Skip to content

Latest commit

 

History

History
973 lines (725 loc) · 72.7 KB

File metadata and controls

973 lines (725 loc) · 72.7 KB

Changelog

All notable changes to pi_agent_rust are documented here.

Versions marked Release have published binaries on GitHub Releases. Versions marked Tag-only exist as git tags without a corresponding GitHub Release (no downloadable binaries). Versions marked Draft have an unpublished draft release on GitHub.

Repository: https://github.com/Dicklesworthstone/pi_agent_rust


Features

  • Newer z.ai (GLM) and MiniMax models in the registry — the model catalog now includes z.ai GLM-5.1 (glm-5.1, 200K context) and GLM-5.2 (glm-5.2, 1M context) under the zai provider, and MiniMax-M3 (MiniMax-M3, 1M context) under both minimax and minimax-cn. The upstream provider-id snapshot is updated so the mainland zhipuai/BigModel endpoint and the zai-coding-plan/zhipuai-coding-plan/minimax-coding-plan routing presets also surface these ids. Context windows, max-output ceilings, pricing, and reasoning support are taken from the published models.dev catalog and verified against the official z.ai and MiniMax API docs. Select them with e.g. pi --provider zai --model glm-5.2 or pi --provider minimax --model MiniMax-M3. Fixes #115.
  • /mcp slash command — reports MCP (Model Context Protocol) server status in the interactive TUI instead of returning "Unknown command". Lists any MCP servers an installed extension has registered and clarifies that Pi does not read standalone MCP config files (.agents/mcp.json, .pi/mcp.json, ~/.pi/agent/mcp.json). Fixes #112.

Bug Fixes

  • Windows WSAENOTCONN retry now also fires for TLS errors surfaced through non-Io variantsis_retryable_not_connected_tls walks the TlsError source chain in addition to matching the direct Io variant, so a "socket not connected" (os error 10057) reported via the TLS library is still detected and retried with a fresh connection. Hardens #111 / #106.

v0.1.20 — 2026-06-13 — Tag-only

Bug Fixes

  • Windows connect retries now survive WSAENOTCONN ("Socket is not connected") — the HTTP client retries the TCP connect when Winsock reports WSAENOTCONN, and the error-classification logic walks the full io::Error::get_ref source chain so the code is detected even when it is wrapped several layers deep. A Winsock remediation hint is surfaced when the condition is hit. Fixes #106.

Internal

  • Synced Cargo.lock to the released 0.1.19 dependency set.

v0.1.19 — 2026-06-11 — Tag-only

Features

  • ACP dynamic configuration — ACP mode supports session/set_model and session/set_config_option, so clients can switch the active model and tune config options mid-session. Fixes #105.
  • ACP sessions can persist to disk--session-dir is honored in ACP mode, letting ACP-driven sessions be stored and resumed like interactive ones. Fixes #102.

Bug Fixes

  • System prompt emits date only (no clock time) — the system prompt now carries a date-only stamp instead of a full timestamp, so the leading prompt prefix stays byte-stable within a day and provider KV caches are preserved instead of being invalidated on every turn. Fixes #103.
  • llamacpp and mistral.rs are treated as keyless local providers — these local OpenAI-compatible backends no longer demand an API key to be selectable. Fixes #104.
  • Bundled TLS roots + cached connector — the HTTP client uses bundled webpki roots and caches the TLS connector, avoiding slow per-request system trust-store parsing (notably the multi-second SecTrustSettings stall on macOS arm64). Fixes #101.
  • Snapshot/override entries honored for native-adapter legacy providersmodels.json snapshot and models-override.json entries are no longer silently dropped for native-adapter providers (openai-codex, github-copilot, google-gemini-cli, google-antigravity). Fixes #100.

Internal

  • Upgraded asupersync to 0.3.4, dropping the =0.3.2 pin (0.3.3 was yanked).
  • Pinned rust-toolchain to nightly-2026-02-19 to stop clippy lint drift, and the publish workflow now emits the missing-token error on stdout.
  • Docs: model examples use the openai-completions API id rather than openai.

v0.1.18 — 2026-06-05 — Release

Features

  • TUI front-end is feature-gated behind a default-on tui feature — SDK and library consumers can now build without compiling the terminal stack by disabling the tui feature, while default installs are unchanged. Fixes #98.

Internal

  • The publish workflow fails loudly when CARGO_REGISTRY_TOKEN is missing, so crates.io publishes can no longer be silently skipped. Fixes #99.
  • Formatting and beads export housekeeping.

v0.1.17 — 2026-06-04 — Release

Features

  • Configurable provider-aware HTTP request timeout — request timeouts are now configurable and provider-aware, addressing spurious "Request timed out" failures on slow providers. Fixes #90.
  • Dynamic model fetch with caching — providers can fetch their live model list with a 5-minute TTL cache and a static-registry fallback; the static fallback is no longer cached so a transient fetch failure does not pin a stale list.

Bug Fixes

  • GitHub Copilot sign-in works out of the box — a default Copilot client_id is shipped and the Copilot device flow is wired into /login with an SSH/headless fallback, so login no longer requires manual client configuration. Fixes #97.
  • Idle CPU churn from cursor blink removed — the interactive front-end stops the cursor-blink repaint loop while idle so the async runtime can actually park.
  • Kimi-for-coding fallbacks modernized — prefer K2.6/K2.5 over the legacy K2-thinking model as concrete fallbacks.

