v2.1.4

Long agent runs no longer silently forget how they started — when prior chat history overflows the context budget, the dropped older messages are summarized instead of just truncated. Plus a command-whitelist hardening.

Security

• Inline code execution is blocked in agent mode. The command whitelist
  allowed interpreters like node/python/php, but their eval flags
  (node -e, python -c, php -r, deno eval, …) turned a whitelisted
  runtime into arbitrary code execution. Those flags are now rejected (including
  combined short clusters like -pe). Running a file (node app.js,
  python script.py) is unaffected. Defense-in-depth — the manual-mode
  permission prompt is still the primary gate.

Added

• Auto-summarized history. When the prior conversation exceeds the agent's
  context budget, Codeep now condenses the dropped (oldest) messages into a
  short recap — preserving early decisions, constraints, and unfinished threads
  — and injects it before the recent verbatim history. Previously those older
  messages were silently truncated. The recap is one cheap LLM call, made only
  on overflow and cached per session. Opt out with
  autoSummarizeHistory: false (falls back to plain truncation, no extra call).

v2.1.3

Security hardening: project hooks now require trust before they run, the web-fetch tool blocks internal/metadata addresses, and usage stats are sent with your sync token.

Security

• Hooks now require trust-on-first-use. Project-local .codeep/hooks/* run
  arbitrary shell, so a freshly-cloned repo could previously execute its scripts
  on your first tool call. Hooks in an unapproved workspace are now skipped
  until you run /hooks trust (revoke with /hooks untrust). /hooks and the
  welcome banner show the trust state. Your own already-set-up projects just need
  a one-time /hooks trust.
• SSRF guard on the fetch_url web tool. The agent can no longer be steered
  (e.g. via prompt injection) into fetching localhost, private/RFC1918, or
  link-local addresses — including the cloud metadata endpoint
  169.254.169.254. Only http/https are allowed, on the initial request and
  redirects. Your configured provider endpoints (Ollama, custom vLLM/Tailscale)
  are unaffected — they don't go through this tool.

Changed

• Stats reporting now sends the x-sync-token header. The dashboard derives
  your GitHub id from the token instead of trusting the githubId in the request
  body, closing a spoofing gap where anyone could forge usage events (or unarchive
  projects) for another user. Stats keep working on older CLIs — they're just
  recorded anonymously until you upgrade. No behavior change for you locally.

v2.1.2

ACP server enhancements that power the new Codeep VS Code 2.2 features — editor clients can now list models per provider and pin a provider, model, or custom endpoint over the protocol.

Added

• session/list_providers now returns model metadata — each provider
  carries its models (id + name), defaultModel, and a dynamicModels
  flag. Lets ACP clients (the VS Code model picker, Zed) build a provider →
  model selector without hardcoding a catalog. Backward-compatible: older
  clients ignore the extra fields.
• New session/set_config_option ids: provider and customBaseUrl.
  provider switches the active provider (and picks its default model +
  protocol); customBaseUrl sets the base URL for the custom
  (OpenAI-compatible) provider. These let editor settings drive provider /
  model / endpoint without hand-editing ~/.codeep/config.json.

Notes

• Pure additive ACP surface — no behavior change for the TUI or existing
  clients. The Codeep VS Code extension 2.2.0 builds on these.

v2.1.1

Codeep now works with any OpenAI-compatible endpoint — vLLM, LiteLLM, LM Studio, text-generation-webui. New "Custom (OpenAI-compatible)" provider with a configurable base URL, plus support for the standard OPENAI_BASE_URL env var. Fixes #1.

Added

• Custom (OpenAI-compatible) provider. Point Codeep at any self-hosted
  or proxied OpenAI-compatible server (vLLM, LiteLLM, LM Studio,
  text-generation-webui). Pick Custom (OpenAI-compatible) in the welcome
  flow or /provider, set the endpoint under /settings → Custom Base URL
  (config key customBaseUrl, e.g. http://host:8000/v1), then choose your
  model with /model (fetched live from the server's /models endpoint).
  No API key required; set one only if your endpoint enforces it.
• OPENAI_BASE_URL env var. The openai provider now honors
  OPENAI_BASE_URL (OpenAI-SDK convention), so an OpenAI-compatible proxy
  serving gpt-* model names works with zero config changes.

