@oh-my-pi/pi-coding-agent 14.9.8 → 15.0.0

package/CHANGELOG.md

@@ -2,6 +2,107 @@
 
 ## [Unreleased]
 
+## [15.0.0] - 2026-05-13
+### Breaking Changes
+
+- Removed `op: issue_view` and `op: pr_view` from the `github` tool. Read single issues/PRs via the `read` tool against `issue://<N>` / `pr://<N>` (or the long form `issue://<owner>/<repo>/<N>` / `pr://<owner>/<repo>/<N>`); append `?comments=0` to drop the comments section. The `issue` and `comments` parameters were removed from the tool schema since no remaining op consumes them. Mutating ops (`pr_create`, `pr_checkout`, `pr_push`), `repo_view`, `search_*`, and `run_watch` are unchanged.
+- Removed `op: pr_diff` (along with the `nameOnly` and `exclude` schema fields) from the `github` tool. Read PR diffs through the new `pr://` URL family: `pr://<N>/diff` for the changed-file listing, `pr://<N>/diff/<i>` for a single file slice (1-indexed), and `pr://<N>/diff/all` for the verbatim unified diff. Long-form `pr://<owner>/<repo>/<N>/diff[/…]` works the same way. All three variants share one `gh pr diff` invocation through a new `pr-diff` cache row, so the listing and per-file slices reconstruct from cached bytes without re-shelling. Diff content is served as `text/plain` so the `read` tool's line selectors (e.g. `pr://<N>/diff/all:200-400`) page the cached output without falsely advertising hashline anchors.
+- Renamed ACP custom extension methods from `omp/*` to `_omp/*` to comply with the ACP spec's `_`-prefix requirement for non-spec methods; existing callers must update method names
+
+### Added
+
+- Added markdown rendering for `read` results when content type is `text/markdown`, so GitHub internal-URL outputs are shown as formatted markdown instead of plain code blocks
+- Added `pr://<N>/diff`, `pr://<N>/diff/<i>`, and `pr://<N>/diff/all` internal-URL shapes covering changed-file listings, per-file slices, and the full unified diff. They share one `pr-diff` SQLite cache row with the same TTL knobs as `pr://<N>` views (`github.cache.softTtlSec` / `github.cache.hardTtlSec` / `github.cache.enabled`). Single PR views now advertise the diff entry point via a `Diff: pr://<owner>/<repo>/<N>/diff` note. Cache schema bumped to `user_version = 3`; older rows are dropped on first open to add credential-scoped keys and relax the `kind` CHECK constraint.
+- Added `issue://` / `pr://` internal-URL schemes that share a SQLite-backed cache with the rest of the `github` tool. Single-item reads (`issue://<N>`, `issue://<owner>/<repo>/<N>`) return rendered markdown and within `github.cache.softTtlSec` (default 5 minutes) skip the `gh` round-trip entirely; within `github.cache.hardTtlSec` (default 7 days) the cached row is returned and a background refresh is scheduled. Root and repo-scoped reads (`issue://`, `pr://owner/repo`) issue a live `gh issue list` / `gh pr list` for browsing, supporting `?state=open|closed|all` for issues, `?state=open|closed|merged|all` for PRs, and `?limit=`, `?author=`, `?label=` query params. Rendered output lands in `~/.omp/cache/github-cache.db` (override via `OMP_GITHUB_CACHE_DB`); disable the cache entirely with `github.cache.enabled = false`. Cwd→default-repo lookups (`gh repo view`) are memoized per-process.
+- Added new `Approve and compact context` choice to the ExitPlanMode approval selector. Sits between `Approve and execute` (purge session) and `Approve and keep context` (full transcript) — runs `/compact` on the plan-mode transcript with a planning-specific summarization hint, then dispatches the plan-approved execution turn so it lands on a fresh cache anchor with the summarized rationale carried over. Cancelling the compaction (Esc or any other abort source) defers the execution dispatch and surfaces a warning so the operator can resubmit manually; non-abort failures proceed best-effort.
+- Added `CompactionCancelledError` typed sentinel and `CompactionOutcome` (`"ok" | "cancelled" | "failed"`) return type to `@oh-my-pi/pi-coding-agent/session/compaction`. `CommandController.executeCompaction` and `handleCompactCommand` now return the outcome instead of `void` so callers can discriminate user-driven aborts from generic failures without inspecting error messages.
+- Added a `credential_disabled` extension event so extensions can subscribe via `pi.on("credential_disabled", handler)` and react when `AuthStorage` automatically soft-disables a credential (e.g. OAuth `invalid_grant`). Replaces the current `agent_end` errorMessage regex pattern downstream extensions have to match against. Handler payload is `{ type, provider, disabledCause }`. `createAgentSession()` subscribes the per-session extension runner to the shared `AuthStorage` via `authStorage.onCredentialDisabled(...)` at the very top of session creation — before any startup model probes run — so events fire on every disable regardless of whether the embedder also has a constructor `onCredentialDisabled` handler attached. The SDK forwards through `ExtensionRunner.emitCredentialDisabled(event)`, which buffers events until `runner.initialize(...)` runs in the mode controller and then flushes them through `emit()` so extension handlers see populated UI/runtime context (rather than the constructor's no-op default with `hasUI=false`, an unset model, and no-op runtime actions). On `session.dispose()` the subscription is unsubscribed; the embedder's constructor-attached listener keeps firing through its own permanent subscription. The outer `createAgentSession()` catch also releases the subscription if startup throws before the dispose-wrap is wired, so repeated retries don't accumulate dead listeners.
