包含 extensions、skills、prompts、settings、auth、models、mcp 等配置。 排除 node_modules、npm 缓存、sessions 等运行时数据。
22 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Unreleased]
[2.10.0] - 2026-06-13
Added
- Added manual remote/headless OAuth proxy actions for copying authorization URLs and completing pasted redirect URLs or codes. Thanks @Gabrielgvl for PR #120.
Fixed
- Honored user
tui.select.*keybindings in MCP management, setup, and auth panels. Thanks @owenniles for PR #138. - Included configured OAuth scopes in authorization-code flows while preserving token endpoint authentication method selection. Thanks @carlosdagos for PR #140.
- Fixed MCP elicitation on stock Pi, including form dialogs with validation and review, consent-based URL handling, URL-required errors, completion notifications, and TUI-only browser navigation. Thanks @dmmulroy for PR #139.
- Expanded MCP schema formatting for nested
anyOf/oneOfvariants,constdiscriminators, nested object properties, and array items.
[2.9.0] - 2026-06-04
Added
- Added MCP elicitation support with Pi form prompts and browser-opening URL requests.
Fixed
- Rejected non-http/https MCP URL elicitations before prompting or opening a browser.
- Preserved empty string form values for MCP string elicitations unless schema constraints reject them.
[2.8.0] - 2026-05-25
Added
- Added per-server OAuth
redirectUri,clientName, andclientUrioverrides for pre-registered callbacks and dynamic client metadata.
Fixed
- Avoided OAuth callback port exhaustion by starting the callback server lazily and using OS-assigned ports for dynamic OAuth flows.
- Re-register dynamic OAuth clients before browser auth when cached redirect URI metadata is missing or no longer matches the active callback URI.
[2.7.0] - 2026-05-22
Added
- Added TUI call rendering for MCP proxy and direct tool inputs. Thanks @dmmulroy for PR #102.
Fixed
- Hardened OAuth credential storage paths against server-name path traversal without rejecting valid configured server names.
- Rejected unsafe regex-mode MCP search patterns before executing them.
[2.6.1] - 2026-05-13
Added
- Added
/mcp logout <server>to clear stored OAuth credentials and disconnect the server. Thanks @mattzcarey for PR #96.
Fixed
- Cancel pending OAuth callbacks when logging out of an MCP server.
[2.6.0] - 2026-05-10
Added
- Added a no-argument
/mcp-authOAuth picker and in-panel auth shortcut for OAuth-capable MCP servers. - Added compact collapsed rendering for MCP proxy and direct-tool result rows while keeping full tool results available when expanded.
Changed
- Migrated Pi runtime dependencies and imports from deprecated
@mariozechner/*packages to@earendil-works/*packages.
Fixed
- Re-register dynamic OAuth clients during fresh auth when cached DCR client info exists without tokens, avoiding dead authorization URLs after server-side client invalidation.
- Kept OAuth tokens, dynamic client info, PKCE verifiers, and OAuth state bound to the server URL so stale credentials cannot be reused after a server URL changes.
- Kept the
/mcp-authOAuth picker search focused on OAuth server rows and prevented hidden panel shortcuts from unexpectedly launching auth. - Kept long MCP error results expanded in compact tool result rendering.
[2.5.4] - 2026-05-04
Changed
- Ignored npm lockfiles and removed checked-in
package-lock.jsonfiles.
Fixed
- Resolved
${VAR}and$env:VARplaceholders in HTTP bearer tokens. - Honored MCP sampling
modelPreferences.hintsbefore falling back to the current/default model.
[2.5.3] - 2026-05-01
Added
- Added environment variable and
~expansion for stdio servercwdvalues.
[2.5.2] - 2026-04-29
Fixed
- Respected
PI_CODING_AGENT_DIRfor Pi-owned MCP config and state files, including metadata cache, npx cache, onboarding state, OAuth credentials, andpi-mcp-adapter initwrites.
[2.5.1] - 2026-04-24
Fixed
- Changed OAuth browser callbacks to
http://localhost:<port>/callbackfor pre-registered clients such as Slack MCP. Thanks @shenal for PR #53.