Fixed

• Custom base URLs were silently ignored for every provider except Ollama —
  requests always went to api.openai.com, and an unknown model fell back to
  the default. Base-URL resolution is now centralized (resolveBaseUrl) and
  applied consistently across every path — chat, agent (TUI + ACP/editor),
  /plan task planning, and API-key validation. (#1)
• Welcome flow no longer forces an API-key prompt for keyless providers
  (Ollama, Custom) — selecting one proceeds straight into the app.
• Test isolation: customCommands tests now run against an isolated HOME so a
  developer's global ~/.codeep/commands can't make the suite non-deterministic.

v2.1.0

Session memory: /recall <query> searches across all your saved sessions, --resume jumps straight back into the best match, --summarize asks the LLM what you accomplished, and sessions now get readable AI-generated titles instead of truncated first messages.

Added — /recall cross-session search

• /recall <query> scans every saved session in the active scope
  (project .codeep/sessions/ when in a project, else global
  ~/.codeep/sessions/), matches with AND semantics (every query term
  must appear), and ranks results by term-hit count plus a recency
  boost. Each result shows a context snippet and the session name.
• /recall <query> --resume loads the top-matching session
  directly into the current conversation — skips the list + /sessions
  picker dance. (TUI only; ACP shows results since it can't swap the
  client's conversation in place.)
• /recall <query> --summarize reads the matching sessions and
  returns a short LLM recap of what you actually accomplished across
  them — "ask your history a question". Works in TUI + ACP.
• No new dependency: in-memory JSON scan, fast for the realistic
  tens-to-hundreds-of-sessions case.

Added — portable personal config sync

• Personalities and custom commands now sync across your machines
  via codeep account sync (pull) and codeep account push. Global
  ones (~/.codeep/personalities/*.md, ~/.codeep/commands/*.md)
  travel with your account alongside API keys and profiles — set up a
  senior-reviewer personality or a /deploy command once, get it
  everywhere. New endpoints /api/personalities + /api/commands,
  new DB tables user_personalities + user_commands.
• Additive merge, never destructive: pull only writes files that
  don't already exist locally, so a sync can't clobber edits you
  haven't pushed. Last-write-wins on the server via upsert.
• Dashboard sections to view + delete synced personalities and
  commands at codeep.dev/dashboard (read + prune; editing stays in the
  CLI).
• Deliberately not synced: lifecycle hooks (arbitrary shell —
  syncing + auto-running on another machine is a security risk) and
  MCP server configs (contain tokens). Those stay local by design.

Added — AI-generated session titles

• Sessions now get a concise LLM-generated title ("OAuth2 migration
  for auth module") instead of the first user message truncated to 60
  chars ("help me with the…"). Generated once per session in the
  background after it has ≥3 messages — fire-and-forget on autosave,
  never blocks a save, never regenerates once set. Makes both
  /sessions and /recall dramatically more readable.
• Title priority: AI title > stored title > first-message fallback >
  session name. Stored under aiTitle in the session JSON.
• Opt-out: autoSessionTitle setting (default on). This is the
  only feature that makes a background API call you didn't explicitly
  request, so it's toggleable in /settings for privacy/cost-conscious
  users. Off → sessions keep the first-message title, zero background
  calls.

Changed

• /search description clarified to "search the current session"
  (vs /recall for cross-session) — the two were easy to confuse when
  both said "search history".

Fixed

• /sessions picker showed raw session ids (session-2026-05-20-757cbda5)
  instead of readable titles. Now shows the title (AI-generated > stored

  first-message) with a short date + message count, so the list is
  scannable.

• Models hallucinating their identity in chat mode. Asked "which
  model are you", GLM (and others) would claim to be Claude because the
  chat system prompt never stated the actual identity. Both the chat
  and agent system prompts now inject the real model + provider
  from config, so the answer is truthful. (Agent mode already said
  "never call yourself Claude" but didn't state the real model; now it
  does.)

v2.0.4

Discoverability patch: new /docs <command> jumps from any slash command to its full guide on codeep.dev, the /help footer now points at the same place, and /personality and /insights have proper docs pages instead of one-liners.

