Skip to content

build(deps): bump the root-npm group across 1 directory with 5 updates#282

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/root-npm-dd3744e7cf
Open

build(deps): bump the root-npm group across 1 directory with 5 updates#282
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/root-npm-dd3744e7cf

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the root-npm group with 5 updates in the / directory:

Package From To
@oh-my-pi/pi-agent-core 16.1.20 17.0.0
@oh-my-pi/pi-ai 16.1.20 17.0.0
@oh-my-pi/pi-coding-agent 16.1.20 17.0.0
@oh-my-pi/pi-utils 16.1.20 17.0.0
typescript 6.0.3 7.0.2

Updates @oh-my-pi/pi-agent-core from 16.1.20 to 17.0.0

Release notes

Sourced from @​oh-my-pi/pi-agent-core's releases.

v17.0.0

@​oh-my-pi/pi-agent-core

Breaking Changes

  • Replaced the irc, job, and launch tools with a unified hub tool.
  • Removed the tool discovery system (including the search-tool-bm25 tool) and its associated configuration settings (tools.discoveryMode, tools.essentialOverride, mcp.discoveryMode, and mcp.discoveryDefaultServers).
  • Removed the resolve tool; plan approval and preview actions now use writes to the xd://propose virtual device path.

Added

  • Introduced the xd:// virtual device protocol for mounting tools as URLs readable/writable via read/write tools, configurable via the new tools.xdev setting (defaults to true).
  • Added the hub tool, consolidating agent peer messaging, background job control, and supervised long-running processes.
  • Added the edit.enforceSeenLines configuration setting (defaults to false) to optionally reject edits on lines that have not been fully displayed.
  • Added the ToolLoadMode type and an optional satisfies predicate to SoftToolRequirement to support compliance checks against specific invocation shapes (such as writing to a virtual device path).

@​oh-my-pi/pi-ai

Changed

  • Improved Ollama streaming performance by parsing NDJSON response bytes directly instead of decoding and buffering network chunks as text.

Fixed

  • Fixed Cursor TLS connection resets causing process-fatal uncaught exceptions, allowing the active turn to fail or retry gracefully without terminating the session.
  • Fixed Amazon Bedrock stream error handling to correctly handle non-Error values that cannot be serialized by JSON.stringify.

@​oh-my-pi/pi-coding-agent

Breaking Changes

  • Merged the irc, job, and launch tools into a single unified hub tool (loadMode: "essential"). Messaging, job control, and process supervision operations are now routed through this single tool. SDK: IrcTool, JobTool, LaunchTool, IrcDetails, and JobToolDetails have been removed in favor of HubTool, CoordinationDetails, LaunchToolDetails, and hubToolRenderer from tools/hub.
  • Removed the hidden resolve tool. Staged actions are now finalized through three plain-text resolution devices: xd://resolve (apply preview), xd://reject (discard preview), and xd://propose (submit a plan slug/title for approval). The write tool is now auto-included whenever a deferrable tool is present or plan mode is enabled. SDK: ResolveTool and HIDDEN_TOOLS.resolve have been removed in favor of dispatchResolutionDevice() and queueResolveHandler().
  • Unified tool presentation on loadMode (essential | discoverable), replacing the custom-tool xdev?: boolean opt-out. Custom, extension, MCP, RPC host, image-generation, and TTS tools now default to discoverable and mount under xd:// when enabled. generate_image, tts, and MCP tools are now exposed as xd:// devices in default sessions instead of shipping their schemas top-level.
  • Removed the BM25 tool-discovery system, including the search_tool_bm25 tool, the tools.discoveryMode, mcp.discoveryMode, and mcp.discoveryDefaultServers settings, and per-tool MCP selection. All connected MCP tools are now enabled and mounted under the xd:// transport. SDK: search_tool_bm25, the tool-discovery module, and associated AgentSession discovery/MCP-selection methods have been removed.
  • Removed the legacy report_finding tool. Reviewer agents now record findings through incremental yield sections. SDK: reportFindingTool and HIDDEN_TOOLS.report_finding have been removed.
  • Removed the ssh agent tool (remote command execution). The ssh:// read/write/search protocol, the omp ssh host-management CLI, and SSH host discovery are retained. SDK: SshTool, loadSshTool, the ssh/ssh-executor module, and AgentSession.refreshSshTool have been removed.
  • Removed the tools.essentialOverride setting, the mcp_tool_selection session message type, and the xdev --tools token.