+- Added `omp acp` subcommand for launching as an ACP (Agent Client Protocol) server over stdio
+- Added explicit `type` discriminators to ACP `initialize` auth methods, including a `terminal` setup method gated on `clientCapabilities.auth.terminal`
+- Added ACP equivalents for the remaining TUI slash commands (`/jobs`, `/changelog`, `/dump`, `/copy`, `/hotkeys`, `/extensions`, `/agents`, `/model`, `/plan`, `/loop`, `/btw`, `/login`, `/logout`, `/resume`, `/tree`, `/branch`, `/new`, `/drop`, `/handoff`, `/fork`, `/session delete`, `/export`, `/share`, `/todo`, `/memory`, `/move`, `/mcp`, `/ssh`, `/marketplace`, `/plugins`) so ACP clients reach feature parity with the TUI for non-interactive flows
+- Added ACP `plan` mode: when `plan.enabled` setting is on, ACP `session/new`/`load`/`resume`/`fork` advertise a `plan` mode alongside `default`; `session/set_mode` toggles plan-mode state so the next agent turn injects the plan-mode system prompt
+- Added ACP `ClientBridge` abstraction (`packages/coding-agent/src/session/client-bridge.ts`) that routes tool I/O through the connected client when capabilities are advertised at `initialize`; populated from `AgentSideConnection` in ACP mode
+- Added ACP `terminal/*` routing for `bash`: when the client advertises `terminal: true`, the tool creates a client-side terminal, embeds its `terminalId` on the live tool card, polls output, and releases the handle on exit or abort
+- Added ACP `fs/read_text_file` and `fs/write_text_file` routing for the `read` and `write` tools: when the client advertises `fs.readTextFile` / `fs.writeTextFile`, plain-text reads/writes go through the editor (surfacing unsaved buffer content and letting the editor track agent writes); falls back to disk only for reads, throws on bridge write failures
+- Added ACP `session/request_permission` gate around `bash`, `edit`, `write`, and `ast_edit` when an ACP client is connected; remembers `allow_always` / `reject_always` decisions per tool for the session lifetime
+- Added `diff` `ToolCallContent` emission for edit tool results: per-file `oldText`/`newText` is threaded through `EditToolPerFileResult` / `EditToolDetails` so ACP clients can render inline diffs
+- Added richer ACP `StopReason` mapping (`max_tokens`, `refusal`, `cancelled`) derived from the last assistant message's internal stop reason; previously only `end_turn`/`cancelled` were emitted
+- Added `_meta.messageCount` and `_meta.size` on `session/list` `SessionInfo` entries
+- Added ACP `tool_call_update` `locations` refresh from in-flight tool args and final result details so clients can "follow along" multi-file edits in real time
+
+### Changed
+
+- Changed issue and pull-request list entries to link to repository-qualified URLs (for example `issue://owner/repo/<N>`) so list items open correctly outside the default repo
+- Aligned prompt instruction language by defining `NEVER` and `AVOID` as strict aliases for `MUST NOT` and `SHOULD NOT` in the system prompt, and standardized agent, tool, and system prompt templates to use those terms consistently
+- Changed `--mode acp` to apply the same stdout-quiet overrides as `--mode rpc` so no banner or status text leaks into the JSON-RPC channel
+- Changed ACP startup to no longer require a configured model so registry validators and clients can complete `initialize` and `authenticate` before any model is selected
+### Fixed
+
+- Deferred flushing of buffered `credential_disabled` events during extension runner initialization to a microtask so handler failures are now routed through `onError()` registrations made immediately after `initialize()`, preserving extension error reporting
+- Fixed `eval` tool dynamic `await import("./relative.ts")` calls failing with `Cannot find module ... from .../eval/js/shared/runtime.ts`. The static-import rewriter only handled `ImportDeclaration` nodes, so dynamic-import call expressions resolved their specifier against the worker module's URL instead of the session cwd. The rewriter now walks the full AST and additionally swaps `import` callees in `CallExpression` nodes for `__omp_import__`, which forwards the optional options bag verbatim to native `import()` so `{ with: { type: "json" } }` round-trips. Renamed `rewriteStaticImports` → `rewriteImports`.
+- Fixed `pr://<owner>/<repo>/diff` URLs for repositories named `diff` to continue resolving to PR list lookups instead of being parsed as short-form diff links
+- Fixed `issue://<N>/diff` short form previously misparsing as a repo named `<N>/diff` and surfacing a confusing GraphQL "Could not resolve to a Repository" error. The numeric-host disambiguation that already routed `pr://<N>/diff` through the diff path now applies to both schemes, so `issue://<N>/diff[/…]` falls through to the existing "Issue views do not have a diff; use pr://<owner>/<repo>/<n>/diff for pull requests." rejection — matching the long-form `issue://<owner>/<repo>/<N>/diff` behavior. `<scheme>://<owner>/diff` listings for a repo literally named `diff` are unchanged.
+- Fixed PR unified diff parsing so changed-file headers with quoted paths (such as paths containing spaces) are now detected correctly and hunk content lines beginning with `---`/`+++` are counted in additions/deletions
+- Fixed GitHub view caching to account for active credential identity and avoid serving cached issue/PR data across different account/token contexts
