New Features

• Claude Fable 5 - Claude Fable 5 is now available on the Anthropic and Amazon Bedrock providers, with adaptive thinking and xhigh effort support.
• Prompt template defaults - Prompt templates can use default positional arguments such as ${1:-7} for optional values. See Prompt Template Arguments.
• Configurable project trust defaults - defaultProjectTrust lets users choose whether unresolved project trust asks, always trusts, or never trusts by default, and extensions can inspect effective trust decisions. See Project Trust and ctx.isProjectTrusted().
• Natural extension autocomplete triggers - Extension autocomplete providers can declare trigger characters such as # or $ so suggestions open without slash-command prefixes. See Autocomplete Providers.

Added

• Added default-value expansion for prompt template positional arguments, e.g. ${1:-7} (#5553 by @dannote).
• Added areExperimentalFeaturesEnabled feature guard to allow users to opt in to early features (#5547 by @vegarsti).
• Added ctx.isProjectTrusted() for extensions to observe the effective project trust decision, including temporary trust decisions (#5523).
• Added a global defaultProjectTrust setting to choose whether unresolved project trust asks, always trusts, or never trusts by default.
• Added extension autocomplete trigger character support for ctx.ui.addAutocompleteProvider() wrappers (#4703).
• Added Claude Fable 5 model support inherited from @earendil-works/pi-ai for the Anthropic and Amazon Bedrock providers, with adaptive thinking and xhigh effort support.

Fixed

• Fixed inherited Amazon Bedrock inference profile ARN region resolution to prefer the ARN's embedded region over AWS_REGION (#5527 by @AJM10565).
• Fixed inherited IME hardware cursor positioning while slash-command autocomplete is visible (#5283 by @smoosex).
• Fixed inherited z.ai thinking-off requests to send the provider's thinking: { type: "disabled" } compatibility parameter (#5330).
• Fixed inherited OpenCode completions model metadata to send explicit maxTokens as max_tokens (#5331).
• Fixed inherited Moonshot Kimi thinking-off requests to send the provider's thinking: { type: "disabled" } compatibility parameter (#5531).
• Fixed inherited Azure OpenAI Responses requests to disable server-side response storage (#5530).
• Fixed inherited Azure GPT-5.4 and GPT-5.5 context window metadata to 1,050,000 tokens, matching Azure Foundry deployments instead of OpenAI's 272k limit (#5559).
• Fixed inherited OpenAI and Azure GPT-5 Pro maxTokens metadata to 128,000, correcting an upstream value that duplicated the input sub-limit as the output limit (#5559).
• Fixed inherited prompt history navigation to restore the current draft when returning from history browsing (#5494).
• Fixed inherited wrapping for mixed Latin and CJK text so unspaced CJK runs can break at grapheme boundaries without leaving large trailing gaps (#5495).
• Fixed extension OAuth login prompts to keep previous submitted prompt rows stable instead of mirroring the active input value (#5433).
• Fixed /reload to apply updated steeringMode and followUpMode settings to the current session (#5377).
• Fixed invalid models.json syntax to skip startup config migrations and report the normal file-path-aware models error instead of a raw JSON parse stack trace (#5418).
• Fixed GitHub release notes and interactive changelog links to resolve package-relative documentation URLs correctly (#5516).
• Fixed CLI help and version output, including plain redirected --help/--version output and simplified list/config help text.
• Fixed /new from ephemeral sessions to keep the new session ephemeral instead of persisting it by default (#5045).
• Clarified custom model docs that name and modelOverrides.name do not replace model IDs in the footer or primary model lists (#4841).

New Features

• Project trust for local inputs - Pi now asks before loading project-local settings, resources, instructions, and packages, with saved decisions and --approve / --no-approve controls for non-interactive modes. See Project Trust.
• Extension-controlled trust decisions - Global and CLI extensions can handle project_trust, decide, remember, or defer project trust before project-local resources load. See project_trust.
• Cache-hit visibility in the footer - The interactive footer now shows the latest prompt cache hit rate (CH). See Interactive Mode.
• Richer SDK and RPC extension surfaces - Public exports now include RPC extension UI request/response types and package asset path helpers. See Extension UI Protocol and SDK Exports.

