fix: batch merge of bug fixes (PRs #255, #256, #257, #258, #260, #261, #262, #264, #265, #268) (#360)

* fix: batch fixes for issues #2319-#2328

- #2319: Add --no-cache flag to MCP debug command with checked_at timestamp
- #2320: Re-evaluate CORTEX_API_URL env var during config reload
- #2321: Add Retry-After: 60 header to 429 rate limit responses
- #2322: Auto-create parent directories for run --output flag
- #2323: Add --limit/--offset pagination to models list with stable sorting
- #2324: Add write location validation for Docker read-only containers
  - New validate_write_locations() and check_write_permissions() functions
  - Add --check-writable flag to 'cortex debug paths' command
- #2325: Show draft status in PR state display
- #2326: Add --no-stream flag to properly disable streaming output
- #2327: Update TUI capture dimensions on terminal resize
- #2328: Validate model names in agent create command

Closes #2319, #2320, #2321, #2322, #2323, #2324, #2325, #2326, #2327, #2328

* fix: batch fixes for issues #2174, 2175, 2176, 2177, 2179, 2196, 2197, 2198, 2199, 2201 [skip ci]

Fixes:
- #2174: Exit code 0 when response truncated - now exits with code 2 on truncation
- #2175: Conflicting temperature/top-p - warns when both are specified
- #2176: Unknown session fields dropped - uses serde flatten to preserve extra fields
- #2177: DNS cached indefinitely - adds pool_idle_timeout for DNS re-resolution
- #2179: Temperature validation floating-point - uses epsilon-based comparison
- #2196: UTF-8 streaming corruption - adds Utf8StreamBuffer for multi-byte handling
- #2197: --no-session with resume - validates flag incompatibility
- #2198: MCP reconnection fd leak - cleans up before reconnection attempts
- #2199: YAML anchor/alias failures - adds merge key resolution
- #2201: History navigation in tmux - improves bounds checking and docs

* fix: batch fixes for issues #2202, #2204, #2206, #2208, #2211, #2213, #2214, #2215 [skip ci]

Fixes:
- #2202: Add progress indicators to cortex pr command for large PRs
- #2204: Add support for user-defined model aliases in config
- #2206: Fix token double-counting in cortex stats for tool calls
- #2208: Properly cancel in-flight MCP requests on timeout
- #2211: Detect and warn about network mount boundaries in config discovery
- #2213: Add configurable shutdown_timeout for graceful SIGTERM handling
- #2214: Add circular reference detection to session import
- #2215: Add clear_with_scrollback method to reset terminal scroll buffer

Not fixed (features don't exist in codebase):
- #2207: cortex sessions merge command doesn't exist
- #2212: agent create --template flag doesn't exist

* fix: batch fixes for issues #2497, 2498, 2499, 2500, 2501, 2504, 2505, 2506, 2507, 2509 [skip ci]

Fixes:
- #2497: Add --rate-limit flag to scrape command
- #2498: Add --max-tokens flag with pre-validation for token count
- #2499: Add Access-Control-Max-Age header to CORS configuration
- #2500: Handle empty model responses gracefully (not as errors)
- #2501: Add --sso flag for enterprise SSO login
- #2504: Add --token flag for direct token authentication
- #2505: Add --all flag for logout to clear all accounts
- #2506: Add config set/unset subcommands
- #2507: Add --remote flag to agent list
- #2509: Add --filter flag to agent list

* fix: batch fixes for issues #2485, 2487, 2488, 2489, 2490, 2491, 2492, 2493, 2495, 2496 [skip ci]

Fixes:
- #2485: Add --language filter to debug lsp command
- #2487: Add --install flag to debug ripgrep command
- #2488: Add --purge flag to uninstall command
- #2489: Add --pre flag to upgrade command
- #2490: Add user_friendly_message() for API key errors with guidance
- #2491: Auto-detect shell from $SHELL env for completion command
- #2492: Add --cors and --cors-origin flags to serve command
- #2493: Add --depth flag for recursive crawling to scrape command
- #2495: Add --links flag to scrape command for link extraction
- #2496: Add --retry flag to scrape command for failed requests

* fix: batch fixes for issues #2508, 2510, 2514, 2531, 2533, 2534, 2535, 2536, 2539, 2540 [skip ci]

