npm - pi-oracle - Versions diffs - 0.7.10 → 0.7.11 - Mend

pi-oracle 0.7.10 → 0.7.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/CHANGELOG.md +9 -0
package/README.md +4 -4
package/docs/ORACLE_DESIGN.md +2 -2
package/docs/ORACLE_ISOLATED_PI_VALIDATION.md +1 -1
package/docs/platform-smoke.md +2 -2
package/extensions/oracle/lib/config.ts +2 -2
package/package.json +3 -3
package/platform-smoke.config.mjs +1 -1
package/scripts/oracle-real-smoke.mjs +1 -1
package/scripts/platform-smoke/targets.mjs +1 -1
package/scripts/platform-smoke.mjs +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,15 @@
 ## Unreleased
+## 0.7.11 - 2026-06-15
+### Changed
+- updated the local pi development and validation baseline to `@earendil-works/*` `0.79.4`
+- refreshed oracle docs and sanity-check baselines for pi `0.79.4`
+### Validation
+- ran the full `npm run verify:oracle` release gate under pi `0.79.4`
 ## 0.7.10 - 2026-06-13
 ### Added

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 `pi-oracle` lets a `pi` agent send hard, long-running work to ChatGPT.com or Grok through the web app, with repo archives, background execution, saved results, and a best-effort wake-up back into `pi` when the answer is ready.
-> Status: experimental public beta. Validated on macOS, Linux, and Windows native with Chromium-family browsers and pi `0.79.1`. Pi `0.79.1+` is the suggested tested floor for project-trust-aware package/runtime validation, but pi-bundled runtime packages remain optional wildcard peers so npm peer ranges do not block users from trying newer pi releases. Normal oracle jobs run in an isolated browser profile, not your active browser window.
+> Status: experimental public beta. Validated on macOS, Linux, and Windows native with Chromium-family browsers and pi `0.79.4`. Pi `0.79.4+` is the suggested tested floor for project-trust-aware package/runtime validation, but pi-bundled runtime packages remain optional wildcard peers so npm peer ranges do not block users from trying newer pi releases. Normal oracle jobs run in an isolated browser profile, not your active browser window.
 ## What a successful run looks like
@@ -77,7 +77,7 @@ You need:
 - macOS, Linux, or Windows native
 - Node.js 22 or newer
-- Suggested tested floor: `pi` 0.79.1 or newer; older pi versions are not blocked by package metadata but are outside the current validation baseline
+- Suggested tested floor: `pi` 0.79.4 or newer; older pi versions are not blocked by package metadata but are outside the current validation baseline
 - Google Chrome/Chromium or another Chromium-family browser
 - ChatGPT or Grok already signed in to the configured local browser profile for the provider you plan to use
 - `agent-browser`, `tar`, and `zstd` available on the machine
@@ -184,7 +184,7 @@ Agent-facing tools:
 Most users can start with defaults. Set an agent-level config only when you need a non-default provider, mode, preset, or browser profile.
-Pi 0.79.1 gates project-local inputs behind project trust. `pi-oracle` preserves its historical risk-on extension behavior for existing users: project-local `.pi/extensions/oracle.json` safe overrides still load by default for compatibility. They are ignored when you explicitly opt out of project-local inputs with `--no-approve` or save a “do not trust” decision for the project. Privileged browser/auth settings still come only from the agent-level config.
+Pi 0.79.4 gates project-local inputs behind project trust. `pi-oracle` preserves its historical risk-on extension behavior for existing users: project-local `.pi/extensions/oracle.json` safe overrides still load by default for compatibility. They are ignored when you explicitly opt out of project-local inputs with `--no-approve` or save a “do not trust” decision for the project. Privileged browser/auth settings still come only from the agent-level config.
 `~/.pi/agent/extensions/oracle.json`
@@ -399,7 +399,7 @@ For macOS, Ubuntu, and Windows native package/build plus packed runtime validati
 npm run release:check
 ```
-The real runtime suite defaults to deterministic installed-tool execution so platform proof stays bounded. Provider/model defaults remain `zai/glm-5.1` for doctor/config and for optional model-agent debugging; override with `PI_ORACLE_REAL_TEST_PROVIDER` and `PI_ORACLE_REAL_TEST_MODEL` when needed. For inner-loop source loading only, use `npm run smoke:real:source`; it is not release proof. Set `PI_ORACLE_REAL_TEST_MODEL_AGENT=1` only when debugging the slower model-agent path. The optional second real-agent negative symlink check is opt-in via `PI_ORACLE_REAL_TEST_NEGATIVE_SYMLINK=1`; `npm run sanity:oracle` covers archive/symlink rejection by default without adding another model-agent turn to the platform release gate.
+The real runtime suite defaults to deterministic installed-tool execution so platform proof stays bounded. Provider/model defaults remain `zai/glm-5.2` for doctor/config and for optional model-agent debugging; override with `PI_ORACLE_REAL_TEST_PROVIDER` and `PI_ORACLE_REAL_TEST_MODEL` when needed. For inner-loop source loading only, use `npm run smoke:real:source`; it is not release proof. Set `PI_ORACLE_REAL_TEST_MODEL_AGENT=1` only when debugging the slower model-agent path. The optional second real-agent negative symlink check is opt-in via `PI_ORACLE_REAL_TEST_NEGATIVE_SYMLINK=1`; `npm run sanity:oracle` covers archive/symlink rejection by default without adding another model-agent turn to the platform release gate.