[2.5.0] - 2026-04-24
Added
- Added MCP
sampling/createMessagesupport with conservative human approval by default and opt-insettings.samplingAutoApprovefor non-interactive flows. - Added configured Vitest coverage for OAuth provider authorization fallback behavior.
- Added
test:oauth-providerfor running the root OAuth provider node test with the required TypeScript loader.
Fixed
- Applied
settings.authRequiredMessageto proxy and direct-tool auth-required paths, including non-UIautoAuthfailures. - Fixed
/mcp-auth <server>reporting success for expired stored OAuth tokens without forcing the SDK refresh/re-auth flow. - Kept
mcpsearch focused on MCP tools and added a direct-call hint when native Pi tools are accidentally routed through the proxy.
[2.4.2] - 2026-04-22
Fixed
- Migrated extension tool schemas from
@sinclair/typeboxtotypebox1.x so packaged installs follow Pi's current extension runtime contract.
Changed
- Replaced the legacy
@sinclair/typeboxruntime dependency withtypebox.
[2.4.1] - 2026-04-22
Added
- Added standard-MCP-first config discovery:
~/.config/mcp/mcp.jsonand project.mcp.jsonnow load automatically, with Pi-owned files preserved as override layers. - Added
pi-mcp-adapter initas a native post-install helper that detects host-specific MCP configs and scaffolds Pi compatibility imports without using the old raw GitHub downloader flow. - Added first-run onboarding inside the extension:
/mcpnow shows shared-config hints or actionable empty states, and/mcp setupopens a guided setup flow for compatibility imports, minimal.mcp.jsonscaffolding, detected config paths, RepoPrompt quick-add, and exact before/after write previews. - Added automatic Pi-core reload after setup or direct-tool config changes, using the same flow as
/reloadso freshly configured direct tools can appear without a manual restart. - Added a dedicated Pi-owned onboarding state file so shared-config hints behave as one-time guidance instead of repeating every session.
Changed
- Updated config precedence to prefer shared MCP files first, then Pi overrides, with
.pi/mcp.jsonacting as the final Pi-specific project override. - Updated Claude Code compatibility probing to prefer modern Claude MCP config locations before legacy paths.
- Updated project scaffolding so generated
.mcp.jsonfiles are safe minimal shells instead of fake placeholder servers that fail on first reload. - Updated the setup panel and README for clearer first-run guidance, improved spacing, and a more digestible shared-MCP-first setup story.
[2.4.0] - 2026-04-13
Added
settings.disableProxyToolto hide themcpproxy tool once configured direct tools are fully available from cache. Thanks @tanavamsikrishna for PR #41.- Per-server
excludeToolsto hide specific MCP tools/resources by original or prefixed name across direct tools, proxy discovery, and the/mcppanel. Thanks @ahmadaccino for issue #36. settings.autoAuthto optionally trigger OAuth automatically from proxy/direct tool usage, then rerun the original blocked connect/tool operation once after authentication succeeds. Thanks @unimonkiez for issue #34.
Fixed
- Regenerated
package-lock.jsonso the root lockfile metadata matchespackage.jsonagain, including the declaredopen,@types/bun,@types/open, andtsxentries. - Kept the
mcpproxy tool available as a first-session fallback when configured direct tools are still missing cache metadata, avoiding no-tool startup gaps.
[2.3.5] - 2026-04-13
Fixed
- Session lifecycle now always tears down OAuth callback state on restart and shutdown, preventing callback-server leaks across session transitions.
- OAuth callback server now calls
unref()after successful bind so it no longer keeps sub-agent processes alive by itself. - Strict OAuth port mode now rebinds to the configured callback port when safe, while refusing to switch ports when authorizations are still pending.
- Added focused lifecycle/callback-server regression coverage for teardown,
unref(), strict rebinding, and pending-auth guardrails. - Thanks @blai for the investigation and PR #43 that surfaced the sub-agent hang/root lifecycle issues.