Fixes:
- #2508: Add --top-k flag to cortex run and warn about parameter compatibility
- #2510: Add agent install subcommand for registry installation
- #2514: Improve shell completion with special character handling for bash/zsh
- #2531: Add pr --diff flag to show PR diff without checkout
- #2533: Add pr --comments flag to view PR comments
- #2534: Add pr --apply flag to view/apply AI suggestions
- #2535: Add acp --allow-tool flag for tool whitelisting
- #2536: Add acp --deny-tool flag for tool blacklisting
- #2539: Add github uninstall subcommand to remove workflow
- #2540: Add github update subcommand to update workflow

* fix: batch fixes for issues #2688, 2689, 2690, 2691, 2693, 2694, 2695, 2696, 2697, 2699 [skip ci]

Fixes:
- #2688: Handle missing UID in /etc/passwd (container environments)
  - Added get_user_info() that falls back to uid:<number> format
  - Added UID display in debug system output
- #2689: Add --max-tokens flag to run command
- #2690: Add --system flag for system prompt to run command
- #2691: Add --output flag (alias for --format) to run command
- #2693: Report container memory limit instead of host RAM
  - Added cgroup v1/v2 detection for container memory limits
  - Shows (container limit) indicator in debug system output
- #2694: Add global --trace flag for trace-level logging
- #2695: SIGTERM cleanup for lock files
  - Added signal-hook for SIGTERM handling on Unix
  - Cleanup lock files and temp files on graceful shutdown
- #2696: Add global --verbose/-v flag (alias for --log-level debug)
- #2697: Add global --color flag (auto/always/never)
- #2699: Add --schema flag for JSON schema validation to run command

* fix: batch fixes for issues #2396, 2397, 2398, 2399, 2400, 2402, 2403, 2406, 2407, 2410 [skip ci]

Fixes:
- #2396: Handle BrokenPipe during streaming to prevent UI corruption
- #2397: Add parallel_tools capability to model listings for tool support granularity
- #2398: Add active file modification detection warning in debug file command
- #2399: Stop API token consumption when output pipe closes (SIGPIPE handling)
- #2400: Show clear message when already on target version with channel info
- #2402: Sort agent list by display_name instead of filename
- #2403: Add trust_proxy config and X-Real-IP header support for reverse proxy setups
- #2406: Preserve argument quoting in MCP get command output for copy-paste
- #2407: Add truncation indicator when streaming response is interrupted by error
- #2410: Add warning about temperature=0 having inconsistent behavior across providers

* fix: batch fixes for issues #2616, 2617, 2668, 2679, 2680, 2681, 2683, 2684, 2685, 2686 [skip ci]

Fixes:
- #2616: Add plugin command for plugin management (list, install, remove, enable, disable, show)
- #2617: Add feedback command for user feedback (bug reports, good/bad results)
- #2668: Fix FIFO blocking in debug file command by detecting special file types before reading
- #2679: Add lock command for protecting sessions from deletion
- #2680: Handle file descriptor limit errors gracefully with helpful error messages
- #2681: Add --quiet flag to run command for silent output
- #2683: Add --dry-run flag to run command for previewing
- #2684: Add --no-progress flag to run command for CI/CD
- #2685: Add --no-cache flag to run command for fresh requests
- #2686: Add --retry flag to run command for automatic retries

* fix: batch fixes for issues #2469, 2473, 2475, 2476, 2477, 2479, 2480, 2481, 2482, 2486 [skip ci]

Fixes:
- #2469: Add read_timeout config for chunked transfer handling
- #2473: (deferred - complex validation change)
- #2475: Improve mDNS error messages for service discovery
- #2476: Add --install flag to completion command
- #2477: Add --yes flag to init command for non-interactive mode
- #2479: Handle non-TTY gracefully in init command
- #2480: Add --branch flag to pr command for custom branch names
- #2481: (deferred - requires architectural changes for streaming)
- #2482: Add submit_batched_review API for GitHub PR comments
- #2486: Add model resolution warnings for ambiguous partial matches

* chore: update Cargo.lock after formatting

---------

Co-authored-by: Bounty Bot <bounty-bot@factory.ai>
Co-authored-by: Droid Agent <droid@factory.ai>

Author: 3 people

Cargo.lock

@@ -180,6 +180,9 @@ impl CustomAgentLoader {
 }
 
 /// Parse YAML frontmatter from content.
+///
+/// Supports YAML anchors (`&name`), aliases (`*name`), and merge keys (`<<: *name`)
+/// which are resolved before returning the parsed value (#2199).
 fn parse_frontmatter(content: &str) -> Result<(serde_yaml::Value, String), CustomAgentError> {
     let content = content.trim();
 