 For manual end-to-end local-extension smoke testing, use [`docs/ORACLE_ISOLATED_PI_VALIDATION.md`](docs/ORACLE_ISOLATED_PI_VALIDATION.md). That workflow launches isolated `pi` coding-agent sessions against this checkout and uses `instant` or `thinking_light`, as required by the project validation policy.

package/docs/ORACLE_DESIGN.md CHANGED Viewed

@@ -7,7 +7,7 @@ Companion doc:
 - `docs/ORACLE_RECOVERY_DRILL.md` — safe expired-auth recovery validation drill
 Compatibility target:
-- `pi` 0.79.1+ is the suggested tested floor for current project-trust-aware package/runtime validation
+- `pi` 0.79.4+ is the suggested tested floor for current project-trust-aware package/runtime validation
 - package metadata keeps pi runtime packages as optional wildcard peers, so this suggested floor is not enforced as a hard npm install requirement
 - current extension lifecycle only; no backward-compatibility shims for removed `session_switch` / `session_fork` events
@@ -234,7 +234,7 @@ Merged config locations:
 - global: `~/.pi/agent/extensions/oracle.json`
 - project: `.pi/extensions/oracle.json`
-Project config remains restricted to safe overrides only. On Pi 0.79.1+, pi itself gates project-local inputs behind project trust, but `pi-oracle` keeps its historical risk-on extension behavior for this package-specific safe override file: `.pi/extensions/oracle.json` loads by default for compatibility, and is ignored when Pi reports the project is untrusted, including `--no-approve` or saved “do not trust” decisions. This preserves the existing extension experience while still honoring explicit opt-out/distrust decisions. Browser/auth settings remain global-only because they control local privileged browser state.
+Project config remains restricted to safe overrides only. On Pi 0.79.4+, pi itself gates project-local inputs behind project trust, but `pi-oracle` keeps its historical risk-on extension behavior for this package-specific safe override file: `.pi/extensions/oracle.json` loads by default for compatibility, and is ignored when Pi reports the project is untrusted, including `--no-approve` or saved “do not trust” decisions. This preserves the existing extension experience while still honoring explicit opt-out/distrust decisions. Browser/auth settings remain global-only because they control local privileged browser state.
 ### Current config shape

package/docs/ORACLE_ISOLATED_PI_VALIDATION.md CHANGED Viewed

@@ -27,7 +27,7 @@ The extension is loaded from the local checkout with:
 pi --approve --no-extensions -e "$REPO/extensions/oracle/index.ts"
 ```
-That ensures the session is exercising the in-repo code, not a globally installed package. `--approve` is intentional for this isolated workflow on Pi 0.79.1+: the test fixture is this trusted checkout, and non-interactive/scripted validation must not block on the project-trust prompt.
+That ensures the session is exercising the in-repo code, not a globally installed package. `--approve` is intentional for this isolated workflow on Pi 0.79.4+: the test fixture is this trusted checkout, and non-interactive/scripted validation must not block on the project-trust prompt.
 The local extension now intercepts TUI `/oracle` and `/oracle-followup` before prompt-template expansion, re-injects the compact slash request as the visible user message for prompt-history/up-arrow recall, and reads the in-repo prompt files as hidden dispatch instructions, so do not pass `--prompt-template` for normal local-extension validation. In print/json/rpc modes, the extension contributes the prompt templates itself.

package/docs/platform-smoke.md CHANGED Viewed

@@ -36,7 +36,7 @@ Target setup:
 Real runtime suite auth:
 - Default deterministic installed-tool smoke does not require provider API keys.
-- Provider/model defaults remain `zai/glm-5.1` for optional model-agent debugging.
+- Provider/model defaults remain `zai/glm-5.2` for optional model-agent debugging.
 - Set `PI_ORACLE_REAL_TEST_MODEL_AGENT=1` to run the slower model-agent path; then the provider auth env is required (`ZAI_API_KEY` by default, reported only as present/redacted).
 - Override with `PI_ORACLE_REAL_TEST_PROVIDER` and `PI_ORACLE_REAL_TEST_MODEL`; auth variable names live in `platform-smoke.config.mjs`.
@@ -90,7 +90,7 @@ On each required target, `platform-build`:
 5. runs `npm pack`;
 6. creates a fresh target-local pi project;
 7. runs `npm install --no-save <packed tarball>`;
-8. runs `pi install -l ./node_modules/pi-oracle --approve` so Pi 0.79.1 project-trust gating intentionally trusts the temporary fixture;
+8. runs `pi install -l ./node_modules/pi-oracle --approve` so Pi 0.79.4 project-trust gating intentionally trusts the temporary fixture;
 9. runs `pi list --approve`;
 10. asserts the installed package came from `node_modules/pi-oracle` and did not use `pi -e` / source-extension shortcuts.