Added

• Added a project_trust extension event so global and CLI extensions can decide or defer project trust during startup and runtime cwd switches.
• Added project trust gating for project-local settings, resources, instructions, and packages (#5332).
• Added the latest prompt cache hit rate to the interactive footer.
• Exported RPC extension UI request and response types from the public API (#5455).
• Exported coding-agent package asset path helpers from the public API (#5415).

Fixed

• Fixed package exports by removing the stale ./hooks subpath that pointed at non-existent build output.
• Fixed inherited TUI rendering to clear stale lines when content shrinks to zero.
• Fixed inherited autocomplete suggestions to refresh after editor cursor movement (#5499 by @Roman-Galeev).
• Fixed /reload to persist project trust when an implicitly trusted session creates a project .pi directory.
• Fixed project trust input discovery to traverse parent directories portably.
• Fixed inherited intermittent Shift+Enter handling by making Kitty keyboard protocol fallback response-driven instead of timeout-driven (#5188).
• Fixed the compaction summarization system prompt to use neutral AI assistant wording for non-coding agents (#5401).
• Fixed models.json schema support and inherited OpenAI Responses custom-provider handling for compat.supportsDeveloperRole: false (#5456).
• Fixed inherited prompt history navigation to place the cursor at the start when browsing upward and at the end when browsing downward (#5454).
• Fixed tmux setup documentation to require tmux 3.5 for extended-keys-format csi-u and document the tmux 3.2-3.4 fallback (#5432).
• Fixed inherited OpenRouter routing preferences on OpenAI-compatible custom providers to work when the custom provider base URL does not point directly at OpenRouter (#5347).
• Fixed built-in tool expand hints to style closing parentheses consistently (#5359).
• Fixed skill-wrapped prompts to insert spacing between skill instructions and the user message (#5371 by @Perlence).

New Features

• More built-in provider coverage - Added Ant Ling and NVIDIA NIM provider setup, plus MiniMax-M3 support for the direct MiniMax providers. See Providers.
• Richer extension context - Extensions can use ctx.mode and ctx.getSystemPromptOptions() to adapt behavior across TUI, RPC, JSON, and print modes and inspect base system prompt inputs. See Extensions.

Added

• Added containerization documentation and a Gondolin extension example for routing built-in tools into a local micro-VM.
• Added Ant Ling provider selection and setup documentation.
• Added MiniMax-M3 model support inherited from @earendil-works/pi-ai for the minimax and minimax-cn direct providers (#5313).
• Added NVIDIA NIM provider selection, setup documentation, and direct NIM request attribution headers.
• Added ctx.mode to extension contexts so extensions can distinguish TUI, RPC, JSON, and print mode.
• Added ctx.getSystemPromptOptions() for extension commands to inspect the current base system prompt inputs (#5306 by @xl0).