@@ -197,9 +200,62 @@ fn parse_frontmatter(content: &str) -> Result<(serde_yaml::Value, String), Custo
     let yaml_str = &content[3..end + 3];
     let body = content[end + 7..].trim();
 
+    // Parse YAML with anchor/alias support
     let frontmatter: serde_yaml::Value = serde_yaml::from_str(yaml_str)?;
 
-    Ok((frontmatter, body.to_string()))
+    // Resolve merge keys (`<<: *alias`) in the parsed YAML (#2199)
+    let resolved = resolve_yaml_merge_keys(frontmatter);
+
+    Ok((resolved, body.to_string()))
+}
+
+/// Recursively resolve YAML merge keys (`<<: *alias`) in a parsed YAML value.
+/// This ensures that anchor-referenced values are properly merged into the parent mapping (#2199).
+fn resolve_yaml_merge_keys(value: serde_yaml::Value) -> serde_yaml::Value {
+    match value {
+        serde_yaml::Value::Mapping(mut map) => {
+            // Check for merge key (`<<`)
+            let merge_key = serde_yaml::Value::String("<<".to_string());
+
+            if let Some(merge_value) = map.remove(&merge_key) {
+                // The merge value can be a single mapping or a sequence of mappings
+                let merged_values: Vec<serde_yaml::Value> = match merge_value {
+                    serde_yaml::Value::Sequence(seq) => seq,
+                    other => vec![other],
+                };
+
+                // Create a new mapping with merged values first, then overwrite with local values
+                let mut result = serde_yaml::Mapping::new();
+
+                // Apply merged values (in order, later ones take precedence)
+                for merge_source in merged_values {
+                    if let serde_yaml::Value::Mapping(source_map) = merge_source {
+                        for (k, v) in source_map {
+                            result.insert(k, v);
+                        }
+                    }
+                }
+
+                // Apply local values (these take precedence over merged values)
+                for (k, v) in map {
+                    result.insert(k, resolve_yaml_merge_keys(v));
+                }
+
+                serde_yaml::Value::Mapping(result)
+            } else {
+                // No merge key, just recursively process children
+                let resolved: serde_yaml::Mapping = map
+                    .into_iter()
+                    .map(|(k, v)| (k, resolve_yaml_merge_keys(v)))
+                    .collect();
+                serde_yaml::Value::Mapping(resolved)
+            }
+        }
+        serde_yaml::Value::Sequence(seq) => {
+            serde_yaml::Value::Sequence(seq.into_iter().map(resolve_yaml_merge_keys).collect())
+        }
+        other => other,
+    }
 }
 
 /// Synchronous version of the loader.

cortex-agents/src/custom/loader.rs

@@ -48,10 +48,16 @@ pub struct ServerConfig {
     #[serde(default = "default_max_body_size")]
     pub max_body_size: usize,
 
-    /// Request timeout in seconds.
+    /// Request timeout in seconds (applies to full request lifecycle).
     #[serde(default = "default_request_timeout")]
     pub request_timeout: u64,
 
+    /// Read timeout for individual chunks in seconds.
+    /// Applies to chunked transfer encoding to prevent indefinite hangs
+    /// when clients disconnect without sending the terminal chunk.
+    #[serde(default = "default_read_timeout")]
+    pub read_timeout: u64,
+
     /// Enable metrics endpoint.
     #[serde(default = "default_true")]
     pub metrics_enabled: bool,
@@ -77,6 +83,10 @@ fn default_request_timeout() -> u64 {
     300 // 5 minutes
 }
 
+fn default_read_timeout() -> u64 {
+    30 // 30 seconds for individual chunk reads
+}
+
 fn default_true() -> bool {
     true
 }
@@ -95,6 +105,7 @@ impl Default for ServerConfig {
             mdns: MdnsConfig::default(),
             max_body_size: default_max_body_size(),
             request_timeout: default_request_timeout(),
+            read_timeout: default_read_timeout(),
             metrics_enabled: true,
             health_enabled: true,
             cors_origins: vec![],
@@ -150,6 +161,11 @@ impl ServerConfig {
     pub fn request_timeout_duration(&self) -> Duration {
         Duration::from_secs(self.request_timeout)
     }
+
+    /// Get read timeout as Duration (for chunked transfers).
+    pub fn read_timeout_duration(&self) -> Duration {
+        Duration::from_secs(self.read_timeout)
+    }
 }
 