Added

• /docs <command> — opens the per-command guide for any 2.0
  feature in your default browser. Knows 17 commands directly
  (personality, insights, plan, go, mcp, skills,
  checkpoint, rewind, hooks, commands, openrouter, memory,
  profile, compact, cost, …); falls back to a marketplace search
  on /docs/commands?q=<cmd> for unknown ones. Plain /docs opens
  the docs index. Closes the gap between brief slash-command
  autocomplete and the actual reference material.
• /help footer hint. Below the scroll line: Full guides → codeep.dev/docs · /docs <command>. Users skimming the inline help
  now know there's a deeper layer one keystroke away.

Improved — web docs

• /personality guide went from a 2-row table to a full reference:
  3-column "when to use / what it changes" table for all 6 presets,
  basic-flow terminal demo, end-to-end "combo with plan mode" example
  (security-paranoid OAuth callback), custom personalities section
  with full Acme Corp template, scope override rules, where-it-works
  matrix, and a warning callout about chat() path behaviour.
• /insights guide got similar treatment: source-of-truth JSON
  shape from ~/.codeep/history/<id>.json, what-you-see breakdown
  per section, flags table, realistic terminal demo, and a tip
  pointing at the dashboard for historical cost.

Notes

• No agent behaviour or API changes — this is purely discoverability
  and documentation. Safe to skip if you already know the surface area,
  worthwhile if you've been wondering "what else is in here".

v2.0.3

Two Hermes-inspired additions: /personality <name> switches agent tone mid-conversation (concise, security-paranoid, senior-reviewer, junior-mentor, ship-it, verbose, or your own from .codeep/personalities/*.md), and /insights [--days N] summarises what you've been working on — runs, files, tools, projects.

Added — /personality slash command

• Six built-in personalities that swap the agent's tone and
  priorities by appending a system-prompt addendum:
  • concise — no preamble, no filler, bullet-heavy
  • verbose — explains rationale + alternatives + caveats
  • security — treats every input as hostile, enumerates attack surface
  • senior-reviewer — pushes back on shortcuts, names things well
  • junior-mentor — explains as it goes, links to canonical docs
  • ship-it — picks first reasonable approach, defers cleanup
• Custom personalities via .codeep/personalities/<name>.md
  (project) or ~/.codeep/personalities/<name>.md (global). First
  # Personality: Name line becomes the display name; rest of the
  Markdown body is the prompt addendum. Capped at 64 KB per file.
• Persistence: active personality lives in config.activePersonality
  so it survives session restarts. Clear with /personality off.
• Usable from CLI TUI, Zed, and the VS Code extension via ACP.

Added — /insights [--days N]

• Activity summary over a configurable window (default 7 days,
  capped at 365). Reads ~/.codeep/history/<id>.json files written by
  every agent run, so output reflects actual tool actions rather than
  chat-message proxies.
• Headline metrics: total runs, total tool actions, total active time,
  active-days density, average actions per run.
• By-project breakdown sorted by active time — see which repo soaked
  up your week.
• Top tools (read_file × 340, write_file × 80, …) and
  most-touched files (with ~ prefix for readability).
• Recent runs list — 10 most recent with project, duration, and the
  user prompt that started them.
• Per-session cost still lives in /cost; /insights is a deliberately
  history-only view (the in-memory token tracker doesn't survive a
  restart, so historical cost would be misleading).

Surfaced

• Both commands appear in /help, / autocomplete, Codeep-web
/docs/commands, VS Code Settings → Commands chips, and ACP
  availableCommands. Spot-check parity: typing /per or /insi in
  any client autocompletes to the right command.

v2.0.2

Two big quality-of-life additions: Anthropic prompt caching is on by default (60–90% cheaper on cache-eligible input), and /plan lets you preview an agent's full plan before any file gets touched. Run /go to execute, or /plan <revised task> to refine.

Added — Anthropic prompt caching, automatic

• Two cache breakpoints per request: the system prompt (and embedded
  skills catalog / project intelligence) and the tools array. Cache hits
  bill at 0.1× the input rate; cache writes at 1.25×. Net win after the
  second same-shape request, which is every iteration in an agent loop.
  Below 1024 input tokens Anthropic silently skips caching — no error
  path. Applies to the agent chat path, the agent fallback path, and
  the chat() path used by /agent and inline replies. Also propagates
  through OpenRouter → Anthropic routes (caching headers honoured
  upstream).
• TokenUsage.cacheCreationTokens + cacheReadTokens fields
  surfaced on every record. getCacheStats() aggregates per-session
  cache hits, misses, and estimated USD savings vs running without
  caching. /cost (and /stats) renders a new "Prompt caching"
  section when at least one cached call landed.