Fixed

• Fixed temporary extension package installs to use a private ~/.pi/agent/tmp/extensions directory with 0700 permissions instead of os.tmpdir()/pi-extensions.
• Fixed git package source handling to reject unsafe host/path components and keep managed clone paths inside install roots.
• Fixed stored XSS in HTML session exports by sanitizing Markdown link and image URLs with a scheme allow-list after stripping control characters.
• Fixed SDK embedding in bundled Node apps failing with ENOENT when package.json is not present next to the bundle entrypoint. The package metadata reader now gracefully handles missing package.json by using defaults, enabling createAgentSession() without requiring package-adjacent files at runtime (#5226).
• Fixed HTTP timeout setting not being respected for non-Codex providers (e.g., llama.cpp via OpenAI-compatible API). The httpIdleTimeoutMs setting (set via /settings HTTP timeout) now applies as the default SDK request timeout for all providers that support it, not just OpenAI Codex Responses. Disabling the timeout (HTTP timeout = false) now correctly disables SDK timeouts for all supported providers by sending a maximum int32 value (effectively infinite) instead of 0, since SDKs treat timeout=0 as an immediate timeout (#5294).
• Fixed inherited Amazon Bedrock requests to replace blank required user/tool-result text with a placeholder and skip blank replay text blocks (#4975).
• Fixed inherited Anthropic Claude Opus 4.7+ requests to suppress deprecated temperature parameters (#5251 by @yzhg1983).
• Fixed inherited OpenAI GPT-5.5 generated metadata to omit unsupported minimal thinking (#5243).
• Fixed inherited OpenRouter Kimi K2.6 thinking replay and developer-role instruction handling (#5309).
• Fixed inherited OpenRouter reasoning instruction requests to preserve the system role when required (#5221 by @PriNova).
• Fixed inherited overlay focus restoration so non-capturing overlays remain interactive after UI rerenders and explicit focus release (#5235 by @nicobailon).
• Fixed inherited tab width accounting in column slicing and overlay compositing so tab-containing output cannot exceed the terminal width (#5218).
• Fixed opening and listing very large JSONL session files by reading session entries line-by-line instead of materializing the full file as one string (#5231).
• Fixed the footer branch display in WSL /mnt/... repositories to refresh after branch changes (#5264 by @psoukie).
• Fixed renderShell: "self" tool renderers that emit no component lines leaving a blank chat row (#5299).
• Restored inherited NVIDIA Qwen 3.5 122B NIM model support.

New Features

• Named startup sessions - --name / -n sets the session display name before startup across interactive, print, JSON, and RPC modes. See Naming Sessions and Session Options.
• Clickable file tool paths - built-in file tool titles render OSC 8 file:// hyperlinks when the terminal supports them, including supported tmux clients.

Added

• Exported convertToPng for extension authors (#5167 by @xl0).
• Exported parseArgs and type Args for extension authors (#5202 by @xl0).
• Added --name / -n to set the session display name at startup (#5153).
• Added a resume command hint when exiting interactive sessions (#5176 by @yzhg1983).
• Added OSC 8 file:// hyperlinks to file paths shown in built-in file tool titles (#5189 by @mpazik).
• Added custom Amazon Bedrock request header support inherited from @earendil-works/pi-ai (#5178 by @stephanmck).

Fixed

• Clarified the WezTerm/WSL IME hardware cursor docs to state that cursor visibility remains opt-in (#5200).
• Fixed the GitLab Duo custom provider example to use adaptive thinking for Claude models, expose xhigh thinking, and include newer verified model IDs (#5201).
• Fixed Bun release archive creation to install and copy the matching @mariozechner/clipboard base package and native sidecars (#5184).
• Fixed early interactive input typed before the prompt loop starts so it is buffered instead of dropped (#5195 by @yzhg1983).
• Fixed OpenRouter Moonshot Kimi K2.6 requests to use system instead of unsupported developer messages (#5159).
• Fixed OpenCode Go Kimi K2.6 thinking requests to send thinking objects instead of invalid string values, and fixed OpenCode Zen Grok Build thinking requests to omit unsupported reasoning_effort (#5169).
• Fixed OpenAI Codex Responses SSE streams to abort response body reads after terminal events.
• Fixed OpenCode Kimi K2.6 generated metadata to use Anthropic-style thinking metadata instead of invalid reasoning-effort parameters.
• Fixed OSC 8 hyperlinks to pass through tmux when the client supports them (#5189 by @mpazik).
• Fixed ANSI text wrapping to avoid stack overflows on very long wrapped lines (#5185).

New Features

• Claude Opus 4.8 support - Adds Anthropic Claude Opus 4.8 metadata and updates Opus adaptive-thinking coverage.
• Selective tool disablement - --exclude-tools / -xt disables specific built-in, extension, or custom tools while leaving the rest available. See Tool Options.
• Headless Codex subscription login - /login can use device-code auth for ChatGPT Plus/Pro Codex subscriptions. See Subscriptions and OpenAI Codex.
• Streaming-aware extension input - extensions can distinguish idle prompts, mid-stream steers, and queued follow-ups with InputEvent.streamingBehavior. See Input Events.

