}" --watch --interval 30
-
      - name: 'Enable auto-merge for release PR'
        if: |-
          ${{ steps.vars.outputs.is_dry_run == 'false' && steps.vars.outputs.is_nightly == 'false' && steps.vars.outputs.is_preview == 'false' }}
        env:
-          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          GITHUB_TOKEN: '${{ secrets.CI_BOT_PAT }}'
          PR_URL: '${{ steps.pr.outputs.PR_URL }}'
        run: |-
          set -euo pipefail
-          gh pr merge "${PR_URL}" --merge --auto
+          gh pr merge "${PR_URL}" --merge --auto --delete-branch

      - name: 'Create Issue on Failure'
        if: |-
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ Qwen Code is an open-source AI agent for the terminal, optimized for [Qwen3-Code
 - **OpenAI-compatible, OAuth free tier**: use an OpenAI-compatible API, or sign in with Qwen OAuth to get 2,000 free requests/day.
 - **Open-source, co-evolving**: both the framework and the Qwen3-Coder model are open-source—and they ship and evolve together.
 - **Agentic workflow, feature-rich**: rich built-in tools (Skills, SubAgents, Plan Mode) for a full agentic workflow and a Claude Code-like experience.
- **Terminal-first, IDE-friendly**: built for developers who live in the command line, with optional integration for VS Code and Zed.
+- **Terminal-first, IDE-friendly**: built for developers who live in the command line, with optional integration for VS Code, Zed, and JetBrains IDEs.

 ## Installation

@@ -137,10 +137,11 @@ Use `-p` to run Qwen Code without the interactive UI—ideal for scripts, automa

 #### IDE integration

-Use Qwen Code inside your editor (VS Code and Zed):
+Use Qwen Code inside your editor (VS Code, Zed, and JetBrains IDEs):

 - [Use in VS Code](https://qwenlm.github.io/qwen-code-docs/en/users/integration-vscode/)
 - [Use in Zed](https://qwenlm.github.io/qwen-code-docs/en/users/integration-zed/)
+- [Use in JetBrains IDEs](https://qwenlm.github.io/qwen-code-docs/en/users/integration-jetbrains/)

 #### TypeScript SDK

@@ -200,6 +201,11 @@ If you encounter issues, check the [troubleshooting guide](https://qwenlm.github

 To report a bug from within the CLI, run `/bug` and include a short title and repro steps.

+## Connect with Us
+
+- Discord: https://discord.gg/ycKBjdNd
+- Dingtalk: https://qr.dingtalk.com/action/joingroup?code=v1,k1,+FX6Gf/ZDlTahTIRi8AEQhIaBlqykA0j+eBKKdhLeAE=&_dt_no_comment=1&origin=1
+
 ## Acknowledgments

 This project is based on [Google Gemini CLI](https://github.com/google-gemini/gemini-cli). We acknowledge and appreciate the excellent work of the Gemini CLI team. Our main contribution focuses on parser-level adaptations to better support Qwen-Coder models.
--- a/docs/developers/extensions/extension.md
+++ b/docs/developers/extensions/extension.md
@@ -4,11 +4,25 @@ Qwen Code extensions package prompts, MCP servers, and custom commands into a fa

 ## Extension management

-We offer a suite of extension management tools using `qwen extensions` commands.
+We offer a suite of extension management tools using both `qwen extensions` CLI commands and `/extensions` slash commands within the interactive CLI.

-Note that these commands are not supported from within the CLI, although you can list installed extensions using the `/extensions list` subcommand.
+### Runtime Extension Management (Slash Commands)

-Note that all of these commands will only be reflected in active CLI sessions on restart.
+You can manage extensions at runtime within the interactive CLI using `/extensions` slash commands. These commands support hot-reloading, meaning changes take effect immediately without restarting the application.
+
+| Command                                                | Description                                                     |
+| ------------------------------------------------------ | --------------------------------------------------------------- |
+| `/extensions` or `/extensions list`                    | List all installed extensions with their status                 |
+| `/extensions install <source>`                         | Install an extension from a git URL, local path, or marketplace |
+| `/extensions uninstall <name>`                         | Uninstall an extension                                          |
+| `/extensions enable <name> --scope <user\|workspace>`  | Enable an extension                                             |
+| `/extensions disable <name> --scope <user\|workspace>` | Disable an extension                                            |
+| `/extensions update <name>`                            | Update a specific extension                                     |
+| `/extensions update --all`                             | Update all extensions with available updates                    |
+
+### CLI Extension Management
+
+You can also manage extensions using `qwen extensions` CLI commands. Note that changes made via CLI commands will be reflected in active CLI sessions on restart.

 ### Installing an extension

@@ -98,7 +112,18 @@ The `qwen-extension.json` file contains the configuration for the extension. The
    }
  },
  "contextFileName": "QWEN.md",
-  "excludeTools": ["run_shell_command"]
+  "excludeTools": ["run_shell_command"],
+  "commands": "commands",
+  "skills": "skills",
+  "agents": "agents",
+  "settings": [
+    {
+      "name": "API Key",
+      "description": "Your API key for the service",
+      "envVar": "MY_API_KEY",
+      "sensitive": true
+    }
+  ]
 }
 ```

@@ -108,12 +133,18 @@ The `qwen-extension.json` file contains the configuration for the extension. The
  - Note that all MCP server configuration options are supported except for `trust`.
 - `contextFileName`: The name of the file that contains the context for the extension. This will be used to load the context from the extension directory. If this property is not used but a `QWEN.md` file is present in your extension directory, then that file will be loaded.
 - `excludeTools`: An array of tool names to exclude from the model. You can also specify command-specific restrictions for tools that support it, like the `run_shell_command` tool. For example, `"excludeTools": ["run_shell_command(rm -rf)"]` will block the `rm -rf` command. Note that this differs from the MCP server `excludeTools` functionality, which can be listed in the MCP server config. **Important:** Tools specified in `excludeTools` will be disabled for the entire conversation context and will affect all subsequent queries in the current session.
+- `commands`: The directory containing custom commands (default: `commands`). Commands are `.md` files that define prompts.
+- `skills`: The directory containing custom skills (default: `skills`). Skills are discovered automatically and become available via the `/skills` command.
+- `agents`: The directory containing custom subagents (default: `agents`). Subagents are `.yaml` or `.md` files that define specialized AI assistants.
+- `settings`: An array of settings that the extension requires. When installing, users will be prompted to provide values for these settings. The values are stored securely and passed to MCP servers as environment variables.

 When Qwen Code starts, it loads all the extensions and merges their configurations. If there are any conflicts, the workspace configuration takes precedence.

 ### Custom commands

-Extensions can provide [custom commands](./cli/commands.md#custom-commands) by placing TOML files in a `commands/` subdirectory within the extension directory. These commands follow the same format as user and project custom commands and use standard naming conventions.
+Extensions can provide [custom commands](./cli/commands.md#custom-commands) by placing Markdown files in a `commands/` subdirectory within the extension directory. These commands follow the same format as user and project custom commands and use standard naming conventions.
+
+> **Note:** The command format has been updated from TOML to Markdown. TOML files are deprecated but still supported. You can migrate existing TOML commands using the automatic migration prompt that appears when TOML files are detected.

 **Example**

@@ -123,15 +154,46 @@ An extension named `gcp` with the following structure:
 .qwen/extensions/gcp/
 ├── qwen-extension.json
 └── commands/
-    ├── deploy.toml
+    ├── deploy.md
    └── gcs/
-        └── sync.toml
+        └── sync.md
 ```

 Would provide these commands:

- `/deploy` - Shows as `[gcp] Custom command from deploy.toml` in help
- `/gcs:sync` - Shows as `[gcp] Custom command from sync.toml` in help
+- `/deploy` - Shows as `[gcp] Custom command from deploy.md` in help
+- `/gcs:sync` - Shows as `[gcp] Custom command from sync.md` in help
+
+### Custom skills
+
+Extensions can provide custom skills by placing skill files in a `skills/` subdirectory within the extension directory. Each skill should have a `SKILL.md` file with YAML frontmatter defining the skill's name and description.
+
+**Example**
+
+```
+.qwen/extensions/my-extension/
+├── qwen-extension.json
+└── skills/
+    └── pdf-processor/
+        └── SKILL.md
+```
+
+The skill will be available via the `/skills` command when the extension is active.
+
+### Custom subagents
+
+Extensions can provide custom subagents by placing agent configuration files in an `agents/` subdirectory within the extension directory. Agents are defined using YAML or Markdown files.
+
+**Example**
+
+```
+.qwen/extensions/my-extension/
+├── qwen-extension.json
+└── agents/
+    └── testing-expert.yaml
+```
+
+Extension subagents appear in the subagent manager dialog under "Extension Agents" section.

 ### Conflict resolution

--- a/docs/developers/extensions/getting-started-extensions.md
+++ b/docs/developers/extensions/getting-started-extensions.md
@@ -148,22 +148,119 @@ Custom commands provide a way to create shortcuts for complex prompts. Let's add
    mkdir -p commands/fs
    ```

-2.  Create a file named `commands/fs/grep-code.toml`:
+2.  Create a file named `commands/fs/grep-code.md`:
+
+    ```markdown
+    ---
+    description: Search for a pattern in code and summarize findings
+    ---

-    ```toml
-    prompt = """
    Please summarize the findings for the pattern `{{args}}`.

    Search Results:
    !{grep -r {{args}} .}
-    """
    ```

    This command, `/fs:grep-code`, will take an argument, run the `grep` shell command with it, and pipe the results into a prompt for summarization.

+> **Note:** Commands use Markdown format with optional YAML frontmatter. TOML format is deprecated but still supported for backwards compatibility.
+
 After saving the file, restart the Qwen Code. You can now run `/fs:grep-code "some pattern"` to use your new command.

-## Step 5: Add a Custom `QWEN.md`
+## Step 5: Add Custom Skills and Subagents (Optional)
+
+Extensions can also provide custom skills and subagents to extend Qwen Code's capabilities.
+
+### Adding a Custom Skill
+
+Skills are model-invoked capabilities that the AI can automatically use when relevant.
+
+1.  Create a `skills` directory with a skill subdirectory:
+
+    ```bash
+    mkdir -p skills/code-analyzer
+    ```
+
+2.  Create a `skills/code-analyzer/SKILL.md` file:
+
+    ```markdown
+    ---
+    name: code-analyzer
+    description: Analyzes code structure and provides insights about complexity, dependencies, and potential improvements
+    ---
+
+    # Code Analyzer
+
+    ## Instructions
+
+    When analyzing code, focus on:
+
+    - Code complexity and maintainability
+    - Dependencies and coupling
+    - Potential performance issues
+    - Suggestions for improvements
+
+    ## Examples
+
+    - "Analyze the complexity of this function"
+    - "What are the dependencies of this module?"
+    ```
+
+### Adding a Custom Subagent
+
+Subagents are specialized AI assistants for specific tasks.
+
+1.  Create an `agents` directory:
+
+    ```bash
+    mkdir -p agents
+    ```
+
+2.  Create an `agents/refactoring-expert.md` file:
+
+    ```markdown
+    ---
+    name: refactoring-expert
+    description: Specialized in code refactoring, improving code structure and maintainability
+    tools:
+      - read_file
+      - write_file
+      - read_many_files
+    ---
+
+    You are a refactoring specialist focused on improving code quality.
+
+    Your expertise includes:
+
+    - Identifying code smells and anti-patterns
+    - Applying SOLID principles
+    - Improving code readability and maintainability
+    - Safe refactoring with minimal risk
+
+    For each refactoring task:
+
+    1. Analyze the current code structure
+    2. Identify areas for improvement
+    3. Propose refactoring steps
+    4. Implement changes incrementally
+    5. Verify functionality is preserved
+    ```
+
+3.  Update your `qwen-extension.json` to include the new directories:
+
+    ```json
+    {
+      "name": "my-first-extension",
+      "version": "1.0.0",
+      "skills": "skills",
+      "agents": "agents",
+      "mcpServers": { ... }
+    }
+    ```
+
+After restarting Qwen Code, your custom skills will be available via `/skills` and subagents via `/agents manage`.
+
+## Step 6: Add a Custom `QWEN.md`

 You can provide persistent context to the model by adding a `QWEN.md` file to your extension. This is useful for giving the model instructions on how to behave or information about your extension's tools. Note that you may not always need this for extensions built to expose commands and prompts.

@@ -194,7 +291,7 @@ You can provide persistent context to the model by adding a `QWEN.md` file to yo

 Restart the CLI again. The model will now have the context from your `QWEN.md` file in every session where the extension is active.

-## Step 6: Releasing Your Extension
+## Step 7: Releasing Your Extension

 Once you are happy with your extension, you can share it with others. The two primary ways of releasing extensions are via a Git repository or through GitHub Releases. Using a public Git repository is the simplest method.

@@ -207,6 +304,7 @@ You've successfully created a Qwen Code extension! You learned how to:
 - Bootstrap a new extension from a template.
 - Add custom tools with an MCP server.
 - Create convenient custom commands.
+- Add custom skills and subagents.
 - Provide persistent context to the model.
 - Link your extension for local development.

--- a/docs/developers/tools/_meta.ts
+++ b/docs/developers/tools/_meta.ts
@@ -10,4 +10,5 @@ export default {
  'web-search': 'Web Search',
  memory: 'Memory',
  'mcp-server': 'MCP Servers',
+  sandbox: 'Sandboxing',
 };
--- a/docs/developers/tools/sandbox.md
+++ b/docs/developers/tools/sandbox.md
@@ -0,0 +1,90 @@
+## Customizing the sandbox environment (Docker/Podman)
+
+### Currently, the project does not support the use of the BUILD_SANDBOX function after installation through the npm package
+
+1. To build a custom sandbox, you need to access the build scripts (scripts/build_sandbox.js) in the source code repository.
+2. These build scripts are not included in the packages released by npm.
+3. The code contains hard-coded path checks that explicitly reject build requests from non-source code environments.
+
+If you need extra tools inside the container (e.g., `git`, `python`, `rg`), create a custom Dockerfile, The specific operation is as follows
+
+#### 1、Clone qwen code project first, https://github.com/QwenLM/qwen-code.git
+
+#### 2、Make sure you perform the following operation in the source code repository directory
+
+```bash
+# 1. First, install the dependencies of the project
+npm install
+
+# 2. Build the Qwen Code project
+npm run build
+
+# 3. Verify that the dist directory has been generated
+ls -la packages/cli/dist/
+
+# 4. Create a global link in the CLI package directory
+cd packages/cli
+npm link
+
+# 5. Verification link (it should now point to the source code)
+which qwen
+# Expected output: /xxx/xxx/.nvm/versions/node/v24.11.1/bin/qwen
+# Or similar paths, but it should be a symbolic link
+
+# 6. For details of the symbolic link, you can see the specific source code path
+ls -la $(dirname $(which qwen))/../lib/node_modules/@qwen-code/qwen-code
+# It should show that this is a symbolic link pointing to your source code directory
+
+# 7.Test the version of qwen
+qwen -v
+# npm link will overwrite the global qwen. To avoid being unable to distinguish the same version number, you can uninstall the global CLI first
+```
+
+#### 3、Create your sandbox Dockerfile under the root directory of your own project
+
+- Path: `.qwen/sandbox.Dockerfile`
+
+- Official mirror image address:https://github.com/QwenLM/qwen-code/pkgs/container/qwen-code
+
+```bash
+# Based on the official Qwen sandbox image (It is recommended to explicitly specify the version)
+FROM ghcr.io/qwenlm/qwen-code:sha-570ec43
+# Add your extra tools here
+RUN apt-get update && apt-get install -y \
+    git \
+    python3 \
+    ripgrep
+```
+
+#### 4、Create the first sandbox image under the root directory of your project
+
+```bash
+GEMINI_SANDBOX=docker BUILD_SANDBOX=1 qwen -s
+# Observe whether the sandbox version of the tool you launched is consistent with the version of your custom image. If they are consistent, the startup will be successful
+```
+
+This builds a project-specific image based on the default sandbox image.
+
+#### Remove npm link
+
+- If you want to restore the official CLI of qwen, please remove the npm link
+
+```bash
+# Method 1: Unlink globally
+npm unlink -g @qwen-code/qwen-code
+
+# Method 2: Remove it in the packages/cli directory
+cd packages/cli
+npm unlink
+
+# Verification has been lifted
+which qwen
+# It should display "qwen not found"
+
+# Reinstall the global version if necessary
+npm install -g @qwen-code/qwen-code
+
+# Verification Recovery
+which qwen
+qwen --version
+```
--- a/docs/users/_meta.ts
+++ b/docs/users/_meta.ts
@@ -12,6 +12,7 @@ export default {
  },
  'integration-vscode': 'Visual Studio Code',
  'integration-zed': 'Zed IDE',
+  'integration-jetbrains': 'JetBrains IDEs',
  'integration-github-action': 'Github Actions',
  'Code with Qwen Code': {
    type: 'separator',
--- a/docs/users/configuration/auth.md
+++ b/docs/users/configuration/auth.md
@@ -5,11 +5,13 @@ Qwen Code supports two authentication methods. Pick the one that matches how you
 - **Qwen OAuth (recommended)**: sign in with your `qwen.ai` account in a browser.
 - **OpenAI-compatible API**: use an API key (OpenAI or any OpenAI-compatible provider / endpoint).

+![](https://img.alicdn.com/imgextra/i2/O1CN01IxI1bt1sNO543AVTT_!!6000000005754-0-tps-1958-822.jpg)
+
 ## Option 1: Qwen OAuth (recommended & free) 👍

-Use this if you want the simplest setup and you’re using Qwen models.
+Use this if you want the simplest setup and you're using Qwen models.

- **How it works**: on first start, Qwen Code opens a browser login page. After you finish, credentials are cached locally so you usually won’t need to log in again.
+- **How it works**: on first start, Qwen Code opens a browser login page. After you finish, credentials are cached locally so you usually won't need to log in again.
 - **Requirements**: a `qwen.ai` account + internet access (at least for the first login).
 - **Benefits**: no API key management, automatic credential refresh.
 - **Cost & quota**: free, with a quota of **60 requests/minute** and **2,000 requests/day**.
@@ -24,15 +26,54 @@ qwen

 Use this if you want to use OpenAI models or any provider that exposes an OpenAI-compatible API (e.g. OpenAI, Azure OpenAI, OpenRouter, ModelScope, Alibaba Cloud Bailian, or a self-hosted compatible endpoint).

-### Quick start (interactive, recommended for local use)
+### Recommended: Coding Plan (subscription-based) 🚀

-When you choose the OpenAI-compatible option in the CLI, it will prompt you for:
+Use this if you want predictable costs with higher usage quotas for the qwen3-coder-plus model.

- **API key**
- **Base URL** (default: `https://api.openai.com/v1`)
- **Model** (default: `gpt-4o`)
+> [!IMPORTANT]
+>
+> Coding Plan is only available for users in China mainland (Beijing region).

-> **Note:** the CLI may display the key in plain text for verification. Make sure your terminal is not being recorded or shared.
+- **How it works**: subscribe to the Coding Plan with a fixed monthly fee, then configure Qwen Code to use the dedicated endpoint and your subscription API key.
+- **Requirements**: an active Coding Plan subscription from [Alibaba Cloud Bailian](https://bailian.console.aliyun.com/cn-beijing/?tab=globalset#/efm/coding_plan).
+- **Benefits**: higher usage quotas, predictable monthly costs, access to latest qwen3-coder-plus model.
+- **Cost & quota**: varies by plan (see table below).
+
+#### Coding Plan Pricing & Quotas
+
+| Feature             | Lite Basic Plan       | Pro Advanced Plan     |
+| :------------------ | :-------------------- | :-------------------- |
+| **Price**           | ¥40/month             | ¥200/month            |
+| **5-Hour Limit**    | Up to 1,200 requests  | Up to 6,000 requests  |
+| **Weekly Limit**    | Up to 9,000 requests  | Up to 45,000 requests |
+| **Monthly Limit**   | Up to 18,000 requests | Up to 90,000 requests |
+| **Supported Model** | qwen3-coder-plus      | qwen3-coder-plus      |
+
+#### Quick Setup for Coding Plan
+
+When you select the OpenAI-compatible option in the CLI, enter these values:
+
+- **API key**: `sk-sp-xxxxx`
+- **Base URL**: `https://coding.dashscope.aliyuncs.com/v1`
+- **Model**: `qwen3-coder-plus`
+
+> **Note**: Coding Plan API keys have the format `sk-sp-xxxxx`, which is different from standard Alibaba Cloud API keys.
+
+#### Configure via Environment Variables
+
+Set these environment variables to use Coding Plan:
+
+```bash
+export OPENAI_API_KEY="your-coding-plan-api-key"  # Format: sk-sp-xxxxx
+export OPENAI_BASE_URL="https://coding.dashscope.aliyuncs.com/v1"
+export OPENAI_MODEL="qwen3-coder-plus"
+```
+
+For more details about Coding Plan, including subscription options and troubleshooting, see the [full Coding Plan documentation](https://bailian.console.aliyun.com/cn-beijing/?tab=doc#/doc/?type=model&url=3005961).
+
+### Other OpenAI-compatible Providers
+
+If you are using other providers (OpenAI, Azure, local LLMs, etc.), use the following configuration methods.

 ### Configure via command-line arguments

--- a/docs/users/configuration/settings.md
+++ b/docs/users/configuration/settings.md
@@ -104,7 +104,7 @@ Settings are organized into categories. All settings should be placed within the
 | `model.name`                                       | string  | The Qwen model to use for conversations.                                                                                                                                                                                                                                                                                                                               | `undefined` |
 | `model.maxSessionTurns`                            | number  | Maximum number of user/model/tool turns to keep in a session. -1 means unlimited.                                                                                                                                                                                                                                                                                      | `-1`        |
 | `model.summarizeToolOutput`                        | object  | Enables or disables the summarization of tool output. You can specify the token budget for the summarization using the `tokenBudget` setting. Note: Currently only the `run_shell_command` tool is supported. For example `{"run_shell_command": {"tokenBudget": 2000}}`                                                                                               | `undefined` |
-| `model.generationConfig`                           | object  | Advanced overrides passed to the underlying content generator. Supports request controls such as `timeout`, `maxRetries`, and `disableCacheControl`, along with fine-tuning knobs under `samplingParams` (for example `temperature`, `top_p`, `max_tokens`). Leave unset to rely on provider defaults.                                                                 | `undefined` |
+| `model.generationConfig`                           | object  | Advanced overrides passed to the underlying content generator. Supports request controls such as `timeout`, `maxRetries`, `disableCacheControl`, and `customHeaders` (custom HTTP headers for API requests), along with fine-tuning knobs under `samplingParams` (for example `temperature`, `top_p`, `max_tokens`). Leave unset to rely on provider defaults.         | `undefined` |
 | `model.chatCompression.contextPercentageThreshold` | number  | Sets the threshold for chat history compression as a percentage of the model's total token limit. This is a value between 0 and 1 that applies to both automatic compression and the manual `/compress` command. For example, a value of `0.6` will trigger compression when the chat history exceeds 60% of the token limit. Use `0` to disable compression entirely. | `0.7`       |
 | `model.skipNextSpeakerCheck`                       | boolean | Skip the next speaker check.                                                                                                                                                                                                                                                                                                                                           | `false`     |
 | `model.skipLoopDetection`                          | boolean | Disables loop detection checks. Loop detection prevents infinite loops in AI responses but can generate false positives that interrupt legitimate workflows. Enable this option if you experience frequent false positive loop detection interruptions.                                                                                                                | `false`     |
@@ -114,12 +114,16 @@ Settings are organized into categories. All settings should be placed within the

 **Example model.generationConfig:**

-```
+```json
 {
  "model": {
    "generationConfig": {
      "timeout": 60000,
      "disableCacheControl": false,
+      "customHeaders": {
+        "X-Request-ID": "req-123",
+        "X-User-ID": "user-456"
+      },
      "samplingParams": {
        "temperature": 0.2,
        "top_p": 0.8,
@@ -130,19 +134,113 @@ Settings are organized into categories. All settings should be placed within the
 }
 ```

+The `customHeaders` field allows you to add custom HTTP headers to all API requests. This is useful for request tracing, monitoring, API gateway routing, or when different models require different headers. If `customHeaders` is defined in `modelProviders[].generationConfig.customHeaders`, it will be used directly; otherwise, headers from `model.generationConfig.customHeaders` will be used. No merging occurs between the two levels.
+
 **model.openAILoggingDir examples:**

 - `"~/qwen-logs"` - Logs to `~/qwen-logs` directory
 - `"./custom-logs"` - Logs to `./custom-logs` relative to current directory
 - `"/tmp/openai-logs"` - Logs to absolute path `/tmp/openai-logs`

+#### modelProviders
+
+Use `modelProviders` to declare curated model lists per auth type that the `/model` picker can switch between. Keys must be valid auth types (`openai`, `anthropic`, `gemini`, `vertex-ai`, etc.). Each entry requires an `id` and **must include `envKey`**, with optional `name`, `description`, `baseUrl`, and `generationConfig`. Credentials are never persisted in settings; the runtime reads them from `process.env[envKey]`. Qwen OAuth models remain hard-coded and cannot be overridden.
+
+##### Example
+
+```json
+{
+  "modelProviders": {
+    "openai": [
+      {
+        "id": "gpt-4o",
+        "name": "GPT-4o",
+        "envKey": "OPENAI_API_KEY",
+        "baseUrl": "https://api.openai.com/v1",
+        "generationConfig": {
+          "timeout": 60000,
+          "maxRetries": 3,
+          "customHeaders": {
+            "X-Model-Version": "v1.0",
+            "X-Request-Priority": "high"
+          },
+          "samplingParams": { "temperature": 0.2 }
+        }
+      }
+    ],
+    "anthropic": [
+      {
+        "id": "claude-3-5-sonnet",
+        "envKey": "ANTHROPIC_API_KEY",
+        "baseUrl": "https://api.anthropic.com/v1"
+      }
+    ],
+    "gemini": [
+      {
+        "id": "gemini-2.0-flash",
+        "name": "Gemini 2.0 Flash",
+        "envKey": "GEMINI_API_KEY",
+        "baseUrl": "https://generativelanguage.googleapis.com"
+      }
+    ],
+    "vertex-ai": [
+      {
+        "id": "gemini-1.5-pro-vertex",
+        "envKey": "GOOGLE_API_KEY",
+        "baseUrl": "https://generativelanguage.googleapis.com"
+      }
+    ]
+  }
+}
+```
+
+> [!note]
+> Only the `/model` command exposes non-default auth types. Anthropic, Gemini, Vertex AI, etc., must be defined via `modelProviders`. The `/auth` command intentionally lists only the built-in Qwen OAuth and OpenAI flows.
+
+##### Resolution layers and atomicity
+
+The effective auth/model/credential values are chosen per field using the following precedence (first present wins). You can combine `--auth-type` with `--model` to point directly at a provider entry; these CLI flags run before other layers.
+
+| Layer (highest → lowest)   | authType                            | model                                           | apiKey                                              | baseUrl                                              | apiKeyEnvKey           | proxy                             |
+| -------------------------- | ----------------------------------- | ----------------------------------------------- | --------------------------------------------------- | ---------------------------------------------------- | ---------------------- | --------------------------------- |
+| Programmatic overrides     | `/auth `                            | `/auth` input                                   | `/auth` input                                       | `/auth` input                                        | —                      | —                                 |
+| Model provider selection   | —                                   | `modelProvider.id`                              | `env[modelProvider.envKey]`                         | `modelProvider.baseUrl`                              | `modelProvider.envKey` | —                                 |
+| CLI arguments              | `--auth-type`                       | `--model`                                       | `--openaiApiKey` (or provider-specific equivalents) | `--openaiBaseUrl` (or provider-specific equivalents) | —                      | —                                 |
+| Environment variables      | —                                   | Provider-specific mapping (e.g. `OPENAI_MODEL`) | Provider-specific mapping (e.g. `OPENAI_API_KEY`)   | Provider-specific mapping (e.g. `OPENAI_BASE_URL`)   | —                      | —                                 |
+| Settings (`settings.json`) | `security.auth.selectedType`        | `model.name`                                    | `security.auth.apiKey`                              | `security.auth.baseUrl`                              | —                      | —                                 |
+| Default / computed         | Falls back to `AuthType.QWEN_OAUTH` | Built-in default (OpenAI ⇒ `qwen3-coder-plus`)  | —                                                   | —                                                    | —                      | `Config.getProxy()` if configured |
+
+\*When present, CLI auth flags override settings. Otherwise, `security.auth.selectedType` or the implicit default determine the auth type. Qwen OAuth and OpenAI are the only auth types surfaced without extra configuration.
+
+Model-provider sourced values are applied atomically: once a provider model is active, every field it defines is protected from lower layers until you manually clear credentials via `/auth`. The final `generationConfig` is the projection across all layers—lower layers only fill gaps left by higher ones, and the provider layer remains impenetrable.
+
+The merge strategy for `modelProviders` is REPLACE: the entire `modelProviders` from project settings will override the corresponding section in user settings, rather than merging the two.
+
+##### Generation config layering
+
+Per-field precedence for `generationConfig`:
+
+1. Programmatic overrides (e.g. runtime `/model`, `/auth` changes)
+2. `modelProviders[authType][].generationConfig`
+3. `settings.model.generationConfig`
+4. Content-generator defaults (`getDefaultGenerationConfig` for OpenAI, `getParameterValue` for Gemini, etc.)
+
+`samplingParams` and `customHeaders` are both treated atomically; provider values replace the entire object. If `modelProviders[].generationConfig` defines these fields, they are used directly; otherwise, values from `model.generationConfig` are used. No merging occurs between provider and global configuration levels. Defaults from the content generator apply last so each provider retains its tuned baseline.
+
+##### Selection persistence and recommendations
+
+> [!important]
+> Define `modelProviders` in the user-scope `~/.qwen/settings.json` whenever possible and avoid persisting credential overrides in any scope. Keeping the provider catalog in user settings prevents merge/override conflicts between project and user scopes and ensures `/auth` and `/model` updates always write back to a consistent scope.
+
+- `/model` and `/auth` persist `model.name` (where applicable) and `security.auth.selectedType` to the closest writable scope that already defines `modelProviders`; otherwise they fall back to the user scope. This keeps workspace/user files in sync with the active provider catalog.
+- Without `modelProviders`, the resolver mixes CLI/env/settings layers, which is fine for single-provider setups but cumbersome when frequently switching. Define provider catalogs whenever multi-model workflows are common so that switches stay atomic, source-attributed, and debuggable.
+
 #### context

 | Setting                                           | Type                       | Description                                                                                                                                                                                                                                                                                                                                                           | Default     |
 | ------------------------------------------------- | -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
 | `context.fileName`                                | string or array of strings | The name of the context file(s).                                                                                                                                                                                                                                                                                                                                      | `undefined` |
 | `context.importFormat`                            | string                     | The format to use when importing memory.                                                                                                                                                                                                                                                                                                                              | `undefined` |
-| `context.discoveryMaxDirs`                        | number                     | Maximum number of directories to search for memory.                                                                                                                                                                                                                                                                                                                   | `200`       |
 | `context.includeDirectories`                      | array                      | Additional directories to include in the workspace context. Specifies an array of additional absolute or relative paths to include in the workspace context. Missing directories will be skipped with a warning by default. Paths can use `~` to refer to the user's home directory. This setting can be combined with the `--include-directories` command-line flag. | `[]`        |
 | `context.loadFromIncludeDirectories`              | boolean                    | Controls the behavior of the `/memory refresh` command. If set to `true`, `QWEN.md` files should be loaded from all directories that are added. If set to `false`, `QWEN.md` should only be loaded from the current directory.                                                                                                                                        | `false`     |
 | `context.fileFiltering.respectGitIgnore`          | boolean                    | Respect .gitignore files when searching.                                                                                                                                                                                                                                                                                                                              | `true`      |
@@ -212,6 +310,12 @@ If you are experiencing performance issues with file searching (e.g., with `@` c
 >
 > **Note about advanced.tavilyApiKey:** This is a legacy configuration format. For Qwen OAuth users, DashScope provider is automatically available without any configuration. For other authentication types, configure Tavily or Google providers using the new `webSearch` configuration format.

+#### experimental
+
+| Setting               | Type    | Description                      | Default |
+| --------------------- | ------- | -------------------------------- | ------- |
+| `experimental.skills` | boolean | Enable experimental Agent Skills | `false` |
+
 #### mcpServers

 Configures connections to one or more Model-Context Protocol (MCP) servers for discovering and using custom tools. Qwen Code attempts to connect to each configured MCP server to discover available tools. If multiple MCP servers expose a tool with the same name, the tool names will be prefixed with the server alias you defined in the configuration (e.g., `serverAlias__actualToolName`) to avoid conflicts. Note that the system might strip certain schema properties from MCP tool definitions for compatibility. At least one of `command`, `url`, or `httpUrl` must be provided. If multiple are specified, the order of precedence is `httpUrl`, then `url`, then `command`.
@@ -381,7 +485,7 @@ Arguments passed directly when running the CLI can override other configurations
 | `--telemetry-otlp-protocol`  |       | Sets the OTLP protocol for telemetry (`grpc` or `http`).                                                                                                                                |                                        | Defaults to `grpc`. See [telemetry](../../developers/development/telemetry) for more information.                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
 | `--telemetry-log-prompts`    |       | Enables logging of prompts for telemetry.                                                                                                                                               |                                        | See [telemetry](../../developers/development/telemetry) for more information.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | `--checkpointing`            |       | Enables [checkpointing](../features/checkpointing).                                                                                                                                     |                                        |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
-| `--acp`                      |       | Enables ACP mode (Agent Control Protocol). Useful for IDE/editor integrations like [Zed](../integration-zed).                                                                           |                                        | Stable. Replaces the deprecated `--experimental-acp` flag.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
+| `--acp`                      |       | Enables ACP mode (Agent Client Protocol). Useful for IDE/editor integrations like [Zed](../integration-zed).                                                                            |                                        | Stable. Replaces the deprecated `--experimental-acp` flag.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
 | `--experimental-skills`      |       | Enables experimental [Agent Skills](../features/skills) (registers the `skill` tool and loads Skills from `.qwen/skills/` and `~/.qwen/skills/`).                                       |                                        | Experimental.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | `--extensions`               | `-e`  | Specifies a list of extensions to use for the session.                                                                                                                                  | Extension names                        | If not provided, all available extensions are used. Use the special term `qwen -e none` to disable all extensions. Example: `qwen -e my-extension -e my-other-extension`                                                                                                                                                                                                                                                                                                                                                                                        |
 | `--list-extensions`          | `-l`  | Lists all available extensions and exits.                                                                                                                                               |                                        |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
@@ -430,16 +534,13 @@ Here's a conceptual example of what a context file at the root of a TypeScript p

 This example demonstrates how you can provide general project context, specific coding conventions, and even notes about particular files or components. The more relevant and precise your context files are, the better the AI can assist you. Project-specific context files are highly encouraged to establish conventions and context.

- **Hierarchical Loading and Precedence:** The CLI implements a sophisticated hierarchical memory system by loading context files (e.g., `QWEN.md`) from several locations. Content from files lower in this list (more specific) typically overrides or supplements content from files higher up (more general). The exact concatenation order and final context can be inspected using the `/memory show` command. The typical loading order is:
+- **Hierarchical Loading and Precedence:** The CLI implements a hierarchical memory system by loading context files (e.g., `QWEN.md`) from several locations. Content from files lower in this list (more specific) typically overrides or supplements content from files higher up (more general). The exact concatenation order and final context can be inspected using the `/memory show` command. The typical loading order is:
  1. **Global Context File:**
     - Location: `~/.qwen/<configured-context-filename>` (e.g., `~/.qwen/QWEN.md` in your user home directory).
     - Scope: Provides default instructions for all your projects.
  2. **Project Root & Ancestors Context Files:**
     - Location: The CLI searches for the configured context file in the current working directory and then in each parent directory up to either the project root (identified by a `.git` folder) or your home directory.
     - Scope: Provides context relevant to the entire project or a significant portion of it.
-  3. **Sub-directory Context Files (Contextual/Local):**
-     - Location: The CLI also scans for the configured context file in subdirectories _below_ the current working directory (respecting common ignore patterns like `node_modules`, `.git`, etc.). The breadth of this search is limited to 200 directories by default, but can be configured with the `context.discoveryMaxDirs` setting in your `settings.json` file.
-     - Scope: Allows for highly specific instructions relevant to a particular component, module, or subsection of your project.
 - **Concatenation & UI Indication:** The contents of all found context files are concatenated (with separators indicating their origin and path) and provided as part of the system prompt. The CLI footer displays the count of loaded context files, giving you a quick visual cue about the active instructional context.
 - **Importing Content:** You can modularize your context files by importing other Markdown files using the `@path/to/file.md` syntax. For more details, see the [Memory Import Processor documentation](../configuration/memory).
 - **Commands for Memory Management:**
--- a/docs/users/features/commands.md
+++ b/docs/users/features/commands.md
@@ -59,6 +59,7 @@ Commands for managing AI tools and models.
 | ---------------- | --------------------------------------------- | --------------------------------------------- |
 | `/mcp`           | List configured MCP servers and tools         | `/mcp`, `/mcp desc`                           |
 | `/tools`         | Display currently available tool list         | `/tools`, `/tools desc`                       |
+| `/skills`        | List and run available skills (experimental)  | `/skills`, `/skills <name>`                   |
 | `/approval-mode` | Change approval mode for tool usage           | `/approval-mode <mode (auto-edit)> --project` |
 | →`plan`          | Analysis only, no execution                   | Secure review                                 |
 | →`default`       | Require approval for edits                    | Daily use                                     |
@@ -120,6 +121,8 @@ Environment Variables: Commands executed via `!` will set the `QWEN_CODE=1` envi

 Save frequently used prompts as shortcut commands to improve work efficiency and ensure consistency.

+> **Note:** Custom commands now use Markdown format with optional YAML frontmatter. TOML format is deprecated but still supported for backwards compatibility. When TOML files are detected, an automatic migration prompt will be displayed.
+
 ### Quick Overview

 | Function         | Description                                | Advantages                             | Priority | Applicable Scenarios                                 |
@@ -134,14 +137,34 @@ Priority Rules: Project commands > User commands (project command used when name

 #### File Path to Command Name Mapping Table

-| File Location                | Generated Command | Example Call          |
-| ---------------------------- | ----------------- | --------------------- |
-| `~/.qwen/commands/test.toml` | `/test`           | `/test Parameter`     |
-| `<project>/git/commit.toml`  | `/git:commit`     | `/git:commit Message` |
+| File Location              | Generated Command | Example Call          |
+| -------------------------- | ----------------- | --------------------- |
+| `~/.qwen/commands/test.md` | `/test`           | `/test Parameter`     |
+| `<project>/git/commit.md`  | `/git:commit`     | `/git:commit Message` |

 Naming Rules: Path separator (`/` or `\`) converted to colon (`:`)

-### TOML File Format Specification
+### Markdown File Format Specification (Recommended)
+
+Custom commands use Markdown files with optional YAML frontmatter:
+
+```markdown
+---
+description: Optional description (displayed in /help)
+---
+
+Your prompt content here.
+Use {{args}} for parameter injection.
+```
+
+| Field         | Required | Description                              | Example                                    |
+| ------------- | -------- | ---------------------------------------- | ------------------------------------------ |
+| `description` | Optional | Command description (displayed in /help) | `description: Code analysis tool`          |
+| Prompt body   | Required | Prompt content sent to model             | Any Markdown content after the frontmatter |
+
+### TOML File Format (Deprecated)
+
+> **Deprecated:** TOML format is still supported but will be removed in a future version. Please migrate to Markdown format.

 | Field         | Required | Description                              | Example                                    |
 | ------------- | -------- | ---------------------------------------- | ------------------------------------------ |
@@ -190,15 +213,19 @@ Naming Rules: Path separator (`/` or `\`) converted to colon (`:`)

 Example: Git Commit Message Generation

-```
-# git/commit.toml
-description = "Generate Commit message based on staged changes"
-prompt = """
+````markdown
+---
+description: Generate Commit message based on staged changes
+---
+
 Please generate a Commit message based on the following diff:
-diff
+
+```diff
 !{git diff --staged}
-"""
 ```
+````
+
+````

 #### 4. File Content Injection (`@{...}`)

@@ -211,36 +238,38 @@ diff

 Example: Code Review Command

-```
-# review.toml
-description = "Code review based on best practices"
-prompt = """
+```markdown
+---
+description: Code review based on best practices
+---
+
 Review {{args}}, reference standards:

@{docs/code-standards.md}
-"""
-```
+````

 ### Practical Creation Example

 #### "Pure Function Refactoring" Command Creation Steps Table

-| Operation                     | Command/Code                                |
-| ----------------------------- | ------------------------------------------- |
-| 1. Create directory structure | `mkdir -p ~/.qwen/commands/refactor`        |
-| 2. Create command file        | `touch ~/.qwen/commands/refactor/pure.toml` |
-| 3. Edit command content       | Refer to the complete code below.           |
-| 4. Test command               | `@file.js` → `/refactor:pure`               |
+| Operation                     | Command/Code                              |
+| ----------------------------- | ----------------------------------------- |
+| 1. Create directory structure | `mkdir -p ~/.qwen/commands/refactor`      |
+| 2. Create command file        | `touch ~/.qwen/commands/refactor/pure.md` |
+| 3. Edit command content       | Refer to the complete code below.         |
+| 4. Test command               | `@file.js` → `/refactor:pure`             |

-```# ~/.qwen/commands/refactor/pure.toml
-description = "Refactor code to pure function"
-prompt = """
-	Please analyze code in current context, refactor to pure function.
-	Requirements:
-		1. Provide refactored code
-		2. Explain key changes and pure function characteristic implementation
-		3. Maintain function unchanged
-	"""
+```markdown
+---
+description: Refactor code to pure function
+---
+
+Please analyze code in current context, refactor to pure function.
+Requirements:
+
+1. Provide refactored code
+2. Explain key changes and pure function characteristic implementation
+3. Maintain function unchanged
 ```

 ### Custom Command Best Practices Summary
--- a/docs/users/features/sandbox.md
+++ b/docs/users/features/sandbox.md
@@ -49,6 +49,8 @@ Cross-platform sandboxing with complete process isolation.

 By default, Qwen Code uses a published sandbox image (configured in the CLI package) and will pull it as needed.

+The container sandbox mounts your workspace and your `~/.qwen` directory into the container so auth and settings persist between runs.
+
 **Best for**: Strong isolation on any OS, consistent tooling inside a known image.

 ### Choosing a method
@@ -157,22 +159,13 @@ For a working allowlist-style proxy example, see: [Example Proxy Script](/develo

 ## Linux UID/GID handling

-The sandbox automatically handles user permissions on Linux. Override these permissions with:
+On Linux, Qwen Code defaults to enabling UID/GID mapping so the sandbox runs as your user (and reuses the mounted `~/.qwen`). Override with:

 ```bash
 export SANDBOX_SET_UID_GID=true   # Force host UID/GID
 export SANDBOX_SET_UID_GID=false  # Disable UID/GID mapping
 ```

-## Customizing the sandbox environment (Docker/Podman)
-
-If you need extra tools inside the container (e.g., `git`, `python`, `rg`), create a custom Dockerfile:
-
- Path: `.qwen/sandbox.Dockerfile`
- Then run with: `BUILD_SANDBOX=1 qwen -s ...`
-
-This builds a project-specific image based on the default sandbox image.
-
 ## Troubleshooting

 ### Common issues
--- a/docs/users/features/skills.md
+++ b/docs/users/features/skills.md
@@ -11,12 +11,29 @@ This guide shows you how to create, use, and manage Agent Skills in **Qwen Code*
 ## Prerequisites

 - Qwen Code (recent version)
- Run with the experimental flag enabled:
+
+## How to enable
+
+### Via CLI flag

 ```bash
 qwen --experimental-skills
 ```

+### Via settings.json
+
+Add to your `~/.qwen/settings.json` or project's `.qwen/settings.json`:
+
+```json
+{
+  "tools": {
+    "experimental": {
+      "skills": true
+    }
+  }
+}
+```
+
 - Basic familiarity with Qwen Code ([Quickstart](../quickstart.md))

 ## What are Agent Skills?
@@ -27,6 +44,14 @@ Agent Skills package expertise into discoverable capabilities. Each Skill consis

 Skills are **model-invoked** — the model autonomously decides when to use them based on your request and the Skill’s description. This is different from slash commands, which are **user-invoked** (you explicitly type `/command`).

+If you want to invoke a Skill explicitly, use the `/skills` slash command:
+
+```bash
+/skills <skill-name>
+```
+
+The `/skills` command is only available when you run with `--experimental-skills`. Use autocomplete to browse available Skills and descriptions.
+
 ### Benefits

 - Extend Qwen Code for your workflows
@@ -132,6 +157,18 @@ When `--experimental-skills` is enabled, Qwen Code discovers Skills from:

 - Personal Skills: `~/.qwen/skills/`
 - Project Skills: `.qwen/skills/`
+- Extension Skills: Skills provided by installed extensions
+
+### Extension Skills
+
+Extensions can provide custom skills that become available when the extension is enabled. These skills are stored in the extension's `skills/` directory and follow the same format as personal and project skills.
+
+Extension skills are automatically discovered and loaded when:
+
+- The extension is installed and enabled
+- The `--experimental-skills` flag is enabled
+
+To see which extensions provide skills, check the extension's `qwen-extension.json` file for a `skills` field.

 To view available Skills, ask Qwen Code directly:

--- a/docs/users/features/sub-agents.md
+++ b/docs/users/features/sub-agents.md
@@ -6,11 +6,11 @@ Subagents are specialized AI assistants that handle specific types of tasks with

 Subagents are independent AI assistants that:

- **Specialize in specific tasks** - Each Subagent is configured with a focused system prompt for particular types of work
- **Have separate context** - They maintain their own conversation history, separate from your main chat
- **Use controlled tools** - You can configure which tools each Subagent has access to
- **Work autonomously** - Once given a task, they work independently until completion or failure
- **Provide detailed feedback** - You can see their progress, tool usage, and execution statistics in real-time
+- **Specialize in specific tasks** - Each Subagent is configured with a focused system prompt for particular types of work
+- **Have separate context** - They maintain their own conversation history, separate from your main chat
+- **Use controlled tools** - You can configure which tools each Subagent has access to
+- **Work autonomously** - Once given a task, they work independently until completion or failure
+- **Provide detailed feedback** - You can see their progress, tool usage, and execution statistics in real-time

 ## Key Benefits

@@ -59,7 +59,7 @@ AI: I'll delegate this to your testing specialist Subagents.

 ### CLI Commands

-Subagents are managed through the `/agents` slash command and its subcommands:
+Subagents are managed through the `/agents` slash command and its subcommands:

 **Usage:**：`/agents create`。Creates a new Subagent through a guided step wizard.

@@ -67,12 +67,26 @@ Subagents are managed through the `/agents` slash command and its subcommands:

 ### Storage Locations

-Subagents are stored as Markdown files in two locations:
+Subagents are stored as Markdown files in multiple locations:

- **Project-level**: `.qwen/agents/` (takes precedence)
- **User-level**: `~/.qwen/agents/` (fallback)
+- **Project-level**: `.qwen/agents/` (highest precedence)
+- **User-level**: `~/.qwen/agents/` (fallback)
+- **Extension-level**: Provided by installed extensions

-This allows you to have both project-specific agents and personal agents that work across all projects.
+This allows you to have project-specific agents, personal agents that work across all projects, and extension-provided agents that add specialized capabilities.
+
+### Extension Subagents
+
+Extensions can provide custom subagents that become available when the extension is enabled. These agents are stored in the extension's `agents/` directory and follow the same format as personal and project agents.
+
+Extension subagents:
+
+- Are automatically discovered when the extension is enabled
+- Appear in the `/agents manage` dialog under "Extension Agents" section
+- Cannot be edited directly (edit the extension source instead)
+- Follow the same configuration format as user-defined agents
+
+To see which extensions provide subagents, check the extension's `qwen-extension.json` file for an `agents` field.

 ### File Format

@@ -398,7 +412,7 @@ description: Helps with testing, documentation, code review, and deployment
 ---
 ```

-**Why:** Focused agents produce better results and are easier to maintain.
+**Why:** Focused agents produce better results and are easier to maintain.

 #### Clear Specialization

@@ -422,7 +436,7 @@ description: Works on frontend development tasks
 ---
 ```

-**Why:** Specific expertise leads to more targeted and effective assistance.
+**Why:** Specific expertise leads to more targeted and effective assistance.

 #### Actionable Descriptions

@@ -440,7 +454,7 @@ description: Reviews code for security vulnerabilities, performance issues, and
 description: A helpful code reviewer
 ```

-**Why:** Clear descriptions help the main AI choose the right agent for each task.
+**Why:** Clear descriptions help the main AI choose the right agent for each task.

 ### Configuration Best Practices

--- a/docs/users/integration-jetbrains.md
+++ b/docs/users/integration-jetbrains.md
@@ -0,0 +1,57 @@
+# JetBrains IDEs
+
+> JetBrains IDEs provide native support for AI coding assistants through the Agent Client Protocol (ACP). This integration allows you to use Qwen Code directly within your JetBrains IDE with real-time code suggestions.
+
+### Features
+
+- **Native agent experience**: Integrated AI assistant panel within your JetBrains IDE
+- **Agent Client Protocol**: Full support for ACP enabling advanced IDE interactions
+- **Symbol management**: #-mention files to add them to the conversation context
+- **Conversation history**: Access to past conversations within the IDE
+
+### Requirements
+
+- JetBrains IDE with ACP support (IntelliJ IDEA, WebStorm, PyCharm, etc.)
+- Qwen Code CLI installed
+
+### Installation
+
+1. Install Qwen Code CLI:
+
+   ```bash
+   npm install -g @qwen-code/qwen-code
+   ```
+
+2. Open your JetBrains IDE and navigate to AI Chat tool window.
+
+3. Click the 3-dot menu in the upper-right corner and select **Configure ACP Agent** and configure Qwen Code with the following settings:
+
+```json
+{
+  "agent_servers": {
+    "qwen": {
+      "command": "/path/to/qwen",
+      "args": ["--acp"],
+      "env": {}
+    }
+  }
+}
+```
+
+4. The Qwen Code agent should now be available in the AI Assistant panel
+
+![Qwen Code in JetBrains AI Chat](https://img.alicdn.com/imgextra/i3/O1CN01ZxYel21y433Ci6eg0_!!6000000006524-2-tps-2774-1494.png)
+
+## Troubleshooting
+
+### Agent not appearing
+
+- Run `qwen --version` in terminal to verify installation
+- Ensure your JetBrains IDE version supports ACP
+- Restart your JetBrains IDE
+
+### Qwen Code not responding
+
+- Check your internet connection
+- Verify CLI works by running `qwen` in terminal
+- [File an issue on GitHub](https://github.com/qwenlm/qwen-code/issues) if the problem persists
--- a/docs/users/integration-vscode.md
+++ b/docs/users/integration-vscode.md
@@ -18,23 +18,17 @@

 ### Requirements

- VS Code 1.98.0 or higher
+- VS Code 1.85.0 or higher

 ### Installation

-1. Install Qwen Code CLI:
-
-   ```bash
-   npm install -g qwen-code
-   ```
-
-2. Download and install the extension from the [Visual Studio Code Extension Marketplace](https://marketplace.visualstudio.com/items?itemName=qwenlm.qwen-code-vscode-ide-companion).
+Download and install the extension from the [Visual Studio Code Extension Marketplace](https://marketplace.visualstudio.com/items?itemName=qwenlm.qwen-code-vscode-ide-companion).

 ## Troubleshooting

 ### Extension not installing

- Ensure you have VS Code 1.98.0 or higher
+- Ensure you have VS Code 1.85.0 or higher
 - Check that VS Code has permission to install extensions
 - Try installing directly from the Marketplace website

--- a/docs/users/integration-zed.md
+++ b/docs/users/integration-zed.md
@@ -1,6 +1,6 @@
 # Zed Editor

-> Zed Editor provides native support for AI coding assistants through the Agent Control Protocol (ACP). This integration allows you to use Qwen Code directly within Zed's interface with real-time code suggestions.
+> Zed Editor provides native support for AI coding assistants through the Agent Client Protocol (ACP). This integration allows you to use Qwen Code directly within Zed's interface with real-time code suggestions.