[2.3.4] - 2026-04-12
Fixed
- OAuth callback handling now allows dynamic-registration flows to fall back to a free local port when the preferred callback port is busy, while keeping pre-registered clients on their exact configured redirect port.
- Documented the new callback-port behavior and added focused auth-flow regression coverage.
[2.3.3] - 2026-04-12
Fixed
- Remove the blank footer status line when no MCP servers are configured by clearing the MCP status entry instead of setting it to an empty string. Thanks @HazAT for PR #27.
[2.3.2] - 2026-04-11
Added
- Optional
oauth.grantType: "client_credentials"for non-interactive machine-to-machine OAuth on HTTP MCP servers.
Fixed
/mcp-auth <server>now handlesclient_credentialswithout browser/callback flow.- MCP panel status no longer marks
client_credentialsservers as auth-blocked solely because no stored user tokens exist yet. - OAuth auth flow now closes temporary transports consistently on success, refresh, and auth removal paths.
- Init paths now preserve debug-level context for previously silent direct-tool bootstrap and lazy-connect failures.
[2.3.1] - 2026-04-11
Fixed
- Removed
/mcp-auth-callback. OAuth auth now hard-cuts to/mcp-auth <server>only.
[2.3.0] - 2026-04-11
Added
- OAuth callback server initialization on session start and a deprecated
/mcp-auth-callbackcommand that now points users to/mcp-auth <server>.
Fixed
- OAuth
needs-authhandling across/mcpstatus/panel,mcp({ connect }),mcp({ tool }), reconnect flow, lazy/direct tool execution, and startup bootstrap. - OAuth callback cleanup now cancels by stored OAuth state and closes pending transports on failure/cancel paths.
- Callback server now fails fast when the OAuth callback port is occupied by another process.
- Package manifest test now ignores root
*.test.tsfiles.
[2.2.2] - 2026-04-03
Fixed
- Session lifecycle teardown now handles repeated
session_starttransitions safely and prevents stale async init results from replacing newer state. - Shutdown now still runs
gracefulShutdown()even if metadata cache flushing throws, avoiding leaked MCP processes. - Proxy/direct tool init error paths now preserve and surface underlying error messages instead of returning generic failures.
- Invalid
mcptoolargsnow fail by throwing with parse/type context instead of returning non-failing tool payloads. - Added focused lifecycle regressions tests for stale init cleanup and init-error visibility.
[2.2.1] - 2026-03-23
Fixed
- Added
promptSnippetto MCP proxy tool and direct MCP tools so they appear in the system prompt's Available tools section (required since pi 0.59.0)
[2.2.0] - 2026-03-16
Added
-
MCP UI Integration - Support for the MCP UI standard. Tools with
_meta.ui.resourceUriopen interactive UIs:- Bidirectional AppBridge communication (tool calls, messages, context updates)
- Works with both stdio and HTTP MCP servers
- User consent management for tool calls from UI (configurable: never/once-per-server/always)
- Keyboard shortcuts: Cmd/Ctrl+Enter to complete, Escape to cancel
- UI prompts/intents trigger agent turns via
pi.sendMessage({ triggerTurn: true }) mcp({ action: "ui-messages" })retrieves accumulated messages from UI sessions
-
Session reuse - When the agent calls the same tool while its UI is already open, results push to the existing window instead of replacing it. Per-call stream IDs with independent sequences. Error results scoped to the individual call.
-
Glimpse integration - MCP UI opens in a native macOS WKWebView window instead of a browser tab when Glimpse is installed (
pi install npm:glimpseui). Falls back to browser on non-macOS or when unavailable. Override withMCP_UI_VIEWER=browserorMCP_UI_VIEWER=glimpse. -
Logger module (
logger.ts) - Centralized logging with levels (debug/info/warn/error), contextual child loggers, andMCP_UI_DEBUG=1env var. -
Error types (
errors.ts) - Structured errors with recovery hints:ResourceFetchError,ResourceParseError,BridgeConnectionError,ConsentError,SessionError,ServerError, andwrapError()helper. -
Test suite - 178 tests covering consent manager, UI resource handler, host HTML template, logger, and error types.