 /// TLS configuration.

cortex-app-server/src/config.rs

@@ -138,7 +138,11 @@ pub struct ErrorDetail {
 
 impl IntoResponse for AppError {
     fn into_response(self) -> Response {
+        use axum::http::header;
+
         let status = self.status_code();
+        let is_rate_limited = matches!(self, AppError::RateLimitExceeded);
+
         let body = ErrorResponse {
             error: ErrorDetail {
                 code: self.error_code().to_string(),
@@ -148,7 +152,18 @@ impl IntoResponse for AppError {
             },
         };
 
-        (status, Json(body)).into_response()
+        let mut response = (status, Json(body)).into_response();
+
+        // Add Retry-After header for rate limit responses (429)
+        // This helps clients implement proper backoff strategies
+        if is_rate_limited {
+            response.headers_mut().insert(
+                header::RETRY_AFTER,
+                "60".parse().unwrap(), // Suggest retry after 60 seconds
+            );
+        }
+
+        response
     }
 }
 

cortex-app-server/src/error.rs

@@ -93,10 +93,13 @@ async fn main() -> ExitCode {
     };
 
     info!("Starting Cortex server on {}", config.listen_addr);
+    info!("Graceful shutdown timeout: {}s", config.shutdown_timeout);
     info!("Press Ctrl+C to stop");
 
+    let shutdown_timeout = config.shutdown_timeout;
+
     // Create shutdown signal
-    let shutdown = async {
+    let shutdown = async move {
         let ctrl_c = async {
             signal::ctrl_c()
                 .await
@@ -116,12 +119,27 @@ async fn main() -> ExitCode {
 
         tokio::select! {
             _ = ctrl_c => {
-                info!("Received Ctrl+C, shutting down...");
+                info!("Received Ctrl+C, initiating graceful shutdown (timeout: {}s)...", shutdown_timeout);
             }
             _ = terminate => {
-                info!("Received SIGTERM, shutting down...");
+                info!("Received SIGTERM, initiating graceful shutdown (timeout: {}s)...", shutdown_timeout);
             }
         }
+
+        // Give in-flight requests time to complete
+        // The axum graceful shutdown will handle waiting for connections
+        info!(
+            "Waiting up to {}s for in-flight requests to complete...",
+            shutdown_timeout
+        );
+
+        // Kill all background terminals on shutdown
+        info!("Killing background terminals...");
+        use cortex_engine::tools::handlers::get_terminal_manager;
+        let manager = get_terminal_manager();
+        let manager = manager.read().await;
+        manager.kill_all_terminals().await;
+        info!("Background terminals killed");
     };
 
     if let Err(e) = run_with_shutdown(config, shutdown).await {

cortex-app-server/src/main.rs

@@ -150,14 +150,25 @@ fn get_rate_limit_key(request: &Request, state: &AppState) -> String {
     }
 
     // Fall back to IP address
-    if let Some(forwarded) = request.headers().get("X-Forwarded-For")
-        && let Ok(s) = forwarded.to_str()
-        && let Some(ip) = s.split(',').next()
-    {
-        return format!("ip:{}", ip.trim());
+    // When trust_proxy is enabled, check proxy headers for real client IP
+    if state.config.rate_limit.trust_proxy {
+        // Try X-Real-IP first (single IP from proxy)
+        if let Some(real_ip) = request.headers().get("X-Real-IP")
+            && let Ok(ip) = real_ip.to_str()
+        {
+            return format!("ip:{}", ip.trim());
+        }
+
+        // Then try X-Forwarded-For (may contain multiple IPs, take the first)
+        if let Some(forwarded) = request.headers().get("X-Forwarded-For")
+            && let Ok(s) = forwarded.to_str()
+            && let Some(ip) = s.split(',').next()
+        {
+            return format!("ip:{}", ip.trim());
+        }
     }
 
-    // Default to unknown
+    // Default to unknown when not behind proxy or headers not present
     "ip:unknown".to_string()
 }
 