 ![Zed Editor Overview](https://img.alicdn.com/imgextra/i1/O1CN01aAhU311GwEoNh27FP_!!6000000000686-2-tps-3024-1898.png)

@@ -20,9 +20,9 @@

 1. Install Qwen Code CLI:

-   ```bash
-   npm install -g qwen-code
-   ```
+```bash
+npm install -g @qwen-code/qwen-code
+```

 2. Download and install [Zed Editor](https://zed.dev/)

--- a/docs/users/overview.md
+++ b/docs/users/overview.md
@@ -1,5 +1,6 @@
 # Qwen Code overview
-[![@qwen-code/qwen-code downloads](https://img.shields.io/npm/dw/@qwen-code/qwen-code.svg)](https://npm-compare.com/@qwen-code/qwen-code) 
+
+[![@qwen-code/qwen-code downloads](https://img.shields.io/npm/dw/@qwen-code/qwen-code.svg)](https://npm-compare.com/@qwen-code/qwen-code)
 [![@qwen-code/qwen-code version](https://img.shields.io/npm/v/@qwen-code/qwen-code.svg)](https://www.npmjs.com/package/@qwen-code/qwen-code)

 > Learn about Qwen Code, Qwen's agentic coding tool that lives in your terminal and helps you turn ideas into code faster than ever before.
--- a/docs/users/quickstart.md
+++ b/docs/users/quickstart.md
@@ -159,7 +159,7 @@ Qwen Code will:

 ### Test out other common workflows

-There are a number of ways to work with Claude:
+There are a number of ways to work with Qwen Code:

 **Refactor code**

--- a/docs/users/support/troubleshooting.md
+++ b/docs/users/support/troubleshooting.md
@@ -9,11 +9,18 @@ This guide provides solutions to common issues and debugging tips, including top

 ## Authentication or login errors

- **Error: `UNABLE_TO_GET_ISSUER_CERT_LOCALLY` or `unable to get local issuer certificate`**
+- **Error: `UNABLE_TO_GET_ISSUER_CERT_LOCALLY`, `UNABLE_TO_VERIFY_LEAF_SIGNATURE`, or `unable to get local issuer certificate`**
  - **Cause:** You may be on a corporate network with a firewall that intercepts and inspects SSL/TLS traffic. This often requires a custom root CA certificate to be trusted by Node.js.
  - **Solution:** Set the `NODE_EXTRA_CA_CERTS` environment variable to the absolute path of your corporate root CA certificate file.
    - Example: `export NODE_EXTRA_CA_CERTS=/path/to/your/corporate-ca.crt`

+- **Error: `Device authorization flow failed: fetch failed`**
+  - **Cause:** Node.js could not reach Qwen OAuth endpoints (often a proxy or SSL/TLS trust issue). When available, Qwen Code will also print the underlying error cause (for example: `UNABLE_TO_VERIFY_LEAF_SIGNATURE`).
+  - **Solution:**
+    - Confirm you can access `https://chat.qwen.ai` from the same machine/network.
+    - If you are behind a proxy, set it via `qwen --proxy <url>` (or the `proxy` setting in `settings.json`).
+    - If your network uses a corporate TLS inspection CA, set `NODE_EXTRA_CA_CERTS` as described above.
+
 - **Issue: Unable to display UI after authentication failure**
  - **Cause:** If authentication fails after selecting an authentication type, the `security.auth.selectedType` setting may be persisted in `settings.json`. On restart, the CLI may get stuck trying to authenticate with the failed auth type and fail to display the UI.
  - **Solution:** Clear the `security.auth.selectedType` configuration item in your `settings.json` file:
--- a/integration-tests/acp-integration.test.ts
+++ b/integration-tests/acp-integration.test.ts
@@ -311,9 +311,9 @@ function setupAcpTest(
    }
  });

-  it('returns modes on initialize and allows setting approval mode', async () => {
+  it('returns modes on initialize and allows setting mode and model', async () => {
    const rig = new TestRig();
-    rig.setup('acp approval mode');
+    rig.setup('acp mode and model');

    const { sendRequest, cleanup, stderr } = setupAcpTest(rig);

@@ -366,8 +366,14 @@ function setupAcpTest(
      const newSession = (await sendRequest('session/new', {
        cwd: rig.testDir!,
        mcpServers: [],
-      })) as { sessionId: string };
+      })) as {
+        sessionId: string;
+        models: {
+          availableModels: Array<{ modelId: string }>;
+        };
+      };
      expect(newSession.sessionId).toBeTruthy();
+      expect(newSession.models.availableModels.length).toBeGreaterThan(0);

      // Test 4: Set approval mode to 'yolo'
      const setModeResult = (await sendRequest('session/set_mode', {
@@ -392,6 +398,15 @@ function setupAcpTest(
      })) as { modeId: string };
      expect(setModeResult3).toBeDefined();
      expect(setModeResult3.modeId).toBe('default');
+
+      // Test 7: Set model using first available model
+      const firstModel = newSession.models.availableModels[0];
+      const setModelResult = (await sendRequest('session/set_model', {
+        sessionId: newSession.sessionId,
+        modelId: firstModel.modelId,
+      })) as { modelId: string };
+      expect(setModelResult).toBeDefined();
+      expect(setModelResult.modelId).toBeTruthy();
    } catch (e) {
      if (stderr.length) {
        console.error('Agent stderr:', stderr.join(''));
--- a/integration-tests/sdk-typescript/permission-control.test.ts
+++ b/integration-tests/sdk-typescript/permission-control.test.ts
@@ -831,7 +831,7 @@ describe('Permission Control (E2E)', () => {
        TEST_TIMEOUT,
      );

-      it(
+      it.skip(
        'should execute dangerous commands without confirmation',
        async () => {
          const q = query({
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.6.1",
+  "version": "0.7.1",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@qwen-code/qwen-code",
-      "version": "0.6.1",
+      "version": "0.7.1",
      "workspaces": [
        "packages/*"
      ],
@@ -3875,6 +3875,17 @@
      "dev": true,
      "license": "MIT"
    },
+    "node_modules/@types/prompts": {
+      "version": "2.4.9",
+      "resolved": "https://registry.npmjs.org/@types/prompts/-/prompts-2.4.9.tgz",
+      "integrity": "sha512-qTxFi6Buiu8+50/+3DGIWLHM6QuWsEKugJnnP6iv2Mc4ncxE4A/OJkjuVOA+5X0X1S/nq5VJRa8Lu+nwcvbrKA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*",
+        "kleur": "^3.0.3"
+      }
+    },
    "node_modules/@types/prop-types": {
      "version": "15.7.15",
      "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.15.tgz",
@@ -6216,10 +6227,7 @@
      "version": "4.0.3",
      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
-      "dev": true,
      "license": "MIT",
-      "optional": true,
-      "peer": true,
      "dependencies": {
        "readdirp": "^4.0.1"
      },
@@ -10984,6 +10992,15 @@
        "json-buffer": "3.0.1"
      }
    },
+    "node_modules/kleur": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz",
+      "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
    "node_modules/ky": {
      "version": "1.8.1",
      "resolved": "https://registry.npmjs.org/ky/-/ky-1.8.1.tgz",
@@ -13393,6 +13410,19 @@
      "dev": true,
      "license": "MIT"
    },
+    "node_modules/prompts": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz",
+      "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==",
+      "license": "MIT",
+      "dependencies": {
+        "kleur": "^3.0.3",
+        "sisteransi": "^1.0.5"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
    "node_modules/prop-types": {
      "version": "15.8.1",
      "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
@@ -13882,10 +13912,7 @@
      "version": "4.1.2",
      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
      "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==",
-      "dev": true,
      "license": "MIT",
-      "optional": true,
-      "peer": true,
      "engines": {
        "node": ">= 14.18.0"
      },
@@ -14753,6 +14780,12 @@
        "url": "https://github.com/steveukx/git-js?sponsor=1"
      }
    },
+    "node_modules/sisteransi": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz",
+      "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==",
+      "license": "MIT"
+    },
    "node_modules/slash": {
      "version": "5.1.0",
      "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz",
@@ -17316,7 +17349,7 @@
    },
    "packages/cli": {
      "name": "@qwen-code/qwen-code",
-      "version": "0.6.1",
+      "version": "0.7.1",
      "dependencies": {
        "@google/genai": "1.30.0",
        "@iarna/toml": "^2.2.5",
@@ -17338,6 +17371,7 @@
        "ink-spinner": "^5.0.0",
        "lowlight": "^3.3.0",
        "open": "^10.1.2",
+        "prompts": "^2.4.2",
        "qrcode-terminal": "^0.12.0",
        "react": "^19.1.0",
        "read-package-up": "^11.0.0",
@@ -17366,6 +17400,7 @@
        "@types/diff": "^7.0.2",
        "@types/dotenv": "^6.1.1",
        "@types/node": "^20.11.24",
+        "@types/prompts": "^2.4.9",
        "@types/react": "^19.1.8",
        "@types/react-dom": "^19.1.6",
        "@types/semver": "^7.7.0",
@@ -17953,7 +17988,7 @@
    },
    "packages/core": {
      "name": "@qwen-code/qwen-code-core",
-      "version": "0.6.1",
+      "version": "0.7.1",
      "hasInstallScript": true,
      "dependencies": {
        "@anthropic-ai/sdk": "^0.36.1",
@@ -17974,6 +18009,7 @@
        "ajv-formats": "^3.0.0",
        "async-mutex": "^0.5.0",
        "chardet": "^2.1.0",
+        "chokidar": "^4.0.3",
        "diff": "^7.0.0",
        "dotenv": "^17.1.0",
        "fast-levenshtein": "^2.0.6",
@@ -18593,7 +18629,7 @@
    },
    "packages/sdk-typescript": {
      "name": "@qwen-code/sdk",
-      "version": "0.1.0",
+      "version": "0.1.3",
      "license": "Apache-2.0",
      "dependencies": {
        "@modelcontextprotocol/sdk": "^1.25.1",
@@ -21413,7 +21449,7 @@
    },
    "packages/test-utils": {
      "name": "@qwen-code/qwen-code-test-utils",
-      "version": "0.6.1",
+      "version": "0.7.1",
      "dev": true,
      "license": "Apache-2.0",
      "devDependencies": {
@@ -21425,7 +21461,7 @@
    },
    "packages/vscode-ide-companion": {
      "name": "qwen-code-vscode-ide-companion",
-      "version": "0.6.1",
+      "version": "0.7.1",
      "license": "LICENSE",
      "dependencies": {
        "@modelcontextprotocol/sdk": "^1.25.1",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.6.1",
+  "version": "0.7.1",
  "engines": {
    "node": ">=20.0.0"
  },
@@ -13,7 +13,7 @@
    "url": "git+https://github.com/QwenLM/qwen-code.git"
  },
  "config": {
-    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.6.1"
+    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.7.1"
  },
  "scripts": {
    "start": "cross-env node scripts/start.js",
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.6.1",
+  "version": "0.7.1",
  "description": "Qwen Code",
  "repository": {
    "type": "git",
@@ -33,7 +33,7 @@
    "dist"
  ],
  "config": {
-    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.6.1"
+    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.7.1"
  },
  "dependencies": {
    "@google/genai": "1.30.0",
@@ -46,6 +46,7 @@
    "comment-json": "^4.2.5",
    "diff": "^7.0.0",
    "dotenv": "^17.1.0",
+    "prompts": "^2.4.2",
    "fzf": "^0.5.2",
    "glob": "^10.5.0",
    "highlight.js": "^11.11.1",
@@ -79,6 +80,7 @@
    "@types/command-exists": "^1.2.3",
    "@types/diff": "^7.0.2",
    "@types/dotenv": "^6.1.1",
+    "@types/prompts": "^2.4.9",
    "@types/node": "^20.11.24",
    "@types/react": "^19.1.8",
    "@types/react-dom": "^19.1.6",
--- a/packages/cli/src/acp-integration/acp.ts
+++ b/packages/cli/src/acp-integration/acp.ts
@@ -70,6 +70,13 @@ export class AgentSideConnection implements Client {
          const validatedParams = schema.setModeRequestSchema.parse(params);
          return agent.setMode(validatedParams);
        }
+        case schema.AGENT_METHODS.session_set_model: {
+          if (!agent.setModel) {
+            throw RequestError.methodNotFound();
+          }
+          const validatedParams = schema.setModelRequestSchema.parse(params);
+          return agent.setModel(validatedParams);
+        }
        default:
          throw RequestError.methodNotFound(method);
      }
@@ -408,4 +415,5 @@ export interface Agent {
  prompt(params: schema.PromptRequest): Promise<schema.PromptResponse>;
  cancel(params: schema.CancelNotification): Promise<void>;
  setMode?(params: schema.SetModeRequest): Promise<schema.SetModeResponse>;
+  setModel?(params: schema.SetModelRequest): Promise<schema.SetModelResponse>;
 }
--- a/packages/cli/src/acp-integration/acpAgent.ts
+++ b/packages/cli/src/acp-integration/acpAgent.ts
@@ -27,10 +27,8 @@ import { Readable, Writable } from 'node:stream';
 import type { LoadedSettings } from '../config/settings.js';
 import { SettingScope } from '../config/settings.js';
 import { z } from 'zod';
-import { ExtensionStorage, type Extension } from '../config/extension.js';
 import type { CliArgs } from '../config/config.js';
 import { loadCliConfig } from '../config/config.js';
-import { ExtensionEnablementManager } from '../config/extensions/extensionEnablement.js';

 // Import the modular Session class
 import { Session } from './session/Session.js';
@@ -38,7 +36,6 @@ import { Session } from './session/Session.js';
 export async function runAcpAgent(
  config: Config,
  settings: LoadedSettings,
-  extensions: Extension[],
  argv: CliArgs,
 ) {
  const stdout = Writable.toWeb(process.stdout) as WritableStream;
@@ -51,8 +48,7 @@ export async function runAcpAgent(
  console.debug = console.error;

  new acp.AgentSideConnection(
-    (client: acp.Client) =>
-      new GeminiAgent(config, settings, extensions, argv, client),
+    (client: acp.Client) => new GeminiAgent(config, settings, argv, client),
    stdout,
    stdin,
  );
@@ -65,7 +61,6 @@ class GeminiAgent {
  constructor(
    private config: Config,
    private settings: LoadedSettings,
-    private extensions: Extension[],
    private argv: CliArgs,
    private client: acp.Client,
  ) {}
@@ -165,30 +160,11 @@ class GeminiAgent {
    this.setupFileSystem(config);

    const session = await this.createAndStoreSession(config);
-    const configuredModel = (
-      config.getModel() ||
-      this.config.getModel() ||
-      ''
-    ).trim();
-    const modelId = configuredModel || 'default';
-    const modelName = configuredModel || modelId;
+    const availableModels = this.buildAvailableModels(config);

    return {
      sessionId: session.getId(),
-      models: {
-        currentModelId: modelId,
-        availableModels: [
-          {
-            modelId,
-            name: modelName,
-            description: null,
-            _meta: {
-              contextLimit: tokenLimit(modelId),
-            },
-          },
-        ],
-        _meta: null,
-      },
+      models: availableModels,
    };
  }

@@ -215,16 +191,7 @@ class GeminiAgent {
      continue: false,
    };

-    const config = await loadCliConfig(
-      settings,
-      this.extensions,
-      new ExtensionEnablementManager(
-        ExtensionStorage.getUserExtensionsDir(),
-        this.argv.extensions,
-      ),
-      argvForSession,
-      cwd,
-    );
+    const config = await loadCliConfig(settings, argvForSession, cwd);

    await config.initialize();
    return config;
@@ -305,15 +272,29 @@ class GeminiAgent {
  async setMode(params: acp.SetModeRequest): Promise<acp.SetModeResponse> {
    const session = this.sessions.get(params.sessionId);
    if (!session) {
-      throw new Error(`Session not found: ${params.sessionId}`);
+      throw acp.RequestError.invalidParams(
+        `Session not found for id: ${params.sessionId}`,
+      );
    }
    return session.setMode(params);
  }

+  async setModel(params: acp.SetModelRequest): Promise<acp.SetModelResponse> {
+    const session = this.sessions.get(params.sessionId);
+    if (!session) {
+      throw acp.RequestError.invalidParams(
+        `Session not found for id: ${params.sessionId}`,
+      );
+    }
+    return session.setModel(params);
+  }
+
  private async ensureAuthenticated(config: Config): Promise<void> {
    const selectedType = this.settings.merged.security?.auth?.selectedType;
    if (!selectedType) {
-      throw acp.RequestError.authRequired('No Selected Type');
+      throw acp.RequestError.authRequired(
+        'Use Qwen Code CLI to authenticate first.',
+      );
    }

    try {
@@ -382,4 +363,43 @@ class GeminiAgent {

    return session;
  }
+
+  private buildAvailableModels(
+    config: Config,
+  ): acp.NewSessionResponse['models'] {
+    const currentModelId = (
+      config.getModel() ||
+      this.config.getModel() ||
+      ''
+    ).trim();
+    const availableModels = config.getAvailableModels();
+
+    const mappedAvailableModels = availableModels.map((model) => ({
+      modelId: model.id,
+      name: model.label,
+      description: model.description ?? null,
+      _meta: {
+        contextLimit: tokenLimit(model.id),
+      },
+    }));
+
+    if (
+      currentModelId &&
+      !mappedAvailableModels.some((model) => model.modelId === currentModelId)
+    ) {
+      mappedAvailableModels.unshift({
+        modelId: currentModelId,
+        name: currentModelId,
+        description: null,
+        _meta: {
+          contextLimit: tokenLimit(currentModelId),
+        },
+      });
+    }
+
+    return {
+      currentModelId,
+      availableModels: mappedAvailableModels,
+    };
+  }
 }
--- a/packages/cli/src/acp-integration/schema.ts
+++ b/packages/cli/src/acp-integration/schema.ts
@@ -15,6 +15,7 @@ export const AGENT_METHODS = {
  session_prompt: 'session/prompt',
  session_list: 'session/list',
  session_set_mode: 'session/set_mode',
+  session_set_model: 'session/set_model',
 };

 export const CLIENT_METHODS = {
@@ -266,6 +267,18 @@ export const modelInfoSchema = z.object({
  name: z.string(),
 });

+export const setModelRequestSchema = z.object({
+  sessionId: z.string(),
+  modelId: z.string(),
+});
+
+export const setModelResponseSchema = z.object({
+  modelId: z.string(),
+});
+
+export type SetModelRequest = z.infer<typeof setModelRequestSchema>;
+export type SetModelResponse = z.infer<typeof setModelResponseSchema>;
+
 export const sessionModelStateSchema = z.object({
  _meta: acpMetaSchema,
  availableModels: z.array(modelInfoSchema),
@@ -592,6 +605,7 @@ export const agentResponseSchema = z.union([
  promptResponseSchema,
  listSessionsResponseSchema,
  setModeResponseSchema,
+  setModelResponseSchema,
 ]);

 export const requestPermissionRequestSchema = z.object({
@@ -624,6 +638,7 @@ export const agentRequestSchema = z.union([
  promptRequestSchema,
  listSessionsRequestSchema,
  setModeRequestSchema,
+  setModelRequestSchema,
 ]);

 export const agentNotificationSchema = sessionNotificationSchema;
--- a/packages/cli/src/acp-integration/session/Session.test.ts
+++ b/packages/cli/src/acp-integration/session/Session.test.ts
@@ -0,0 +1,174 @@
+/**
+ * @license
+ * Copyright 2025 Qwen
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { Session } from './Session.js';
+import type { Config, GeminiChat } from '@qwen-code/qwen-code-core';
+import { ApprovalMode } from '@qwen-code/qwen-code-core';
+import type * as acp from '../acp.js';
+import type { LoadedSettings } from '../../config/settings.js';
+import * as nonInteractiveCliCommands from '../../nonInteractiveCliCommands.js';
+
+vi.mock('../../nonInteractiveCliCommands.js', () => ({
+  getAvailableCommands: vi.fn(),
+  handleSlashCommand: vi.fn(),
+}));
+
+describe('Session', () => {
+  let mockChat: GeminiChat;
+  let mockConfig: Config;
+  let mockClient: acp.Client;
+  let mockSettings: LoadedSettings;
+  let session: Session;
+  let currentModel: string;
+  let setModelSpy: ReturnType<typeof vi.fn>;
+  let getAvailableCommandsSpy: ReturnType<typeof vi.fn>;
+
+  beforeEach(() => {
+    currentModel = 'qwen3-code-plus';
+    setModelSpy = vi.fn().mockImplementation(async (modelId: string) => {
+      currentModel = modelId;
+    });
+
+    mockChat = {
+      sendMessageStream: vi.fn(),
+      addHistory: vi.fn(),
+    } as unknown as GeminiChat;
+
+    mockConfig = {
+      setApprovalMode: vi.fn(),
+      setModel: setModelSpy,
+      getModel: vi.fn().mockImplementation(() => currentModel),
+    } as unknown as Config;
+
+    mockClient = {
+      sessionUpdate: vi.fn().mockResolvedValue(undefined),
+      requestPermission: vi.fn().mockResolvedValue({
+        outcome: { outcome: 'selected', optionId: 'proceed_once' },
+      }),
+      sendCustomNotification: vi.fn().mockResolvedValue(undefined),
+    } as unknown as acp.Client;
+
+    mockSettings = {
+      merged: {},
+    } as LoadedSettings;
+
+    getAvailableCommandsSpy = vi.mocked(nonInteractiveCliCommands)
+      .getAvailableCommands as unknown as ReturnType<typeof vi.fn>;
+    getAvailableCommandsSpy.mockResolvedValue([]);
+
+    session = new Session(
+      'test-session-id',
+      mockChat,
+      mockConfig,
+      mockClient,
+      mockSettings,
+    );
+  });
+
+  describe('setMode', () => {
+    it.each([
+      ['plan', ApprovalMode.PLAN],
+      ['default', ApprovalMode.DEFAULT],
+      ['auto-edit', ApprovalMode.AUTO_EDIT],
+      ['yolo', ApprovalMode.YOLO],
+    ] as const)('maps %s mode', async (modeId, expected) => {
+      const result = await session.setMode({
+        sessionId: 'test-session-id',
+        modeId,
+      });
+
+      expect(mockConfig.setApprovalMode).toHaveBeenCalledWith(expected);
+      expect(result).toEqual({ modeId });
+    });
+  });
+
+  describe('setModel', () => {
+    it('sets model via config and returns current model', async () => {
+      const result = await session.setModel({
+        sessionId: 'test-session-id',
+        modelId: '  qwen3-coder-plus  ',
+      });
+
+      expect(mockConfig.setModel).toHaveBeenCalledWith('qwen3-coder-plus', {
+        reason: 'user_request_acp',
+        context: 'session/set_model',
+      });
+      expect(mockConfig.getModel).toHaveBeenCalled();
+      expect(result).toEqual({ modelId: 'qwen3-coder-plus' });
+    });
+
+    it('rejects empty/whitespace model IDs', async () => {
+      await expect(
+        session.setModel({
+          sessionId: 'test-session-id',
+          modelId: '   ',
+        }),
+      ).rejects.toThrow('Invalid params');
+
+      expect(mockConfig.setModel).not.toHaveBeenCalled();
+    });
+
+    it('propagates errors from config.setModel', async () => {
+      const configError = new Error('Invalid model');
+      setModelSpy.mockRejectedValueOnce(configError);
+
+      await expect(
+        session.setModel({
+          sessionId: 'test-session-id',
+          modelId: 'invalid-model',
+        }),
+      ).rejects.toThrow('Invalid model');
+    });
+  });
+
+  describe('sendAvailableCommandsUpdate', () => {
+    it('sends available_commands_update from getAvailableCommands()', async () => {
+      getAvailableCommandsSpy.mockResolvedValueOnce([
+        {
+          name: 'init',
+          description: 'Initialize project context',
+        },
+      ]);
+
+      await session.sendAvailableCommandsUpdate();
+
+      expect(getAvailableCommandsSpy).toHaveBeenCalledWith(
+        mockConfig,
+        expect.any(AbortSignal),
+      );
+      expect(mockClient.sessionUpdate).toHaveBeenCalledWith({
+        sessionId: 'test-session-id',
+        update: {
+          sessionUpdate: 'available_commands_update',
+          availableCommands: [
+            {
+              name: 'init',
+              description: 'Initialize project context',
+              input: null,
+            },
+          ],
+        },
+      });
+    });
+
+    it('swallows errors and does not throw', async () => {
+      const consoleErrorSpy = vi
+        .spyOn(console, 'error')
+        .mockImplementation(() => undefined);
+      getAvailableCommandsSpy.mockRejectedValueOnce(
+        new Error('Command discovery failed'),
+      );
+
+      await expect(
+        session.sendAvailableCommandsUpdate(),
+      ).resolves.toBeUndefined();
+      expect(mockClient.sessionUpdate).not.toHaveBeenCalled();
+      expect(consoleErrorSpy).toHaveBeenCalled();
+      consoleErrorSpy.mockRestore();
+    });
+  });
+});
--- a/packages/cli/src/acp-integration/session/Session.ts
+++ b/packages/cli/src/acp-integration/session/Session.ts
@@ -52,6 +52,8 @@ import type {
  AvailableCommandsUpdate,
  SetModeRequest,
  SetModeResponse,
+  SetModelRequest,
+  SetModelResponse,
  ApprovalModeValue,
  CurrentModeUpdate,
 } from '../schema.js';
@@ -348,6 +350,31 @@ export class Session implements SessionContext {
    return { modeId: params.modeId };
  }

+  /**
+   * Sets the model for the current session.
+   * Validates the model ID and switches the model via Config.
+   */
+  async setModel(params: SetModelRequest): Promise<SetModelResponse> {
+    const modelId = params.modelId.trim();
+
+    if (!modelId) {
+      throw acp.RequestError.invalidParams('modelId cannot be empty');
+    }
+
+    // Attempt to set the model using config
+    await this.config.setModel(modelId, {
+      reason: 'user_request_acp',
+      context: 'session/set_model',
+    });
+
+    // Get updated model info
+    const currentModel = this.config.getModel();
+
+    return {
+      modelId: currentModel,
+    };
+  }
+
  /**
   * Sends a current_mode_update notification to the client.
   * Called after the agent switches modes (e.g., from exit_plan_mode tool).
--- a/packages/cli/src/commands/extensions.test.tsx
+++ b/packages/cli/src/commands/extensions.test.tsx
@@ -0,0 +1,106 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect } from 'vitest';
+import { extensionsCommand } from './extensions.js';
+import { updateCommand } from './extensions/update.js';
+import { disableCommand } from './extensions/disable.js';
+import { enableCommand } from './extensions/enable.js';
+import { linkCommand } from './extensions/link.js';
+import { newCommand } from './extensions/new.js';
+import yargs from 'yargs';
+
+describe('extensions command', () => {
+  it('should have correct command name', () => {
+    expect(extensionsCommand.command).toBe('extensions <command>');
+  });
+
+  it('should have a description', () => {
+    expect(extensionsCommand.describe).toBe('Manage Qwen Code extensions.');
+  });
+
+  it('should require a subcommand', () => {
+    const parser = yargs([])
+      .command(extensionsCommand)
+      .fail(false)
+      .locale('en');
+
+    expect(() => parser.parse('extensions')).toThrow();
+  });
+
+  it('should register install subcommand', () => {
+    const parser = yargs([])
+      .command(extensionsCommand)
+      .fail(false)
+      .locale('en');
+
+    // This should throw as 'install' requires a source argument
+    expect(() => parser.parse('extensions install')).toThrow(
+      'Not enough non-option arguments',
+    );
+  });
+
+  it('should register uninstall subcommand', () => {
+    const parser = yargs([])
+      .command(extensionsCommand)
+      .fail(false)
+      .locale('en');
+
+    expect(() => parser.parse('extensions uninstall')).toThrow(
+      'Not enough non-option arguments',
+    );
+  });
+
+  it('should register list subcommand', () => {
+    const parser = yargs([])
+      .command(extensionsCommand)
+      .fail(false)
+      .locale('en');
+
+    // list doesn't require arguments, so it should not throw
+    expect(() => parser.parse('extensions list')).not.toThrow();
+  });
+
+  it('should register update subcommand', () => {
+    const parser = yargs([]).command(updateCommand).fail(false).locale('en');
+
+    expect(() => parser.parse('update')).toThrow(
+      'Either an extension name or --all must be provided',
+    );
+  });
+
+  it('should register disable subcommand', () => {
+    const parser = yargs([]).command(disableCommand).fail(false).locale('en');
+
+    expect(() => parser.parse('disable')).toThrow(
+      'Not enough non-option arguments',
+    );
+  });
+
+  it('should register enable subcommand', () => {
+    const parser = yargs([]).command(enableCommand).fail(false).locale('en');
+
+    expect(() => parser.parse('enable')).toThrow(
+      'Not enough non-option arguments',
+    );
+  });
+
+  it('should register link subcommand', () => {
+    const parser = yargs([]).command(linkCommand).fail(false).locale('en');
+
+    expect(() => parser.parse('link')).toThrow(
+      'Not enough non-option arguments',
+    );
+  });
+
+  it('should register new subcommand', async () => {
+    const parser = yargs([]).command(newCommand).fail(false).locale('en');
+
+    await expect(parser.parseAsync('new')).rejects.toThrow(
+      'Not enough non-option arguments',
+    );
+  });
+});
--- a/packages/cli/src/commands/extensions/consent.test.ts
+++ b/packages/cli/src/commands/extensions/consent.test.ts
@@ -0,0 +1,273 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { extensionConsentString, requestConsentOrFail } from './consent.js';
+import type { ExtensionConfig } from '@qwen-code/qwen-code-core';
+
+vi.mock('../../i18n/index.js', () => ({
+  t: vi.fn((str: string, params?: Record<string, string>) => {
+    if (params) {
+      return Object.entries(params).reduce(
+        (acc, [key, value]) => acc.replace(`{{${key}}}`, value),
+        str,
+      );
+    }
+    return str;
+  }),
+}));
+
+describe('extensionConsentString', () => {
+  it('should include extension name', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+    };
+
+    const result = extensionConsentString(config);
+
+    expect(result).toContain('Installing extension "test-extension".');
+  });
+
+  it('should include warning message', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+    };
+
+    const result = extensionConsentString(config);
+
+    expect(result).toContain('Extensions may introduce unexpected behavior');
+  });
+
+  it('should include MCP servers when present', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+      mcpServers: {
+        'test-server': {
+          command: 'node',
+          args: ['server.js'],
+        },
+      },
+    };
+
+    const result = extensionConsentString(config);
+
+    expect(result).toContain(
+      'This extension will run the following MCP servers',
+    );
+    expect(result).toContain('test-server');
+    expect(result).toContain('local');
+    expect(result).toContain('node server.js');
+  });
+
+  it('should include remote MCP servers', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+      mcpServers: {
+        'remote-server': {
+          httpUrl: 'https://example.com/mcp',
+        },
+      },
+    };
+
+    const result = extensionConsentString(config);
+
+    expect(result).toContain('remote');
+    expect(result).toContain('https://example.com/mcp');
+  });
+
+  it('should include commands when present', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+    };
+
+    const result = extensionConsentString(config, ['command1', 'command2']);
+
+    expect(result).toContain('This extension will add the following commands');
+    expect(result).toContain('command1, command2');
+  });
+
+  it('should include context file name when present (string)', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+      contextFileName: 'CUSTOM.md',
+    };
+
+    const result = extensionConsentString(config);
+
+    expect(result).toContain('CUSTOM.md');
+  });
+
+  it('should include context file name when present (array)', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+      contextFileName: ['FILE1.md', 'FILE2.md'],
+    };
+
+    const result = extensionConsentString(config);
+
+    expect(result).toContain('FILE1.md, FILE2.md');
+  });
+
+  it('should include excluded tools when present', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+      excludeTools: ['tool1', 'tool2'],
+    };
+
+    const result = extensionConsentString(config);
+
+    expect(result).toContain(
+      'This extension will exclude the following core tools',
+    );
+    expect(result).toContain('tool1, tool2');
+  });
+
+  it('should include skills when present', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+    };
+
+    const result = extensionConsentString(
+      config,
+      [],
+      [
+        {
+          name: 'skill1',
+          description: 'Skill 1 description',
+          level: 'extension',
+          filePath: '/test/skill1',
+          body: 'skill body',
+        },
+        {
+          name: 'skill2',
+          description: 'Skill 2 description',
+          level: 'extension',
+          filePath: '/test/skill2',
+          body: 'skill body',
+        },
+      ],
+    );
+
+    expect(result).toContain(
+      'This extension will install the following skills',
+    );
+    expect(result).toContain('skill1');
+    expect(result).toContain('Skill 1 description');
+  });
+
+  it('should include subagents when present', () => {
+    const config: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+    };
+
+    const result = extensionConsentString(
+      config,
+      [],
+      [],
+      [
+        {
+          name: 'agent1',
+          description: 'Agent 1 description',
+          systemPrompt: 'You are agent1',
+          level: 'extension',
+        },
+      ],
+    );
+
+    expect(result).toContain(
+      'This extension will install the following subagents',
+    );
+    expect(result).toContain('agent1');
+    expect(result).toContain('Agent 1 description');
+  });
+});
+
+describe('requestConsentOrFail', () => {
+  let mockRequestConsent: ReturnType<typeof vi.fn>;
+
+  beforeEach(() => {
+    mockRequestConsent = vi.fn();
+    vi.clearAllMocks();
+  });
+
+  it('should do nothing when options is undefined', async () => {
+    await requestConsentOrFail(mockRequestConsent, undefined);
+
+    expect(mockRequestConsent).not.toHaveBeenCalled();
+  });
+
+  it('should request consent for new extension', async () => {
+    mockRequestConsent.mockResolvedValueOnce(true);
+
+    await requestConsentOrFail(mockRequestConsent, {
+      extensionConfig: { name: 'test-extension', version: '1.0.0' },
+    });
+
+    expect(mockRequestConsent).toHaveBeenCalled();
+  });
+
+  it('should throw error when user declines consent', async () => {
+    mockRequestConsent.mockResolvedValueOnce(false);
+
+    await expect(
+      requestConsentOrFail(mockRequestConsent, {
+        extensionConfig: { name: 'test-extension', version: '1.0.0' },
+      }),
+    ).rejects.toThrow('Installation cancelled for "test-extension".');
+  });
+
+  it('should skip consent when consent string is unchanged', async () => {
+    const extensionConfig: ExtensionConfig = {
+      name: 'test-extension',
+      version: '1.0.0',
+    };
+
+    await requestConsentOrFail(mockRequestConsent, {
+      extensionConfig,
+      previousExtensionConfig: extensionConfig,
+    });
+
+    expect(mockRequestConsent).not.toHaveBeenCalled();
+  });
+
+  it('should request consent when consent string changes', async () => {
+    mockRequestConsent.mockResolvedValueOnce(true);
+
+    await requestConsentOrFail(mockRequestConsent, {
+      extensionConfig: {
+        name: 'test-extension',
+        version: '1.0.0',
+        excludeTools: ['tool1'],
+      },
+      previousExtensionConfig: { name: 'test-extension', version: '1.0.0' },
+    });
+
+    expect(mockRequestConsent).toHaveBeenCalled();
+  });
+
+  it('should request consent when commands change', async () => {
+    mockRequestConsent.mockResolvedValueOnce(true);
+
+    await requestConsentOrFail(mockRequestConsent, {
+      extensionConfig: { name: 'test-extension', version: '1.0.0' },
+      commands: ['command1'],
+      previousExtensionConfig: { name: 'test-extension', version: '1.0.0' },
+      previousCommands: [],
+    });
+
+    expect(mockRequestConsent).toHaveBeenCalled();
+  });
+});
--- a/packages/cli/src/commands/extensions/consent.ts
+++ b/packages/cli/src/commands/extensions/consent.ts
@@ -0,0 +1,218 @@
+import type {
+  ExtensionConfig,
+  ExtensionRequestOptions,
+  SkillConfig,
+  SubagentConfig,
+} from '@qwen-code/qwen-code-core';
+import type { ConfirmationRequest } from '../../ui/types.js';
+import chalk from 'chalk';
+import { t } from '../../i18n/index.js';
+
+/**
+ * Requests consent from the user to perform an action, by reading a Y/n
+ * character from stdin.
+ *
+ * This should not be called from interactive mode as it will break the CLI.
+ *
+ * @param consentDescription The description of the thing they will be consenting to.
+ * @returns boolean, whether they consented or not.
+ */
+export async function requestConsentNonInteractive(
+  consentDescription: string,
+): Promise<boolean> {
+  console.info(consentDescription);
+  const result = await promptForConsentNonInteractive(
+    t('Do you want to continue? [Y/n]: '),
+  );
+  return result;
+}
+
+/**
+ * Requests consent from the user to perform an action, in interactive mode.
+ *
+ * This should not be called from non-interactive mode as it will not work.
+ *
+ * @param consentDescription The description of the thing they will be consenting to.
+ * @param addExtensionUpdateConfirmationRequest A function to actually add a prompt to the UI.
+ * @returns boolean, whether they consented or not.
+ */
+export async function requestConsentInteractive(
+  consentDescription: string,
+  addExtensionUpdateConfirmationRequest: (value: ConfirmationRequest) => void,
+): Promise<boolean> {
+  return promptForConsentInteractive(
+    consentDescription + '\n\n' + t('Do you want to continue?'),
+    addExtensionUpdateConfirmationRequest,
+  );
+}
+
+/**
+ * Asks users a prompt and awaits for a y/n response on stdin.
+ *
+ * This should not be called from interactive mode as it will break the CLI.
+ *
+ * @param prompt A yes/no prompt to ask the user
+ * @returns Whether or not the user answers 'y' (yes). Defaults to 'yes' on enter.
+ */
+async function promptForConsentNonInteractive(
+  prompt: string,
+): Promise<boolean> {
+  const readline = await import('node:readline');
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  });
+
+  return new Promise((resolve) => {
+    rl.question(prompt, (answer) => {
+      rl.close();
+      resolve(['y', ''].includes(answer.trim().toLowerCase()));
+    });
+  });
+}
+
+/**
+ * Asks users an interactive yes/no prompt.
+ *
+ * This should not be called from non-interactive mode as it will break the CLI.
+ *
+ * @param prompt A markdown prompt to ask the user
+ * @param addExtensionUpdateConfirmationRequest Function to update the UI state with the confirmation request.
+ * @returns Whether or not the user answers yes.
+ */
+async function promptForConsentInteractive(
+  prompt: string,
+  addExtensionUpdateConfirmationRequest: (value: ConfirmationRequest) => void,
+): Promise<boolean> {
+  return new Promise<boolean>((resolve) => {
+    addExtensionUpdateConfirmationRequest({
+      prompt,
+      onConfirm: (resolvedConfirmed) => {
+        resolve(resolvedConfirmed);
+      },
+    });
+  });
+}
+
+/**
+ * Builds a consent string for installing an extension based on it's
+ * extensionConfig.
+ */
+export function extensionConsentString(
+  extensionConfig: ExtensionConfig,
+  commands: string[] = [],
+  skills: SkillConfig[] = [],
+  subagents: SubagentConfig[] = [],
+): string {
+  const output: string[] = [];
+  const mcpServerEntries = Object.entries(extensionConfig.mcpServers || {});
+  output.push(
+    t('Installing extension "{{name}}".', { name: extensionConfig.name }),
+  );
+  output.push(
+    t(
+      '**Extensions may introduce unexpected behavior. Ensure you have investigated the extension source and trust the author.**',
+    ),
+  );
+
+  if (mcpServerEntries.length) {
+    output.push(t('This extension will run the following MCP servers:'));
+    for (const [key, mcpServer] of mcpServerEntries) {
+      const isLocal = !!mcpServer.command;
+      const source =
+        mcpServer.httpUrl ??
+        `${mcpServer.command || ''}${mcpServer.args ? ' ' + mcpServer.args.join(' ') : ''}`;
+      output.push(
+        `  * ${key} (${isLocal ? t('local') : t('remote')}): ${source}`,
+      );
+    }
+  }
+  if (commands && commands.length > 0) {
+    output.push(
+      t('This extension will add the following commands: {{commands}}.', {
+        commands: commands.join(', '),
+      }),
+    );
+  }
+  if (extensionConfig.contextFileName) {
+    const fileName = Array.isArray(extensionConfig.contextFileName)
+      ? extensionConfig.contextFileName.join(', ')
+      : extensionConfig.contextFileName;
+    output.push(
+      t(
+        'This extension will append info to your QWEN.md context using {{fileName}}',
+        { fileName },
+      ),
+    );
+  }
+  if (extensionConfig.excludeTools) {
+    output.push(
+      t('This extension will exclude the following core tools: {{tools}}', {
+        tools: extensionConfig.excludeTools.join(', '),
+      }),
+    );
+  }
+  if (skills.length > 0) {
+    output.push(t('This extension will install the following skills:'));
+    for (const skill of skills) {
+      output.push(`  * ${chalk.bold(skill.name)}: ${skill.description}`);
+    }
+  }
+  if (subagents.length > 0) {
+    output.push(t('This extension will install the following subagents:'));
+    for (const subagent of subagents) {
+      output.push(`  * ${chalk.bold(subagent.name)}: ${subagent.description}`);
+    }
+  }
+  return output.join('\n');
+}
+
+/**
+ * Requests consent from the user to install an extension (extensionConfig), if
+ * there is any difference between the consent string for `extensionConfig` and
+ * `previousExtensionConfig`.
+ *
+ * Always requests consent if previousExtensionConfig is null.
+ *
+ * Throws if the user does not consent.
+ */
+export const requestConsentOrFail = async (
+  requestConsent: (consent: string) => Promise<boolean>,
+  options?: ExtensionRequestOptions,
+) => {
+  if (!options) return;
+  const {
+    extensionConfig,
+    commands = [],
+    skills = [],
+    subagents = [],
+    previousExtensionConfig,
+    previousCommands = [],
+    previousSkills = [],
+    previousSubagents = [],
+  } = options;
+  const extensionConsent = extensionConsentString(
+    extensionConfig,
+    commands,
+    skills,
+    subagents,
+  );
+  if (previousExtensionConfig) {
+    const previousExtensionConsent = extensionConsentString(
+      previousExtensionConfig,
+      previousCommands,
+      previousSkills,
+      previousSubagents,
+    );
+    if (previousExtensionConsent === extensionConsent) {
+      return;
+    }
+  }
+  if (!(await requestConsent(extensionConsent))) {
+    throw new Error(
+      t('Installation cancelled for "{{name}}".', {
+        name: extensionConfig.name,
+      }),
+    );
+  }
+};
--- a/packages/cli/src/commands/extensions/disable.test.ts
+++ b/packages/cli/src/commands/extensions/disable.test.ts
@@ -0,0 +1,129 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  describe,
+  it,
+  expect,
+  vi,
+  beforeEach,
+  type MockInstance,
+} from 'vitest';
+import { disableCommand, handleDisable } from './disable.js';
+import yargs from 'yargs';
+import { SettingScope } from '../../config/settings.js';
+
+const mockDisableExtension = vi.hoisted(() => vi.fn());
+
+vi.mock('./utils.js', () => ({
+  getExtensionManager: vi.fn().mockResolvedValue({
+    disableExtension: mockDisableExtension,
+  }),
+}));
+
+vi.mock('../../utils/errors.js', () => ({
+  getErrorMessage: vi.fn((error: Error) => error.message),
+}));
+
+describe('extensions disable command', () => {
+  it('should fail if no name is provided', () => {
+    const validationParser = yargs([])
+      .command(disableCommand)
+      .fail(false)
+      .locale('en');
+    expect(() => validationParser.parse('disable')).toThrow(
+      'Not enough non-option arguments: got 0, need at least 1',
+    );
+  });
+
+  it('should fail if invalid scope is provided', () => {
+    const validationParser = yargs([])
+      .command(disableCommand)
+      .fail(false)
+      .locale('en');
+    expect(() =>
+      validationParser.parse('disable test-extension --scope=invalid'),
+    ).toThrow(/Invalid scope: invalid/);
+  });
+
+  it('should accept valid scope values', () => {
+    const parser = yargs([]).command(disableCommand).fail(false).locale('en');
+    // Just check that the scope option is recognized, actual execution needs name first
+    expect(() =>
+      parser.parse('disable my-extension --scope=user'),
+    ).not.toThrow();
+  });
+});
+
+describe('handleDisable', () => {
+  let consoleLogSpy: MockInstance;
+  let consoleErrorSpy: MockInstance;
+  let processExitSpy: MockInstance;
+
+  beforeEach(() => {
+    consoleLogSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+    processExitSpy = vi
+      .spyOn(process, 'exit')
+      .mockImplementation(() => undefined as never);
+    vi.clearAllMocks();
+  });
+
+  it('should disable an extension with user scope', async () => {
+    await handleDisable({
+      name: 'test-extension',
+      scope: 'user',
+    });
+
+    expect(mockDisableExtension).toHaveBeenCalledWith(
+      'test-extension',
+      SettingScope.User,
+    );
+    expect(consoleLogSpy).toHaveBeenCalledWith(
+      'Extension "test-extension" successfully disabled for scope "user".',
+    );
+  });
+
+  it('should disable an extension with workspace scope', async () => {
+    await handleDisable({
+      name: 'test-extension',
+      scope: 'workspace',
+    });
+
+    expect(mockDisableExtension).toHaveBeenCalledWith(
+      'test-extension',
+      SettingScope.Workspace,
+    );
+    expect(consoleLogSpy).toHaveBeenCalledWith(
+      'Extension "test-extension" successfully disabled for scope "workspace".',
+    );
+  });
+
+  it('should default to user scope when no scope is provided', async () => {
+    await handleDisable({
+      name: 'test-extension',
+    });
+
+    expect(mockDisableExtension).toHaveBeenCalledWith(
+      'test-extension',
+      SettingScope.User,
+    );
+  });
+
+  it('should handle errors and exit with code 1', async () => {
+    mockDisableExtension.mockImplementationOnce(() => {
+      throw new Error('Disable failed');
+    });
+
+    await handleDisable({
+      name: 'test-extension',
+      scope: 'user',
+    });
+
+    expect(consoleErrorSpy).toHaveBeenCalledWith('Disable failed');
+    expect(processExitSpy).toHaveBeenCalledWith(1);
+  });
+});
--- a/packages/cli/src/commands/extensions/disable.ts
+++ b/packages/cli/src/commands/extensions/disable.ts
@@ -5,21 +5,22 @@
 */

 import { type CommandModule } from 'yargs';
-import { disableExtension } from '../../config/extension.js';
 import { SettingScope } from '../../config/settings.js';
 import { getErrorMessage } from '../../utils/errors.js';
+import { getExtensionManager } from './utils.js';

 interface DisableArgs {
  name: string;
  scope?: string;
 }

-export function handleDisable(args: DisableArgs) {
+export async function handleDisable(args: DisableArgs) {
+  const extensionManager = await getExtensionManager();
  try {
    if (args.scope?.toLowerCase() === 'workspace') {
-      disableExtension(args.name, SettingScope.Workspace);
+      extensionManager.disableExtension(args.name, SettingScope.Workspace);
    } else {
-      disableExtension(args.name, SettingScope.User);
+      extensionManager.disableExtension(args.name, SettingScope.User);
    }
    console.log(
      `Extension "${args.name}" successfully disabled for scope "${args.scope}".`,
@@ -61,8 +62,8 @@ export const disableCommand: CommandModule = {
        }
        return true;
      }),
-  handler: (argv) => {
-    handleDisable({
+  handler: async (argv) => {
+    await handleDisable({
      name: argv['name'] as string,
      scope: argv['scope'] as string,
    });
--- a/packages/cli/src/commands/extensions/enable.test.ts
+++ b/packages/cli/src/commands/extensions/enable.test.ts
@@ -0,0 +1,136 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  describe,
+  it,
+  expect,
+  vi,
+  beforeEach,
+  type MockInstance,
+} from 'vitest';
+import { enableCommand, handleEnable } from './enable.js';
+import yargs from 'yargs';
+import { SettingScope } from '../../config/settings.js';
+
+const mockEnableExtension = vi.hoisted(() => vi.fn());
+
+vi.mock('./utils.js', () => ({
+  getExtensionManager: vi.fn().mockResolvedValue({
+    enableExtension: mockEnableExtension,
+  }),
+}));
+
+vi.mock('@qwen-code/qwen-code-core', async (importOriginal) => {
+  const actual =
+    await importOriginal<typeof import('@qwen-code/qwen-code-core')>();
+  return {
+    ...actual,
+    FatalConfigError: class FatalConfigError extends Error {
+      constructor(message: string) {
+        super(message);
+        this.name = 'FatalConfigError';
+      }
+    },
+    getErrorMessage: (error: Error) => error.message,
+  };
+});
+
+describe('extensions enable command', () => {
+  it('should fail if no name is provided', () => {
+    const validationParser = yargs([])
+      .command(enableCommand)
+      .fail(false)
+      .locale('en');
+    expect(() => validationParser.parse('enable')).toThrow(
+      'Not enough non-option arguments: got 0, need at least 1',
+    );
+  });
+
+  it('should fail if invalid scope is provided', () => {
+    const validationParser = yargs([])
+      .command(enableCommand)
+      .fail(false)
+      .locale('en');
+    expect(() =>
+      validationParser.parse('enable test-extension --scope=invalid'),
+    ).toThrow(/Invalid scope: invalid/);
+  });
+
+  it('should accept valid scope values', () => {
+    const parser = yargs([]).command(enableCommand).fail(false).locale('en');
+    // Just check that the scope option is recognized, actual execution needs name first
+    expect(() =>
+      parser.parse('enable my-extension --scope=user'),
+    ).not.toThrow();
+  });
+});
+
+describe('handleEnable', () => {
+  let consoleLogSpy: MockInstance;
+
+  beforeEach(() => {
+    consoleLogSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    vi.clearAllMocks();
+  });
+
+  it('should enable an extension with user scope', async () => {
+    await handleEnable({
+      name: 'test-extension',
+      scope: 'user',
+    });
+
+    expect(mockEnableExtension).toHaveBeenCalledWith(
+      'test-extension',
+      SettingScope.User,
+    );
+    expect(consoleLogSpy).toHaveBeenCalledWith(
+      'Extension "test-extension" successfully enabled for scope "user".',
+    );
+  });
+
+  it('should enable an extension with workspace scope', async () => {
+    await handleEnable({
+      name: 'test-extension',
+      scope: 'workspace',
+    });
+
+    expect(mockEnableExtension).toHaveBeenCalledWith(
+      'test-extension',
+      SettingScope.Workspace,
+    );
+    expect(consoleLogSpy).toHaveBeenCalledWith(
+      'Extension "test-extension" successfully enabled for scope "workspace".',
+    );
+  });
+
+  it('should default to user scope when no scope is provided', async () => {
+    await handleEnable({
+      name: 'test-extension',
+    });
+
+    expect(mockEnableExtension).toHaveBeenCalledWith(
+      'test-extension',
+      SettingScope.User,
+    );
+    expect(consoleLogSpy).toHaveBeenCalledWith(
+      'Extension "test-extension" successfully enabled in all scopes.',
+    );
+  });
+
+  it('should throw FatalConfigError when enable fails', async () => {
+    mockEnableExtension.mockImplementationOnce(() => {
+      throw new Error('Enable failed');
+    });
+
+    await expect(
+      handleEnable({
+        name: 'test-extension',
+        scope: 'user',
+      }),
+    ).rejects.toThrow('Enable failed');
+  });
+});
--- a/packages/cli/src/commands/extensions/enable.ts
+++ b/packages/cli/src/commands/extensions/enable.ts
@@ -6,20 +6,22 @@

 import { type CommandModule } from 'yargs';
 import { FatalConfigError, getErrorMessage } from '@qwen-code/qwen-code-core';
-import { enableExtension } from '../../config/extension.js';
 import { SettingScope } from '../../config/settings.js';
+import { getExtensionManager } from './utils.js';

 interface EnableArgs {
  name: string;
  scope?: string;
 }

-export function handleEnable(args: EnableArgs) {
+export async function handleEnable(args: EnableArgs) {
+  const extensionManager = await getExtensionManager();
+
  try {
    if (args.scope?.toLowerCase() === 'workspace') {
-      enableExtension(args.name, SettingScope.Workspace);
+      extensionManager.enableExtension(args.name, SettingScope.Workspace);
    } else {
-      enableExtension(args.name, SettingScope.User);
+      extensionManager.enableExtension(args.name, SettingScope.User);
    }
    if (args.scope) {
      console.log(
@@ -66,8 +68,8 @@ export const enableCommand: CommandModule = {
        }
        return true;
      }),
-  handler: (argv) => {
-    handleEnable({
+  handler: async (argv) => {
+    await handleEnable({
      name: argv['name'] as string,
      scope: argv['scope'] as string,
    });
--- a/packages/cli/src/commands/extensions/examples/custom-commands/commands/fs/grep-code.toml
+++ b/packages/cli/src/commands/extensions/examples/custom-commands/commands/fs/grep-code.toml
@@ -1,6 +1,3 @@
-prompt = """
 Please summarize the findings for the pattern `{{args}}`.

 Search Results:
-!{grep -r {{args}} .}
-"""
--- a/packages/cli/src/commands/extensions/install.ts
+++ b/packages/cli/src/commands/extensions/install.ts
@@ -5,58 +5,67 @@
 */

 import type { CommandModule } from 'yargs';
+
 import {
-  installExtension,
-  requestConsentNonInteractive,
-} from '../../config/extension.js';
-import type { ExtensionInstallMetadata } from '@qwen-code/qwen-code-core';
+  ExtensionManager,
+  parseInstallSource,
+} from '@qwen-code/qwen-code-core';
 import { getErrorMessage } from '../../utils/errors.js';
-import { stat } from 'node:fs/promises';
+import { isWorkspaceTrusted } from '../../config/trustedFolders.js';
+import { loadSettings } from '../../config/settings.js';
+import {
+  requestConsentOrFail,
+  requestConsentNonInteractive,
+} from './consent.js';

 interface InstallArgs {
  source: string;
  ref?: string;
  autoUpdate?: boolean;
+  allowPreRelease?: boolean;
+  consent?: boolean;
 }

 export async function handleInstall(args: InstallArgs) {
  try {
-    let installMetadata: ExtensionInstallMetadata;
-    const { source } = args;
+    const installMetadata = await parseInstallSource(args.source);
+
    if (
-      source.startsWith('http://') ||
-      source.startsWith('https://') ||
-      source.startsWith('git@') ||
-      source.startsWith('sso://')
+      installMetadata.type !== 'git' &&
+      installMetadata.type !== 'github-release'
    ) {
-      installMetadata = {
-        source,
-        type: 'git',
-        ref: args.ref,
-        autoUpdate: args.autoUpdate,
-      };
-    } else {
      if (args.ref || args.autoUpdate) {
        throw new Error(
-          '--ref and --auto-update are not applicable for local extensions.',
+          '--ref and --auto-update are not applicable for marketplace extensions.',
        );
      }
-      try {
-        await stat(source);
-        installMetadata = {
-          source,
-          type: 'local',
-        };
-      } catch {
-        throw new Error('Install source not found.');
-      }
    }