Added

• Added --exclude-tools / -xt to disable specific built-in, extension, or custom tools while leaving the rest available (#5109).
• Added OpenAI Codex subscription device-code login as a selectable headless alternative while keeping browser login as the default (#4911 by @vegarsti).
• Added streamingBehavior to extension input events so extensions can distinguish idle prompts from mid-stream steers and queued follow-ups (#5107 by @DanielThomas).
• Added Claude Opus 4.8 model metadata for Anthropic and updated Opus adaptive-thinking coverage to use it.

Fixed

• Fixed startup timing output so readPipedStdin no longer includes createAgentSessionRuntime work (#4829).
• Fixed OpenRouter DeepSeek V4 xhigh reasoning metadata to preserve OpenRouter's native effort instead of sending DeepSeek's max effort (#4801).
• Fixed custom session directories so current-folder resume/continue lookups stay scoped to the active cwd while all-session listings cover the custom directory.
• Fixed SIGTERM/SIGHUP exits to run extension session_shutdown cleanup and restore the terminal: signal-triggered shutdown now emits session_shutdown before any terminal writes, and SIGHUP no longer hard-exits, so extension resources (e.g. sockets) are released even when the terminal is gone (#5080).
• Fixed keyboard protocol negotiation to ignore mismatched or delayed terminal responses, avoiding false Kitty keyboard protocol detection (#5091 by @mitsuhiko).
• Fixed Windows startup crashes under MSYS2 ucrt64 Node.js by updating the native clipboard addon to napi-rs 3.x (#5028).
• Fixed API key and header config resolution to treat plain strings as literals, support $ENV_VAR / ${ENV_VAR} interpolation and $! bang escaping, and require explicit env syntax for config files, avoiding Windows case-insensitive env matches corrupting literal keys (#5095).
• Fixed session disposal to abort in-flight agent, compaction, branch summary, retry, and bash work (#5029 by @TerminallyChilI).
• Fixed pi.getAllTools() to expose each tool's promptGuidelines for extensions that need per-tool guideline attribution (#4879).
• Fixed OpenAI Codex Responses replay after switching from Anthropic extended-thinking sessions by generating unique fallback message item IDs for converted thinking/text blocks (#5148).
• Fixed Anthropic-compatible replay for providers that return empty thinking signatures by adding an opt-in allowEmptySignature compatibility flag (#4464).
• Fixed OpenAI and OpenRouter GPT-5.5 Pro thinking level metadata to expose only supported medium, high, and xhigh efforts.
• Fixed OpenCode Go Kimi K2.6 thinking-off requests to send thinking: "none" (#5078).
• Fixed Xiaomi Token Plan model metadata to omit unsupported mimo-v2-flash variants (#5075).
• Fixed follow-up messages queued by agent_end extension handlers to drain before the agent becomes idle (#5115 by @DanielThomas).
• Fixed extension input events to report streamingBehavior only for prompts actually queued during streaming (#5107 by @DanielThomas).
• Fixed system prompt tool-selection guidance to avoid preferring unavailable file exploration tools (#5132).
• Fixed fenced diff code blocks and other highlight.js scopes to keep theme-aware syntax colors after the cli-highlight replacement (#5092).

New Features

• Explicit session IDs for automation - --session-id <id> lets scripts create or resume an exact project-local session. See Sessions.
• RPC bash output can stay out of model context - RPC clients can pass excludeFromContext to bash for commands whose output should not be sent with the next prompt. See RPC mode.
• More predictable provider retries and timeouts - Codex WebSocket/SSE waits are bounded, and retry.provider.maxRetries controls provider retries instead of hidden SDK defaults. See Retry settings.
• Better terminal editing across environments - Apple Terminal Shift+Enter, Windows/JetBrains capability detection, and Unicode-aware word navigation improve interactive editing. See Terminal setup and Keybindings.

Added

• Added --session-id to let CLI callers use an exact project-local session ID, creating it if missing (#4874).
• Added excludeFromContext flag to the bash RPC command for parity with the internal executeBash API (#5039).