Added

  • Added xd:// virtual tool devices (controlled by the tools.xdev setting, default on), allowing mounted tools to be discovered via read xd://, documented via read xd://<tool>, and executed via write xd://<tool>.
  • Added the edit.enforceSeenLines setting (default off) to gate the hashline seen-line guard. When enabled, edits anchored on lines that a prior read or grep never displayed are rejected.
  • Added per-agent prewalk for subagents, featuring a prewalk frontmatter field, a task.agentPrewalk settings override toggled from the /agents dashboard, and a task.prewalk boolean (default off) to arm the bundled generic task agent.

Changed

  • Renamed "dev.autoqa.consent" to "dev.autoqaConsent" and "todo.reminders.max" to "todo.remindersMax" to eliminate nested configuration prefix collisions in standard JSON/YAML.
  • Made the hashline seen-line guard opt-in and off by default, and stopped excluding column-clipped (>512-char) lines from a snapshot's seen set, allowing single-line edits on long lines to apply without a full-width re-read.
  • Changed the default astGrep.enabled setting to false.

... (truncated)

Changelog

Sourced from @​oh-my-pi/pi-agent-core's changelog.

[17.0.0] - 2026-07-15

Breaking Changes

  • Replaced the irc, job, and launch tools with a unified hub tool.
  • Removed the tool discovery system (including the search-tool-bm25 tool) and its associated configuration settings (tools.discoveryMode, tools.essentialOverride, mcp.discoveryMode, and mcp.discoveryDefaultServers).
  • Removed the resolve tool; plan approval and preview actions now use writes to the xd://propose virtual device path.

Added

  • Introduced the xd:// virtual device protocol for mounting tools as URLs readable/writable via read/write tools, configurable via the new tools.xdev setting (defaults to true).
  • Added the hub tool, consolidating agent peer messaging, background job control, and supervised long-running processes.
  • Added the edit.enforceSeenLines configuration setting (defaults to false) to optionally reject edits on lines that have not been fully displayed.
  • Added the ToolLoadMode type and an optional satisfies predicate to SoftToolRequirement to support compliance checks against specific invocation shapes (such as writing to a virtual device path).

[16.5.2] - 2026-07-14

Fixed

  • Improved session deadline abort signals to carry structured cancellation reasons, enabling timeout-aware tools to correctly classify deadline cancellations.
  • Fixed an issue where completed tool executions were incorrectly marked as skipped (clobbering their actual results) if a user message was queued while the tool was in flight.

[16.5.1] - 2026-07-14

Fixed

  • Fixed compatibility with Copilot gpt-5.6 models by correcting token escaping in compaction summaries.

[16.5.0] - 2026-07-13

Added

  • Added an automated image-dropping rescue tier to compaction dead-end recovery.
  • Added visual warnings and detailed recovery instructions to the session timeline when compaction fails to free sufficient space.

[16.4.5] - 2026-07-11

Added

  • Added a process-global pause gate (agentPauseGate) to safely pause agent loops before model calls or tool executions, allowing them to be resumed later or aborted cleanly.

[16.4.3] - 2026-07-11

Fixed

  • Fixed an issue where skipped sibling tool results incorrectly reported that a queued user message caused the skip.

[16.4.2] - 2026-07-10

Fixed

... (truncated)

Commits
  • 1c9291b chore: bump version to 17.0.0
  • 34bfa9a chore: rewrite changelogs
  • 5ff2773 refactor(coding-agent): consolidated tool surface onto xd:// devices and hub
  • 7d02778 chore: bump version to 16.5.2
  • ff117fd chore: cleanup changelogs
  • f2b70ee chore: normalized changelogs after landing farm fixes
  • b58fa6e Merge PR #5513: fix(agent): keep completed tool results from false "skipped" ...
  • 24a441e chore: normalized changelogs after landing farm fixes
  • 6b381eb Merge PR #5451: fix(eval): honor timeout zero and classify session deadlines ...
  • b591f3d fix(agent): kept completed tool results from false skipped placeholder
  • Additional commits viewable in compare view