-    const name = await installExtension(
-      installMetadata,
-      requestConsentNonInteractive,
+    const requestConsent = args.consent
+      ? () => Promise.resolve()
+      : requestConsentOrFail.bind(null, requestConsentNonInteractive);
+    const workspaceDir = process.cwd();
+    const extensionManager = new ExtensionManager({
+      workspaceDir,
+      isWorkspaceTrusted: !!isWorkspaceTrusted(
+        loadSettings(workspaceDir).merged,
+      ),
+      requestConsent,
+    });
+    await extensionManager.refreshCache();
+
+    const extension = await extensionManager.installExtension(
+      {
+        ...installMetadata,
+        ref: args.ref,
+        autoUpdate: args.autoUpdate,
+        allowPreRelease: args.allowPreRelease,
+      },
+      requestConsent,
+    );
+    console.log(
+      `Extension "${extension.name}" installed successfully and enabled.`,
    );
-    console.log(`Extension "${name}" installed successfully and enabled.`);
  } catch (error) {
    console.error(getErrorMessage(error));
    process.exit(1);
@@ -65,11 +74,13 @@ export async function handleInstall(args: InstallArgs) {

 export const installCommand: CommandModule = {
  command: 'install <source>',
-  describe: 'Installs an extension from a git repository URL or a local path.',
+  describe:
+    'Installs an extension from a git repository URL, local path, or claude marketplace (marketplace-url:plugin-name).',
  builder: (yargs) =>
    yargs
      .positional('source', {
-        describe: 'The github URL or local path of the extension to install.',
+        describe:
+          'The github URL, local path, or marketplace source (marketplace-url:plugin-name) of the extension to install.',
        type: 'string',
        demandOption: true,
      })
@@ -81,6 +92,16 @@ export const installCommand: CommandModule = {
        describe: 'Enable auto-update for this extension.',
        type: 'boolean',
      })
+      .option('pre-release', {
+        describe: 'Enable pre-release versions for this extension.',
+        type: 'boolean',
+      })
+      .option('consent', {
+        describe:
+          'Acknowledge the security risks of installing an extension and skip the confirmation prompt.',
+        type: 'boolean',
+        default: false,
+      })
      .check((argv) => {
        if (!argv.source) {
          throw new Error('The source argument must be provided.');
@@ -92,6 +113,8 @@ export const installCommand: CommandModule = {
      source: argv['source'] as string,
      ref: argv['ref'] as string | undefined,
      autoUpdate: argv['auto-update'] as boolean | undefined,
+      allowPreRelease: argv['pre-release'] as boolean | undefined,
+      consent: argv['consent'] as boolean | undefined,
    });
  },
 };
--- a/packages/cli/src/commands/extensions/link.test.ts
+++ b/packages/cli/src/commands/extensions/link.test.ts
@@ -0,0 +1,95 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  describe,
+  it,
+  expect,
+  vi,
+  beforeEach,
+  type MockInstance,
+} from 'vitest';
+import { linkCommand, handleLink } from './link.js';
+import yargs from 'yargs';
+
+const mockInstallExtension = vi.hoisted(() => vi.fn());
+
+vi.mock('./utils.js', () => ({
+  getExtensionManager: vi.fn().mockResolvedValue({
+    installExtension: mockInstallExtension,
+  }),
+}));
+
+vi.mock('./consent.js', () => ({
+  requestConsentNonInteractive: vi.fn().mockResolvedValue(true),
+  requestConsentOrFail: vi.fn(),
+}));
+
+vi.mock('../../utils/errors.js', () => ({
+  getErrorMessage: vi.fn((error: Error) => error.message),
+}));
+
+describe('extensions link command', () => {
+  it('should fail if no path is provided', () => {
+    const validationParser = yargs([])
+      .command(linkCommand)
+      .fail(false)
+      .locale('en');
+    expect(() => validationParser.parse('link')).toThrow(
+      'Not enough non-option arguments: got 0, need at least 1',
+    );
+  });
+
+  it('should accept a path argument', () => {
+    const parser = yargs([]).command(linkCommand).fail(false).locale('en');
+    expect(() => parser.parse('link /some/path')).not.toThrow();
+  });
+});
+
+describe('handleLink', () => {
+  let consoleLogSpy: MockInstance;
+  let consoleErrorSpy: MockInstance;
+  let processExitSpy: MockInstance;
+
+  beforeEach(() => {
+    consoleLogSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+    processExitSpy = vi
+      .spyOn(process, 'exit')
+      .mockImplementation(() => undefined as never);
+    vi.clearAllMocks();
+  });
+
+  it('should link an extension from a local path', async () => {
+    mockInstallExtension.mockResolvedValueOnce({ name: 'linked-extension' });
+
+    await handleLink({
+      path: '/some/local/path',
+    });
+
+    expect(mockInstallExtension).toHaveBeenCalledWith(
+      {
+        source: '/some/local/path',
+        type: 'link',
+      },
+      expect.any(Function),
+    );
+    expect(consoleLogSpy).toHaveBeenCalledWith(
+      'Extension "linked-extension" linked successfully and enabled.',
+    );
+  });
+
+  it('should handle errors and exit with code 1', async () => {
+    mockInstallExtension.mockRejectedValueOnce(new Error('Link failed'));
+
+    await handleLink({
+      path: '/some/local/path',
+    });
+
+    expect(consoleErrorSpy).toHaveBeenCalledWith('Link failed');
+    expect(processExitSpy).toHaveBeenCalledWith(1);
+  });
+});
--- a/packages/cli/src/commands/extensions/link.ts
+++ b/packages/cli/src/commands/extensions/link.ts
@@ -5,13 +5,13 @@
 */

 import type { CommandModule } from 'yargs';
-import {
-  installExtension,
-  requestConsentNonInteractive,
-} from '../../config/extension.js';
-import type { ExtensionInstallMetadata } from '@qwen-code/qwen-code-core';
-
+import { type ExtensionInstallMetadata } from '@qwen-code/qwen-code-core';
 import { getErrorMessage } from '../../utils/errors.js';
+import {
+  requestConsentNonInteractive,
+  requestConsentOrFail,
+} from './consent.js';
+import { getExtensionManager } from './utils.js';

 interface InstallArgs {
  path: string;
@@ -23,12 +23,14 @@ export async function handleLink(args: InstallArgs) {
      source: args.path,
      type: 'link',
    };
-    const extensionName = await installExtension(
+    const extensionManager = await getExtensionManager();
+
+    const extension = await extensionManager.installExtension(
      installMetadata,
-      requestConsentNonInteractive,
+      requestConsentOrFail.bind(null, requestConsentNonInteractive),
    );
    console.log(
-      `Extension "${extensionName}" linked successfully and enabled.`,
+      `Extension "${extension.name}" linked successfully and enabled.`,
    );
  } catch (error) {
    console.error(getErrorMessage(error));
--- a/packages/cli/src/commands/extensions/list.test.ts
+++ b/packages/cli/src/commands/extensions/list.test.ts
@@ -0,0 +1,90 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  describe,
+  it,
+  expect,
+  vi,
+  beforeEach,
+  type MockInstance,
+} from 'vitest';
+import { listCommand, handleList } from './list.js';
+import yargs from 'yargs';
+
+const mockGetLoadedExtensions = vi.hoisted(() => vi.fn());
+const mockToOutputString = vi.hoisted(() => vi.fn());
+
+vi.mock('./utils.js', () => ({
+  getExtensionManager: vi.fn().mockResolvedValue({
+    getLoadedExtensions: mockGetLoadedExtensions,
+    toOutputString: mockToOutputString,
+  }),
+}));
+
+vi.mock('../../utils/errors.js', () => ({
+  getErrorMessage: vi.fn((error: Error) => error.message),
+}));
+
+describe('extensions list command', () => {
+  it('should parse the list command', () => {
+    const parser = yargs([]).command(listCommand).fail(false).locale('en');
+    expect(() => parser.parse('list')).not.toThrow();
+  });
+});
+
+describe('handleList', () => {
+  let consoleLogSpy: MockInstance;
+  let consoleErrorSpy: MockInstance;
+  let processExitSpy: MockInstance;
+
+  beforeEach(() => {
+    consoleLogSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+    processExitSpy = vi
+      .spyOn(process, 'exit')
+      .mockImplementation(() => undefined as never);
+    vi.clearAllMocks();
+  });
+
+  it('should display message when no extensions are installed', async () => {
+    mockGetLoadedExtensions.mockReturnValueOnce([]);
+
+    await handleList();
+
+    expect(consoleLogSpy).toHaveBeenCalledWith('No extensions installed.');
+  });
+
+  it('should list installed extensions', async () => {
+    const mockExtensions = [
+      { name: 'extension-1', version: '1.0.0' },
+      { name: 'extension-2', version: '2.0.0' },
+    ];
+    mockGetLoadedExtensions.mockReturnValueOnce(mockExtensions);
+    mockToOutputString.mockImplementation(
+      (ext) => `${ext.name} (${ext.version})`,
+    );
+
+    await handleList();
+
+    expect(mockGetLoadedExtensions).toHaveBeenCalled();
+    expect(mockToOutputString).toHaveBeenCalledTimes(2);
+    expect(consoleLogSpy).toHaveBeenCalledWith(
+      'extension-1 (1.0.0)\n\nextension-2 (2.0.0)',
+    );
+  });
+
+  it('should handle errors and exit with code 1', async () => {
+    mockGetLoadedExtensions.mockImplementationOnce(() => {
+      throw new Error('List failed');
+    });
+
+    await handleList();
+
+    expect(consoleErrorSpy).toHaveBeenCalledWith('List failed');
+    expect(processExitSpy).toHaveBeenCalledWith(1);
+  });
+});
--- a/packages/cli/src/commands/extensions/list.ts
+++ b/packages/cli/src/commands/extensions/list.ts
@@ -5,19 +5,23 @@
 */

 import type { CommandModule } from 'yargs';
-import { loadUserExtensions, toOutputString } from '../../config/extension.js';
 import { getErrorMessage } from '../../utils/errors.js';
+import { getExtensionManager } from './utils.js';

 export async function handleList() {
  try {
-    const extensions = loadUserExtensions();
+    const extensionManager = await getExtensionManager();
+    const extensions = extensionManager.getLoadedExtensions();
+
    if (extensions.length === 0) {
      console.log('No extensions installed.');
      return;
    }
    console.log(
      extensions
-        .map((extension, _): string => toOutputString(extension, process.cwd()))
+        .map((extension, _): string =>
+          extensionManager.toOutputString(extension, process.cwd()),
+        )
        .join('\n\n'),
    );
  } catch (error) {
--- a/packages/cli/src/commands/extensions/uninstall.ts
+++ b/packages/cli/src/commands/extensions/uninstall.ts
@@ -5,8 +5,14 @@
 */

 import type { CommandModule } from 'yargs';
-import { uninstallExtension } from '../../config/extension.js';
 import { getErrorMessage } from '../../utils/errors.js';
+import { ExtensionManager } from '@qwen-code/qwen-code-core';
+import {
+  requestConsentNonInteractive,
+  requestConsentOrFail,
+} from './consent.js';
+import { isWorkspaceTrusted } from '../../config/trustedFolders.js';
+import { loadSettings } from '../../config/settings.js';

 interface UninstallArgs {
  name: string; // can be extension name or source URL.
@@ -14,7 +20,19 @@ interface UninstallArgs {

 export async function handleUninstall(args: UninstallArgs) {
  try {
-    await uninstallExtension(args.name);
+    const workspaceDir = process.cwd();
+    const extensionManager = new ExtensionManager({
+      workspaceDir,
+      requestConsent: requestConsentOrFail.bind(
+        null,
+        requestConsentNonInteractive,
+      ),
+      isWorkspaceTrusted: !!isWorkspaceTrusted(
+        loadSettings(workspaceDir).merged,
+      ),
+    });
+    await extensionManager.refreshCache();
+    await extensionManager.uninstallExtension(args.name, false);
    console.log(`Extension "${args.name}" successfully uninstalled.`);
  } catch (error) {
    console.error(getErrorMessage(error));
--- a/packages/cli/src/commands/extensions/update.test.ts
+++ b/packages/cli/src/commands/extensions/update.test.ts
@@ -0,0 +1,262 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  describe,
+  it,
+  expect,
+  vi,
+  beforeEach,
+  type MockInstance,
+} from 'vitest';
+import { updateCommand, handleUpdate } from './update.js';
+import yargs from 'yargs';
+import { ExtensionUpdateState } from '../../ui/state/extensions.js';
+
+const mockGetLoadedExtensions = vi.hoisted(() => vi.fn());
+const mockUpdateExtension = vi.hoisted(() => vi.fn());
+const mockCheckForAllExtensionUpdates = vi.hoisted(() => vi.fn());
+const mockUpdateAllUpdatableExtensions = vi.hoisted(() => vi.fn());
+const mockCheckForExtensionUpdate = vi.hoisted(() => vi.fn());
+
+vi.mock('./utils.js', () => ({
+  getExtensionManager: vi.fn().mockResolvedValue({
+    getLoadedExtensions: mockGetLoadedExtensions,
+    updateExtension: mockUpdateExtension,
+    checkForAllExtensionUpdates: mockCheckForAllExtensionUpdates,
+    updateAllUpdatableExtensions: mockUpdateAllUpdatableExtensions,
+  }),
+}));
+
+vi.mock('@qwen-code/qwen-code-core', () => ({
+  checkForExtensionUpdate: mockCheckForExtensionUpdate,
+}));
+
+vi.mock('../../utils/errors.js', () => ({
+  getErrorMessage: vi.fn((error: Error) => error.message),
+}));
+
+vi.mock('../../ui/state/extensions.js', () => ({
+  ExtensionUpdateState: {
+    UPDATE_AVAILABLE: 'update available',
+    UP_TO_DATE: 'up to date',
+    ERROR: 'error',
+  },
+}));
+
+describe('extensions update command', () => {
+  it('should fail if neither name nor --all is provided', () => {
+    const validationParser = yargs([])
+      .command(updateCommand)
+      .fail(false)
+      .locale('en');
+    expect(() => validationParser.parse('update')).toThrow(
+      'Either an extension name or --all must be provided',
+    );
+  });
+
+  it('should fail if both name and --all are provided', () => {
+    const validationParser = yargs([])
+      .command(updateCommand)
+      .fail(false)
+      .locale('en');
+    expect(() => validationParser.parse('update test-extension --all')).toThrow(
+      /Arguments .* are mutually exclusive/,
+    );
+  });
+
+  it('should accept --all flag', () => {
+    const parser = yargs([]).command(updateCommand).fail(false).locale('en');
+    expect(() => parser.parse('update --all')).not.toThrow();
+  });
+
+  it('should accept an extension name', () => {
+    const parser = yargs([]).command(updateCommand).fail(false).locale('en');
+    expect(() => parser.parse('update test-extension')).not.toThrow();
+  });
+});
+
+describe('handleUpdate', () => {
+  let consoleLogSpy: MockInstance;
+  let consoleErrorSpy: MockInstance;
+
+  beforeEach(() => {
+    consoleLogSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+    vi.clearAllMocks();
+  });
+
+  describe('update by name', () => {
+    it('should show message when extension is not found', async () => {
+      mockGetLoadedExtensions.mockReturnValueOnce([]);
+
+      await handleUpdate({ name: 'non-existent-extension' });
+
+      expect(consoleLogSpy).toHaveBeenCalledWith(
+        'Extension "non-existent-extension" not found.',
+      );
+    });
+
+    it('should show message when extension has no install metadata', async () => {
+      mockGetLoadedExtensions.mockReturnValueOnce([
+        { name: 'test-extension', installMetadata: undefined },
+      ]);
+
+      await handleUpdate({ name: 'test-extension' });
+
+      expect(consoleLogSpy).toHaveBeenCalledWith(
+        'Unable to install extension "test-extension" due to missing install metadata',
+      );
+    });
+
+    it('should show message when extension is already up to date', async () => {
+      const mockExtension = {
+        name: 'test-extension',
+        installMetadata: { source: 'test' },
+      };
+      mockGetLoadedExtensions.mockReturnValueOnce([mockExtension]);
+      mockCheckForExtensionUpdate.mockResolvedValueOnce(
+        ExtensionUpdateState.UP_TO_DATE,
+      );
+
+      await handleUpdate({ name: 'test-extension' });
+
+      expect(consoleLogSpy).toHaveBeenCalledWith(
+        'Extension "test-extension" is already up to date.',
+      );
+    });
+
+    it('should update extension when update is available', async () => {
+      const mockExtension = {
+        name: 'test-extension',
+        installMetadata: { source: 'test' },
+      };
+      mockGetLoadedExtensions.mockReturnValueOnce([mockExtension]);
+      mockCheckForExtensionUpdate.mockResolvedValueOnce(
+        ExtensionUpdateState.UPDATE_AVAILABLE,
+      );
+      mockUpdateExtension.mockResolvedValueOnce({
+        name: 'test-extension',
+        originalVersion: '1.0.0',
+        updatedVersion: '2.0.0',
+      });
+
+      await handleUpdate({ name: 'test-extension' });
+
+      expect(mockUpdateExtension).toHaveBeenCalledWith(
+        mockExtension,
+        ExtensionUpdateState.UPDATE_AVAILABLE,
+        expect.any(Function),
+      );
+      expect(consoleLogSpy).toHaveBeenCalledWith(
+        'Extension "test-extension" successfully updated: 1.0.0 → 2.0.0.',
+      );
+    });
+
+    it('should show up to date message when versions are the same after update', async () => {
+      const mockExtension = {
+        name: 'test-extension',
+        installMetadata: { source: 'test' },
+      };
+      mockGetLoadedExtensions.mockReturnValueOnce([mockExtension]);
+      mockCheckForExtensionUpdate.mockResolvedValueOnce(
+        ExtensionUpdateState.UPDATE_AVAILABLE,
+      );
+      mockUpdateExtension.mockResolvedValueOnce({
+        name: 'test-extension',
+        originalVersion: '1.0.0',
+        updatedVersion: '1.0.0',
+      });
+
+      await handleUpdate({ name: 'test-extension' });
+
+      expect(consoleLogSpy).toHaveBeenCalledWith(
+        'Extension "test-extension" is already up to date.',
+      );
+    });
+
+    it('should handle errors during update', async () => {
+      const mockExtension = {
+        name: 'test-extension',
+        installMetadata: { source: 'test' },
+      };
+      mockGetLoadedExtensions.mockReturnValueOnce([mockExtension]);
+      mockCheckForExtensionUpdate.mockRejectedValueOnce(
+        new Error('Update check failed'),
+      );
+
+      await handleUpdate({ name: 'test-extension' });
+
+      expect(consoleErrorSpy).toHaveBeenCalledWith('Update check failed');
+    });
+  });
+
+  describe('update all', () => {
+    it('should show message when no extensions to update', async () => {
+      mockCheckForAllExtensionUpdates.mockResolvedValueOnce(undefined);
+      mockUpdateAllUpdatableExtensions.mockResolvedValueOnce([]);
+
+      await handleUpdate({ all: true });
+
+      expect(consoleLogSpy).toHaveBeenCalledWith('No extensions to update.');
+    });
+
+    it('should update all extensions with updates available', async () => {
+      mockCheckForAllExtensionUpdates.mockResolvedValueOnce(undefined);
+      mockUpdateAllUpdatableExtensions.mockResolvedValueOnce([
+        {
+          name: 'extension-1',
+          originalVersion: '1.0.0',
+          updatedVersion: '2.0.0',
+        },
+        {
+          name: 'extension-2',
+          originalVersion: '1.0.0',
+          updatedVersion: '1.5.0',
+        },
+      ]);
+
+      await handleUpdate({ all: true });
+
+      expect(consoleLogSpy).toHaveBeenCalledWith(
+        'Extension "extension-1" successfully updated: 1.0.0 → 2.0.0.\n' +
+          'Extension "extension-2" successfully updated: 1.0.0 → 1.5.0.',
+      );
+    });
+
+    it('should filter out extensions with same version after update', async () => {
+      mockCheckForAllExtensionUpdates.mockResolvedValueOnce(undefined);
+      mockUpdateAllUpdatableExtensions.mockResolvedValueOnce([
+        {
+          name: 'extension-1',
+          originalVersion: '1.0.0',
+          updatedVersion: '2.0.0',
+        },
+        {
+          name: 'extension-2',
+          originalVersion: '1.0.0',
+          updatedVersion: '1.0.0',
+        },
+      ]);
+
+      await handleUpdate({ all: true });
+
+      expect(consoleLogSpy).toHaveBeenCalledWith(
+        'Extension "extension-1" successfully updated: 1.0.0 → 2.0.0.',
+      );
+    });
+
+    it('should handle errors during update all', async () => {
+      mockCheckForAllExtensionUpdates.mockRejectedValueOnce(
+        new Error('Update all failed'),
+      );
+
+      await handleUpdate({ all: true });
+
+      expect(consoleErrorSpy).toHaveBeenCalledWith('Update all failed');
+    });
+  });
+});
--- a/packages/cli/src/commands/extensions/update.ts
+++ b/packages/cli/src/commands/extensions/update.ts
@@ -5,22 +5,13 @@
 */

 import type { CommandModule } from 'yargs';
-import {
-  loadExtensions,
-  annotateActiveExtensions,
-  ExtensionStorage,
-  requestConsentNonInteractive,
-} from '../../config/extension.js';
-import {
-  updateAllUpdatableExtensions,
-  type ExtensionUpdateInfo,
-  checkForAllExtensionUpdates,
-  updateExtension,
-} from '../../config/extensions/update.js';
-import { checkForExtensionUpdate } from '../../config/extensions/github.js';
 import { getErrorMessage } from '../../utils/errors.js';
 import { ExtensionUpdateState } from '../../ui/state/extensions.js';
-import { ExtensionEnablementManager } from '../../config/extensions/extensionEnablement.js';
+import {
+  checkForExtensionUpdate,
+  type ExtensionUpdateInfo,
+} from '@qwen-code/qwen-code-core';
+import { getExtensionManager } from './utils.js';

 interface UpdateArgs {
  name?: string;
@@ -31,19 +22,9 @@ const updateOutput = (info: ExtensionUpdateInfo) =>
  `Extension "${info.name}" successfully updated: ${info.originalVersion} → ${info.updatedVersion}.`;

 export async function handleUpdate(args: UpdateArgs) {
-  const workingDir = process.cwd();
-  const extensionEnablementManager = new ExtensionEnablementManager(
-    ExtensionStorage.getUserExtensionsDir(),
-    // Force enable named extensions, otherwise we will only update the enabled
-    // ones.
-    args.name ? [args.name] : [],
-  );
-  const allExtensions = loadExtensions(extensionEnablementManager);
-  const extensions = annotateActiveExtensions(
-    allExtensions,
-    workingDir,
-    extensionEnablementManager,
-  );
+  const extensionManager = await getExtensionManager();
+  const extensions = extensionManager.getLoadedExtensions();
+
  if (args.name) {
    try {
      const extension = extensions.find(
@@ -53,25 +34,23 @@ export async function handleUpdate(args: UpdateArgs) {
        console.log(`Extension "${args.name}" not found.`);
        return;
      }
-      let updateState: ExtensionUpdateState | undefined;
      if (!extension.installMetadata) {
        console.log(
          `Unable to install extension "${args.name}" due to missing install metadata`,
        );
        return;
      }
-      await checkForExtensionUpdate(extension, (newState) => {
-        updateState = newState;
-      });
+      const updateState = await checkForExtensionUpdate(
+        extension,
+        extensionManager,
+      );
      if (updateState !== ExtensionUpdateState.UPDATE_AVAILABLE) {
        console.log(`Extension "${args.name}" is already up to date.`);
        return;
      }
      // TODO(chrstnb): we should list extensions if the requested extension is not installed.
-      const updatedExtensionInfo = (await updateExtension(
+      const updatedExtensionInfo = (await extensionManager.updateExtension(
        extension,
-        workingDir,
-        requestConsentNonInteractive,
        updateState,
        () => {},
      ))!;
@@ -92,18 +71,15 @@ export async function handleUpdate(args: UpdateArgs) {
  if (args.all) {
    try {
      const extensionState = new Map();
-      await checkForAllExtensionUpdates(extensions, (action) => {
-        if (action.type === 'SET_STATE') {
-          extensionState.set(action.payload.name, {
-            status: action.payload.state,
+      await extensionManager.checkForAllExtensionUpdates(
+        (extensionName, state) => {
+          extensionState.set(extensionName, {
+            status: state,
            processed: true, // No need to process as we will force the update.
          });
-        }
-      });
-      let updateInfos = await updateAllUpdatableExtensions(
-        workingDir,
-        requestConsentNonInteractive,
-        extensions,
+        },
+      );
+      let updateInfos = await extensionManager.updateAllUpdatableExtensions(
        extensionState,
        () => {},
      );
--- a/packages/cli/src/commands/extensions/utils.test.ts
+++ b/packages/cli/src/commands/extensions/utils.test.ts
@@ -0,0 +1,66 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { getExtensionManager } from './utils.js';
+
+const mockRefreshCache = vi.fn();
+const mockExtensionManagerInstance = {
+  refreshCache: mockRefreshCache,
+};
+
+vi.mock('@qwen-code/qwen-code-core', () => ({
+  ExtensionManager: vi
+    .fn()
+    .mockImplementation(() => mockExtensionManagerInstance),
+}));
+
+vi.mock('../../config/settings.js', () => ({
+  loadSettings: vi.fn().mockReturnValue({
+    merged: {},
+  }),
+}));
+
+vi.mock('../../config/trustedFolders.js', () => ({
+  isWorkspaceTrusted: vi.fn().mockReturnValue({ isTrusted: true }),
+}));
+
+vi.mock('./consent.js', () => ({
+  requestConsentOrFail: vi.fn(),
+  requestConsentNonInteractive: vi.fn(),
+}));
+
+describe('getExtensionManager', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockRefreshCache.mockResolvedValue(undefined);
+  });
+
+  it('should return an ExtensionManager instance', async () => {
+    const manager = await getExtensionManager();
+
+    expect(manager).toBeDefined();
+    expect(manager).toBe(mockExtensionManagerInstance);
+  });
+
+  it('should call refreshCache on the ExtensionManager', async () => {
+    await getExtensionManager();
+
+    expect(mockRefreshCache).toHaveBeenCalled();
+  });
+
+  it('should use current working directory as workspace', async () => {
+    const { ExtensionManager } = await import('@qwen-code/qwen-code-core');
+
+    await getExtensionManager();
+
+    expect(ExtensionManager).toHaveBeenCalledWith(
+      expect.objectContaining({
+        workspaceDir: process.cwd(),
+      }),
+    );
+  });
+});
--- a/packages/cli/src/commands/extensions/utils.ts
+++ b/packages/cli/src/commands/extensions/utils.ts
@@ -0,0 +1,27 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { ExtensionManager } from '@qwen-code/qwen-code-core';
+import { loadSettings } from '../../config/settings.js';
+import {
+  requestConsentOrFail,
+  requestConsentNonInteractive,
+} from './consent.js';
+import { isWorkspaceTrusted } from '../../config/trustedFolders.js';
+
+export async function getExtensionManager(): Promise<ExtensionManager> {
+  const workspaceDir = process.cwd();
+  const extensionManager = new ExtensionManager({
+    workspaceDir,
+    requestConsent: requestConsentOrFail.bind(
+      null,
+      requestConsentNonInteractive,
+    ),
+    isWorkspaceTrusted: !!isWorkspaceTrusted(loadSettings(workspaceDir).merged),
+  });
+  await extensionManager.refreshCache();
+  return extensionManager;
+}
--- a/packages/cli/src/commands/mcp/list.test.ts
+++ b/packages/cli/src/commands/mcp/list.test.ts
@@ -7,7 +7,8 @@
 import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { listMcpServers } from './list.js';
 import { loadSettings } from '../../config/settings.js';
-import { ExtensionStorage, loadExtensions } from '../../config/extension.js';
+import { loadExtensions } from '../../config/extension.js';
+import { ExtensionStorage } from '../../config/extensions/storage.js';
 import { createTransport } from '@qwen-code/qwen-code-core';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';

--- a/packages/cli/src/commands/mcp/list.ts
+++ b/packages/cli/src/commands/mcp/list.ts
@@ -8,10 +8,13 @@
 import type { CommandModule } from 'yargs';
 import { loadSettings } from '../../config/settings.js';
 import type { MCPServerConfig } from '@qwen-code/qwen-code-core';
-import { MCPServerStatus, createTransport } from '@qwen-code/qwen-code-core';
+import {
+  MCPServerStatus,
+  createTransport,
+  ExtensionManager,
+} from '@qwen-code/qwen-code-core';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
-import { ExtensionStorage, loadExtensions } from '../../config/extension.js';
-import { ExtensionEnablementManager } from '../../config/extensions/extensionEnablement.js';
+import { isWorkspaceTrusted } from '../../config/trustedFolders.js';

 const COLOR_GREEN = '\u001b[32m';
 const COLOR_YELLOW = '\u001b[33m';
@@ -22,22 +25,27 @@ async function getMcpServersFromConfig(): Promise<
  Record<string, MCPServerConfig>
 > {
  const settings = loadSettings();
-  const extensions = loadExtensions(
-    new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-  );
+  const extensionManager = new ExtensionManager({
+    isWorkspaceTrusted: !!isWorkspaceTrusted(settings.merged),
+    telemetrySettings: settings.merged.telemetry,
+  });
+  await extensionManager.refreshCache();
+  const extensions = extensionManager.getLoadedExtensions();
  const mcpServers = { ...(settings.merged.mcpServers || {}) };
  for (const extension of extensions) {
-    Object.entries(extension.config.mcpServers || {}).forEach(
-      ([key, server]) => {
-        if (mcpServers[key]) {
-          return;
-        }
-        mcpServers[key] = {
-          ...server,
-          extensionName: extension.config.name,
-        };
-      },
-    );
+    if (extension.isActive) {
+      Object.entries(extension.config.mcpServers || {}).forEach(
+        ([key, server]) => {
+          if (mcpServers[key]) {
+            return;
+          }
+          mcpServers[key] = {
+            ...server,
+            extensionName: extension.config.name,
+          };
+        },
+      );
+    }
  }
  return mcpServers;
 }
--- a/packages/cli/src/config/auth.test.ts
+++ b/packages/cli/src/config/auth.test.ts
@@ -1,41 +1,112 @@
 /**
 * @license
- * Copyright 2025 Google LLC
+ * Copyright 2025 Qwen Team
 * SPDX-License-Identifier: Apache-2.0
 */

 import { AuthType } from '@qwen-code/qwen-code-core';
 import { vi } from 'vitest';
 import { validateAuthMethod } from './auth.js';
+import * as settings from './settings.js';

 vi.mock('./settings.js', () => ({
  loadEnvironment: vi.fn(),
  loadSettings: vi.fn().mockReturnValue({
-    merged: vi.fn().mockReturnValue({}),
+    merged: {},
  }),
 }));

 describe('validateAuthMethod', () => {
  beforeEach(() => {
    vi.resetModules();
+    // Reset mock to default
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {},
+    } as ReturnType<typeof settings.loadSettings>);
  });

  afterEach(() => {
    vi.unstubAllEnvs();
+    delete process.env['OPENAI_API_KEY'];
+    delete process.env['CUSTOM_API_KEY'];
+    delete process.env['GEMINI_API_KEY'];
+    delete process.env['GEMINI_API_KEY_ALTERED'];
+    delete process.env['ANTHROPIC_API_KEY'];
+    delete process.env['ANTHROPIC_BASE_URL'];
+    delete process.env['GOOGLE_API_KEY'];
  });

-  it('should return null for USE_OPENAI', () => {
+  it('should return null for USE_OPENAI with default env key', () => {
    process.env['OPENAI_API_KEY'] = 'fake-key';
    expect(validateAuthMethod(AuthType.USE_OPENAI)).toBeNull();
  });

-  it('should return an error message for USE_OPENAI if OPENAI_API_KEY is not set', () => {
-    delete process.env['OPENAI_API_KEY'];
+  it('should return an error message for USE_OPENAI if no API key is available', () => {
    expect(validateAuthMethod(AuthType.USE_OPENAI)).toBe(
-      'OPENAI_API_KEY environment variable not found. You can enter it interactively or add it to your .env file.',
+      "Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the 'OPENAI_API_KEY' environment variable.",
    );
  });

+  it('should return null for USE_OPENAI with custom envKey from modelProviders', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'custom-model' },
+        modelProviders: {
+          openai: [{ id: 'custom-model', envKey: 'CUSTOM_API_KEY' }],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['CUSTOM_API_KEY'] = 'custom-key';
+
+    expect(validateAuthMethod(AuthType.USE_OPENAI)).toBeNull();
+  });
+
+  it('should return error with custom envKey hint when modelProviders envKey is set but env var is missing', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'custom-model' },
+        modelProviders: {
+          openai: [{ id: 'custom-model', envKey: 'CUSTOM_API_KEY' }],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+
+    const result = validateAuthMethod(AuthType.USE_OPENAI);
+    expect(result).toContain('CUSTOM_API_KEY');
+  });
+
+  it('should return null for USE_GEMINI with custom envKey', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'gemini-1.5-flash' },
+        modelProviders: {
+          gemini: [
+            { id: 'gemini-1.5-flash', envKey: 'GEMINI_API_KEY_ALTERED' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['GEMINI_API_KEY_ALTERED'] = 'altered-key';
+
+    expect(validateAuthMethod(AuthType.USE_GEMINI)).toBeNull();
+  });
+
+  it('should return error with custom envKey for USE_GEMINI when env var is missing', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'gemini-1.5-flash' },
+        modelProviders: {
+          gemini: [
+            { id: 'gemini-1.5-flash', envKey: 'GEMINI_API_KEY_ALTERED' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+
+    const result = validateAuthMethod(AuthType.USE_GEMINI);
+    expect(result).toContain('GEMINI_API_KEY_ALTERED');
+  });
+
  it('should return null for QWEN_OAUTH', () => {
    expect(validateAuthMethod(AuthType.QWEN_OAUTH)).toBeNull();
  });
@@ -45,4 +116,115 @@ describe('validateAuthMethod', () => {
      'Invalid auth method selected.',
    );
  });
+
+  it('should return null for USE_ANTHROPIC with custom envKey and baseUrl', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'claude-3' },
+        modelProviders: {
+          anthropic: [
+            {
+              id: 'claude-3',
+              envKey: 'CUSTOM_ANTHROPIC_KEY',
+              baseUrl: 'https://api.anthropic.com',
+            },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['CUSTOM_ANTHROPIC_KEY'] = 'custom-anthropic-key';
+
+    expect(validateAuthMethod(AuthType.USE_ANTHROPIC)).toBeNull();
+  });
+
+  it('should return error for USE_ANTHROPIC when baseUrl is missing', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'claude-3' },
+        modelProviders: {
+          anthropic: [{ id: 'claude-3', envKey: 'CUSTOM_ANTHROPIC_KEY' }],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['CUSTOM_ANTHROPIC_KEY'] = 'custom-key';
+
+    const result = validateAuthMethod(AuthType.USE_ANTHROPIC);
+    expect(result).toContain('modelProviders[].baseUrl');
+  });
+
+  it('should return null for USE_VERTEX_AI with custom envKey', () => {
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'vertex-model' },
+        modelProviders: {
+          'vertex-ai': [
+            { id: 'vertex-model', envKey: 'GOOGLE_API_KEY_VERTEX' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+    process.env['GOOGLE_API_KEY_VERTEX'] = 'vertex-key';
+
+    expect(validateAuthMethod(AuthType.USE_VERTEX_AI)).toBeNull();
+  });
+
+  it('should use config.modelsConfig.getModel() when Config is provided', () => {
+    // Settings has a different model
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'settings-model' },
+        modelProviders: {
+          openai: [
+            { id: 'settings-model', envKey: 'SETTINGS_API_KEY' },
+            { id: 'cli-model', envKey: 'CLI_API_KEY' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+
+    // Mock Config object that returns a different model (e.g., from CLI args)
+    const mockConfig = {
+      modelsConfig: {
+        getModel: vi.fn().mockReturnValue('cli-model'),
+      },
+    } as unknown as import('@qwen-code/qwen-code-core').Config;
+
+    // Set the env key for the CLI model, not the settings model
+    process.env['CLI_API_KEY'] = 'cli-key';
+
+    // Should use 'cli-model' from config.modelsConfig.getModel(), not 'settings-model'
+    const result = validateAuthMethod(AuthType.USE_OPENAI, mockConfig);
+    expect(result).toBeNull();
+    expect(mockConfig.modelsConfig.getModel).toHaveBeenCalled();
+  });
+
+  it('should fail validation when Config provides different model without matching env key', () => {
+    // Clean up any existing env keys first
+    delete process.env['CLI_API_KEY'];
+    delete process.env['SETTINGS_API_KEY'];
+    delete process.env['OPENAI_API_KEY'];
+
+    vi.mocked(settings.loadSettings).mockReturnValue({
+      merged: {
+        model: { name: 'settings-model' },
+        modelProviders: {
+          openai: [
+            { id: 'settings-model', envKey: 'SETTINGS_API_KEY' },
+            { id: 'cli-model', envKey: 'CLI_API_KEY' },
+          ],
+        },
+      },
+    } as unknown as ReturnType<typeof settings.loadSettings>);
+
+    const mockConfig = {
+      modelsConfig: {
+        getModel: vi.fn().mockReturnValue('cli-model'),
+      },
+    } as unknown as import('@qwen-code/qwen-code-core').Config;
+
+    // Don't set CLI_API_KEY - validation should fail
+    const result = validateAuthMethod(AuthType.USE_OPENAI, mockConfig);
+    expect(result).not.toBeNull();
+    expect(result).toContain('CLI_API_KEY');
+  });
 });
--- a/packages/cli/src/config/auth.ts
+++ b/packages/cli/src/config/auth.ts
@@ -1,21 +1,169 @@
 /**
 * @license
- * Copyright 2025 Google LLC
+ * Copyright 2025 Qwen Team
 * SPDX-License-Identifier: Apache-2.0
 */

-import { AuthType } from '@qwen-code/qwen-code-core';
-import { loadEnvironment, loadSettings } from './settings.js';
+import {
+  AuthType,
+  type Config,
+  type ModelProvidersConfig,
+  type ProviderModelConfig,
+} from '@qwen-code/qwen-code-core';
+import { loadEnvironment, loadSettings, type Settings } from './settings.js';
+import { t } from '../i18n/index.js';

-export function validateAuthMethod(authMethod: string): string | null {
+/**
+ * Default environment variable names for each auth type
+ */
+const DEFAULT_ENV_KEYS: Record<string, string> = {
+  [AuthType.USE_OPENAI]: 'OPENAI_API_KEY',
+  [AuthType.USE_ANTHROPIC]: 'ANTHROPIC_API_KEY',
+  [AuthType.USE_GEMINI]: 'GEMINI_API_KEY',
+  [AuthType.USE_VERTEX_AI]: 'GOOGLE_API_KEY',
+};
+
+/**
+ * Find model configuration from modelProviders by authType and modelId
+ */
+function findModelConfig(
+  modelProviders: ModelProvidersConfig | undefined,
+  authType: string,
+  modelId: string | undefined,
+): ProviderModelConfig | undefined {
+  if (!modelProviders || !modelId) {
+    return undefined;
+  }
+
+  const models = modelProviders[authType];
+  if (!Array.isArray(models)) {
+    return undefined;
+  }
+
+  return models.find((m) => m.id === modelId);
+}
+
+/**
+ * Check if API key is available for the given auth type and model configuration.
+ * Prioritizes custom envKey from modelProviders over default environment variables.
+ */
+function hasApiKeyForAuth(
+  authType: string,
+  settings: Settings,
+  config?: Config,
+): {
+  hasKey: boolean;
+  checkedEnvKey: string | undefined;
+  isExplicitEnvKey: boolean;
+} {
+  const modelProviders = settings.modelProviders as
+    | ModelProvidersConfig
+    | undefined;
+
+  // Use config.modelsConfig.getModel() if available for accurate model ID resolution
+  // that accounts for CLI args, env vars, and settings. Fall back to settings.model.name.
+  const modelId = config?.modelsConfig.getModel() ?? settings.model?.name;
+
+  // Try to find model-specific envKey from modelProviders
+  const modelConfig = findModelConfig(modelProviders, authType, modelId);
+  if (modelConfig?.envKey) {
+    // Explicit envKey configured - only check this env var, no apiKey fallback
+    const hasKey = !!process.env[modelConfig.envKey];
+    return {
+      hasKey,
+      checkedEnvKey: modelConfig.envKey,
+      isExplicitEnvKey: true,
+    };
+  }
+
+  // Using default environment variable - apiKey fallback is allowed
+  const defaultEnvKey = DEFAULT_ENV_KEYS[authType];
+  if (defaultEnvKey) {
+    const hasKey = !!process.env[defaultEnvKey];
+    if (hasKey) {
+      return { hasKey, checkedEnvKey: defaultEnvKey, isExplicitEnvKey: false };
+    }
+  }
+
+  // Also check settings.security.auth.apiKey as fallback (only for default env key)
+  if (settings.security?.auth?.apiKey) {
+    return {
+      hasKey: true,
+      checkedEnvKey: defaultEnvKey || undefined,
+      isExplicitEnvKey: false,
+    };
+  }
+
+  return {
+    hasKey: false,
+    checkedEnvKey: defaultEnvKey,
+    isExplicitEnvKey: false,
+  };
+}
+
+/**
+ * Generate API key error message based on auth check result.
+ * Returns null if API key is present, otherwise returns the appropriate error message.
+ */
+function getApiKeyError(
+  authMethod: string,
+  settings: Settings,
+  config?: Config,
+): string | null {
+  const { hasKey, checkedEnvKey, isExplicitEnvKey } = hasApiKeyForAuth(
+    authMethod,
+    settings,
+    config,
+  );
+  if (hasKey) {
+    return null;
+  }
+
+  const envKeyHint = checkedEnvKey || DEFAULT_ENV_KEYS[authMethod];
+  if (isExplicitEnvKey) {
+    return t(
+      '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.',
+      { envKeyHint },
+    );
+  }
+  return t(
+    '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.',
+    { envKeyHint },
+  );
+}
+
+/**
+ * Validate that the required credentials and configuration exist for the given auth method.
+ */
+export function validateAuthMethod(
+  authMethod: string,
+  config?: Config,
+): string | null {
  const settings = loadSettings();
  loadEnvironment(settings.merged);

  if (authMethod === AuthType.USE_OPENAI) {
-    const hasApiKey =
-      process.env['OPENAI_API_KEY'] || settings.merged.security?.auth?.apiKey;
-    if (!hasApiKey) {
-      return 'OPENAI_API_KEY environment variable not found. You can enter it interactively or add it to your .env file.';
+    const { hasKey, checkedEnvKey, isExplicitEnvKey } = hasApiKeyForAuth(
+      authMethod,
+      settings.merged,
+      config,
+    );
+    if (!hasKey) {
+      const envKeyHint = checkedEnvKey
+        ? `'${checkedEnvKey}'`
+        : "'OPENAI_API_KEY'";
+      if (isExplicitEnvKey) {
+        // Explicit envKey configured - only suggest setting the env var
+        return t(
+          'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.',
+          { envKeyHint },
+        );
+      }
+      // Default env key - can use either apiKey or env var
+      return t(
+        'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.',
+        { envKeyHint },
+      );
    }
    return null;
  }
@@ -27,36 +175,49 @@ export function validateAuthMethod(authMethod: string): string | null {
  }

  if (authMethod === AuthType.USE_ANTHROPIC) {
-    const hasApiKey = process.env['ANTHROPIC_API_KEY'];
-    if (!hasApiKey) {
-      return 'ANTHROPIC_API_KEY environment variable not found.';
+    const apiKeyError = getApiKeyError(authMethod, settings.merged, config);
+    if (apiKeyError) {
+      return apiKeyError;
    }

-    const hasBaseUrl = process.env['ANTHROPIC_BASE_URL'];
-    if (!hasBaseUrl) {
-      return 'ANTHROPIC_BASE_URL environment variable not found.';
+    // Check baseUrl - can come from modelProviders or environment
+    const modelProviders = settings.merged.modelProviders as
+      | ModelProvidersConfig
+      | undefined;
+    // Use config.modelsConfig.getModel() if available for accurate model ID
+    const modelId =
+      config?.modelsConfig.getModel() ?? settings.merged.model?.name;
+    const modelConfig = findModelConfig(modelProviders, authMethod, modelId);
+
+    if (modelConfig && !modelConfig.baseUrl) {
+      return t(
+        'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.',
+      );
+    }
+    if (!modelConfig && !process.env['ANTHROPIC_BASE_URL']) {
+      return t('ANTHROPIC_BASE_URL environment variable not found.');
    }

    return null;
  }

  if (authMethod === AuthType.USE_GEMINI) {
-    const hasApiKey = process.env['GEMINI_API_KEY'];
-    if (!hasApiKey) {
-      return 'GEMINI_API_KEY environment variable not found. Please set it in your .env file or environment variables.';
+    const apiKeyError = getApiKeyError(authMethod, settings.merged, config);
+    if (apiKeyError) {
+      return apiKeyError;
    }
    return null;
  }

  if (authMethod === AuthType.USE_VERTEX_AI) {
-    const hasApiKey = process.env['GOOGLE_API_KEY'];
-    if (!hasApiKey) {
-      return 'GOOGLE_API_KEY environment variable not found. Please set it in your .env file or environment variables.';
+    const apiKeyError = getApiKeyError(authMethod, settings.merged, config);
+    if (apiKeyError) {
+      return apiKeyError;
    }

    process.env['GOOGLE_GENAI_USE_VERTEXAI'] = 'true';
    return null;
  }

-  return 'Invalid auth method selected.';
+  return t('Invalid auth method selected.');
 }
--- a/packages/cli/src/config/config.integration.test.ts
+++ b/packages/cli/src/config/config.integration.test.ts
@@ -231,18 +231,21 @@ describe('Configuration Integration Tests', () => {
      expect(config.getExtensionContextFilePaths()).toEqual([]);
    });

-    it('should correctly store and return extension context file paths', () => {
-      const contextFiles = ['/path/to/file1.txt', '/path/to/file2.js'];
+    it('should correctly store and return extension context file paths with outputLanguageFilePath', () => {
+      const outputLanguageFilePath = '/path/to/language.txt';
      const configParams: ConfigParameters = {
        cwd: '/tmp',
        generationConfig: TEST_CONTENT_GENERATOR_CONFIG,
        embeddingModel: 'test-embedding-model',
        targetDir: tempDir,
        debugMode: false,
-        extensionContextFilePaths: contextFiles,
+        outputLanguageFilePath,
      };
      const config = new Config(configParams);
-      expect(config.getExtensionContextFilePaths()).toEqual(contextFiles);
+      // outputLanguageFilePath should be included in extension context file paths
+      expect(config.getExtensionContextFilePaths()).toContain(
+        outputLanguageFilePath,
+      );
    });
  });

--- a/packages/cli/src/config/config.test.ts
+++ b/packages/cli/src/config/config.test.ts
--- a/packages/cli/src/config/config.ts
+++ b/packages/cli/src/config/config.ts
@@ -9,7 +9,6 @@ import {
  AuthType,
  Config,
  DEFAULT_QWEN_EMBEDDING_MODEL,
-  DEFAULT_MEMORY_FILE_FILTERING_OPTIONS,
  FileDiscoveryService,
  getCurrentGeminiMdFilename,
  loadServerHierarchicalMemory,
@@ -22,8 +21,6 @@ import {
  isToolEnabled,
  SessionService,
  type ResumedSessionData,
-  type FileFilteringOptions,
-  type MCPServerConfig,
  type ToolName,
  EditTool,
  ShellTool,
@@ -31,6 +28,10 @@ import {
 } from '@qwen-code/qwen-code-core';
 import { extensionsCommand } from '../commands/extensions.js';
 import type { Settings } from './settings.js';
+import {
+  resolveCliGenerationConfig,
+  getAuthTypeFromEnv,
+} from '../utils/modelConfigUtils.js';
 import yargs, { type Argv } from 'yargs';
 import { hideBin } from 'yargs/helpers';
 import * as fs from 'node:fs';
@@ -39,14 +40,11 @@ import { homedir } from 'node:os';

 import { resolvePath } from '../utils/resolvePath.js';
 import { getCliVersion } from '../utils/version.js';
-import type { Extension } from './extension.js';
-import { annotateActiveExtensions } from './extension.js';
 import { loadSandboxConfig } from './sandboxConfig.js';
 import { appEvents } from '../utils/events.js';
 import { mcpCommand } from '../commands/mcp.js';

 import { isWorkspaceTrusted } from './trustedFolders.js';
-import type { ExtensionEnablementManager } from './extensions/extensionEnablement.js';
 import { buildWebSearchConfig } from './webSearch.js';

 // Simple console logger for now - replace with actual logger if available
@@ -166,7 +164,17 @@ function normalizeOutputFormat(
 }

 export async function parseArguments(settings: Settings): Promise<CliArgs> {
-  const rawArgv = hideBin(process.argv);
+  let rawArgv = hideBin(process.argv);
+
+  // hack: if the first argument is the CLI entry point, remove it
+  if (
+    rawArgv.length > 0 &&
+    (rawArgv[0].endsWith('/dist/qwen-cli/cli.js') ||
+      rawArgv[0].endsWith('/dist/cli.js'))
+  ) {
+    rawArgv = rawArgv.slice(1);
+  }
+
  const yargsInstance = yargs(rawArgv)
    .locale('en')
    .scriptName('qwen')
@@ -320,7 +328,14 @@ export async function parseArguments(settings: Settings): Promise<CliArgs> {
        .option('experimental-skills', {
          type: 'boolean',
          description: 'Enable experimental Skills feature',
-          default: false,
+          default: (() => {
+            const legacySkills = (
+              settings as Settings & {
+                tools?: { experimental?: { skills?: boolean } };
+              }
+            ).tools?.experimental?.skills;
+            return settings.experimental?.skills ?? legacySkills ?? false;
+          })(),
        })
        .option('channel', {
          type: 'string',
@@ -546,11 +561,9 @@ export async function parseArguments(settings: Settings): Promise<CliArgs> {
        }),
    )
    // Register MCP subcommands
-    .command(mcpCommand);
-
-  if (settings?.experimental?.extensionManagement ?? true) {
-    yargsInstance.command(extensionsCommand);
-  }
+    .command(mcpCommand)
+    // Register Extension subcommands
+    .command(extensionsCommand);

  yargsInstance
    .version(await getCliVersion()) // This will enable the --version flag based on package.json
@@ -625,11 +638,9 @@ export async function loadHierarchicalGeminiMemory(
  includeDirectoriesToReadGemini: readonly string[] = [],
  debugMode: boolean,
  fileService: FileDiscoveryService,
-  settings: Settings,
  extensionContextFilePaths: string[] = [],
  folderTrust: boolean,
  memoryImportFormat: 'flat' | 'tree' = 'tree',
-  fileFilteringOptions?: FileFilteringOptions,
 ): Promise<{ memoryContent: string; fileCount: number }> {
  // FIX: Use real, canonical paths for a reliable comparison to handle symlinks.
  const realCwd = fs.realpathSync(path.resolve(currentWorkingDirectory));
@@ -655,8 +666,6 @@ export async function loadHierarchicalGeminiMemory(
    extensionContextFilePaths,
    folderTrust,
    memoryImportFormat,
-    fileFilteringOptions,
-    settings.context?.discoveryMaxDirs,
  );
 }

@@ -671,30 +680,17 @@ export function isDebugMode(argv: CliArgs): boolean {

 export async function loadCliConfig(
  settings: Settings,
-  extensions: Extension[],
-  extensionEnablementManager: ExtensionEnablementManager,
  argv: CliArgs,
  cwd: string = process.cwd(),
+  overrideExtensions?: string[],
 ): Promise<Config> {
  const debugMode = isDebugMode(argv);

-  const memoryImportFormat = settings.context?.importFormat || 'tree';
-
  const ideMode = settings.ide?.enabled ?? false;

  const folderTrust = settings.security?.folderTrust?.enabled ?? false;
  const trustedFolder = isWorkspaceTrusted(settings)?.isTrusted ?? true;

-  const allExtensions = annotateActiveExtensions(
-    extensions,
-    cwd,
-    extensionEnablementManager,
-  );
-
-  const activeExtensions = extensions.filter(
-    (_, i) => allExtensions[i].isActive,
-  );
-
  // Set the context filename in the server's memoryTool module BEFORE loading memory
  // TODO(b/343434939): This is a bit of a hack. The contextFileName should ideally be passed
  // directly to the Config constructor in core, and have core handle setGeminiMdFilename.
@@ -706,51 +702,27 @@ export async function loadCliConfig(
    setServerGeminiMdFilename(getCurrentGeminiMdFilename());
  }

-  const extensionContextFilePaths = activeExtensions.flatMap(
-    (e) => e.contextFiles,
-  );
-
  // Automatically load output-language.md if it exists
-  const outputLanguageFilePath = path.join(
+  let outputLanguageFilePath: string | undefined = path.join(
    Storage.getGlobalQwenDir(),
    'output-language.md',
  );
  if (fs.existsSync(outputLanguageFilePath)) {
-    extensionContextFilePaths.push(outputLanguageFilePath);
    if (debugMode) {
      logger.debug(
        `Found output-language.md, adding to context files: ${outputLanguageFilePath}`,
      );
    }
+  } else {
+    outputLanguageFilePath = undefined;
  }

  const fileService = new FileDiscoveryService(cwd);

-  const fileFiltering = {
-    ...DEFAULT_MEMORY_FILE_FILTERING_OPTIONS,
-    ...settings.context?.fileFiltering,
-  };
-
  const includeDirectories = (settings.context?.includeDirectories || [])
    .map(resolvePath)
    .concat((argv.includeDirectories || []).map(resolvePath));

-  // Call the (now wrapper) loadHierarchicalGeminiMemory which calls the server's version
-  const { memoryContent, fileCount } = await loadHierarchicalGeminiMemory(
-    cwd,
-    settings.context?.loadMemoryFromIncludeDirectories
-      ? includeDirectories
-      : [],
-    debugMode,
-    fileService,
-    settings,
-    extensionContextFilePaths,
-    trustedFolder,
-    memoryImportFormat,
-    fileFiltering,
-  );
-
-  let mcpServers = mergeMcpServers(settings, activeExtensions);
  const question = argv.promptInteractive || argv.prompt || '';
  const inputFormat: InputFormat =
    (argv.inputFormat as InputFormat | undefined) ?? InputFormat.TEXT;
@@ -860,11 +832,10 @@ export async function loadCliConfig(
    }
  };

-  if (
-    !interactive &&
-    !argv.experimentalAcp &&
-    inputFormat !== InputFormat.STREAM_JSON
-  ) {
+  // ACP mode check: must include both --acp (current) and --experimental-acp (deprecated).
+  // Without this check, edit, write_file, run_shell_command would be excluded in ACP mode.
+  const isAcpMode = argv.acp || argv.experimentalAcp;
+  if (!interactive && !isAcpMode && inputFormat !== InputFormat.STREAM_JSON) {
    switch (approvalMode) {
      case ApprovalMode.PLAN:
      case ApprovalMode.DEFAULT:
@@ -889,63 +860,45 @@ export async function loadCliConfig(

  const excludeTools = mergeExcludeTools(
    settings,
-    activeExtensions,
    extraExcludes.length > 0 ? extraExcludes : undefined,
    argv.excludeTools,
  );
-  const blockedMcpServers: Array<{ name: string; extensionName: string }> = [];
-
-  if (!argv.allowedMcpServerNames) {
-    if (settings.mcp?.allowed) {
-      mcpServers = allowedMcpServers(
-        mcpServers,
-        settings.mcp.allowed,
-        blockedMcpServers,
-      );
-    }
-
-    if (settings.mcp?.excluded) {
-      const excludedNames = new Set(settings.mcp.excluded.filter(Boolean));
-      if (excludedNames.size > 0) {
-        mcpServers = Object.fromEntries(
-          Object.entries(mcpServers).filter(([key]) => !excludedNames.has(key)),
-        );
-      }
-    }
-  }

+  let allowedMcpServers: Set<string> | undefined;
+  let excludedMcpServers: Set<string> | undefined;
  if (argv.allowedMcpServerNames) {
-    mcpServers = allowedMcpServers(
-      mcpServers,
-      argv.allowedMcpServerNames,
-      blockedMcpServers,
-    );
+    allowedMcpServers = new Set(argv.allowedMcpServerNames.filter(Boolean));
+    excludedMcpServers = undefined;
+  } else {
+    allowedMcpServers = settings.mcp?.allowed
+      ? new Set(settings.mcp.allowed.filter(Boolean))
+      : undefined;
+    excludedMcpServers = settings.mcp?.excluded
+      ? new Set(settings.mcp.excluded.filter(Boolean))
+      : undefined;
  }

  const selectedAuthType =
    (argv.authType as AuthType | undefined) ||
-    settings.security?.auth?.selectedType;
+    settings.security?.auth?.selectedType ||
+    /* getAuthTypeFromEnv means no authType was explicitly provided, we infer the authType from env vars */
+    getAuthTypeFromEnv();

-  const apiKey =
-    (selectedAuthType === AuthType.USE_OPENAI
-      ? argv.openaiApiKey ||
-        process.env['OPENAI_API_KEY'] ||
-        settings.security?.auth?.apiKey
-      : '') || '';
-  const baseUrl =
-    (selectedAuthType === AuthType.USE_OPENAI
-      ? argv.openaiBaseUrl ||
-        process.env['OPENAI_BASE_URL'] ||
-        settings.security?.auth?.baseUrl
-      : '') || '';
-  const resolvedModel =
-    argv.model ||
-    (selectedAuthType === AuthType.USE_OPENAI
-      ? process.env['OPENAI_MODEL'] ||
-        process.env['QWEN_MODEL'] ||
-        settings.model?.name
-      : '') ||
-    '';
+  // Unified resolution of generation config with source attribution
+  const resolvedCliConfig = resolveCliGenerationConfig({
+    argv: {
+      model: argv.model,
+      openaiApiKey: argv.openaiApiKey,
+      openaiBaseUrl: argv.openaiBaseUrl,
+      openaiLogging: argv.openaiLogging,
+      openaiLoggingDir: argv.openaiLoggingDir,
+    },
+    settings,
+    selectedAuthType,
+    env: process.env as Record<string, string | undefined>,
+  });
+
+  const { model: resolvedModel } = resolvedCliConfig;

  const sandboxConfig = await loadSandboxConfig(settings, argv);
  const screenReader =
@@ -979,6 +932,8 @@ export async function loadCliConfig(
    }
  }

+  const modelProvidersConfig = settings.modelProviders;
+
  return new Config({
    sessionId,
    sessionData,
@@ -988,6 +943,7 @@ export async function loadCliConfig(
    includeDirectories,
    loadMemoryFromIncludeDirectories:
      settings.context?.loadMemoryFromIncludeDirectories || false,
+    importFormat: settings.context?.importFormat || 'tree',
    debugMode,
    question,
    fullContext: argv.allFiles || false,
@@ -997,9 +953,13 @@ export async function loadCliConfig(
    toolDiscoveryCommand: settings.tools?.discoveryCommand,
    toolCallCommand: settings.tools?.callCommand,
    mcpServerCommand: settings.mcp?.serverCommand,
-    mcpServers,
-    userMemory: memoryContent,
-    geminiMdFileCount: fileCount,
+    mcpServers: settings.mcpServers || {},
+    allowedMcpServers: allowedMcpServers
+      ? Array.from(allowedMcpServers)
+      : undefined,
+    excludedMcpServers: excludedMcpServers
+      ? Array.from(excludedMcpServers)
+      : undefined,
    approvalMode,
    showMemoryUsage:
      argv.showMemoryUsage || settings.ui?.showMemoryUsage || false,
@@ -1022,38 +982,24 @@ export async function loadCliConfig(
    fileDiscoveryService: fileService,
    bugCommand: settings.advanced?.bugCommand,
    model: resolvedModel,
-    extensionContextFilePaths,
+    outputLanguageFilePath,
    sessionTokenLimit: settings.model?.sessionTokenLimit ?? -1,
    maxSessionTurns:
      argv.maxSessionTurns ?? settings.model?.maxSessionTurns ?? -1,
    experimentalZedIntegration: argv.acp || argv.experimentalAcp || false,
    experimentalSkills: argv.experimentalSkills || false,
    listExtensions: argv.listExtensions || false,
-    extensions: allExtensions,
-    blockedMcpServers,
+    overrideExtensions: overrideExtensions || argv.extensions,
    noBrowser: !!process.env['NO_BROWSER'],
    authType: selectedAuthType,
    inputFormat,
    outputFormat,
    includePartialMessages,
-    generationConfig: {
-      ...(settings.model?.generationConfig || {}),
-      model: resolvedModel,
-      apiKey,
-      baseUrl,
-      enableOpenAILogging:
-        (typeof argv.openaiLogging === 'undefined'
-          ? settings.model?.enableOpenAILogging
-          : argv.openaiLogging) ?? false,
-      openAILoggingDir:
-        argv.openaiLoggingDir || settings.model?.openAILoggingDir,
-    },
+    modelProvidersConfig,
+    generationConfigSources: resolvedCliConfig.sources,
+    generationConfig: resolvedCliConfig.generationConfig,
    cliVersion: await getCliVersion(),
-    webSearch: buildWebSearchConfig(
-      argv,
-      settings,
-      settings.security?.auth?.selectedType,
-    ),
+    webSearch: buildWebSearchConfig(argv, settings, selectedAuthType),
    summarizeToolOutput: settings.model?.summarizeToolOutput,
    ideMode,
    chatCompression: settings.model?.chatCompression,
@@ -1085,61 +1031,8 @@ export async function loadCliConfig(
  });
 }

