badlogic/pi-mono v0.69.0

on GitHub

New Features

• TypeBox 1.x migration for extensions and SDK integrations, including TypeBox-native tool argument validation that now works in eval-restricted runtimes such as Cloudflare Workers. See docs/extensions.md and docs/sdk.md.
• Stacked extension autocomplete providers via ctx.ui.addAutocompleteProvider(...), allowing extensions to layer custom completion logic on top of built-in slash and path completion. See docs/extensions.md#autocomplete-providers and examples/extensions/github-issue-autocomplete.ts.
• Terminating tool results via terminate: true, allowing custom tools to end on a final tool call without paying for an automatic follow-up LLM turn. See docs/extensions.md and examples/extensions/structured-output.ts.
• OSC 9;4 terminal progress indicators during agent streaming and compaction for supporting terminals.

Breaking Changes

• Migrated first-party coding-agent code, SDK/examples/docs, and package metadata from @sinclair/typebox 0.34.x to typebox 1.x. New extensions, SDK integrations, and pi packages should depend on and import from typebox. Legacy extension loading still aliases the root @sinclair/typebox package, but @sinclair/typebox/compiler is no longer shimmed. This migration also picks up the new @mariozechner/pi-ai TypeBox-native validator path, so tool argument validation now works in eval-restricted runtimes such as Cloudflare Workers instead of being skipped (#3112)
• Session-replacement commands now invalidate captured pre-replacement session-bound extension objects after ctx.newSession(), ctx.fork(), and ctx.switchSession(). Old pi and command ctx references now throw instead of silently targeting the replaced session. Migration: if code needs to keep working in the replacement session after one of those calls, pass withSession to that same method and do the post-switch work there. In practice, move post-switch pi.sendUserMessage(), pi.sendMessage(), and command-ctx/session-manager access into withSession, and use only the ReplacedSessionContext passed to that callback for session-bound operations. Footguns: withSession runs after the old extension instance has already received session_shutdown, old cleanup may already have invalidated captured state, captured old pi / old command ctx are stale, and previously extracted raw objects such as const sm = ctx.sessionManager remain the caller's responsibility and must not be reused after the switch.

Added

• Added support for terminating tool results via terminate: true, allowing custom tools to end the current tool batch without an automatic follow-up LLM call, plus a structured-output.ts extension example and extension docs showing the pattern (#3525)
• Added OSC 9;4 terminal progress indicators during agent streaming and compaction, so terminals like iTerm2, WezTerm, Windows Terminal, and Kitty show activity in their tab bar
• Added ctx.ui.addAutocompleteProvider(...) for stacking extension autocomplete providers on top of the built-in slash/path provider, plus a github-issue-autocomplete.ts example and extension docs (#2983)

Fixed

• Fixed exported session HTML to sanitize markdown link URLs before rendering them into anchor tags, blocking javascript:-style payloads while preserving safe links in shared/exported sessions (#3532)
• Fixed ctx.getSystemPrompt() inside before_agent_start to reflect chained system-prompt changes made by earlier before_agent_start handlers, and clarified the extension docs around provider-payload rewrites and what ctx.getSystemPrompt() does and does not report (#3539)
• Fixed built-in google-gemini-cli model lists and selector entries to include gemini-3.1-flash-lite-preview, so Cloud Code Assist users no longer need manual --model fallback selection to use it (#3545)
• Fixed extension session-replacement flows so ctx.newSession(), ctx.fork(), ctx.switchSession(), and imported-session replacements fully rebind before post-switch work runs, added withSession replacement callbacks with fresh ReplacedSessionContext helpers, and make stale pre-replacement pi / ctx session-bound accesses throw instead of silently targeting the wrong session (#2860)
• Fixed models.json built-in provider overrides to accept headers without requiring baseUrl, so request-header-only overrides now load and apply correctly (#3538)