Internal

  • Release binary size budget raised from 20 MB to 25 MB; no-mock CI now gates only new violations via a .no-mock-allowlist file; fuzz target forced to x86_64-unknown-linux-gnu so ASan links against dynamic libc; trimmed 70 more stale ext_conformance artifact fixtures.

v0.1.16 — 2026-05-22 — Release

Features

  • Configurable tool-iteration cap — added --max-tool-iterations <N> CLI flag and PI_MAX_TOOL_ITERATIONS env var. Both override the historical hardcoded default of 50. Clamped to [1, 1000]; invalid or zero values fall back to 50 with a warning. Without this, long multi-step agentic tasks (multi-file refactors, multi-phase spec implementations) were forcibly stopped with no graceful handoff.
  • Soft handoff warning at 80% of the iteration cap — when an agent crosses (max * 4) / 5 tool iterations, the runtime injects a one-shot steering message ("Tool-iteration budget at ≥80%; begin graceful handoff per spec…") so the agent can self-pace into an incomplete-handoff envelope rather than being silently killed at the cap. Skipped for caps below 5 to avoid noise on tiny ceilings. Pairs with --max-tool-iterations to make iteration-aware-handoff protocols self-enforceable.

Bug Fixes

  • Coding-plan providers are now selectable by --provider alone — selecting a provider that has no models in the registry (the routing-only presets such as zai-coding-plan, minimax-coding-plan, and kimi-for-coding) previously failed with No models available for provider …. Such providers now synthesize an ad-hoc model entry from a per-provider default, honoring config.default_model only when it is paired with the same provider via config.default_provider.
  • Ad-hoc model entries resolve credentials from stored auth / env — synthesized entries started with no API key, so model_entry_is_ready reported them as unconfigured even when valid credentials existed. Keys are now resolved when the entry is created (the SAP path keeps its own resolver), so readiness reflects reality.
  • Provider default model ids modernizedzai/zai-coding-plan default to glm-4.7 (was glm-4.6), minimax/minimax-cn/minimax-coding-plan default to MiniMax-M2.7 (was MiniMax-M2.5), and the Kimi for Coding plan uses its stable virtual model id kimi-for-coding. The single defaults table now also feeds ad-hoc synthesis, eliminating duplication.
  • Active model auto-switches when it loses credentials — when the selected model's credentials disappear mid-session, the interactive front-end switches to a still-ready model instead of failing the next turn. Fixes #81.
  • Actionable hints for host/network-unreachable connect failures — connect errors (host unreachable / network unreachable, e.g. the macOS arm64 EHOSTUNREACH case) now surface a remediation hint instead of a bare OS error. Fixes #88.

Internal

  • asupersync upgraded to 0.3.2, fixing a post-session persistence worker that spun at ~500% CPU after a session completed. Fixes #83.
  • Large QuickJS Node-shim conformance push — extensive hardening of the embedded-runtime Node API shims, especially the global Buffer surface (encoding/length coercion, integer read/write bounds and validation, base64/hex decoding, ArrayBuffer sharing/offsets, byte-swap parity, single-byte encodings) plus fs/crypto shim fixes, tighter extension-VFS path scoping and hermetic fixtures, and fail-closed handling of non-primary entrypoint load errors. Adds the @mariozechner/pi-ai completion + model-registry host bridge.
  • Swarm operations + autopilot tooling — deterministic swarm-replay engine and ingestor, pi doctor swarm checks (rch warm-target affinity planner, conflict predictor, reservation recommendations, affinity-proof gate), an autopilot dry-run next-action planner with budget-drift watcher and failure action catalog, a completion-audit generator, and a swarm operations runbook.
  • Regenerate rquickjs bindings at build time on Android/Termux; track scripts/skill-smoke.sh and the pi-agent-rust skill so the installer regression harness passes in clean CI checkouts.

[v0.1.15] — 2026-05-02 — Release

Bug Fixes

  • Default OpenAI Codex model now prefers GPT-5.5 with xhigh reasoning — startup, setup, and model-candidate resolution prefer openai-codex/gpt-5.5 over older GPT-5.4 defaults, with fuzzy aliases covering GPT-5.5 model names.
  • RPC startup paths no longer accidentally behave like interactive TUI sessions — the --rpc shortcut is parsed as an explicit RPC mode, avoids incompatible --print combinations, and skips interactive-only session-index maintenance.
  • Non-interactive exits are deterministic — the CLI process exits after the selected mode returns, avoiding runtime-drop hangs after terminal shutdown.
  • Streaming and tool-call edge cases are fail-closed — SSE EOF flushing is terminal across repeated polls, SIGPIPE trampoline exec failures propagate as tool errors, and Bun/Node extension helpers avoid invalid native argument shapes.
  • Filesystem and extension tests are confinement-aware — grep output remains relative from symlinked working directories, Bun file-write coverage avoids escaping the extension root, and validation tolerates unvendored candidate-pool hits without weakening hard gates.
  • Release evidence writers honor off-repo target directories — performance, lifecycle, provider-registry, and scenario harnesses now write artifacts under CARGO_TARGET_DIR when set, preventing release gates from failing on unwritable or missing repository target/ paths.

Internal

  • Stabilize HTTP, model-registry, model-selector, provider backward-lock, non-mock compliance, and perf regression fixtures so the release compile, clippy, format, workspace test, and release-build gates run cleanly in the high-capacity release workspace.