-function allowedMcpServers(
-  mcpServers: { [x: string]: MCPServerConfig },
-  allowMCPServers: string[],
-  blockedMcpServers: Array<{ name: string; extensionName: string }>,
-) {
-  const allowedNames = new Set(allowMCPServers.filter(Boolean));
-  if (allowedNames.size > 0) {
-    mcpServers = Object.fromEntries(
-      Object.entries(mcpServers).filter(([key, server]) => {
-        const isAllowed = allowedNames.has(key);
-        if (!isAllowed) {
-          blockedMcpServers.push({
-            name: key,
-            extensionName: server.extensionName || '',
-          });
-        }
-        return isAllowed;
-      }),
-    );
-  } else {
-    blockedMcpServers.push(
-      ...Object.entries(mcpServers).map(([key, server]) => ({
-        name: key,
-        extensionName: server.extensionName || '',
-      })),
-    );
-    mcpServers = {};
-  }
-  return mcpServers;
-}
-
-function mergeMcpServers(settings: Settings, extensions: Extension[]) {
-  const mcpServers = { ...(settings.mcpServers || {}) };
-  for (const extension of extensions) {
-    Object.entries(extension.config.mcpServers || {}).forEach(
-      ([key, server]) => {
-        if (mcpServers[key]) {
-          logger.warn(
-            `Skipping extension MCP config for server with key "${key}" as it already exists.`,
-          );
-          return;
-        }
-        mcpServers[key] = {
-          ...server,
-          extensionName: extension.config.name,
-        };
-      },
-    );
-  }
-  return mcpServers;
-}
-
 function mergeExcludeTools(
  settings: Settings,
-  extensions: Extension[],
  extraExcludes?: string[] | undefined,
  cliExcludeTools?: string[] | undefined,
 ): string[] {
@@ -1148,10 +1041,5 @@ function mergeExcludeTools(
    ...(settings.tools?.exclude || []),
    ...(extraExcludes || []),
  ]);
-  for (const extension of extensions) {
-    for (const tool of extension.config.excludeTools || []) {
-      allExcludeTools.add(tool);
-    }
-  }
  return [...allExcludeTools];
 }
--- a/packages/cli/src/config/extension.test.ts
+++ b/packages/cli/src/config/extension.test.ts
--- a/packages/cli/src/config/extension.ts
+++ b/packages/cli/src/config/extension.ts
@@ -1,786 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import type {
-  MCPServerConfig,
-  GeminiCLIExtension,
-  ExtensionInstallMetadata,
-} from '@qwen-code/qwen-code-core';
-import {
-  QWEN_DIR,
-  Storage,
-  Config,
-  ExtensionInstallEvent,
-  ExtensionUninstallEvent,
-  ExtensionDisableEvent,
-  ExtensionEnableEvent,
-  logExtensionEnable,
-  logExtensionInstallEvent,
-  logExtensionUninstall,
-  logExtensionDisable,
-} from '@qwen-code/qwen-code-core';
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import * as os from 'node:os';
-import { SettingScope, loadSettings } from '../config/settings.js';
-import { getErrorMessage } from '../utils/errors.js';
-import { recursivelyHydrateStrings } from './extensions/variables.js';
-import { isWorkspaceTrusted } from './trustedFolders.js';
-import { resolveEnvVarsInObject } from '../utils/envVarResolver.js';
-import {
-  cloneFromGit,
-  downloadFromGitHubRelease,
-} from './extensions/github.js';
-import type { LoadExtensionContext } from './extensions/variableSchema.js';
-import { ExtensionEnablementManager } from './extensions/extensionEnablement.js';
-import chalk from 'chalk';
-import type { ConfirmationRequest } from '../ui/types.js';
-
-export const EXTENSIONS_DIRECTORY_NAME = path.join(QWEN_DIR, 'extensions');
-
-export const EXTENSIONS_CONFIG_FILENAME = 'qwen-extension.json';
-export const INSTALL_METADATA_FILENAME = '.qwen-extension-install.json';
-
-export interface Extension {
-  path: string;
-  config: ExtensionConfig;
-  contextFiles: string[];
-  installMetadata?: ExtensionInstallMetadata | undefined;
-}
-
-export interface ExtensionConfig {
-  name: string;
-  version: string;
-  mcpServers?: Record<string, MCPServerConfig>;
-  contextFileName?: string | string[];
-  excludeTools?: string[];
-}
-
-export interface ExtensionUpdateInfo {
-  name: string;
-  originalVersion: string;
-  updatedVersion: string;
-}
-
-export class ExtensionStorage {
-  private readonly extensionName: string;
-
-  constructor(extensionName: string) {
-    this.extensionName = extensionName;
-  }
-
-  getExtensionDir(): string {
-    return path.join(
-      ExtensionStorage.getUserExtensionsDir(),
-      this.extensionName,
-    );
-  }
-
-  getConfigPath(): string {
-    return path.join(this.getExtensionDir(), EXTENSIONS_CONFIG_FILENAME);
-  }
-
-  static getUserExtensionsDir(): string {
-    const storage = new Storage(os.homedir());
-    return storage.getExtensionsDir();
-  }
-
-  static async createTmpDir(): Promise<string> {
-    return await fs.promises.mkdtemp(path.join(os.tmpdir(), 'qwen-extension'));
-  }
-}
-
-export function getWorkspaceExtensions(workspaceDir: string): Extension[] {
-  // If the workspace dir is the user extensions dir, there are no workspace extensions.
-  if (path.resolve(workspaceDir) === path.resolve(os.homedir())) {
-    return [];
-  }
-  return loadExtensionsFromDir(workspaceDir);
-}
-
-export async function copyExtension(
-  source: string,
-  destination: string,
-): Promise<void> {
-  await fs.promises.cp(source, destination, { recursive: true });
-}
-
-export async function performWorkspaceExtensionMigration(
-  extensions: Extension[],
-  requestConsent: (consent: string) => Promise<boolean>,
-): Promise<string[]> {
-  const failedInstallNames: string[] = [];
-
-  for (const extension of extensions) {
-    try {
-      const installMetadata: ExtensionInstallMetadata = {
-        source: extension.path,
-        type: 'local',
-      };
-      await installExtension(installMetadata, requestConsent);
-    } catch (_) {
-      failedInstallNames.push(extension.config.name);
-    }
-  }
-  return failedInstallNames;
-}
-
-function getTelemetryConfig(cwd: string) {
-  const settings = loadSettings(cwd);
-  const config = new Config({
-    telemetry: settings.merged.telemetry,
-    interactive: false,
-    targetDir: cwd,
-    cwd,
-    model: '',
-    debugMode: false,
-  });
-  return config;
-}
-
-export function loadExtensions(
-  extensionEnablementManager: ExtensionEnablementManager,
-  workspaceDir: string = process.cwd(),
-): Extension[] {
-  const settings = loadSettings(workspaceDir).merged;
-  const allExtensions = [...loadUserExtensions()];
-
-  if (
-    (isWorkspaceTrusted(settings) ?? true) &&
-    // Default management setting to true
-    !(settings.experimental?.extensionManagement ?? true)
-  ) {
-    allExtensions.push(...getWorkspaceExtensions(workspaceDir));
-  }
-
-  const uniqueExtensions = new Map<string, Extension>();
-
-  for (const extension of allExtensions) {
-    if (
-      !uniqueExtensions.has(extension.config.name) &&
-      extensionEnablementManager.isEnabled(extension.config.name, workspaceDir)
-    ) {
-      uniqueExtensions.set(extension.config.name, extension);
-    }
-  }
-
-  return Array.from(uniqueExtensions.values());
-}
-
-export function loadUserExtensions(): Extension[] {
-  const userExtensions = loadExtensionsFromDir(os.homedir());
-
-  const uniqueExtensions = new Map<string, Extension>();
-  for (const extension of userExtensions) {
-    if (!uniqueExtensions.has(extension.config.name)) {
-      uniqueExtensions.set(extension.config.name, extension);
-    }
-  }
-
-  return Array.from(uniqueExtensions.values());
-}
-
-export function loadExtensionsFromDir(dir: string): Extension[] {
-  const storage = new Storage(dir);
-  const extensionsDir = storage.getExtensionsDir();
-  if (!fs.existsSync(extensionsDir)) {
-    return [];
-  }
-
-  const extensions: Extension[] = [];
-  for (const subdir of fs.readdirSync(extensionsDir)) {
-    const extensionDir = path.join(extensionsDir, subdir);
-
-    const extension = loadExtension({ extensionDir, workspaceDir: dir });
-    if (extension != null) {
-      extensions.push(extension);
-    }
-  }
-  return extensions;
-}
-
-export function loadExtension(context: LoadExtensionContext): Extension | null {
-  const { extensionDir, workspaceDir } = context;
-  if (!fs.statSync(extensionDir).isDirectory()) {
-    return null;
-  }
-
-  const installMetadata = loadInstallMetadata(extensionDir);
-  let effectiveExtensionPath = extensionDir;
-
-  if (installMetadata?.type === 'link') {
-    effectiveExtensionPath = installMetadata.source;
-  }
-
-  try {
-    let config = loadExtensionConfig({
-      extensionDir: effectiveExtensionPath,
-      workspaceDir,
-    });
-
-    config = resolveEnvVarsInObject(config);
-
-    if (config.mcpServers) {
-      config.mcpServers = Object.fromEntries(
-        Object.entries(config.mcpServers).map(([key, value]) => [
-          key,
-          filterMcpConfig(value),
-        ]),
-      );
-    }
-
-    const contextFiles = getContextFileNames(config)
-      .map((contextFileName) =>
-        path.join(effectiveExtensionPath, contextFileName),
-      )
-      .filter((contextFilePath) => fs.existsSync(contextFilePath));
-
-    return {
-      path: effectiveExtensionPath,
-      config,
-      contextFiles,
-      installMetadata,
-    };
-  } catch (e) {
-    console.error(
-      `Warning: Skipping extension in ${effectiveExtensionPath}: ${getErrorMessage(
-        e,
-      )}`,
-    );
-    return null;
-  }
-}
-
-export function loadExtensionByName(
-  name: string,
-  workspaceDir: string = process.cwd(),
-): Extension | null {
-  const userExtensionsDir = ExtensionStorage.getUserExtensionsDir();
-  if (!fs.existsSync(userExtensionsDir)) {
-    return null;
-  }
-
-  for (const subdir of fs.readdirSync(userExtensionsDir)) {
-    const extensionDir = path.join(userExtensionsDir, subdir);
-    if (!fs.statSync(extensionDir).isDirectory()) {
-      continue;
-    }
-    const extension = loadExtension({ extensionDir, workspaceDir });
-    if (
-      extension &&
-      extension.config.name.toLowerCase() === name.toLowerCase()
-    ) {
-      return extension;
-    }
-  }
-
-  return null;
-}
-
-function filterMcpConfig(original: MCPServerConfig): MCPServerConfig {
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  const { trust, ...rest } = original;
-  return Object.freeze(rest);
-}
-
-export function loadInstallMetadata(
-  extensionDir: string,
-): ExtensionInstallMetadata | undefined {
-  const metadataFilePath = path.join(extensionDir, INSTALL_METADATA_FILENAME);
-  try {
-    const configContent = fs.readFileSync(metadataFilePath, 'utf-8');
-    const metadata = JSON.parse(configContent) as ExtensionInstallMetadata;
-    return metadata;
-  } catch (_e) {
-    return undefined;
-  }
-}
-
-function getContextFileNames(config: ExtensionConfig): string[] {
-  if (!config.contextFileName) {
-    return ['QWEN.md'];
-  } else if (!Array.isArray(config.contextFileName)) {
-    return [config.contextFileName];
-  }
-  return config.contextFileName;
-}
-
-/**
- * Returns an annotated list of extensions. If an extension is listed in enabledExtensionNames, it will be active.
- * If enabledExtensionNames is empty, an extension is active unless it is disabled.
- * @param extensions The base list of extensions.
- * @param enabledExtensionNames The names of explicitly enabled extensions.
- * @param workspaceDir The current workspace directory.
- */
-export function annotateActiveExtensions(
-  extensions: Extension[],
-  workspaceDir: string,
-  manager: ExtensionEnablementManager,
-): GeminiCLIExtension[] {
-  manager.validateExtensionOverrides(extensions);
-  return extensions.map((extension) => ({
-    name: extension.config.name,
-    version: extension.config.version,
-    isActive: manager.isEnabled(extension.config.name, workspaceDir),
-    path: extension.path,
-    installMetadata: extension.installMetadata,
-  }));
-}
-
-/**
- * Requests consent from the user to perform an action, by reading a Y/n
- * character from stdin.
- *
- * This should not be called from interactive mode as it will break the CLI.
- *
- * @param consentDescription The description of the thing they will be consenting to.
- * @returns boolean, whether they consented or not.
- */
-export async function requestConsentNonInteractive(
-  consentDescription: string,
-): Promise<boolean> {
-  console.info(consentDescription);
-  const result = await promptForConsentNonInteractive(
-    'Do you want to continue? [Y/n]: ',
-  );
-  return result;
-}
-
-/**
- * Requests consent from the user to perform an action, in interactive mode.
- *
- * This should not be called from non-interactive mode as it will not work.
- *
- * @param consentDescription The description of the thing they will be consenting to.
- * @param setExtensionUpdateConfirmationRequest A function to actually add a prompt to the UI.
- * @returns boolean, whether they consented or not.
- */
-export async function requestConsentInteractive(
-  consentDescription: string,
-  addExtensionUpdateConfirmationRequest: (value: ConfirmationRequest) => void,
-): Promise<boolean> {
-  return await promptForConsentInteractive(
-    consentDescription + '\n\nDo you want to continue?',
-    addExtensionUpdateConfirmationRequest,
-  );
-}
-
-/**
- * Asks users a prompt and awaits for a y/n response on stdin.
- *
- * This should not be called from interactive mode as it will break the CLI.
- *
- * @param prompt A yes/no prompt to ask the user
- * @returns Whether or not the user answers 'y' (yes). Defaults to 'yes' on enter.
- */
-async function promptForConsentNonInteractive(
-  prompt: string,
-): Promise<boolean> {
-  const readline = await import('node:readline');
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout,
-  });
-
-  return new Promise((resolve) => {
-    rl.question(prompt, (answer) => {
-      rl.close();
-      resolve(['y', ''].includes(answer.trim().toLowerCase()));
-    });
-  });
-}
-
-/**
- * Asks users an interactive yes/no prompt.
- *
- * This should not be called from non-interactive mode as it will break the CLI.
- *
- * @param prompt A markdown prompt to ask the user
- * @param setExtensionUpdateConfirmationRequest Function to update the UI state with the confirmation request.
- * @returns Whether or not the user answers yes.
- */
-async function promptForConsentInteractive(
-  prompt: string,
-  addExtensionUpdateConfirmationRequest: (value: ConfirmationRequest) => void,
-): Promise<boolean> {
-  return await new Promise<boolean>((resolve) => {
-    addExtensionUpdateConfirmationRequest({
-      prompt,
-      onConfirm: (resolvedConfirmed) => {
-        resolve(resolvedConfirmed);
-      },
-    });
-  });
-}
-
-export async function installExtension(
-  installMetadata: ExtensionInstallMetadata,
-  requestConsent: (consent: string) => Promise<boolean>,
-  cwd: string = process.cwd(),
-  previousExtensionConfig?: ExtensionConfig,
-): Promise<string> {
-  const telemetryConfig = getTelemetryConfig(cwd);
-  let newExtensionConfig: ExtensionConfig | null = null;
-  let localSourcePath: string | undefined;
-
-  try {
-    const settings = loadSettings(cwd).merged;
-    if (!isWorkspaceTrusted(settings)) {
-      throw new Error(
-        `Could not install extension from untrusted folder at ${installMetadata.source}`,
-      );
-    }
-
-    const extensionsDir = ExtensionStorage.getUserExtensionsDir();
-    await fs.promises.mkdir(extensionsDir, { recursive: true });
-
-    if (
-      !path.isAbsolute(installMetadata.source) &&
-      (installMetadata.type === 'local' || installMetadata.type === 'link')
-    ) {
-      installMetadata.source = path.resolve(cwd, installMetadata.source);
-    }
-
-    let tempDir: string | undefined;
-
-    if (
-      installMetadata.type === 'git' ||
-      installMetadata.type === 'github-release'
-    ) {
-      tempDir = await ExtensionStorage.createTmpDir();
-      try {
-        const result = await downloadFromGitHubRelease(
-          installMetadata,
-          tempDir,
-        );
-        installMetadata.type = result.type;
-        installMetadata.releaseTag = result.tagName;
-      } catch (_error) {
-        await cloneFromGit(installMetadata, tempDir);
-        installMetadata.type = 'git';
-      }
-      localSourcePath = tempDir;
-    } else if (
-      installMetadata.type === 'local' ||
-      installMetadata.type === 'link'
-    ) {
-      localSourcePath = installMetadata.source;
-    } else {
-      throw new Error(`Unsupported install type: ${installMetadata.type}`);
-    }
-
-    try {
-      newExtensionConfig = loadExtensionConfig({
-        extensionDir: localSourcePath,
-        workspaceDir: cwd,
-      });
-
-      const newExtensionName = newExtensionConfig.name;
-      const extensionStorage = new ExtensionStorage(newExtensionName);
-      const destinationPath = extensionStorage.getExtensionDir();
-
-      const installedExtensions = loadUserExtensions();
-      if (
-        installedExtensions.some(
-          (installed) => installed.config.name === newExtensionName,
-        )
-      ) {
-        throw new Error(
-          `Extension "${newExtensionName}" is already installed. Please uninstall it first.`,
-        );
-      }
-      await maybeRequestConsentOrFail(
-        newExtensionConfig,
-        requestConsent,
-        previousExtensionConfig,
-      );
-      await fs.promises.mkdir(destinationPath, { recursive: true });
-
-      if (
-        installMetadata.type === 'local' ||
-        installMetadata.type === 'git' ||
-        installMetadata.type === 'github-release'
-      ) {
-        await copyExtension(localSourcePath, destinationPath);
-      }
-
-      const metadataString = JSON.stringify(installMetadata, null, 2);
-      const metadataPath = path.join(
-        destinationPath,
-        INSTALL_METADATA_FILENAME,
-      );
-      await fs.promises.writeFile(metadataPath, metadataString);
-    } finally {
-      if (tempDir) {
-        await fs.promises.rm(tempDir, { recursive: true, force: true });
-      }
-    }
-
-    logExtensionInstallEvent(
-      telemetryConfig,
-      new ExtensionInstallEvent(
-        newExtensionConfig!.name,
-        newExtensionConfig!.version,
-        installMetadata.source,
-        'success',
-      ),
-    );
-
-    enableExtension(newExtensionConfig!.name, SettingScope.User);
-    return newExtensionConfig!.name;
-  } catch (error) {
-    // Attempt to load config from the source path even if installation fails
-    // to get the name and version for logging.
-    if (!newExtensionConfig && localSourcePath) {
-      try {
-        newExtensionConfig = loadExtensionConfig({
-          extensionDir: localSourcePath,
-          workspaceDir: cwd,
-        });
-      } catch {
-        // Ignore error, this is just for logging.
-      }
-    }
-    logExtensionInstallEvent(
-      telemetryConfig,
-      new ExtensionInstallEvent(
-        newExtensionConfig?.name ?? '',
-        newExtensionConfig?.version ?? '',
-        installMetadata.source,
-        'error',
-      ),
-    );
-    throw error;
-  }
-}
-
-/**
- * Builds a consent string for installing an extension based on it's
- * extensionConfig.
- */
-function extensionConsentString(extensionConfig: ExtensionConfig): string {
-  const output: string[] = [];
-  const mcpServerEntries = Object.entries(extensionConfig.mcpServers || {});
-  output.push(`Installing extension "${extensionConfig.name}".`);
-  output.push(
-    '**Extensions may introduce unexpected behavior. Ensure you have investigated the extension source and trust the author.**',
-  );
-
-  if (mcpServerEntries.length) {
-    output.push('This extension will run the following MCP servers:');
-    for (const [key, mcpServer] of mcpServerEntries) {
-      const isLocal = !!mcpServer.command;
-      const source =
-        mcpServer.httpUrl ??
-        `${mcpServer.command || ''}${mcpServer.args ? ' ' + mcpServer.args.join(' ') : ''}`;
-      output.push(`  * ${key} (${isLocal ? 'local' : 'remote'}): ${source}`);
-    }
-  }
-  if (extensionConfig.contextFileName) {
-    output.push(
-      `This extension will append info to your QWEN.md context using ${extensionConfig.contextFileName}`,
-    );
-  }
-  if (extensionConfig.excludeTools) {
-    output.push(
-      `This extension will exclude the following core tools: ${extensionConfig.excludeTools}`,
-    );
-  }
-  return output.join('\n');
-}
-
-/**
- * Requests consent from the user to install an extension (extensionConfig), if
- * there is any difference between the consent string for `extensionConfig` and
- * `previousExtensionConfig`.
- *
- * Always requests consent if previousExtensionConfig is null.
- *
- * Throws if the user does not consent.
- */
-async function maybeRequestConsentOrFail(
-  extensionConfig: ExtensionConfig,
-  requestConsent: (consent: string) => Promise<boolean>,
-  previousExtensionConfig?: ExtensionConfig,
-) {
-  const extensionConsent = extensionConsentString(extensionConfig);
-  if (previousExtensionConfig) {
-    const previousExtensionConsent = extensionConsentString(
-      previousExtensionConfig,
-    );
-    if (previousExtensionConsent === extensionConsent) {
-      return;
-    }
-  }
-  if (!(await requestConsent(extensionConsent))) {
-    throw new Error(`Installation cancelled for "${extensionConfig.name}".`);
-  }
-}
-
-export function validateName(name: string) {
-  if (!/^[a-zA-Z0-9-]+$/.test(name)) {
-    throw new Error(
-      `Invalid extension name: "${name}". Only letters (a-z, A-Z), numbers (0-9), and dashes (-) are allowed.`,
-    );
-  }
-}
-
-export function loadExtensionConfig(
-  context: LoadExtensionContext,
-): ExtensionConfig {
-  const { extensionDir, workspaceDir } = context;
-  const configFilePath = path.join(extensionDir, EXTENSIONS_CONFIG_FILENAME);
-  if (!fs.existsSync(configFilePath)) {
-    throw new Error(`Configuration file not found at ${configFilePath}`);
-  }
-  try {
-    const configContent = fs.readFileSync(configFilePath, 'utf-8');
-    const config = recursivelyHydrateStrings(JSON.parse(configContent), {
-      extensionPath: extensionDir,
-      workspacePath: workspaceDir,
-      '/': path.sep,
-      pathSeparator: path.sep,
-    }) as unknown as ExtensionConfig;
-    if (!config.name || !config.version) {
-      throw new Error(
-        `Invalid configuration in ${configFilePath}: missing ${!config.name ? '"name"' : '"version"'}`,
-      );
-    }
-    validateName(config.name);
-    return config;
-  } catch (e) {
-    throw new Error(
-      `Failed to load extension config from ${configFilePath}: ${getErrorMessage(
-        e,
-      )}`,
-    );
-  }
-}
-
-export async function uninstallExtension(
-  extensionIdentifier: string,
-  cwd: string = process.cwd(),
-): Promise<void> {
-  const telemetryConfig = getTelemetryConfig(cwd);
-  const installedExtensions = loadUserExtensions();
-  const extensionName = installedExtensions.find(
-    (installed) =>
-      installed.config.name.toLowerCase() ===
-        extensionIdentifier.toLowerCase() ||
-      installed.installMetadata?.source.toLowerCase() ===
-        extensionIdentifier.toLowerCase(),
-  )?.config.name;
-  if (!extensionName) {
-    throw new Error(`Extension not found.`);
-  }
-  const manager = new ExtensionEnablementManager(
-    ExtensionStorage.getUserExtensionsDir(),
-    [extensionName],
-  );
-  manager.remove(extensionName);
-  const storage = new ExtensionStorage(extensionName);
-
-  await fs.promises.rm(storage.getExtensionDir(), {
-    recursive: true,
-    force: true,
-  });
-  logExtensionUninstall(
-    telemetryConfig,
-    new ExtensionUninstallEvent(extensionName, 'success'),
-  );
-}
-
-export function toOutputString(
-  extension: Extension,
-  workspaceDir: string,
-): string {
-  const manager = new ExtensionEnablementManager(
-    ExtensionStorage.getUserExtensionsDir(),
-  );
-  const userEnabled = manager.isEnabled(extension.config.name, os.homedir());
-  const workspaceEnabled = manager.isEnabled(
-    extension.config.name,
-    workspaceDir,
-  );
-
-  const status = workspaceEnabled ? chalk.green('✓') : chalk.red('✗');
-  let output = `${status} ${extension.config.name} (${extension.config.version})`;
-  output += `\n Path: ${extension.path}`;
-  if (extension.installMetadata) {
-    output += `\n Source: ${extension.installMetadata.source} (Type: ${extension.installMetadata.type})`;
-    if (extension.installMetadata.ref) {
-      output += `\n Ref: ${extension.installMetadata.ref}`;
-    }
-    if (extension.installMetadata.releaseTag) {
-      output += `\n Release tag: ${extension.installMetadata.releaseTag}`;
-    }
-  }
-  output += `\n Enabled (User): ${userEnabled}`;
-  output += `\n Enabled (Workspace): ${workspaceEnabled}`;
-  if (extension.contextFiles.length > 0) {
-    output += `\n Context files:`;
-    extension.contextFiles.forEach((contextFile) => {
-      output += `\n  ${contextFile}`;
-    });
-  }
-  if (extension.config.mcpServers) {
-    output += `\n MCP servers:`;
-    Object.keys(extension.config.mcpServers).forEach((key) => {
-      output += `\n  ${key}`;
-    });
-  }
-  if (extension.config.excludeTools) {
-    output += `\n Excluded tools:`;
-    extension.config.excludeTools.forEach((tool) => {
-      output += `\n  ${tool}`;
-    });
-  }
-  return output;
-}
-
-export function disableExtension(
-  name: string,
-  scope: SettingScope,
-  cwd: string = process.cwd(),
-) {
-  const config = getTelemetryConfig(cwd);
-  if (scope === SettingScope.System || scope === SettingScope.SystemDefaults) {
-    throw new Error('System and SystemDefaults scopes are not supported.');
-  }
-  const extension = loadExtensionByName(name, cwd);
-  if (!extension) {
-    throw new Error(`Extension with name ${name} does not exist.`);
-  }
-
-  const manager = new ExtensionEnablementManager(
-    ExtensionStorage.getUserExtensionsDir(),
-    [name],
-  );
-  const scopePath = scope === SettingScope.Workspace ? cwd : os.homedir();
-  manager.disable(name, true, scopePath);
-  logExtensionDisable(config, new ExtensionDisableEvent(name, scope));
-}
-
-export function enableExtension(
-  name: string,
-  scope: SettingScope,
-  cwd: string = process.cwd(),
-) {
-  if (scope === SettingScope.System || scope === SettingScope.SystemDefaults) {
-    throw new Error('System and SystemDefaults scopes are not supported.');
-  }
-  const extension = loadExtensionByName(name, cwd);
-  if (!extension) {
-    throw new Error(`Extension with name ${name} does not exist.`);
-  }
-  const manager = new ExtensionEnablementManager(
-    ExtensionStorage.getUserExtensionsDir(),
-  );
-  const scopePath = scope === SettingScope.Workspace ? cwd : os.homedir();
-  manager.enable(name, true, scopePath);
-  const config = getTelemetryConfig(cwd);
-  logExtensionEnable(config, new ExtensionEnableEvent(name, scope));
-}
--- a/packages/cli/src/config/extensions/extensionEnablement.test.ts
+++ b/packages/cli/src/config/extensions/extensionEnablement.test.ts
@@ -1,424 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import * as path from 'node:path';
-import fs from 'node:fs';
-import os from 'node:os';
-import { afterEach, beforeEach, describe, expect, it } from 'vitest';
-import { ExtensionEnablementManager, Override } from './extensionEnablement.js';
-import type { Extension } from '../extension.js';
-
-// Helper to create a temporary directory for testing
-function createTestDir() {
-  const dirPath = fs.mkdtempSync(path.join(os.tmpdir(), 'gemini-test-'));
-  return {
-    path: dirPath,
-    cleanup: () => fs.rmSync(dirPath, { recursive: true, force: true }),
-  };
-}
-
-let testDir: { path: string; cleanup: () => void };
-let configDir: string;
-let manager: ExtensionEnablementManager;
-
-describe('ExtensionEnablementManager', () => {
-  beforeEach(() => {
-    testDir = createTestDir();
-    configDir = path.join(testDir.path, '.gemini');
-    manager = new ExtensionEnablementManager(configDir);
-  });
-
-  afterEach(() => {
-    testDir.cleanup();
-    // Reset the singleton instance for test isolation
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    (ExtensionEnablementManager as any).instance = undefined;
-  });
-
-  describe('isEnabled', () => {
-    it('should return true if extension is not configured', () => {
-      expect(manager.isEnabled('ext-test', '/any/path')).toBe(true);
-    });
-
-    it('should return true if no overrides match', () => {
-      manager.disable('ext-test', false, '/another/path');
-      expect(manager.isEnabled('ext-test', '/any/path')).toBe(true);
-    });
-
-    it('should enable a path based on an override rule', () => {
-      manager.disable('ext-test', true, '/');
-      manager.enable('ext-test', true, '/home/user/projects/');
-      expect(manager.isEnabled('ext-test', '/home/user/projects/my-app')).toBe(
-        true,
-      );
-    });
-
-    it('should disable a path based on a disable override rule', () => {
-      manager.enable('ext-test', true, '/');
-      manager.disable('ext-test', true, '/home/user/projects/');
-      expect(manager.isEnabled('ext-test', '/home/user/projects/my-app')).toBe(
-        false,
-      );
-    });
-
-    it('should respect the last matching rule (enable wins)', () => {
-      manager.disable('ext-test', true, '/home/user/projects/');
-      manager.enable('ext-test', false, '/home/user/projects/my-app');
-      expect(manager.isEnabled('ext-test', '/home/user/projects/my-app')).toBe(
-        true,
-      );
-    });
-
-    it('should respect the last matching rule (disable wins)', () => {
-      manager.enable('ext-test', true, '/home/user/projects/');
-      manager.disable('ext-test', false, '/home/user/projects/my-app');
-      expect(manager.isEnabled('ext-test', '/home/user/projects/my-app')).toBe(
-        false,
-      );
-    });
-
-    it('should handle', () => {
-      manager.enable('ext-test', true, '/home/user/projects');
-      manager.disable('ext-test', false, '/home/user/projects/my-app');
-      expect(manager.isEnabled('ext-test', '/home/user/projects/my-app')).toBe(
-        false,
-      );
-      expect(
-        manager.isEnabled('ext-test', '/home/user/projects/something-else'),
-      ).toBe(true);
-    });
-  });
-
-  describe('includeSubdirs', () => {
-    it('should add a glob when enabling with includeSubdirs', () => {
-      manager.enable('ext-test', true, '/path/to/dir');
-      const config = manager.readConfig();
-      expect(config['ext-test'].overrides).toContain('/path/to/dir/*');
-    });
-
-    it('should not add a glob when enabling without includeSubdirs', () => {
-      manager.enable('ext-test', false, '/path/to/dir');
-      const config = manager.readConfig();
-      expect(config['ext-test'].overrides).toContain('/path/to/dir/');
-      expect(config['ext-test'].overrides).not.toContain('/path/to/dir/*');
-    });
-
-    it('should add a glob when disabling with includeSubdirs', () => {
-      manager.disable('ext-test', true, '/path/to/dir');
-      const config = manager.readConfig();
-      expect(config['ext-test'].overrides).toContain('!/path/to/dir/*');
-    });
-
-    it('should remove conflicting glob rule when enabling without subdirs', () => {
-      manager.enable('ext-test', true, '/path/to/dir'); // Adds /path/to/dir*
-      manager.enable('ext-test', false, '/path/to/dir'); // Should remove the glob
-      const config = manager.readConfig();
-      expect(config['ext-test'].overrides).toContain('/path/to/dir/');
-      expect(config['ext-test'].overrides).not.toContain('/path/to/dir/*');
-    });
-
-    it('should remove conflicting non-glob rule when enabling with subdirs', () => {
-      manager.enable('ext-test', false, '/path/to/dir'); // Adds /path/to/dir
-      manager.enable('ext-test', true, '/path/to/dir'); // Should remove the non-glob
-      const config = manager.readConfig();
-      expect(config['ext-test'].overrides).toContain('/path/to/dir/*');
-      expect(config['ext-test'].overrides).not.toContain('/path/to/dir/');
-    });
-
-    it('should remove conflicting rules when disabling', () => {
-      manager.enable('ext-test', true, '/path/to/dir'); // enabled with glob
-      manager.disable('ext-test', false, '/path/to/dir'); // disabled without
-      const config = manager.readConfig();
-      expect(config['ext-test'].overrides).toContain('!/path/to/dir/');
-      expect(config['ext-test'].overrides).not.toContain('/path/to/dir/*');
-    });
-
-    it('should correctly evaluate isEnabled with subdirs', () => {
-      manager.disable('ext-test', true, '/');
-      manager.enable('ext-test', true, '/path/to/dir');
-      expect(manager.isEnabled('ext-test', '/path/to/dir/')).toBe(true);
-      expect(manager.isEnabled('ext-test', '/path/to/dir/sub/')).toBe(true);
-      expect(manager.isEnabled('ext-test', '/path/to/another/')).toBe(false);
-    });
-
-    it('should correctly evaluate isEnabled without subdirs', () => {
-      manager.disable('ext-test', true, '/*');
-      manager.enable('ext-test', false, '/path/to/dir');
-      expect(manager.isEnabled('ext-test', '/path/to/dir')).toBe(true);
-      expect(manager.isEnabled('ext-test', '/path/to/dir/sub')).toBe(false);
-    });
-  });
-
-  describe('pruning child rules', () => {
-    it('should remove child rules when enabling a parent with subdirs', () => {
-      // Pre-existing rules for children
-      manager.enable('ext-test', false, '/path/to/dir/subdir1');
-      manager.disable('ext-test', true, '/path/to/dir/subdir2');
-      manager.enable('ext-test', false, '/path/to/another/dir');
-
-      // Enable the parent directory
-      manager.enable('ext-test', true, '/path/to/dir');
-
-      const config = manager.readConfig();
-      const overrides = config['ext-test'].overrides;
-
-      // The new parent rule should be present
-      expect(overrides).toContain(`/path/to/dir/*`);
-
-      // Child rules should be removed
-      expect(overrides).not.toContain('/path/to/dir/subdir1/');
-      expect(overrides).not.toContain(`!/path/to/dir/subdir2/*`);
-
-      // Unrelated rules should remain
-      expect(overrides).toContain('/path/to/another/dir/');
-    });
-
-    it('should remove child rules when disabling a parent with subdirs', () => {
-      // Pre-existing rules for children
-      manager.enable('ext-test', false, '/path/to/dir/subdir1');
-      manager.disable('ext-test', true, '/path/to/dir/subdir2');
-      manager.enable('ext-test', false, '/path/to/another/dir');
-
-      // Disable the parent directory
-      manager.disable('ext-test', true, '/path/to/dir');
-
-      const config = manager.readConfig();
-      const overrides = config['ext-test'].overrides;
-
-      // The new parent rule should be present
-      expect(overrides).toContain(`!/path/to/dir/*`);
-
-      // Child rules should be removed
-      expect(overrides).not.toContain('/path/to/dir/subdir1/');
-      expect(overrides).not.toContain(`!/path/to/dir/subdir2/*`);
-
-      // Unrelated rules should remain
-      expect(overrides).toContain('/path/to/another/dir/');
-    });
-
-    it('should not remove child rules if includeSubdirs is false', () => {
-      manager.enable('ext-test', false, '/path/to/dir/subdir1');
-      manager.enable('ext-test', false, '/path/to/dir'); // Not including subdirs
-
-      const config = manager.readConfig();
-      const overrides = config['ext-test'].overrides;
-
-      expect(overrides).toContain('/path/to/dir/subdir1/');
-      expect(overrides).toContain('/path/to/dir/');
-    });
-  });
-
-  it('should enable a path based on an enable override', () => {
-    manager.disable('ext-test', true, '/Users/chrstn');
-    manager.enable('ext-test', true, '/Users/chrstn/gemini-cli');
-
-    expect(manager.isEnabled('ext-test', '/Users/chrstn/gemini-cli')).toBe(
-      true,
-    );
-  });
-
-  it('should ignore subdirs', () => {
-    manager.disable('ext-test', false, '/Users/chrstn');
-    expect(manager.isEnabled('ext-test', '/Users/chrstn/gemini-cli')).toBe(
-      true,
-    );
-  });
-
-  describe('extension overrides (-e <name>)', () => {
-    beforeEach(() => {
-      manager = new ExtensionEnablementManager(configDir, ['ext-test']);
-    });
-
-    it('can enable extensions, case-insensitive', () => {
-      manager.disable('ext-test', true, '/');
-      expect(manager.isEnabled('ext-test', '/')).toBe(true);
-      expect(manager.isEnabled('Ext-Test', '/')).toBe(true);
-      // Double check that it would have been disabled otherwise
-      expect(
-        new ExtensionEnablementManager(configDir).isEnabled('ext-test', '/'),
-      ).toBe(false);
-    });
-
-    it('disable all other extensions', () => {
-      manager = new ExtensionEnablementManager(configDir, ['ext-test']);
-      manager.enable('ext-test-2', true, '/');
-      expect(manager.isEnabled('ext-test-2', '/')).toBe(false);
-      // Double check that it would have been enabled otherwise
-      expect(
-        new ExtensionEnablementManager(configDir).isEnabled('ext-test-2', '/'),
-      ).toBe(true);
-    });
-
-    it('none disables all extensions', () => {
-      manager = new ExtensionEnablementManager(configDir, ['none']);
-      manager.enable('ext-test', true, '/');
-      expect(manager.isEnabled('ext-test', '/path/to/dir')).toBe(false);
-      // Double check that it would have been enabled otherwise
-      expect(
-        new ExtensionEnablementManager(configDir).isEnabled('ext-test', '/'),
-      ).toBe(true);
-    });
-  });
-
-  describe('validateExtensionOverrides', () => {
-    let consoleErrorSpy: ReturnType<typeof vi.spyOn>;
-
-    beforeEach(() => {
-      consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
-    });
-
-    afterEach(() => {
-      consoleErrorSpy.mockRestore();
-    });
-
-    it('should not log an error if enabledExtensionNamesOverride is empty', () => {
-      const manager = new ExtensionEnablementManager(configDir, []);
-      manager.validateExtensionOverrides([]);
-      expect(consoleErrorSpy).not.toHaveBeenCalled();
-    });
-
-    it('should not log an error if all enabledExtensionNamesOverride are valid', () => {
-      const manager = new ExtensionEnablementManager(configDir, [
-        'ext-one',
-        'ext-two',
-      ]);
-      const extensions = [
-        { config: { name: 'ext-one' } },
-        { config: { name: 'ext-two' } },
-      ] as Extension[];
-      manager.validateExtensionOverrides(extensions);
-      expect(consoleErrorSpy).not.toHaveBeenCalled();
-    });
-
-    it('should log an error for each invalid extension name in enabledExtensionNamesOverride', () => {
-      const manager = new ExtensionEnablementManager(configDir, [
-        'ext-one',
-        'ext-invalid',
-        'ext-another-invalid',
-      ]);
-      const extensions = [
-        { config: { name: 'ext-one' } },
-        { config: { name: 'ext-two' } },
-      ] as Extension[];
-      manager.validateExtensionOverrides(extensions);
-      expect(consoleErrorSpy).toHaveBeenCalledTimes(2);
-      expect(consoleErrorSpy).toHaveBeenCalledWith(
-        'Extension not found: ext-invalid',
-      );
-      expect(consoleErrorSpy).toHaveBeenCalledWith(
-        'Extension not found: ext-another-invalid',
-      );
-    });
-
-    it('should not log an error if "none" is in enabledExtensionNamesOverride', () => {
-      const manager = new ExtensionEnablementManager(configDir, ['none']);
-      manager.validateExtensionOverrides([]);
-      expect(consoleErrorSpy).not.toHaveBeenCalled();
-    });
-  });
-});
-
-describe('Override', () => {
-  it('should create an override from input', () => {
-    const override = Override.fromInput('/path/to/dir', true);
-    expect(override.baseRule).toBe(`/path/to/dir/`);
-    expect(override.isDisable).toBe(false);
-    expect(override.includeSubdirs).toBe(true);
-  });
-
-  it('should create a disable override from input', () => {
-    const override = Override.fromInput('!/path/to/dir', false);
-    expect(override.baseRule).toBe(`/path/to/dir/`);
-    expect(override.isDisable).toBe(true);
-    expect(override.includeSubdirs).toBe(false);
-  });
-
-  it('should create an override from a file rule', () => {
-    const override = Override.fromFileRule('/path/to/dir');
-    expect(override.baseRule).toBe('/path/to/dir');
-    expect(override.isDisable).toBe(false);
-    expect(override.includeSubdirs).toBe(false);
-  });
-
-  it('should create a disable override from a file rule', () => {
-    const override = Override.fromFileRule('!/path/to/dir/');
-    expect(override.isDisable).toBe(true);
-    expect(override.baseRule).toBe('/path/to/dir/');
-    expect(override.includeSubdirs).toBe(false);
-  });
-
-  it('should create an override with subdirs from a file rule', () => {
-    const override = Override.fromFileRule('/path/to/dir/*');
-    expect(override.baseRule).toBe('/path/to/dir/');
-    expect(override.isDisable).toBe(false);
-    expect(override.includeSubdirs).toBe(true);
-  });
-
-  it('should correctly identify conflicting overrides', () => {
-    const override1 = Override.fromInput('/path/to/dir', true);
-    const override2 = Override.fromInput('/path/to/dir', false);
-    expect(override1.conflictsWith(override2)).toBe(true);
-  });
-
-  it('should correctly identify non-conflicting overrides', () => {
-    const override1 = Override.fromInput('/path/to/dir', true);
-    const override2 = Override.fromInput('/path/to/another/dir', true);
-    expect(override1.conflictsWith(override2)).toBe(false);
-  });
-
-  it('should correctly identify equal overrides', () => {
-    const override1 = Override.fromInput('/path/to/dir', true);
-    const override2 = Override.fromInput('/path/to/dir', true);
-    expect(override1.isEqualTo(override2)).toBe(true);
-  });
-
-  it('should correctly identify unequal overrides', () => {
-    const override1 = Override.fromInput('/path/to/dir', true);
-    const override2 = Override.fromInput('!/path/to/dir', true);
-    expect(override1.isEqualTo(override2)).toBe(false);
-  });
-
-  it('should generate the correct regex', () => {
-    const override = Override.fromInput('/path/to/dir', true);
-    const regex = override.asRegex();
-    expect(regex.test('/path/to/dir/')).toBe(true);
-    expect(regex.test('/path/to/dir/subdir')).toBe(true);
-    expect(regex.test('/path/to/another/dir')).toBe(false);
-  });
-
-  it('should correctly identify child overrides', () => {
-    const parent = Override.fromInput('/path/to/dir', true);
-    const child = Override.fromInput('/path/to/dir/subdir', false);
-    expect(child.isChildOf(parent)).toBe(true);
-  });
-
-  it('should correctly identify child overrides with glob', () => {
-    const parent = Override.fromInput('/path/to/dir/*', true);
-    const child = Override.fromInput('/path/to/dir/subdir', false);
-    expect(child.isChildOf(parent)).toBe(true);
-  });
-
-  it('should correctly identify non-child overrides', () => {
-    const parent = Override.fromInput('/path/to/dir', true);
-    const other = Override.fromInput('/path/to/another/dir', false);
-    expect(other.isChildOf(parent)).toBe(false);
-  });
-
-  it('should generate the correct output string', () => {
-    const override = Override.fromInput('/path/to/dir', true);
-    expect(override.output()).toBe(`/path/to/dir/*`);
-  });
-
-  it('should generate the correct output string for a disable override', () => {
-    const override = Override.fromInput('!/path/to/dir', false);
-    expect(override.output()).toBe(`!/path/to/dir/`);
-  });
-
-  it('should disable a path based on a disable override rule', () => {
-    const override = Override.fromInput('!/path/to/dir', false);
-    expect(override.output()).toBe(`!/path/to/dir/`);
-  });
-});
--- a/packages/cli/src/config/extensions/extensionEnablement.ts
+++ b/packages/cli/src/config/extensions/extensionEnablement.ts
@@ -1,239 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import fs from 'node:fs';
-import path from 'node:path';
-import { type Extension } from '../extension.js';
-
-export interface ExtensionEnablementConfig {
-  overrides: string[];
-}
-
-export interface AllExtensionsEnablementConfig {
-  [extensionName: string]: ExtensionEnablementConfig;
-}
-
-export class Override {
-  constructor(
-    public baseRule: string,
-    public isDisable: boolean,
-    public includeSubdirs: boolean,
-  ) {}
-
-  static fromInput(inputRule: string, includeSubdirs: boolean): Override {
-    const isDisable = inputRule.startsWith('!');
-    let baseRule = isDisable ? inputRule.substring(1) : inputRule;
-    baseRule = ensureLeadingAndTrailingSlash(baseRule);
-    return new Override(baseRule, isDisable, includeSubdirs);
-  }
-
-  static fromFileRule(fileRule: string): Override {
-    const isDisable = fileRule.startsWith('!');
-    let baseRule = isDisable ? fileRule.substring(1) : fileRule;
-    const includeSubdirs = baseRule.endsWith('*');
-    baseRule = includeSubdirs
-      ? baseRule.substring(0, baseRule.length - 1)
-      : baseRule;
-    return new Override(baseRule, isDisable, includeSubdirs);
-  }
-
-  conflictsWith(other: Override): boolean {
-    if (this.baseRule === other.baseRule) {
-      return (
-        this.includeSubdirs !== other.includeSubdirs ||
-        this.isDisable !== other.isDisable
-      );
-    }
-    return false;
-  }
-
-  isEqualTo(other: Override): boolean {
-    return (
-      this.baseRule === other.baseRule &&
-      this.includeSubdirs === other.includeSubdirs &&
-      this.isDisable === other.isDisable
-    );
-  }
-
-  asRegex(): RegExp {
-    return globToRegex(`${this.baseRule}${this.includeSubdirs ? '*' : ''}`);
-  }
-
-  isChildOf(parent: Override) {
-    if (!parent.includeSubdirs) {
-      return false;
-    }
-    return parent.asRegex().test(this.baseRule);
-  }
-
-  output(): string {
-    return `${this.isDisable ? '!' : ''}${this.baseRule}${this.includeSubdirs ? '*' : ''}`;
-  }
-
-  matchesPath(path: string) {
-    return this.asRegex().test(path);
-  }
-}
-
-const ensureLeadingAndTrailingSlash = function (dirPath: string): string {
-  // Normalize separators to forward slashes for consistent matching across platforms.
-  let result = dirPath.replace(/\\/g, '/');
-  if (result.charAt(0) !== '/') {
-    result = '/' + result;
-  }
-  if (result.charAt(result.length - 1) !== '/') {
-    result = result + '/';
-  }
-  return result;
-};
-
-/**
- * Converts a glob pattern to a RegExp object.
- * This is a simplified implementation that supports `*`.
- *
- * @param glob The glob pattern to convert.
- * @returns A RegExp object.
- */
-function globToRegex(glob: string): RegExp {
-  const regexString = glob
-    .replace(/[.+?^${}()|[\]\\]/g, '\\$&') // Escape special regex characters
-    .replace(/(\/?)\*/g, '($1.*)?'); // Convert * to optional group
-
-  return new RegExp(`^${regexString}$`);
-}
-
-export class ExtensionEnablementManager {
-  private configFilePath: string;
-  private configDir: string;
-  // If non-empty, this overrides all other extension configuration and enables
-  // only the ones in this list.
-  private enabledExtensionNamesOverride: string[];
-
-  constructor(configDir: string, enabledExtensionNames?: string[]) {
-    this.configDir = configDir;
-    this.configFilePath = path.join(configDir, 'extension-enablement.json');
-    this.enabledExtensionNamesOverride =
-      enabledExtensionNames?.map((name) => name.toLowerCase()) ?? [];
-  }
-
-  validateExtensionOverrides(extensions: Extension[]) {
-    for (const name of this.enabledExtensionNamesOverride) {
-      if (name === 'none') continue;
-      if (
-        !extensions.some(
-          (ext) => ext.config.name.toLowerCase() === name.toLowerCase(),
-        )
-      ) {
-        console.error(`Extension not found: ${name}`);
-      }
-    }
-  }
-
-  /**
-   * Determines if an extension is enabled based on its name and the current
-   * path. The last matching rule in the overrides list wins.
-   *
-   * @param extensionName The name of the extension.
-   * @param currentPath The absolute path of the current working directory.
-   * @returns True if the extension is enabled, false otherwise.
-   */
-  isEnabled(extensionName: string, currentPath: string): boolean {
-    // If we have a single override called 'none', this disables all extensions.
-    // Typically, this comes from the user passing `-e none`.
-    if (
-      this.enabledExtensionNamesOverride.length === 1 &&
-      this.enabledExtensionNamesOverride[0] === 'none'
-    ) {
-      return false;
-    }
-
-    // If we have explicit overrides, only enable those extensions.
-    if (this.enabledExtensionNamesOverride.length > 0) {
-      // When checking against overrides ONLY, we use a case insensitive match.
-      // The override names are already lowercased in the constructor.
-      return this.enabledExtensionNamesOverride.includes(
-        extensionName.toLocaleLowerCase(),
-      );
-    }
-
-    // Otherwise, we use the configuration settings
-    const config = this.readConfig();
-    const extensionConfig = config[extensionName];
-    // Extensions are enabled by default.
-    let enabled = true;
-    const allOverrides = extensionConfig?.overrides ?? [];
-    for (const rule of allOverrides) {
-      const override = Override.fromFileRule(rule);
-      if (override.matchesPath(ensureLeadingAndTrailingSlash(currentPath))) {
-        enabled = !override.isDisable;
-      }
-    }
-    return enabled;
-  }
-
-  readConfig(): AllExtensionsEnablementConfig {
-    try {
-      const content = fs.readFileSync(this.configFilePath, 'utf-8');
-      return JSON.parse(content);
-    } catch (error) {
-      if (
-        error instanceof Error &&
-        'code' in error &&
-        error.code === 'ENOENT'
-      ) {
-        return {};
-      }
-      console.error('Error reading extension enablement config:', error);
-      return {};
-    }
-  }
-
-  writeConfig(config: AllExtensionsEnablementConfig): void {
-    fs.mkdirSync(this.configDir, { recursive: true });
-    fs.writeFileSync(this.configFilePath, JSON.stringify(config, null, 2));
-  }
-
-  enable(
-    extensionName: string,
-    includeSubdirs: boolean,
-    scopePath: string,
-  ): void {
-    const config = this.readConfig();
-    if (!config[extensionName]) {
-      config[extensionName] = { overrides: [] };
-    }
-    const override = Override.fromInput(scopePath, includeSubdirs);
-    const overrides = config[extensionName].overrides.filter((rule) => {
-      const fileOverride = Override.fromFileRule(rule);
-      if (
-        fileOverride.conflictsWith(override) ||
-        fileOverride.isEqualTo(override)
-      ) {
-        return false; // Remove conflicts and equivalent values.
-      }
-      return !fileOverride.isChildOf(override);
-    });
-    overrides.push(override.output());
-    config[extensionName].overrides = overrides;
-    this.writeConfig(config);
-  }
-
-  disable(
-    extensionName: string,
-    includeSubdirs: boolean,
-    scopePath: string,
-  ): void {
-    this.enable(extensionName, includeSubdirs, `!${scopePath}`);
-  }
-
-  remove(extensionName: string): void {
-    const config = this.readConfig();
-    if (config[extensionName]) {
-      delete config[extensionName];
-      this.writeConfig(config);
-    }
-  }
-}
--- a/packages/cli/src/config/extensions/update.test.ts
+++ b/packages/cli/src/config/extensions/update.test.ts
@@ -1,468 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import { vi } from 'vitest';
-import * as fs from 'node:fs';
-import * as os from 'node:os';
-import * as path from 'node:path';
-import {
-  EXTENSIONS_CONFIG_FILENAME,
-  ExtensionStorage,
-  INSTALL_METADATA_FILENAME,
-  annotateActiveExtensions,
-  loadExtension,
-} from '../extension.js';
-import { checkForAllExtensionUpdates, updateExtension } from './update.js';
-import { QWEN_DIR } from '@qwen-code/qwen-code-core';
-import { isWorkspaceTrusted } from '../trustedFolders.js';
-import { ExtensionUpdateState } from '../../ui/state/extensions.js';
-import { createExtension } from '../../test-utils/createExtension.js';
-import { ExtensionEnablementManager } from './extensionEnablement.js';
-
-const mockGit = {
-  clone: vi.fn(),
-  getRemotes: vi.fn(),
-  fetch: vi.fn(),
-  checkout: vi.fn(),
-  listRemote: vi.fn(),
-  revparse: vi.fn(),
-  // Not a part of the actual API, but we need to use this to do the correct
-  // file system interactions.
-  path: vi.fn(),
-};
-
-vi.mock('simple-git', () => ({
-  simpleGit: vi.fn((path: string) => {
-    mockGit.path.mockReturnValue(path);
-    return mockGit;
-  }),
-}));
-
-vi.mock('../extensions/github.js', async (importOriginal) => {
-  const actual =
-    await importOriginal<typeof import('../extensions/github.js')>();
-  return {
-    ...actual,
-    downloadFromGitHubRelease: vi
-      .fn()
-      .mockRejectedValue(new Error('Mocked GitHub release download failure')),
-  };
-});
-
-vi.mock('os', async (importOriginal) => {
-  const mockedOs = await importOriginal<typeof os>();
-  return {
-    ...mockedOs,
-    homedir: vi.fn(),
-  };
-});
-
-vi.mock('../trustedFolders.js', async (importOriginal) => {
-  const actual = await importOriginal<typeof import('../trustedFolders.js')>();
-  return {
-    ...actual,
-    isWorkspaceTrusted: vi.fn(),
-  };
-});
-
-const mockLogExtensionInstallEvent = vi.hoisted(() => vi.fn());
-const mockLogExtensionUninstall = vi.hoisted(() => vi.fn());
-
-vi.mock('@qwen-code/qwen-code-core', async (importOriginal) => {
-  const actual =
-    await importOriginal<typeof import('@qwen-code/qwen-code-core')>();
-  return {
-    ...actual,
-    logExtensionInstallEvent: mockLogExtensionInstallEvent,
-    logExtensionUninstall: mockLogExtensionUninstall,
-    ExtensionInstallEvent: vi.fn(),
-    ExtensionUninstallEvent: vi.fn(),
-  };
-});
-
-describe('update tests', () => {
-  let tempHomeDir: string;
-  let tempWorkspaceDir: string;
-  let userExtensionsDir: string;
-
-  beforeEach(() => {
-    tempHomeDir = fs.mkdtempSync(
-      path.join(os.tmpdir(), 'qwen-code-test-home-'),
-    );
-    tempWorkspaceDir = fs.mkdtempSync(
-      path.join(tempHomeDir, 'qwen-code-test-workspace-'),
-    );
-    vi.mocked(os.homedir).mockReturnValue(tempHomeDir);
-    userExtensionsDir = path.join(tempHomeDir, QWEN_DIR, 'extensions');
-    // Clean up before each test
-    fs.rmSync(userExtensionsDir, { recursive: true, force: true });
-    fs.mkdirSync(userExtensionsDir, { recursive: true });
-    vi.mocked(isWorkspaceTrusted).mockReturnValue({
-      isTrusted: true,
-      source: 'file',
-    });
-    vi.spyOn(process, 'cwd').mockReturnValue(tempWorkspaceDir);
-    Object.values(mockGit).forEach((fn) => fn.mockReset());
-  });
-
-  afterEach(() => {
-    fs.rmSync(tempHomeDir, { recursive: true, force: true });
-    fs.rmSync(tempWorkspaceDir, { recursive: true, force: true });
-  });
-
-  describe('updateExtension', () => {
-    it('should update a git-installed extension', async () => {
-      const gitUrl = 'https://github.com/google/gemini-extensions.git';
-      const extensionName = 'qwen-extensions';
-      const targetExtDir = path.join(userExtensionsDir, extensionName);
-      const metadataPath = path.join(targetExtDir, INSTALL_METADATA_FILENAME);
-
-      fs.mkdirSync(targetExtDir, { recursive: true });
-      fs.writeFileSync(
-        path.join(targetExtDir, EXTENSIONS_CONFIG_FILENAME),
-        JSON.stringify({ name: extensionName, version: '1.0.0' }),
-      );
-      fs.writeFileSync(
-        metadataPath,
-        JSON.stringify({ source: gitUrl, type: 'git' }),
-      );
-
-      mockGit.clone.mockImplementation(async (_, destination) => {
-        fs.mkdirSync(path.join(mockGit.path(), destination), {
-          recursive: true,
-        });
-        fs.writeFileSync(
-          path.join(mockGit.path(), destination, EXTENSIONS_CONFIG_FILENAME),
-          JSON.stringify({ name: extensionName, version: '1.1.0' }),
-        );
-      });
-      mockGit.getRemotes.mockResolvedValue([{ name: 'origin' }]);
-      const extension = annotateActiveExtensions(
-        [
-          loadExtension({
-            extensionDir: targetExtDir,
-            workspaceDir: tempWorkspaceDir,
-          })!,
-        ],
-        process.cwd(),
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-      )[0];
-      const updateInfo = await updateExtension(
-        extension,
-        tempHomeDir,
-        async (_) => true,
-        ExtensionUpdateState.UPDATE_AVAILABLE,
-        () => {},
-      );
-
-      expect(updateInfo).toEqual({
-        name: 'qwen-extensions',
-        originalVersion: '1.0.0',
-        updatedVersion: '1.1.0',
-      });
-
-      const updatedConfig = JSON.parse(
-        fs.readFileSync(
-          path.join(targetExtDir, EXTENSIONS_CONFIG_FILENAME),
-          'utf-8',
-        ),
-      );
-      expect(updatedConfig.version).toBe('1.1.0');
-    });
-
-    it('should call setExtensionUpdateState with UPDATING and then UPDATED_NEEDS_RESTART on success', async () => {
-      const extensionName = 'test-extension';
-      const extensionDir = createExtension({
-        extensionsDir: userExtensionsDir,
-        name: extensionName,
-        version: '1.0.0',
-        installMetadata: {
-          source: 'https://some.git/repo',
-          type: 'git',
-        },
-      });
-
-      mockGit.clone.mockImplementation(async (_, destination) => {
-        fs.mkdirSync(path.join(mockGit.path(), destination), {
-          recursive: true,
-        });
-        fs.writeFileSync(
-          path.join(mockGit.path(), destination, EXTENSIONS_CONFIG_FILENAME),
-          JSON.stringify({ name: extensionName, version: '1.1.0' }),
-        );
-      });
-      mockGit.getRemotes.mockResolvedValue([{ name: 'origin' }]);
-
-      const dispatch = vi.fn();
-      const extension = annotateActiveExtensions(
-        [
-          loadExtension({
-            extensionDir,
-            workspaceDir: tempWorkspaceDir,
-          })!,
-        ],
-        process.cwd(),
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-      )[0];
-      await updateExtension(
-        extension,
-        tempHomeDir,
-        async (_) => true,
-        ExtensionUpdateState.UPDATE_AVAILABLE,
-        dispatch,
-      );
-
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: extensionName,
-          state: ExtensionUpdateState.UPDATING,
-        },
-      });
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: extensionName,
-          state: ExtensionUpdateState.UPDATED_NEEDS_RESTART,
-        },
-      });
-    });
-
-    it('should call setExtensionUpdateState with ERROR on failure', async () => {
-      const extensionName = 'test-extension';
-      const extensionDir = createExtension({
-        extensionsDir: userExtensionsDir,
-        name: extensionName,
-        version: '1.0.0',
-        installMetadata: {
-          source: 'https://some.git/repo',
-          type: 'git',
-        },
-      });
-
-      mockGit.clone.mockRejectedValue(new Error('Git clone failed'));
-      mockGit.getRemotes.mockResolvedValue([{ name: 'origin' }]);
-
-      const dispatch = vi.fn();
-      const extension = annotateActiveExtensions(
-        [
-          loadExtension({
-            extensionDir,
-            workspaceDir: tempWorkspaceDir,
-          })!,
-        ],
-        process.cwd(),
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-      )[0];
-      await expect(
-        updateExtension(
-          extension,
-          tempHomeDir,
-          async (_) => true,
-          ExtensionUpdateState.UPDATE_AVAILABLE,
-          dispatch,
-        ),
-      ).rejects.toThrow();
-
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: extensionName,
-          state: ExtensionUpdateState.UPDATING,
-        },
-      });
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: extensionName,
-          state: ExtensionUpdateState.ERROR,
-        },
-      });
-    });
-  });
-
-  describe('checkForAllExtensionUpdates', () => {
-    it('should return UpdateAvailable for a git extension with updates', async () => {
-      const extensionDir = createExtension({
-        extensionsDir: userExtensionsDir,
-        name: 'test-extension',
-        version: '1.0.0',
-        installMetadata: {
-          source: 'https://some.git/repo',
-          type: 'git',
-        },
-      });
-      const extension = annotateActiveExtensions(
-        [
-          loadExtension({
-            extensionDir,
-            workspaceDir: tempWorkspaceDir,
-          })!,
-        ],
-        process.cwd(),
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-      )[0];
-
-      mockGit.getRemotes.mockResolvedValue([
-        { name: 'origin', refs: { fetch: 'https://some.git/repo' } },
-      ]);
-      mockGit.listRemote.mockResolvedValue('remoteHash	HEAD');
-      mockGit.revparse.mockResolvedValue('localHash');
-
-      const dispatch = vi.fn();
-      await checkForAllExtensionUpdates([extension], dispatch);
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: 'test-extension',
-          state: ExtensionUpdateState.UPDATE_AVAILABLE,
-        },
-      });
-    });
-
-    it('should return UpToDate for a git extension with no updates', async () => {
-      const extensionDir = createExtension({
-        extensionsDir: userExtensionsDir,
-        name: 'test-extension',
-        version: '1.0.0',
-        installMetadata: {
-          source: 'https://some.git/repo',
-          type: 'git',
-        },
-      });
-      const extension = annotateActiveExtensions(
-        [
-          loadExtension({
-            extensionDir,
-            workspaceDir: tempWorkspaceDir,
-          })!,
-        ],
-        process.cwd(),
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-      )[0];
-
-      mockGit.getRemotes.mockResolvedValue([
-        { name: 'origin', refs: { fetch: 'https://some.git/repo' } },
-      ]);
-      mockGit.listRemote.mockResolvedValue('sameHash	HEAD');
-      mockGit.revparse.mockResolvedValue('sameHash');
-
-      const dispatch = vi.fn();
-      await checkForAllExtensionUpdates([extension], dispatch);
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: 'test-extension',
-          state: ExtensionUpdateState.UP_TO_DATE,
-        },
-      });
-    });
-
-    it('should return UpToDate for a local extension with no updates', async () => {
-      const localExtensionSourcePath = path.join(tempHomeDir, 'local-source');
-      const sourceExtensionDir = createExtension({
-        extensionsDir: localExtensionSourcePath,
-        name: 'my-local-ext',
-        version: '1.0.0',
-      });
-
-      const installedExtensionDir = createExtension({
-        extensionsDir: userExtensionsDir,
-        name: 'local-extension',
-        version: '1.0.0',
-        installMetadata: { source: sourceExtensionDir, type: 'local' },
-      });
-      const extension = annotateActiveExtensions(
-        [
-          loadExtension({
-            extensionDir: installedExtensionDir,
-            workspaceDir: tempWorkspaceDir,
-          })!,
-        ],
-        process.cwd(),
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-      )[0];
-      const dispatch = vi.fn();
-      await checkForAllExtensionUpdates([extension], dispatch);
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: 'local-extension',
-          state: ExtensionUpdateState.UP_TO_DATE,
-        },
-      });
-    });
-
-    it('should return UpdateAvailable for a local extension with updates', async () => {
-      const localExtensionSourcePath = path.join(tempHomeDir, 'local-source');
-      const sourceExtensionDir = createExtension({
-        extensionsDir: localExtensionSourcePath,
-        name: 'my-local-ext',
-        version: '1.1.0',
-      });
-
-      const installedExtensionDir = createExtension({
-        extensionsDir: userExtensionsDir,
-        name: 'local-extension',
-        version: '1.0.0',
-        installMetadata: { source: sourceExtensionDir, type: 'local' },
-      });
-      const extension = annotateActiveExtensions(
-        [
-          loadExtension({
-            extensionDir: installedExtensionDir,
-            workspaceDir: tempWorkspaceDir,
-          })!,
-        ],
-        process.cwd(),
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-      )[0];
-      const dispatch = vi.fn();
-      await checkForAllExtensionUpdates([extension], dispatch);
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: 'local-extension',
-          state: ExtensionUpdateState.UPDATE_AVAILABLE,
-        },
-      });
-    });
-
-    it('should return Error when git check fails', async () => {
-      const extensionDir = createExtension({
-        extensionsDir: userExtensionsDir,
-        name: 'error-extension',
-        version: '1.0.0',
-        installMetadata: {
-          source: 'https://some.git/repo',
-          type: 'git',
-        },
-      });
-      const extension = annotateActiveExtensions(
-        [
-          loadExtension({
-            extensionDir,
-            workspaceDir: tempWorkspaceDir,
-          })!,
-        ],
-        process.cwd(),
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
-      )[0];
-
-      mockGit.getRemotes.mockRejectedValue(new Error('Git error'));
-
-      const dispatch = vi.fn();
-      await checkForAllExtensionUpdates([extension], dispatch);
-      expect(dispatch).toHaveBeenCalledWith({
-        type: 'SET_STATE',
-        payload: {
-          name: 'error-extension',
-          state: ExtensionUpdateState.ERROR,
-        },
-      });
-    });
-  });
-});
--- a/packages/cli/src/config/extensions/update.ts
+++ b/packages/cli/src/config/extensions/update.ts
@@ -1,182 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import {
-  type ExtensionUpdateAction,
-  ExtensionUpdateState,
-  type ExtensionUpdateStatus,
-} from '../../ui/state/extensions.js';
-import {
-  copyExtension,
-  installExtension,
-  uninstallExtension,
-  loadExtension,
-  loadInstallMetadata,
-  ExtensionStorage,
-  loadExtensionConfig,
-} from '../extension.js';
-import { checkForExtensionUpdate } from './github.js';
-import type { GeminiCLIExtension } from '@qwen-code/qwen-code-core';
-import * as fs from 'node:fs';
-import { getErrorMessage } from '../../utils/errors.js';
-
-export interface ExtensionUpdateInfo {
-  name: string;
-  originalVersion: string;
-  updatedVersion: string;
-}
-
-export async function updateExtension(
-  extension: GeminiCLIExtension,
-  cwd: string = process.cwd(),
-  requestConsent: (consent: string) => Promise<boolean>,
-  currentState: ExtensionUpdateState,
-  dispatchExtensionStateUpdate: (action: ExtensionUpdateAction) => void,
-): Promise<ExtensionUpdateInfo | undefined> {
-  if (currentState === ExtensionUpdateState.UPDATING) {
-    return undefined;
-  }
-  dispatchExtensionStateUpdate({
-    type: 'SET_STATE',
-    payload: { name: extension.name, state: ExtensionUpdateState.UPDATING },
-  });
-  const installMetadata = loadInstallMetadata(extension.path);
-
-  if (!installMetadata?.type) {
-    dispatchExtensionStateUpdate({
-      type: 'SET_STATE',
-      payload: { name: extension.name, state: ExtensionUpdateState.ERROR },
-    });
-    throw new Error(
-      `Extension ${extension.name} cannot be updated, type is unknown.`,
-    );
-  }
-  if (installMetadata?.type === 'link') {
-    dispatchExtensionStateUpdate({
-      type: 'SET_STATE',
-      payload: { name: extension.name, state: ExtensionUpdateState.UP_TO_DATE },
-    });
-    throw new Error(`Extension is linked so does not need to be updated`);
-  }
-  const originalVersion = extension.version;
-
-  const tempDir = await ExtensionStorage.createTmpDir();
-  try {
-    await copyExtension(extension.path, tempDir);
-    const previousExtensionConfig = await loadExtensionConfig({
-      extensionDir: extension.path,
-      workspaceDir: cwd,
-    });
-    await uninstallExtension(extension.name, cwd);
-    await installExtension(
-      installMetadata,
-      requestConsent,
-      cwd,
-      previousExtensionConfig,
-    );
-
-    const updatedExtensionStorage = new ExtensionStorage(extension.name);
-    const updatedExtension = loadExtension({
-      extensionDir: updatedExtensionStorage.getExtensionDir(),
-      workspaceDir: cwd,
-    });
-    if (!updatedExtension) {
-      dispatchExtensionStateUpdate({
-        type: 'SET_STATE',
-        payload: { name: extension.name, state: ExtensionUpdateState.ERROR },
-      });
-      throw new Error('Updated extension not found after installation.');
-    }
-    const updatedVersion = updatedExtension.config.version;
-    dispatchExtensionStateUpdate({
-      type: 'SET_STATE',
-      payload: {
-        name: extension.name,
-        state: ExtensionUpdateState.UPDATED_NEEDS_RESTART,
-      },
-    });
-    return {
-      name: extension.name,
-      originalVersion,
-      updatedVersion,
-    };
-  } catch (e) {
-    console.error(
-      `Error updating extension, rolling back. ${getErrorMessage(e)}`,
-    );
-    dispatchExtensionStateUpdate({
-      type: 'SET_STATE',
-      payload: { name: extension.name, state: ExtensionUpdateState.ERROR },
-    });
-    await copyExtension(tempDir, extension.path);
-    throw e;
-  } finally {
-    await fs.promises.rm(tempDir, { recursive: true, force: true });
-  }
-}
-
-export async function updateAllUpdatableExtensions(
-  cwd: string = process.cwd(),
-  requestConsent: (consent: string) => Promise<boolean>,
-  extensions: GeminiCLIExtension[],
-  extensionsState: Map<string, ExtensionUpdateStatus>,
-  dispatch: (action: ExtensionUpdateAction) => void,
-): Promise<ExtensionUpdateInfo[]> {
-  return (
-    await Promise.all(
-      extensions
-        .filter(
-          (extension) =>
-            extensionsState.get(extension.name)?.status ===
-            ExtensionUpdateState.UPDATE_AVAILABLE,
-        )
-        .map((extension) =>
-          updateExtension(
-            extension,
-            cwd,
-            requestConsent,
-            extensionsState.get(extension.name)!.status,
-            dispatch,
-          ),
-        ),
-    )
-  ).filter((updateInfo) => !!updateInfo);
-}
-
-export interface ExtensionUpdateCheckResult {
-  state: ExtensionUpdateState;
-  error?: string;
-}
-
-export async function checkForAllExtensionUpdates(
-  extensions: GeminiCLIExtension[],
-  dispatch: (action: ExtensionUpdateAction) => void,
-): Promise<void> {
-  dispatch({ type: 'BATCH_CHECK_START' });
-  const promises: Array<Promise<void>> = [];
-  for (const extension of extensions) {
-    if (!extension.installMetadata) {
-      dispatch({
-        type: 'SET_STATE',
-        payload: {
-          name: extension.name,
-          state: ExtensionUpdateState.NOT_UPDATABLE,
-        },
-      });
-      continue;
-    }
-    promises.push(
-      checkForExtensionUpdate(extension, (updatedState) => {
-        dispatch({
-          type: 'SET_STATE',
-          payload: { name: extension.name, state: updatedState },
-        });
-      }),
-    );
-  }
-  await Promise.all(promises);
-  dispatch({ type: 'BATCH_CHECK_END' });
-}
--- a/packages/cli/src/config/keyBindings.ts
+++ b/packages/cli/src/config/keyBindings.ts
@@ -122,9 +122,10 @@ export const defaultKeyBindings: KeyBindingConfig = {

