Hardened npm install and release path - Pi now ships the CLI with a generated shrinkwrap for transitive dependencies, blocks accidental lockfile changes, verifies dependency pinning and lifecycle-script allowlists in checks, disables lifecycle scripts for self-update and local release installs where supported, and smoke-tests isolated npm and Bun installs before release. See Supply-chain hardening.
Added
Added interactive update notes after pi update runs, so users can see the installed version's changelog before continuing (#4724 by @mitsuhiko).
Exported image resize utilities from the package root for SDK consumers (#4775 by @xl0).
Changed
Changed source syntax to avoid TypeScript constructs that require JavaScript emit, keeping core sources compatible with Node.js strip-only TypeScript checks.
Removed web UI workspace references from the CLI package and dropped the package-level development watch script.
Published npm installs now include an npm-shrinkwrap.json to lock transitive dependencies for the CLI package.
Improved terminal theme detection for light/dark and truecolor handling.
Changed self-update package-manager commands to disable lifecycle scripts during reinstall.
Fixed
Fixed the system prompt to tell models to resolve pi docs and examples under the absolute package paths before reading topic-specific relative references (#4752).
Fixed extension ctx.abort() during tool-call preflight to stop later confirmations and restore queued interactive input like Escape (#4276).
Fixed AgentSession retry, compaction, and event settlement to use the awaited agent lifecycle instead of a separate event queue, and added willRetry to agent_end session events.
Fixed forked session runtime state to keep the active session id aligned with the fork target (#4799 by @Perlence).
Fixed the subagent extension's parallel mode to return useful per-task output and failed-task diagnostics to the parent model instead of 100-character previews (#4710).
Fixed Windows local bash execution to hide helper console windows when launched from background SDK processes (#4699).
Fixed managed npm extension folders to set cloud-sync ignore metadata where supported (#4763).
Fixed HTTP idle timeout configuration so long-running provider streams can avoid premature idle disconnects (#4759 by @mitsuhiko).
Fixed default system prompt boundaries to use explicit XML tags for clearer file separation (#4709 by @herrnel).
Fixed HTML share/export sidebar clicks for shared tool entries to scroll to the rendered tool call (#4664 by @yzhg1983).
Fixed theme palettes to set explicit text colors and avoid terminal-default color drift.
Fixed truecolor detection to align terminal image rendering and interactive theme decisions.
Fixed loader indicator startup inherited from @earendil-works/pi-tui so initialization cannot run before frames are available.
Fixed OpenAI-compatible default output token requests inherited from @earendil-works/pi-ai to avoid reserving impossible context windows on servers such as vLLM (#4675).
Fixed OpenAI prompt cache keys inherited from @earendil-works/pi-ai to stay within the 64-character provider limit (#4720).
Fixed Windows npm-family package commands for fnm-managed Node.js installs that expose both extensionless Unix scripts and .cmd shims (#4793).