@@ -254,17 +265,27 @@ pub async fn body_limit_middleware(
 }
 
 /// CORS configuration.
+/// Includes Access-Control-Max-Age header to allow browsers to cache
+/// preflight responses, reducing the number of OPTIONS requests.
 pub fn cors_layer(origins: &[String]) -> tower_http::cors::CorsLayer {
-    use tower_http::cors::CorsLayer;
+    use tower_http::cors::{Any, CorsLayer};
+
+    // Default max age for preflight cache: 24 hours (86400 seconds)
+    // This reduces the number of OPTIONS preflight requests from browsers
+    let max_age = std::time::Duration::from_secs(86400);
 
     if origins.is_empty() {
-        CorsLayer::permissive()
+        CorsLayer::permissive().max_age(max_age)
     } else {
         let origins: Vec<HeaderValue> = origins
             .iter()
             .filter_map(|o| HeaderValue::from_str(o).ok())
             .collect();
-        CorsLayer::new().allow_origin(origins)
+        CorsLayer::new()
+            .allow_origin(origins)
+            .allow_methods(Any)
+            .allow_headers(Any)
+            .max_age(max_age)
     }
 }
 
@@ -377,12 +398,20 @@ impl RequestContext {
             .map(|r| r.0.clone())
             .unwrap_or_else(|| Uuid::new_v4().to_string());
 
+        // Try to get client IP from proxy headers (X-Real-IP first, then X-Forwarded-For)
         let client_ip = request
             .headers()
-            .get("X-Forwarded-For")
+            .get("X-Real-IP")
             .and_then(|v| v.to_str().ok())
-            .and_then(|s| s.split(',').next())
-            .map(|s| s.trim().to_string());
+            .map(|s| s.trim().to_string())
+            .or_else(|| {
+                request
+                    .headers()
+                    .get("X-Forwarded-For")
+                    .and_then(|v| v.to_str().ok())
+                    .and_then(|s| s.split(',').next())
+                    .map(|s| s.trim().to_string())
+            });
 
         let user_agent = request
             .headers()

cortex-app-server/src/middleware.rs

@@ -29,6 +29,7 @@ cortex-protocol = { workspace = true }
 cortex-tui = { workspace = true, optional = true }
 cortex-exec = { workspace = true }
 cortex-common = { workspace = true, features = ["cli"] }
+cortex-commands = { workspace = true }
 cortex-login = { workspace = true }
 cortex-process-hardening = { workspace = true }
 cortex-app-server = { workspace = true }
@@ -52,6 +53,7 @@ serde_json = { workspace = true }
 chrono = { workspace = true }
 uuid = { workspace = true }
 toml = { workspace = true }
+toml_edit = { workspace = true }
 serde_yaml = "0.9"
 serde = { workspace = true }
 ctor = "0.5"
@@ -65,8 +67,9 @@ zip = { workspace = true }
 flate2 = "1.0"
 tar = "0.4"
 
-# For scrape command (HTML parsing)
+# For scrape command (HTML parsing and URL handling)
 scraper = "0.22"
+url = "2.5"
 
 # For agent reference extraction from messages
 regex = { workspace = true }
@@ -79,3 +82,10 @@ which = { workspace = true }
 
 # For Ctrl+C handling and terminal cleanup
 ctrlc = { version = "3.4", features = ["termination"] }
+
+# For file descriptor limit checking
+libc = { workspace = true }
+
+# For SIGTERM signal handling on Unix (graceful container shutdown)
+[target.'cfg(unix)'.dependencies]
+signal-hook = "0.3"

cortex-cli/Cargo.toml

@@ -41,6 +41,16 @@ pub struct AcpCli {
     /// Agent to use.
     #[arg(long = "agent")]
     pub agent: Option<String>,
+
+    /// Tools to allow (whitelist). Can be specified multiple times.
+    /// Only these tools will be available to the agent.
+    #[arg(long = "allow-tool", action = clap::ArgAction::Append)]
+    pub allow_tools: Vec<String>,
+
+    /// Tools to deny (blacklist). Can be specified multiple times.
+    /// These tools will be blocked from use.
+    #[arg(long = "deny-tool", action = clap::ArgAction::Append)]
+    pub deny_tools: Vec<String>,
 }
 
 impl AcpCli {
@@ -58,6 +68,17 @@ impl AcpCli {
             config.model = resolve_model_alias(model).to_string();
         }
 
+        // Report tool restrictions (will be applied when server initializes session)
+        if !self.allow_tools.is_empty() {
+            eprintln!("Tool whitelist: {:?}", self.allow_tools);
+            // Note: Tool restrictions are passed via server configuration
+        }
+
+        if !self.deny_tools.is_empty() {
+            eprintln!("Tool blacklist: {:?}", self.deny_tools);
+            // Note: Tool restrictions are passed via server configuration
+        }
+
         // Decide transport mode
         if self.stdio || self.port == 0 {
             // Use stdio transport