  // Auto-completion
  [Command.ACCEPT_SUGGESTION]: [{ key: 'tab' }, { key: 'return', ctrl: false }],
-  // Completion navigation (arrow or Ctrl+P/N)
-  [Command.COMPLETION_UP]: [{ key: 'up' }, { key: 'p', ctrl: true }],
-  [Command.COMPLETION_DOWN]: [{ key: 'down' }, { key: 'n', ctrl: true }],
+  // Completion navigation uses only arrow keys
+  // Ctrl+P/N are reserved for history navigation (HISTORY_UP/DOWN)
+  [Command.COMPLETION_UP]: [{ key: 'up' }],
+  [Command.COMPLETION_DOWN]: [{ key: 'down' }],

  // Text input
  // Must also exclude shift to allow shift+enter for newline
--- a/packages/cli/src/config/modelProvidersScope.test.ts
+++ b/packages/cli/src/config/modelProvidersScope.test.ts
@@ -0,0 +1,87 @@
+/**
+ * @license
+ * Copyright 2025 Qwen Team
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, expect, it } from 'vitest';
+import { SettingScope } from './settings.js';
+import { getPersistScopeForModelSelection } from './modelProvidersScope.js';
+
+function makeSettings({
+  isTrusted,
+  userModelProviders,
+  workspaceModelProviders,
+}: {
+  isTrusted: boolean;
+  userModelProviders?: unknown;
+  workspaceModelProviders?: unknown;
+}) {
+  const userSettings: Record<string, unknown> = {};
+  const workspaceSettings: Record<string, unknown> = {};
+
+  // When undefined, treat as "not present in this scope" (the key is omitted),
+  // matching how LoadedSettings is shaped when a settings file doesn't define it.
+  if (userModelProviders !== undefined) {
+    userSettings['modelProviders'] = userModelProviders;
+  }
+  if (workspaceModelProviders !== undefined) {
+    workspaceSettings['modelProviders'] = workspaceModelProviders;
+  }
+
+  return {
+    isTrusted,
+    user: { settings: userSettings },
+    workspace: { settings: workspaceSettings },
+  } as unknown as import('./settings.js').LoadedSettings;
+}
+
+describe('getPersistScopeForModelSelection', () => {
+  it('prefers workspace when trusted and workspace defines modelProviders', () => {
+    const settings = makeSettings({
+      isTrusted: true,
+      workspaceModelProviders: {},
+      userModelProviders: { anything: true },
+    });
+
+    expect(getPersistScopeForModelSelection(settings)).toBe(
+      SettingScope.Workspace,
+    );
+  });
+
+  it('falls back to user when workspace does not define modelProviders', () => {
+    const settings = makeSettings({
+      isTrusted: true,
+      workspaceModelProviders: undefined,
+      userModelProviders: {},
+    });
+
+    expect(getPersistScopeForModelSelection(settings)).toBe(SettingScope.User);
+  });
+
+  it('ignores workspace modelProviders when workspace is untrusted', () => {
+    const settings = makeSettings({
+      isTrusted: false,
+      workspaceModelProviders: {},
+      userModelProviders: undefined,
+    });
+
+    expect(getPersistScopeForModelSelection(settings)).toBe(SettingScope.User);
+  });
+
+  it('falls back to legacy trust heuristic when neither scope defines modelProviders', () => {
+    const trusted = makeSettings({
+      isTrusted: true,
+      userModelProviders: undefined,
+      workspaceModelProviders: undefined,
+    });
+    expect(getPersistScopeForModelSelection(trusted)).toBe(SettingScope.User);
+
+    const untrusted = makeSettings({
+      isTrusted: false,
+      userModelProviders: undefined,
+      workspaceModelProviders: undefined,
+    });
+    expect(getPersistScopeForModelSelection(untrusted)).toBe(SettingScope.User);
+  });
+});
--- a/packages/cli/src/config/modelProvidersScope.ts
+++ b/packages/cli/src/config/modelProvidersScope.ts
@@ -0,0 +1,48 @@
+/**
+ * @license
+ * Copyright 2025 Qwen Team
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { SettingScope, type LoadedSettings } from './settings.js';
+
+function hasOwnModelProviders(settingsObj: unknown): boolean {
+  if (!settingsObj || typeof settingsObj !== 'object') {
+    return false;
+  }
+  const obj = settingsObj as Record<string, unknown>;
+  // Treat an explicitly configured empty object (modelProviders: {}) as "owned"
+  // by this scope, which is important when mergeStrategy is REPLACE.
+  return Object.prototype.hasOwnProperty.call(obj, 'modelProviders');
+}
+
+/**
+ * Returns which writable scope (Workspace/User) owns the effective modelProviders
+ * configuration.
+ *
+ * Note: Workspace scope is only considered when the workspace is trusted.
+ */
+export function getModelProvidersOwnerScope(
+  settings: LoadedSettings,
+): SettingScope | undefined {
+  if (settings.isTrusted && hasOwnModelProviders(settings.workspace.settings)) {
+    return SettingScope.Workspace;
+  }
+
+  if (hasOwnModelProviders(settings.user.settings)) {
+    return SettingScope.User;
+  }
+
+  return undefined;
+}
+
+/**
+ * Choose the settings scope to persist a model selection.
+ * Prefer persisting back to the scope that contains the effective modelProviders
+ * config, otherwise fall back to the legacy trust-based heuristic.
+ */
+export function getPersistScopeForModelSelection(
+  settings: LoadedSettings,
+): SettingScope {
+  return getModelProvidersOwnerScope(settings) ?? SettingScope.User;
+}
--- a/packages/cli/src/config/settings.test.ts
+++ b/packages/cli/src/config/settings.test.ts
@@ -51,10 +51,10 @@ import {
 import * as fs from 'node:fs'; // fs will be mocked separately
 import stripJsonComments from 'strip-json-comments'; // Will be mocked separately
 import { isWorkspaceTrusted } from './trustedFolders.js';
-import { disableExtension } from './extension.js';

 // These imports will get the versions from the vi.mock('./settings.js', ...) factory.
 import {
+  getSettingsWarnings,
  loadSettings,
  USER_SETTINGS_PATH, // This IS the mocked path.
  getSystemSettingsPath,
@@ -64,8 +64,6 @@ import {
  needsMigration,
  type Settings,
  loadEnvironment,
-  migrateDeprecatedSettings,
-  SettingScope,
  SETTINGS_VERSION,
  SETTINGS_VERSION_KEY,
 } from './settings.js';
@@ -418,6 +416,86 @@ describe('Settings Loading and Merging', () => {
      });
    });

+    it('should warn about ignored legacy keys in a v2 settings file', () => {
+      (mockFsExistsSync as Mock).mockImplementation(
+        (p: fs.PathLike) => p === USER_SETTINGS_PATH,
+      );
+      const userSettingsContent = {
+        [SETTINGS_VERSION_KEY]: SETTINGS_VERSION,
+        usageStatisticsEnabled: false,
+      };
+      (fs.readFileSync as Mock).mockImplementation(
+        (p: fs.PathOrFileDescriptor) => {
+          if (p === USER_SETTINGS_PATH)
+            return JSON.stringify(userSettingsContent);
+          return '{}';
+        },
+      );
+
+      const settings = loadSettings(MOCK_WORKSPACE_DIR);
+
+      expect(getSettingsWarnings(settings)).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining(
+            "Legacy setting 'usageStatisticsEnabled' will be ignored",
+          ),
+        ]),
+      );
+      expect(getSettingsWarnings(settings)).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining("'privacy.usageStatisticsEnabled'"),
+        ]),
+      );
+    });
+
+    it('should warn about unknown top-level keys in a v2 settings file', () => {
+      (mockFsExistsSync as Mock).mockImplementation(
+        (p: fs.PathLike) => p === USER_SETTINGS_PATH,
+      );
+      const userSettingsContent = {
+        [SETTINGS_VERSION_KEY]: SETTINGS_VERSION,
+        someUnknownKey: 'value',
+      };
+      (fs.readFileSync as Mock).mockImplementation(
+        (p: fs.PathOrFileDescriptor) => {
+          if (p === USER_SETTINGS_PATH)
+            return JSON.stringify(userSettingsContent);
+          return '{}';
+        },
+      );
+
+      const settings = loadSettings(MOCK_WORKSPACE_DIR);
+
+      expect(getSettingsWarnings(settings)).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining(
+            "Unknown setting 'someUnknownKey' will be ignored",
+          ),
+        ]),
+      );
+    });
+
+    it('should not warn for valid v2 container keys', () => {
+      (mockFsExistsSync as Mock).mockImplementation(
+        (p: fs.PathLike) => p === USER_SETTINGS_PATH,
+      );
+      const userSettingsContent = {
+        [SETTINGS_VERSION_KEY]: SETTINGS_VERSION,
+        model: { name: 'qwen-coder' },
+      };
+      (fs.readFileSync as Mock).mockImplementation(
+        (p: fs.PathOrFileDescriptor) => {
+          if (p === USER_SETTINGS_PATH)
+            return JSON.stringify(userSettingsContent);
+          return '{}';
+        },
+      );
+
+      const settings = loadSettings(MOCK_WORKSPACE_DIR);
+
+      expect(getSettingsWarnings(settings)).toEqual([]);
+    });
+
    it('should rewrite allowedTools to tools.allowed during migration', () => {
      (mockFsExistsSync as Mock).mockImplementation(
        (p: fs.PathLike) => p === USER_SETTINGS_PATH,
@@ -2649,122 +2727,4 @@ describe('Settings Loading and Merging', () => {
      });
    });
  });
-
-  describe('migrateDeprecatedSettings', () => {
-    let mockFsExistsSync: Mocked<typeof fs.existsSync>;
-    let mockFsReadFileSync: Mocked<typeof fs.readFileSync>;
-    let mockDisableExtension: Mocked<typeof disableExtension>;
-
-    beforeEach(() => {
-      vi.resetAllMocks();
-
-      mockFsExistsSync = vi.mocked(fs.existsSync);
-      mockFsReadFileSync = vi.mocked(fs.readFileSync);
-      mockDisableExtension = vi.mocked(disableExtension);
-
-      (mockFsExistsSync as Mock).mockReturnValue(true);
-      vi.mocked(isWorkspaceTrusted).mockReturnValue(true);
-    });
-
-    afterEach(() => {
-      vi.restoreAllMocks();
-    });
-
-    it('should migrate disabled extensions from user and workspace settings', () => {
-      const userSettingsContent = {
-        extensions: {
-          disabled: ['user-ext-1', 'shared-ext'],
-        },
-      };
-      const workspaceSettingsContent = {
-        extensions: {
-          disabled: ['workspace-ext-1', 'shared-ext'],
-        },
-      };
-
-      (mockFsReadFileSync as Mock).mockImplementation(
-        (p: fs.PathOrFileDescriptor) => {
-          if (p === USER_SETTINGS_PATH)
-            return JSON.stringify(userSettingsContent);
-          if (p === MOCK_WORKSPACE_SETTINGS_PATH)
-            return JSON.stringify(workspaceSettingsContent);
-          return '{}';
-        },
-      );
-
-      const loadedSettings = loadSettings(MOCK_WORKSPACE_DIR);
-      const setValueSpy = vi.spyOn(loadedSettings, 'setValue');
-
-      migrateDeprecatedSettings(loadedSettings, MOCK_WORKSPACE_DIR);
-
-      // Check user settings migration
-      expect(mockDisableExtension).toHaveBeenCalledWith(
-        'user-ext-1',
-        SettingScope.User,
-        MOCK_WORKSPACE_DIR,
-      );
-      expect(mockDisableExtension).toHaveBeenCalledWith(
-        'shared-ext',
-        SettingScope.User,
-        MOCK_WORKSPACE_DIR,
-      );
-
-      // Check workspace settings migration
-      expect(mockDisableExtension).toHaveBeenCalledWith(
-        'workspace-ext-1',
-        SettingScope.Workspace,
-        MOCK_WORKSPACE_DIR,
-      );
-      expect(mockDisableExtension).toHaveBeenCalledWith(
-        'shared-ext',
-        SettingScope.Workspace,
-        MOCK_WORKSPACE_DIR,
-      );
-
-      // Check that setValue was called to remove the deprecated setting
-      expect(setValueSpy).toHaveBeenCalledWith(
-        SettingScope.User,
-        'extensions',
-        {
-          disabled: undefined,
-        },
-      );
-      expect(setValueSpy).toHaveBeenCalledWith(
-        SettingScope.Workspace,
-        'extensions',
-        {
-          disabled: undefined,
-        },
-      );
-    });
-
-    it('should not do anything if there are no deprecated settings', () => {
-      const userSettingsContent = {
-        extensions: {
-          enabled: ['user-ext-1'],
-        },
-      };
-      const workspaceSettingsContent = {
-        someOtherSetting: 'value',
-      };
-
-      (mockFsReadFileSync as Mock).mockImplementation(
-        (p: fs.PathOrFileDescriptor) => {
-          if (p === USER_SETTINGS_PATH)
-            return JSON.stringify(userSettingsContent);
-          if (p === MOCK_WORKSPACE_SETTINGS_PATH)
-            return JSON.stringify(workspaceSettingsContent);
-          return '{}';
-        },
-      );
-
-      const loadedSettings = loadSettings(MOCK_WORKSPACE_DIR);
-      const setValueSpy = vi.spyOn(loadedSettings, 'setValue');
-
-      migrateDeprecatedSettings(loadedSettings, MOCK_WORKSPACE_DIR);
-
-      expect(mockDisableExtension).not.toHaveBeenCalled();
-      expect(setValueSpy).not.toHaveBeenCalled();
-    });
-  });
 });
--- a/packages/cli/src/config/settings.ts
+++ b/packages/cli/src/config/settings.ts
@@ -30,7 +30,6 @@ import {
 import { resolveEnvVarsInObject } from '../utils/envVarResolver.js';
 import { customDeepMerge, type MergeableObject } from '../utils/deepMerge.js';
 import { updateSettingsFilePreservingFormat } from '../utils/commentJson.js';
-import { disableExtension } from './extension.js';

 function getMergeStrategyForPath(path: string[]): MergeStrategy | undefined {
  let current: SettingDefinition | undefined = undefined;
@@ -81,7 +80,6 @@ const MIGRATION_MAP: Record<string, string> = {
  excludeTools: 'tools.exclude',
  excludeMCPServers: 'mcp.excluded',
  excludedProjectEnvVars: 'advanced.excludedEnvVars',
-  extensionManagement: 'experimental.extensionManagement',
  extensions: 'extensions',
  fileFiltering: 'context.fileFiltering',
  folderTrustFeature: 'security.folderTrust.featureEnabled',
@@ -106,7 +104,6 @@ const MIGRATION_MAP: Record<string, string> = {
  mcpServers: 'mcpServers',
  mcpServerCommand: 'mcp.serverCommand',
  memoryImportFormat: 'context.importFormat',
-  memoryDiscoveryMaxDirs: 'context.discoveryMaxDirs',
  model: 'model.name',
  preferredEditor: 'general.preferredEditor',
  sandbox: 'tools.sandbox',
@@ -344,6 +341,97 @@ const KNOWN_V2_CONTAINERS = new Set(
  Object.values(MIGRATION_MAP).map((path) => path.split('.')[0]),
 );

+function getSettingsFileKeyWarnings(
+  settings: Record<string, unknown>,
+  settingsFilePath: string,
+): string[] {
+  const version = settings[SETTINGS_VERSION_KEY];
+  if (typeof version !== 'number' || version < SETTINGS_VERSION) {
+    return [];
+  }
+
+  const warnings: string[] = [];
+  const ignoredLegacyKeys = new Set<string>();
+
+  // Ignored legacy keys (V1 top-level keys that moved to a nested V2 path).
+  for (const [oldKey, newPath] of Object.entries(MIGRATION_MAP)) {
+    if (oldKey === newPath) {
+      continue;
+    }
+    if (!(oldKey in settings)) {
+      continue;
+    }
+
+    const oldValue = settings[oldKey];
+
+    // If this key is a V2 container (like 'model') and it's already an object,
+    // it's likely already in V2 format. Don't warn.
+    if (
+      KNOWN_V2_CONTAINERS.has(oldKey) &&
+      typeof oldValue === 'object' &&
+      oldValue !== null &&
+      !Array.isArray(oldValue)
+    ) {
+      continue;
+    }
+
+    ignoredLegacyKeys.add(oldKey);
+    warnings.push(
+      `⚠️  Legacy setting '${oldKey}' will be ignored in ${settingsFilePath}. Please use '${newPath}' instead.`,
+    );
+  }
+
+  // Unknown top-level keys.
+  const schemaKeys = new Set(Object.keys(getSettingsSchema()));
+  for (const key of Object.keys(settings)) {
+    if (key === SETTINGS_VERSION_KEY) {
+      continue;
+    }
+    if (ignoredLegacyKeys.has(key)) {
+      continue;
+    }
+    if (schemaKeys.has(key)) {
+      continue;
+    }
+
+    warnings.push(
+      `⚠️  Unknown setting '${key}' will be ignored in ${settingsFilePath}.`,
+    );
+  }
+
+  return warnings;
+}
+
+/**
+ * Collects warnings for ignored legacy and unknown settings keys.
+ *
+ * For `$version: 2` settings files, we do not apply implicit migrations.
+ * Instead, we surface actionable, de-duplicated warnings in the terminal UI.
+ */
+export function getSettingsWarnings(loadedSettings: LoadedSettings): string[] {
+  const warningSet = new Set<string>();
+
+  for (const scope of [SettingScope.User, SettingScope.Workspace]) {
+    const settingsFile = loadedSettings.forScope(scope);
+    if (settingsFile.rawJson === undefined) {
+      continue; // File not present / not loaded.
+    }
+    const settingsObject = settingsFile.originalSettings as unknown as Record<
+      string,
+      unknown
+    >;
+
+    for (const warning of getSettingsFileKeyWarnings(
+      settingsObject,
+      settingsFile.path,
+    )) {
+      warningSet.add(warning);
+    }
+  }
+
+  return [...warningSet];
+}
+
 export function migrateSettingsToV1(
  v2Settings: Record<string, unknown>,
 ): Record<string, unknown> {
@@ -814,22 +902,22 @@ export function loadSettings(

 export function migrateDeprecatedSettings(
  loadedSettings: LoadedSettings,
-  workspaceDir: string = process.cwd(),
 ): void {
  const processScope = (scope: SettingScope) => {
    const settings = loadedSettings.forScope(scope).settings;
-    if (settings.extensions?.disabled) {
-      console.log(
-        `Migrating deprecated extensions.disabled settings from ${scope} settings...`,
-      );
-      for (const extension of settings.extensions.disabled ?? []) {
-        disableExtension(extension, scope, workspaceDir);
+    const legacySkills = (
+      settings as Settings & {
+        tools?: { experimental?: { skills?: boolean } };
      }
-
-      const newExtensionsValue = { ...settings.extensions };
-      newExtensionsValue.disabled = undefined;
-
-      loadedSettings.setValue(scope, 'extensions', newExtensionsValue);
+    ).tools?.experimental?.skills;
+    if (
+      legacySkills !== undefined &&
+      settings.experimental?.skills === undefined
+    ) {
+      console.log(
+        `Migrating deprecated tools.experimental.skills setting from ${scope} settings...`,
+      );
+      loadedSettings.setValue(scope, 'experimental.skills', legacySkills);
    }
  };

--- a/packages/cli/src/config/settingsSchema.ts
+++ b/packages/cli/src/config/settingsSchema.ts
@@ -10,6 +10,7 @@ import type {
  TelemetrySettings,
  AuthType,
  ChatCompressionSettings,
+  ModelProvidersConfig,
 } from '@qwen-code/qwen-code-core';
 import {
  ApprovalMode,
@@ -102,6 +103,19 @@ const SETTINGS_SCHEMA = {
    mergeStrategy: MergeStrategy.SHALLOW_MERGE,
  },

+  // Model providers configuration grouped by authType
+  modelProviders: {
+    type: 'object',
+    label: 'Model Providers',
+    category: 'Model',
+    requiresRestart: false,
+    default: {} as ModelProvidersConfig,
+    description:
+      'Model providers configuration grouped by authType. Each authType contains an array of model configurations.',
+    showInDialog: false,
+    mergeStrategy: MergeStrategy.REPLACE,
+  },
+
  general: {
    type: 'object',
    label: 'General',
@@ -420,6 +434,16 @@ const SETTINGS_SCHEMA = {
          'Show welcome back dialog when returning to a project with conversation history.',
        showInDialog: true,
      },
+      enableUserFeedback: {
+        type: 'boolean',
+        label: 'Enable User Feedback',
+        category: 'UI',
+        requiresRestart: false,
+        default: true,
+        description:
+          'Show optional feedback dialog after conversations to help improve Qwen performance.',
+        showInDialog: true,
+      },
      accessibility: {
        type: 'object',
        label: 'Accessibility',
@@ -450,6 +474,15 @@ const SETTINGS_SCHEMA = {
          },
        },
      },
+      feedbackLastShownTimestamp: {
+        type: 'number',
+        label: 'Feedback Last Shown Timestamp',
+        category: 'UI',
+        requiresRestart: false,
+        default: 0,
+        description: 'The last time the feedback dialog was shown.',
+        showInDialog: false,
+      },
    },
  },

@@ -708,15 +741,6 @@ const SETTINGS_SCHEMA = {
        description: 'The format to use when importing memory.',
        showInDialog: false,
      },
-      discoveryMaxDirs: {
-        type: 'number',
-        label: 'Memory Discovery Max Dirs',
-        category: 'Context',
-        requiresRestart: false,
-        default: 200,
-        description: 'Maximum number of directories to search for memory.',
-        showInDialog: true,
-      },
      includeDirectories: {
        type: 'array',
        label: 'Include Directories',
@@ -1193,14 +1217,15 @@ const SETTINGS_SCHEMA = {
    description: 'Setting to enable experimental features',
    showInDialog: false,
    properties: {
-      extensionManagement: {
+      skills: {
        type: 'boolean',
-        label: 'Extension Management',
+        label: 'Skills',
        category: 'Experimental',
        requiresRestart: true,
-        default: true,
-        description: 'Enable extension management features.',
-        showInDialog: false,
+        default: false,
+        description:
+          'Enable experimental Agent Skills feature. When enabled, Qwen Code can use Skills from .qwen/skills/ and ~/.qwen/skills/.',
+        showInDialog: true,
      },
      visionModelPreview: {
        type: 'boolean',
@@ -1224,39 +1249,6 @@ const SETTINGS_SCHEMA = {
      },
    },
  },
-
-  extensions: {
-    type: 'object',
-    label: 'Extensions',
-    category: 'Extensions',
-    requiresRestart: true,
-    default: {},
-    description: 'Settings for extensions.',
-    showInDialog: false,
-    properties: {
-      disabled: {
-        type: 'array',
-        label: 'Disabled Extensions',
-        category: 'Extensions',
-        requiresRestart: true,
-        default: [] as string[],
-        description: 'List of disabled extensions.',
-        showInDialog: false,
-        mergeStrategy: MergeStrategy.UNION,
-      },
-      workspacesWithMigrationNudge: {
-        type: 'array',
-        label: 'Workspaces with Migration Nudge',
-        category: 'Extensions',
-        requiresRestart: false,
-        default: [] as string[],
-        description:
-          'List of workspaces for which the migration nudge has been shown.',
-        showInDialog: false,
-        mergeStrategy: MergeStrategy.UNION,
-      },
-    },
-  },
 } as const satisfies SettingsSchema;

 export type SettingsSchemaType = typeof SETTINGS_SCHEMA;
--- a/packages/cli/src/core/initializer.ts
+++ b/packages/cli/src/core/initializer.ts
@@ -45,7 +45,9 @@ export async function initializeApp(
  // Auto-detect and set LLM output language on first use
  initializeLlmOutputLanguage();

-  const authType = settings.merged.security?.auth?.selectedType;
+  // Use authType from modelsConfig which respects CLI --auth-type argument
+  // over settings.security.auth.selectedType
+  const authType = config.modelsConfig.getCurrentAuthType();
  const authError = await performInitialAuth(config, authType);

  // Fallback to user select when initial authentication fails
@@ -59,7 +61,7 @@ export async function initializeApp(
  const themeError = validateTheme(settings);

  const shouldOpenAuthDialog =
-    settings.merged.security?.auth?.selectedType === undefined || !!authError;
+    !config.modelsConfig.wasAuthTypeExplicitlyProvided() || !!authError;

  if (config.getIdeMode()) {
    const ideClient = await IdeClient.getInstance();
--- a/packages/cli/src/gemini.test.tsx
+++ b/packages/cli/src/gemini.test.tsx
@@ -87,6 +87,15 @@ vi.mock('./config/sandboxConfig.js', () => ({
  loadSandboxConfig: vi.fn(),
 }));

+vi.mock('./core/initializer.js', () => ({
+  initializeApp: vi.fn().mockResolvedValue({
+    authError: null,
+    themeError: null,
+    shouldOpenAuthDialog: false,
+    geminiMdFileCount: 0,
+  }),
+}));
+
 describe('gemini.tsx main function', () => {
  let originalEnvGeminiSandbox: string | undefined;
  let originalEnvSandbox: string | undefined;
@@ -262,7 +271,6 @@ describe('gemini.tsx main function', () => {
    );
    const { loadSettings } = await import('./config/settings.js');
    const cleanupModule = await import('./utils/cleanup.js');
-    const extensionModule = await import('./config/extension.js');
    const validatorModule = await import('./validateNonInterActiveAuth.js');
    const streamJsonModule = await import('./nonInteractive/session.js');
    const initializerModule = await import('./core/initializer.js');
@@ -275,11 +283,6 @@ describe('gemini.tsx main function', () => {
    vi.mocked(cleanupModule.registerCleanup).mockImplementation(() => {});
    const runExitCleanupMock = vi.mocked(cleanupModule.runExitCleanup);
    runExitCleanupMock.mockResolvedValue(undefined);
-    vi.spyOn(extensionModule, 'loadExtensions').mockReturnValue([]);
-    vi.spyOn(
-      extensionModule.ExtensionStorage,
-      'getUserExtensionsDir',
-    ).mockReturnValue('/tmp/extensions');
    vi.spyOn(initializerModule, 'initializeApp').mockResolvedValue({
      authError: null,
      themeError: null,
@@ -362,7 +365,6 @@ describe('gemini.tsx main function', () => {
    expect(inputArg).toBe('hello stream');

    expect(validateAuthSpy).toHaveBeenCalledWith(
-      undefined,
      undefined,
      configStub,
      expect.any(Object),
--- a/packages/cli/src/gemini.tsx
+++ b/packages/cli/src/gemini.tsx
@@ -4,7 +4,7 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import type { Config, AuthType } from '@qwen-code/qwen-code-core';
+import type { Config } from '@qwen-code/qwen-code-core';
 import { InputFormat, logUserPrompt } from '@qwen-code/qwen-code-core';
 import { render } from 'ink';
 import dns from 'node:dns';
@@ -15,9 +15,8 @@ import React from 'react';
 import { validateAuthMethod } from './config/auth.js';
 import * as cliConfig from './config/config.js';
 import { loadCliConfig, parseArguments } from './config/config.js';
-import { ExtensionStorage, loadExtensions } from './config/extension.js';
 import type { DnsResolutionOrder, LoadedSettings } from './config/settings.js';
-import { loadSettings, migrateDeprecatedSettings } from './config/settings.js';
+import { getSettingsWarnings, loadSettings } from './config/settings.js';
 import {
  initializeApp,
  type InitializationResult,
@@ -103,7 +102,6 @@ function getNodeMemoryArgs(isDebugMode: boolean): string[] {
  return [];
 }

-import { ExtensionEnablementManager } from './config/extensions/extensionEnablement.js';
 import { loadSandboxConfig } from './config/sandboxConfig.js';
 import { runAcpAgent } from './acp-integration/acpAgent.js';

@@ -202,7 +200,6 @@ export async function startInteractiveUI(
 export async function main() {
  setupUnhandledRejectionHandler();
  const settings = loadSettings();
-  migrateDeprecatedSettings(settings);
  await cleanupCheckpoints();

  let argv = await parseArguments(settings.merged);
@@ -247,27 +244,25 @@ export async function main() {
    if (sandboxConfig) {
      const partialConfig = await loadCliConfig(
        settings.merged,
-        [],
-        new ExtensionEnablementManager(ExtensionStorage.getUserExtensionsDir()),
        argv,
+        undefined,
+        [],
      );

-      if (
-        settings.merged.security?.auth?.selectedType &&
-        !settings.merged.security?.auth?.useExternal
-      ) {
+      if (!settings.merged.security?.auth?.useExternal) {
        // Validate authentication here because the sandbox will interfere with the Oauth2 web redirect.
        try {
-          const err = validateAuthMethod(
-            settings.merged.security.auth.selectedType,
-          );
-          if (err) {
-            throw new Error(err);
-          }
+          const authType = partialConfig.modelsConfig.getCurrentAuthType();
+          // Fresh users may not have selected/persisted an authType yet.
+          // In that case, defer auth prompting/selection to the main interactive flow.
+          if (authType) {
+            const err = validateAuthMethod(authType, partialConfig);
+            if (err) {
+              throw new Error(err);
+            }

-          await partialConfig.refreshAuth(
-            settings.merged.security.auth.selectedType,
-          );
+            await partialConfig.refreshAuth(authType);
+          }
        } catch (err) {
          console.error('Error authenticating:', err);
          process.exit(1);
@@ -333,25 +328,22 @@ export async function main() {
  // to run Gemini CLI. It is now safe to perform expensive initialization that
  // may have side effects.
  {
-    const extensionEnablementManager = new ExtensionEnablementManager(
-      ExtensionStorage.getUserExtensionsDir(),
-      argv.extensions,
-    );
-    const extensions = loadExtensions(extensionEnablementManager);
    const config = await loadCliConfig(
      settings.merged,
-      extensions,
-      extensionEnablementManager,
      argv,
+      process.cwd(),
+      argv.extensions,
    );
+    registerCleanup(() => config.shutdown());

-    if (config.getListExtensions()) {
-      console.log('Installed extensions:');
-      for (const extension of extensions) {
-        console.log(`- ${extension.config.name}`);
-      }
-      process.exit(0);
-    }
+    // FIXME: list extensions after the config initialize
+    // if (config.getListExtensions()) {
+    //   console.log('Installed extensions:');
+    //   for (const extension of extensions) {
+    //     console.log(`- ${extension.config.name}`);
+    //   }
+    //   process.exit(0);
+    // }

    // Setup unified ConsolePatcher based on interactive mode
    const isInteractive = config.isInteractive();
@@ -397,17 +389,20 @@ export async function main() {
    }

    if (config.getExperimentalZedIntegration()) {
-      return runAcpAgent(config, settings, extensions, argv);
+      return runAcpAgent(config, settings, argv);
    }

    let input = config.getQuestion();
    const startupWarnings = [
-      ...(await getStartupWarnings()),
-      ...(await getUserStartupWarnings({
-        workspaceRoot: process.cwd(),
-        useRipgrep: settings.merged.tools?.useRipgrep ?? true,
-        useBuiltinRipgrep: settings.merged.tools?.useBuiltinRipgrep ?? true,
-      })),
+      ...new Set([
+        ...(await getStartupWarnings()),
+        ...(await getUserStartupWarnings({
+          workspaceRoot: process.cwd(),
+          useRipgrep: settings.merged.tools?.useRipgrep ?? true,
+          useBuiltinRipgrep: settings.merged.tools?.useBuiltinRipgrep ?? true,
+        })),
+        ...getSettingsWarnings(settings),
+      ]),
    ];

    // Render UI, passing necessary config values. Check that there is no command line question.
@@ -440,8 +435,6 @@ export async function main() {
    }

    const nonInteractiveConfig = await validateNonInteractiveAuth(
-      (argv.authType as AuthType) ||
-        settings.merged.security?.auth?.selectedType,
      settings.merged.security?.auth?.useExternal,
      config,
      settings,
--- a/packages/cli/src/i18n/locales/de.js
+++ b/packages/cli/src/i18n/locales/de.js
@@ -45,7 +45,8 @@ export default {
  'Initializing...': 'Initialisierung...',
  'Connecting to MCP servers... ({{connected}}/{{total}})':
    'Verbindung zu MCP-Servern wird hergestellt... ({{connected}}/{{total}})',
-  'Type your message or @path/to/file': 'Nachricht eingeben oder @Pfad/zur/Datei',
+  'Type your message or @path/to/file':
+    'Nachricht eingeben oder @Pfad/zur/Datei',
  "Press 'i' for INSERT mode and 'Esc' for NORMAL mode.":
    "Drücken Sie 'i' für den EINFÜGE-Modus und 'Esc' für den NORMAL-Modus.",
  'Cancel operation / Clear input (double press)':
@@ -89,7 +90,8 @@ export default {
  'No tools available': 'Keine Werkzeuge verfügbar',
  'View or change the approval mode for tool usage':
    'Genehmigungsmodus für Werkzeugnutzung anzeigen oder ändern',
-  'View or change the language setting': 'Spracheinstellung anzeigen oder ändern',
+  'View or change the language setting':
+    'Spracheinstellung anzeigen oder ändern',
  'change the theme': 'Design ändern',
  'Select Theme': 'Design auswählen',
  Preview: 'Vorschau',
@@ -149,6 +151,7 @@ export default {
  'Project Level ({{path}})': 'Projektebene ({{path}})',
  'User Level ({{path}})': 'Benutzerebene ({{path}})',
  'Built-in Agents': 'Integrierte Agenten',
+  'Extension Agents': 'Erweiterungs-Agenten',
  'Using: {{count}} agents': 'Verwendet: {{count}} Agenten',
  'View Agent': 'Agent anzeigen',
  'Edit Agent': 'Agent bearbeiten',
@@ -213,14 +216,16 @@ export default {
  'All Tools': 'Alle Werkzeuge',
  'Read-only Tools': 'Nur-Lese-Werkzeuge',
  'Read & Edit Tools': 'Lese- und Bearbeitungswerkzeuge',
-  'Read & Edit & Execution Tools': 'Lese-, Bearbeitungs- und Ausführungswerkzeuge',
+  'Read & Edit & Execution Tools':
+    'Lese-, Bearbeitungs- und Ausführungswerkzeuge',
  'All tools selected, including MCP tools':
    'Alle Werkzeuge ausgewählt, einschließlich MCP-Werkzeuge',
  'Selected tools:': 'Ausgewählte Werkzeuge:',
  'Read-only tools:': 'Nur-Lese-Werkzeuge:',
  'Edit tools:': 'Bearbeitungswerkzeuge:',
  'Execution tools:': 'Ausführungswerkzeuge:',
-  'Step {{n}}: Choose Background Color': 'Schritt {{n}}: Hintergrundfarbe wählen',
+  'Step {{n}}: Choose Background Color':
+    'Schritt {{n}}: Hintergrundfarbe wählen',
  'Step {{n}}: Confirm and Save': 'Schritt {{n}}: Bestätigen und Speichern',
  // Agents - Navigation & Instructions
  'Esc to cancel': 'Esc zum Abbrechen',
@@ -245,14 +250,16 @@ export default {
  'e.g., Reviews code for best practices and potential bugs.':
    'z.B. Überprüft Code auf Best Practices und mögliche Fehler.',
  'Description cannot be empty.': 'Beschreibung darf nicht leer sein.',
-  'Failed to launch editor: {{error}}': 'Fehler beim Starten des Editors: {{error}}',
+  'Failed to launch editor: {{error}}':
+    'Fehler beim Starten des Editors: {{error}}',
  'Failed to save and edit subagent: {{error}}':
    'Fehler beim Speichern und Bearbeiten des Unteragenten: {{error}}',

  // ============================================================================
  // Commands - General (continued)
  // ============================================================================
-  'View and edit Qwen Code settings': 'Qwen Code Einstellungen anzeigen und bearbeiten',
+  'View and edit Qwen Code settings':
+    'Qwen Code Einstellungen anzeigen und bearbeiten',
  Settings: 'Einstellungen',
  '(Use Enter to select{{tabText}})': '(Enter zum Auswählen{{tabText}})',
  ', Tab to change focus': ', Tab zum Fokuswechsel',
@@ -283,6 +290,13 @@ export default {
  'Show Citations': 'Quellenangaben anzeigen',
  'Custom Witty Phrases': 'Benutzerdefinierte Witzige Sprüche',
  'Enable Welcome Back': 'Willkommen-zurück aktivieren',
+  'Enable User Feedback': 'Benutzerfeedback aktivieren',
+  'How is Qwen doing this session? (optional)':
+    'Wie macht sich Qwen in dieser Sitzung? (optional)',
+  Bad: 'Schlecht',
+  Good: 'Gut',
+  'Not Sure Yet': 'Noch nicht sicher',
+  'Any other key': 'Beliebige andere Taste',
  'Disable Loading Phrases': 'Ladesprüche deaktivieren',
  'Screen Reader Mode': 'Bildschirmleser-Modus',
  'IDE Mode': 'IDE-Modus',
@@ -308,7 +322,8 @@ export default {
  'Use Ripgrep': 'Ripgrep verwenden',
  'Use Builtin Ripgrep': 'Integriertes Ripgrep verwenden',
  'Enable Tool Output Truncation': 'Werkzeugausgabe-Kürzung aktivieren',
-  'Tool Output Truncation Threshold': 'Schwellenwert für Werkzeugausgabe-Kürzung',
+  'Tool Output Truncation Threshold':
+    'Schwellenwert für Werkzeugausgabe-Kürzung',
  'Tool Output Truncation Lines': 'Zeilen für Werkzeugausgabe-Kürzung',
  'Folder Trust': 'Ordnervertrauen',
  'Vision Model Preview': 'Vision-Modell-Vorschau',
@@ -341,6 +356,62 @@ export default {
  'List active extensions': 'Aktive Erweiterungen auflisten',
  'Update extensions. Usage: update <extension-names>|--all':
    'Erweiterungen aktualisieren. Verwendung: update <Erweiterungsnamen>|--all',
+  'Disable an extension': 'Erweiterung deaktivieren',
+  'Enable an extension': 'Erweiterung aktivieren',
+  'Install an extension from a git repo or local path':
+    'Erweiterung aus Git-Repository oder lokalem Pfad installieren',
+  'Uninstall an extension': 'Erweiterung deinstallieren',
+  'No extensions installed.': 'Keine Erweiterungen installiert.',
+  'Usage: /extensions update <extension-names>|--all':
+    'Verwendung: /extensions update <Erweiterungsnamen>|--all',
+  'Extension "{{name}}" not found.': 'Erweiterung "{{name}}" nicht gefunden.',
+  'No extensions to update.': 'Keine Erweiterungen zum Aktualisieren.',
+  'Usage: /extensions install <source>':
+    'Verwendung: /extensions install <Quelle>',
+  'Installing extension from "{{source}}"...':
+    'Installiere Erweiterung von "{{source}}"...',
+  'Extension "{{name}}" installed successfully.':
+    'Erweiterung "{{name}}" erfolgreich installiert.',
+  'Failed to install extension from "{{source}}": {{error}}':
+    'Fehler beim Installieren der Erweiterung von "{{source}}": {{error}}',
+  'Usage: /extensions uninstall <extension-name>':
+    'Verwendung: /extensions uninstall <Erweiterungsname>',
+  'Uninstalling extension "{{name}}"...':
+    'Deinstalliere Erweiterung "{{name}}"...',
+  'Extension "{{name}}" uninstalled successfully.':
+    'Erweiterung "{{name}}" erfolgreich deinstalliert.',
+  'Failed to uninstall extension "{{name}}": {{error}}':
+    'Fehler beim Deinstallieren der Erweiterung "{{name}}": {{error}}',
+  'Usage: /extensions {{command}} <extension> [--scope=<user|workspace>]':
+    'Verwendung: /extensions {{command}} <Erweiterung> [--scope=<user|workspace>]',
+  'Unsupported scope "{{scope}}", should be one of "user" or "workspace"':
+    'Nicht unterstützter Bereich "{{scope}}", sollte "user" oder "workspace" sein',
+  'Extension "{{name}}" disabled for scope "{{scope}}"':
+    'Erweiterung "{{name}}" für Bereich "{{scope}}" deaktiviert',
+  'Extension "{{name}}" enabled for scope "{{scope}}"':
+    'Erweiterung "{{name}}" für Bereich "{{scope}}" aktiviert',
+  'Do you want to continue? [Y/n]: ': 'Möchten Sie fortfahren? [Y/n]: ',
+  'Do you want to continue?': 'Möchten Sie fortfahren?',
+  'Installing extension "{{name}}".':
+    'Erweiterung "{{name}}" wird installiert.',
+  '**Extensions may introduce unexpected behavior. Ensure you have investigated the extension source and trust the author.**':
+    '**Erweiterungen können unerwartetes Verhalten verursachen. Stellen Sie sicher, dass Sie die Erweiterungsquelle untersucht haben und dem Autor vertrauen.**',
+  'This extension will run the following MCP servers:':
+    'Diese Erweiterung wird folgende MCP-Server ausführen:',
+  local: 'lokal',
+  remote: 'remote',
+  'This extension will add the following commands: {{commands}}.':
+    'Diese Erweiterung wird folgende Befehle hinzufügen: {{commands}}.',
+  'This extension will append info to your QWEN.md context using {{fileName}}':
+    'Diese Erweiterung wird Informationen zu Ihrem QWEN.md-Kontext mit {{fileName}} hinzufügen',
+  'This extension will exclude the following core tools: {{tools}}':
+    'Diese Erweiterung wird folgende Kernwerkzeuge ausschließen: {{tools}}',
+  'This extension will install the following skills:':
+    'Diese Erweiterung wird folgende Fähigkeiten installieren:',
+  'This extension will install the following subagents:':
+    'Diese Erweiterung wird folgende Unteragenten installieren:',
+  'Installation cancelled for "{{name}}".':
+    'Installation von "{{name}}" abgebrochen.',
  'manage IDE integration': 'IDE-Integration verwalten',
  'check status of IDE integration': 'Status der IDE-Integration prüfen',
  'install required IDE companion for {{ideName}}':
@@ -364,7 +435,8 @@ export default {
  'Failed to parse {{terminalName}} keybindings.json. The file contains invalid JSON. Please fix the file manually or delete it to allow automatic configuration.':
    'Fehler beim Parsen von {{terminalName}} keybindings.json. Die Datei enthält ungültiges JSON. Bitte korrigieren Sie die Datei manuell oder löschen Sie sie, um automatische Konfiguration zu ermöglichen.',
  'Error: {{error}}': 'Fehler: {{error}}',
-  'Shift+Enter binding already exists': 'Umschalt+Enter-Belegung existiert bereits',
+  'Shift+Enter binding already exists':
+    'Umschalt+Enter-Belegung existiert bereits',
  'Ctrl+Enter binding already exists': 'Strg+Enter-Belegung existiert bereits',
  'Existing keybindings detected. Will not modify to avoid conflicts.':
    'Bestehende Tastenbelegungen erkannt. Keine Änderungen, um Konflikte zu vermeiden.',
@@ -398,7 +470,8 @@ export default {
  'Set UI language': 'UI-Sprache festlegen',
  'Set LLM output language': 'LLM-Ausgabesprache festlegen',
  'Usage: /language ui [zh-CN|en-US]': 'Verwendung: /language ui [zh-CN|en-US]',
-  'Usage: /language output <language>': 'Verwendung: /language output <Sprache>',
+  'Usage: /language output <language>':
+    'Verwendung: /language output <Sprache>',
  'Example: /language output 中文': 'Beispiel: /language output Deutsch',
  'Example: /language output English': 'Beispiel: /language output English',
  'Example: /language output 日本語': 'Beispiel: /language output Japanisch',
@@ -419,7 +492,8 @@ export default {
  '  - en-US: English': '  - en-US: Englisch',
  'Set UI language to Simplified Chinese (zh-CN)':
    'UI-Sprache auf Vereinfachtes Chinesisch (zh-CN) setzen',
-  'Set UI language to English (en-US)': 'UI-Sprache auf Englisch (en-US) setzen',
+  'Set UI language to English (en-US)':
+    'UI-Sprache auf Englisch (en-US) setzen',