Updates @oh-my-pi/pi-ai from 16.1.20 to 17.0.0

Release notes

Sourced from @​oh-my-pi/pi-ai's releases.

v17.0.0

@​oh-my-pi/pi-agent-core

Breaking Changes

  • Replaced the irc, job, and launch tools with a unified hub tool.
  • Removed the tool discovery system (including the search-tool-bm25 tool) and its associated configuration settings (tools.discoveryMode, tools.essentialOverride, mcp.discoveryMode, and mcp.discoveryDefaultServers).
  • Removed the resolve tool; plan approval and preview actions now use writes to the xd://propose virtual device path.

Added

  • Introduced the xd:// virtual device protocol for mounting tools as URLs readable/writable via read/write tools, configurable via the new tools.xdev setting (defaults to true).
  • Added the hub tool, consolidating agent peer messaging, background job control, and supervised long-running processes.
  • Added the edit.enforceSeenLines configuration setting (defaults to false) to optionally reject edits on lines that have not been fully displayed.
  • Added the ToolLoadMode type and an optional satisfies predicate to SoftToolRequirement to support compliance checks against specific invocation shapes (such as writing to a virtual device path).

@​oh-my-pi/pi-ai

Changed

  • Improved Ollama streaming performance by parsing NDJSON response bytes directly instead of decoding and buffering network chunks as text.

Fixed

  • Fixed Cursor TLS connection resets causing process-fatal uncaught exceptions, allowing the active turn to fail or retry gracefully without terminating the session.
  • Fixed Amazon Bedrock stream error handling to correctly handle non-Error values that cannot be serialized by JSON.stringify.

@​oh-my-pi/pi-coding-agent

Breaking Changes

  • Merged the irc, job, and launch tools into a single unified hub tool (loadMode: "essential"). Messaging, job control, and process supervision operations are now routed through this single tool. SDK: IrcTool, JobTool, LaunchTool, IrcDetails, and JobToolDetails have been removed in favor of HubTool, CoordinationDetails, LaunchToolDetails, and hubToolRenderer from tools/hub.
  • Removed the hidden resolve tool. Staged actions are now finalized through three plain-text resolution devices: xd://resolve (apply preview), xd://reject (discard preview), and xd://propose (submit a plan slug/title for approval). The write tool is now auto-included whenever a deferrable tool is present or plan mode is enabled. SDK: ResolveTool and HIDDEN_TOOLS.resolve have been removed in favor of dispatchResolutionDevice() and queueResolveHandler().
  • Unified tool presentation on loadMode (essential | discoverable), replacing the custom-tool xdev?: boolean opt-out. Custom, extension, MCP, RPC host, image-generation, and TTS tools now default to discoverable and mount under xd:// when enabled. generate_image, tts, and MCP tools are now exposed as xd:// devices in default sessions instead of shipping their schemas top-level.
  • Removed the BM25 tool-discovery system, including the search_tool_bm25 tool, the tools.discoveryMode, mcp.discoveryMode, and mcp.discoveryDefaultServers settings, and per-tool MCP selection. All connected MCP tools are now enabled and mounted under the xd:// transport. SDK: search_tool_bm25, the tool-discovery module, and associated AgentSession discovery/MCP-selection methods have been removed.
  • Removed the legacy report_finding tool. Reviewer agents now record findings through incremental yield sections. SDK: reportFindingTool and HIDDEN_TOOLS.report_finding have been removed.
  • Removed the ssh agent tool (remote command execution). The ssh:// read/write/search protocol, the omp ssh host-management CLI, and SSH host discovery are retained. SDK: SshTool, loadSshTool, the ssh/ssh-executor module, and AgentSession.refreshSshTool have been removed.
  • Removed the tools.essentialOverride setting, the mcp_tool_selection session message type, and the xdev --tools token.