Fixed

• Fixed user message transcript rendering to preserve user-authored ordered-list markers (#5013).
• Fixed self-update commands to bypass npm, pnpm, and Bun minimum release age gates for explicit pi update runs (#4929).
• Fixed context token estimates to count user image attachments consistently with tool result images (#4983).
• Fixed httpIdleTimeoutMs to apply to OpenAI Codex Responses WebSocket idle waits, added websocketConnectTimeoutMs for bounded WebSocket connect waits, and added a 10s Codex SSE response-header timeout (#4945).
• Fixed RpcClient to reject pending requests and consume stdin pipe errors when the child process exits unexpectedly (#4764).
• Fixed managed npm extension updates to avoid package managers installing or resolving pi host packages as peer dependencies (#4907).
• Fixed RPC mode raw stdout writes to retry transient backpressure errors and flush queued protocol output during shutdown (#4897).
• Fixed OpenAI Codex Responses cache-affinity headers to send session-id instead of proxy-incompatible session_id (#4967).
• Fixed openai-codex/gpt-5.3-codex-spark model metadata to use its 128k context window (#4969).
• Fixed OpenRouter/Poolside context overflow detection for maximum allowed input length errors (#4943).
• Fixed provider retry controls so retry.provider.maxRetries is honored, SDK retries default to 0, and quota/billing 429s are not retried behind Pi's retry handling (#4991 by @mitsuhiko).
• Fixed Apple Terminal Shift+Enter by detecting local macOS modifier state when Terminal.app sends plain Return.
• Fixed Windows Terminal capability detection to enable OSC 8 hyperlinks, preserving clickable long URLs across wrapped lines (#4923).
• Fixed JetBrains terminal capability detection to enable truecolor while disabling unsupported OSC 8 hyperlinks (#5037 by @Perlence).
• Fixed editor and input word navigation/deletion to use Unicode word boundaries while preserving ASCII punctuation boundaries (#5022 by @haoqixu, #5067 by @haoqixu, #5068 by @haoqixu).

New Features

• Cleaner read tool output - Collapsed read tool cards now show only the read line by default, while Ctrl+O still expands the full file content.
• Faster file tools on Windows - Built-in file tools now use async filesystem operations during streaming, and image resizes run off the main TUI thread in a worker.
• More reliable package updates - pi update and git package installs now reconcile pinned git refs and keep package settings intact. See Packages.
• Custom Anthropic-compatible adaptive thinking - Custom provider model configs can opt into adaptive-thinking Claude behavior with compat.forceAdaptiveThinking. See Custom providers and Models.

Added

• Added compat.forceAdaptiveThinking support to custom Anthropic-compatible model configuration docs and validation (#4797 by @mbazso).
• Added a standard unified patch to edit tool result details for SDK consumers (#4821).

Changed

• Changed collapsed read tool cards to show only the read line until expanded (#4916).
• Replaced the inherited optional koffi dependency for Windows VT input with a tiny vendored native helper, reducing install size while preserving Shift+Tab handling (#4480).
• Changed the root development install documentation to use npm install --ignore-scripts (#4868).

Fixed

• Fixed pi update to reconcile git-pinned packages to their configured ref (#4869).
• Fixed package/resource path handling for Windows and glob/pattern resolution (#4873 by @mitsuhiko).
• Fixed config pattern matching to resolve patterns from the correct base directory (#4898 by @haoqixu).
• Fixed theme pickers to list themes by their content name instead of file stem (#4830 by @Perlence).
• Fixed OpenCode Zen/Go requests to send per-session OpenCode routing headers (#4847).
• Fixed Amazon Bedrock provider loading under strict package managers by inheriting the declared @smithy/node-http-handler dependency from @earendil-works/pi-ai (#4842).
• Fixed inherited Amazon Bedrock Claude requests to send the model output token cap by default, avoiding Bedrock's 4096-token default truncation (#4848).
• Fixed exported session HTML to escape quote characters in attribute values (#4832).
• Fixed GitHub Copilot device-code login to keep opening the verification URL in browser-capable environments while ignoring browser launch failures for headless use (#4788 by @vegarsti).
• Fixed git package installs to reconcile existing checkouts to the requested ref and update package settings without losing filters (#4870).
• Published a 0.74.2 rescue release that tells Node 20 users to upgrade Node before updating to newer Pi versions (#4876).
• Fixed final bash tool cards to avoid rendering duplicate full-output truncation paths (#4819).
• Fixed bash tool truncation line counts to ignore the trailing newline as an extra output line (#4818).
• Fixed footer home-directory abbreviation to avoid shortening sibling paths that only share the same prefix (#4878).
• Fixed macOS Bun release binaries to resolve the native clipboard sidecar so Ctrl+V image paste can load @mariozechner/clipboard (#4307).
• Fixed coding-agent tools to avoid synchronous filesystem operations during streaming and moved image resizing off the main TUI thread (#4756 by @mitsuhiko).