  // ============================================================================
  // Commands - Approval Mode
@@ -427,7 +501,8 @@ export default {
  'Approval Mode': 'Genehmigungsmodus',
  'Current approval mode: {{mode}}': 'Aktueller Genehmigungsmodus: {{mode}}',
  'Available approval modes:': 'Verfügbare Genehmigungsmodi:',
-  'Approval mode changed to: {{mode}}': 'Genehmigungsmodus geändert zu: {{mode}}',
+  'Approval mode changed to: {{mode}}':
+    'Genehmigungsmodus geändert zu: {{mode}}',
  'Approval mode changed to: {{mode}} (saved to {{scope}} settings{{location}})':
    'Genehmigungsmodus geändert zu: {{mode}} (gespeichert in {{scope}} Einstellungen{{location}})',
  'Usage: /approval-mode <mode> [--session|--user|--project]':
@@ -452,14 +527,16 @@ export default {
    'Fehler beim Ändern des Genehmigungsmodus: {{error}}',
  'Apply to current session only (temporary)':
    'Nur auf aktuelle Sitzung anwenden (temporär)',
-  'Persist for this project/workspace': 'Für dieses Projekt/Arbeitsbereich speichern',
+  'Persist for this project/workspace':
+    'Für dieses Projekt/Arbeitsbereich speichern',
  'Persist for this user on this machine':
    'Für diesen Benutzer auf diesem Computer speichern',
  'Analyze only, do not modify files or execute commands':
    'Nur analysieren, keine Dateien ändern oder Befehle ausführen',
  'Require approval for file edits or shell commands':
    'Genehmigung für Dateibearbeitungen oder Shell-Befehle erforderlich',
-  'Automatically approve file edits': 'Dateibearbeitungen automatisch genehmigen',
+  'Automatically approve file edits':
+    'Dateibearbeitungen automatisch genehmigen',
  'Automatically approve all tools': 'Alle Werkzeuge automatisch genehmigen',
  'Workspace approval mode exists and takes priority. User-level change will have no effect.':
    'Arbeitsbereich-Genehmigungsmodus existiert und hat Vorrang. Benutzerebene-Änderung hat keine Wirkung.',
@@ -475,12 +552,14 @@ export default {
  'Commands for interacting with memory.':
    'Befehle für die Interaktion mit dem Speicher.',
  'Show the current memory contents.': 'Aktuellen Speicherinhalt anzeigen.',
-  'Show project-level memory contents.': 'Projektebene-Speicherinhalt anzeigen.',
+  'Show project-level memory contents.':
+    'Projektebene-Speicherinhalt anzeigen.',
  'Show global memory contents.': 'Globalen Speicherinhalt anzeigen.',
  'Add content to project-level memory.':
    'Inhalt zum Projektebene-Speicher hinzufügen.',
  'Add content to global memory.': 'Inhalt zum globalen Speicher hinzufügen.',
-  'Refresh the memory from the source.': 'Speicher aus der Quelle aktualisieren.',
+  'Refresh the memory from the source.':
+    'Speicher aus der Quelle aktualisieren.',
  'Usage: /memory add --project <text to remember>':
    'Verwendung: /memory add --project <zu merkender Text>',
  'Usage: /memory add --global <text to remember>':
@@ -520,7 +599,8 @@ export default {
    'Konfigurierte MCP-Server und Werkzeuge auflisten',
  'Restarts MCP servers.': 'MCP-Server neu starten.',
  'Config not loaded.': 'Konfiguration nicht geladen.',
-  'Could not retrieve tool registry.': 'Werkzeugregister konnte nicht abgerufen werden.',
+  'Could not retrieve tool registry.':
+    'Werkzeugregister konnte nicht abgerufen werden.',
  'No MCP servers configured with OAuth authentication.':
    'Keine MCP-Server mit OAuth-Authentifizierung konfiguriert.',
  'MCP servers with OAuth authentication:':
@@ -539,7 +619,8 @@ export default {
  // Commands - Chat
  // ============================================================================
  'Manage conversation history.': 'Gesprächsverlauf verwalten.',
-  'List saved conversation checkpoints': 'Gespeicherte Gesprächsprüfpunkte auflisten',
+  'List saved conversation checkpoints':
+    'Gespeicherte Gesprächsprüfpunkte auflisten',
  'No saved conversation checkpoints found.':
    'Keine gespeicherten Gesprächsprüfpunkte gefunden.',
  'List of saved conversations:': 'Liste gespeicherter Gespräche:',
@@ -589,7 +670,8 @@ export default {
    'Kein Chat-Client verfügbar, um Zusammenfassung zu generieren.',
  'Already generating summary, wait for previous request to complete':
    'Zusammenfassung wird bereits generiert, warten Sie auf Abschluss der vorherigen Anfrage',
-  'No conversation found to summarize.': 'Kein Gespräch zum Zusammenfassen gefunden.',
+  'No conversation found to summarize.':
+    'Kein Gespräch zum Zusammenfassen gefunden.',
  'Failed to generate project context summary: {{error}}':
    'Fehler beim Generieren der Projektkontextzusammenfassung: {{error}}',
  'Saved project summary to {{filePathForDisplay}}.':
@@ -605,7 +687,8 @@ export default {
  'Switch the model for this session': 'Modell für diese Sitzung wechseln',
  'Content generator configuration not available.':
    'Inhaltsgenerator-Konfiguration nicht verfügbar.',
-  'Authentication type not available.': 'Authentifizierungstyp nicht verfügbar.',
+  'Authentication type not available.':
+    'Authentifizierungstyp nicht verfügbar.',
  'No models available for the current authentication type ({{authType}}).':
    'Keine Modelle für den aktuellen Authentifizierungstyp ({{authType}}) verfügbar.',

@@ -622,7 +705,8 @@ export default {
  // ============================================================================
  'Already compressing, wait for previous request to complete':
    'Komprimierung läuft bereits, warten Sie auf Abschluss der vorherigen Anfrage',
-  'Failed to compress chat history.': 'Fehler beim Komprimieren des Chatverlaufs.',
+  'Failed to compress chat history.':
+    'Fehler beim Komprimieren des Chatverlaufs.',
  'Failed to compress chat history: {{error}}':
    'Fehler beim Komprimieren des Chatverlaufs: {{error}}',
  'Compressing chat history': 'Chatverlauf wird komprimiert',
@@ -644,10 +728,12 @@ export default {
    'Bitte geben Sie mindestens einen Pfad zum Hinzufügen an.',
  'The /directory add command is not supported in restrictive sandbox profiles. Please use --include-directories when starting the session instead.':
    'Der Befehl /directory add wird in restriktiven Sandbox-Profilen nicht unterstützt. Bitte verwenden Sie --include-directories beim Starten der Sitzung.',
-  "Error adding '{{path}}': {{error}}": "Fehler beim Hinzufügen von '{{path}}': {{error}}",
+  "Error adding '{{path}}': {{error}}":
+    "Fehler beim Hinzufügen von '{{path}}': {{error}}",
  'Successfully added QWEN.md files from the following directories if there are:\n- {{directories}}':
    'QWEN.md-Dateien aus folgenden Verzeichnissen erfolgreich hinzugefügt, falls vorhanden:\n- {{directories}}',
-  'Error refreshing memory: {{error}}': 'Fehler beim Aktualisieren des Speichers: {{error}}',
+  'Error refreshing memory: {{error}}':
+    'Fehler beim Aktualisieren des Speichers: {{error}}',
  'Successfully added directories:\n- {{directories}}':
    'Verzeichnisse erfolgreich hinzugefügt:\n- {{directories}}',
  'Current workspace directories:\n{{directories}}':
@@ -677,7 +763,8 @@ export default {
  'Yes, allow always': 'Ja, immer erlauben',
  'Modify with external editor': 'Mit externem Editor bearbeiten',
  'No, suggest changes (esc)': 'Nein, Änderungen vorschlagen (Esc)',
-  "Allow execution of: '{{command}}'?": "Ausführung erlauben von: '{{command}}'?",
+  "Allow execution of: '{{command}}'?":
+    "Ausführung erlauben von: '{{command}}'?",
  'Yes, allow always ...': 'Ja, immer erlauben ...',
  'Yes, and auto-accept edits': 'Ja, und Änderungen automatisch akzeptieren',
  'Yes, and manually approve edits': 'Ja, und Änderungen manuell genehmigen',
@@ -749,12 +836,14 @@ export default {
  'Qwen OAuth authentication cancelled.':
    'Qwen OAuth-Authentifizierung abgebrochen.',
  'Qwen OAuth Authentication': 'Qwen OAuth-Authentifizierung',
-  'Please visit this URL to authorize:': 'Bitte besuchen Sie diese URL zur Autorisierung:',
+  'Please visit this URL to authorize:':
+    'Bitte besuchen Sie diese URL zur Autorisierung:',
  'Or scan the QR code below:': 'Oder scannen Sie den QR-Code unten:',
  'Waiting for authorization': 'Warten auf Autorisierung',
  'Time remaining:': 'Verbleibende Zeit:',
  '(Press ESC or CTRL+C to cancel)': '(ESC oder STRG+C zum Abbrechen drücken)',
-  'Qwen OAuth Authentication Timeout': 'Qwen OAuth-Authentifizierung abgelaufen',
+  'Qwen OAuth Authentication Timeout':
+    'Qwen OAuth-Authentifizierung abgelaufen',
  'OAuth token expired (over {{seconds}} seconds). Please select authentication method again.':
    'OAuth-Token abgelaufen (über {{seconds}} Sekunden). Bitte wählen Sie erneut eine Authentifizierungsmethode.',
  'Press any key to return to authentication type selection.':
@@ -767,6 +856,22 @@ export default {
    'Authentifizierung abgelaufen. Bitte versuchen Sie es erneut.',
  'Waiting for auth... (Press ESC or CTRL+C to cancel)':
    'Warten auf Authentifizierung... (ESC oder STRG+C zum Abbrechen drücken)',
+  'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.':
+    'API-Schlüssel für OpenAI-kompatible Authentifizierung fehlt. Setzen Sie settings.security.auth.apiKey oder die Umgebungsvariable {{envKeyHint}}.',
+  '{{envKeyHint}} environment variable not found.':
+    'Umgebungsvariable {{envKeyHint}} wurde nicht gefunden.',
+  '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.':
+    'Umgebungsvariable {{envKeyHint}} wurde nicht gefunden. Bitte legen Sie sie in Ihrer .env-Datei oder den Systemumgebungsvariablen fest.',
+  '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.':
+    'Umgebungsvariable {{envKeyHint}} wurde nicht gefunden (oder setzen Sie settings.security.auth.apiKey). Bitte legen Sie sie in Ihrer .env-Datei oder den Systemumgebungsvariablen fest.',
+  'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.':
+    'API-Schlüssel für OpenAI-kompatible Authentifizierung fehlt. Setzen Sie die Umgebungsvariable {{envKeyHint}}.',
+  'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.':
+    'Anthropic-Anbieter fehlt erforderliche baseUrl in modelProviders[].baseUrl.',
+  'ANTHROPIC_BASE_URL environment variable not found.':
+    'Umgebungsvariable ANTHROPIC_BASE_URL wurde nicht gefunden.',
+  'Invalid auth method selected.':
+    'Ungültige Authentifizierungsmethode ausgewählt.',
  'Failed to authenticate. Message: {{message}}':
    'Authentifizierung fehlgeschlagen. Meldung: {{message}}',
  'Authenticated successfully with {{authType}} credentials.':
@@ -779,7 +884,8 @@ export default {
  'API Key:': 'API-Schlüssel:',
  'Invalid credentials: {{errorMessage}}':
    'Ungültige Anmeldedaten: {{errorMessage}}',
-  'Failed to validate credentials': 'Anmeldedaten konnten nicht validiert werden',
+  'Failed to validate credentials':
+    'Anmeldedaten konnten nicht validiert werden',
  'Press Enter to continue, Tab/↑↓ to navigate, Esc to cancel':
    'Enter zum Fortfahren, Tab/↑↓ zum Navigieren, Esc zum Abbrechen',

@@ -788,6 +894,15 @@ export default {
  // ============================================================================
  'Select Model': 'Modell auswählen',
  '(Press Esc to close)': '(Esc zum Schließen drücken)',
+  'Current (effective) configuration': 'Aktuelle (wirksame) Konfiguration',
+  AuthType: 'Authentifizierungstyp',
+  'API Key': 'API-Schlüssel',
+  unset: 'nicht gesetzt',
+  '(default)': '(Standard)',
+  '(set)': '(gesetzt)',
+  '(not set)': '(nicht gesetzt)',
+  "Failed to switch model to '{{modelId}}'.\n\n{{error}}":
+    "Modell konnte nicht auf '{{modelId}}' umgestellt werden.\n\n{{error}}",
  'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)':
    'Das neueste Qwen Coder Modell von Alibaba Cloud ModelStudio (Version: qwen3-coder-plus-2025-09-23)',
  'The latest Qwen Vision model from Alibaba Cloud ModelStudio (version: qwen3-vl-plus-2025-09-23)':
@@ -877,8 +992,10 @@ export default {
  // ============================================================================
  // Exit Screen / Stats
  // ============================================================================
-  'Agent powering down. Goodbye!': 'Agent wird heruntergefahren. Auf Wiedersehen!',
-  'To continue this session, run': 'Um diese Sitzung fortzusetzen, führen Sie aus',
+  'Agent powering down. Goodbye!':
+    'Agent wird heruntergefahren. Auf Wiedersehen!',
+  'To continue this session, run':
+    'Um diese Sitzung fortzusetzen, führen Sie aus',
  'Interaction Summary': 'Interaktionszusammenfassung',
  'Session ID:': 'Sitzungs-ID:',
  'Tool Calls:': 'Werkzeugaufrufe:',
@@ -932,6 +1049,19 @@ export default {
  'Session start time is unavailable, cannot calculate stats.':
    'Sitzungsstartzeit nicht verfügbar, Statistiken können nicht berechnet werden.',

+  // ============================================================================
+  // Command Format Migration
+  // ============================================================================
+  'Command Format Migration': 'Befehlsformat-Migration',
+  'Found {{count}} TOML command file:': '{{count}} TOML-Befehlsdatei gefunden:',
+  'Found {{count}} TOML command files:':
+    '{{count}} TOML-Befehlsdateien gefunden:',
+  '... and {{count}} more': '... und {{count}} weitere',
+  'The TOML format is deprecated. Would you like to migrate them to Markdown format?':
+    'Das TOML-Format ist veraltet. Möchten Sie sie ins Markdown-Format migrieren?',
+  '(Backups will be created and original files will be preserved)':
+    '(Backups werden erstellt und Originaldateien werden beibehalten)',
+
  // ============================================================================
  // Loading Phrases
  // ============================================================================
--- a/packages/cli/src/i18n/locales/en.js
+++ b/packages/cli/src/i18n/locales/en.js
@@ -152,6 +152,7 @@ export default {
  'Project Level ({{path}})': 'Project Level ({{path}})',
  'User Level ({{path}})': 'User Level ({{path}})',
  'Built-in Agents': 'Built-in Agents',
+  'Extension Agents': 'Extension Agents',
  'Using: {{count}} agents': 'Using: {{count}} agents',
  'View Agent': 'View Agent',
  'Edit Agent': 'Edit Agent',
@@ -286,6 +287,13 @@ export default {
  'Show Citations': 'Show Citations',
  'Custom Witty Phrases': 'Custom Witty Phrases',
  'Enable Welcome Back': 'Enable Welcome Back',
+  'Enable User Feedback': 'Enable User Feedback',
+  'How is Qwen doing this session? (optional)':
+    'How is Qwen doing this session? (optional)',
+  Bad: 'Bad',
+  Good: 'Good',
+  'Not Sure Yet': 'Not Sure Yet',
+  'Any other key': 'Any other key',
  'Disable Loading Phrases': 'Disable Loading Phrases',
  'Screen Reader Mode': 'Screen Reader Mode',
  'IDE Mode': 'IDE Mode',
@@ -344,6 +352,60 @@ export default {
  'List active extensions': 'List active extensions',
  'Update extensions. Usage: update <extension-names>|--all':
    'Update extensions. Usage: update <extension-names>|--all',
+  'Disable an extension': 'Disable an extension',
+  'Enable an extension': 'Enable an extension',
+  'Install an extension from a git repo or local path':
+    'Install an extension from a git repo or local path',
+  'Uninstall an extension': 'Uninstall an extension',
+  'No extensions installed.': 'No extensions installed.',
+  'Usage: /extensions update <extension-names>|--all':
+    'Usage: /extensions update <extension-names>|--all',
+  'Extension "{{name}}" not found.': 'Extension "{{name}}" not found.',
+  'No extensions to update.': 'No extensions to update.',
+  'Usage: /extensions install <source>': 'Usage: /extensions install <source>',
+  'Installing extension from "{{source}}"...':
+    'Installing extension from "{{source}}"...',
+  'Extension "{{name}}" installed successfully.':
+    'Extension "{{name}}" installed successfully.',
+  'Failed to install extension from "{{source}}": {{error}}':
+    'Failed to install extension from "{{source}}": {{error}}',
+  'Usage: /extensions uninstall <extension-name>':
+    'Usage: /extensions uninstall <extension-name>',
+  'Uninstalling extension "{{name}}"...':
+    'Uninstalling extension "{{name}}"...',
+  'Extension "{{name}}" uninstalled successfully.':
+    'Extension "{{name}}" uninstalled successfully.',
+  'Failed to uninstall extension "{{name}}": {{error}}':
+    'Failed to uninstall extension "{{name}}": {{error}}',
+  'Usage: /extensions {{command}} <extension> [--scope=<user|workspace>]':
+    'Usage: /extensions {{command}} <extension> [--scope=<user|workspace>]',
+  'Unsupported scope "{{scope}}", should be one of "user" or "workspace"':
+    'Unsupported scope "{{scope}}", should be one of "user" or "workspace"',
+  'Extension "{{name}}" disabled for scope "{{scope}}"':
+    'Extension "{{name}}" disabled for scope "{{scope}}"',
+  'Extension "{{name}}" enabled for scope "{{scope}}"':
+    'Extension "{{name}}" enabled for scope "{{scope}}"',
+  'Do you want to continue? [Y/n]: ': 'Do you want to continue? [Y/n]: ',
+  'Do you want to continue?': 'Do you want to continue?',
+  'Installing extension "{{name}}".': 'Installing extension "{{name}}".',
+  '**Extensions may introduce unexpected behavior. Ensure you have investigated the extension source and trust the author.**':
+    '**Extensions may introduce unexpected behavior. Ensure you have investigated the extension source and trust the author.**',
+  'This extension will run the following MCP servers:':
+    'This extension will run the following MCP servers:',
+  local: 'local',
+  remote: 'remote',
+  'This extension will add the following commands: {{commands}}.':
+    'This extension will add the following commands: {{commands}}.',
+  'This extension will append info to your QWEN.md context using {{fileName}}':
+    'This extension will append info to your QWEN.md context using {{fileName}}',
+  'This extension will exclude the following core tools: {{tools}}':
+    'This extension will exclude the following core tools: {{tools}}',
+  'This extension will install the following skills:':
+    'This extension will install the following skills:',
+  'This extension will install the following subagents:':
+    'This extension will install the following subagents:',
+  'Installation cancelled for "{{name}}".':
+    'Installation cancelled for "{{name}}".',
  'manage IDE integration': 'manage IDE integration',
  'check status of IDE integration': 'check status of IDE integration',
  'install required IDE companion for {{ideName}}':
@@ -770,6 +832,21 @@ export default {
    'Authentication timed out. Please try again.',
  'Waiting for auth... (Press ESC or CTRL+C to cancel)':
    'Waiting for auth... (Press ESC or CTRL+C to cancel)',
+  'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.':
+    'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.',
+  '{{envKeyHint}} environment variable not found.':
+    '{{envKeyHint}} environment variable not found.',
+  '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.':
+    '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.',
+  '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.':
+    '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.',
+  'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.':
+    'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.',
+  'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.':
+    'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.',
+  'ANTHROPIC_BASE_URL environment variable not found.':
+    'ANTHROPIC_BASE_URL environment variable not found.',
+  'Invalid auth method selected.': 'Invalid auth method selected.',
  'Failed to authenticate. Message: {{message}}':
    'Failed to authenticate. Message: {{message}}',
  'Authenticated successfully with {{authType}} credentials.':
@@ -791,6 +868,15 @@ export default {
  // ============================================================================
  'Select Model': 'Select Model',
  '(Press Esc to close)': '(Press Esc to close)',
+  'Current (effective) configuration': 'Current (effective) configuration',
+  AuthType: 'AuthType',
+  'API Key': 'API Key',
+  unset: 'unset',
+  '(default)': '(default)',
+  '(set)': '(set)',
+  '(not set)': '(not set)',
+  "Failed to switch model to '{{modelId}}'.\n\n{{error}}":
+    "Failed to switch model to '{{modelId}}'.\n\n{{error}}",
  'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)':
    'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)',
  'The latest Qwen Vision model from Alibaba Cloud ModelStudio (version: qwen3-vl-plus-2025-09-23)':
@@ -934,6 +1020,18 @@ export default {
  'Session start time is unavailable, cannot calculate stats.':
    'Session start time is unavailable, cannot calculate stats.',

+  // ============================================================================
+  // Command Format Migration
+  // ============================================================================
+  'Command Format Migration': 'Command Format Migration',
+  'Found {{count}} TOML command file:': 'Found {{count}} TOML command file:',
+  'Found {{count}} TOML command files:': 'Found {{count}} TOML command files:',
+  '... and {{count}} more': '... and {{count}} more',
+  'The TOML format is deprecated. Would you like to migrate them to Markdown format?':
+    'The TOML format is deprecated. Would you like to migrate them to Markdown format?',
+  '(Backups will be created and original files will be preserved)':
+    '(Backups will be created and original files will be preserved)',
+
  // ============================================================================
  // Loading Phrases
  // ============================================================================
--- a/packages/cli/src/i18n/locales/ru.js
+++ b/packages/cli/src/i18n/locales/ru.js
@@ -155,6 +155,7 @@ export default {
  'Project Level ({{path}})': 'Уровень проекта ({{path}})',
  'User Level ({{path}})': 'Уровень пользователя ({{path}})',
  'Built-in Agents': 'Встроенные агенты',
+  'Extension Agents': 'Агенты расширений',
  'Using: {{count}} agents': 'Используется: {{count}} агент(ов)',
  'View Agent': 'Просмотреть агента',
  'Edit Agent': 'Редактировать агента',
@@ -289,6 +290,13 @@ export default {
  'Show Citations': 'Показывать цитаты',
  'Custom Witty Phrases': 'Пользовательские остроумные фразы',
  'Enable Welcome Back': 'Включить приветствие при возврате',
+  'Enable User Feedback': 'Включить отзывы пользователей',
+  'How is Qwen doing this session? (optional)':
+    'Как дела у Qwen в этой сессии? (необязательно)',
+  Bad: 'Плохо',
+  Good: 'Хорошо',
+  'Not Sure Yet': 'Пока не уверен',
+  'Any other key': 'Любая другая клавиша',
  'Disable Loading Phrases': 'Отключить фразы при загрузке',
  'Screen Reader Mode': 'Режим программы чтения с экрана',
  'IDE Mode': 'Режим IDE',
@@ -349,6 +357,59 @@ export default {
  'List active extensions': 'Показать активные расширения',
  'Update extensions. Usage: update <extension-names>|--all':
    'Обновить расширения. Использование: update <extension-names>|--all',
+  'Disable an extension': 'Отключить расширение',
+  'Enable an extension': 'Включить расширение',
+  'Install an extension from a git repo or local path':
+    'Установить расширение из Git-репозитория или локального пути',
+  'Uninstall an extension': 'Удалить расширение',
+  'No extensions installed.': 'Расширения не установлены.',
+  'Usage: /extensions update <extension-names>|--all':
+    'Использование: /extensions update <имена-расширений>|--all',
+  'Extension "{{name}}" not found.': 'Расширение "{{name}}" не найдено.',
+  'No extensions to update.': 'Нет расширений для обновления.',
+  'Usage: /extensions install <source>':
+    'Использование: /extensions install <источник>',
+  'Installing extension from "{{source}}"...':
+    'Установка расширения из "{{source}}"...',
+  'Extension "{{name}}" installed successfully.':
+    'Расширение "{{name}}" успешно установлено.',
+  'Failed to install extension from "{{source}}": {{error}}':
+    'Не удалось установить расширение из "{{source}}": {{error}}',
+  'Usage: /extensions uninstall <extension-name>':
+    'Использование: /extensions uninstall <имя-расширения>',
+  'Uninstalling extension "{{name}}"...': 'Удаление расширения "{{name}}"...',
+  'Extension "{{name}}" uninstalled successfully.':
+    'Расширение "{{name}}" успешно удалено.',
+  'Failed to uninstall extension "{{name}}": {{error}}':
+    'Не удалось удалить расширение "{{name}}": {{error}}',
+  'Usage: /extensions {{command}} <extension> [--scope=<user|workspace>]':
+    'Использование: /extensions {{command}} <расширение> [--scope=<user|workspace>]',
+  'Unsupported scope "{{scope}}", should be one of "user" or "workspace"':
+    'Неподдерживаемая область "{{scope}}", должна быть "user" или "workspace"',
+  'Extension "{{name}}" disabled for scope "{{scope}}"':
+    'Расширение "{{name}}" отключено для области "{{scope}}"',
+  'Extension "{{name}}" enabled for scope "{{scope}}"':
+    'Расширение "{{name}}" включено для области "{{scope}}"',
+  'Do you want to continue? [Y/n]: ': 'Хотите продолжить? [Y/n]: ',
+  'Do you want to continue?': 'Хотите продолжить?',
+  'Installing extension "{{name}}".': 'Установка расширения "{{name}}".',
+  '**Extensions may introduce unexpected behavior. Ensure you have investigated the extension source and trust the author.**':
+    '**Расширения могут вызывать неожиданное поведение. Убедитесь, что вы изучили источник расширения и доверяете автору.**',
+  'This extension will run the following MCP servers:':
+    'Это расширение запустит следующие MCP-серверы:',
+  local: 'локальный',
+  remote: 'удалённый',
+  'This extension will add the following commands: {{commands}}.':
+    'Это расширение добавит следующие команды: {{commands}}.',
+  'This extension will append info to your QWEN.md context using {{fileName}}':
+    'Это расширение добавит информацию в ваш контекст QWEN.md с помощью {{fileName}}',
+  'This extension will exclude the following core tools: {{tools}}':
+    'Это расширение исключит следующие основные инструменты: {{tools}}',
+  'This extension will install the following skills:':
+    'Это расширение установит следующие навыки:',
+  'This extension will install the following subagents:':
+    'Это расширение установит следующие подагенты:',
+  'Installation cancelled for "{{name}}".': 'Установка "{{name}}" отменена.',
  'manage IDE integration': 'Управление интеграцией с IDE',
  'check status of IDE integration': 'Проверить статус интеграции с IDE',
  'install required IDE companion for {{ideName}}':
@@ -786,6 +847,21 @@ export default {
    'Время ожидания авторизации истекло. Пожалуйста, попробуйте снова.',
  'Waiting for auth... (Press ESC or CTRL+C to cancel)':
    'Ожидание авторизации... (Нажмите ESC или CTRL+C для отмены)',
+  'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.':
+    'Отсутствует API-ключ для аутентификации, совместимой с OpenAI. Укажите settings.security.auth.apiKey или переменную окружения {{envKeyHint}}.',
+  '{{envKeyHint}} environment variable not found.':
+    'Переменная окружения {{envKeyHint}} не найдена.',
+  '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.':
+    'Переменная окружения {{envKeyHint}} не найдена. Укажите её в файле .env или среди системных переменных.',
+  '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.':
+    'Переменная окружения {{envKeyHint}} не найдена (или установите settings.security.auth.apiKey). Укажите её в файле .env или среди системных переменных.',
+  'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.':
+    'Отсутствует API-ключ для аутентификации, совместимой с OpenAI. Установите переменную окружения {{envKeyHint}}.',
+  'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.':
+    'У провайдера Anthropic отсутствует обязательный baseUrl в modelProviders[].baseUrl.',
+  'ANTHROPIC_BASE_URL environment variable not found.':
+    'Переменная окружения ANTHROPIC_BASE_URL не найдена.',
+  'Invalid auth method selected.': 'Выбран недопустимый метод авторизации.',
  'Failed to authenticate. Message: {{message}}':
    'Не удалось авторизоваться. Сообщение: {{message}}',
  'Authenticated successfully with {{authType}} credentials.':
@@ -807,6 +883,15 @@ export default {
  // ============================================================================
  'Select Model': 'Выбрать модель',
  '(Press Esc to close)': '(Нажмите Esc для закрытия)',
+  'Current (effective) configuration': 'Текущая (фактическая) конфигурация',
+  AuthType: 'Тип авторизации',
+  'API Key': 'API-ключ',
+  unset: 'не задано',
+  '(default)': '(по умолчанию)',
+  '(set)': '(установлено)',
+  '(not set)': '(не задано)',
+  "Failed to switch model to '{{modelId}}'.\n\n{{error}}":
+    "Не удалось переключиться на модель '{{modelId}}'.\n\n{{error}}",
  'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)':
    'Последняя модель Qwen Coder от Alibaba Cloud ModelStudio (версия: qwen3-coder-plus-2025-09-23)',
  'The latest Qwen Vision model from Alibaba Cloud ModelStudio (version: qwen3-vl-plus-2025-09-23)':
@@ -951,6 +1036,19 @@ export default {
  'Session start time is unavailable, cannot calculate stats.':
    'Время начала сессии недоступно, невозможно рассчитать статистику.',

+  // ============================================================================
+  // Command Format Migration
+  // ============================================================================
+  'Command Format Migration': 'Миграция формата команд',
+  'Found {{count}} TOML command file:': 'Найден {{count}} файл команд TOML:',
+  'Found {{count}} TOML command files:':
+    'Найдено {{count}} файлов команд TOML:',
+  '... and {{count}} more': '... и ещё {{count}}',
+  'The TOML format is deprecated. Would you like to migrate them to Markdown format?':
+    'Формат TOML устарел. Хотите перенести их в формат Markdown?',
+  '(Backups will be created and original files will be preserved)':
+    '(Будут созданы резервные копии, исходные файлы будут сохранены)',
+
  // ============================================================================
  // Loading Phrases
  // ============================================================================
--- a/packages/cli/src/i18n/locales/zh.js
+++ b/packages/cli/src/i18n/locales/zh.js
@@ -149,6 +149,7 @@ export default {
  'Project Level ({{path}})': '项目级 ({{path}})',
  'User Level ({{path}})': '用户级 ({{path}})',
  'Built-in Agents': '内置代理',
+  'Extension Agents': '扩展代理',
  'Using: {{count}} agents': '使用中: {{count}} 个代理',
  'View Agent': '查看代理',
  'Edit Agent': '编辑代理',
@@ -277,6 +278,12 @@ export default {
  'Show Citations': '显示引用',
  'Custom Witty Phrases': '自定义诙谐短语',
  'Enable Welcome Back': '启用欢迎回来',
+  'Enable User Feedback': '启用用户反馈',
+  'How is Qwen doing this session? (optional)': 'Qwen 这次表现如何？（可选）',
+  Bad: '不满意',
+  Good: '满意',
+  'Not Sure Yet': '暂不评价',
+  'Any other key': '任意其他键',
  'Disable Loading Phrases': '禁用加载短语',
  'Screen Reader Mode': '屏幕阅读器模式',
  'IDE Mode': 'IDE 模式',
@@ -331,6 +338,56 @@ export default {
  'List active extensions': '列出活动扩展',
  'Update extensions. Usage: update <extension-names>|--all':
    '更新扩展。用法：update <extension-names>|--all',
+  'Disable an extension': '禁用扩展',
+  'Enable an extension': '启用扩展',
+  'Install an extension from a git repo or local path':
+    '从 Git 仓库或本地路径安装扩展',
+  'Uninstall an extension': '卸载扩展',
+  'No extensions installed.': '未安装扩展。',
+  'Usage: /extensions update <extension-names>|--all':
+    '用法：/extensions update <扩展名>|--all',
+  'Extension "{{name}}" not found.': '未找到扩展 "{{name}}"。',
+  'No extensions to update.': '没有可更新的扩展。',
+  'Usage: /extensions install <source>': '用法：/extensions install <来源>',
+  'Installing extension from "{{source}}"...':
+    '正在从 "{{source}}" 安装扩展...',
+  'Extension "{{name}}" installed successfully.': '扩展 "{{name}}" 安装成功。',
+  'Failed to install extension from "{{source}}": {{error}}':
+    '从 "{{source}}" 安装扩展失败：{{error}}',
+  'Usage: /extensions uninstall <extension-name>':
+    '用法：/extensions uninstall <扩展名>',
+  'Uninstalling extension "{{name}}"...': '正在卸载扩展 "{{name}}"...',
+  'Extension "{{name}}" uninstalled successfully.':
+    '扩展 "{{name}}" 卸载成功。',
+  'Failed to uninstall extension "{{name}}": {{error}}':
+    '卸载扩展 "{{name}}" 失败：{{error}}',
+  'Usage: /extensions {{command}} <extension> [--scope=<user|workspace>]':
+    '用法：/extensions {{command}} <扩展> [--scope=<user|workspace>]',
+  'Unsupported scope "{{scope}}", should be one of "user" or "workspace"':
+    '不支持的作用域 "{{scope}}"，应为 "user" 或 "workspace"',
+  'Extension "{{name}}" disabled for scope "{{scope}}"':
+    '扩展 "{{name}}" 已在作用域 "{{scope}}" 中禁用',
+  'Extension "{{name}}" enabled for scope "{{scope}}"':
+    '扩展 "{{name}}" 已在作用域 "{{scope}}" 中启用',
+  'Do you want to continue? [Y/n]: ': '是否继续？[Y/n]：',
+  'Do you want to continue?': '是否继续？',
+  'Installing extension "{{name}}".': '正在安装扩展 "{{name}}"。',
+  '**Extensions may introduce unexpected behavior. Ensure you have investigated the extension source and trust the author.**':
+    '**扩展可能会引入意外行为。请确保您已调查过扩展源并信任作者。**',
+  'This extension will run the following MCP servers:':
+    '此扩展将运行以下 MCP 服务器：',
+  local: '本地',
+  remote: '远程',
+  'This extension will add the following commands: {{commands}}.':
+    '此扩展将添加以下命令：{{commands}}。',
+  'This extension will append info to your QWEN.md context using {{fileName}}':
+    '此扩展将使用 {{fileName}} 向您的 QWEN.md 上下文追加信息',
+  'This extension will exclude the following core tools: {{tools}}':
+    '此扩展将排除以下核心工具：{{tools}}',
+  'This extension will install the following skills:': '此扩展将安装以下技能：',
+  'This extension will install the following subagents:':
+    '此扩展将安装以下子代理：',
+  'Installation cancelled for "{{name}}".': '已取消安装 "{{name}}"。',
  'manage IDE integration': '管理 IDE 集成',
  'check status of IDE integration': '检查 IDE 集成状态',
  'install required IDE companion for {{ideName}}':
@@ -728,6 +785,21 @@ export default {
  'Authentication timed out. Please try again.': '认证超时。请重试。',
  'Waiting for auth... (Press ESC or CTRL+C to cancel)':
    '正在等待认证...（按 ESC 或 CTRL+C 取消）',
+  'Missing API key for OpenAI-compatible auth. Set settings.security.auth.apiKey, or set the {{envKeyHint}} environment variable.':
+    '缺少 OpenAI 兼容认证的 API 密钥。请设置 settings.security.auth.apiKey 或设置 {{envKeyHint}} 环境变量。',
+  '{{envKeyHint}} environment variable not found.':
+    '未找到 {{envKeyHint}} 环境变量。',
+  '{{envKeyHint}} environment variable not found. Please set it in your .env file or environment variables.':
+    '未找到 {{envKeyHint}} 环境变量。请在 .env 文件或系统环境变量中进行设置。',
+  '{{envKeyHint}} environment variable not found (or set settings.security.auth.apiKey). Please set it in your .env file or environment variables.':
+    '未找到 {{envKeyHint}} 环境变量（或设置 settings.security.auth.apiKey）。请在 .env 文件或系统环境变量中进行设置。',
+  'Missing API key for OpenAI-compatible auth. Set the {{envKeyHint}} environment variable.':
+    '缺少 OpenAI 兼容认证的 API 密钥。请设置 {{envKeyHint}} 环境变量。',
+  'Anthropic provider missing required baseUrl in modelProviders[].baseUrl.':
+    'Anthropic 提供商缺少必需的 baseUrl，请在 modelProviders[].baseUrl 中配置。',
+  'ANTHROPIC_BASE_URL environment variable not found.':
+    '未找到 ANTHROPIC_BASE_URL 环境变量。',
+  'Invalid auth method selected.': '选择了无效的认证方式。',
  'Failed to authenticate. Message: {{message}}': '认证失败。消息：{{message}}',
  'Authenticated successfully with {{authType}} credentials.':
    '使用 {{authType}} 凭据成功认证。',
@@ -747,6 +819,15 @@ export default {
  // ============================================================================
  'Select Model': '选择模型',
  '(Press Esc to close)': '（按 Esc 关闭）',
+  'Current (effective) configuration': '当前（实际生效）配置',
+  AuthType: '认证方式',
+  'API Key': 'API 密钥',
+  unset: '未设置',
+  '(default)': '(默认)',
+  '(set)': '(已设置)',
+  '(not set)': '(未设置)',
+  "Failed to switch model to '{{modelId}}'.\n\n{{error}}":
+    "无法切换到模型 '{{modelId}}'.\n\n{{error}}",
  'The latest Qwen Coder model from Alibaba Cloud ModelStudio (version: qwen3-coder-plus-2025-09-23)':
    '来自阿里云 ModelStudio 的最新 Qwen Coder 模型（版本：qwen3-coder-plus-2025-09-23）',
  'The latest Qwen Vision model from Alibaba Cloud ModelStudio (version: qwen3-vl-plus-2025-09-23)':
@@ -849,11 +930,11 @@ export default {
  'Session Stats': '会话统计',
  'Model Usage': '模型使用情况',
  Reqs: '请求数',
-  'Input Tokens': '输入令牌',
-  'Output Tokens': '输出令牌',
+  'Input Tokens': '输入 token 数',
+  'Output Tokens': '输出 token 数',
  'Savings Highlight:': '节省亮点：',
  'of input tokens were served from the cache, reducing costs.':
-    '的输入令牌来自缓存，降低了成本',
+    '从缓存载入 token ，降低了成本',
  'Tip: For a full token breakdown, run `/stats model`.':
    '提示：要查看完整的令牌明细，请运行 `/stats model`',
  'Model Stats For Nerds': '模型统计（技术细节）',
@@ -887,6 +968,18 @@ export default {
  'Session start time is unavailable, cannot calculate stats.':
    '会话开始时间不可用，无法计算统计信息',

+  // ============================================================================
+  // Command Format Migration
+  // ============================================================================
+  'Command Format Migration': '命令格式迁移',
+  'Found {{count}} TOML command file:': '发现 {{count}} 个 TOML 命令文件：',
+  'Found {{count}} TOML command files:': '发现 {{count}} 个 TOML 命令文件：',
+  '... and {{count}} more': '... 以及其他 {{count}} 个',
+  'The TOML format is deprecated. Would you like to migrate them to Markdown format?':
+    'TOML 格式已弃用。是否将它们迁移到 Markdown 格式？',
+  '(Backups will be created and original files will be preserved)':
+    '（将创建备份，原始文件将保留）',
+
  // ============================================================================
  // Loading Phrases
  // ============================================================================
--- a/packages/cli/src/services/BuiltinCommandLoader.ts
+++ b/packages/cli/src/services/BuiltinCommandLoader.ts
@@ -31,6 +31,7 @@ import { quitCommand } from '../ui/commands/quitCommand.js';
 import { restoreCommand } from '../ui/commands/restoreCommand.js';
 import { resumeCommand } from '../ui/commands/resumeCommand.js';
 import { settingsCommand } from '../ui/commands/settingsCommand.js';
+import { skillsCommand } from '../ui/commands/skillsCommand.js';
 import { statsCommand } from '../ui/commands/statsCommand.js';
 import { summaryCommand } from '../ui/commands/summaryCommand.js';
 import { terminalSetupCommand } from '../ui/commands/terminalSetupCommand.js';
@@ -78,6 +79,7 @@ export class BuiltinCommandLoader implements ICommandLoader {
      quitCommand,
      restoreCommand(this.config),
      resumeCommand,
+      ...(this.config?.getExperimentalSkills?.() ? [skillsCommand] : []),
      statsCommand,
      summaryCommand,
      themeCommand,
--- a/packages/cli/src/services/FileCommandLoader-extension.test.ts
+++ b/packages/cli/src/services/FileCommandLoader-extension.test.ts
@@ -0,0 +1,327 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { FileCommandLoader } from './FileCommandLoader.js';
+import type { Config } from '@qwen-code/qwen-code-core';
+import { Storage } from '@qwen-code/qwen-code-core';
+
+describe('FileCommandLoader - Extension Commands Support', () => {
+  let tempDir: string;
+  let mockConfig: Partial<Config>;
+
+  beforeEach(async () => {
+    tempDir = await fs.promises.mkdtemp(
+      path.join(os.tmpdir(), 'file-command-loader-ext-test-'),
+    );
+
+    mockConfig = {
+      getFolderTrustFeature: () => false,
+      getFolderTrust: () => true,
+      getProjectRoot: () => tempDir,
+      storage: new Storage(tempDir),
+      getExtensions: () => [],
+    };
+  });
+
+  afterEach(async () => {
+    await fs.promises.rm(tempDir, { recursive: true, force: true });
+  });
+
+  it('should load commands from extension with config.commands path', async () => {
+    // Setup extension structure
+    const extensionDir = path.join(tempDir, '.qwen', 'extensions', 'test-ext');
+    const customCommandsDir = path.join(extensionDir, 'custom-cmds');
+    await fs.promises.mkdir(customCommandsDir, { recursive: true });
+
+    // Create extension config with custom commands path
+    const extensionConfig = {
+      name: 'test-ext',
+      version: '1.0.0',
+      commands: 'custom-cmds',
+    };
+    await fs.promises.writeFile(
+      path.join(extensionDir, 'qwen-extension.json'),
+      JSON.stringify(extensionConfig),
+    );
+
+    // Create a test command in custom directory
+    const commandContent =
+      '---\ndescription: Test command from extension\n---\nDo something';
+    await fs.promises.writeFile(
+      path.join(customCommandsDir, 'test.md'),
+      commandContent,
+    );
+
+    // Mock config to return the extension
+    mockConfig.getExtensions = () => [
+      {
+        id: 'test-ext',
+        config: extensionConfig,
+        name: 'test-ext',
+        version: '1.0.0',
+        isActive: true,
+        path: extensionDir,
+        contextFiles: [],
+      },
+    ];
+
+    const loader = new FileCommandLoader(mockConfig as Config);
+    const commands = await loader.loadCommands(new AbortController().signal);
+
+    expect(commands).toHaveLength(1);
+    expect(commands[0].name).toBe('test-ext:test');
+    expect(commands[0].description).toBe(
+      '[test-ext] Test command from extension',
+    );
+  });
+
+  it('should load commands from extension with multiple commands paths', async () => {
+    // Setup extension structure
+    const extensionDir = path.join(tempDir, '.qwen', 'extensions', 'multi-ext');
+    const cmdsDir1 = path.join(extensionDir, 'commands1');
+    const cmdsDir2 = path.join(extensionDir, 'commands2');
+    await fs.promises.mkdir(cmdsDir1, { recursive: true });
+    await fs.promises.mkdir(cmdsDir2, { recursive: true });
+
+    // Create extension config with multiple commands paths
+    const extensionConfig = {
+      name: 'multi-ext',
+      version: '1.0.0',
+      commands: ['commands1', 'commands2'],
+    };
+    await fs.promises.writeFile(
+      path.join(extensionDir, 'qwen-extension.json'),
+      JSON.stringify(extensionConfig),
+    );
+
+    // Create test commands in both directories
+    await fs.promises.writeFile(
+      path.join(cmdsDir1, 'cmd1.md'),
+      '---\n---\nCommand 1',
+    );
+    await fs.promises.writeFile(
+      path.join(cmdsDir2, 'cmd2.md'),
+      '---\n---\nCommand 2',
+    );
+
+    // Mock config to return the extension
+    mockConfig.getExtensions = () => [
+      {
+        id: 'multi-ext',
+        config: extensionConfig,
+        contextFiles: [],
+        name: 'multi-ext',
+        version: '1.0.0',
+        isActive: true,
+        path: extensionDir,
+      },
+    ];
+
+    const loader = new FileCommandLoader(mockConfig as Config);
+    const commands = await loader.loadCommands(new AbortController().signal);
+
+    expect(commands).toHaveLength(2);
+    const commandNames = commands.map((c) => c.name).sort();
+    expect(commandNames).toEqual(['multi-ext:cmd1', 'multi-ext:cmd2']);
+  });
+
+  it('should fallback to default "commands" directory when config.commands not specified', async () => {
+    // Setup extension structure with default commands directory
+    const extensionDir = path.join(
+      tempDir,
+      '.qwen',
+      'extensions',
+      'default-ext',
+    );
+    const defaultCommandsDir = path.join(extensionDir, 'commands');
+    await fs.promises.mkdir(defaultCommandsDir, { recursive: true });
+
+    // Create extension config without commands field
+    const extensionConfig = {
+      name: 'default-ext',
+      version: '1.0.0',
+    };
+    await fs.promises.writeFile(
+      path.join(extensionDir, 'qwen-extension.json'),
+      JSON.stringify(extensionConfig),
+    );
+
+    // Create a test command in default directory
+    await fs.promises.writeFile(
+      path.join(defaultCommandsDir, 'default.md'),
+      '---\n---\nDefault command',
+    );
+
+    // Mock config to return the extension
+    mockConfig.getExtensions = () => [
+      {
+        id: 'default-ext',
+        config: extensionConfig,
+        contextFiles: [],
+        name: 'default-ext',
+        version: '1.0.0',
+        isActive: true,
+        path: extensionDir,
+      },
+    ];
+
+    const loader = new FileCommandLoader(mockConfig as Config);
+    const commands = await loader.loadCommands(new AbortController().signal);
+
+    expect(commands).toHaveLength(1);
+    expect(commands[0].name).toBe('default-ext:default');
+  });
+
+  it('should handle extension without commands directory gracefully', async () => {
+    // Setup extension structure without commands directory
+    const extensionDir = path.join(
+      tempDir,
+      '.qwen',
+      'extensions',
+      'no-cmds-ext',
+    );
+    await fs.promises.mkdir(extensionDir, { recursive: true });
+
+    // Create extension config
+    const extensionConfig = {
+      name: 'no-cmds-ext',
+      version: '1.0.0',
+    };
+    await fs.promises.writeFile(
+      path.join(extensionDir, 'qwen-extension.json'),
+      JSON.stringify(extensionConfig),
+    );
+
+    // Mock config to return the extension
+    mockConfig.getExtensions = () => [
+      {
+        id: 'no-cmds-ext',
+        config: extensionConfig,
+        contextFiles: [],
+        name: 'no-cmds-ext',
+        version: '1.0.0',
+        isActive: true,
+        path: extensionDir,
+      },
+    ];
+
+    const loader = new FileCommandLoader(mockConfig as Config);
+    const commands = await loader.loadCommands(new AbortController().signal);
+
+    // Should not throw and return empty array
+    expect(commands).toHaveLength(0);
+  });
+
+  it('should prefix extension commands with extension name', async () => {
+    // Setup extension
+    const extensionDir = path.join(
+      tempDir,
+      '.qwen',
+      'extensions',
+      'prefix-ext',
+    );
+    const commandsDir = path.join(extensionDir, 'commands');
+    await fs.promises.mkdir(commandsDir, { recursive: true });
+
+    const extensionConfig = {
+      name: 'prefix-ext',
+      version: '1.0.0',
+    };
+    await fs.promises.writeFile(
+      path.join(extensionDir, 'qwen-extension.json'),
+      JSON.stringify(extensionConfig),
+    );
+
+    await fs.promises.writeFile(
+      path.join(commandsDir, 'mycommand.md'),
+      '---\n---\nMy command',
+    );
+
+    mockConfig.getExtensions = () => [
+      {
+        id: 'prefix-ext',
+        config: extensionConfig,
+        contextFiles: [],
+        name: 'prefix-ext',
+        version: '1.0.0',
+        isActive: true,
+        path: extensionDir,
+      },
+    ];
+
+    const loader = new FileCommandLoader(mockConfig as Config);
+    const commands = await loader.loadCommands(new AbortController().signal);
+
+    expect(commands).toHaveLength(1);
+    expect(commands[0].name).toBe('prefix-ext:mycommand');
+  });
+
+  it('should load commands from multiple extensions in alphabetical order', async () => {
+    // Setup two extensions
+    const ext1Dir = path.join(tempDir, '.qwen', 'extensions', 'ext-b');
+    const ext2Dir = path.join(tempDir, '.qwen', 'extensions', 'ext-a');
+
+    await fs.promises.mkdir(path.join(ext1Dir, 'commands'), {
+      recursive: true,
+    });
+    await fs.promises.mkdir(path.join(ext2Dir, 'commands'), {
+      recursive: true,
+    });
+
+    // Extension B
+    await fs.promises.writeFile(
+      path.join(ext1Dir, 'qwen-extension.json'),
+      JSON.stringify({ name: 'ext-b', version: '1.0.0' }),
+    );
+    await fs.promises.writeFile(
+      path.join(ext1Dir, 'commands', 'cmd.md'),
+      '---\n---\nCommand B',
+    );
+
+    // Extension A
+    await fs.promises.writeFile(
+      path.join(ext2Dir, 'qwen-extension.json'),
+      JSON.stringify({ name: 'ext-a', version: '1.0.0' }),
+    );
+    await fs.promises.writeFile(
+      path.join(ext2Dir, 'commands', 'cmd.md'),
+      '---\n---\nCommand A',
+    );
+
+    mockConfig.getExtensions = () => [
+      {
+        id: 'ext-b',
+        config: { name: 'ext-b', version: '1.0.0' },
+        contextFiles: [],
+        name: 'ext-b',
+        version: '1.0.0',
+        isActive: true,
+        path: ext1Dir,
+      },
+      {
+        id: 'ext-a',
+        config: { name: 'ext-a', version: '1.0.0' },
+        contextFiles: [],
+        name: 'ext-a',
+        version: '1.0.0',
+        isActive: true,
+        path: ext2Dir,
+      },
+    ];
+
+    const loader = new FileCommandLoader(mockConfig as Config);
+    const commands = await loader.loadCommands(new AbortController().signal);
+
+    expect(commands).toHaveLength(2);
+    // Extensions are sorted alphabetically, so ext-a comes before ext-b
+    expect(commands[0].name).toBe('ext-a:cmd');
+    expect(commands[1].name).toBe('ext-b:cmd');
+  });
+});
--- a/packages/cli/src/services/FileCommandLoader-markdown.test.ts
+++ b/packages/cli/src/services/FileCommandLoader-markdown.test.ts
@@ -0,0 +1,117 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import { FileCommandLoader } from './FileCommandLoader.js';
+
+describe('FileCommandLoader - Markdown support', () => {
+  let tempDir: string;
+
+  beforeAll(async () => {
+    // Create a temporary directory for test commands
+    tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'qwen-md-test-'));
+  });
+
+  afterAll(async () => {
+    // Clean up
+    await fs.rm(tempDir, { recursive: true, force: true });
+  });
+
+  it('should load markdown commands with frontmatter', async () => {
+    // Create a test markdown command file
+    const mdContent = `---
+description: Test markdown command
+---
+
+This is a test prompt from markdown.`;
+
+    const commandPath = path.join(tempDir, 'test-command.md');
+    await fs.writeFile(commandPath, mdContent, 'utf-8');
+
+    // Create loader with temp dir as command source
+    const loader = new FileCommandLoader(null);
+
+    // Mock the getCommandDirectories to return our temp dir
+    const originalMethod = loader['getCommandDirectories'];
+    loader['getCommandDirectories'] = () => [{ path: tempDir }];
+
+    try {
+      const commands = await loader.loadCommands(new AbortController().signal);
+
+      expect(commands).toHaveLength(1);
+      expect(commands[0].name).toBe('test-command');
+      expect(commands[0].description).toBe('Test markdown command');
+    } finally {
+      // Restore original method
+      loader['getCommandDirectories'] = originalMethod;
+    }
+  });
+
+  it('should load markdown commands without frontmatter', async () => {
+    // Create a test markdown command file without frontmatter
+    const mdContent = 'This is a simple prompt without frontmatter.';
+
+    const commandPath = path.join(tempDir, 'simple-command.md');
+    await fs.writeFile(commandPath, mdContent, 'utf-8');
+
+    const loader = new FileCommandLoader(null);
+    const originalMethod = loader['getCommandDirectories'];
+    loader['getCommandDirectories'] = () => [{ path: tempDir }];
+
+    try {
+      const commands = await loader.loadCommands(new AbortController().signal);
+
+      const simpleCommand = commands.find(
+        (cmd) => cmd.name === 'simple-command',
+      );
+      expect(simpleCommand).toBeDefined();
+      expect(simpleCommand?.description).toContain('Custom command from');
+    } finally {
+      loader['getCommandDirectories'] = originalMethod;
+    }
+  });
+
+  it('should load both toml and markdown commands', async () => {
+    // Create both TOML and Markdown files
+    const tomlContent = `prompt = "TOML prompt"
+description = "TOML command"`;
+
+    const mdContent = `---
+description: Markdown command
+---
+
+Markdown prompt`;
+
+    await fs.writeFile(
+      path.join(tempDir, 'toml-cmd.toml'),
+      tomlContent,
+      'utf-8',
+    );
+    await fs.writeFile(path.join(tempDir, 'md-cmd.md'), mdContent, 'utf-8');
+
+    const loader = new FileCommandLoader(null);
+    const originalMethod = loader['getCommandDirectories'];
+    loader['getCommandDirectories'] = () => [{ path: tempDir }];
+
+    try {
+      const commands = await loader.loadCommands(new AbortController().signal);
+
+      const tomlCommand = commands.find((cmd) => cmd.name === 'toml-cmd');
+      const mdCommand = commands.find((cmd) => cmd.name === 'md-cmd');
+
+      expect(tomlCommand).toBeDefined();
+      expect(tomlCommand?.description).toBe('TOML command');
+
+      expect(mdCommand).toBeDefined();
+      expect(mdCommand?.description).toBe('Markdown command');
+    } finally {
+      loader['getCommandDirectories'] = originalMethod;
+    }
+  });
+});
--- a/packages/cli/src/services/FileCommandLoader.test.ts
+++ b/packages/cli/src/services/FileCommandLoader.test.ts
@@ -568,9 +568,9 @@ describe('FileCommandLoader', () => {

      expect(commands).toHaveLength(3);
      const commandNames = commands.map((cmd) => cmd.name);
-      expect(commandNames).toEqual(['user', 'project', 'ext']);
+      expect(commandNames).toEqual(['user', 'project', 'test-ext:ext']);

-      const extCommand = commands.find((cmd) => cmd.name === 'ext');
+      const extCommand = commands.find((cmd) => cmd.name === 'test-ext:ext');
      expect(extCommand?.extensionName).toBe('test-ext');
      expect(extCommand?.description).toMatch(/^\[test-ext\]/);
    });
@@ -656,14 +656,14 @@ describe('FileCommandLoader', () => {
        expect(result1.content).toEqual([{ text: 'Project deploy command' }]);
      }

-      expect(commands[2].name).toBe('deploy');
+      expect(commands[2].name).toBe('test-ext:deploy');
      expect(commands[2].extensionName).toBe('test-ext');
      expect(commands[2].description).toMatch(/^\[test-ext\]/);
      const result2 = await commands[2].action?.(
        createMockCommandContext({
          invocation: {
-            raw: '/deploy',
-            name: 'deploy',
+            raw: '/test-ext:deploy',
+            name: 'test-ext:deploy',
            args: '',
          },
        }),
@@ -729,7 +729,7 @@ describe('FileCommandLoader', () => {
      const commands = await loader.loadCommands(signal);

      expect(commands).toHaveLength(1);
-      expect(commands[0].name).toBe('active');
+      expect(commands[0].name).toBe('active-ext:active');
      expect(commands[0].extensionName).toBe('active-ext');
      expect(commands[0].description).toMatch(/^\[active-ext\]/);
    });
@@ -803,17 +803,17 @@ describe('FileCommandLoader', () => {
      expect(commands).toHaveLength(3);

      const commandNames = commands.map((cmd) => cmd.name).sort();
-      expect(commandNames).toEqual(['b:c', 'b:d:e', 'simple']);
+      expect(commandNames).toEqual(['a:b:c', 'a:b:d:e', 'a:simple']);

-      const nestedCmd = commands.find((cmd) => cmd.name === 'b:c');
+      const nestedCmd = commands.find((cmd) => cmd.name === 'a:b:c');
      expect(nestedCmd?.extensionName).toBe('a');
      expect(nestedCmd?.description).toMatch(/^\[a\]/);
      expect(nestedCmd).toBeDefined();
      const result = await nestedCmd!.action?.(
        createMockCommandContext({
          invocation: {
-            raw: '/b:c',
-            name: 'b:c',
+            raw: '/a:b:c',
+            name: 'a:b:c',
            args: '',
          },
        }),
--- a/packages/cli/src/services/FileCommandLoader.ts
+++ b/packages/cli/src/services/FileCommandLoader.ts
@@ -5,34 +5,23 @@
 */

 import { promises as fs } from 'node:fs';
+import * as fsSync from 'node:fs';
 import path from 'node:path';
 import toml from '@iarna/toml';
 import { glob } from 'glob';
 import { z } from 'zod';
 import type { Config } from '@qwen-code/qwen-code-core';
-import { Storage } from '@qwen-code/qwen-code-core';
+import { EXTENSIONS_CONFIG_FILENAME, Storage } from '@qwen-code/qwen-code-core';
 import type { ICommandLoader } from './types.js';
-import type {
-  CommandContext,
-  SlashCommand,
-  SlashCommandActionReturn,
-} from '../ui/commands/types.js';
-import { CommandKind } from '../ui/commands/types.js';
-import { DefaultArgumentProcessor } from './prompt-processors/argumentProcessor.js';
-import type {
-  IPromptProcessor,
-  PromptPipelineContent,
-} from './prompt-processors/types.js';
 import {
-  SHORTHAND_ARGS_PLACEHOLDER,
-  SHELL_INJECTION_TRIGGER,
-  AT_FILE_INJECTION_TRIGGER,
-} from './prompt-processors/types.js';
+  parseMarkdownCommand,
+  MarkdownCommandDefSchema,
+} from './markdown-command-parser.js';
 import {
-  ConfirmationRequiredError,
-  ShellProcessor,
-} from './prompt-processors/shellProcessor.js';
-import { AtFileProcessor } from './prompt-processors/atFileProcessor.js';
+  createSlashCommandFromDefinition,
+  type CommandDefinition,
+} from './command-factory.js';
+import type { SlashCommand } from '../ui/commands/types.js';

 interface CommandDirectory {
  path: string;
@@ -96,7 +85,12 @@ export class FileCommandLoader implements ICommandLoader {
    const commandDirs = this.getCommandDirectories();
    for (const dirInfo of commandDirs) {
      try {
-        const files = await glob('**/*.toml', {
+        // Scan both .toml and .md files
+        const tomlFiles = await glob('**/*.toml', {
+          ...globOptions,
+          cwd: dirInfo.path,
+        });
+        const mdFiles = await glob('**/*.md', {
          ...globOptions,
          cwd: dirInfo.path,
        });
@@ -105,18 +99,28 @@ export class FileCommandLoader implements ICommandLoader {
          return [];
        }

