pi-oracle 0.7.6 → 0.7.7

package/CHANGELOG.md

@@ -2,6 +2,19 @@
 
 ## Unreleased
 
+## 0.7.7 - 2026-06-08
+
+### Changed
+- updated the local pi development baseline to `@earendil-works/pi-coding-agent` / `@earendil-works/pi-ai` `0.79.0` and regenerated the npm lockfile
+- documented `pi` `0.79.0+` as the suggested tested floor while keeping pi runtime packages as optional wildcard peers so npm peer ranges do not block users from trying newer pi releases
+- updated isolated local-extension and packed package validation workflows to pass explicit `--approve` when they intentionally trust their temporary project fixtures under Pi 0.79.0 project-trust rules
+
+### Fixed
+- made project-local `.pi/extensions/oracle.json` overrides honor explicit Pi project-trust opt-outs (`--no-approve` or a saved “do not trust” decision) while preserving the historical default of loading safe project overrides for existing oracle users
+
+### Compatibility
+- reviewed the pi `0.79.0` changelog, project-trust docs, extension docs, package docs, prompt-template docs, SDK/RPC exports, and matching examples; the oracle extension remains compatible with current extension lifecycle and package install/update behavior
+
 ## 0.7.6 - 2026-06-04
 
 ### Changed

package/README.md

@@ -2,7 +2,7 @@
 
 `pi-oracle` lets a `pi` agent send hard, long-running work to ChatGPT.com or Grok through the web app, with repo archives, background execution, saved results, and a best-effort wake-up back into `pi` when the answer is ready.
 
-> Status: experimental public beta. Validated on macOS, Linux, and Windows native with Chromium-family browsers and pi `0.78.1`. Pi `0.78.1+` is the suggested tested floor for mode-aware background polling, but pi-bundled runtime packages remain optional wildcard peers so npm peer ranges do not block users from trying newer pi releases. Normal oracle jobs run in an isolated browser profile, not your active browser window.
+> Status: experimental public beta. Validated on macOS, Linux, and Windows native with Chromium-family browsers and pi `0.79.0`. Pi `0.79.0+` is the suggested tested floor for project-trust-aware package/runtime validation, but pi-bundled runtime packages remain optional wildcard peers so npm peer ranges do not block users from trying newer pi releases. Normal oracle jobs run in an isolated browser profile, not your active browser window.
 
 ## What a successful run looks like
 
@@ -77,7 +77,7 @@ You need:
 
 - macOS, Linux, or Windows native
 - Node.js 22 or newer
-- Suggested tested floor: `pi` 0.78.1 or newer; older pi versions are not blocked by package metadata but are outside the current validation baseline
+- Suggested tested floor: `pi` 0.79.0 or newer; older pi versions are not blocked by package metadata but are outside the current validation baseline
 - Google Chrome/Chromium or another Chromium-family browser
 - ChatGPT or Grok already signed in to the configured local browser profile for the provider you plan to use
 - `agent-browser`, `tar`, and `zstd` available on the machine
@@ -179,6 +179,8 @@ Agent-facing tools:
 
 Most users can start with defaults. Set an agent-level config only when you need a non-default provider, mode, preset, or browser profile.
 