package/extensions/oracle/lib/config.ts CHANGED Viewed

@@ -6,7 +6,7 @@
 import { execFileSync } from "node:child_process";
 import { existsSync, readFileSync } from "node:fs";
 import { homedir } from "node:os";
-import { getAgentDir, hasProjectTrustInputs, ProjectTrustStore } from "@earendil-works/pi-coding-agent";
+import { getAgentDir, hasTrustRequiringProjectResources, ProjectTrustStore } from "@earendil-works/pi-coding-agent";
 import { isAbsolute, join, normalize } from "node:path";
 import {
   assertNotKnownBrowserUserDataPath,
@@ -351,7 +351,7 @@ function isProjectConfigTrusted(cwd: string, agentDir: string, projectConfigExis
   const trustCwd = options?.projectConfigTrustCwd ?? cwd;
   const cliOverride = getProjectTrustCliOverride();
   if (cliOverride !== undefined) return cliOverride;
-  if (!projectConfigExists && !hasProjectTrustInputs(trustCwd)) return true;
+  if (!projectConfigExists && !hasTrustRequiringProjectResources(trustCwd)) return true;
   try {
     const trustStore = new ProjectTrustStore(agentDir);
     const trustDecision = trustStore.get(trustCwd);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pi-oracle",
-  "version": "0.7.10",
+  "version": "0.7.11",
   "description": "ChatGPT and Grok web-oracle extension for pi with isolated browser auth, async jobs, and project-context archives.",
   "private": false,
   "license": "MIT",
@@ -80,8 +80,8 @@
     "protobufjs": "7.6.1"
   },
   "devDependencies": {
-    "@earendil-works/pi-ai": "0.79.1",
-    "@earendil-works/pi-coding-agent": "0.79.1",
+    "@earendil-works/pi-ai": "0.79.4",
+    "@earendil-works/pi-coding-agent": "0.79.4",
     "@types/node": "^22.19.19",
     "esbuild": "^0.28.0",
     "tsx": "^4.22.3",

package/platform-smoke.config.mjs CHANGED Viewed

@@ -40,7 +40,7 @@ export default {
   nodeValidationMajor: 24,
   realSmoke: {
     defaultProvider: "zai",
-    defaultModel: "glm-5.1",
+    defaultModel: "glm-5.2",
     authEnvByProvider: {
       zai: ["ZAI_API_KEY"],
       openai: ["OPENAI_API_KEY"],

package/scripts/oracle-real-smoke.mjs CHANGED Viewed

@@ -14,7 +14,7 @@ const require = createRequire(import.meta.url);
 const tsxCli = require.resolve("tsx/cli");
 const DEFAULT_PROVIDER = "zai";
-const DEFAULT_MODEL = "glm-5.1";
+const DEFAULT_MODEL = "glm-5.2";
 const DEFAULT_TIMEOUT_MS = 180_000;
 const PACKAGE_NAME = "pi-oracle";

package/scripts/platform-smoke/targets.mjs CHANGED Viewed

@@ -54,7 +54,7 @@ function realSmokeProvider(config = {}) {
 }
 function realSmokeModel(config = {}) {
-  return process.env.PI_ORACLE_REAL_TEST_MODEL || config.realSmoke?.defaultModel || "glm-5.1";
+  return process.env.PI_ORACLE_REAL_TEST_MODEL || config.realSmoke?.defaultModel || "glm-5.2";
 }
 function truthy(value) {

package/scripts/platform-smoke.mjs CHANGED Viewed

@@ -57,7 +57,7 @@ Environment:
   PLATFORM_SMOKE_WINDOWS_WORK_ROOT Windows work root
   PI_ORACLE_SMOKE_*              Project-specific aliases for the PLATFORM_SMOKE_* knobs above
   PI_ORACLE_REAL_TEST_PROVIDER   Real smoke provider (default: zai)
-  PI_ORACLE_REAL_TEST_MODEL      Real smoke model (default: glm-5.1)
+  PI_ORACLE_REAL_TEST_MODEL      Real smoke model (default: glm-5.2)
   ZAI_API_KEY                    Default real-smoke provider API key for optional model-agent debugging
 `);
 }