Added

  • Added xd:// virtual tool devices (controlled by the tools.xdev setting, default on), allowing mounted tools to be discovered via read xd://, documented via read xd://<tool>, and executed via write xd://<tool>.
  • Added the edit.enforceSeenLines setting (default off) to gate the hashline seen-line guard. When enabled, edits anchored on lines that a prior read or grep never displayed are rejected.
  • Added per-agent prewalk for subagents, featuring a prewalk frontmatter field, a task.agentPrewalk settings override toggled from the /agents dashboard, and a task.prewalk boolean (default off) to arm the bundled generic task agent.

Changed

  • Renamed "dev.autoqa.consent" to "dev.autoqaConsent" and "todo.reminders.max" to "todo.remindersMax" to eliminate nested configuration prefix collisions in standard JSON/YAML.
  • Made the hashline seen-line guard opt-in and off by default, and stopped excluding column-clipped (>512-char) lines from a snapshot's seen set, allowing single-line edits on long lines to apply without a full-width re-read.
  • Changed the default astGrep.enabled setting to false.

... (truncated)

Changelog

Sourced from @​oh-my-pi/pi-ai's changelog.

[17.0.0] - 2026-07-15

Changed

  • Improved Ollama streaming performance by parsing NDJSON response bytes directly instead of decoding and buffering network chunks as text.

Fixed

  • Fixed Cursor TLS connection resets causing process-fatal uncaught exceptions, allowing the active turn to fail or retry gracefully without terminating the session.
  • Fixed Amazon Bedrock stream error handling to correctly handle non-Error values that cannot be serialized by JSON.stringify.

[16.5.2] - 2026-07-14

Added

  • Added OpenAI Codex rate-limit response-header ingestion to proactively refresh account usage snapshots and rotate credentials before hitting 429 errors.

Changed

  • Optimized multi-account credential ranking to maximize quota utilization and prevent mid-session blocks by prioritizing expiring quota and demoting heavily used accounts.
  • Improved responsiveness of credential blocking by bypassing the usage-ingestion throttle immediately when an account is detected as exhausted.

Fixed

  • Fixed empty provider responses (such as from Cloud Code Assist API) being treated as non-retryable, allowing session retries and model-fallback chains to engage.
  • Fixed OpenAI Codex watchdog timeouts bypassing transport and session retries by ensuring each request attempt has an independent timeout signal.

[16.5.1] - 2026-07-14

Added

  • Added Cursor OAuth and access-token usage reporting to omp usage via Cursor's account usage endpoint.

Fixed

  • Fixed OpenAI Responses content_filter terminal events being auto-retried as provider finish errors, ensuring content-filtered turns remain hard failures without triggering a retry loop.
  • Improved credential rotation on usage and account-quota failures to cycle through all eligible credentials instead of stopping early, while maintaining rate-limit backoffs and safety guards.
  • Fixed GLM tool call parsing to correctly handle and recover from missing or mistyped argument closers, preventing subsequent arguments from being swallowed.
  • Fixed Anthropic credential management and usage routing for users with multiple organizations under a single email. Credentials, OAuth refreshes, usage reports, and active sessions are now correctly partitioned and isolated by organization, preventing subscriptions from overwriting or merging with each other.
  • Fixed OpenAI and Codex response finalization to preserve streamed text when receiving empty content on completion. (#5146)
  • Fixed OpenAI Chat Completions request parsing to correctly accept assistant tool-call replay messages with null content. (#5121)
  • Fixed session-sticky OAuth credential mappings remaining active after credential changes, ensuring sessions correctly reselect accounts after login or logout. (#4982)
  • Fixed concurrent reasoning summaries to ignore legacy streaming events under cutoff contracts.
  • Fixed Codex saved-reset redemption to apply to the selected OpenAI account in multi-account configurations. (#5054)
  • Updated the OAuth completion page to instruct users to close the tab manually when the browser blocks automatic window closing. (#4855)
  • Fixed Cursor max_mode requests to correctly send max-mode metadata on both model payload fields. (#4797)
  • Fixed configuration discovery to support both nested and flat YAML formats for auth.broker.url and auth.broker.token keys. (#4734)

[16.5.0] - 2026-07-13

... (truncated)