Added — Plan mode (/plan + /go)

• /plan <task> — generates a numbered plan for the task (no tool
  calls, no file changes), surfaces it as a Markdown message so you can
  review what the agent would do, which files it would touch, what
  commands it would run, and the risk level it self-assesses. Holds
  the (task, plan) pair as the pending plan, scoped to the current
  process. Re-running /plan <revised task> replaces the pending plan
  with a new one (you pay one extra LLM call but get readable revision
  history in the chat).
• /go — executes the pending plan: hands the task + approved plan
  as a single prompt to the regular agent loop, so all MCP tools,
  lifecycle hooks, verification, permissions, and skill bundles apply
  unchanged. Includes an explicit anti-improvisation clause in the
  injected prompt — if any step turns out to be wrong mid-execution
  the agent must stop and report rather than silently rewriting the
  plan.
• Available in both the TUI and ACP clients (Zed, VS Code). ACP
  /plan streams the plan back via session/update; ACP /go runs
  the agent inline and streams iterations through onChunk.
• Surfaced in /help ("Agent Mode" section) and / autocomplete.

Fixed

• Anthropic streaming usage extraction missed cache fields. Both
  the agent stream handler (utils/agentStream.ts) and the chat
  stream handler (api/index.ts) now pick up
  cache_creation_input_tokens and cache_read_input_tokens from the
  message_start event, so cached requests no longer undercount
  prompt tokens or display $0 savings.

Notes

• OpenAI-format providers (OpenAI direct, Z.AI, DeepSeek, MiniMax,
  Ollama) don't expose explicit cache markers — those providers
  generally apply automatic prefix caching server-side. No code change
  on our end needed; cost reports stay accurate via standard
  prompt_tokens accounting.

v2.0.1

Patch: /mcp now works in the CLI TUI (was only wired into the ACP path
in 2.0.0, so Zed and VS Code worked but codeep direct didn't). Full
subcommand parity — browse, install, add, remove, reload, resources,
read, prompts, prompt.

Fixed

• /mcp slash command in CLI TUI returned Unknown command: /mcp.
  The 2.0.0 implementation lived only in src/acp/commands.ts, so it
  worked for ACP clients (Zed, VS Code extension) but TUI users hit the
  unknown-command path. Ported the full handler to
  src/renderer/commands.ts with TUI-appropriate output (uses the fixed
  codeep-tui session id and ctx.projectPath as workspace root).
  Subcommands now usable from the TUI: /mcp, /mcp browse [id],
  /mcp install <id> [args...], /mcp add <name> <command> [args...],
  /mcp remove <name>, /mcp reload, /mcp resources,
  /mcp read <uri>, /mcp prompts, /mcp prompt <server> <name> [k=v].
• Eight 2.0 commands missing from / autocomplete and /help —
  /mcp, /compact, /checkpoint, /checkpoints, /rewind, /hooks,
  /openrouter, /commands were all implemented but invisible to
  discovery. Added to App.COMMANDS + COMMAND_DESCRIPTIONS so they
  appear when the user types /, and added two new /help sections
  ("Checkpoints (2.0)", "Extensions & MCP (2.0)") plus /compact
  under Sessions and /openrouter under Settings.
• /skills publish rejected global bundles. The helper required
  bundle.scope === 'project', blocking a common case: user writes a
  cross-project skill once in ~/.codeep/skills/<name>/ and tries to
  share it. The --public flag is the user's explicit consent gate,
  so an extra scope check is redundant gatekeeping. Now publishes
  project OR global bundles; project wins on slug collision (mirrors
  loadSkillBundles). Error message also clarifies both lookup
  paths when the slug isn't found anywhere.

v2.0.0

Codeep 2.0 is here. Full MCP support (stdio + HTTP), skill bundles with a public marketplace, OpenRouter with accurate per-call cost, checkpoints, custom commands, lifecycle hooks. 921 tests green.

Big release. Major version bump because the on-disk mcp_servers.json
shape now accepts url (HTTP transport) alongside command (stdio),
because the agent now actively reads from MCP servers' resources,
prompts, and (optionally) hosts sampling for them — clients that
relied on Codeep behaving as a tools-only client will see new traffic
— and because skill bundles are a new top-level concept the agent
auto-discovers and invokes.

