This PR adds support for a new encryption format for exchanging access
tokens during the authentication flow.
The new format uses Optimal Asymmetric Encryption Padding (OAEP) instead
of PKCS#1 v1.5, which is known to be vulnerable to side-channel attacks.
**Note: We are not yet encrypting access tokens using the new format, as
this is a breaking change between the client and the server. This PR
only adds support for it, and makes it so the client and server can
decrypt either format moving forward.**
This required bumping the RSA key size from 1024 bits to 2048 bits. This
is necessary to be able to encode the access token into the ciphertext
when using OAEP.
This also follows OWASP recommendations:
> If ECC is not available and RSA must be used, then ensure that the key
is at least 2048 bits.
>
> —
[source](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms)
Release Notes:
- N/A
This PR upgrades the `rsa` crate to v0.9.6.
The version we were using was rather old, and for something
security-sensitive we should be using a recent version.
No behavioral changes have been made, just updates to account for
changes in the crate's API.
Release Notes:
- N/A
cbindgen pulled that in, but we don't really need it (Plus it pulls in a
dep with an advisory)
Release Notes:
- N/A
---------
Co-authored-by: Marshall Bowers <elliott.codes@gmail.com>
This pulls in https://github.com/kvark/blade#144 to see if it results in
fewer bad GPU configurations selected
Release Notes:
- linux: Improved graphics card detection
<img width="624" alt="image"
src="https://github.com/user-attachments/assets/f492b0bd-14c3-49e2-b2ff-dc78e52b0815">
- [x] Correctly set custom model token count
- [x] How to count tokens for Gemini models?
- [x] Feature flag zed.dev provider
- [x] Figure out how to configure custom models
- [ ] Update docs
Release Notes:
- Added support for quickly switching between multiple language model
providers in the assistant panel
---------
Co-authored-by: Antonio <antonio@zed.dev>
This PR adds a placeholder view for the settings UI. It does not contain
any functionality, as of yet.
This view is staff-shipped behind a feature flag.
Release Notes:
- N/A
Release Notes:
- linux: Added GPU information to `editor: Copy System Specs to
Clipboard`
- linux: Show a prominant warning before running under llvmpipe and
similar.
The current Astro Extension fails to load properly if it can't find a
`tsserver.js` file in the current workspaces' `node_modules` folder.
This happens pretty frequently, either if `typescript` is not installed
in the project (which it isn't by default), or if `node_modules` is not
in the workspace root.
This PR adds a fallback method of installing `typescript` alongside the
extensions' language server if it is not found in the workspaces'
`node_modules`, as well as correctly setting the `tsdk` path in the
initialization options.
Release Notes:
- N/A
---------
Co-authored-by: Marshall Bowers <elliott.codes@gmail.com>
Configures inline completions to delete the remaining text on the given
line. This doesn't affect the github copilot inline completion provider
since it seems to only generate suggestions if the cursor is at the end
of the line but fixes the usability issues related to Supermaven.
https://github.com/user-attachments/assets/1b8bc9a3-4666-4665-a436-96e4beee01bb
Release Notes:
- Fixed https://github.com/zed-industries/zed/issues/13039
---------
Co-authored-by: Antonio Scandurra <me@as-cii.com>
Co-authored-by: Conrad Irwin <conrad.irwin@gmail.com>
We will soon need `semantic_index` to be able to use
`CompletionProvider`. This is currently impossible due to a cyclic crate
dependency, because `CompletionProvider` lives in the `assistant` crate,
which depends on `semantic_index`.
This PR breaks the dependency cycle by extracting two crates out of
`assistant`: `language_model` and `completion`.
Only one piece of logic changed: [this
code](922fcaf5a6 (diff-3857b3707687a4d585f1200eec4c34a7a079eae8d303b4ce5b4fce46234ace9fR61-R69)).
* As of https://github.com/zed-industries/zed/pull/13276, whenever we
ask a given completion provider for its available models, OpenAI
providers would go and ask the global assistant settings whether the
user had configured an `available_models` setting, and if so, return
that.
* This PR changes it so that instead of eagerly asking the assistant
settings for this info (the new crate must not depend on `assistant`, or
else the dependency cycle would be back), OpenAI completion providers
now store the user-configured settings as part of their struct, and
whenever the settings change, we update the provider.
In theory, this change should not change user-visible behavior...but
since it's the only change in this large PR that's more than just moving
code around, I'm mentioning it here in case there's an unexpected
regression in practice! (cc @amtoaer in case you'd like to try out this
branch and verify that the feature is still working the way you expect.)
Release Notes:
- N/A
---------
Co-authored-by: Marshall Bowers <elliott.codes@gmail.com>
This is a first step towards allowing you to edit remote projects
directly over SSH. We'll start with a pretty bare-bones feature set, and
incrementally add further features.