+- Fixed `read` call tracking so calls without an explicit path or URL target no longer appear as regular file reads in the execution tracker
+- Fixed `createAgentSession()` subscribing the `credential_disabled` bridge to a freshly discovered `AuthStorage` orphan when an embedder supplied only `options.modelRegistry` (no `options.authStorage`). Refresh failures emitted by `modelRegistry.getApiKey()` flow through `modelRegistry.authStorage`, so a divergent local instance silently swallowed every disable event and also leaked into the `mcpManager` and session result. The SDK now reconciles `authStorage` to `modelRegistry.authStorage` up front and rejects mismatched `options.authStorage`/`options.modelRegistry.authStorage` pairs at session construction.
+- Fixed `runSubagent` (subagent task executor) carrying the same latent `AuthStorage`/`ModelRegistry` divergence as `createAgentSession()`: when only `options.modelRegistry` was supplied, the executor previously fell through to a fresh `discoverAuthStorage()` and handed that orphan into `createAgentSession()` alongside a registry whose `.authStorage` was a different instance. The executor now reconciles to `modelRegistry.authStorage` before any further work and rejects mismatched `options.authStorage`/`options.modelRegistry.authStorage` pairs the same way the SDK does, so subagents can no longer silently observe a different storage view than their parent.
+- Fixed `github` tool's `search_issues`/`search_prs`/`search_code`/`search_commits`/`search_repos` ops always returning 0 results when the query contained more than one qualifier (e.g. `is:merged is:pr`, `is:open author:foo`). `gh search …` since the `advanced_search=true` rollout in gh 2.92 silently wraps multi-token positional queries in parentheses and quotes everything after the first qualifier as that qualifier's value (`is:"merged is:pr"`), which GitHub then matches as a literal state filter that no PR can satisfy. The tool now calls `gh api -X GET /search/<endpoint> -f q=… -F per_page=…` directly so the qualifiers reach GitHub's search API verbatim. `is:issue`/`is:pr` and `repo:<owner>/<repo>` are appended internally to preserve the previous CLI-flag behavior; the user-facing query string in the formatted output is unchanged. `state` for merged PRs is derived from `pull_request.merged_at` so the rendered `State:` line stays `merged`/`closed`/`open` as before.
+- Fixed `read` tool renderer rendering failed reads with a success check (`✓`) and styling the error message as file content while the surrounding box was red. The renderer now branches on `isError` for both file and URL paths: header shows `✘ Read <path>` with a proper error icon and the underlying message is rendered as an error line. `renderReadUrlResult` got the same treatment so failed URL reads also get the cross icon instead of falling through to the `"No response data"` Text fallback. Mirrors the `bash`/`find` renderer error pattern.
+- Fixed ACP mode to advertise and handle non-TUI builtin slash commands and `/skill:<name>` commands
+- Fixed ACP `session/resume` and `session/close` to dispatch correctly under SDK 0.21 by renaming `unstable_resumeSession` / `unstable_closeSession` to the stable `resumeSession` / `closeSession` method names the SDK now routes to
+- Fixed ACP `tool_call` / `tool_call_update` `locations` to always emit absolute paths (resolved against the session cwd) so editor clients can reliably open or focus the referenced file
+- Fixed ACP edit `diff` metadata for moves to point at the destination path rather than the now-deleted source so post-edit "open file" actions land on the new file
+- Fixed ACP `session/request_permission` `locations` to be absolute and to honor the `requestPermission` capability bit instead of only checking for the method, matching the read/write/bash capability gating
+- Fixed ACP `authenticate` to reject `methodId` values that were not advertised by `initialize` so malformed clients fail fast instead of being treated as authenticated
+- Fixed ACP mode changes made via `session/set_session_config_option` (`MODE_CONFIG_ID`) to also emit a `current_mode_update` notification, matching `session/set_mode` so clients tracking `modes.currentModeId` stay in sync
+- Fixed `/model` ACP builtin to emit a `config_option_update` after switching models so clients show the new model in config selectors immediately
+- Fixed `/mcp list` (ACP) to redact query strings and userinfo from server URLs before emitting them, so API keys embedded in URLs (e.g. `?exaApiKey=…`) are not leaked to clients
+- Fixed `/mcp test|resources|prompts` (ACP) to wire the auth storage before `prepareConfig` so OAuth-backed MCP servers can refresh tokens and inject `Authorization` headers
+- Fixed `/mcp list`, `/mcp test`, `/mcp resources`, `/mcp prompts`, `/mcp enable`, and `/mcp disable` (ACP) to preserve project-over-user precedence when the same server name is defined in both scopes, matching the runtime capability merge so toggling the duplicated name flips the effective entry
+- Fixed `/ssh add --port` parsing to reject non-integer values (e.g. `22oops`) instead of silently coercing them via `Number.parseInt`
+- Fixed `/ssh list` to deduplicate hosts shared between project and user scopes, listing project entries first to match capability-loader precedence
+- Fixed `/export` (ACP) to reject clipboard aliases (`--copy`, `clipboard`, `copy`) instead of using them as the output filename