Added — OpenRouter provider (100+ models via one key)

• openrouter provider wired through the existing OpenAI-compatible
  flow. Top 12 popular models hardcoded for the picker; the full
  catalogue (100+) is fetched on demand via /model, with live pricing
  per 1M tokens and context-window size shown per row.
• Authoritative cost from usage.cost. OpenRouter returns the
  per-call USD figure in its response — we use that instead of our
  local pricing table, so your dashboard / /cost numbers match the
  OpenRouter invoice exactly with zero local maintenance.
• Branding headers (HTTP-Referer: https://codeep.dev,
  X-Title: Codeep) sent on every OpenRouter request — surfaces
  Codeep traffic in their dashboard for attribution.
• /openrouter slash command for routing preferences:
  prefer <p1>,<p2> (provider order), ignore <p1> (block list),
  fallbacks on|off, privacy strict|allow (sets data_collection),
  clear. Stored per-machine in conf.
• openrouter/auto support — set the model id to openrouter/auto
  and OpenRouter picks the best upstream for each task. Combine with
  /openrouter prefer to bias the auto-router without locking it down.

Added — Skill bundles (Claude Code-compatible)

• Structured skill bundles under .codeep/skills/<name>/SKILL.md
  (project) and ~/.codeep/skills/<name>/SKILL.md (global). The
  SKILL.md format is a superset of Claude Code skills — paste an
  existing skill verbatim and it works. Codeep-specific extensions
  (codeep-min-version, codeep-requires-mcp) are valid YAML, so
  Claude Code parsers tolerate them.
• Agent auto-discovery. Every agent run injects the bundle catalog
  into the system prompt and registers a virtual invoke_skill tool.
  The model picks a skill when the user's intent matches; we return
  the SKILL.md body for it to follow step by step.
• Slash commands for managing bundles:
  • /skills bundles — list installed
  • /skills create-bundle <name> — scaffold a project skill
  • /skills show <name> — print the SKILL.md
  • /skills browse [query] — search the public marketplace
  • /skills install <owner>/<slug> — pull from marketplace
  • /skills publish <slug> [--public] — share to codeep.dev
  • /skills unpublish <owner>/<slug> — remove your published skill
• Public marketplace at codeep.dev/skills.
  Owners manage their published skills at /dashboard/skills —
  toggle visibility, unpublish, see install counts.
• VS Code commands for the bundle workflow: Codeep: Browse Skill Bundles…, Codeep: Create Skill Bundle…, Codeep: Open Skills Folder.
• Welcome banner warning when a workspace ships project-scoped
  skill bundles — informed consent before the agent starts invoking
  unfamiliar capabilities.

Added — MCP gets full spec coverage

• Streamable HTTP transport. MCP servers configured with url (and
  optional headers) are reached over the spec's HTTP+SSE flow instead
  of stdio. POST for requests, GET-side SSE for server-pushed
  notifications and server-initiated requests. Mutually exclusive with
  command — pick one per server.
• Sampling capability. When a server opts into sampling, it can
  ask Codeep to generate a completion on its behalf; we bridge to the
  active provider via chat(). Server gets just the assistant text;
  no tool use is forwarded.
• Resources & prompts auto-injected into the agent's tool catalog.
  Each server that exposes resources or prompts gets four virtual tools
  the model can call natively: <server>__resource_list,
  <server>__resource_read, <server>__prompt_list,
  <server>__prompt_get. No more "user types /mcp read <uri>
  manually". Servers that don't expose either get nothing extra.
• Mid-run tool catalog refresh. A tools/list_changed notification
  (or a successful auto-restart) flips a dirty bit; the agent re-fetches
  the catalog at the start of the next iteration so the model sees new
  tools without a session restart.
• MCP marketplace. /mcp browse shows a curated catalog of popular
  servers (filesystem, github, postgres, slack, brave-search, …);
  /mcp install <id> [extra args] writes the config + spawns. Each
  entry surfaces env-var and arg hints so the user knows what to set.
• roots + roots/list capability negotiation. Codeep advertises
  roots: { listChanged: true } in initialize and handles
  roots/list requests by returning the current workspace folder —
  filesystem-shaped servers can scope reads accordingly.