[v0.1.14] — 2026-04-28 — Release

Bug Fixes

  • Slash dropdown Enter accepts highlighted entry — When the autocomplete dropdown is open with a highlighted item (the user pressed Down to navigate to a specific entry), Enter now accepts the highlight and runs the selected command, matching the dropdown's own footer hint "Enter/Tab accept" and the convention used by fzf, vim completion, Slack/IRC slash menus, etc. The prior behavior — Enter submits the raw editor contents regardless of the highlight — is preserved when no item is highlighted, so users who never navigated keep the existing escape-hatch behavior. Fixes #61. Regression tests in src/interactive/tests.rs::enter_accepts_highlighted_autocomplete_item and enter_submits_when_no_autocomplete_item_highlighted.

  • File mode bits preserved on session rewrite and tool write — earlier release notes (51b7776d) for write-time mode preservation. Bug fix preserves permissions across session rewrites that previously stomped them.

Features

  • User-overridable model list — Drop a JSON file at <config_dir>/pi/models-override.json (or set PI_MODELS_OVERRIDE to point pi at a path elsewhere) to extend the bundled model snapshot at runtime. The override file uses the same shape as the bundled snapshot:

    {
      "anthropic": ["claude-opus-4-7"],
      "openrouter": ["anthropic/claude-opus-4-7"]
    }

    Override entries union with the bundled snapshot (set semantics, deduped). Missing/blank/malformed files log a warning and are treated as empty so a typo never breaks startup. The model catalog cache fingerprint folds in a CRC of the override file so memoized consumers refresh correctly when the override changes. Documented in docs/models.md. Fixes #60. This obsoletes the recurring one-line PRs that just add new model IDs to the bundled snapshot — drop them in your config instead.

  • claude-opus-4-7 in anthropic snapshot — Anthropic shipped Opus 4.7 on 2026-04-28; surfaced in /model autocomplete. Mirrors PR #59 (closed in favor of independent implementation per project policy).

Internal

  • Refactor the snapshot ↔ override merge into a merge_provider_model_ids helper for testability.
  • Address three nightly clippy lints in package_manager.rs, extension_preflight.rs, and extensions.rs that were blocking the cargo clippy --all-targets -- -D warnings CI gate.
  • (Concurrent agent work also merged this cycle — see git log between v0.1.13 and v0.1.14 for the full set, including RPC lifecycle event refactors and permission recovery test probes.)

Known Issues

  • Seven pre-existing test failures in src/app.rs::tests::select_model_*, src/rpc.rs::tests::auto_compaction_*, and src/session.rs::tests::test_continue_recent_* predate this release. Tracked in beads bd-d8v93 for follow-up.

[v0.1.12] — 2026-04-23 — Release

Bug Fixes

  • Actually fix Windows build. v0.1.11 attempted to work around the published sqlmodel-sqlite 0.2.1 dynamic-link issue by adding libsqlite3-sys with bundled-windows as a top-level direct dep. That attempt failed because sqlmodel-sqlite 0.2.1 still declared #[link(name = "sqlite3")] (dynamic) without importing any item from libsqlite3-sys, so rustc elided the libsqlite3-sys rlib and dropped its build-script static-link directives before link time — leaving only the dynamic-link directive, which failed with __imp_sqlite3_*: unresolved external symbol on MSVC. Upgrading to sqlmodel-sqlite 0.2.2 picks up 50e1aca (always bundle via libsqlite3-sys feature bundled) and c8bb7d7 (pin the rlib with an explicit #[link(name = "sqlite3", kind = "static")]), which make the static-link directives actually survive into the link step. Fixes #55.

Dependencies

  • Bump sqlmodel-sqlite and sqlmodel-core from 0.2.1 to 0.2.2.
  • Drop the now-redundant [target.'cfg(windows)'.dependencies] libsqlite3-sys block and the FreeBSD libsqlite3-sys mirror of the same workaround. Both are subsumed by sqlmodel-sqlite 0.2.2 bundling sqlite on every target.

[v0.1.11] — 2026-04-15 — Release

Bug Fixes

  • Fix Windows build: Add libsqlite3-sys with bundled-windows as a direct dependency. The published sqlmodel-sqlite crate was missing the [target.'cfg(windows)'.dependencies] section, causing LINK : fatal error LNK1181: cannot open input file 'sqlite3.lib' on MSVC. Fixes #48.
  • Fix Windows compiler warnings: Suppress platform-conditional unused variable/mut warnings in rpc.rs, tools.rs, doctor.rs, and session_store_v2.rs using targeted #[cfg_attr(not(unix), ...)] attributes.

Dependencies

  • Bump sqlmodel-sqlite and sqlmodel-core from 0.2.0 to 0.2.1.

Unreleased (after v0.1.9)

Commits since v0.1.9 tag (2026-03-12) through 2026-03-21.

New Model Definitions

  • Add built-in entries for GPT-5.2 Codex, Gemini 2.5 Pro CLI, and Gemini 3 Flash (43ddc6f).

Auth & Configuration

  • Support $ENV: prefix in auth.json so API keys can reference environment variables instead of storing secrets in plain text (266be4c).
  • Async Kimi OAuth flow, theme picker caching, session index offloading, and config error surfacing (943085f).
  • Random-port OAuth callback server and viewport scroll clipping fix (bda35a4).
  • Fix OAuth callback redirect_uri per RFC 6749 Section 4.1.3 (d264bb8, c44dfbd).
  • Fix config override package toggle persistence (8268a8c).
  • Deterministic scope update ordering in package toggle tests (73eb0b6).