+- Fixed ACP builtin commands (`/compact`, `/force`, `/move`, `/browser`) to surface underlying failures via `output()` instead of swallowing them
+- Fixed `/session save|delete` (ACP) to route through the active `SessionManager` so the persist writer is consulted and stale storage references are removed
+- Fixed `/reload-plugins`, `/marketplace install|uninstall|upgrade`, and `/plugins enable|disable` (ACP) to refresh slash command registries and emit `available_commands_update` after plugin state changes
+- Fixed ACP `usage()` text emission to be awaited so help and error output is not dropped or reordered when commands return immediately
+- Fixed ACP `bash` tool to release the client terminal handle on `terminal/output` or `waitForExit` failures, and to race output polling against abort so a stuck RPC cannot delay cancellation
+- Fixed ACP `resource` content blocks with `image/*` MIME types to be routed into the LLM `images` array instead of being dropped as opaque blobs
+- Fixed `pr://` and `issue://` URLs accepting empty, `.`, or `..` path segments. `pr://owner//77`, `pr://owner/repo/77/diff//2`, and `pr://owner/../77/diff` previously slipped past the `.filter(Boolean)` split and were forwarded to `gh`; now they throw `Invalid <scheme>:// URL: empty or unsafe path segment` before any subprocess work.
+- Fixed `read` of `issue://` / `pr://` URLs ignoring the read tool's `AbortSignal`. Aborting a long `pr://<N>/diff/all` or stale issue fetch now propagates into the resolver and short-circuits at the handler entry; previously the `gh` round-trip and cache write ran to completion.
+- Fixed `read <path>:raw` (and the `raw: true` arg) still rendering markdown internal-URL content through the formatted markdown renderer. The TUI now respects the raw selector and falls back to the code-cell renderer so verbatim bytes are shown when requested.
+- Fixed `eval` tool JS cells crashing with a `structuredClone` error when an awaited final expression returned a non-cloneable value (module namespace, function, symbol, etc.). `displayValue` now falls back to a text representation and logs at debug instead of throwing.
+- Fixed `eval` tool JS rewriter missing the final expression when followed by trailing empty statements (e.g. `await Promise.resolve(1);;`). `returnFinalExpression` now scans backward past `EmptyStatement` nodes before deciding there is no final expression.
+- Fixed `github` view cache evicting valid rows on open whenever a longer-than-default `github.cache.hardTtlSec` was configured. `openDb()` no longer sweeps with the 7-day default before settings load; the per-lookup `sweepIfDue()` enforces the configured retention exclusively.
+- Fixed extension `ctx.shutdown()` being a no-op in the primary interactive path. The handler in `initHooksAndCustomTools` now sets `shutdownRequested` (mirroring the backgrounded-reinit path), and the main REPL loop drains the flag at the post-stream idle boundary so queued steering messages still flush before teardown.
+- Fixed plan-mode "Approve and compact context" dispatching queued user input against the stale plan-mode reference path. `setPlanReferencePath(finalPlanFilePath)` now runs before `handleCompactCommand` flushes the compaction queue, so any message typed during compaction is delivered with the approved plan context attached.
+- Fixed `.omp/commands/fix-issues.md` and `.omp/commands/review-prs.md` still instructing agents to call the removed `github issue_view` / `pr_view` / `pr_diff` ops; they now reference `read issue://<N>` and `read pr://<N>[/diff[/all|<i>]]`.
+- Fixed `ExtensionRunner.initialize()` flushing buffered `credential_disabled` events before mode controllers had a chance to register their `onError` listener. Mode controllers call `runner.initialize(...)` immediately followed by `runner.onError(...)` synchronously; the flush now runs in a microtask after splicing the buffer, so a synchronously throwing `credential_disabled` handler is routed through the registered error listener instead of being silently dropped.
+
+### Security
+
+- Secured the GitHub cache store with strict file permissions (`0600` files) and private permissions for newly created cache directories (`0700`) to reduce local cache exposure
+
+## [14.9.9] - 2026-05-12
+
+### Added
+
+- Added new `task.isolation.mode` values `auto`, `apfs`, `btrfs`, `zfs`, `reflink`, `overlayfs`, `projfs`, `block-clone`, and `rcopy` for native PAL-backed task isolation backends
+- Added automatic PAL-backed isolation backend selection so `task.isolation.mode` uses the host's best-available backend
+- Added input-token and output-token totals to `omp stats --summary`.
+
+### Changed
+
+- Changed `task.isolation.enabled=true` migration to map to `task.isolation.mode = "auto"` instead of legacy `worktree` isolation
+- Updated isolation configuration UI labels and descriptions to expose new back-end names (`overlayfs`, `projfs`, etc.) and removed references to deprecated values in guidance text
+
+### Fixed
+
+- Fixed worktree delta capture to include previously untracked file state by baselining untracked patches for both snapshots
+- Fixed task isolation startup to try alternate PAL backends when the preferred one is unavailable, allowing successful fallback instead of immediate failure
+- Mapped legacy `task.isolation.mode` values `worktree`, `fuse-overlay`, and `fuse-projfs` to their new equivalents during settings migration to preserve behavior with older configs
+
 ## [14.9.8] - 2026-05-12
 
 ### Breaking Changes

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-coding-agent",
-	"version": "14.9.8",
+	"version": "15.0.0",
 	"description": "Coding agent CLI with read, bash, edit, write tools and session management",
 	"homepage": "https://github.com/can1357/oh-my-pi",
 	"author": "Can Boluk",
@@ -47,12 +47,12 @@
 		"@agentclientprotocol/sdk": "0.21.0",
 		"@babel/parser": "^7.29.3",
 		"@mozilla/readability": "^0.6.0",
-		"@oh-my-pi/omp-stats": "14.9.8",
-		"@oh-my-pi/pi-agent-core": "14.9.8",
-		"@oh-my-pi/pi-ai": "14.9.8",
-		"@oh-my-pi/pi-natives": "14.9.8",
-		"@oh-my-pi/pi-tui": "14.9.8",
-		"@oh-my-pi/pi-utils": "14.9.8",
+		"@oh-my-pi/omp-stats": "15.0.0",
+		"@oh-my-pi/pi-agent-core": "15.0.0",
+		"@oh-my-pi/pi-ai": "15.0.0",
+		"@oh-my-pi/pi-natives": "15.0.0",
+		"@oh-my-pi/pi-tui": "15.0.0",
+		"@oh-my-pi/pi-utils": "15.0.0",
 		"@puppeteer/browsers": "^2.13.0",
 		"@sinclair/typebox": "^0.34.49",
 		"@types/turndown": "5.0.6",

package/scripts/build-binary.ts

@@ -40,6 +40,17 @@ async function main(): Promise<void> {
 					"--root",
 					"../..",
 					"./src/cli.ts",
+					// Worker entrypoints. Bun's `--compile` discovers the literal in
+					// `new Worker("…", …)` at each spawn site, but only actually
+					// emits the worker into the bunfs root when it is listed here as
+					// an explicit additional entry. Paths are relative to this
+					// script's cwd (packages/coding-agent) and the `--root` above
+					// (../..) makes them appear inside the binary at
+					// `/$bunfs/root/packages/<pkg>/src/<worker>.js`, which is
+					// exactly what the literals at the spawn sites resolve to.
+					"../stats/src/sync-worker.ts",
+					"./src/tools/browser/tab-worker-entry.ts",
+					"./src/eval/js/worker-entry.ts",
 					"--outfile",
 					"dist/omp",
 				],

package/scripts/format-prompts.ts

@@ -25,7 +25,7 @@ const PROMPT_DIRS = [PROMPTS_DIR, COMMIT_PROMPTS_DIR, AGENTIC_PROMPTS_DIR];
 const PROMPT_FORMAT_OPTIONS = {
 	renderPhase: "pre-render",
 	replaceAsciiSymbols: true,
-	boldRfc2119Keywords: true,
+	normalizeRfc2119: true,
 } as const;
 
 async function main() {

package/src/cli/args.ts

@@ -7,7 +7,7 @@ import chalk from "chalk";
 import { parseEffort } from "../thinking";
 import { BUILTIN_TOOLS } from "../tools";
 
-export type Mode = "text" | "json" | "rpc" | "acp";
+export type Mode = "text" | "json" | "rpc" | "acp" | "rpc-ui";
 
 export interface Args {
 	cwd?: string;
@@ -79,7 +79,7 @@ export function parseArgs(args: string[], extensionFlags?: Map<string, { type: "
 			result.allowHome = true;
 		} else if (arg === "--mode" && i + 1 < args.length) {
 			const mode = args[++i];
-			if (mode === "text" || mode === "json" || mode === "rpc" || mode === "acp") {
+			if (mode === "text" || mode === "json" || mode === "rpc" || mode === "acp" || mode === "rpc-ui") {
 				result.mode = mode;
 			}
 		} else if (arg === "--continue" || arg === "-c") {

package/src/cli/stats-cli.ts

@@ -176,6 +176,8 @@ async function printStatsSummary(): Promise<void> {
 	console.log(`  Requests: ${formatNumber(overall.totalRequests)} (${formatNumber(overall.failedRequests)} errors)`);
 	console.log(`  Error Rate: ${formatPercent(overall.errorRate)}`);
 	console.log(`  Total Tokens: ${formatNumber(overall.totalInputTokens + overall.totalOutputTokens)}`);
+	console.log(`  Input Tokens: ${formatNumber(overall.totalInputTokens)}`);
+	console.log(`  Output Tokens: ${formatNumber(overall.totalOutputTokens)}`);
 	console.log(`  Cache Rate: ${formatPercent(overall.cacheRate)}`);
 	console.log(`  Total Cost: ${formatCost(overall.totalCost)}`);
 	console.log(`  Premium Requests: ${formatNumber(normalizePremiumRequests(overall.totalPremiumRequests ?? 0))}`);

package/src/cli.ts

@@ -50,6 +50,7 @@ process.title = APP_NAME;
 
 const commands: CommandEntry[] = [
 	{ name: "launch", load: () => import("./commands/launch").then(m => m.default) },
+	{ name: "acp", load: () => import("./commands/acp").then(m => m.default) },
 	{ name: "agents", load: () => import("./commands/agents").then(m => m.default) },
 	{ name: "commit", load: () => import("./commands/commit").then(m => m.default) },
 	{ name: "config", load: () => import("./commands/config").then(m => m.default) },
@@ -84,8 +85,30 @@ function isSubcommand(first: string | undefined): boolean {
 	return commands.some(e => e.name === first || e.aliases?.includes(first));
 }
 
+/**
+ * Smoke-test entry. Spawns the stats sync worker, pings it, exits.
+ *
+ * Purpose: catch the silent worker-load regressions that hit compiled
+ * binaries (issues #1011 and #1027). Neither `--version` nor
+ * `stats --summary` actually spawns a Worker on a fresh install — the
+ * sync path early-returns when no session files exist. This probe is the
+ * minimal end-to-end test that proves `new Worker(...)` resolves and the
+ * bundled worker module evaluates successfully. Wired into
+ * `scripts/install-tests/run-ci.sh` so binary / source-link / tarball
+ * installs all exercise it on every CI run.
+ */
+async function runSmokeTest(): Promise<void> {
+	const { smokeTestSyncWorker } = await import("@oh-my-pi/omp-stats");
+	await smokeTestSyncWorker();
+	process.stdout.write("smoke-test: ok\n");
+}
+
 /** Run the CLI with the given argv (no `process.argv` prefix). */
-export function runCli(argv: string[]): Promise<void> {
+export async function runCli(argv: string[]): Promise<void> {
+	if (argv[0] === "--smoke-test") {
+		await runSmokeTest();
+		return;
+	}
 	// --help and --version are handled by run() directly, don't rewrite those.
 	// Everything else that isn't a known subcommand routes to "launch".
 	const first = argv[0];

package/src/commands/acp.ts

@@ -0,0 +1,24 @@
+/**
+ * Run Oh My Pi as an ACP (Agent Client Protocol) server over stdio.
+ *
+ * Thin wrapper around the launch flow that forces `mode: "acp"` unless the
+ * ACP terminal-auth flag asks the same command to open the interactive TUI.
+ */
+import { Command } from "@oh-my-pi/pi-utils/cli";
+import { parseArgs } from "../cli/args";
+import { runRootCommand } from "../main";
+import { prepareAcpTerminalAuthArgs } from "../modes/acp/terminal-auth";
+
+export default class Acp extends Command {
+	static description = "Run Oh My Pi as an ACP (Agent Client Protocol) server over stdio";
+	static strict = false;
+
+	async run(): Promise<void> {
+		const { args, terminalAuth } = prepareAcpTerminalAuthArgs(this.argv);
+		const parsed = parseArgs(args);
+		if (!terminalAuth) {
+			parsed.mode = "acp";
+		}
+		await runRootCommand(parsed, args);
+	}
+}

package/src/commands/launch.ts

@@ -7,6 +7,7 @@ import { APP_NAME } from "@oh-my-pi/pi-utils";
 import { Args, Command, Flags } from "@oh-my-pi/pi-utils/cli";
 import { parseArgs } from "../cli/args";
 import { runRootCommand } from "../main";
+import { prepareAcpTerminalAuthArgs } from "../modes/acp/terminal-auth";
 
 export default class Index extends Command {
 	static description = "AI coding assistant";
@@ -49,8 +50,8 @@ export default class Index extends Command {
 			description: "Allow starting in ~ without auto-switching to a temp dir",
 		}),
 		mode: Flags.string({
-			description: "Output mode: text (default), json, or rpc",
-			options: ["text", "json", "rpc"],
+			description: "Output mode: text (default), json, rpc, or rpc-ui",
+			options: ["text", "json", "rpc", "acp", "rpc-ui"],
 		}),
 		print: Flags.boolean({
 			char: "p",
@@ -135,7 +136,8 @@ export default class Index extends Command {
 	static strict = false;
 
 	async run(): Promise<void> {
-		const parsed = parseArgs(this.argv);
-		await runRootCommand(parsed, this.argv);
+		const { args } = prepareAcpTerminalAuthArgs(this.argv);
+		const parsed = parseArgs(args);
+		await runRootCommand(parsed, args);
 	}
 }

package/src/commit/agentic/prompts/system.md

@@ -34,5 +34,5 @@ Tool guidance:
 
 ## Changelog Requirements
 
-If changelog targets provided, you **MUST** call `propose_changelog` before finishing.
+If changelog targets provided, you MUST call `propose_changelog` before finishing.
 If you propose split commit plan, include changelog target files in relevant commit changes.

package/src/config/model-resolver.ts

@@ -956,6 +956,36 @@ export async function resolveModelScope(
 	return scopedModels;
 }
 
+/**
+ * Resolve the set of models a session is allowed to use, given the active
+ * settings. Starts from `modelRegistry.getAvailable()` (so disabled providers
+ * and providers without credentials are already filtered out) and, when
+ * `enabledModels` is configured for the current path scope, further restricts
+ * the result to models matching those patterns.
+ *
+ * Returns the unfiltered available list when `enabledModels` is empty.
+ * Returns an empty list when `enabledModels` is configured but no available
+ * model matches any pattern — callers MUST treat this as "no usable model"
+ * rather than falling back to the global default (see issue #1022).
+ */
+export async function resolveAllowedModels(
+	modelRegistry: Pick<ModelRegistry, "getAvailable" | "getCanonicalVariants">,
+	settings: Settings | undefined,
+	preferences?: ModelMatchPreferences,
+): Promise<Model<Api>[]> {
+	const available = modelRegistry.getAvailable();
+	const patterns = settings?.get("enabledModels");
+	if (!patterns || patterns.length === 0) {
+		return available;
+	}
+	const scoped = await resolveModelScope(patterns, modelRegistry, preferences);
+	if (scoped.length === 0) {
+		return [];
+	}
+	const allowed = new Set(scoped.map(entry => `${entry.model.provider}/${entry.model.id}`));
+	return available.filter(model => allowed.has(`${model.provider}/${model.id}`));
+}
+
 export interface ResolveCliModelResult {
 	model: Model<Api> | undefined;
 	selector?: string;

package/src/config/settings-schema.ts

@@ -1864,6 +1864,37 @@ export const SETTINGS_SCHEMA = {
 		},
 	},
 
+	"github.cache.enabled": {
+		type: "boolean",
+		default: true,
+		ui: {
+			tab: "tools",
+			label: "GitHub view cache",
+			description: "Cache rendered issue/PR view output in ~/.omp/cache/github-cache.db so repeated reads are free",
+		},
+	},
+
+	"github.cache.softTtlSec": {
+		type: "number",
+		default: 300,
+		ui: {
+			tab: "tools",
+			label: "GitHub cache soft TTL (seconds)",
+			description: "Within this window, cached issue/PR view rows are returned directly. Default 5 minutes.",
+		},
+	},
+
+	"github.cache.hardTtlSec": {
+		type: "number",
+		default: 604800,
+		ui: {
+			tab: "tools",
+			label: "GitHub cache hard TTL (seconds)",
+			description:
+				"Past soft TTL but within hard TTL, the tool returns the cached row and refreshes it in the background. Past hard TTL, the row is dropped. Default 7 days.",
+		},
+	},
+
 	"web_search.enabled": {
 		type: "boolean",
 		default: true,
@@ -2067,25 +2098,46 @@ export const SETTINGS_SCHEMA = {
 	// Delegation
 	"task.isolation.mode": {
 		type: "enum",
-		values: ["none", "worktree", "fuse-overlay", "fuse-projfs"] as const,
+		values: [
+			"none",
+			"auto",
+			"apfs",
+			"btrfs",
+			"zfs",
+			"reflink",
+			"overlayfs",
+			"projfs",
+			"block-clone",
+			"rcopy",
+		] as const,
 		default: "none",
 		ui: {
 			tab: "tasks",
 			label: "Isolation Mode",
 			description:
-				"Isolation mode for subagents (none, git worktree, fuse-overlayfs on Unix, or ProjFS on Windows via fuse-projfs; unsupported modes fall back to worktree)",
+				'Isolation backend for subagents. "auto" lets the native PAL pick the best available backend (CoW-aware filesystems, then overlayfs/ProjFS, then a git worktree / recursive-copy fallback).',
 			options: [
 				{ value: "none", label: "None", description: "No isolation" },
-				{ value: "worktree", label: "Worktree", description: "Git worktree isolation" },
+				{ value: "auto", label: "Auto", description: "Let the PAL pick the best available backend" },
+				{ value: "apfs", label: "APFS", description: "macOS clonefile reflink (APFS)" },
+				{ value: "btrfs", label: "btrfs", description: "btrfs subvolume snapshot" },
+				{ value: "zfs", label: "ZFS", description: "ZFS snapshot + clone" },
+				{ value: "reflink", label: "Reflink", description: "Linux FICLONE per-file reflink" },
+				{
+					value: "overlayfs",
+					label: "Overlayfs",
+					description: "Linux kernel overlay (or fuse-overlayfs fallback)",
+				},
+				{ value: "projfs", label: "ProjFS", description: "Windows Projected File System" },
 				{
-					value: "fuse-overlay",
-					label: "Fuse Overlay",
-					description: "COW overlay via fuse-overlayfs (Unix only)",
+					value: "block-clone",
+					label: "Block clone",
+					description: "Windows FSCTL_DUPLICATE_EXTENTS_TO_FILE (NTFS/ReFS)",
 				},
 				{
-					value: "fuse-projfs",
-					label: "Fuse ProjFS",
-					description: "COW overlay via ProjFS (Windows only; falls back to worktree if unavailable)",
+					value: "rcopy",
+					label: "Recursive copy",
+					description: "git worktree if available, otherwise recursive copy",
 				},
 			],
 		},

package/src/config/settings.ts

@@ -598,11 +598,28 @@ export class Settings {
 		const isolationObj = taskObj?.isolation as Record<string, unknown> | undefined;
 		if (isolationObj && "enabled" in isolationObj) {
 			if (typeof isolationObj.enabled === "boolean") {
-				isolationObj.mode = isolationObj.enabled ? "worktree" : "none";
+				isolationObj.mode = isolationObj.enabled ? "auto" : "none";
 			}
 			delete isolationObj.enabled;
 		}
 
+		// task.isolation.mode: legacy values from before the pi-iso PAL refactor.
+		// `worktree` was git worktree → now lives under `rcopy`. `fuse-overlay`
+		// and `fuse-projfs` are now the platform-named `overlayfs` / `projfs`
+		// kinds; the PAL falls back internally when the chosen one isn't
+		// available, so we don't need the old TS-side platform guards.
+		if (isolationObj && typeof isolationObj.mode === "string") {
+			const legacy: Record<string, string> = {
+				worktree: "rcopy",
+				"fuse-overlay": "overlayfs",
+				"fuse-projfs": "projfs",
+			};
+			const mapped = legacy[isolationObj.mode as string];
+			if (mapped !== undefined) {
+				isolationObj.mode = mapped;
+			}
+		}
+
 		// edit.mode: removed "atom" variant is now "hashline"
 		const editObj = raw.edit as Record<string, unknown> | undefined;
 		if (editObj) {

package/src/edit/index.ts

@@ -145,13 +145,15 @@ async function executeApplyPatchPerFile(
 			const result = await run(batchRequest);
 			const details = result.details;
 			perFileResults.push({
-				path,
+				path: details?.path ?? path,
 				diff: details?.diff ?? "",
 				firstChangedLine: details?.firstChangedLine,
 				diagnostics: details?.diagnostics,
 				op: details?.op,
 				move: details?.move,
 				meta: details?.meta,
+				oldText: details?.oldText,
+				newText: details?.newText,
 			});
 			const text = result.content?.find(c => c.type === "text")?.text ?? "";
 			if (text) contentTexts.push(text);
@@ -205,6 +207,11 @@ async function executeSinglePathEntries(
 	const diffTexts: string[] = [];
 	let firstChangedLine: number | undefined;
 	let errorCount = 0;
+	let metadataPath: string | undefined;
+	let hasFirstOldText = false;
+	let firstOldText: string | undefined;
+	let hasLastNewText = false;
+	let lastNewText: string | undefined;
 
 	for (let i = 0; i < runs.length; i++) {
 		const isLast = i === runs.length - 1;
@@ -217,6 +224,17 @@ async function executeSinglePathEntries(
 			const details = result.details;
 			if (details?.diff) diffTexts.push(details.diff);
 			firstChangedLine ??= details?.firstChangedLine;
+			if (details?.path) {
+				metadataPath ??= details.path;
+			}
+			if (details && "oldText" in details && !hasFirstOldText) {
+				firstOldText = details.oldText;
+				hasFirstOldText = true;
+			}
+			if (details && "newText" in details) {
+				lastNewText = details.newText;
+				hasLastNewText = true;
+			}
 			const text = result.content?.find(c => c.type === "text")?.text ?? "";
 			if (text) contentTexts.push(text);
 		} catch (err) {
@@ -242,6 +260,9 @@ async function executeSinglePathEntries(
 		details: {
 			diff: diffTexts.join("\n"),
 			firstChangedLine,
+			path: metadataPath ?? path,
+			...(hasFirstOldText ? { oldText: firstOldText } : {}),
+			...(hasLastNewText ? { newText: lastNewText } : {}),
 		},
 		// Any per-entry failure marks the aggregate result as an error so the
 		// renderer takes the error branch instead of falling through to the

package/src/edit/modes/patch.ts

@@ -1772,15 +1772,25 @@ export async function executePatchSingle(
 		.diagnostics(mergedDiagnostics?.summary ?? "", mergedDiagnostics?.messages ?? [])
 		.get();
 
+	const oldText = result.change.type !== "create" ? result.change.oldContent : undefined;
+	const newText = result.change.type !== "delete" ? result.change.newContent : undefined;
+
 	return {
 		content: [{ type: "text", text: resultText }],
 		details: {
 			diff: diffResult.diff,
+			// When the patch moves the file, anchor the diff to the destination
+			// path. ACP `ToolCallContent.diff.path` comes from this field, and
+			// clients use it to open or focus the file post-change; pointing at
+			// the (now-deleted) source navigates to nothing.
+			path: result.change.newPath ?? resolvedPath,
 			firstChangedLine: diffResult.firstChangedLine,
 			diagnostics: mergedDiagnostics,
 			op,
 			move: effectiveRename,
 			meta,
+			oldText,
+			newText,
 		},
 	};
 }

package/src/edit/modes/replace.ts

@@ -1094,9 +1094,12 @@ export async function executeReplaceSingle(
 		content: [{ type: "text", text: resultText }],
 		details: {
 			diff: diffResult.diff,
+			path: absolutePath,
 			firstChangedLine: diffResult.firstChangedLine,
 			diagnostics,
 			meta,
+			oldText: rawContent,
+			newText: finalContent,
 		},
 	};
 }

package/src/edit/renderer.ts

@@ -55,6 +55,10 @@ export interface EditToolPerFileResult {
 	 * Set when the underlying error carries a `displayMessage` (e.g. {@link HashlineMismatchError}). */
 	displayErrorText?: string;
 	meta?: OutputMeta;
+	/** Source-of-truth content before the edit; `undefined` for create operations. */
+	oldText?: string;
+	/** Source-of-truth content after the edit; `undefined` for delete operations. */
+	newText?: string;
 }
 
 export interface EditToolDetails {
@@ -72,6 +76,12 @@ export interface EditToolDetails {
 	meta?: OutputMeta;
 	/** Per-file results (multi-file edits) */
 	perFileResults?: EditToolPerFileResult[];
+	/** Absolute file path for single-file edit results. Required by ACP diff metadata consumers. */
+	path?: string;
+	/** Source-of-truth content before the edit; `undefined` for create operations. */
+	oldText?: string;
+	/** Source-of-truth content after the edit; `undefined` for delete operations. */
+	newText?: string;
 }
 
 // ═══════════════════════════════════════════════════════════════════════════

package/src/edit/streaming.ts

@@ -287,7 +287,7 @@ const hashlineStrategy: EditStreamingStrategy<HashlineArgs> = {
 			sections = splitHashlineInputs(args.input, { cwd: ctx.cwd, path: args.path });
 		} catch {
 			// Single-section fallback keeps the original error rendering for the
-			// "haven't typed `@PATH` yet" case.
+			// "haven't typed `@@ PATH` yet" case.
 			const result = await computeHashlineDiff({ input: args.input, path: args.path }, ctx.cwd, {
 				autoDropPureInsertDuplicates: ctx.hashlineAutoDropPureInsertDuplicates,
 			});