Commits
  • 1c9291b chore: bump version to 17.0.0
  • 34bfa9a chore: rewrite changelogs
  • ed5ec3e fix(ai): handled cursor tls session errors
  • 485b31e Merge remote-tracking branch 'origin/farm/c22f93af/fix-amazon-bedrock-typeerr...
  • 22fa8f6 perf(stream): batched response decoding
  • d600cce fix(amazon-bedrock): handled stringify exceptions
  • 1227727 fix(amazon-bedrock): guarded baseMessage against undefined stringify
  • 55f5ebe chore: reformat
  • 7d02778 chore: bump version to 16.5.2
  • ff117fd chore: cleanup changelogs
  • Additional commits viewable in compare view

Updates @oh-my-pi/pi-coding-agent from 16.1.20 to 17.0.0

Release notes

Sourced from @​oh-my-pi/pi-coding-agent's releases.

v17.0.0

@​oh-my-pi/pi-agent-core

Breaking Changes

  • Replaced the irc, job, and launch tools with a unified hub tool.
  • Removed the tool discovery system (including the search-tool-bm25 tool) and its associated configuration settings (tools.discoveryMode, tools.essentialOverride, mcp.discoveryMode, and mcp.discoveryDefaultServers).
  • Removed the resolve tool; plan approval and preview actions now use writes to the xd://propose virtual device path.

Added

  • Introduced the xd:// virtual device protocol for mounting tools as URLs readable/writable via read/write tools, configurable via the new tools.xdev setting (defaults to true).
  • Added the hub tool, consolidating agent peer messaging, background job control, and supervised long-running processes.
  • Added the edit.enforceSeenLines configuration setting (defaults to false) to optionally reject edits on lines that have not been fully displayed.
  • Added the ToolLoadMode type and an optional satisfies predicate to SoftToolRequirement to support compliance checks against specific invocation shapes (such as writing to a virtual device path).

@​oh-my-pi/pi-ai

Changed

  • Improved Ollama streaming performance by parsing NDJSON response bytes directly instead of decoding and buffering network chunks as text.

Fixed

  • Fixed Cursor TLS connection resets causing process-fatal uncaught exceptions, allowing the active turn to fail or retry gracefully without terminating the session.
  • Fixed Amazon Bedrock stream error handling to correctly handle non-Error values that cannot be serialized by JSON.stringify.

@​oh-my-pi/pi-coding-agent

Breaking Changes

  • Merged the irc, job, and launch tools into a single unified hub tool (loadMode: "essential"). Messaging, job control, and process supervision operations are now routed through this single tool. SDK: IrcTool, JobTool, LaunchTool, IrcDetails, and JobToolDetails have been removed in favor of HubTool, CoordinationDetails, LaunchToolDetails, and hubToolRenderer from tools/hub.
  • Removed the hidden resolve tool. Staged actions are now finalized through three plain-text resolution devices: xd://resolve (apply preview), xd://reject (discard preview), and xd://propose (submit a plan slug/title for approval). The write tool is now auto-included whenever a deferrable tool is present or plan mode is enabled. SDK: ResolveTool and HIDDEN_TOOLS.resolve have been removed in favor of dispatchResolutionDevice() and queueResolveHandler().
  • Unified tool presentation on loadMode (essential | discoverable), replacing the custom-tool xdev?: boolean opt-out. Custom, extension, MCP, RPC host, image-generation, and TTS tools now default to discoverable and mount under xd:// when enabled. generate_image, tts, and MCP tools are now exposed as xd:// devices in default sessions instead of shipping their schemas top-level.
  • Removed the BM25 tool-discovery system, including the search_tool_bm25 tool, the tools.discoveryMode, mcp.discoveryMode, and mcp.discoveryDefaultServers settings, and per-tool MCP selection. All connected MCP tools are now enabled and mounted under the xd:// transport. SDK: search_tool_bm25, the tool-discovery module, and associated AgentSession discovery/MCP-selection methods have been removed.
  • Removed the legacy report_finding tool. Reviewer agents now record findings through incremental yield sections. SDK: reportFindingTool and HIDDEN_TOOLS.report_finding have been removed.
  • Removed the ssh agent tool (remote command execution). The ssh:// read/write/search protocol, the omp ssh host-management CLI, and SSH host discovery are retained. SDK: SshTool, loadSshTool, the ssh/ssh-executor module, and AgentSession.refreshSshTool have been removed.
  • Removed the tools.essentialOverride setting, the mcp_tool_selection session message type, and the xdev --tools token.