Security & Reliability (fail-closed hardening)

  • Fail closed on invalid extension manifests (028be33, 9bb1f8c).
  • Fail closed on malformed package manifests (ebffa82).
  • Fail closed on invalid hostcall reactor configs (7b0a0b6, 3621449).
  • Cap randomBytes native hostcall to prevent OOM DoS; use sync_channel for RPC stdout backpressure (c5afccf).
  • Cap WASM Vec pre-allocation in extract_bytes to prevent OOM on large arrays (95d4128).
  • Share WASM virtual files via Arc and fix UTF-8 read truncation (61b400b).
  • Prevent DoS vectors via unbounded thread creation and indefinite stream blocking (a7ecaa3).
  • Remove implicit panics from lazy regex initialization and serialization unwraps (4c32edc).
  • Reject non-regular-file paths in extension fs_op_read hostcall (a09f2a3).
  • Normalize repository shorthands and suppress unsafe extension walks (53f80eb).

Session Management

  • Prune stale session index rows when project directories disappear (d8bc4f4).
  • Prune stale resume index rows and corrupt recents entries (1bd3887, ddd006a).
  • Defer session picker prune on permission errors (e510294).
  • Harden SessionStoreV2 newline-heal rebuild path (0ee28af).
  • Harden session index and auth async flows (609ba33).
  • Clear stale session index names (38a37d3).
  • Propagate read errors during JSONL session loading instead of silently skipping (a1c725c).

Extensions & RPC

  • Refine extension JS bridge, RPC protocol, and tool dispatch (02b49de).
  • Resolve remaining O(N^2) string concatenations in extension polyfills and WASM memory cloning (ec1dfeb, b56b156).
  • Fix exec wrapper double-buffering that lost stdout/stderr on close (fc1f91f).
  • Fix RPC extension precedence and queue mode propagation (af4f1a7, c1f97e6).
  • Sync RPC session state with typed SDK (14736c1).
  • Expand extension stress testing, tool dispatch, and tree view (fcf99ca).
  • Skip empty extension runtime boot (4e70a65).

Interactive TUI

  • Allow empty keybinding overrides to unbind defaults (60d63a6).
  • Refine keybinding dispatch and tool argument handling (d6fc889).

HTTP & Networking

  • Make chunked transfer-encoding and header parsing tolerant of bare LF line endings (d1e7166).
  • Reject unsupported transfer-coding chains (184a2a6).
  • Harden Transfer-Encoding aggregation and outbound header names (b613709, 1df7610).
  • Drop caller-supplied Transfer-Encoding header from outbound requests (b3625e2).
  • Stream JSONL migration instead of read_to_string for lower peak memory (ed47943).

Providers

  • Avoid duplicating first string stream delta (c354a0c).
  • Honor native adapter defaults and sync session connector channel (e65dcad).
  • Expand provider module and e2e live test coverage (a5a27a4).
  • Normalize bare OpenAI/Cohere origins to /v1 endpoints and always persist thinking level (7145c6e).

Tools

  • Enable grep/find/ls by default and document 8 built-in tools (7fc5cc5).
  • Discard incomplete bash spill files (e8b94d3).
  • Clean up incomplete bash spill files (e8b81e4).

Performance

  • Batch session entry inserts in chunks of 200 for SQLite (86368c2).
  • Skip resolution when all resource categories disabled; deduplicate cached extension entries (996dcf3).

CLI & Build

  • Embed changelog into binary (c3385cb).
  • Harden ARM64 Linux release build against future regressions (aef5fb8).
  • Fix SSE retry field parsing (f5457f6).

v0.1.9 -- 2026-03-12 -- Release

Tag: 81bf62d

A reliability-focused release with deep hardening of the backpressure model, HTTP RFC compliance, session lifecycle, and the asupersync runtime migration.

Backpressure & Event Reliability

  • Systematically prevent silent message drops under backpressure in the interactive event loop (3dcbf0a).
  • Replace try_send with backpressure-aware enqueue for extension host action events (cc97fa5).
  • Preserve async error events under backpressure (ab3ac63).
  • Use guaranteed send for UiShutdown on bounded event channel (1d995da).
  • Send UiShutdown event to unblock async bridge after TUI exits (bc645f0).

HTTP Protocol Compliance

  • Validate Content-Length headers and reject malformed or conflicting values (c25efc6).
  • Handle coalesced Content-Length headers per RFC 9110 (4dbd0d4).
  • Treat 1xx/204/205/304 responses as empty-body per RFC 9110 (6e6c123).
  • Add write_all_with_retry to handle transient Ok(0) from TLS transports (7722a14).
  • Flush TLS write buffer on zero-byte retry (8dcf945).

Asupersync Runtime Migration

  • Migrate compaction worker from std threads to asupersync runtime (009c97b).
  • Migrate compaction worker to externally-injected runtime handles (95081cd).
  • Propagate asupersync Cx through RPC, agent, interactive, and session layers (ae91ad9).
  • Migrate Session save-path metadata to asupersync async filesystem (8179452).
  • Migrate GrepTool fs::metadata to asupersync async filesystem (2a36d88).
  • Add binary body support to fetch shim (2edd6c8).

