Configuration, constants, and model creation.
Hide version and local-install details in the splash screen when enabled.
Maps each non-normal mode to its trigger character.
Maps each non-normal mode to its display glyph shown in the prompt/UI.
Glyph set for terminals with full Unicode support.
Glyph set for terminals limited to 7-bit ASCII.
Character limit for tool argument values in the UI.
Longer values are truncated with an ellipsis by truncate_value
in tool_display.
Default LangGraph runnable config.
Sets recursion_limit to 1000 to accommodate deeply nested agent graphs without
hitting the default LangGraph ceiling.
Sentinel value returned by parse_shell_allow_list for --shell-allow-list=all.
Literal substrings that indicate shell injection risk.
Used by contains_dangerous_patterns to reject commands that embed arbitrary
execution via redirects, substitution operators, or control characters — even
when the base command is on the allow-list.
Read-only commands auto-approved in non-interactive mode.
Only includes readers and formatters — shells, editors, interpreters, package
managers, network tools, archivers, and anything on GTFOBins/LOOBins is
intentionally excluded. File-write and injection vectors are blocked separately
by DANGEROUS_SHELL_PATTERNS.
Return whether env var name is set to a recognizably truthy value.
Unlike bool(os.environ.get(name)), this does not treat "0" or
"false" as enabled. Use this for on/off flags where the user would
reasonably expect VAR=0 to mean "disabled".
Resolve the current git branch with a filesystem-first strategy.
Return the longest mode prefix and mode for text, if any.
Longer prefixes win so multi-character triggers like !! are matched
before their single-character prefixes (!).
Get the glyph set for the current charset mode.
Reset the glyphs cache (for testing).
Check whether the terminal is in ASCII charset mode.
Convenience wrapper so widgets can branch on charset without importing
both _detect_charset_mode and CharsetMode.
Return the terminal-appropriate label for the newline keyboard shortcut.
Prefers Shift+Enter when the terminal is known to support the kitty
keyboard protocol, either via conservative terminal-identity heuristics
or the DEEPAGENTS_CODE_KITTY_KEYBOARD override. Falls back to
Option+Enter on macOS and Ctrl+J elsewhere — both survive legacy
terminals that strip the shift modifier from Enter.
Get the appropriate banner for the current charset mode.
Build the LangGraph stream config dict.
Injects dcode and SDK versions into metadata["versions"] so LangSmith traces
can be correlated with specific releases.
Why dcode sets both versions:
create_deep_agent bakes versions: {"deepagents": "X.Y.Z"} into the
compiled graph via with_config. At stream time, LangGraph merges
the graph config with the runtime config passed here. Because the
metadata merge is shallow (effectively {**graph_meta, **runtime_meta}
for top-level keys), both configs containing a versions key means
the runtime dict replaces the graph dict entirely — the SDK
version would be lost.Includes ls_integration metadata so LangSmith traces originating from
the app are distinguishable from bare SDK usage.
Parse shell allow-list from string.
Check if a command contains dangerous shell patterns.
These patterns can be used to bypass allow-list validation by embedding
arbitrary commands within seemingly safe commands. The check includes
both literal substring patterns (redirects, substitution operators, etc.)
and regex patterns for bare variable expansion ($VAR) and the background
operator (&).
Check if a shell command is in the allow-list.
The allow-list matches against the first token of the command (the executable name). This allows read-only commands like ls, cat, grep, etc. to be auto-approved.
When allow_list is the SHELL_ALLOW_ALL sentinel, all non-empty commands
are approved unconditionally — dangerous pattern checks are skipped.
SECURITY: For regular allow-lists, this function rejects commands containing dangerous shell patterns (command substitution, redirects, process substitution, etc.) BEFORE parsing, to prevent injection attacks that could bypass the allow-list.
Resolve the LangSmith project name if tracing is configured.
Checks for the required API key and tracing environment variables.
When both are present, resolves the project name with priority:
settings.deepagents_langchain_project (from
DEEPAGENTS_CODE_LANGSMITH_PROJECT), then LANGSMITH_PROJECT from the
environment (note: this may already have been overridden at bootstrap time
to match DEEPAGENTS_CODE_LANGSMITH_PROJECT), then 'deepagents-code'.
Fetch the LangSmith project URL via the LangSmith client.
Successful results are cached at module level so repeated calls do not make additional network requests.
The network call runs in a daemon thread with a hard timeout of
_LANGSMITH_URL_LOOKUP_TIMEOUT_SECONDS, so this function blocks the
calling thread for at most that duration even if LangSmith is unreachable.
Returns None (with a debug log) on any failure: missing langsmith package,
network errors, invalid project names, client initialization issues,
or timeouts.
Build a full LangSmith thread URL if tracing is configured.
Combines get_langsmith_project_name and fetch_langsmith_project_url
into a single convenience helper.
Reset the LangSmith URL cache (for testing).
Get the default coding agent instructions.
These are the immutable base instructions that cannot be modified by the agent. Long-term memory (AGENTS.md) is handled separately by the middleware.
Auto-detect provider from model name.
Intentionally duplicates a subset of LangChain's
_attempt_infer_model_provider because we need to resolve the provider
before calling init_chat_model in order to:
init_chat_model.Create a chat model.
Uses init_chat_model for standard providers, or imports a custom
BaseChatModel subclass when the provider has a class_path in config.
Supports provider:model format (e.g., 'openai:gpt-5.5')
for explicit provider selection, or bare model names for auto-detection.
Validate that the model has required capabilities for deepagents.
Checks the model's profile (if available) to ensure it supports tool calling, which is required for agent functionality. Issues warnings for models without profiles or with limited context windows.
Character set mode for TUI display.
Character glyphs for TUI display.
Global settings and environment detection for deepagents-code.
This class is initialized once at startup and provides access to:
Mutable session state shared across the app, adapter, and agent.
Tracks runtime flags like auto-approve that can be toggled during a session via keybindings or the HITL approval menu's "Auto-approve all" option.
The auto_approve flag controls whether tool calls (shell execution, file
writes/edits, web search, URL fetch) require user confirmation before running.
Result of creating a chat model, bundling the model with its metadata.
This separates model creation from settings mutation so callers can decide when to commit the metadata to global settings.