### Todo
Distribution
* [x] Build nightly releases of `zed-remote-server` binaries
* [x] linux (arm + x86)
* [x] mac (arm + x86)
* [x] Build stable + preview releases of `zed-remote-server`
* [x] download and cache remote server binaries as needed when opening
ssh project
* [x] ensure server has the latest version of the binary
Auth
* [x] allow specifying password at the command line
* [x] auth via ssh keys
* [x] UI password prompt
Features
* [x] upload remote server binary to server automatically
* [x] opening directories
* [x] tracking file system updates
* [x] opening, editing, saving buffers
* [ ] file operations (rename, delete, create)
* [ ] git diffs
* [ ] project search
Release Notes:
- N/A
---------
Co-authored-by: Piotr Osiewicz <24362066+osiewicz@users.noreply.github.com>
Note that this shouldn't have any visible user-facing behavior yet. The
feature is incomplete but we wanna merge early to avoid a long-running
branch.
Release Notes:
- N/A
---------
Co-authored-by: Nathan <nathan@zed.dev>
This PR updates the Vue extension with support for installing and using
its own copy of TypeScript if it can't find one in the project.
The way we resolve `typescript` is as follows:
- We check the project's `package.json` for `typescript` in either the
`devDependencies` or `dependencies`
- If found, we set the `typescript.tsdk` to
`node_modules/typescript/lib` to use the project's copy of TypeScript
- If not found, we install the latest version of `typescript` (if not
already downloaded) to the extension's `package.json` and use that
version for `typescript.tsdk`
This should resolve instances where Vue projects that do not have an
explicit `typescript` dependency—such as those using Vue with plain
JavaScript—fail to load the language server due to TypeScript not being
found.
Release Notes:
- N/A
I decided to remove the GPUI APIs since `chrono` already provides this
functionality, and is already been used for this purpose in other parts
of the code (e.g.
[here](80402a6840/crates/zed/src/main.rs (L756))
or
[here](80402a6840/crates/ui/src/utils/format_distance.rs (L258)))
These usages end up calling the `time_format` crate, which takes in a
`UtcOffset`. It's probably cleaner to rewrite the crate to take in
`chrono` types, but that would require rewriting most of the code there.
Release Notes:
- linux: Use local time zone in chat and Git blame
This PR reworks the rendering for tab icons to allow us to render all of
the tab icons—not just file icons—in the tab's start slot.
The `Item` trait now has a separate `tab_icon` method that can be used
to indicate what icon should be shown for the tab.
Release Notes:
- N/A
This adds the ability for Zed to restore unsaved buffers on restart. The
user is no longer prompted to save/discard/cancel when trying to close a
Zed window with dirty buffers in it. Instead those dirty buffers are
stored and restored on restart.
It does this by saving the contents of dirty buffers to the internal
SQLite database in which Zed stores other data too. On restart, if there
are dirty buffers in the database, they are restored.
On certain events (buffer changed, file saved, ...) Zed will serialize
these buffers, throttled to a 100ms, so that we don't overload the
machine by saving on every keystroke. When Zed quits, it waits until all
the buffers are serialized.
### Current limitations
- It does not persist undo-history (right now we don't persist/restore
undo-history regardless of dirty buffers or not)
- It does not restore buffers in windows without projects/worktrees.
Example: if you open a new window with `cmd-shift-n` and type something
in a buffer, this will _not_ be stored and you will be asked whether to
save/discard on quit. In the future, we want to fix this by also
restoring windows without projects/worktrees.
### Demo
https://github.com/user-attachments/assets/45c63237-8848-471f-8575-ac05496bba19
### Related tickets
I'm unsure about closing them, without also fixing the 2nd limitation:
restoring of worktree-less windows. So let's wait until that.
- https://github.com/zed-industries/zed/issues/4985
- https://github.com/zed-industries/zed/issues/4683
### Note on performance
- Serializing editing buffer (asynchronously on background thread) with
500k lines takes ~200ms on M3 Max. That's an extreme case and that
performance seems acceptable.
Release Notes:
- Added automatic restoring of unsaved buffers. Zed can now be closed
even if there are unsaved changes in buffers. One current limitation is
that this only works when having projects open, not single files or
empty windows with unsaved buffers. The feature can be turned off by
setting `{"session": {"restore_unsaved_buffers": false}}`.
---------
Co-authored-by: Bennet <bennet@zed.dev>
Co-authored-by: Antonio <antonio@zed.dev>
This PR reverts the changes to the Zig extension dependent on the new
`zed_extension_api` version so that we can publish the Zig extension.
Release Notes:
- N/A
Release Notes:
- remoting: An alpha version of remote development is now available to
everyone. For more information on how to use it, and limitations see
https://zed.dev/docs/remote-development.
Release Notes:
- linux: Added a fallback Open picker for when XDG is not working
- Added a new setting `use_system_path_prompts` (default true) that can
be disabled to use Zed's builtin keyboard-driven prompts.
---------
Co-authored-by: Max <max@zed.dev>