Added — TUI polish

• Type-to-filter in every menu picker. /model, /provider,
  /login, /lang, sessions, export, logout — start typing and the
  list narrows by key / label / description. Backspace edits, first
  Esc clears the filter, second Esc closes. Critical for the
  OpenRouter 100+ model catalogue but useful everywhere.
• First-run provider picker reordered. Anthropic, OpenAI,
  OpenRouter, Z.AI sit at the top instead of being buried under
  regional / parameter-variant entries. Each row now shows the short
  provider description ("Unified access to 100+ models via one API
  key") so the value prop is visible at a glance.

Added — earlier in the 2.0 cycle (already in dev builds)

• /cost, /compact [keepN], /commands, /checkpoint [name], /checkpoints, /rewind <id>, /hooks,
  /mcp slash commands.
• Custom slash commands. .codeep/commands/<name>.md Markdown
  templates with {{args}} / $ARGUMENTS / {{argN}} placeholders.
  Project files shadow global. Warning banner on first session.
• Lifecycle hooks. .codeep/hooks/<event>.sh shell scripts run on
  pre_tool_call, post_edit, on_error, pre_commit. Apply
  uniformly to built-in and MCP tools.
• /memory and /profile now work in ACP (Zed / VS Code), not
  just the TUI.
• ACP fs/read_text_file and fs/write_text_file delegation —
  agent tool calls route through the client when capability is
  advertised, with a 100 KB size cap on delegated reads.
• ACP authMethods — single Codeep CLI agent-type entry for
  acp-registry compliance + authenticate no-op handler.
• Auto-reconnect on MCP server crash (3× in 60s with exponential
  backoff). Persistent failures surface in /mcp instead of being
  silently dropped.
• VS Code 0.2.0:
  • Native vscode.diff viewer for proposed edits + Accept/Reject
    CodeLens (closes diff tab → implicit reject).
  • Cmd+Shift+A Attach Active File.
  • @symbol mentions alongside @file.
  • MCP server management from the command palette (Add / Remove /
    Open Config).
  • Auto-loads ~/.codeep/mcp_servers.json and project equivalent.
  • Permission labels honest about scope ("Allow for this session").

Fixed

• /provider was not in AVAILABLE_COMMANDS — invisible to Zed / VS
  Code / autocomplete.
• /apikey and /login warn that inline keys leak into shell history.
• write_file double-recorded itself in the action log when client-side
  delegation failed and we fell through to disk.
• Delegated fs/read_text_file had no size cap; a misbehaving client
  could return a multi-GB blob and OOM the agent.
• compactHistory() had no timeout — a hung provider would wedge the
  session. Now caps at 60 s with an external abortSignal honoured.
• Diff editor occasionally stayed orphaned in VS Code if the user
  responded faster than the open completed.
• MCP tool name normalization stripped hyphens, so servers named with a
  - couldn't route their tool calls (my-fs__read_file ≠
  my_fs__read_file).

Removed

• 19 obsolete model entries in tokenTracker.ts (gpt-4.1*, o3,
  o4-mini, gpt-4o, claude-mythos-preview, claude-sonnet-4-5-20250929,
  gemini-2.5-, gemini-3.1-flash-lite-preview, MiniMax-M2.5,
  MiniMax-M2.1*, MiniMax-M2) — continuation of the 1.3.42 cleanup.

Security

• MCP sampling/createMessage now rate-limited and budget-capped per
  server (≥1 s spacing, 100 requests / process). Each accepted request
  is logged to stderr with the originating server name. Closes the path
  by which a misbehaving or malicious MCP server could drain a user's
  paid-provider credits.
• npm audit fix resolved fast-uri (path traversal / host confusion)
  and picomatch (ReDoS / method injection) high-severity CVEs in
  transitive dependencies.

Packaging

• npm tarball reduced from 164.8 MB → 340 kB (unpacked 436 MB → 1.4 MB)
  by excluding dist/zed/* and bin/codeep-* pkg-built standalone
  binaries from the files field. Those binaries continue to ship via
  GitHub releases and the Zed extension distribution.

Breaking changes

• McpServer in the protocol now has command? and args? (was
  required), plus new url? and headers?. ACP clients that produced
  the old shape still work — fields are optional, parser accepts both.
• MCP client protocol version bumped from 1.4.0 to 2.0.0 in
  initialize's clientInfo. Servers that key off the version string
  may need an allowlist update.