-
Interactive visualizer example (
examples/interactive-visualizer) - Minimal MCP server demonstrating charts (bar/line/pie/doughnut via Chart.js), bidirectional messaging, and streaming.
Fixed
- Host-iframe timing: bridge now connects before loading iframe, fixing
ui/initializetimeout on first load - All internal
log.infocalls demoted tolog.debugto eliminate stdout noise during normal use
Technical Notes
- Uses local minified AppBridge bundle (408KB) to avoid CDN Zod bundling issues
- Serves app HTML from
/ui-appendpoint instead of blob URLs to avoid iframe issues - SSE for real-time tool result streaming to browser
[2.1.2] - 2026-02-03
Changed
- Added demo video and
pi.videofield to package.json for pi package browser.
[2.1.0] - 2026-02-02
Added
- Direct tool registration - Promote specific MCP tools to first-class Pi tools via
directToolsconfig (per-server or global). Direct tools appear in the agent's tool list alongside builtins, so the LLM uses them without needing to search through the proxy first. Registers from cached metadata at startup — no server connections needed. /mcpinteractive panel - New TUI overlay replacing the text-based status dump. Shows server connection status, tool lists with direct/proxy toggles, token cost estimates, inline reconnect, and auth notices. Changes written to config on save.- Auto-enriched proxy description - The
mcpproxy tool description now includes server names and tool counts from the metadata cache, so the LLM knows what's available without a search call (~30 extra tokens). MCP_DIRECT_TOOLSenv var - Subagent processes receive their direct tool configuration via environment variable, keeping subagents lean by default.- First-run bootstrap - Servers with
directToolsconfigured but no cache entry are connected duringsession_startto populate the cache. Direct tools become available after restart. - Config provenance tracking for correct write-back to user/project/import sources
- Builtin name collision guard (skips direct tools that would shadow
read,write, etc.) - Cross-server name deduplication for
prefix: "none"andprefix: "short"modes
[2.0.1] - 2026-02-01
Fixed
- Adapt execute signature to pi v0.51.0: add signal, onUpdate, ctx parameters
[2.0.0] - 2026-01-29
Changed
- BREAKING: Lazy startup by default - All servers now default to
lifecycle: "lazy"and only connect when a tool call needs them. Previously all servers connected eagerly on session start. Setlifecycle: "keep-alive"orlifecycle: "eager"to restore the old behavior per-server. - Idle timeout - Connected servers are automatically disconnected after 10 minutes of inactivity (configurable via
settings.idleTimeoutor per-serveridleTimeout). Cached metadata keeps search/list working after disconnect. SetidleTimeout: 0to disable. /mcp reconnectaccepts an optional server name to connect or reconnect a single server
Added
- Metadata cache - Tool and resource metadata persisted to
~/.pi/agent/mcp-cache.json. Enables search/list/describe without live connections. Per-server config hashing with 7-day staleness. Multi-session safe via read-merge-write with per-process tmp files. - npx binary resolution - Resolves npx package binaries to direct paths, eliminating the ~143 MB npm parent process per server. Persistent cache at
~/.pi/agent/mcp-npx-cache.jsonwith 24h TTL. mcp({ connect: "server-name" })mode - Explicitly trigger connection and metadata refresh for a named server- Failure backoff - Servers that fail to connect are skipped for 60 seconds to avoid repeated connection storms
- In-flight tracking - Active tool calls prevent idle timeout from shutting down a server mid-request
- Prefix-match fallback - Tool calls with unrecognized names try to match a server prefix and lazy-connect the matching server
- Lifecycle options:
lazy(default),eager(connect at startup, no auto-reconnect),keep-alive(unchanged) - Per-server
idleTimeoutoverride and globalsettings.idleTimeout - First-run bootstrap: connects all servers on first session to populate the cache
Fixed
- Connection close race condition: concurrent close + connect no longer orphans server processes
- Fuzzy tool name matching - Hyphens and underscores are treated as equivalent during tool lookup. MCP tools like
resolve-library-idare now found when called asresolve_library_id, which LLMs naturally guess since the prefix separator is_. - Better "tool not found" errors - When a server is identified (via prefix match or override) but the tool isn't found, the error now lists that server's available tools so the LLM can self-correct immediately instead of needing a separate list call
[1.6.0] - 2026-01-29
Added
- Unified pi tool search -
mcp({ search: "..." })now searches both MCP tools and Pi tools (from installed extensions) - Pi tools appear first in results with
[pi tool]prefix - Details object includes
server: "pi"for pi tools - Banner image for README
[1.5.1] - 2026-01-26
Changed
- Added
pi-packagekeyword for npm discoverability (pi v0.50.0 package system)
[1.5.0] - 2026-01-22
Changed
- BREAKING:
argsparameter is now a JSON string - Theargsparameter which previously accepted an object now accepts a JSON string. This change was required for compatibility with Claude's Vertex AI API (google-antigravityprovider) which rejectspatternPropertiesin JSON schemas (generated byType.Record()).