Added

  • Added xd:// virtual tool devices (controlled by the tools.xdev setting, default on), allowing mounted tools to be discovered via read xd://, documented via read xd://<tool>, and executed via write xd://<tool>.
  • Added the edit.enforceSeenLines setting (default off) to gate the hashline seen-line guard. When enabled, edits anchored on lines that a prior read or grep never displayed are rejected.
  • Added per-agent prewalk for subagents, featuring a prewalk frontmatter field, a task.agentPrewalk settings override toggled from the /agents dashboard, and a task.prewalk boolean (default off) to arm the bundled generic task agent.

Changed

  • Renamed "dev.autoqa.consent" to "dev.autoqaConsent" and "todo.reminders.max" to "todo.remindersMax" to eliminate nested configuration prefix collisions in standard JSON/YAML.
  • Made the hashline seen-line guard opt-in and off by default, and stopped excluding column-clipped (>512-char) lines from a snapshot's seen set, allowing single-line edits on long lines to apply without a full-width re-read.
  • Changed the default astGrep.enabled setting to false.

... (truncated)

Commits
  • d5cd24f chore: fixed stale executor mock sessions and spawn hint assertion
  • d25d930 chore: fixed remaining stale tests after prompt and session api changes
  • 1c9291b chore: bump version to 17.0.0
  • c2a659d chore: fix stale tests
  • 46ad908 fix(coding-agent): renamed settings keys to avoid nested-value lookup collisions
  • bf3764f feat(coding-agent): stabilize system-prompt cache across xd:// mount changes ...
  • 34bfa9a chore: rewrite changelogs
  • 9afedb5 feat(coding-agent): added opt-in task prewalk and tightened --tools and xdev ...
  • 4da1bbf Merge remote-tracking branch 'origin/farm/80b5de49/plan-mode-reentry-anchor-n...
  • 84d873f Merge remote-tracking branch 'origin/farm/ceed3a6a/compiled-appserver-extensi...
  • Additional commits viewable in compare view

Updates @oh-my-pi/pi-utils from 16.1.20 to 17.0.0

Release notes

Sourced from @​oh-my-pi/pi-utils's releases.

v17.0.0

@​oh-my-pi/pi-agent-core

Breaking Changes

  • Replaced the irc, job, and launch tools with a unified hub tool.
  • Removed the tool discovery system (including the search-tool-bm25 tool) and its associated configuration settings (tools.discoveryMode, tools.essentialOverride, mcp.discoveryMode, and mcp.discoveryDefaultServers).
  • Removed the resolve tool; plan approval and preview actions now use writes to the xd://propose virtual device path.

Added

  • Introduced the xd:// virtual device protocol for mounting tools as URLs readable/writable via read/write tools, configurable via the new tools.xdev setting (defaults to true).
  • Added the hub tool, consolidating agent peer messaging, background job control, and supervised long-running processes.
  • Added the edit.enforceSeenLines configuration setting (defaults to false) to optionally reject edits on lines that have not been fully displayed.
  • Added the ToolLoadMode type and an optional satisfies predicate to SoftToolRequirement to support compliance checks against specific invocation shapes (such as writing to a virtual device path).

@​oh-my-pi/pi-ai

Changed

  • Improved Ollama streaming performance by parsing NDJSON response bytes directly instead of decoding and buffering network chunks as text.

Fixed

  • Fixed Cursor TLS connection resets causing process-fatal uncaught exceptions, allowing the active turn to fail or retry gracefully without terminating the session.
  • Fixed Amazon Bedrock stream error handling to correctly handle non-Error values that cannot be serialized by JSON.stringify.