Session & Persistence

  • V2 sidecar staleness detection with JSONL rehydration fallback and cross-format chain hash verification (7d0cc00).
  • Atomic sidecar rebuild with staging/backup swap and trash-based deletion (e578369).
  • Honor SQLite WAL sidecars in metadata and deletion (5239849).
  • Unify file stat logic through WAL-aware session_file_stats helper (4806396).
  • Session health validation and extension index NPM package name preservation (f9731cc).
  • Skip re-parsing unchanged session files in session picker (6e8b817).
  • Harden auth migration for malformed entries and fix config path fallback (ae105be).

Interactive TUI

  • Handle agent-busy state gracefully in tree navigation and branch picker (66e2c89).
  • Handle busy session locks correctly in branch navigation UI (36640ec).
  • Consolidate interactive model-switching into switch_active_model with thinking-level clamping (2614d57).
  • Atomicize model/thinking-level management with session header sync and deduplication (720dc56).
  • Fix thinking-level fallback on header-less sessions and model-switch gating (790a362).
  • Scope tmux mouse-wheel override to current pane, traverse parent dirs for git HEAD (60fe95e).
  • Correct tmux wheel binding save/restore and reduce mouse event noise (72a1082).

Extensions & Security

  • Scope extension filesystem access by extension ID and harden path traversal controls (4d6ab94).
  • Heuristic token fallback, module path traversal guard, and config-driven queue modes (77a44af).
  • Preserve runtime IDs for permission cache (08922e4).
  • Use explicit permissions path, add empty_at fallback constructor (670c935).
  • Extract safe_canonicalize to deduplicate path validation (6cd8211).
  • Replace hand-rolled semver parser with semver crate for correct pre-release ordering (add7336, cf729a2).
  • Preserve exact bare version constraints in extensions (90f60c5).

VCR / Replay Testing

  • Redact normalized text request bodies and single-pair sensitive form bodies in VCR cassettes (ae24ad4, 7d929dd).
  • Recover poisoned env override lookups and distinguish absent vs explicitly-unset overrides (babd3cd, 421ad64).
  • Fail closed on zero-baseline telemetry in replay (eae5a87).
  • Report schema mismatches during comparison (52527d0).
  • Scope SSE buffer guard to retained tail (3f6ebe0).

Providers

  • Preserve decorated URL normalization (6ebfef8).
  • Extension session with compaction state, Unknown credential variant, URL origin validation, and tilde fence support (89c92cc).
  • Harden extension popularity, file tools, and JS-to-JSON conversion (f29ae31).
  • Normalize bare official OpenAI/Cohere origins to /v1 endpoints (7145c6e).

Permissions & Configuration

  • Use BTreeMap for PermissionsFile deserialization for deterministic JSON diffs (cbc94ca).
  • Stabilize JSON serialization order for deterministic diffs (3537b9c).
  • Add schema version validation and proper timestamp-aware expiry checking (42b2c7d).

CI / Build

  • Use macos-15-intel runner for x86_64 Darwin release builds (11c8e6a).
  • Extract drain_bash_output() with selective cancellation semantics (9efb65e).

v0.1.8 -- 2026-02-28 -- Release

Tag: ae35bfe

Major feature release introducing the HashlineEditTool, image tool results for more providers, deep security hardening, and dozens of reliability fixes across the agent, streaming, and session subsystems.

New Tools

  • HashlineEditTool: line-addressed file editing tool that supports edits by hashline reference, reducing ambiguity in multi-edit sessions (0b1baad).
  • Enable hashline_edit in the default tool set and add system prompt guidelines (c947acc, 332d1e0).
  • Add hashline output mode to GrepTool (72d8125).
  • Merge overlapping context windows in GrepTool output (f68fb76).

Provider Improvements

  • Support image content in tool results for Azure and Bedrock providers (35ed28b).
  • Accumulate streaming tool call deltas instead of overwriting (3df7373).
  • Per-model reasoning detection for Claude 3 Sonnet/Opus/Haiku, DeepSeek, Mistral, Llama, Gemini variants, and QWQ (0189ed4, 06595fe, e382c78).
  • Consolidate reasoning detection into model_is_reasoning (b88817b).
  • Canonical provider preference and per-model reasoning detection (f799a7b).
  • Add WriteZero retry to Anthropic provider and reduce idle worker threads (012f0f6).
  • Include response data in Bedrock/JSON parse error messages (e224d5d, e8321b7).
  • Populate error message metadata and include thinking in response detection (5834f24).

Security Hardening

  • Set 0o600 permissions on migrated auth.json and session files; shared file locks for auth reads (4dafcd9, 6ec4ac2).
  • Prevent zero-filled output on getrandom failure in crypto shim (96f8187).
  • Canonicalize extension read roots before path comparison (6e65575).
  • Block extension fs_write outside workspace root (adversarial gap G2) (d408bd0).
  • Close monorepo escape path traversal bypass (c84feac).
  • Harden JS extension module resolution with fail-closed empty-roots and canonicalized escape detection (0f0a899).
  • Cap all subprocess pipe reads to READ_TOOL_MAX_BYTES to prevent OOM (617f571).
  • Harden JS array limits, process cleanup, mutex recovery, and oscillation guard (42a9174).

Agent & Interactive

  • Race tool execution against abort signal for prompt cancellation (bf77ad6).
  • Prevent context duplication on API retry; strip dangling tool calls on error (4a11c20).
  • Emit TurnEnd events on error paths; enforce write access in mkdtempSync (25cd30a).
  • Graceful error recovery during stream event processing (888c614).
  • Fix slash menu pre-selection and multi-line input overflow (32fce5e).
  • Add --hide-cwd-in-prompt flag (37f8361).

Session Management

  • Delete sidecar directory when trashing session files (efed69b).
  • Gracefully handle missing pi_session_meta table; reject directory paths in file tool (75987eb).
  • Move index snapshot writes to background thread (d3dad76).
  • Always break bash RPC loop after kill; restrict session store truncation to last segment only (1bf7b3d).

Tools

  • Add find_rg_binary helper and respect workspace .gitignore in grep/find (12cce2e).
  • Use subarray for Buffer.slice and getrandom for crypto randomness in shims (6cdfbbe).
  • Correct CRLF normalization and between-changes diff context (50c9e10).
  • Replace unbounded file read with size-limited read in EditTool (fa50f24).
  • Canonicalize file paths in EditTool/WriteTool and harden GrepTool match iteration (e4426bd).
  • Guard ReadTool image scaling against division-by-zero and simplify line counting (cf69a47).
  • Rewrite split_diff_prefix with explicit byte-walking parser (d80d5b4).
  • CRLF idempotency bug, redundant counter, div-by-zero guard, kill() clarity (ba6df5e).

HTTP & Streaming

  • Handle transient WriteZero errors in SSE streaming gracefully (closes #12) (5360d79).
  • Handle EINTR across all streaming read loops (b2e7150).
  • Clamp HTTP buffer consume to bounds (fa66d94).
  • Add sync_all() before atomic renames for crash safety (eaa63b3).

Performance

  • Preserve string buffer capacity by replacing mem::take with clone+clear (2927bbd).

CI

  • Split clippy into per-target-kind gates to avoid rch timeout (d12a83a).
  • Harden proposal validation paths, file ref quoting, and tree selection arithmetic (c603f8f).

v0.1.7 -- 2026-02-22 -- Draft

Tag: 5bffab9

A stabilization release focused on streaming renderer performance, session index optimization, and CI/build reliability. Draft release (no published binaries).

Streaming & Rendering

  • Optimize streaming markdown rendering with intelligent format detection (57fe905).
  • Add streaming markdown fence stabilization for live rendering (8903571).
  • Optimize streaming renderer hot path and session serialization (c5d8ae6).

Session

  • Add best-effort session index snapshot update helper (a5c86f6).
  • Optimize session index snapshot update with borrowed parameters (c0e86a8).

Agent Core

  • Harden agent dispatch, SSE streaming, provider selection, and risk scoring (0513a80).
  • Harden abort handling, UTF-8 safety, IO guards, and extension streaming (ee12566).
  • Remove local charmed-bubbletea patch that breaks CI builds (9673414).

Installer

  • Prevent PROXY_ARGS unbound variable error on bash < 4.4 (f9f1c3d).

CI & Packaging

  • Repair release workflow: stub missing submodule, use ARM macOS runner (3357e30).
  • Include docs/wit/extension.wit in crate package (5bffab9).

v0.1.6 -- 2026-02-21 -- Release

Tag: 9dd3b3b

Hotfix release addressing an OpenAI provider lifetime issue.

  • Fix OpenAI lifetime issue that prevented streaming completion (9dd3b3b).

v0.1.5 -- 2026-02-20 -- Tag-only

Tag: c22199d

Performance-focused release with allocation reduction, UI streaming overhaul, and critical deadlock/memory-leak fixes. No GitHub Release was published.

Performance

  • Eliminate unnecessary heap allocations across providers, session store, and diff generation (606fccb).
  • Eliminate redundant deep clones in agent loop and provider streams (e9c108c).
  • Eliminate intermediate allocations in resource loading (6b7caaf).
  • Reduce allocations across agent core, model catalog, and tool output paths (96fec6d).
  • Fix message ordering in agent loop and pre-allocate session vectors (2831682).

New Features

  • Synchronous package resource resolution for config fast paths (695ad17).
  • Fast-path config --show and --json output when no packages installed (829dcbc).

Stability Fixes

  • Fix potential deadlock: drop mutex guard before async channel send (0211bbd).
  • Eliminate memory leak in Azure provider role name handling (7216f86).
  • Fix scheduler has_pending false positive and clean up session parsing (f176d20).

UI

  • Overhaul UI streaming pipeline to eliminate flicker and improve responsiveness (9ff9de8).
  • Harden streaming UI paths and reduce model-list churn (8ae9022).

Security

  • Prevent XML injection in file tag name attributes (e9623a0).

v0.1.4 -- 2026-02-20 -- Release

Tag: 12b2e6e

Major security hardening release with path traversal prevention, command obfuscation normalization, OOM guards, and a complete overhaul of the hostcall scheduler. Also introduces zero-copy OpenAI serialization and multi-source message fetchers.

Security

  • Path traversal prevention: safe_canonicalize() handles non-existent paths via logical normalization with symlink-aware ancestor resolution; module resolution enforces scope monotonicity within extension roots (d1982f3).
  • Command obfuscation normalization: new normalize_command_for_classification() strips shell obfuscation techniques (${ifs}, backslash-escaped whitespace) before dangerous command classification (d1982f3).
  • OOM guards: depth limits on recursive JSON hashing (128), MAX_MODULE_SOURCE_BYTES (1 GB), MAX_JOBS_PER_TICK (10,000), SSE buffer limits (10 MB total, 100 MB per-event) (0e17d52).
  • Fast-lane policy enforcement: extension dispatcher fast-lane now runs capability policy checks before executing hostcalls (d1982f3).
  • Atomic file permissions: auth storage and Anthropic device ID files use OpenOptions::mode(0o600) instead of post-hoc chmod (d1982f3).

Provider Improvements

  • Zero-copy OpenAI serialization: request types use lifetime-parameterized borrows instead of owned Strings (f518bb0).
  • Empty base URL handling: all normalize_*_base functions now return canonical defaults for empty/whitespace input (f518bb0).
  • Gemini/Vertex robustness: unknown part types (executableCode, etc.) silently skipped; ThinkingEnd events emitted for open thinking blocks (f518bb0).

Agent Loop & RPC

  • Multi-source message fetchers: steering and follow-up fetchers are now Vec-based with additive registration, enabling RPC + extensions to both queue messages (355d7e9).
  • Queue bounds: MAX_RPC_PENDING_MESSAGES (128), MAX_UI_PENDING_REQUESTS (64) prevent OOM (355d7e9).
  • Error persistence fix: max_tool_iterations error now synced to in-memory transcript (355d7e9).

Session Persistence

  • Batched index updates: group by sessions_root for amortized DB access (1df017d).
  • RawValue frames: session store v2 uses Box<RawValue> to avoid re-serializing payloads (1df017d).
  • Partial hydration tracking: v2_message_count_offset for tail-mode session loading (1df017d).

Tools

  • Correct truncation semantics: trailing newline no longer inflates line count (d86e144).
  • DoS guard: BASH_FILE_LIMIT_BYTES (100 MB) prevents unbounded output reads (d86e144).

Hostcall System

  • Log-sinking batch planner: preserves global request ordering with log-call buffering (9792cf6).
  • Generation-keyed ghost cache: O(log n) ghost operations replacing O(n) VecDeque scans (9792cf6).
  • FIFO scheduler: VecDeque replaces BinaryHeap for monotone-sequence macrotask queue (9792cf6).

Installer

  • Remove auto-hook installation; add idempotent removal of installer-managed hook entries from prior versions (d2ffdbb).
  • Bound network fetch latency during post-install steps (c7a3b2b).

Other

  • Extension events use camelCase serialization matching TypeScript wire format (0e17d52).
  • Doctor checks for rg and fd/fdfind dependencies (0e17d52).
  • Gist URL parser rejects profile links and non-canonical paths (0e17d52).
  • TUI markup parser rewritten with explicit state machine (0e17d52).
  • Explicitly shut down extension runtimes before session drop to prevent QuickJS GC assertion (fa49f58).
  • 9 new regression tests covering security fixes and edge cases (8b1db8a).

v0.1.3 -- 2026-02-19 -- Release

Tag: 6637f26

Re-enables the dual JS/TS + native-Rust extension runtime, introduces argument-aware runtime risk scoring with heredoc AST analysis, and adds a live-provider extension validation tool.

Extension Runtime

  • Re-enable JS/TS extension runtime alongside native-Rust descriptors, restoring the dual-runtime model (ee78a58).
  • Recognize JS/TS files as valid extension entrypoints in the package manager (e9f3c9e).

Security

  • Argument-aware runtime risk scoring with DCG integration and heredoc AST analysis via ast-grep (ad26a4f).

Testing & Validation

  • Add ext_release_binary_e2e tool for live-provider extension validation against real (non-mocked) provider responses (409742e).
  • Harden release-binary extension harness for OAuth-first auth and stable capture (2b41b09).
  • Overhaul scenario harness with setup merging, shared context, and parity improvements (93ac8d9).
  • Add normalize_anthropic_base unit tests and proptest (374f8e6).

Models & HTTP

  • Add codex-spark registry entry and xhigh thinking support (cef709c).
  • Make default request timeout env-configurable with explicit no-timeout mode (74e8f1f).

v0.1.2 -- 2026-02-18 -- Release

Tag: 27bdebc

Focused on OpenAI Codex provider correctness and a comprehensive credential resolution overhaul adding OAuth support for multiple providers.

OpenAI Codex Provider

  • Add all required Codex API fields (instructions, store, tool_choice, parallel_tool_calls, text.verbosity, include, reasoning) (0485fb4).
  • Send system prompt as top-level instructions field (2a56374).
  • Skip max_output_tokens (unsupported by Codex API), use actual thinking level for reasoning.effort (1d7610b).
  • Tolerate missing Content-Type header in streaming response (27bdebc).

Auth & Provider Overhaul

  • Case-insensitive provider matching across all provider lookups (8671312).
  • Native OAuth support for OpenAI Codex, Google Gemini CLI, and Google Antigravity (14e5016).
  • Kimi Code OAuth support and credential resolution overhaul (8671312).
  • Convenience aliases for Kimi, Vercel, and Azure providers (2581af0).
  • OAuth CSRF validation, bearer token marking, gcloud project discovery, and Windows home directory support (63265e5).
  • Anthropic base URL normalization and OAuth bearer lane (efba9c8).
  • Keyless model support for models that do not require configured credentials (705f692).
  • Filter /model overlay to show only credential-configured providers (9e350a5).

Installer

  • Add offline tarball mode, proxy support, and agent hook management (be404aa).
  • Reorder download candidates, suppress 404 noise (6025912).
  • Handle missing SHA256SUMS and prioritize archive candidates (7cc84de).

v0.1.0 -- 2026-02-17 -- Tag-only

Tag: f8980ad

First tagged milestone. The complete from-scratch Rust port of Pi Agent by Mario Zechner, built on asupersync and rich_rust. No GitHub Release was published for this tag.

Core Architecture

  • Single static binary, no Node/Bun runtime dependency.
  • Built on asupersync structured concurrency runtime with HTTP/TLS and Cx-based capability contexts.
  • Terminal UI powered by rich_rust (Rust port of Python Rich) with markup syntax, tables, panels, and progress bars.

Agent & Providers

  • Full agent loop with streaming token output, extended thinking support, and conversation branching.
  • Anthropic, OpenAI Chat Completions, Azure, Bedrock, Gemini/Vertex, Cohere, Kimi, and Ollama provider implementations.
  • Custom SSE parser with UTF-8 tail handling, scanned-byte tracking, and chunk boundary normalization.

Tools (7 built-in)

  • read -- file contents and image reading with automatic resizing.
  • write -- file creation and overwrite.
  • edit -- surgical string replacement.
  • bash -- shell command execution with process tree management and timeout.
  • grep -- content search with context lines.
  • find -- file discovery by pattern.
  • ls -- directory listing.
  • All tools include automatic truncation (2000 lines / 50 KB) and detailed metadata.

Session Management

  • JSONL-based session persistence with conversation branching and tree visualization.
  • Session picker with resume, recent session tracking, and project-scoped sessions.
  • Model/thinking level change tracking within sessions.

Extensions

  • QuickJS-based JS/TS extension runtime (no Node or Bun required).
  • Native-Rust descriptor runtime for *.native.json extensions.
  • Node API shims for fs, path, os, crypto, child_process, url, and more.
  • Capability-gated hostcall connectors (tool/exec/http/session/ui/events).
  • Command-level exec mediation blocking dangerous shell signatures before spawn.
  • Trust-state lifecycle (pending/acknowledged/trusted/killed) with kill-switch audit logs.
  • Hostcall reactor mesh with deterministic shard routing and bounded queue backpressure.
  • Sub-100 ms cold load (P95), sub-1 ms warm load (P99).
  • 224-entry extension catalog with per-extension conformance status.

Interactive TUI

  • Multi-line text editor with history and scrollable conversation viewport.
  • Model selector (Ctrl+L), scoped model cycling (Ctrl+P/Ctrl+Shift+P).
  • Session branch navigator (/tree).
  • Real-time token/cost tracking.
  • Context-aware autocomplete for @ file references and / slash commands with fuzzy scoring.
  • Login/logout slash commands.

Three Execution Modes

  • Interactive (pi) -- full TUI with streaming, tools, session branching.
  • Print (pi -p "...") -- single response to stdout, scriptable.
  • RPC (pi --mode rpc) -- line-delimited JSON protocol for IDE integration.

Performance Foundation

  • Allocation-free hostcall dispatch and zero-copy tool execution.
  • Fast-path bypass for io_uring and allocation-free shadow sampling.
  • Enum-based session hostcall dispatch replacing string matching.
  • Session save hotpath optimization and tree traversal for large sessions.
  • NUMA-aware slab pool and replay trace recording to hostcall reactor.
  • Extension runtime from QuickJS/JS migrated to native Rust during this cycle.

CI & Quality

  • CI with clippy, rustfmt, test, and benchmark gates.
  • Release workflow for Linux (x86_64, aarch64), macOS (x86_64, aarch64), and Windows targets.
  • Conformance test suite with 224/224 vendored extension scenarios.
  • FrankenNode compatibility test harness for Node.js detection and Bun shim rejection.
  • Benchmark comparison reports against legacy TypeScript implementation.

Installer

  • curl | bash installer with platform detection, SHA256 verification, and legacy-pi alias creation.
  • Session migration command and credential pruning.
  • Clipboard via arboard and Copilot/GitLab OAuth providers.

Pre-v0.1.0 (2026-02-02 -- 2026-02-17)

Initial development from first commit (37b6c7b) through to the v0.1.0 tag. This period covers the entire from-scratch port including core architecture, all providers, the extension system, the interactive TUI, and the benchmark/conformance infrastructure.

Key early commits:

  • Initialize Rust port project with guidelines and legacy code (37b6c7b).
  • Implement core Rust port foundation (53a8f7d).
  • Add SSE parser and fix compilation (36fcd89).
  • Integrate rich_rust for terminal UI (149e54e).
  • Implement OpenAI Chat Completions provider (6dd3d70).
  • Complete pi_agent_rust MVP with session picker and test fixes (a72dfca).
  • Add session branching, expanded conformance fixtures (21c735d).
  • Wire interactive TUI and add extension docs (7694d65).
  • Add package manager, extensions, and fix Unicode panic (b2ff486).
  • Port RPC mode, conformance, and benchmarks (cd23248).
  • Add login/logout slash commands to TUI (d8a093a).
  • Migrate extension runtime from QuickJS/JS to native Rust (d20f236).
  • Migrate clipboard to arboard and add Copilot/GitLab OAuth providers (91d3f0b).