Added
- Type validation for args - Parsed args are now validated to ensure they're a JSON object (not null, array, or primitive). Clear error messages for invalid input.
isError: trueon error responses - JSON parse errors and type validation errors now properly setisError: trueto indicate failure to the LLM.
Migration
// Before (1.4.x)
mcp({ tool: "my_tool", args: { key: "value" } })
// After (1.5.0)
mcp({ tool: "my_tool", args: '{"key": "value"}' })
[1.4.1] - 2026-01-19
Changed
- Status bar shows server count instead of tool count ("MCP: 5 servers")
[1.4.0] - 2026-01-19
Changed
- Non-blocking startup - Pi starts immediately, MCP servers connect in background. First MCP call waits only if init isn't done yet.
Fixed
- Tool metadata now includes
inputSchemaafter/mcp reconnect(was missing, breaking describe and error hints)
[1.3.0] - 2026-01-19
Changed
- Parallel server connections - All MCP servers now connect in parallel on startup instead of sequentially, significantly faster with many servers
[1.2.2] - 2026-01-19
Fixed
- Installer now downloads from
mainbranch (renamed frommaster)
[1.2.1] - 2026-01-19
Added
- npx installer - Run
npx pi-mcp-adapterto install (downloads files, installs deps, configures settings.json)
[1.1.0] - 2026-01-19
Changed
- Search includes schemas by default - Search results now include parameter schemas, reducing tool calls needed (search + call instead of search + describe + call)
- Space-separated search terms match as OR -
"navigate screenshot"finds tools matching either word (like most search engines) - Suppress server stderr by default - MCP server logs no longer clutter terminal on startup
- Use
includeSchemas: falsefor compact output without schemas - Use
debug: trueper-server to show stderr when troubleshooting
[1.0.0] - 2026-01-19
Added
- Single unified
mcptool with token-efficient architecture (~200 tokens vs ~15,000 for individual tools) - Five operation modes:
mcp({})- Show server statusmcp({ server: "name" })- List tools from a servermcp({ search: "query" })- Search tools by name/descriptionmcp({ describe: "tool_name" })- Show tool details and parameter schemamcp({ tool: "name", args: {...} })- Call a tool
- Stdio transport for local MCP servers (command + args)
- HTTP transport with automatic fallback (StreamableHTTP → SSE)
- Config imports from Cursor, Claude Code, Claude Desktop, VS Code, Windsurf, Codex
- Resource tools - MCP resources exposed as callable tools
- OAuth support - Token file-based authentication
- Bearer token auth - Static or environment variable tokens
- Keep-alive connections with automatic health checks and reconnection
- Schema on-demand - Parameter schemas shown in
describemode and error responses - Commands:
/mcpor/mcp status- Show server status/mcp tools- List all tools/mcp reconnect- Force reconnect all servers/mcp-auth <server>- Show OAuth setup instructions
Architecture
- Tools stored in metadata map, not registered individually with Pi
- MCP server validates arguments (no client-side schema conversion)
- Reconnect callback updates metadata after auto-reconnect
- Human-readable schema formatting for LLM consumption