@​oh-my-pi/pi-coding-agent

Breaking Changes

  • Merged the irc, job, and launch tools into a single unified hub tool (loadMode: "essential"). Messaging, job control, and process supervision operations are now routed through this single tool. SDK: IrcTool, JobTool, LaunchTool, IrcDetails, and JobToolDetails have been removed in favor of HubTool, CoordinationDetails, LaunchToolDetails, and hubToolRenderer from tools/hub.
  • Removed the hidden resolve tool. Staged actions are now finalized through three plain-text resolution devices: xd://resolve (apply preview), xd://reject (discard preview), and xd://propose (submit a plan slug/title for approval). The write tool is now auto-included whenever a deferrable tool is present or plan mode is enabled. SDK: ResolveTool and HIDDEN_TOOLS.resolve have been removed in favor of dispatchResolutionDevice() and queueResolveHandler().
  • Unified tool presentation on loadMode (essential | discoverable), replacing the custom-tool xdev?: boolean opt-out. Custom, extension, MCP, RPC host, image-generation, and TTS tools now default to discoverable and mount under xd:// when enabled. generate_image, tts, and MCP tools are now exposed as xd:// devices in default sessions instead of shipping their schemas top-level.
  • Removed the BM25 tool-discovery system, including the search_tool_bm25 tool, the tools.discoveryMode, mcp.discoveryMode, and mcp.discoveryDefaultServers settings, and per-tool MCP selection. All connected MCP tools are now enabled and mounted under the xd:// transport. SDK: search_tool_bm25, the tool-discovery module, and associated AgentSession discovery/MCP-selection methods have been removed.
  • Removed the legacy report_finding tool. Reviewer agents now record findings through incremental yield sections. SDK: reportFindingTool and HIDDEN_TOOLS.report_finding have been removed.
  • Removed the ssh agent tool (remote command execution). The ssh:// read/write/search protocol, the omp ssh host-management CLI, and SSH host discovery are retained. SDK: SshTool, loadSshTool, the ssh/ssh-executor module, and AgentSession.refreshSshTool have been removed.
  • Removed the tools.essentialOverride setting, the mcp_tool_selection session message type, and the xdev --tools token.

Added

  • Added xd:// virtual tool devices (controlled by the tools.xdev setting, default on), allowing mounted tools to be discovered via read xd://, documented via read xd://<tool>, and executed via write xd://<tool>.
  • Added the edit.enforceSeenLines setting (default off) to gate the hashline seen-line guard. When enabled, edits anchored on lines that a prior read or grep never displayed are rejected.
  • Added per-agent prewalk for subagents, featuring a prewalk frontmatter field, a task.agentPrewalk settings override toggled from the /agents dashboard, and a task.prewalk boolean (default off) to arm the bundled generic task agent.

Changed

  • Renamed "dev.autoqa.consent" to "dev.autoqaConsent" and "todo.reminders.max" to "todo.remindersMax" to eliminate nested configuration prefix collisions in standard JSON/YAML.
  • Made the hashline seen-line guard opt-in and off by default, and stopped excluding column-clipped (>512-char) lines from a snapshot's seen set, allowing single-line edits on long lines to apply without a full-width re-read.
  • Changed the default astGrep.enabled setting to false.

... (truncated)

Changelog

Sourced from @​oh-my-pi/pi-utils's changelog.

[17.0.0] - 2026-07-15

Fixed

  • Improved SSE streaming performance by batching complete lines into a single UTF-8 decode per chunk, reducing decoder overhead.
  • Fixed an issue in parseFrontmatter where a single malformed YAML line would corrupt sibling values by parsing each line independently.

[16.5.2] - 2026-07-14

Fixed

  • Improved CLI argument and flag validation error output to display a concise error message and command usage instead of a minified code frame.
  • Corrected required variadic positionals to render as MODELS... instead of [MODELS] in usage help.

[16.5.1] - 2026-07-14

Added

  • Added terminal stderr guard utilities (suppressTerminalStderr and restoreTerminalStderr) to prevent macOS runtime diagnostics from corrupting TUI viewports while ensuring crash reports remain visible.

Fixed

  • Fixed an issue in Mermaid ASCII routing where unreachable edge attachment points caused unbounded pathfinder searches.

[16.4.6] - 2026-07-12

Added

  • Added AsyncDrain, the deferred write-batching helper previously private to the coding-agent's prompt-history storage; now shared with model-perf recording.

[16.4.2] - 2026-07-10

Added

  • Added stringifyJson utility with support for BigInt serialization.

