* fix(typebox): migrate to v1 with extension compat
Replace AJV-based validation with TypeBox-native validation, keep legacy extension imports working (including @sinclair/typebox/compiler), and restore coercion for serialized/plain JSON schemas.
This change closes#3112.
* fix(typebox): use canonical imports and harden coercion
Switch first-party code to canonical typebox imports while retaining legacy extension aliases in the loader.
Remove obsolete runtime codegen guards, expand serialized JSON-schema coercion coverage, and update related tests and fixtures.
Fixes#3112.
---------
Co-authored-by: Mario Zechner <badlogicgames@gmail.com>
Emit OSC 9;4 progress start/end sequences during agent streaming and
compaction so terminals (iTerm2, WezTerm, Windows Terminal, Kitty, etc.)
show activity in their tab bar.
Made with love for @lucasmeijer
marked v15 does not filter dangerous URL protocols. The default link
renderer passes href values through verbatim, so markdown like
`[click](javascript:alert(1))` renders as a clickable XSS link in
shared/exported session HTML.
Add custom link and image renderers that:
- Block javascript:, vbscript:, and data: protocol URLs
- Escape href/title/alt attributes via escapeHtml()
Also escape img.mimeType in session image rendering to prevent
attribute breakout from crafted session JSONL.
Fixes#3531
Rename BUILTIN_TOOLS to TEMPLATE_RENDERED_TOOLS to match what the set
actually represents: tools rendered directly by the HTML template instead of
pre-rendered through the TUI→ANSI→HTML pipeline.
Move grep and find off the template-rendered exclusion path so they use their
existing TUI renderCall/renderResult output in HTML export.
Add a dedicated HTML renderer for ls and keep it in the template-rendered set.
Unlike grep and find, rendering ls through the terminal-oriented Text component
introduced spacing artifacts in exported HTML due to full-width line padding,
so ls is rendered natively in the export template instead.
- treat tools as a global allowlist across built-in, extension, and SDK tools
- remove process-cwd singleton tool usage from SDK and CLI paths
- add regression coverage for extension tool filtering
closes#3452closes#2835
Some models (Opus 4.6, GLM-5.1) send the edits parameter as a JSON
string instead of a parsed array. This fails AJV validation with
'must be array' and models fall back to sed/python.
Parse stringified edits in prepareEditArguments before validation.
* feat(agent,coding-agent): add per-tool executionMode field to AgentTool and ToolDefinition
Add optional executionMode?: ToolExecutionMode to AgentTool and
ToolDefinition interfaces. Propagate through wrapToolDefinition and
createToolDefinitionFromAgentTool. No behavioral change yet — agent
loop will read this field in a follow-up.
* feat(agent): support per-tool executionMode override for sequential execution
When a tool defines executionMode='sequential', the agent loop
forces sequential execution of all tool calls in that batch,
even if the global config is parallel.
* feat(coding-agent): re-export ToolExecutionMode from @mariozechner/pi-agent-core
Makes the type available to extensions that want to set
executionMode on tool definitions.
* feat(coding-agent): add tic-tac-toe extension example with executionMode: sequential
Demonstrates per-tool executionMode: the agent plays via move/play
tool calls that share a cursor. Without sequential execution, play
can resolve before earlier moves finish, landing on the wrong cell.