Fixed

• Fixed pi update on Node 20 to explain that newer Pi releases require Node >= 22.19.0 instead of reporting a successful no-op update (#4876).
• Changed self-update package-manager commands to pass --ignore-scripts.

New Features

• Hardened npm install and release path - Pi now ships the CLI with a generated shrinkwrap for transitive dependencies, blocks accidental lockfile changes, verifies dependency pinning and lifecycle-script allowlists in checks, disables lifecycle scripts for self-update and local release installs where supported, and smoke-tests isolated npm and Bun installs before release. See Supply-chain hardening.

Added

• Added interactive update notes after pi update runs, so users can see the installed version's changelog before continuing (#4724 by @mitsuhiko).
• Exported image resize utilities from the package root for SDK consumers (#4775 by @xl0).

Changed

• Changed source syntax to avoid TypeScript constructs that require JavaScript emit, keeping core sources compatible with Node.js strip-only TypeScript checks.
• Removed web UI workspace references from the CLI package and dropped the package-level development watch script.
• Published npm installs now include an npm-shrinkwrap.json to lock transitive dependencies for the CLI package.
• Improved terminal theme detection for light/dark and truecolor handling.
• Changed self-update package-manager commands to disable lifecycle scripts during reinstall.

Fixed

• Fixed the system prompt to tell models to resolve pi docs and examples under the absolute package paths before reading topic-specific relative references (#4752).
• Fixed extension ctx.abort() during tool-call preflight to stop later confirmations and restore queued interactive input like Escape (#4276).
• Fixed AgentSession retry, compaction, and event settlement to use the awaited agent lifecycle instead of a separate event queue, and added willRetry to agent_end session events.
• Fixed forked session runtime state to keep the active session id aligned with the fork target (#4799 by @Perlence).
• Fixed the subagent extension's parallel mode to return useful per-task output and failed-task diagnostics to the parent model instead of 100-character previews (#4710).
• Fixed Windows local bash execution to hide helper console windows when launched from background SDK processes (#4699).
• Fixed managed npm extension folders to set cloud-sync ignore metadata where supported (#4763).
• Fixed HTTP idle timeout configuration so long-running provider streams can avoid premature idle disconnects (#4759 by @mitsuhiko).
• Fixed default system prompt boundaries to use explicit XML tags for clearer file separation (#4709 by @herrnel).
• Fixed HTML share/export sidebar clicks for shared tool entries to scroll to the rendered tool call (#4664 by @yzhg1983).
• Fixed theme palettes to set explicit text colors and avoid terminal-default color drift.
• Fixed truecolor detection to align terminal image rendering and interactive theme decisions.
• Fixed loader indicator startup inherited from @earendil-works/pi-tui so initialization cannot run before frames are available.
• Fixed OpenAI-compatible default output token requests inherited from @earendil-works/pi-ai to avoid reserving impossible context windows on servers such as vLLM (#4675).
• Fixed OpenAI prompt cache keys inherited from @earendil-works/pi-ai to stay within the 64-character provider limit (#4720).
• Fixed Windows npm-family package commands for fnm-managed Node.js installs that expose both extensionless Unix scripts and .cmd shims (#4793).

Fixed

• Fixed undici 8 HTTP/2 destroyed-session races crashing the Node CLI by preserving the previous HTTP/1.1-only fetch dispatcher behavior (#4681).