[16.3.12] - 2026-07-08

Added

  • Added postmortem.interceptUnhandledRejections() to register interceptors consulted before an unhandled rejection tears the process down; a consuming interceptor (e.g. the JS eval runtime claiming rejections floated by user cell code) keeps the process alive and owns reporting.

Fixed

  • Fixed child shell environment filtering to drop launch-directory .env.local values that Bun auto-loaded before OMP starts command shells. (#4723)

[16.3.10] - 2026-07-06

Added

... (truncated)

Commits
  • 1c9291b chore: bump version to 17.0.0
  • 34bfa9a chore: rewrite changelogs
  • 362f89a Merge remote-tracking branch 'origin/farm/fe301a84/reduce-stream-decoding-cpu'
  • 404ebb0 Merge remote-tracking branch 'origin/farm/ae7a5593/ttsr-inline-regex-flags-an...
  • 22fa8f6 perf(stream): batched response decoding
  • 7d02778 chore: bump version to 16.5.2
  • ff117fd chore: cleanup changelogs
  • 984a97f style: formatted evaluator test additions
  • f2b70ee chore: normalized changelogs after landing farm fixes
  • 0418d86 fix(cli): handle native parser usage errors
  • Additional commits viewable in compare view

Updates typescript from 6.0.3 to 7.0.2

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot changed the title build(deps): bump the root-npm group with 5 updates build(deps): bump the root-npm group across 1 directory with 5 updates Jul 16, 2026
Bumps the root-npm group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@oh-my-pi/pi-agent-core](https://github.com/can1357/oh-my-pi/tree/HEAD/packages/agent) | `16.1.20` | `17.0.0` |
| [@oh-my-pi/pi-ai](https://github.com/can1357/oh-my-pi/tree/HEAD/packages/ai) | `16.1.20` | `17.0.0` |
| [@oh-my-pi/pi-coding-agent](https://github.com/can1357/oh-my-pi/tree/HEAD/packages/coding-agent) | `16.1.20` | `17.0.0` |
| [@oh-my-pi/pi-utils](https://github.com/can1357/oh-my-pi/tree/HEAD/packages/utils) | `16.1.20` | `17.0.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.3` | `7.0.2` |



Updates `@oh-my-pi/pi-agent-core` from 16.1.20 to 17.0.0
- [Release notes](https://github.com/can1357/oh-my-pi/releases)
- [Changelog](https://github.com/can1357/oh-my-pi/blob/main/packages/agent/CHANGELOG.md)
- [Commits](https://github.com/can1357/oh-my-pi/commits/v17.0.0/packages/agent)

Updates `@oh-my-pi/pi-ai` from 16.1.20 to 17.0.0
- [Release notes](https://github.com/can1357/oh-my-pi/releases)
- [Changelog](https://github.com/can1357/oh-my-pi/blob/main/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/can1357/oh-my-pi/commits/v17.0.0/packages/ai)

Updates `@oh-my-pi/pi-coding-agent` from 16.1.20 to 17.0.0
- [Release notes](https://github.com/can1357/oh-my-pi/releases)
- [Commits](https://github.com/can1357/oh-my-pi/commits/v17.0.0/packages/coding-agent)

Updates `@oh-my-pi/pi-utils` from 16.1.20 to 17.0.0
- [Release notes](https://github.com/can1357/oh-my-pi/releases)
- [Changelog](https://github.com/can1357/oh-my-pi/blob/main/packages/utils/CHANGELOG.md)
- [Commits](https://github.com/can1357/oh-my-pi/commits/v17.0.0/packages/utils)

Updates `typescript` from 6.0.3 to 7.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: "@oh-my-pi/pi-agent-core"
  dependency-version: 16.3.12
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-npm
- dependency-name: "@oh-my-pi/pi-ai"
  dependency-version: 16.3.12
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-npm
- dependency-name: "@oh-my-pi/pi-coding-agent"
  dependency-version: 16.3.12
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-npm
- dependency-name: "@oh-my-pi/pi-utils"
  dependency-version: 16.3.12
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-npm
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: root-npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/root-npm-dd3744e7cf branch from 97cfd18 to 993fdd8 Compare July 16, 2026 03:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants