pi-cursor-sdk 0.1.45 → 0.1.46

package/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 ## Unreleased
 
+## 0.1.46 - 2026-06-21
+
+### Changed
+
+- Update the local pi validation baseline to `@earendil-works/pi-ai`, `@earendil-works/pi-coding-agent`, and `@earendil-works/pi-tui` `0.79.9` after reviewing current installed Pi extension, provider, package, and security docs.
+- Bump the maintained `undici` override to `7.28.0` and refresh vulnerable transitive audit dependencies so `npm audit --audit-level=low` reports zero vulnerabilities.
+
+### Fixed
+
+- Resolve maintainer shell smoke self-test failures under mise by sealing smoke PATHs with the real `process.execPath` Node executable instead of the `node` shim path.
+- Harden the platform bridge visual matrix by asserting the exact JSONL tool-result order required by the documented prompt contract.
+
 ## 0.1.45 - 2026-06-18
 
 ### Fixed

package/README.md

@@ -51,10 +51,10 @@ If pi started without a key, run `/cursor-refresh-models` after `/login` to refr
 ## Requirements
 
 - Node.js 22.19+
-- pi 0.79.4 or newer recommended; pi core peer metadata is intentionally unpinned so newer pi releases are not blocked
+- pi 0.79.9 or newer recommended; pi core peer metadata is intentionally unpinned so newer pi releases are not blocked
 - a Cursor SDK API key saved through `/login`, available as `CURSOR_API_KEY`, or passed with pi's `--api-key`
 
-No global `@cursor/sdk` install is required. This package depends on exact `@cursor/sdk@1.0.19`, so normal package installation brings in the SDK version this extension was built and tested against. It also declares `@connectrpc/connect-node@1.7.0` directly because Cursor SDK 1.0.19 still dynamically loads the Node ConnectRPC transport during local-agent runs. Cursor SDK 1.0.19 removes the older `sqlite3 -> node-gyp@8` dependency chain, so deprecated install warnings for `inflight`, `rimraf`, `glob@7`, `npmlog`, `gauge`, `are-we-there-yet`, and `tar@6` from that chain are no longer expected. This package follows pi package guidance by declaring pi core package peers with `"*"` ranges, so users who update pi before this extension is republished are not blocked by peer metadata. The current recommended and validated pi baseline is 0.79.4 plus Cursor SDK 1.0.19; older pi compatibility paths are best-effort and older Cursor SDK compatibility paths are not maintained.
+No global `@cursor/sdk` install is required. This package depends on exact `@cursor/sdk@1.0.19`, so normal package installation brings in the SDK version this extension was built and tested against. It also declares `@connectrpc/connect-node@1.7.0` directly because Cursor SDK 1.0.19 still dynamically loads the Node ConnectRPC transport during local-agent runs. Cursor SDK 1.0.19 removes the older `sqlite3 -> node-gyp@8` dependency chain, so deprecated install warnings for `inflight`, `rimraf`, `glob@7`, `npmlog`, `gauge`, `are-we-there-yet`, and `tar@6` from that chain are no longer expected. This package follows pi package guidance by declaring pi core package peers with `"*"` ranges, so users who update pi before this extension is republished are not blocked by peer metadata. The current recommended and validated pi baseline is 0.79.9 plus Cursor SDK 1.0.19; older pi compatibility paths are best-effort and older Cursor SDK compatibility paths are not maintained.
 
 ## Install
 

package/docs/cursor-live-smoke-checklist.md

@@ -67,8 +67,8 @@ The replay scan flags only error `toolResult` / error assistant messages with `T
 
 Pass criteria:
 
-- `pi --version` reports pi 0.79.4 for this cutover baseline.
-- `npm ls` shows `@cursor/sdk@1.0.19` and local `@earendil-works/*@0.79.4` packages.
+- `pi --version` reports pi 0.79.9 for this cutover baseline.
+- `npm ls` shows `@cursor/sdk@1.0.19` and local `@earendil-works/*@0.79.9` packages.
 - `cursor/composer-2-5` appears in the model list.
 - No Cursor key or auth token is printed.
 - If neither `~/.pi/agent/auth.json` cursor auth nor `CURSOR_API_KEY` is available, stop and report the live smoke as blocked.
@@ -125,7 +125,7 @@ Observe with `tmux capture-pane -pt "$SESSION"` or attach manually.
 Pass criteria:
 
 - Footer shows `(cursor) composer-2-5`. With `--cursor-no-fast`, Cursor fast mode is off and the Cursor extension status should not show `cursor fast`; ignore unrelated status text from other extensions.
-- The run uses pi 0.79.4 `--session-id` successfully.
+- The run uses pi 0.79.9 `--session-id` successfully.
 - Assistant answer appears correctly.
 - `/session` shows one user and one assistant message for the simple run.
 - Persisted JSONL has one assistant message. If the screen appears duplicated, inspect JSONL before deciding whether it is a rendering bug.
@@ -133,7 +133,7 @@ Pass criteria:
 
 ## 4. Focused visual card/color rendering check
 
-This is the canonical inner-loop visual debug path for Cursor provider/runtime changes. It requires offscreen TUI visual inspection, not only JSONL or code review. Use pi 0.79.4, `@cursor/sdk@1.0.19`, a fresh temporary session dir, Cursor SDK `plan` mode, native replay enabled, and the checked-in visual runner. The runner resolves `pi` by directly walking the parent `PATH`, uses `process.execPath` for Node, and prepends that Node directory for both prereq checks and tmux launches so `#!/usr/bin/env node` shims use the validated Node. The default matrix is native replay only: native replay registration is forced on, settings sources are `none`, the pi bridge is off, overlapping built-in pi tools are not exposed, and inherited Cursor SDK event-debug artifact env is cleared. With `--event-debug`, debug capture writes to a deterministic directory under `VISUAL_DIR`.
+This is the canonical inner-loop visual debug path for Cursor provider/runtime changes. It requires offscreen TUI visual inspection, not only JSONL or code review. Use pi 0.79.9, `@cursor/sdk@1.0.19`, a fresh temporary session dir, Cursor SDK `plan` mode, native replay enabled, and the checked-in visual runner. The runner resolves `pi` by directly walking the parent `PATH`, uses `process.execPath` for Node, and prepends that Node directory for both prereq checks and tmux launches so `#!/usr/bin/env node` shims use the validated Node. The default matrix is native replay only: native replay registration is forced on, settings sources are `none`, the pi bridge is off, overlapping built-in pi tools are not exposed, and inherited Cursor SDK event-debug artifact env is cleared. With `--event-debug`, debug capture writes to a deterministic directory under `VISUAL_DIR`.
 
 ```bash
 VISUAL_DIR="$(mktemp -d /tmp/pi-cursor-sdk-1016-visual.XXXXXX)"

package/docs/cursor-model-ux-spec.md

@@ -15,7 +15,7 @@ Current implementation notes:
 - Cursor status uses one coordinated `ctx.ui.setStatus("cursor", ...)` value for fast and non-default plan mode; the default pi footer remains intact.
 - Installed `@cursor/sdk` user messages accept images, and Cursor models are treated as image-capable; registered input metadata is `text` plus `image`.
 - Image payload forwarding sends images only from the latest user message. If the latest user turn is plain text after an earlier image turn, the transcript keeps an `[image omitted from transcript]` placeholder but no image bytes are sent to Cursor. The prompt explicitly tells Cursor that prior image bytes are unavailable and to ask the user to reattach or describe a prior image when needed. Carrying images forward across turns remains a future product decision because it affects token cost, privacy, stale visual context, and expected multimodal follow-up behavior.
-- Exact `@cursor/sdk@1.0.19` is a package dependency of this extension; users should not need a global SDK install. pi 0.79.4 is the current recommended validation baseline, while published pi core peer dependencies use `"*"` ranges per current pi package guidance. Newer pi versions are allowed to attempt loading this extension before a matching extension release exists; compatibility is best-effort until validated.
+- Exact `@cursor/sdk@1.0.19` is a package dependency of this extension; users should not need a global SDK install. pi 0.79.9 is the current recommended validation baseline, while published pi core peer dependencies use `"*"` ranges per current pi package guidance. Newer pi versions are allowed to attempt loading this extension before a matching extension release exists; compatibility is best-effort until validated.
 - Cursor auth uses pi-native API-key resolution for provider `cursor`: CLI `--api-key`, stored `~/.pi/agent/auth.json` API key from `/login`, then `CURSOR_API_KEY`. The extension config file stores only non-secret Cursor-only state such as fast defaults.
 - Local agents pass `settingSources: ["all"]` by default so Cursor MCP servers, plugin tools, project/user settings, and related Cursor-native capabilities are available. Users can narrow loading with a comma-separated list such as `PI_CURSOR_SETTING_SOURCES=project,user,plugins`, or disable ambient setting sources with `PI_CURSOR_SETTING_SOURCES=none`. The provider suppresses direct Cursor SDK bootstrap stdout/stderr/console noise (including late first-send workspace loading such as hook compatibility warnings) so it does not pollute pi's TUI.
 - On `cursor/*` models, pi-cursor-sdk removes only pi-generated `<project_instructions>` blocks that overlap the effective Cursor `settingSources`: `user` for `~/.pi/agent/AGENTS.md`; `project` for discovered repo/parent `AGENTS.md` and `CLAUDE.md` (verified Cursor behavior: local agents load project `AGENTS.md` and `CLAUDE.md`). `~/.pi/agent/CLAUDE.md` is not removed (Cursor user layer uses `~/.claude/CLAUDE.md`). Blocks are removed by exact pi serialization match from structured `contextFiles` via the `before_agent_start` hook, not in `buildCursorPrompt` sanitization. Suppression is skipped with `-nc`, `PI_CURSOR_SETTING_SOURCES=none`, narrowed sources such as `plugins` that omit the matching layer, or `PI_CURSOR_PRESERVE_PI_AGENTS_MD=1`. Switching away from a Cursor model restores pi's full context block on the next user message.

package/docs/cursor-native-tool-visual-audit.md

@@ -6,7 +6,7 @@ This workflow is the canonical repo path for verifying Cursor SDK tool replay th
 
 Use it before accepting replay-card commits or PRs, and for every Cursor provider/runtime release where TUI card/color behavior could regress. Text logs and JSONL are necessary, but they are not enough when the claim is visual parity: always keep PNGs for the exact prompt, and keep before/after PNGs when reviewing a rendering change.
 
-Current validation baseline: pi 0.79.4, exact `@cursor/sdk@1.0.19`, local validation packages `@earendil-works/pi-ai`, `@earendil-works/pi-coding-agent`, and `@earendil-works/pi-tui` at 0.79.4. Published pi core peer dependencies use `"*"` ranges per current pi package guidance, so newer pi installs can try the extension before a matching validation release exists.
+Current validation baseline: pi 0.79.9, exact `@cursor/sdk@1.0.19`, local validation packages `@earendil-works/pi-ai`, `@earendil-works/pi-coding-agent`, and `@earendil-works/pi-tui` at 0.79.9. Published pi core peer dependencies use `"*"` ranges per current pi package guidance, so newer pi installs can try the extension before a matching validation release exists.
 
 ## Cursor SDK 1.0.17 / pi 0.79.0 cutover visual record
 

package/docs/cursor-testing-lessons.md

@@ -243,7 +243,7 @@ The script writes timestamped artifacts under `--out` (default `/tmp/pi-cursor-s
 
 Stdout prints artifact paths and summary counts only. Raw payloads stay on disk and may contain local paths, project text, tool args/results, or secrets — do not commit or share them.
 
-Hard repo rule: Cursor SDK behavior claims must come from the installed `@cursor/sdk` package and/or https://cursor.com/docs/sdk/typescript, not from memory or ad-hoc probes alone. Current cutover validation targets exact `@cursor/sdk@1.0.19` and pi 0.79.4 local packages.
+Hard repo rule: Cursor SDK behavior claims must come from the installed `@cursor/sdk` package and/or https://cursor.com/docs/sdk/typescript, not from memory or ad-hoc probes alone. Current cutover validation targets exact `@cursor/sdk@1.0.19` and pi 0.79.9 local packages.
 
 ## Pi provider SDK event capture
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "pi-cursor-sdk",
-	"version": "0.1.45",
+	"version": "0.1.46",
 	"description": "pi provider extension backed by @cursor/sdk local agents",
 	"author": "Mitch Fultz (https://github.com/fitchmultz)",
 	"license": "MIT",
@@ -120,9 +120,9 @@
 		"typebox": "*"
 	},
 	"devDependencies": {
-		"@earendil-works/pi-ai": "0.79.4",
-		"@earendil-works/pi-coding-agent": "0.79.4",
-		"@earendil-works/pi-tui": "0.79.4",
+		"@earendil-works/pi-ai": "0.79.9",
+		"@earendil-works/pi-coding-agent": "0.79.9",
+		"@earendil-works/pi-tui": "0.79.9",
 		"@xterm/xterm": "^6.0.0",
 		"node-pty": "^1.1.0",
 		"playwright": "^1.60.0",
@@ -136,9 +136,23 @@
 		]
 	},
 	"overrides": {
-		"undici": "7.25.0"
+		"undici": "7.28.0"
 	},
 	"allowScripts": {
 		"node-pty@1.1.0": true
+	},
+	"peerDependenciesMeta": {
+		"@earendil-works/pi-ai": {
+			"optional": true
+		},
+		"@earendil-works/pi-coding-agent": {
+			"optional": true
+		},
+		"@earendil-works/pi-tui": {
+			"optional": true
+		},
+		"typebox": {
+			"optional": true
+		}
 	}
 }

package/scripts/isolated-cursor-smoke.sh

@@ -147,7 +147,7 @@ EOF_SELFTEST_NODE
 	chmod +x "$fake_pi" "$fake_node"
 
 	ENV_BIN="$(smoke_resolve_cmd env)"
-	NODE_BIN="$(smoke_resolve_cmd node)"
+	NODE_BIN="$(smoke_resolve_node_cmd)"
 	if [[ "$SHELL_BIN" != /* ]]; then
 		SHELL_BIN="$(smoke_resolve_cmd "$SHELL_BIN")"
 	fi
@@ -260,7 +260,7 @@ EOF_SELFTEST_NPM
 	no_pi_path="$no_pi_bin:/usr/bin:/bin"
 	no_pi_output_file="$temp_dir/no-pi-output.txt"
 	set +e
-	PATH="$no_pi_path" REAL_HOME="$temp_dir/no-auth" PI_BIN=pi-must-not-exist REPO="$no_pi_repo" ISOLATED="$no_pi_isolated" SKIP_LIVE=1 SKIP_UNIT=1 "$SHELL_BIN" "$ROOT/scripts/isolated-cursor-smoke.sh" >"$no_pi_output_file" 2>&1
+	env -i PATH="$no_pi_path" REAL_HOME="$temp_dir/no-auth" PI_BIN=pi-must-not-exist REPO="$no_pi_repo" ISOLATED="$no_pi_isolated" SKIP_LIVE=1 SKIP_UNIT=1 "$SHELL_BIN" "$ROOT/scripts/isolated-cursor-smoke.sh" >"$no_pi_output_file" 2>&1
 	no_pi_status=$?
 	set -e
 	if [[ "$no_pi_status" != "0" ]]; then
@@ -290,7 +290,7 @@ if [[ -f "${SECRETS_FILE:-$REAL_HOME/.secrets}" ]]; then
 	set -u
 fi
 
-NODE_BIN="$(smoke_resolve_cmd node)"
+NODE_BIN="$(smoke_resolve_node_cmd)"
 NPM_BIN="$(smoke_resolve_cmd npm)"
 ENV_BIN="$(smoke_resolve_cmd env)"
 if [[ "$SHELL_BIN" != /* ]]; then

package/scripts/lib/cursor-smoke-shell.sh

@@ -31,6 +31,18 @@ smoke_resolve_cmd() {
 	printf '%s\n' "$path"
 }
 
+smoke_resolve_node_cmd() {
+	local node_cmd node_path
+	node_cmd="$(smoke_resolve_cmd node)"
+	if ! node_path="$("$node_cmd" -p 'process.execPath' 2>/dev/null)" || [[ -z "$node_path" ]]; then
+		smoke_fail "failed to resolve real node executable from $node_cmd"
+	fi
+	if [[ "$node_path" != /* ]]; then
+		smoke_fail "real node executable did not resolve to an absolute path: $node_path"
+	fi
+	printf '%s\n' "$node_path"
+}
+
 smoke_build_sealed_node_path() {
 	local node_bin="$1"
 	local base_path

package/scripts/platform-smoke/scenarios.mjs

@@ -43,6 +43,7 @@ export const SCENARIOS = {
 		promptTemplate: `Native visual matrix.
 
 Use Cursor-native tools only. Do not use pi__ tools.
+On Windows/PowerShell shell commands, do not use &&; if you add a cd command, separate commands with a semicolon (;).
 
 Steps:
 1. read ./package.json and remember the package name.
@@ -130,6 +131,7 @@ BRIDGE_MATRIX_OK bash_ok=<yes/no> read_ok=<yes/no> read_missing_error=<yes/no>`,
 			{ id: "bridge-read-failure", toolName: "read", isError: true, contains: "definitely-missing-platform-smoke-file.txt" },
 			{ id: "bridge-shell-success", toolName: "bash", isError: false, contains: "bridge visual smoke" },
 		],
+		expectedJSONLResultToolOrder: ["bash", "read", "read"],
 		visualEvidence: [
 			{ id: "bridge-read-success", pattern: "^\\s*read (?:\\./package\\.json|.*[\\\\/]package\\.json)", jsonlResultId: "bridge-read-success" },
 			{ id: "bridge-read-failure", pattern: "^\\s*read \\./definitely-missing-platform-smoke-file\\.txt|ENOENT: no such file", jsonlResultId: "bridge-read-failure" },

package/scripts/platform-smoke/targets.mjs

@@ -576,6 +576,11 @@ async function executeLiveSuite(config, targetName, suiteName, suiteDir, slug, l
 		id: `jsonl-result-${requirement.id}`,
 		fn: () => jsonlResults.some((result) => matchesJsonlResult(result, requirement)),
 	}));
+	const expectedJSONLResultToolOrder = scenario?.expectedJSONLResultToolOrder;
+	const jsonlResultOrderChecks = Array.isArray(expectedJSONLResultToolOrder) ? [{
+		id: "jsonl-result-tool-order",
+		fn: () => jsonlResults.map((result) => result.toolName).join("\n") === expectedJSONLResultToolOrder.join("\n"),
+	}] : [];
 	const bridgeDiagnostics = [
 		...collectBridgeDiagnostics(terminalText),
 		...collectBridgeDiagnosticFile(resolve(liveArtifactDir, "bridge-diagnostics.jsonl")),
@@ -641,6 +646,7 @@ async function executeLiveSuite(config, targetName, suiteName, suiteDir, slug, l
 		...cardChecks.map((check) => ({ id: check.id, fn: () => check.ok })),
 		...jsonlToolChecks,
 		...jsonlResultChecks,
+		...jsonlResultOrderChecks,
 		...bridgeDiagnosticChecks,
 		...(visualEvidence.checks ?? []).map((check) => ({ id: check.id, fn: () => check.ok === true, error: check.error })),
 		...visualEvidenceResultChecks,

package/scripts/tmux-live-smoke.sh

@@ -338,7 +338,7 @@ EOF_SELFTEST_NODE
 	chmod +x "$fake_pi" "$fake_node"
 
 	ENV_BIN="$(smoke_resolve_cmd env)"
-	NODE_BIN="$(smoke_resolve_cmd node)"
+	NODE_BIN="$(smoke_resolve_node_cmd)"
 	smoke_load_cursor_sdk_event_debug_env_names "$NODE_BIN" "$ROOT/shared/cursor-sdk-event-debug-env.mjs"
 	hostile_path="$bin_dir:$PATH"
 	[[ "$(smoke_build_sealed_node_path "$NODE_BIN" "")" != *: ]] || fail "self-test failed: empty inherited PATH left a trailing PATH separator"
@@ -380,7 +380,7 @@ if [[ "${1:-}" == "--self-test" ]]; then
 fi
 
 PI_BIN="$(smoke_resolve_cmd pi)"
-NODE_BIN="$(smoke_resolve_cmd node)"
+NODE_BIN="$(smoke_resolve_node_cmd)"
 NPM_BIN="$(smoke_resolve_cmd npm)"
 RG_BIN="$(smoke_resolve_cmd rg)"
 TMUX_BIN="$(smoke_resolve_cmd tmux)"