+Pi 0.79.0 gates project-local inputs behind project trust. `pi-oracle` preserves its historical risk-on extension behavior for existing users: project-local `.pi/extensions/oracle.json` safe overrides still load by default for compatibility. They are ignored when you explicitly opt out of project-local inputs with `--no-approve` or save a “do not trust” decision for the project. Privileged browser/auth settings still come only from the agent-level config.
+
 `~/.pi/agent/extensions/oracle.json`
 
 ```json

package/docs/ORACLE_DESIGN.md

@@ -7,7 +7,7 @@ Companion doc:
 - `docs/ORACLE_RECOVERY_DRILL.md` — safe expired-auth recovery validation drill
 
 Compatibility target:
-- `pi` 0.78.1+ is the suggested tested floor for current mode-aware poller behavior
+- `pi` 0.79.0+ is the suggested tested floor for current project-trust-aware package/runtime validation
 - package metadata keeps pi runtime packages as optional wildcard peers, so this suggested floor is not enforced as a hard npm install requirement
 - current extension lifecycle only; no backward-compatibility shims for removed `session_switch` / `session_fork` events
 
@@ -229,9 +229,7 @@ Merged config locations:
 - global: `~/.pi/agent/extensions/oracle.json`
 - project: `.pi/extensions/oracle.json`
 
-Project config remains restricted to safe overrides only.
-
-Browser/auth settings are global-only because they control local privileged browser state.
+Project config remains restricted to safe overrides only. On Pi 0.79.0+, pi itself gates project-local inputs behind project trust, but `pi-oracle` keeps its historical risk-on extension behavior for this package-specific safe override file: `.pi/extensions/oracle.json` loads by default for compatibility, and is ignored only when the run passes `--no-approve` or the project has a saved “do not trust” decision. This preserves the existing extension experience while still honoring explicit opt-out/distrust decisions. Browser/auth settings remain global-only because they control local privileged browser state.
 
 ### Current config shape
 
@@ -633,6 +631,10 @@ Remaining non-blocking hardening work:
 - keep hardening model-selection verification against future ChatGPT UI variation
 
 Recent proof points:
+- Pi 0.79.0 release gate: `npm run release:check` passed on 2026-06-08, including `verify:oracle` plus Crabbox macOS, Ubuntu, and Windows native `platform-build` and `real-extension` suites
+- Pi 0.79.0 platform artifacts: `.artifacts/platform-smoke/run-1780938522145-50q2f2` (macOS platform-build), `.artifacts/platform-smoke/run-1780938572090-bi87g5` (macOS real-extension), `.artifacts/platform-smoke/run-1780938542847-quridb` (Ubuntu platform-build), `.artifacts/platform-smoke/run-1780938587248-c8uo4c` (Ubuntu real-extension), `.artifacts/platform-smoke/run-1780938585007-l0xapp` (Windows native platform-build), `.artifacts/platform-smoke/run-1780938820527-c1j8tt` (Windows native real-extension)
+- Pi 0.79.0 isolated local-extension model-agent smoke: `.artifacts/real-smoke/run-1780935835596-pfbn5o` passed with `PI_ORACLE_REAL_TEST_MODEL_AGENT=1 npm run smoke:real:source`
+- Pi 0.79.0 packed-install smoke: `.artifacts/real-smoke/run-1780935825537-pmna07` passed with `npm run smoke:real:packed`
 - expired-auth drill fail path: `a2460bc1-7d89-4041-b67d-39680d310325`
 - `/oracle-auth` repair evidence: the per-run `/tmp/pi-oracle-auth-*/oracle-auth.log` bundle path printed by `/oracle-auth`
 - expired-auth drill post-repair success: `fa26a2a7-0057-4a21-b3e0-71c1d020facf`

package/docs/ORACLE_ISOLATED_PI_VALIDATION.md

@@ -24,15 +24,15 @@ That keeps the validation run from reusing your normal `pi` agent state.
 The extension is loaded from the local checkout with:
 
 ```bash
-pi --no-extensions -e "$REPO/extensions/oracle/index.ts"
+pi --approve --no-extensions -e "$REPO/extensions/oracle/index.ts"
 ```
 
-That ensures the session is exercising the in-repo code, not a globally installed package.
+That ensures the session is exercising the in-repo code, not a globally installed package. `--approve` is intentional for this isolated workflow on Pi 0.79.0+: the test fixture is this trusted checkout, and non-interactive/scripted validation must not block on the project-trust prompt.
 
 If you also need the in-repo `/oracle` prompt template, load it explicitly instead of installing this repository as a project-local package:
 
 ```bash
-pi --no-extensions -e "$REPO/extensions/oracle/index.ts" \
+pi --approve --no-extensions -e "$REPO/extensions/oracle/index.ts" \
   --no-prompt-templates --prompt-template "$REPO/prompts/oracle.md"
 ```
 
@@ -96,7 +96,7 @@ cleanup() {
 trap cleanup EXIT
 cleanup
 
-TMUX_CMD1="cd '$REPO' && env PI_CODING_AGENT_DIR='$TEST1_AGENT' PI_ORACLE_JOBS_DIR='$TEST1_JOBS' PATH='$PATH' pi --session-dir '$TEST1_SESSIONS' --no-extensions -e '$REPO/extensions/oracle/index.ts'"
+TMUX_CMD1="cd '$REPO' && env PI_CODING_AGENT_DIR='$TEST1_AGENT' PI_ORACLE_JOBS_DIR='$TEST1_JOBS' PATH='$PATH' pi --approve --session-dir '$TEST1_SESSIONS' --no-extensions -e '$REPO/extensions/oracle/index.ts'"
 tmux new-session -d -s "$SESSION1" "$TMUX_CMD1"
 sleep 8
 tmux send-keys -t "$SESSION1":0.0 "$PROMPT1" Enter
@@ -129,7 +129,7 @@ PY
   rm -f "$LIST"
 fi
 
-TMUX_CMD2="cd '$FIXTURE' && env PI_CODING_AGENT_DIR='$TEST2_AGENT' PI_ORACLE_JOBS_DIR='$TEST2_JOBS' PATH='$PATH' pi --session-dir '$TEST2_SESSIONS' --no-extensions -e '$REPO/extensions/oracle/index.ts'"
+TMUX_CMD2="cd '$FIXTURE' && env PI_CODING_AGENT_DIR='$TEST2_AGENT' PI_ORACLE_JOBS_DIR='$TEST2_JOBS' PATH='$PATH' pi --approve --session-dir '$TEST2_SESSIONS' --no-extensions -e '$REPO/extensions/oracle/index.ts'"
 tmux new-session -d -s "$SESSION2" "$TMUX_CMD2"
 sleep 8
 tmux send-keys -t "$SESSION2":0.0 "$PROMPT2" Enter
@@ -178,7 +178,7 @@ Expected behavior:
 The main smoke test above calls `oracle_submit` directly, so it only needs the local extension entrypoint. If you also changed `prompts/oracle.md`, start the isolated session with the local prompt template explicitly loaded:
 