-        const commandPromises = files.map((file) =>
-          this.parseAndAdaptFile(
+        // Process TOML files
+        const tomlCommandPromises = tomlFiles.map((file) =>
+          this.parseAndAdaptTomlFile(
            path.join(dirInfo.path, file),
            dirInfo.path,
            dirInfo.extensionName,
          ),
        );

-        const commands = (await Promise.all(commandPromises)).filter(
-          (cmd): cmd is SlashCommand => cmd !== null,
+        // Process Markdown files
+        const mdCommandPromises = mdFiles.map((file) =>
+          this.parseAndAdaptMarkdownFile(
+            path.join(dirInfo.path, file),
+            dirInfo.path,
+            dirInfo.extensionName,
+          ),
        );

+        const commands = (
+          await Promise.all([...tomlCommandPromises, ...mdCommandPromises])
+        ).filter((cmd): cmd is SlashCommand => cmd !== null);
+
        // Add all commands without deduplication
        allCommands.push(...commands);
      } catch (error) {
@@ -159,17 +163,73 @@ export class FileCommandLoader implements ICommandLoader {
        .filter((ext) => ext.isActive)
        .sort((a, b) => a.name.localeCompare(b.name)); // Sort alphabetically for deterministic loading

-      const extensionCommandDirs = activeExtensions.map((ext) => ({
-        path: path.join(ext.path, 'commands'),
-        extensionName: ext.name,
-      }));
+      // Collect command directories from each extension
+      for (const ext of activeExtensions) {
+        // Get commands paths from extension config
+        const commandsPaths = this.getExtensionCommandsPaths(ext);

-      dirs.push(...extensionCommandDirs);
+        for (const cmdPath of commandsPaths) {
+          dirs.push({
+            path: cmdPath,
+            extensionName: ext.name,
+          });
+        }
+      }
    }

    return dirs;
  }

+  /**
+   * Get commands paths from an extension.
+   * Returns paths from config.commands if specified, otherwise defaults to 'commands' directory.
+   */
+  private getExtensionCommandsPaths(ext: {
+    path: string;
+    name: string;
+  }): string[] {
+    // Try to get extension config
+    try {
+      const configPath = path.join(ext.path, EXTENSIONS_CONFIG_FILENAME);
+      if (fsSync.existsSync(configPath)) {
+        const configContent = fsSync.readFileSync(configPath, 'utf-8');
+        const config = JSON.parse(configContent);
+
+        if (config.commands) {
+          const commandsArray = Array.isArray(config.commands)
+            ? config.commands
+            : [config.commands];
+
+          return commandsArray
+            .map((cmdPath: string) =>
+              path.isAbsolute(cmdPath) ? cmdPath : path.join(ext.path, cmdPath),
+            )
+            .filter((cmdPath: string) => {
+              try {
+                return fsSync.existsSync(cmdPath);
+              } catch {
+                return false;
+              }
+            });
+        }
+      }
+    } catch (error) {
+      console.warn(`Failed to read extension config for ${ext.name}:`, error);
+    }
+
+    // Default fallback: use 'commands' directory
+    const defaultPath = path.join(ext.path, 'commands');
+    try {
+      if (fsSync.existsSync(defaultPath)) {
+        return [defaultPath];
+      }
+    } catch {
+      // Ignore
+    }
+
+    return [];
+  }
+
  /**
   * Parses a single .toml file and transforms it into a SlashCommand object.
   * @param filePath The absolute path to the .toml file.
@@ -177,7 +237,7 @@ export class FileCommandLoader implements ICommandLoader {
   * @param extensionName Optional extension name to prefix commands with.
   * @returns A promise resolving to a SlashCommand, or null if the file is invalid.
   */
-  private async parseAndAdaptFile(
+  private async parseAndAdaptTomlFile(
    filePath: string,
    baseDir: string,
    extensionName?: string,
@@ -216,104 +276,79 @@ export class FileCommandLoader implements ICommandLoader {

    const validDef = validationResult.data;

-    const relativePathWithExt = path.relative(baseDir, filePath);
-    const relativePath = relativePathWithExt.substring(
-      0,
-      relativePathWithExt.length - 5, // length of '.toml'
-    );
-    const baseCommandName = relativePath
-      .split(path.sep)
-      // Sanitize each path segment to prevent ambiguity. Since ':' is our
-      // namespace separator, we replace any literal colons in filenames
-      // with underscores to avoid naming conflicts.
-      .map((segment) => segment.replaceAll(':', '_'))
-      .join(':');
-
-    // Add extension name tag for extension commands
-    const defaultDescription = `Custom command from ${path.basename(filePath)}`;
-    let description = validDef.description || defaultDescription;
-    if (extensionName) {
-      description = `[${extensionName}] ${description}`;
-    }
-
-    const processors: IPromptProcessor[] = [];
-    const usesArgs = validDef.prompt.includes(SHORTHAND_ARGS_PLACEHOLDER);
-    const usesShellInjection = validDef.prompt.includes(
-      SHELL_INJECTION_TRIGGER,
-    );
-    const usesAtFileInjection = validDef.prompt.includes(
-      AT_FILE_INJECTION_TRIGGER,
-    );
-
-    // 1. @-File Injection (Security First).
-    // This runs first to ensure we're not executing shell commands that
-    // could dynamically generate malicious @-paths.
-    if (usesAtFileInjection) {
-      processors.push(new AtFileProcessor(baseCommandName));
-    }
-
-    // 2. Argument and Shell Injection.
-    // This runs after file content has been safely injected.
-    if (usesShellInjection || usesArgs) {
-      processors.push(new ShellProcessor(baseCommandName));
-    }
-
-    // 3. Default Argument Handling.
-    // Appends the raw invocation if no explicit {{args}} are used.
-    if (!usesArgs) {
-      processors.push(new DefaultArgumentProcessor());
-    }
-
-    return {
-      name: baseCommandName,
-      description,
-      kind: CommandKind.FILE,
+    // Use factory to create command
+    return createSlashCommandFromDefinition(
+      filePath,
+      baseDir,
+      validDef,
      extensionName,
-      action: async (
-        context: CommandContext,
-        _args: string,
-      ): Promise<SlashCommandActionReturn> => {
-        if (!context.invocation) {
-          console.error(
-            `[FileCommandLoader] Critical error: Command '${baseCommandName}' was executed without invocation context.`,
-          );
-          return {
-            type: 'submit_prompt',
-            content: [{ text: validDef.prompt }], // Fallback to unprocessed prompt
-          };
-        }
+      '.toml',
+    );
+  }

-        try {
-          let processedContent: PromptPipelineContent = [
-            { text: validDef.prompt },
-          ];
-          for (const processor of processors) {
-            processedContent = await processor.process(
-              processedContent,
-              context,
-            );
-          }
+  /**
+   * Parses a single .md file and transforms it into a SlashCommand object.
+   * @param filePath The absolute path to the .md file.
+   * @param baseDir The root command directory for name calculation.
+   * @param extensionName Optional extension name to prefix commands with.
+   * @returns A promise resolving to a SlashCommand, or null if the file is invalid.
+   */
+  private async parseAndAdaptMarkdownFile(
+    filePath: string,
+    baseDir: string,
+    extensionName?: string,
+  ): Promise<SlashCommand | null> {
+    let fileContent: string;
+    try {
+      fileContent = await fs.readFile(filePath, 'utf-8');
+    } catch (error: unknown) {
+      console.error(
+        `[FileCommandLoader] Failed to read file ${filePath}:`,
+        error instanceof Error ? error.message : String(error),
+      );
+      return null;
+    }

-          return {
-            type: 'submit_prompt',
-            content: processedContent,
-          };
-        } catch (e) {
-          // Check if it's our specific error type
-          if (e instanceof ConfirmationRequiredError) {
-            // Halt and request confirmation from the UI layer.
-            return {
-              type: 'confirm_shell_commands',
-              commandsToConfirm: e.commandsToConfirm,
-              originalInvocation: {
-                raw: context.invocation.raw,
-              },
-            };
-          }
-          // Re-throw other errors to be handled by the global error handler.
-          throw e;
-        }
-      },
+    let parsed: ReturnType<typeof parseMarkdownCommand>;
+    try {
+      parsed = parseMarkdownCommand(fileContent);
+    } catch (error: unknown) {
+      console.error(
+        `[FileCommandLoader] Failed to parse Markdown file ${filePath}:`,
+        error instanceof Error ? error.message : String(error),
+      );
+      return null;
+    }
+
+    const validationResult = MarkdownCommandDefSchema.safeParse(parsed);
+
+    if (!validationResult.success) {
+      console.error(
+        `[FileCommandLoader] Skipping invalid command file: ${filePath}. Validation errors:`,
+        validationResult.error.flatten(),
+      );
+      return null;
+    }
+
+    const validDef = validationResult.data;
+
+    // Convert to CommandDefinition format
+    const definition: CommandDefinition = {
+      prompt: validDef.prompt,
+      description:
+        validDef.frontmatter?.description &&
+        typeof validDef.frontmatter.description === 'string'
+          ? validDef.frontmatter.description
+          : undefined,
    };
+
+    // Use factory to create command
+    return createSlashCommandFromDefinition(
+      filePath,
+      baseDir,
+      definition,
+      extensionName,
+      '.md',
+    );
  }
 }
--- a/packages/cli/src/services/command-factory.ts
+++ b/packages/cli/src/services/command-factory.ts
@@ -0,0 +1,154 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/**
+ * This file contains helper functions for FileCommandLoader to create SlashCommand
+ * objects from parsed command definitions (TOML or Markdown).
+ */
+
+import path from 'node:path';
+import type {
+  CommandContext,
+  SlashCommand,
+  SlashCommandActionReturn,
+} from '../ui/commands/types.js';
+import { CommandKind } from '../ui/commands/types.js';
+import { DefaultArgumentProcessor } from './prompt-processors/argumentProcessor.js';
+import type {
+  IPromptProcessor,
+  PromptPipelineContent,
+} from './prompt-processors/types.js';
+import {
+  SHORTHAND_ARGS_PLACEHOLDER,
+  SHELL_INJECTION_TRIGGER,
+  AT_FILE_INJECTION_TRIGGER,
+} from './prompt-processors/types.js';
+import {
+  ConfirmationRequiredError,
+  ShellProcessor,
+} from './prompt-processors/shellProcessor.js';
+import { AtFileProcessor } from './prompt-processors/atFileProcessor.js';
+
+export interface CommandDefinition {
+  prompt: string;
+  description?: string;
+}
+
+/**
+ * Creates a SlashCommand from a parsed command definition.
+ * This function is used by both TOML and Markdown command loaders.
+ *
+ * @param filePath The absolute path to the command file
+ * @param baseDir The root command directory for name calculation
+ * @param definition The parsed command definition (prompt and optional description)
+ * @param extensionName Optional extension name to prefix commands with
+ * @param fileExtension The file extension (e.g., '.toml' or '.md')
+ * @returns A SlashCommand object
+ */
+export function createSlashCommandFromDefinition(
+  filePath: string,
+  baseDir: string,
+  definition: CommandDefinition,
+  extensionName: string | undefined,
+  fileExtension: string,
+): SlashCommand {
+  const relativePathWithExt = path.relative(baseDir, filePath);
+  const relativePath = relativePathWithExt.substring(
+    0,
+    relativePathWithExt.length - fileExtension.length,
+  );
+  const baseCommandName = relativePath
+    .split(path.sep)
+    // Sanitize each path segment to prevent ambiguity. Since ':' is our
+    // namespace separator, we replace any literal colons in filenames
+    // with underscores to avoid naming conflicts.
+    .map((segment) => segment.replaceAll(':', '_'))
+    .join(':');
+
+  // Add extension name tag for extension commands
+  const defaultDescription = `Custom command from ${path.basename(filePath)}`;
+  let description = definition.description || defaultDescription;
+  if (extensionName) {
+    description = `[${extensionName}] ${description}`;
+  }
+
+  const processors: IPromptProcessor[] = [];
+  const usesArgs = definition.prompt.includes(SHORTHAND_ARGS_PLACEHOLDER);
+  const usesShellInjection = definition.prompt.includes(
+    SHELL_INJECTION_TRIGGER,
+  );
+  const usesAtFileInjection = definition.prompt.includes(
+    AT_FILE_INJECTION_TRIGGER,
+  );
+
+  // 1. @-File Injection (Security First).
+  // This runs first to ensure we're not executing shell commands that
+  // could dynamically generate malicious @-paths.
+  if (usesAtFileInjection) {
+    processors.push(new AtFileProcessor(baseCommandName));
+  }
+
+  // 2. Argument and Shell Injection.
+  // This runs after file content has been safely injected.
+  if (usesShellInjection || usesArgs) {
+    processors.push(new ShellProcessor(baseCommandName));
+  }
+
+  // 3. Default Argument Handling.
+  // Appends the raw invocation if no explicit {{args}} are used.
+  if (!usesArgs) {
+    processors.push(new DefaultArgumentProcessor());
+  }
+
+  return {
+    name: baseCommandName,
+    description,
+    kind: CommandKind.FILE,
+    extensionName,
+    action: async (
+      context: CommandContext,
+      _args: string,
+    ): Promise<SlashCommandActionReturn> => {
+      if (!context.invocation) {
+        console.error(
+          `[FileCommandLoader] Critical error: Command '${baseCommandName}' was executed without invocation context.`,
+        );
+        return {
+          type: 'submit_prompt',
+          content: [{ text: definition.prompt }], // Fallback to unprocessed prompt
+        };
+      }
+
+      try {
+        let processedContent: PromptPipelineContent = [
+          { text: definition.prompt },
+        ];
+        for (const processor of processors) {
+          processedContent = await processor.process(processedContent, context);
+        }
+
+        return {
+          type: 'submit_prompt',
+          content: processedContent,
+        };
+      } catch (e) {
+        // Check if it's our specific error type
+        if (e instanceof ConfirmationRequiredError) {
+          // Halt and request confirmation from the UI layer.
+          return {
+            type: 'confirm_shell_commands',
+            commandsToConfirm: e.commandsToConfirm,
+            originalInvocation: {
+              raw: context.invocation.raw,
+            },
+          };
+        }
+        // Re-throw other errors to be handled by the global error handler.
+        throw e;
+      }
+    },
+  };
+}
--- a/packages/cli/src/services/command-migration-tool.test.ts
+++ b/packages/cli/src/services/command-migration-tool.test.ts
@@ -0,0 +1,253 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import {
+  detectTomlCommands,
+  migrateTomlCommands,
+  generateMigrationPrompt,
+} from './command-migration-tool.js';
+
+describe('command-migration-tool', () => {
+  let tempDir: string;
+
+  beforeEach(async () => {
+    tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'qwen-migration-test-'));
+  });
+
+  afterEach(async () => {
+    await fs.rm(tempDir, { recursive: true, force: true });
+  });
+
+  describe('detectTomlCommands', () => {
+    it('should detect TOML files in directory', async () => {
+      // Create some TOML files
+      await fs.writeFile(
+        path.join(tempDir, 'cmd1.toml'),
+        'prompt = "test"',
+        'utf-8',
+      );
+      await fs.writeFile(
+        path.join(tempDir, 'cmd2.toml'),
+        'prompt = "test"',
+        'utf-8',
+      );
+
+      const tomlFiles = await detectTomlCommands(tempDir);
+
+      expect(tomlFiles).toHaveLength(2);
+      expect(tomlFiles).toContain('cmd1.toml');
+      expect(tomlFiles).toContain('cmd2.toml');
+    });
+
+    it('should detect TOML files in subdirectories', async () => {
+      const subdir = path.join(tempDir, 'subdir');
+      await fs.mkdir(subdir);
+      await fs.writeFile(
+        path.join(subdir, 'nested.toml'),
+        'prompt = "test"',
+        'utf-8',
+      );
+
+      const tomlFiles = await detectTomlCommands(tempDir);
+
+      expect(tomlFiles).toContain('subdir/nested.toml');
+    });
+
+    it('should return empty array for non-existent directory', async () => {
+      const nonExistent = path.join(tempDir, 'does-not-exist');
+
+      const tomlFiles = await detectTomlCommands(nonExistent);
+
+      expect(tomlFiles).toEqual([]);
+    });
+
+    it('should not detect non-TOML files', async () => {
+      await fs.writeFile(path.join(tempDir, 'file.txt'), 'text', 'utf-8');
+      await fs.writeFile(path.join(tempDir, 'file.md'), 'markdown', 'utf-8');
+
+      const tomlFiles = await detectTomlCommands(tempDir);
+
+      expect(tomlFiles).toHaveLength(0);
+    });
+  });
+
+  describe('migrateTomlCommands', () => {
+    it('should migrate TOML file to Markdown', async () => {
+      const tomlContent = `prompt = "Test prompt"
+description = "Test description"`;
+
+      await fs.writeFile(path.join(tempDir, 'test.toml'), tomlContent, 'utf-8');
+
+      const result = await migrateTomlCommands({
+        commandDir: tempDir,
+        createBackup: true,
+        deleteOriginal: false,
+      });
+
+      expect(result.success).toBe(true);
+      expect(result.convertedFiles).toContain('test.toml');
+      expect(result.failedFiles).toHaveLength(0);
+
+      // Check Markdown file was created
+      const mdPath = path.join(tempDir, 'test.md');
+      const mdContent = await fs.readFile(mdPath, 'utf-8');
+      expect(mdContent).toContain('description: Test description');
+      expect(mdContent).toContain('Test prompt');
+
+      // Check backup was created (original renamed to .toml.backup)
+      const backupPath = path.join(tempDir, 'test.toml.backup');
+      const backupExists = await fs
+        .access(backupPath)
+        .then(() => true)
+        .catch(() => false);
+      expect(backupExists).toBe(true);
+
+      // Original .toml file should not exist (renamed to .backup)
+      const tomlExists = await fs
+        .access(path.join(tempDir, 'test.toml'))
+        .then(() => true)
+        .catch(() => false);
+      expect(tomlExists).toBe(false);
+    });
+
+    it('should delete original TOML when deleteOriginal is true', async () => {
+      await fs.writeFile(
+        path.join(tempDir, 'delete-me.toml'),
+        'prompt = "Test"',
+        'utf-8',
+      );
+
+      await migrateTomlCommands({
+        commandDir: tempDir,
+        createBackup: false,
+        deleteOriginal: true,
+      });
+
+      // Original should be deleted
+      const tomlExists = await fs
+        .access(path.join(tempDir, 'delete-me.toml'))
+        .then(() => true)
+        .catch(() => false);
+      expect(tomlExists).toBe(false);
+
+      // Markdown should exist
+      const mdExists = await fs
+        .access(path.join(tempDir, 'delete-me.md'))
+        .then(() => true)
+        .catch(() => false);
+      expect(mdExists).toBe(true);
+
+      // Backup should not exist (createBackup was false)
+      const backupExists = await fs
+        .access(path.join(tempDir, 'delete-me.toml.backup'))
+        .then(() => true)
+        .catch(() => false);
+      expect(backupExists).toBe(false);
+    });
+
+    it('should fail if Markdown file already exists', async () => {
+      await fs.writeFile(
+        path.join(tempDir, 'existing.toml'),
+        'prompt = "Test"',
+        'utf-8',
+      );
+      await fs.writeFile(
+        path.join(tempDir, 'existing.md'),
+        'Already exists',
+        'utf-8',
+      );
+
+      const result = await migrateTomlCommands({
+        commandDir: tempDir,
+        createBackup: false,
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.failedFiles).toHaveLength(1);
+      expect(result.failedFiles[0].file).toBe('existing.toml');
+      expect(result.failedFiles[0].error).toContain('already exists');
+    });
+
+    it('should handle migration without backup', async () => {
+      await fs.writeFile(
+        path.join(tempDir, 'no-backup.toml'),
+        'prompt = "Test"',
+        'utf-8',
+      );
+
+      const result = await migrateTomlCommands({
+        commandDir: tempDir,
+        createBackup: false,
+        deleteOriginal: false,
+      });
+
+      expect(result.success).toBe(true);
+
+      // Original TOML file should still exist (no backup, no delete)
+      const tomlExists = await fs
+        .access(path.join(tempDir, 'no-backup.toml'))
+        .then(() => true)
+        .catch(() => false);
+      expect(tomlExists).toBe(true);
+
+      // Backup should not exist
+      const backupExists = await fs
+        .access(path.join(tempDir, 'no-backup.toml.backup'))
+        .then(() => true)
+        .catch(() => false);
+      expect(backupExists).toBe(false);
+    });
+
+    it('should return success with empty results for no TOML files', async () => {
+      const result = await migrateTomlCommands({
+        commandDir: tempDir,
+      });
+
+      expect(result.success).toBe(true);
+      expect(result.convertedFiles).toHaveLength(0);
+      expect(result.failedFiles).toHaveLength(0);
+    });
+  });
+
+  describe('generateMigrationPrompt', () => {
+    it('should generate prompt for few files', () => {
+      const files = ['cmd1.toml', 'cmd2.toml'];
+
+      const prompt = generateMigrationPrompt(files);
+
+      expect(prompt).toContain('Found 2 command files');
+      expect(prompt).toContain('cmd1.toml');
+      expect(prompt).toContain('cmd2.toml');
+      expect(prompt).toContain('qwen-code migrate-commands');
+    });
+
+    it('should truncate file list for many files', () => {
+      const files = Array.from({ length: 10 }, (_, i) => `cmd${i}.toml`);
+
+      const prompt = generateMigrationPrompt(files);
+
+      expect(prompt).toContain('Found 10 command files');
+      expect(prompt).toContain('... and 7 more');
+    });
+
+    it('should return empty string for no files', () => {
+      const prompt = generateMigrationPrompt([]);
+
+      expect(prompt).toBe('');
+    });
+
+    it('should use singular form for single file', () => {
+      const prompt = generateMigrationPrompt(['single.toml']);
+
+      expect(prompt).toContain('Found 1 command file');
+      // Don't check for plural since "files" appears in other parts of the message
+    });
+  });
+});
--- a/packages/cli/src/services/command-migration-tool.ts
+++ b/packages/cli/src/services/command-migration-tool.ts
@@ -0,0 +1,169 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/**
+ * Tool for migrating TOML commands to Markdown format.
+ */
+
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import { glob } from 'glob';
+import { convertTomlToMarkdown } from '@qwen-code/qwen-code-core';
+
+export interface MigrationResult {
+  success: boolean;
+  convertedFiles: string[];
+  failedFiles: Array<{ file: string; error: string }>;
+}
+
+export interface MigrationOptions {
+  /** Directory containing command files */
+  commandDir: string;
+  /** Whether to create backups (default: true) */
+  createBackup?: boolean;
+  /** Whether to delete original TOML files after migration (default: false) */
+  deleteOriginal?: boolean;
+}
+
+/**
+ * Scans a directory for TOML command files.
+ * @param commandDir Directory to scan
+ * @returns Array of TOML file paths (relative to commandDir)
+ */
+export async function detectTomlCommands(
+  commandDir: string,
+): Promise<string[]> {
+  try {
+    await fs.access(commandDir);
+  } catch {
+    // Directory doesn't exist
+    return [];
+  }
+
+  const tomlFiles = await glob('**/*.toml', {
+    cwd: commandDir,
+    nodir: true,
+    dot: false,
+  });
+
+  return tomlFiles;
+}
+
+/**
+ * Migrates TOML command files to Markdown format.
+ * @param options Migration options
+ * @returns Migration result with details
+ */
+export async function migrateTomlCommands(
+  options: MigrationOptions,
+): Promise<MigrationResult> {
+  const { commandDir, createBackup = true, deleteOriginal = false } = options;
+
+  const result: MigrationResult = {
+    success: true,
+    convertedFiles: [],
+    failedFiles: [],
+  };
+
+  // Detect TOML files
+  const tomlFiles = await detectTomlCommands(commandDir);
+
+  if (tomlFiles.length === 0) {
+    return result;
+  }
+
+  // Process each TOML file
+  for (const relativeFile of tomlFiles) {
+    const tomlPath = path.join(commandDir, relativeFile);
+
+    try {
+      // Read TOML file
+      const tomlContent = await fs.readFile(tomlPath, 'utf-8');
+
+      // Convert to Markdown
+      const markdownContent = convertTomlToMarkdown(tomlContent);
+
+      // Generate Markdown file path (same location, .md extension)
+      const markdownPath = tomlPath.replace(/\.toml$/, '.md');
+
+      // Check if Markdown file already exists
+      try {
+        await fs.access(markdownPath);
+        throw new Error(
+          `Markdown file already exists: ${path.basename(markdownPath)}`,
+        );
+      } catch (error) {
+        if ((error as NodeJS.ErrnoException).code !== 'ENOENT') {
+          throw error;
+        }
+        // File doesn't exist, continue
+      }
+
+      // Write Markdown file
+      await fs.writeFile(markdownPath, markdownContent, 'utf-8');
+
+      // Backup original if requested (rename to .toml.backup)
+      if (createBackup) {
+        const backupPath = `${tomlPath}.backup`;
+        await fs.rename(tomlPath, backupPath);
+      } else if (deleteOriginal) {
+        // Delete original if requested and no backup
+        await fs.unlink(tomlPath);
+      }
+
+      result.convertedFiles.push(relativeFile);
+    } catch (error) {
+      result.success = false;
+      result.failedFiles.push({
+        file: relativeFile,
+        error: error instanceof Error ? error.message : String(error),
+      });
+    }
+  }
+
+  return result;
+}
+
+/**
+ * Generates a migration report message.
+ * @param tomlFiles List of TOML files found
+ * @returns Human-readable migration prompt message
+ */
+export function generateMigrationPrompt(tomlFiles: string[]): string {
+  if (tomlFiles.length === 0) {
+    return '';
+  }
+
+  const count = tomlFiles.length;
+  const fileList =
+    tomlFiles.length <= 5
+      ? tomlFiles.map((f) => `  - ${f}`).join('\n')
+      : `  - ${tomlFiles.slice(0, 3).join('\n  - ')}\n  - ... and ${tomlFiles.length - 3} more`;
+
+  return `
+⚠️  TOML Command Format Deprecation Notice
+
+Found ${count} command file${count > 1 ? 's' : ''} in TOML format:
+${fileList}
+
+The TOML format for commands is being deprecated in favor of Markdown format.
+Markdown format is more readable and easier to edit.
+
+You can migrate these files automatically using:
+  qwen-code migrate-commands
+
+Or manually convert each file:
+  - TOML: prompt = "..." / description = "..."
+  - Markdown: YAML frontmatter + content
+
+The migration tool will:
+  ✓ Convert TOML files to Markdown
+  ✓ Create backups of original files
+  ✓ Preserve all command functionality
+
+TOML format will continue to work for now, but migration is recommended.
+`.trim();
+}
--- a/packages/cli/src/services/markdown-command-parser.test.ts
+++ b/packages/cli/src/services/markdown-command-parser.test.ts
@@ -0,0 +1,144 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect } from 'vitest';
+import {
+  parseMarkdownCommand,
+  MarkdownCommandDefSchema,
+} from './markdown-command-parser.js';
+
+describe('parseMarkdownCommand', () => {
+  it('should parse markdown with YAML frontmatter', () => {
+    const content = `---
+description: Test command
+---
+
+This is the prompt content.`;
+
+    const result = parseMarkdownCommand(content);
+
+    expect(result).toEqual({
+      frontmatter: {
+        description: 'Test command',
+      },
+      prompt: 'This is the prompt content.',
+    });
+  });
+
+  it('should parse markdown without frontmatter', () => {
+    const content = 'This is just a prompt without frontmatter.';
+
+    const result = parseMarkdownCommand(content);
+
+    expect(result).toEqual({
+      prompt: 'This is just a prompt without frontmatter.',
+    });
+  });
+
+  it('should handle multi-line prompts', () => {
+    const content = `---
+description: Multi-line test
+---
+
+First line of prompt.
+Second line of prompt.
+Third line of prompt.`;
+
+    const result = parseMarkdownCommand(content);
+
+    expect(result.prompt).toBe(
+      'First line of prompt.\nSecond line of prompt.\nThird line of prompt.',
+    );
+  });
+
+  it('should trim whitespace from prompt', () => {
+    const content = `---
+description: Whitespace test
+---
+
+  Prompt with leading and trailing spaces  
+`;
+
+    const result = parseMarkdownCommand(content);
+
+    expect(result.prompt).toBe('Prompt with leading and trailing spaces');
+  });
+
+  it('should handle empty frontmatter', () => {
+    const content = `---
+---
+
+Prompt content after empty frontmatter.`;
+
+    const result = parseMarkdownCommand(content);
+
+    // Empty YAML frontmatter returns undefined, not {}
+    expect(result.frontmatter).toBeUndefined();
+    expect(result.prompt).toBe('Prompt content after empty frontmatter.');
+  });
+
+  it('should handle invalid YAML frontmatter gracefully', () => {
+    // The YAML parser we use is quite tolerant, so most "invalid" YAML
+    // actually parses successfully. This test verifies that behavior.
+    const content = `---
+description: test
+---
+
+Prompt content.`;
+
+    const result = parseMarkdownCommand(content);
+
+    expect(result.frontmatter).toBeDefined();
+    expect(result.prompt).toBe('Prompt content.');
+  });
+});
+
+describe('MarkdownCommandDefSchema', () => {
+  it('should validate valid markdown command def', () => {
+    const validDef = {
+      frontmatter: {
+        description: 'Test description',
+      },
+      prompt: 'Test prompt',
+    };
+
+    const result = MarkdownCommandDefSchema.safeParse(validDef);
+
+    expect(result.success).toBe(true);
+  });
+
+  it('should validate markdown command def without frontmatter', () => {
+    const validDef = {
+      prompt: 'Test prompt',
+    };
+
+    const result = MarkdownCommandDefSchema.safeParse(validDef);
+
+    expect(result.success).toBe(true);
+  });
+
+  it('should reject command def without prompt', () => {
+    const invalidDef = {
+      frontmatter: {
+        description: 'Test description',
+      },
+    };
+
+    const result = MarkdownCommandDefSchema.safeParse(invalidDef);
+
+    expect(result.success).toBe(false);
+  });
+
+  it('should reject command def with non-string prompt', () => {
+    const invalidDef = {
+      prompt: 123,
+    };
+
+    const result = MarkdownCommandDefSchema.safeParse(invalidDef);
+
+    expect(result.success).toBe(false);
+  });
+});
--- a/packages/cli/src/services/markdown-command-parser.ts
+++ b/packages/cli/src/services/markdown-command-parser.ts
@@ -0,0 +1,64 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { z } from 'zod';
+import { parse as parseYaml } from '@qwen-code/qwen-code-core';
+
+/**
+ * Defines the Zod schema for a Markdown command definition file.
+ * The frontmatter contains optional metadata, and the body is the prompt.
+ */
+export const MarkdownCommandDefSchema = z.object({
+  frontmatter: z
+    .object({
+      description: z.string().optional(),
+    })
+    .optional(),
+  prompt: z.string({
+    required_error: 'The prompt content is required.',
+    invalid_type_error: 'The prompt content must be a string.',
+  }),
+});
+
+export type MarkdownCommandDef = z.infer<typeof MarkdownCommandDefSchema>;
+
+/**
+ * Parses a Markdown command file with optional YAML frontmatter.
+ * @param content The file content
+ * @returns Parsed command definition with frontmatter and prompt
+ */
+export function parseMarkdownCommand(content: string): MarkdownCommandDef {
+  // Match YAML frontmatter pattern: ---\n...\n---\n
+  // Allow empty frontmatter: ---\n---\n  // Use (?:[\s\S]*?) to make the frontmatter content optional
+  const frontmatterRegex = /^---\n([\s\S]*?)---\n([\s\S]*)$/;
+  const match = content.match(frontmatterRegex);
+
+  if (!match) {
+    // No frontmatter, entire content is the prompt
+    return {
+      prompt: content.trim(),
+    };
+  }
+
+  const [, frontmatterYaml, body] = match;
+
+  // Parse YAML frontmatter if not empty
+  let frontmatter: Record<string, unknown> | undefined;
+  if (frontmatterYaml.trim()) {
+    try {
+      frontmatter = parseYaml(frontmatterYaml) as Record<string, unknown>;
+    } catch (error) {
+      throw new Error(
+        `Failed to parse YAML frontmatter: ${error instanceof Error ? error.message : String(error)}`,
+      );
+    }
+  }
+
+  return {
+    frontmatter,
+    prompt: body.trim(),
+  };
+}
--- a/packages/cli/src/services/test-commands/example.md
+++ b/packages/cli/src/services/test-commands/example.md
@@ -0,0 +1,5 @@
+---
+description: Example markdown command
+---
+
+This is an example prompt from a markdown file.
--- a/packages/cli/src/test-utils/createExtension.ts
+++ b/packages/cli/src/test-utils/createExtension.ts
@@ -1,49 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import {
-  EXTENSIONS_CONFIG_FILENAME,
-  INSTALL_METADATA_FILENAME,
-} from '../config/extension.js';
-import {
-  type MCPServerConfig,
-  type ExtensionInstallMetadata,
-} from '@qwen-code/qwen-code-core';
-
-export function createExtension({
-  extensionsDir = 'extensions-dir',
-  name = 'my-extension',
-  version = '1.0.0',
-  addContextFile = false,
-  contextFileName = undefined as string | undefined,
-  mcpServers = {} as Record<string, MCPServerConfig>,
-  installMetadata = undefined as ExtensionInstallMetadata | undefined,
-} = {}): string {
-  const extDir = path.join(extensionsDir, name);
-  fs.mkdirSync(extDir, { recursive: true });
-  fs.writeFileSync(
-    path.join(extDir, EXTENSIONS_CONFIG_FILENAME),
-    JSON.stringify({ name, version, contextFileName, mcpServers }),
-  );
-
-  if (addContextFile) {
-    fs.writeFileSync(path.join(extDir, 'QWEN.md'), 'context');
-  }
-
-  if (contextFileName) {
-    fs.writeFileSync(path.join(extDir, contextFileName), 'context');
-  }
-
-  if (installMetadata) {
-    fs.writeFileSync(
-      path.join(extDir, INSTALL_METADATA_FILENAME),
-      JSON.stringify(installMetadata),
-    );
-  }
-  return extDir;
-}
--- a/packages/cli/src/test-utils/render.tsx
+++ b/packages/cli/src/test-utils/render.tsx
@@ -6,10 +6,12 @@

 import { render } from 'ink-testing-library';
 import type React from 'react';
+import type { Config } from '@qwen-code/qwen-code-core';
 import { LoadedSettings } from '../config/settings.js';
 import { KeypressProvider } from '../ui/contexts/KeypressContext.js';
 import { SettingsContext } from '../ui/contexts/SettingsContext.js';
 import { ShellFocusContext } from '../ui/contexts/ShellFocusContext.js';
+import { ConfigContext } from '../ui/contexts/ConfigContext.js';

 const mockSettings = new LoadedSettings(
  { path: '', settings: {}, originalSettings: {} },
@@ -22,14 +24,24 @@ const mockSettings = new LoadedSettings(

 export const renderWithProviders = (
  component: React.ReactElement,
-  { shellFocus = true, settings = mockSettings } = {},
+  {
+    shellFocus = true,
+    settings = mockSettings,
+    config = undefined,
+  }: {
+    shellFocus?: boolean;
+    settings?: LoadedSettings;
+    config?: Config;
+  } = {},
 ): ReturnType<typeof render> =>
  render(
    <SettingsContext.Provider value={settings}>
-      <ShellFocusContext.Provider value={shellFocus}>
-        <KeypressProvider kittyProtocolEnabled={true}>
-          {component}
-        </KeypressProvider>
-      </ShellFocusContext.Provider>
+      <ConfigContext.Provider value={config}>
+        <ShellFocusContext.Provider value={shellFocus}>
+          <KeypressProvider kittyProtocolEnabled={true}>
+            {component}
+          </KeypressProvider>
+        </ShellFocusContext.Provider>
+      </ConfigContext.Provider>
    </SettingsContext.Provider>,
  );
--- a/packages/cli/src/ui/AppContainer.test.tsx
+++ b/packages/cli/src/ui/AppContainer.test.tsx
@@ -76,7 +76,6 @@ vi.mock('./hooks/useFolderTrust.js');
 vi.mock('./hooks/useIdeTrustListener.js');
 vi.mock('./hooks/useMessageQueue.js');
 vi.mock('./hooks/useAutoAcceptIndicator.js');
-vi.mock('./hooks/useWorkspaceMigration.js');
 vi.mock('./hooks/useGitBranchName.js');
 vi.mock('./contexts/VimModeContext.js');
 vi.mock('./contexts/SessionContext.js');
@@ -103,7 +102,6 @@ import { useFolderTrust } from './hooks/useFolderTrust.js';
 import { useIdeTrustListener } from './hooks/useIdeTrustListener.js';
 import { useMessageQueue } from './hooks/useMessageQueue.js';
 import { useAutoAcceptIndicator } from './hooks/useAutoAcceptIndicator.js';
-import { useWorkspaceMigration } from './hooks/useWorkspaceMigration.js';
 import { useGitBranchName } from './hooks/useGitBranchName.js';
 import { useVimMode } from './contexts/VimModeContext.js';
 import { useSessionStats } from './contexts/SessionContext.js';
@@ -134,7 +132,6 @@ describe('AppContainer State Management', () => {
  const mockedUseIdeTrustListener = useIdeTrustListener as Mock;
  const mockedUseMessageQueue = useMessageQueue as Mock;
  const mockedUseAutoAcceptIndicator = useAutoAcceptIndicator as Mock;
-  const mockedUseWorkspaceMigration = useWorkspaceMigration as Mock;
  const mockedUseGitBranchName = useGitBranchName as Mock;
  const mockedUseVimMode = useVimMode as Mock;
  const mockedUseSessionStats = useSessionStats as Mock;
@@ -239,12 +236,6 @@ describe('AppContainer State Management', () => {
      getQueuedMessagesText: vi.fn().mockReturnValue(''),
    });
    mockedUseAutoAcceptIndicator.mockReturnValue(false);
-    mockedUseWorkspaceMigration.mockReturnValue({
-      showWorkspaceMigrationDialog: false,
-      workspaceExtensions: [],
-      onWorkspaceMigrationDialogOpen: vi.fn(),
-      onWorkspaceMigrationDialogClose: vi.fn(),
-    });
    mockedUseGitBranchName.mockReturnValue('main');
    mockedUseVimMode.mockReturnValue({
      isVimEnabled: false,
--- a/packages/cli/src/ui/AppContainer.tsx
+++ b/packages/cli/src/ui/AppContainer.tsx
@@ -32,12 +32,12 @@ import {
  type Config,
  type IdeInfo,
  type IdeContext,
-  DEFAULT_GEMINI_FLASH_MODEL,
  IdeClient,
  ideContextStore,
  getErrorMessage,
  getAllGeminiMdFilenames,
  ShellExecutionService,
+  Storage,
 } from '@qwen-code/qwen-code-core';
 import { buildResumedHistoryItems } from './utils/resumeHistoryUtils.js';
 import { validateAuthMethod } from '../config/auth.js';
@@ -46,6 +46,7 @@ import process from 'node:process';
 import { useHistory } from './hooks/useHistoryManager.js';
 import { useMemoryMonitor } from './hooks/useMemoryMonitor.js';
 import { useThemeCommand } from './hooks/useThemeCommand.js';
+import { useFeedbackDialog } from './hooks/useFeedbackDialog.js';
 import { useAuthCommand } from './auth/useAuth.js';
 import { useEditorSettings } from './hooks/useEditorSettings.js';
 import { useSettingsCommand } from './hooks/useSettingsCommand.js';
@@ -76,6 +77,9 @@ import { useLoadingIndicator } from './hooks/useLoadingIndicator.js';
 import { useFolderTrust } from './hooks/useFolderTrust.js';
 import { useIdeTrustListener } from './hooks/useIdeTrustListener.js';
 import { type IdeIntegrationNudgeResult } from './IdeIntegrationNudge.js';
+import { type CommandMigrationNudgeResult } from './CommandFormatMigrationNudge.js';
+import { useCommandMigration } from './hooks/useCommandMigration.js';
+import { migrateTomlCommands } from '../services/command-migration-tool.js';
 import { appEvents, AppEvent } from '../utils/events.js';
 import { type UpdateObject } from './utils/updateCheck.js';
 import { setUpdateHandler } from '../utils/handleAutoUpdate.js';
@@ -83,10 +87,12 @@ import { ConsolePatcher } from './utils/ConsolePatcher.js';
 import { registerCleanup, runExitCleanup } from '../utils/cleanup.js';
 import { useMessageQueue } from './hooks/useMessageQueue.js';
 import { useAutoAcceptIndicator } from './hooks/useAutoAcceptIndicator.js';
-import { useWorkspaceMigration } from './hooks/useWorkspaceMigration.js';
 import { useSessionStats } from './contexts/SessionContext.js';
 import { useGitBranchName } from './hooks/useGitBranchName.js';
-import { useExtensionUpdates } from './hooks/useExtensionUpdates.js';
+import {
+  useExtensionUpdates,
+  useConfirmUpdateRequests,
+} from './hooks/useExtensionUpdates.js';
 import { ShellFocusContext } from './contexts/ShellFocusContext.js';
 import { t } from '../i18n/index.js';
 import { useWelcomeBack } from './hooks/useWelcomeBack.js';
@@ -97,6 +103,10 @@ import { processVisionSwitchOutcome } from './hooks/useVisionAutoSwitch.js';
 import { useSubagentCreateDialog } from './hooks/useSubagentCreateDialog.js';
 import { useAgentsManagerDialog } from './hooks/useAgentsManagerDialog.js';
 import { useAttentionNotifications } from './hooks/useAttentionNotifications.js';
+import {
+  requestConsentInteractive,
+  requestConsentOrFail,
+} from '../commands/extensions/consent.js';

 const CTRL_EXIT_PROMPT_DURATION_MS = 1000;

@@ -157,15 +167,23 @@ export const AppContainer = (props: AppContainerProps) => {
    config.isTrustedFolder(),
  );

-  const extensions = config.getExtensions();
+  const extensionManager = config.getExtensionManager();
+
+  extensionManager.setRequestConsent(
+    requestConsentOrFail.bind(null, (description) =>
+      requestConsentInteractive(description, addConfirmUpdateExtensionRequest),
+    ),
+  );
+
+  const { addConfirmUpdateExtensionRequest, confirmUpdateExtensionRequests } =
+    useConfirmUpdateRequests();
+
  const {
    extensionsUpdateState,
    extensionsUpdateStateInternal,
    dispatchExtensionStateUpdate,
-    confirmUpdateExtensionRequests,
-    addConfirmUpdateExtensionRequest,
  } = useExtensionUpdates(
-    extensions,
+    extensionManager,
    historyManager.addItem,
    config.getWorkingDir(),
  );
@@ -180,15 +198,10 @@ export const AppContainer = (props: AppContainerProps) => {
    [],
  );

-  // Helper to determine the effective model, considering the fallback state.
-  const getEffectiveModel = useCallback(() => {
-    if (config.isInFallbackMode()) {
-      return DEFAULT_GEMINI_FLASH_MODEL;
-    }
-    return config.getModel();
-  }, [config]);
+  // Helper to determine the current model (polled, since Config has no model-change event).
+  const getCurrentModel = useCallback(() => config.getModel(), [config]);

-  const [currentModel, setCurrentModel] = useState(getEffectiveModel());
+  const [currentModel, setCurrentModel] = useState(getCurrentModel());

  const [isConfigInitialized, setConfigInitialized] = useState(false);

@@ -241,12 +254,12 @@ export const AppContainer = (props: AppContainerProps) => {
    [historyManager.addItem],
  );

-  // Watch for model changes (e.g., from Flash fallback)
+  // Watch for model changes (e.g., user switches model via /model)
  useEffect(() => {
    const checkModelChange = () => {
-      const effectiveModel = getEffectiveModel();
-      if (effectiveModel !== currentModel) {
-        setCurrentModel(effectiveModel);
+      const model = getCurrentModel();
+      if (model !== currentModel) {
+        setCurrentModel(model);
      }
    };

@@ -254,7 +267,7 @@ export const AppContainer = (props: AppContainerProps) => {
    const interval = setInterval(checkModelChange, 1000); // Check every second

    return () => clearInterval(interval);
-  }, [config, currentModel, getEffectiveModel]);
+  }, [config, currentModel, getCurrentModel]);

  const {
    consoleMessages,
@@ -376,37 +389,36 @@ export const AppContainer = (props: AppContainerProps) => {
  // Check for enforced auth type mismatch
  useEffect(() => {
    // Check for initialization error first
+    const currentAuthType = config.modelsConfig.getCurrentAuthType();

    if (
      settings.merged.security?.auth?.enforcedType &&
-      settings.merged.security?.auth.selectedType &&
-      settings.merged.security?.auth.enforcedType !==
-        settings.merged.security?.auth.selectedType
+      currentAuthType &&
+      settings.merged.security?.auth.enforcedType !== currentAuthType
    ) {
      onAuthError(
        t(
          'Authentication is enforced to be {{enforcedType}}, but you are currently using {{currentType}}.',
          {
-            enforcedType: settings.merged.security?.auth.enforcedType,
-            currentType: settings.merged.security?.auth.selectedType,
+            enforcedType: String(settings.merged.security?.auth.enforcedType),
+            currentType: String(currentAuthType),
          },
        ),
      );
-    } else if (
-      settings.merged.security?.auth?.selectedType &&
-      !settings.merged.security?.auth?.useExternal
-    ) {
-      const error = validateAuthMethod(
-        settings.merged.security.auth.selectedType,
-      );
-      if (error) {
-        onAuthError(error);
+    } else if (!settings.merged.security?.auth?.useExternal) {
+      // If no authType is selected yet, allow the auth UI flow to prompt the user.
+      // Only validate credentials once a concrete authType exists.
+      if (currentAuthType) {
+        const error = validateAuthMethod(currentAuthType, config);
+        if (error) {
+          onAuthError(error);
+        }
      }
    }
  }, [
-    settings.merged.security?.auth?.selectedType,
    settings.merged.security?.auth?.enforcedType,
    settings.merged.security?.auth?.useExternal,
+    config,
    onAuthError,
  ]);

@@ -436,13 +448,6 @@ export const AppContainer = (props: AppContainerProps) => {
    remount: refreshStatic,
  });

-  const {
-    showWorkspaceMigrationDialog,
-    workspaceExtensions,
-    onWorkspaceMigrationDialogOpen,
-    onWorkspaceMigrationDialogClose,
-  } = useWorkspaceMigration(settings);
-
  const { toggleVimEnabled } = useVimMode();

  const {
@@ -578,11 +583,9 @@ export const AppContainer = (props: AppContainerProps) => {
          : [],
        config.getDebugMode(),
        config.getFileService(),
-        settings.merged,
        config.getExtensionContextFilePaths(),
        config.isTrustedFolder(),
        settings.merged.context?.importFormat || 'tree', // Use setting or default to 'tree'
-        config.getFileFilteringOptions(),
      );

      config.setUserMemory(memoryContent);
@@ -845,6 +848,13 @@ export const AppContainer = (props: AppContainerProps) => {
      !idePromptAnswered,
  );

+  // Command migration nudge
+  const {
+    showMigrationNudge: shouldShowCommandMigrationNudge,
+    tomlFiles: commandMigrationTomlFiles,
+    setShowMigrationNudge: setShowCommandMigrationNudge,
+  } = useCommandMigration(settings, config.storage);
+
  const [showErrorDetails, setShowErrorDetails] = useState<boolean>(false);
  const [showToolDescriptions, setShowToolDescriptions] =
    useState<boolean>(false);
@@ -940,6 +950,92 @@ export const AppContainer = (props: AppContainerProps) => {
    [handleSlashCommand, settings],
  );

+  const handleCommandMigrationComplete = useCallback(
+    async (result: CommandMigrationNudgeResult) => {
+      setShowCommandMigrationNudge(false);
+
+      if (result.userSelection === 'yes') {
+        // Perform migration for both workspace and user levels
+        try {
+          const results = [];
+
+          // Migrate workspace commands
+          const workspaceCommandsDir = config.storage.getProjectCommandsDir();
+          const workspaceResult = await migrateTomlCommands({
+            commandDir: workspaceCommandsDir,
+            createBackup: true,
+            deleteOriginal: false,
+          });
+          if (
+            workspaceResult.convertedFiles.length > 0 ||
+            workspaceResult.failedFiles.length > 0
+          ) {
+            results.push({ level: 'workspace', result: workspaceResult });
+          }
+
+          // Migrate user commands
+          const userCommandsDir = Storage.getUserCommandsDir();
+          const userResult = await migrateTomlCommands({
+            commandDir: userCommandsDir,
+            createBackup: true,
+            deleteOriginal: false,
+          });
+          if (
+            userResult.convertedFiles.length > 0 ||
+            userResult.failedFiles.length > 0
+          ) {
+            results.push({ level: 'user', result: userResult });
+          }
+
+          // Report results
+          for (const { level, result: migrationResult } of results) {
+            if (
+              migrationResult.success &&
+              migrationResult.convertedFiles.length > 0
+            ) {
+              historyManager.addItem(
+                {
+                  type: MessageType.INFO,
+                  text: `[${level}] Successfully migrated ${migrationResult.convertedFiles.length} command file${migrationResult.convertedFiles.length > 1 ? 's' : ''} to Markdown format. Original files backed up as .toml.backup`,
+                },
+                Date.now(),
+              );
+            }
+
+            if (migrationResult.failedFiles.length > 0) {
+              historyManager.addItem(
+                {
+                  type: MessageType.ERROR,
+                  text: `[${level}] Failed to migrate ${migrationResult.failedFiles.length} file${migrationResult.failedFiles.length > 1 ? 's' : ''}:\n${migrationResult.failedFiles.map((f) => `  • ${f.file}: ${f.error}`).join('\n')}`,
+                },
+                Date.now(),
+              );
+            }
+          }
+
+          if (results.length === 0) {
+            historyManager.addItem(
+              {
+                type: MessageType.INFO,
+                text: 'No TOML files found to migrate.',
+              },
+              Date.now(),
+            );
+          }
+        } catch (error) {
+          historyManager.addItem(
+            {
+              type: MessageType.ERROR,
+              text: `❌ Migration failed: ${getErrorMessage(error)}`,
+            },
+            Date.now(),
+          );
+        }
+      }
+    },
+    [historyManager, setShowCommandMigrationNudge, config.storage],
+  );
+
  const { elapsedTime, currentLoadingPhrase } = useLoadingIndicator(
    streamingState,
    settings.merged.ui?.customWittyPhrases,
@@ -1182,8 +1278,8 @@ export const AppContainer = (props: AppContainerProps) => {

  const dialogsVisible =
    showWelcomeBackDialog ||
-    showWorkspaceMigrationDialog ||
    shouldShowIdePrompt ||
+    shouldShowCommandMigrationNudge ||
    isFolderTrustDialogOpen ||
    !!shellConfirmationRequest ||
    !!confirmationRequest ||
@@ -1203,6 +1299,19 @@ export const AppContainer = (props: AppContainerProps) => {
    isApprovalModeDialogOpen ||
    isResumeDialogOpen;

+  const {
+    isFeedbackDialogOpen,
+    openFeedbackDialog,
+    closeFeedbackDialog,
+    submitFeedback,
+  } = useFeedbackDialog({
+    config,
+    settings,
+    streamingState,
+    history: historyManager.history,
+    sessionStats,
+  });
+
  const pendingHistoryItems = useMemo(
    () => [...pendingSlashCommandHistoryItems, ...pendingGeminiHistoryItems],
    [pendingSlashCommandHistoryItems, pendingGeminiHistoryItems],
@@ -1249,6 +1358,8 @@ export const AppContainer = (props: AppContainerProps) => {
      suggestionsWidth,
      isInputActive,
      shouldShowIdePrompt,
+      shouldShowCommandMigrationNudge,
+      commandMigrationTomlFiles,
      isFolderTrustDialogOpen: isFolderTrustDialogOpen ?? false,
      isTrustedFolder,
      constrainHeight,
@@ -1265,8 +1376,6 @@ export const AppContainer = (props: AppContainerProps) => {
      historyRemountKey,
      messageQueue,
      showAutoAcceptIndicator,
-      showWorkspaceMigrationDialog,
-      workspaceExtensions,
      currentModel,
      contextFileNames,
      errorCount,
@@ -1299,6 +1408,8 @@ export const AppContainer = (props: AppContainerProps) => {
      // Subagent dialogs
      isSubagentCreateDialogOpen,
      isAgentsManagerDialogOpen,
+      // Feedback dialog
+      isFeedbackDialogOpen,
    }),
    [
      isThemeDialogOpen,
@@ -1338,6 +1449,8 @@ export const AppContainer = (props: AppContainerProps) => {
      suggestionsWidth,
      isInputActive,
      shouldShowIdePrompt,
+      shouldShowCommandMigrationNudge,
+      commandMigrationTomlFiles,
      isFolderTrustDialogOpen,
      isTrustedFolder,
      constrainHeight,
@@ -1354,8 +1467,6 @@ export const AppContainer = (props: AppContainerProps) => {
      historyRemountKey,
      messageQueue,
      showAutoAcceptIndicator,
-      showWorkspaceMigrationDialog,
-      workspaceExtensions,
      contextFileNames,
      errorCount,
      availableTerminalHeight,
@@ -1389,6 +1500,8 @@ export const AppContainer = (props: AppContainerProps) => {
      // Subagent dialogs
      isSubagentCreateDialogOpen,
      isAgentsManagerDialogOpen,
+      // Feedback dialog
+      isFeedbackDialogOpen,
    ],
  );

@@ -1409,14 +1522,13 @@ export const AppContainer = (props: AppContainerProps) => {
      setShellModeActive,
      vimHandleInput,
      handleIdePromptComplete,
+      handleCommandMigrationComplete,
      handleFolderTrustSelect,
      setConstrainHeight,
      onEscapePromptChange: handleEscapePromptChange,
      refreshStatic,
      handleFinalSubmit,
      handleClearScreen,
-      onWorkspaceMigrationDialogOpen,
-      onWorkspaceMigrationDialogClose,
      // Vision switch dialog
      handleVisionSwitchSelect,
      // Welcome back dialog
@@ -1429,6 +1541,10 @@ export const AppContainer = (props: AppContainerProps) => {
      openResumeDialog,
      closeResumeDialog,
      handleResume,
+      // Feedback dialog
+      openFeedbackDialog,
+      closeFeedbackDialog,
+      submitFeedback,
    }),
    [
      handleThemeSelect,
@@ -1446,14 +1562,13 @@ export const AppContainer = (props: AppContainerProps) => {
      setShellModeActive,
      vimHandleInput,
      handleIdePromptComplete,
+      handleCommandMigrationComplete,
      handleFolderTrustSelect,
      setConstrainHeight,
      handleEscapePromptChange,
      refreshStatic,
      handleFinalSubmit,
      handleClearScreen,
-      onWorkspaceMigrationDialogOpen,
-      onWorkspaceMigrationDialogClose,
      handleVisionSwitchSelect,
      handleWelcomeBackSelection,
      handleWelcomeBackClose,
@@ -1464,6 +1579,10 @@ export const AppContainer = (props: AppContainerProps) => {
      openResumeDialog,
      closeResumeDialog,
      handleResume,
+      // Feedback dialog
+      openFeedbackDialog,
+      closeFeedbackDialog,
+      submitFeedback,
    ],
  );

--- a/packages/cli/src/ui/CommandFormatMigrationNudge.tsx
+++ b/packages/cli/src/ui/CommandFormatMigrationNudge.tsx
@@ -0,0 +1,94 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { Box, Text } from 'ink';
+import type { RadioSelectItem } from './components/shared/RadioButtonSelect.js';
+import { RadioButtonSelect } from './components/shared/RadioButtonSelect.js';
+import { useKeypress } from './hooks/useKeypress.js';
+import { theme } from './semantic-colors.js';
+import { t } from '../i18n/index.js';
+
+export type CommandMigrationNudgeResult = {
+  userSelection: 'yes' | 'no';
+};
+
+interface CommandFormatMigrationNudgeProps {
+  tomlFiles: string[];
+  onComplete: (result: CommandMigrationNudgeResult) => void;
+}
+
+export function CommandFormatMigrationNudge({
+  tomlFiles,
+  onComplete,
+}: CommandFormatMigrationNudgeProps) {
+  useKeypress(
+    (key) => {
+      if (key.name === 'escape') {
+        onComplete({
+          userSelection: 'no',
+        });
+      }
+    },
+    { isActive: true },
+  );
+
+  const OPTIONS: Array<RadioSelectItem<CommandMigrationNudgeResult>> = [
+    {
+      label: t('Yes'),
+      value: {
+        userSelection: 'yes',
+      },
+      key: 'Yes',
+    },
+    {
+      label: t('No (esc)'),
+      value: {
+        userSelection: 'no',
+      },
+      key: 'No (esc)',
+    },
+  ];
+
+  const count = tomlFiles.length;
+  const fileList =
+    count <= 3
+      ? tomlFiles.map((f) => `  • ${f}`).join('\n')
+      : `  • ${tomlFiles.slice(0, 2).join('\n  • ')}\n  • ${t('... and {{count}} more', { count: String(count - 2) })}`;
+
+  return (
+    <Box
+      flexDirection="column"
+      borderStyle="round"
+      borderColor={theme.status.warning}
+      padding={1}
+      width="100%"
+      marginLeft={1}
+    >
+      <Box marginBottom={1} flexDirection="column">
+        <Text>
+          <Text color={theme.status.warning}>{'⚠️  '}</Text>
+          <Text bold>{t('Command Format Migration')}</Text>
+        </Text>
+        <Text color={theme.text.secondary}>
+          {count > 1
+            ? t('Found {{count}} TOML command files:', { count: String(count) })
+            : t('Found {{count}} TOML command file:', { count: String(count) })}
+        </Text>
+        <Text color={theme.text.secondary}>{fileList}</Text>
+        <Text>{''}</Text>
+        <Text color={theme.text.secondary}>
+          {t(
+            'The TOML format is deprecated. Would you like to migrate them to Markdown format?',
+          )}
+        </Text>
+        <Text color={theme.text.secondary}>
+          {t('(Backups will be created and original files will be preserved)')}
+        </Text>
+      </Box>
+      <RadioButtonSelect items={OPTIONS} onSelect={onComplete} />
+    </Box>
+  );
+}
--- a/packages/cli/src/ui/FeedbackDialog.tsx
+++ b/packages/cli/src/ui/FeedbackDialog.tsx
@@ -0,0 +1,61 @@
+import { Box, Text } from 'ink';
+import type React from 'react';
+import { t } from '../i18n/index.js';
+import { useUIActions } from './contexts/UIActionsContext.js';
+import { useUIState } from './contexts/UIStateContext.js';
+import { useKeypress } from './hooks/useKeypress.js';
+
+const FEEDBACK_OPTIONS = {
+  GOOD: 1,
+  BAD: 2,
+  NOT_SURE: 3,
+} as const;
+
+const FEEDBACK_OPTION_KEYS = {
+  [FEEDBACK_OPTIONS.GOOD]: '1',
+  [FEEDBACK_OPTIONS.BAD]: '2',
+  [FEEDBACK_OPTIONS.NOT_SURE]: 'any',
+} as const;
+
+export const FEEDBACK_DIALOG_KEYS = ['1', '2'] as const;
+
+export const FeedbackDialog: React.FC = () => {
+  const uiState = useUIState();
+  const uiActions = useUIActions();
+
+  useKeypress(
+    (key) => {
+      if (key.name === FEEDBACK_OPTION_KEYS[FEEDBACK_OPTIONS.GOOD]) {
+        uiActions.submitFeedback(FEEDBACK_OPTIONS.GOOD);
+      } else if (key.name === FEEDBACK_OPTION_KEYS[FEEDBACK_OPTIONS.BAD]) {
+        uiActions.submitFeedback(FEEDBACK_OPTIONS.BAD);
+      } else {
+        uiActions.submitFeedback(FEEDBACK_OPTIONS.NOT_SURE);
+      }
+
+      uiActions.closeFeedbackDialog();
+    },
+    { isActive: uiState.isFeedbackDialogOpen },
+  );
+
+  return (
+    <Box flexDirection="column" marginY={1}>
+      <Box>
+        <Text color="cyan">● </Text>
+        <Text bold>{t('How is Qwen doing this session? (optional)')}</Text>
+      </Box>
+      <Box marginTop={1}>
+        <Text color="cyan">
+          {FEEDBACK_OPTION_KEYS[FEEDBACK_OPTIONS.GOOD]}:{' '}
+        </Text>
+        <Text>{t('Good')}</Text>
+        <Text> </Text>
+        <Text color="cyan">{FEEDBACK_OPTION_KEYS[FEEDBACK_OPTIONS.BAD]}: </Text>
+        <Text>{t('Bad')}</Text>
+        <Text> </Text>
+        <Text color="cyan">{t('Any other key')}: </Text>
+        <Text>{t('Not Sure Yet')}</Text>
+      </Box>
+    </Box>
+  );
+};
--- a/packages/cli/src/ui/auth/AuthDialog.test.tsx
+++ b/packages/cli/src/ui/auth/AuthDialog.test.tsx
@@ -6,7 +6,8 @@

 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { AuthDialog } from './AuthDialog.js';
-import { LoadedSettings, SettingScope } from '../../config/settings.js';
+import { LoadedSettings } from '../../config/settings.js';
+import type { Config } from '@qwen-code/qwen-code-core';
 import { AuthType } from '@qwen-code/qwen-code-core';
 import { renderWithProviders } from '../../test-utils/render.js';
 import { UIStateContext } from '../contexts/UIStateContext.js';
@@ -43,17 +44,24 @@ const renderAuthDialog = (
  settings: LoadedSettings,
  uiStateOverrides: Partial<UIState> = {},
  uiActionsOverrides: Partial<UIActions> = {},
+  configAuthType: AuthType | undefined = undefined,
+  configApiKey: string | undefined = undefined,
 ) => {
  const uiState = createMockUIState(uiStateOverrides);
  const uiActions = createMockUIActions(uiActionsOverrides);

+  const mockConfig = {
+    getAuthType: vi.fn(() => configAuthType),
+    getContentGeneratorConfig: vi.fn(() => ({ apiKey: configApiKey })),
+  } as unknown as Config;
+
  return renderWithProviders(
    <UIStateContext.Provider value={uiState}>
      <UIActionsContext.Provider value={uiActions}>
        <AuthDialog />
      </UIActionsContext.Provider>
    </UIStateContext.Provider>,
-    { settings },
+    { settings, config: mockConfig },
  );
 };

@@ -421,6 +429,7 @@ describe('AuthDialog', () => {
      settings,
      {},
      { handleAuthSelect },
+      undefined, // config.getAuthType() returns undefined
    );
    await wait();

@@ -475,6 +484,7 @@ describe('AuthDialog', () => {
      settings,
      { authError: 'Initial error' },
      { handleAuthSelect },
+      undefined, // config.getAuthType() returns undefined
    );
    await wait();

@@ -528,6 +538,7 @@ describe('AuthDialog', () => {
      settings,
      {},
      { handleAuthSelect },
+      AuthType.USE_OPENAI, // config.getAuthType() returns USE_OPENAI
    );
    await wait();

@@ -536,7 +547,7 @@ describe('AuthDialog', () => {
    await wait();

    // Should call handleAuthSelect with undefined to exit
-    expect(handleAuthSelect).toHaveBeenCalledWith(undefined, SettingScope.User);
+    expect(handleAuthSelect).toHaveBeenCalledWith(undefined);
    unmount();
  });
 });
--- a/packages/cli/src/ui/auth/AuthDialog.tsx
+++ b/packages/cli/src/ui/auth/AuthDialog.tsx
@@ -8,13 +8,12 @@ import type React from 'react';
 import { useState } from 'react';
 import { AuthType } from '@qwen-code/qwen-code-core';
 import { Box, Text } from 'ink';
-import { SettingScope } from '../../config/settings.js';
 import { Colors } from '../colors.js';
 import { useKeypress } from '../hooks/useKeypress.js';
 import { RadioButtonSelect } from '../components/shared/RadioButtonSelect.js';
 import { useUIState } from '../contexts/UIStateContext.js';
 import { useUIActions } from '../contexts/UIActionsContext.js';
-import { useSettings } from '../contexts/SettingsContext.js';
+import { useConfig } from '../contexts/ConfigContext.js';
 import { t } from '../../i18n/index.js';

 function parseDefaultAuthType(
@@ -32,7 +31,7 @@ function parseDefaultAuthType(
 export function AuthDialog(): React.JSX.Element {
  const { pendingAuthType, authError } = useUIState();
  const { handleAuthSelect: onAuthSelect } = useUIActions();
-  const settings = useSettings();
+  const config = useConfig();

  const [errorMessage, setErrorMessage] = useState<string | null>(null);
  const [selectedIndex, setSelectedIndex] = useState<number | null>(null);
@@ -58,9 +57,10 @@ export function AuthDialog(): React.JSX.Element {
        return item.value === pendingAuthType;
      }

-      // Priority 2: settings.merged.security?.auth?.selectedType
-      if (settings.merged.security?.auth?.selectedType) {
-        return item.value === settings.merged.security?.auth?.selectedType;
+      // Priority 2: config.getAuthType() - the source of truth
+      const currentAuthType = config.getAuthType();
+      if (currentAuthType) {
+        return item.value === currentAuthType;
      }

      // Priority 3: QWEN_DEFAULT_AUTH_TYPE env var
@@ -76,7 +76,7 @@ export function AuthDialog(): React.JSX.Element {
    }),
  );

-  const hasApiKey = Boolean(settings.merged.security?.auth?.apiKey);
+  const hasApiKey = Boolean(config.getContentGeneratorConfig()?.apiKey);
  const currentSelectedAuthType =
    selectedIndex !== null
      ? items[selectedIndex]?.value
@@ -84,7 +84,7 @@ export function AuthDialog(): React.JSX.Element {

  const handleAuthSelect = async (authMethod: AuthType) => {
    setErrorMessage(null);
-    await onAuthSelect(authMethod, SettingScope.User);
+    await onAuthSelect(authMethod);
  };

  const handleHighlight = (authMethod: AuthType) => {
@@ -100,7 +100,7 @@ export function AuthDialog(): React.JSX.Element {
        if (errorMessage) {
          return;
        }
-        if (settings.merged.security?.auth?.selectedType === undefined) {
+        if (config.getAuthType() === undefined) {
          // Prevent exiting if no auth method is set
          setErrorMessage(
            t(
@@ -109,7 +109,7 @@ export function AuthDialog(): React.JSX.Element {
          );
          return;
        }
-        onAuthSelect(undefined, SettingScope.User);
+        onAuthSelect(undefined);
      }
    },
    { isActive: true },
--- a/packages/cli/src/ui/auth/useAuth.ts
+++ b/packages/cli/src/ui/auth/useAuth.ts
@@ -4,16 +4,20 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import type { Config } from '@qwen-code/qwen-code-core';
+import type {
+  Config,
+  ContentGeneratorConfig,
+  ModelProvidersConfig,
+} from '@qwen-code/qwen-code-core';
 import {
  AuthEvent,
  AuthType,
-  clearCachedCredentialFile,
  getErrorMessage,
  logAuth,
 } from '@qwen-code/qwen-code-core';
 import { useCallback, useEffect, useState } from 'react';
-import type { LoadedSettings, SettingScope } from '../../config/settings.js';
+import type { LoadedSettings } from '../../config/settings.js';
+import { getPersistScopeForModelSelection } from '../../config/modelProvidersScope.js';
 import type { OpenAICredentials } from '../components/OpenAIKeyPrompt.js';
 import { useQwenAuth } from '../hooks/useQwenAuth.js';
 import { AuthState, MessageType } from '../types.js';
@@ -27,8 +31,7 @@ export const useAuthCommand = (
  config: Config,
  addItem: (item: Omit<HistoryItem, 'id'>, timestamp: number) => void,
 ) => {
-  const unAuthenticated =
-    settings.merged.security?.auth?.selectedType === undefined;
+  const unAuthenticated = config.getAuthType() === undefined;

  const [authState, setAuthState] = useState<AuthState>(
    unAuthenticated ? AuthState.Updating : AuthState.Unauthenticated,
@@ -81,35 +84,46 @@ export const useAuthCommand = (
  );

  const handleAuthSuccess = useCallback(
-    async (
-      authType: AuthType,
-      scope: SettingScope,
-      credentials?: OpenAICredentials,
-    ) => {
+    async (authType: AuthType, credentials?: OpenAICredentials) => {
      try {
-        settings.setValue(scope, 'security.auth.selectedType', authType);
+        const authTypeScope = getPersistScopeForModelSelection(settings);
+
+        // Persist authType
+        settings.setValue(
+          authTypeScope,
+          'security.auth.selectedType',
+          authType,
+        );
+
+        // Persist model from ContentGenerator config (handles fallback cases)
+        // This ensures that when syncAfterAuthRefresh falls back to default model,
+        // it gets persisted to settings.json
+        const contentGeneratorConfig = config.getContentGeneratorConfig();
+        if (contentGeneratorConfig?.model) {
+          settings.setValue(
+            authTypeScope,
+            'model.name',
+            contentGeneratorConfig.model,
+          );
+        }

        // Only update credentials if not switching to QWEN_OAUTH,
        // so that OpenAI credentials are preserved when switching to QWEN_OAUTH.
        if (authType !== AuthType.QWEN_OAUTH && credentials) {
          if (credentials?.apiKey != null) {
            settings.setValue(
-              scope,
+              authTypeScope,
              'security.auth.apiKey',
              credentials.apiKey,
            );
          }
          if (credentials?.baseUrl != null) {
            settings.setValue(
-              scope,
+              authTypeScope,
              'security.auth.baseUrl',
              credentials.baseUrl,
            );
          }
-          if (credentials?.model != null) {
-            settings.setValue(scope, 'model.name', credentials.model);
-          }
-          await clearCachedCredentialFile();
        }
      } catch (error) {
        handleAuthFailure(error);
@@ -141,14 +155,10 @@ export const useAuthCommand = (
  );

  const performAuth = useCallback(
-    async (
-      authType: AuthType,
-      scope: SettingScope,
-      credentials?: OpenAICredentials,
-    ) => {
+    async (authType: AuthType, credentials?: OpenAICredentials) => {
      try {
        await config.refreshAuth(authType);
-        handleAuthSuccess(authType, scope, credentials);
+        handleAuthSuccess(authType, credentials);
      } catch (e) {
        handleAuthFailure(e);
      }
@@ -156,18 +166,51 @@ export const useAuthCommand = (
    [config, handleAuthSuccess, handleAuthFailure],
  );

+  const isProviderManagedModel = useCallback(
+    (authType: AuthType, modelId: string | undefined) => {
+      if (!modelId) {
+        return false;
+      }
+
+      const modelProviders = settings.merged.modelProviders as
+        | ModelProvidersConfig
+        | undefined;
+      if (!modelProviders) {
+        return false;
+      }
+      const providerModels = modelProviders[authType];
+      if (!Array.isArray(providerModels)) {
+        return false;
+      }
+      return providerModels.some(
+        (providerModel) => providerModel.id === modelId,
+      );
+    },
+    [settings],
+  );
+
  const handleAuthSelect = useCallback(
-    async (
-      authType: AuthType | undefined,
-      scope: SettingScope,
-      credentials?: OpenAICredentials,
-    ) => {
+    async (authType: AuthType | undefined, credentials?: OpenAICredentials) => {
      if (!authType) {
        setIsAuthDialogOpen(false);
        setAuthError(null);
        return;
      }

+      if (
+        authType === AuthType.USE_OPENAI &&
+        credentials?.model &&
+        isProviderManagedModel(authType, credentials.model)
+      ) {
+        onAuthError(
+          t(
+            'Model "{{modelName}}" is managed via settings.modelProviders. Please complete the fields in settings, or use another model id.',
+            { modelName: credentials.model },
+          ),
+        );
+        return;
+      }
+
      setPendingAuthType(authType);
      setAuthError(null);
      setIsAuthDialogOpen(false);
@@ -175,19 +218,33 @@ export const useAuthCommand = (

      if (authType === AuthType.USE_OPENAI) {
        if (credentials) {
-          config.updateCredentials({
-            apiKey: credentials.apiKey,
-            baseUrl: credentials.baseUrl,
-            model: credentials.model,
-          });
-          await performAuth(authType, scope, credentials);
+          // Pass settings.model.generationConfig to updateCredentials so it can be merged
+          // after clearing provider-sourced config. This ensures settings.json generationConfig
+          // fields (e.g., samplingParams, timeout) are preserved.
+          const settingsGenerationConfig = settings.merged.model
+            ?.generationConfig as Partial<ContentGeneratorConfig> | undefined;
+          config.updateCredentials(
+            {
+              apiKey: credentials.apiKey,
+              baseUrl: credentials.baseUrl,
+              model: credentials.model,
+            },
+            settingsGenerationConfig,
+          );
+          await performAuth(authType, credentials);
        }
        return;
      }

-      await performAuth(authType, scope);
+      await performAuth(authType);
    },
-    [config, performAuth],
+    [
+      config,
+      performAuth,
+      isProviderManagedModel,
+      onAuthError,
+      settings.merged.model?.generationConfig,
+    ],
  );

  const openAuthDialog = useCallback(() => {
--- a/packages/cli/src/ui/commands/directoryCommand.test.tsx
+++ b/packages/cli/src/ui/commands/directoryCommand.test.tsx
@@ -54,9 +54,7 @@ describe('directoryCommand', () => {
      services: {
        config: mockConfig,
        settings: {
-          merged: {
-            memoryDiscoveryMaxDirs: 1000,
-          },
+          merged: {},
        },
      },
      ui: {
--- a/packages/cli/src/ui/commands/directoryCommand.tsx
+++ b/packages/cli/src/ui/commands/directoryCommand.tsx
@@ -119,8 +119,6 @@ export const directoryCommand: SlashCommand = {
                config.getFolderTrust(),
                context.services.settings.merged.context?.importFormat ||
                  'tree', // Use setting or default to 'tree'
-                config.getFileFilteringOptions(),
-                context.services.settings.merged.context?.discoveryMaxDirs,
              );
            config.setUserMemory(memoryContent);
            config.setGeminiMdFileCount(fileCount);
--- a/packages/cli/src/ui/commands/extensionsCommand.test.ts
+++ b/packages/cli/src/ui/commands/extensionsCommand.test.ts
@@ -4,11 +4,6 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import type { GeminiCLIExtension } from '@qwen-code/qwen-code-core';
-import {
-  updateAllUpdatableExtensions,
-  updateExtension,
-} from '../../config/extensions/update.js';
 import { createMockCommandContext } from '../../test-utils/mockCommandContext.js';
 import { MessageType } from '../types.js';
 import { extensionsCommand } from './extensionsCommand.js';
@@ -22,34 +17,59 @@ import {
  type MockedFunction,
 } from 'vitest';
 import { ExtensionUpdateState } from '../state/extensions.js';
+import {
+  type Extension,
+  ExtensionManager,
+  parseInstallSource,
+} from '@qwen-code/qwen-code-core';

-vi.mock('../../config/extensions/update.js', () => ({
-  updateExtension: vi.fn(),
-  updateAllUpdatableExtensions: vi.fn(),
-  checkForAllExtensionUpdates: vi.fn(),
-}));
-
-const mockUpdateExtension = updateExtension as MockedFunction<
-  typeof updateExtension
->;
-
-const mockUpdateAllUpdatableExtensions =
-  updateAllUpdatableExtensions as MockedFunction<
-    typeof updateAllUpdatableExtensions
-  >;
+vi.mock('@qwen-code/qwen-code-core', async (importOriginal) => {
+  const actual =
+    await importOriginal<typeof import('@qwen-code/qwen-code-core')>();
+  return {
+    ...actual,
+    parseInstallSource: vi.fn(),
+  };
+});

 const mockGetExtensions = vi.fn();
+const mockUpdateExtension = vi.fn();
+const mockUpdateAllUpdatableExtensions = vi.fn();
+const mockCheckForAllExtensionUpdates = vi.fn();
+const mockInstallExtension = vi.fn();
+const mockUninstallExtension = vi.fn();
+const mockGetLoadedExtensions = vi.fn();
+const mockEnableExtension = vi.fn();
+const mockDisableExtension = vi.fn();
+
+const createMockExtensionManager = () => ({
+  updateExtension: mockUpdateExtension,
+  updateAllUpdatableExtensions: mockUpdateAllUpdatableExtensions,
+  checkForAllExtensionUpdates: mockCheckForAllExtensionUpdates,
+  installExtension: mockInstallExtension,
+  uninstallExtension: mockUninstallExtension,
+  getLoadedExtensions: mockGetLoadedExtensions,
+  enableExtension: mockEnableExtension,
+  disableExtension: mockDisableExtension,
+});

 describe('extensionsCommand', () => {
  let mockContext: CommandContext;
+  let mockExtensionManager: ReturnType<typeof createMockExtensionManager>;

  beforeEach(() => {
    vi.resetAllMocks();
+    mockExtensionManager = createMockExtensionManager();
+    mockGetExtensions.mockReturnValue([]);
+    mockGetLoadedExtensions.mockReturnValue([]);
+    mockCheckForAllExtensionUpdates.mockResolvedValue(undefined);
    mockContext = createMockCommandContext({
      services: {
        config: {
          getExtensions: mockGetExtensions,
          getWorkingDir: () => '/test/dir',
+          getExtensionManager: () =>
+            mockExtensionManager as unknown as ExtensionManager,
        },
      },
      ui: {
@@ -59,8 +79,9 @@ describe('extensionsCommand', () => {
  });

  describe('list', () => {
-    it('should add an EXTENSIONS_LIST item to the UI', async () => {
+    it('should add an EXTENSIONS_LIST item to the UI when extensions exist', async () => {
      if (!extensionsCommand.action) throw new Error('Action not defined');
+      mockGetExtensions.mockReturnValue([{ name: 'test-ext', isActive: true }]);
      await extensionsCommand.action(mockContext, '');

      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
@@ -70,6 +91,20 @@ describe('extensionsCommand', () => {
        expect.any(Number),
      );
    });
+
+    it('should show info message when no extensions installed', async () => {
+      if (!extensionsCommand.action) throw new Error('Action not defined');
+      mockGetExtensions.mockReturnValue([]);
+      await extensionsCommand.action(mockContext, '');
+
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'No extensions installed.',
+        },
+        expect.any(Number),
+      );
+    });
  });

  describe('update', () => {
@@ -93,6 +128,7 @@ describe('extensionsCommand', () => {
    });

    it('should inform user if there are no extensions to update with --all', async () => {
+      mockGetExtensions.mockReturnValue([{ name: 'ext-one', isActive: true }]);
      mockUpdateAllUpdatableExtensions.mockResolvedValue([]);
      await updateAction(mockContext, '--all');
      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
@@ -105,6 +141,7 @@ describe('extensionsCommand', () => {
    });

    it('should call setPendingItem and addItem in a finally block on success', async () => {
+      mockGetExtensions.mockReturnValue([{ name: 'ext-one', isActive: true }]);
      mockUpdateAllUpdatableExtensions.mockResolvedValue([
        {
          name: 'ext-one',
@@ -131,6 +168,7 @@ describe('extensionsCommand', () => {
    });

    it('should call setPendingItem and addItem in a finally block on failure', async () => {
+      mockGetExtensions.mockReturnValue([{ name: 'ext-one', isActive: true }]);
      mockUpdateAllUpdatableExtensions.mockRejectedValue(
        new Error('Something went wrong'),
      );
@@ -155,11 +193,14 @@ describe('extensionsCommand', () => {
    });

    it('should update a single extension by name', async () => {
-      const extension: GeminiCLIExtension = {
+      const extension: Extension = {
+        id: 'ext-one',
        name: 'ext-one',
        version: '1.0.0',
        isActive: true,
        path: '/test/dir/ext-one',
+        contextFiles: [],
+        config: { name: 'ext-one', version: '1.0.0' },
        installMetadata: {
          type: 'git',
          autoUpdate: false,
@@ -179,43 +220,56 @@ describe('extensionsCommand', () => {
      await updateAction(mockContext, 'ext-one');
      expect(mockUpdateExtension).toHaveBeenCalledWith(
        extension,
-        '/test/dir',
-        expect.any(Function),
        ExtensionUpdateState.UPDATE_AVAILABLE,
        expect.any(Function),
      );
    });

    it('should handle errors when updating a single extension', async () => {
-      mockUpdateExtension.mockRejectedValue(new Error('Extension not found'));
-      mockGetExtensions.mockReturnValue([]);
+      // Provide at least one extension so we don't get "No extensions installed" message
+      const otherExtension: Extension = {
+        id: 'other-ext',
+        name: 'other-ext',
+        version: '1.0.0',
+        isActive: true,
+        path: '/test/dir/other-ext',
+        contextFiles: [],
+        config: { name: 'other-ext', version: '1.0.0' },
+      };
+      mockGetExtensions.mockReturnValue([otherExtension]);
      await updateAction(mockContext, 'ext-one');
      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
        {
          type: MessageType.ERROR,
-          text: 'Extension ext-one not found.',
+          text: 'Extension "ext-one" not found.',
        },
        expect.any(Number),
      );
    });

    it('should update multiple extensions by name', async () => {
-      const extensionOne: GeminiCLIExtension = {
+      const extensionOne: Extension = {
+        id: 'ext-one',
        name: 'ext-one',
        version: '1.0.0',
        isActive: true,
        path: '/test/dir/ext-one',
+        contextFiles: [],
+        config: { name: 'ext-one', version: '1.0.0' },
        installMetadata: {
          type: 'git',
          autoUpdate: false,
          source: 'https://github.com/some/extension.git',
        },
      };
-      const extensionTwo: GeminiCLIExtension = {
+      const extensionTwo: Extension = {
+        id: 'ext-two',
        name: 'ext-two',
        version: '1.0.0',
        isActive: true,
        path: '/test/dir/ext-two',
+        contextFiles: [],
+        config: { name: 'ext-two', version: '1.0.0' },
        installMetadata: {
          type: 'git',
          autoUpdate: false,
@@ -223,14 +277,14 @@ describe('extensionsCommand', () => {
        },
      };
      mockGetExtensions.mockReturnValue([extensionOne, extensionTwo]);
-      mockContext.ui.extensionsUpdateState.set(
-        extensionOne.name,
-        ExtensionUpdateState.UPDATE_AVAILABLE,
-      );
-      mockContext.ui.extensionsUpdateState.set(
-        extensionTwo.name,
-        ExtensionUpdateState.UPDATE_AVAILABLE,
-      );
+      mockContext.ui.extensionsUpdateState.set(extensionOne.name, {
+        status: ExtensionUpdateState.UPDATE_AVAILABLE,
+        processed: false,
+      });
+      mockContext.ui.extensionsUpdateState.set(extensionTwo.name, {
+        status: ExtensionUpdateState.UPDATE_AVAILABLE,
+        processed: false,
+      });
      mockUpdateExtension
        .mockResolvedValueOnce({
          name: 'ext-one',
@@ -265,18 +319,24 @@ describe('extensionsCommand', () => {
        throw new Error('Update completion not found');
      }

-      const extensionOne: GeminiCLIExtension = {
+      const extensionOne: Extension = {
+        id: 'ext-one',
        name: 'ext-one',
        version: '1.0.0',
        isActive: true,
        path: '/test/dir/ext-one',
+        contextFiles: [],
+        config: { name: 'ext-one', version: '1.0.0' },
        installMetadata: {
          type: 'git',
          autoUpdate: false,
          source: 'https://github.com/some/extension.git',
        },
      };
-      const extensionTwo: GeminiCLIExtension = {
+      const extensionTwo: Extension = {
+        id: 'another-ext',
+        contextFiles: [],
+        config: { name: 'another-ext', version: '1.0.0' },
        name: 'another-ext',
        version: '1.0.0',
        isActive: true,
@@ -287,8 +347,11 @@ describe('extensionsCommand', () => {
          source: 'https://github.com/some/extension.git',
        },
      };
-      const allExt: GeminiCLIExtension = {
+      const allExt: Extension = {
+        id: 'all-ext',
        name: 'all-ext',
+        contextFiles: [],
+        config: { name: 'all-ext', version: '1.0.0' },
        version: '1.0.0',
        isActive: true,
        path: '/test/dir/all-ext',
@@ -331,5 +394,387 @@ describe('extensionsCommand', () => {
        expect(suggestions).toEqual(expected);
      });
    });
+
+    it('should call reloadCommands in finally block', async () => {
+      mockGetExtensions.mockReturnValue([{ name: 'ext-one', isActive: true }]);
+      mockUpdateAllUpdatableExtensions.mockResolvedValue([
+        {
+          name: 'ext-one',
+          originalVersion: '1.0.0',
+          updatedVersion: '1.0.1',
+        },
+      ]);
+      await updateAction(mockContext, '--all');
+      expect(mockContext.ui.reloadCommands).toHaveBeenCalled();
+    });
+  });
+
+  describe('install', () => {
+    const installAction = extensionsCommand.subCommands?.find(
+      (cmd) => cmd.name === 'install',
+    )?.action;
+
+    if (!installAction) {
+      throw new Error('Install action not found');
+    }
+
+    const mockParseInstallSource = parseInstallSource as MockedFunction<
+      typeof parseInstallSource
+    >;
+
+    // Create a real ExtensionManager mock that passes instanceof check
+    let realMockExtensionManager: ExtensionManager;
+
+    beforeEach(() => {
+      vi.resetAllMocks();
+      // Create a mock that inherits from ExtensionManager prototype
+      realMockExtensionManager = Object.create(ExtensionManager.prototype);
+      realMockExtensionManager.installExtension = mockInstallExtension;
+
+      mockContext = createMockCommandContext({
+        services: {
+          config: {
+            getExtensions: mockGetExtensions,
+            getWorkingDir: () => '/test/dir',
+            getExtensionManager: () => realMockExtensionManager,
+          },
+        },
+        ui: {
+          dispatchExtensionStateUpdate: vi.fn(),
+        },
+      });
+    });
+
+    it('should show usage if no source is provided', async () => {
+      await installAction(mockContext, '');
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.ERROR,
+          text: 'Usage: /extensions install <source>',
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should install extension successfully', async () => {
+      mockParseInstallSource.mockResolvedValue({
+        type: 'git',
+        source: 'https://github.com/test/extension',
+      });
+      mockInstallExtension.mockResolvedValue({
+        name: 'test-extension',
+        version: '1.0.0',
+      });
+
+      await installAction(mockContext, 'https://github.com/test/extension');
+
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'Installing extension from "https://github.com/test/extension"...',
+        },
+        expect.any(Number),
+      );
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'Extension "test-extension" installed successfully.',
+        },
+        expect.any(Number),
+      );
+      expect(mockContext.ui.reloadCommands).toHaveBeenCalled();
+    });
+
+    it('should handle install errors', async () => {
+      mockParseInstallSource.mockRejectedValue(
+        new Error('Install source not found.'),
+      );
+
+      await installAction(mockContext, '/invalid/path');
+
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.ERROR,
+          text: 'Failed to install extension from "/invalid/path": Install source not found.',
+        },
+        expect.any(Number),
+      );
+    });
+  });
+
+  describe('uninstall', () => {
+    const uninstallAction = extensionsCommand.subCommands?.find(
+      (cmd) => cmd.name === 'uninstall',
+    )?.action;
+
+    if (!uninstallAction) {
+      throw new Error('Uninstall action not found');
+    }
+
+    let realMockExtensionManager: ExtensionManager;
+
+    beforeEach(() => {
+      vi.resetAllMocks();
+      realMockExtensionManager = Object.create(ExtensionManager.prototype);
+      realMockExtensionManager.uninstallExtension = mockUninstallExtension;
+
+      mockContext = createMockCommandContext({
+        services: {
+          config: {
+            getExtensions: mockGetExtensions,
+            getWorkingDir: () => '/test/dir',
+            getExtensionManager: () => realMockExtensionManager,
+          },
+        },
+        ui: {
+          dispatchExtensionStateUpdate: vi.fn(),
+        },
+      });
+    });
+
+    it('should show usage if no name is provided', async () => {
+      await uninstallAction(mockContext, '');
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.ERROR,
+          text: 'Usage: /extensions uninstall <extension-name>',
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should uninstall extension successfully', async () => {
+      mockUninstallExtension.mockResolvedValue(undefined);
+
+      await uninstallAction(mockContext, 'test-extension');
+
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'Uninstalling extension "test-extension"...',
+        },
+        expect.any(Number),
+      );
+      expect(mockUninstallExtension).toHaveBeenCalledWith(
+        'test-extension',
+        false,
+      );
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'Extension "test-extension" uninstalled successfully.',
+        },
+        expect.any(Number),
+      );
+      expect(mockContext.ui.reloadCommands).toHaveBeenCalled();
+    });
+
+    it('should handle uninstall errors', async () => {
+      mockUninstallExtension.mockRejectedValue(
+        new Error('Extension not found.'),
+      );
+
+      await uninstallAction(mockContext, 'nonexistent-extension');
+
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.ERROR,
+          text: 'Failed to uninstall extension "nonexistent-extension": Extension not found.',
+        },
+        expect.any(Number),
+      );
+    });
+  });
+
+  describe('disable', () => {
+    const disableAction = extensionsCommand.subCommands?.find(
+      (cmd) => cmd.name === 'disable',
+    )?.action;
+
+    if (!disableAction) {
+      throw new Error('Disable action not found');
+    }
+
+    let realMockExtensionManager: ExtensionManager;
+
+    beforeEach(() => {
+      vi.resetAllMocks();
+      realMockExtensionManager = Object.create(ExtensionManager.prototype);
+      realMockExtensionManager.disableExtension = mockDisableExtension;
+      realMockExtensionManager.getLoadedExtensions = mockGetLoadedExtensions;
+
+      mockContext = createMockCommandContext({
+        invocation: {
+          raw: '/extensions disable',
+          name: 'disable',
+          args: '',
+        },
+        services: {
+          config: {
+            getExtensions: mockGetExtensions,
+            getWorkingDir: () => '/test/dir',
+            getExtensionManager: () => realMockExtensionManager,
+          },
+        },
+        ui: {
+          dispatchExtensionStateUpdate: vi.fn(),
+        },
+      });
+    });
+
+    it('should show usage if invalid args are provided', async () => {
+      await disableAction(mockContext, '');
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.ERROR,
+          text: 'Usage: /extensions disable <extension> [--scope=<user|workspace>]',
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should disable extension at user scope', async () => {
+      mockDisableExtension.mockResolvedValue(undefined);
+
+      await disableAction(mockContext, 'test-extension --scope=user');
+
+      expect(mockDisableExtension).toHaveBeenCalledWith(
+        'test-extension',
+        'User',
+      );
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'Extension "test-extension" disabled for scope "User"',
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should disable extension at workspace scope', async () => {
+      mockDisableExtension.mockResolvedValue(undefined);
+
+      await disableAction(mockContext, 'test-extension --scope workspace');
+
+      expect(mockDisableExtension).toHaveBeenCalledWith(
+        'test-extension',
+        'Workspace',
+      );
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'Extension "test-extension" disabled for scope "Workspace"',
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should show error for invalid scope', async () => {
+      await disableAction(mockContext, 'test-extension --scope=invalid');
+
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.ERROR,
+          text: 'Unsupported scope "invalid", should be one of "user" or "workspace"',
+        },
+        expect.any(Number),
+      );
+    });
+  });
+
+  describe('enable', () => {
+    const enableAction = extensionsCommand.subCommands?.find(
+      (cmd) => cmd.name === 'enable',
+    )?.action;
+
+    if (!enableAction) {
+      throw new Error('Enable action not found');
+    }
+
+    let realMockExtensionManager: ExtensionManager;
+
+    beforeEach(() => {
+      vi.resetAllMocks();
+      realMockExtensionManager = Object.create(ExtensionManager.prototype);
+      realMockExtensionManager.enableExtension = mockEnableExtension;
+      realMockExtensionManager.getLoadedExtensions = mockGetLoadedExtensions;
+
+      mockContext = createMockCommandContext({
+        invocation: {
+          raw: '/extensions enable',
+          name: 'enable',
+          args: '',
+        },
+        services: {
+          config: {
+            getExtensions: mockGetExtensions,
+            getWorkingDir: () => '/test/dir',
+            getExtensionManager: () => realMockExtensionManager,
+          },
+        },
+        ui: {
+          dispatchExtensionStateUpdate: vi.fn(),
+        },
+      });
+    });
+
+    it('should show usage if invalid args are provided', async () => {
+      await enableAction(mockContext, '');
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.ERROR,
+          text: 'Usage: /extensions enable <extension> [--scope=<user|workspace>]',
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should enable extension at user scope', async () => {
+      mockEnableExtension.mockResolvedValue(undefined);
+
+      await enableAction(mockContext, 'test-extension --scope=user');
+
+      expect(mockEnableExtension).toHaveBeenCalledWith(
+        'test-extension',
+        'User',
+      );
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'Extension "test-extension" enabled for scope "User"',
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should enable extension at workspace scope', async () => {
+      mockEnableExtension.mockResolvedValue(undefined);
+
+      await enableAction(mockContext, 'test-extension --scope workspace');
+
+      expect(mockEnableExtension).toHaveBeenCalledWith(
+        'test-extension',
+        'Workspace',
+      );
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: 'Extension "test-extension" enabled for scope "Workspace"',
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should show error for invalid scope', async () => {
+      await enableAction(mockContext, 'test-extension --scope=invalid');
+
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.ERROR,
+          text: 'Unsupported scope "invalid", should be one of "user" or "workspace"',
+        },
+        expect.any(Number),
+      );
+    });
  });
 });
--- a/packages/cli/src/ui/commands/extensionsCommand.ts
+++ b/packages/cli/src/ui/commands/extensionsCommand.ts
@@ -4,13 +4,6 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import { requestConsentInteractive } from '../../config/extension.js';
-import {
-  updateAllUpdatableExtensions,
-  type ExtensionUpdateInfo,
-  updateExtension,
-  checkForAllExtensionUpdates,
-} from '../../config/extensions/update.js';
 import { getErrorMessage } from '../../utils/errors.js';
 import { ExtensionUpdateState } from '../state/extensions.js';
 import { MessageType } from '../types.js';
@@ -20,8 +13,39 @@ import {
  CommandKind,
 } from './types.js';
 import { t } from '../../i18n/index.js';
+import {
+  ExtensionManager,
+  parseInstallSource,
+  type ExtensionUpdateInfo,
+} from '@qwen-code/qwen-code-core';
+import { SettingScope } from '../../config/settings.js';
+
+function showMessageIfNoExtensions(
+  context: CommandContext,
+  extensions: unknown[],
+): boolean {
+  if (extensions.length === 0) {
+    context.ui.addItem(
+      {
+        type: MessageType.INFO,
+        text: t('No extensions installed.'),
+      },
+      Date.now(),
+    );
+    return true;
+  }
+  return false;
+}

 async function listAction(context: CommandContext) {
+  const extensions = context.services.config
+    ? context.services.config.getExtensions()
+    : [];
+
+  if (showMessageIfNoExtensions(context, extensions)) {
+    return;
+  }
+
  context.ui.addItem(
    {
      type: MessageType.EXTENSIONS_LIST,
@@ -34,42 +58,52 @@ async function updateAction(context: CommandContext, args: string) {
  const updateArgs = args.split(' ').filter((value) => value.length > 0);
  const all = updateArgs.length === 1 && updateArgs[0] === '--all';
  const names = all ? undefined : updateArgs;
-  let updateInfos: ExtensionUpdateInfo[] = [];

  if (!all && names?.length === 0) {
    context.ui.addItem(
      {
        type: MessageType.ERROR,
-        text: 'Usage: /extensions update <extension-names>|--all',
+        text: t('Usage: /extensions update <extension-names>|--all'),
      },
      Date.now(),
    );
    return;
  }

+  let updateInfos: ExtensionUpdateInfo[] = [];
+
+  const extensionManager = context.services.config!.getExtensionManager();
+  const extensions = context.services.config
+    ? context.services.config.getExtensions()
+    : [];
+
+  if (showMessageIfNoExtensions(context, extensions)) {
+    return Promise.resolve();
+  }
+
  try {
-    await checkForAllExtensionUpdates(
-      context.services.config!.getExtensions(),
-      context.ui.dispatchExtensionStateUpdate,
+    context.ui.dispatchExtensionStateUpdate({ type: 'BATCH_CHECK_START' });
+    await extensionManager.checkForAllExtensionUpdates((extensionName, state) =>
+      context.ui.dispatchExtensionStateUpdate({
+        type: 'SET_STATE',
+        payload: { name: extensionName, state },
+      }),
    );
+    context.ui.dispatchExtensionStateUpdate({ type: 'BATCH_CHECK_END' });
+
    context.ui.setPendingItem({
      type: MessageType.EXTENSIONS_LIST,
    });
    if (all) {
-      updateInfos = await updateAllUpdatableExtensions(
-        context.services.config!.getWorkingDir(),
-        // We don't have the ability to prompt for consent yet in this flow.
-        (description) =>
-          requestConsentInteractive(
-            description,
-            context.ui.addConfirmUpdateExtensionRequest,
-          ),
-        context.services.config!.getExtensions(),
+      updateInfos = await extensionManager.updateAllUpdatableExtensions(
        context.ui.extensionsUpdateState,
-        context.ui.dispatchExtensionStateUpdate,
+        (extensionName, state) =>
+          context.ui.dispatchExtensionStateUpdate({
+            type: 'SET_STATE',
+            payload: { name: extensionName, state },
+          }),
      );
    } else if (names?.length) {
-      const workingDir = context.services.config!.getWorkingDir();
      const extensions = context.services.config!.getExtensions();
      for (const name of names) {
        const extension = extensions.find(
@@ -79,23 +113,21 @@ async function updateAction(context: CommandContext, args: string) {
          context.ui.addItem(
            {
              type: MessageType.ERROR,
-              text: `Extension ${name} not found.`,
+              text: t('Extension "{{name}}" not found.', { name }),
            },
            Date.now(),
          );
          continue;
        }
-        const updateInfo = await updateExtension(
+        const updateInfo = await extensionManager.updateExtension(
          extension,
-          workingDir,
-          (description) =>
-            requestConsentInteractive(
-              description,
-              context.ui.addConfirmUpdateExtensionRequest,
-            ),
          context.ui.extensionsUpdateState.get(extension.name)?.status ??
            ExtensionUpdateState.UNKNOWN,
-          context.ui.dispatchExtensionStateUpdate,
+          (extensionName, state) =>
+            context.ui.dispatchExtensionStateUpdate({
+              type: 'SET_STATE',
+              payload: { name: extensionName, state },
+            }),
        );
        if (updateInfo) updateInfos.push(updateInfo);
      }
@@ -105,7 +137,7 @@ async function updateAction(context: CommandContext, args: string) {
      context.ui.addItem(
        {
          type: MessageType.INFO,
-          text: 'No extensions to update.',
+          text: t('No extensions to update.'),
        },
        Date.now(),
      );
@@ -126,10 +158,288 @@ async function updateAction(context: CommandContext, args: string) {
      },
      Date.now(),
    );
+    context.ui.reloadCommands();
    context.ui.setPendingItem(null);
  }
 }

+async function installAction(context: CommandContext, args: string) {
+  const extensionManager = context.services.config?.getExtensionManager();
+  if (!(extensionManager instanceof ExtensionManager)) {
+    console.error(
+      `Cannot ${context.invocation?.name} extensions in this environment`,
+    );
+    return;
+  }
+
+  const source = args.trim();
+  if (!source) {
+    context.ui.addItem(
+      {
+        type: MessageType.ERROR,
+        text: t('Usage: /extensions install <source>'),
+      },
+      Date.now(),
+    );
+    return;
+  }
+
+  try {
+    const installMetadata = await parseInstallSource(source);
+    context.ui.addItem(
+      {
+        type: MessageType.INFO,
+        text: t('Installing extension from "{{source}}"...', { source }),
+      },
+      Date.now(),
+    );
+    const extension = await extensionManager.installExtension(installMetadata);
+    context.ui.addItem(
+      {
+        type: MessageType.INFO,
+        text: t('Extension "{{name}}" installed successfully.', {
+          name: extension.name,
+        }),
+      },
+      Date.now(),
+    );
+    // FIXME: refresh command controlled by ui for now, cannot be auto refreshed by extensionManager
+    context.ui.reloadCommands();
+  } catch (error) {
+    context.ui.addItem(
+      {
+        type: MessageType.ERROR,
+        text: t('Failed to install extension from "{{source}}": {{error}}', {
+          source,
+          error: getErrorMessage(error),
+        }),
+      },
+      Date.now(),
+    );
+    return;
+  }
+}
+
+async function uninstallAction(context: CommandContext, args: string) {
+  const extensionManager = context.services.config?.getExtensionManager();
+  if (!(extensionManager instanceof ExtensionManager)) {
+    console.error(
+      `Cannot ${context.invocation?.name} extensions in this environment`,
+    );
+    return;
+  }
+
+  const name = args.trim();
+  if (!name) {
+    context.ui.addItem(
+      {
+        type: MessageType.ERROR,
+        text: t('Usage: /extensions uninstall <extension-name>'),
+      },
+      Date.now(),
+    );
+    return;
+  }
+
+  context.ui.addItem(
+    {
+      type: MessageType.INFO,
+      text: t('Uninstalling extension "{{name}}"...', { name }),
+    },
+    Date.now(),
+  );
+
+  try {
+    await extensionManager.uninstallExtension(name, false);
+    context.ui.addItem(
+      {
+        type: MessageType.INFO,
+        text: t('Extension "{{name}}" uninstalled successfully.', { name }),
+      },
+      Date.now(),
+    );
+    context.ui.reloadCommands();
+  } catch (error) {
+    context.ui.addItem(
+      {
+        type: MessageType.ERROR,
+        text: t('Failed to uninstall extension "{{name}}": {{error}}', {
+          name,
+          error: getErrorMessage(error),
+        }),
+      },
+      Date.now(),
+    );
+  }
+}
+
+function getEnableDisableContext(
+  context: CommandContext,
+  argumentsString: string,
+): {
+  extensionManager: ExtensionManager;
+  names: string[];
+  scope: SettingScope;
+} | null {
+  const extensionManager = context.services.config?.getExtensionManager();
+  if (!(extensionManager instanceof ExtensionManager)) {
+    console.error(
+      `Cannot ${context.invocation?.name} extensions in this environment`,
+    );
+    return null;
+  }
+  const parts = argumentsString.split(' ');
+  const name = parts[0];
+  if (
+    name === '' ||
+    !(
+      (parts.length === 2 && parts[1].startsWith('--scope=')) || // --scope=<scope>
+      (parts.length === 3 && parts[1] === '--scope') // --scope <scope>
+    )
+  ) {
+    context.ui.addItem(
+      {
+        type: MessageType.ERROR,
+        text: t(
+          'Usage: /extensions {{command}} <extension> [--scope=<user|workspace>]',
+          {
+            command: context.invocation?.name ?? '',
+          },
+        ),
+      },
+      Date.now(),
+    );
+    return null;
+  }
+  let scope: SettingScope;
+  // Transform `--scope=<scope>` to `--scope <scope>`.
+  if (parts.length === 2) {
+    parts.push(...parts[1].split('='));
+    parts.splice(1, 1);
+  }
+  switch (parts[2].toLowerCase()) {
+    case 'workspace':
+      scope = SettingScope.Workspace;
+      break;
+    case 'user':
+      scope = SettingScope.User;
+      break;
+    default:
+      context.ui.addItem(
+        {
+          type: MessageType.ERROR,
+          text: t(
+            'Unsupported scope "{{scope}}", should be one of "user" or "workspace"',
+            {
+              scope: parts[2],
+            },
+          ),
+        },
+        Date.now(),
+      );
+      return null;
+  }
+  let names: string[] = [];
+  if (name === '--all') {
+    let extensions = extensionManager.getLoadedExtensions();
+    if (context.invocation?.name === 'enable') {
+      extensions = extensions.filter((ext) => !ext.isActive);
+    }
+    if (context.invocation?.name === 'disable') {
+      extensions = extensions.filter((ext) => ext.isActive);
+    }
+    names = extensions.map((ext) => ext.name);
+  } else {
+    names = [name];
+  }
+
+  return {
+    extensionManager,
+    names,
+    scope,
+  };
+}
+
+async function disableAction(context: CommandContext, args: string) {
+  const enableContext = getEnableDisableContext(context, args);
+  if (!enableContext) return;
+
+  const { names, scope, extensionManager } = enableContext;
+  for (const name of names) {
+    await extensionManager.disableExtension(name, scope);
+    context.ui.addItem(
+      {
+        type: MessageType.INFO,
+        text: t('Extension "{{name}}" disabled for scope "{{scope}}"', {
+          name,
+          scope,
+        }),
+      },
+      Date.now(),
+    );
+    context.ui.reloadCommands();
+  }
+}
+
+async function enableAction(context: CommandContext, args: string) {
+  const enableContext = getEnableDisableContext(context, args);
+  if (!enableContext) return;
+
+  const { names, scope, extensionManager } = enableContext;
+  for (const name of names) {
+    await extensionManager.enableExtension(name, scope);
+    context.ui.addItem(
+      {
+        type: MessageType.INFO,
+        text: t('Extension "{{name}}" enabled for scope "{{scope}}"', {
+          name,
+          scope,
+        }),
+      },
+      Date.now(),
+    );
+    context.ui.reloadCommands();
+  }
+}
+
+export async function completeExtensions(
+  context: CommandContext,
+  partialArg: string,
+) {
+  let extensions = context.services.config?.getExtensions() ?? [];
+
+  if (context.invocation?.name === 'enable') {
+    extensions = extensions.filter((ext) => !ext.isActive);
+  }
+  if (
+    context.invocation?.name === 'disable' ||
+    context.invocation?.name === 'restart'
+  ) {
+    extensions = extensions.filter((ext) => ext.isActive);
+  }
+  const extensionNames = extensions.map((ext) => ext.name);
+  const suggestions = extensionNames.filter((name) =>
+    name.startsWith(partialArg),
+  );
+
+  if ('--all'.startsWith(partialArg) || 'all'.startsWith(partialArg)) {
+    suggestions.unshift('--all');
+  }
+
+  return suggestions;
+}
+
+export async function completeExtensionsAndScopes(
+  context: CommandContext,
+  partialArg: string,
+) {
+  const completions = await completeExtensions(context, partialArg);
+  return completions.flatMap((s) => [
+    `${s} --scope user`,
+    `${s} --scope workspace`,
+  ]);
+}
+
 const listExtensionsCommand: SlashCommand = {
  name: 'list',
  get description() {
@@ -146,19 +456,46 @@ const updateExtensionsCommand: SlashCommand = {
  },
  kind: CommandKind.BUILT_IN,
  action: updateAction,
-  completion: async (context, partialArg) => {
-    const extensions = context.services.config?.getExtensions() ?? [];
-    const extensionNames = extensions.map((ext) => ext.name);
-    const suggestions = extensionNames.filter((name) =>
-      name.startsWith(partialArg),
-    );
+  completion: completeExtensions,
+};

-    if ('--all'.startsWith(partialArg) || 'all'.startsWith(partialArg)) {
-      suggestions.unshift('--all');
-    }
-
-    return suggestions;
+const disableCommand: SlashCommand = {
+  name: 'disable',
+  get description() {
+    return t('Disable an extension');
  },
+  kind: CommandKind.BUILT_IN,
+  action: disableAction,
+  completion: completeExtensionsAndScopes,
+};
+
+const enableCommand: SlashCommand = {
+  name: 'enable',
+  get description() {
+    return t('Enable an extension');
+  },
+  kind: CommandKind.BUILT_IN,
+  action: enableAction,
+  completion: completeExtensionsAndScopes,
+};
+
+const installCommand: SlashCommand = {
+  name: 'install',
+  get description() {
+    return t('Install an extension from a git repo or local path');
+  },
+  kind: CommandKind.BUILT_IN,
+  action: installAction,
+};
+
+const uninstallCommand: SlashCommand = {
+  name: 'uninstall',
+  get description() {
+    return t('Uninstall an extension');
+  },
+  kind: CommandKind.BUILT_IN,
+  action: uninstallAction,
+  completion: completeExtensions,
 };

 export const extensionsCommand: SlashCommand = {
@@ -167,7 +504,14 @@ export const extensionsCommand: SlashCommand = {
    return t('Manage extensions');
  },
  kind: CommandKind.BUILT_IN,
-  subCommands: [listExtensionsCommand, updateExtensionsCommand],
+  subCommands: [
+    listExtensionsCommand,
+    updateExtensionsCommand,
+    disableCommand,
+    enableCommand,
+    installCommand,
+    uninstallCommand,
+  ],
  action: (context, args) =>
    // Default to list if no subcommand is provided
    listExtensionsCommand.action!(context, args),
--- a/packages/cli/src/ui/commands/memoryCommand.test.ts
+++ b/packages/cli/src/ui/commands/memoryCommand.test.ts
@@ -7,13 +7,18 @@
 import type { Mock } from 'vitest';
 import { vi, describe, it, expect, beforeEach } from 'vitest';
 import { memoryCommand } from './memoryCommand.js';
-import type { SlashCommand, type CommandContext } from './types.js';
+import type { SlashCommand, CommandContext } from './types.js';
 import { createMockCommandContext } from '../../test-utils/mockCommandContext.js';
 import { MessageType } from '../types.js';
 import type { LoadedSettings } from '../../config/settings.js';
+import { readFile } from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
 import {
  getErrorMessage,
  loadServerHierarchicalMemory,
+  QWEN_DIR,
+  setGeminiMdFilename,
  type FileDiscoveryService,
  type LoadServerHierarchicalMemoryResponse,
 } from '@qwen-code/qwen-code-core';
@@ -31,7 +36,18 @@ vi.mock('@qwen-code/qwen-code-core', async (importOriginal) => {
  };
 });

+vi.mock('node:fs/promises', () => {
+  const readFile = vi.fn();
+  return {
+    readFile,
+    default: {
+      readFile,
+    },
+  };
+});
+
 const mockLoadServerHierarchicalMemory = loadServerHierarchicalMemory as Mock;
+const mockReadFile = readFile as unknown as Mock;

 describe('memoryCommand', () => {
  let mockContext: CommandContext;
@@ -52,6 +68,10 @@ describe('memoryCommand', () => {
    let mockGetGeminiMdFileCount: Mock;

    beforeEach(() => {
+      setGeminiMdFilename('QWEN.md');
+      mockReadFile.mockReset();
+      vi.restoreAllMocks();
+
      showCommand = getSubCommand('show');

      mockGetUserMemory = vi.fn();
@@ -102,6 +122,52 @@ describe('memoryCommand', () => {
        expect.any(Number),
      );
    });
+
+    it('should show project memory from the configured context file', async () => {
+      const projectCommand = showCommand.subCommands?.find(
+        (cmd) => cmd.name === '--project',
+      );
+      if (!projectCommand?.action) throw new Error('Command has no action');
+
+      setGeminiMdFilename('AGENTS.md');
+      vi.spyOn(process, 'cwd').mockReturnValue('/test/project');
+      mockReadFile.mockResolvedValue('project memory');
+
+      await projectCommand.action(mockContext, '');
+
+      const expectedProjectPath = path.join('/test/project', 'AGENTS.md');
+      expect(mockReadFile).toHaveBeenCalledWith(expectedProjectPath, 'utf-8');
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: expect.stringContaining(expectedProjectPath),
+        },
+        expect.any(Number),
+      );
+    });
+
+    it('should show global memory from the configured context file', async () => {
+      const globalCommand = showCommand.subCommands?.find(
+        (cmd) => cmd.name === '--global',
+      );
+      if (!globalCommand?.action) throw new Error('Command has no action');
+
+      setGeminiMdFilename('AGENTS.md');
+      vi.spyOn(os, 'homedir').mockReturnValue('/home/user');
+      mockReadFile.mockResolvedValue('global memory');
+
+      await globalCommand.action(mockContext, '');
+
+      const expectedGlobalPath = path.join('/home/user', QWEN_DIR, 'AGENTS.md');
+      expect(mockReadFile).toHaveBeenCalledWith(expectedGlobalPath, 'utf-8');
+      expect(mockContext.ui.addItem).toHaveBeenCalledWith(
+        {
+          type: MessageType.INFO,
+          text: expect.stringContaining('Global memory content'),
+        },
+        expect.any(Number),
+      );
+    });
  });

  describe('/memory add', () => {
@@ -233,9 +299,7 @@ describe('memoryCommand', () => {
        services: {
          config: mockConfig,
          settings: {
-            merged: {
-              memoryDiscoveryMaxDirs: 1000,
-            },
+            merged: {},
          } as LoadedSettings,
        },
      });
--- a/packages/cli/src/ui/commands/memoryCommand.ts
+++ b/packages/cli/src/ui/commands/memoryCommand.ts
@@ -6,12 +6,13 @@

 import {
  getErrorMessage,
+  getCurrentGeminiMdFilename,
  loadServerHierarchicalMemory,
  QWEN_DIR,
 } from '@qwen-code/qwen-code-core';
 import path from 'node:path';
-import os from 'os';
-import fs from 'fs/promises';
+import os from 'node:os';
+import fs from 'node:fs/promises';
 import { MessageType } from '../types.js';
 import type { SlashCommand, SlashCommandActionReturn } from './types.js';
 import { CommandKind } from './types.js';
@@ -56,7 +57,12 @@ export const memoryCommand: SlashCommand = {
          kind: CommandKind.BUILT_IN,
          action: async (context) => {
            try {
-              const projectMemoryPath = path.join(process.cwd(), 'QWEN.md');
+              const workingDir =
+                context.services.config?.getWorkingDir?.() ?? process.cwd();
+              const projectMemoryPath = path.join(
+                workingDir,
+                getCurrentGeminiMdFilename(),
+              );
              const memoryContent = await fs.readFile(
                projectMemoryPath,
                'utf-8',
@@ -104,7 +110,7 @@ export const memoryCommand: SlashCommand = {
              const globalMemoryPath = path.join(
                os.homedir(),
                QWEN_DIR,
-                'QWEN.md',
+                getCurrentGeminiMdFilename(),
              );
              const globalMemoryContent = await fs.readFile(
                globalMemoryPath,
@@ -309,8 +315,6 @@ export const memoryCommand: SlashCommand = {
                config.getFolderTrust(),
                context.services.settings.merged.context?.importFormat ||
                  'tree', // Use setting or default to 'tree'
-                config.getFileFilteringOptions(),
-                context.services.settings.merged.context?.discoveryMaxDirs,
              );
            config.setUserMemory(memoryContent);
            config.setGeminiMdFileCount(fileCount);
--- a/Show More
+++ b/Show More