 ```bash
-LOCAL_ORACLE_PI_CMD="pi --session-dir '$TEST1_SESSIONS' --no-extensions -e '$REPO/extensions/oracle/index.ts' --no-prompt-templates --prompt-template '$REPO/prompts/oracle.md'"
+LOCAL_ORACLE_PI_CMD="pi --approve --session-dir '$TEST1_SESSIONS' --no-extensions -e '$REPO/extensions/oracle/index.ts' --no-prompt-templates --prompt-template '$REPO/prompts/oracle.md'"
 TMUX_CMD1="cd '$REPO' && env PI_CODING_AGENT_DIR='$TEST1_AGENT' PI_ORACLE_JOBS_DIR='$TEST1_JOBS' PATH='$PATH' $LOCAL_ORACLE_PI_CMD"
 ```
 
@@ -226,7 +226,7 @@ cleanup() {
 trap 'cleanup; rm -rf "$TEST_ROOT"' EXIT
 cleanup
 
-TMUX_CMD="cd '$REPO' && env PI_CODING_AGENT_DIR='$AGENT_DIR' PI_ORACLE_JOBS_DIR='$JOBS_DIR' AGENT_BROWSER_PATH='$FAKE_BROWSER' PI_ORACLE_AUTH_AGENT_BROWSER_TIMEOUT_MS='250' PI_ORACLE_AUTH_CLOSE_TIMEOUT_MS='250' PI_ORACLE_AUTH_KILL_GRACE_MS='100' PATH='$PATH' pi --session-dir '$SESSION_DIR' --no-extensions -e '$REPO/extensions/oracle/index.ts'"
+TMUX_CMD="cd '$REPO' && env PI_CODING_AGENT_DIR='$AGENT_DIR' PI_ORACLE_JOBS_DIR='$JOBS_DIR' AGENT_BROWSER_PATH='$FAKE_BROWSER' PI_ORACLE_AUTH_AGENT_BROWSER_TIMEOUT_MS='250' PI_ORACLE_AUTH_CLOSE_TIMEOUT_MS='250' PI_ORACLE_AUTH_KILL_GRACE_MS='100' PATH='$PATH' pi --approve --session-dir '$SESSION_DIR' --no-extensions -e '$REPO/extensions/oracle/index.ts'"
 
 tmux new-session -d -s "$SESSION_NAME" "$TMUX_CMD"
 sleep 8

package/docs/platform-smoke.md

@@ -90,8 +90,8 @@ On each required target, `platform-build`:
 5. runs `npm pack`;
 6. creates a fresh target-local pi project;
 7. runs `npm install --no-save <packed tarball>`;
-8. runs `pi install -l ./node_modules/pi-oracle`;
-9. runs `pi list`;
+8. runs `pi install -l ./node_modules/pi-oracle --approve` so Pi 0.79.0 project-trust gating intentionally trusts the temporary fixture;
+9. runs `pi list --approve`;
 10. asserts the installed package came from `node_modules/pi-oracle` and did not use `pi -e` / source-extension shortcuts.
 
 ## What `real-extension` proves
@@ -100,8 +100,8 @@ On each required target, `platform-build`:
 
 1. packs this checkout with `npm pack`;
 2. installs the tarball into a clean pi project;
-3. runs `pi install -l ./node_modules/pi-oracle`;
-4. asserts `pi list` shows the packed install path;
+3. runs `pi install -l ./node_modules/pi-oracle --approve`;
+4. asserts `pi list --approve` shows the packed install path;
 5. executes `oracle_submit` from the installed package path, not source `pi -e`;
 6. asserts whole-project archive creation and default exclusions.
 
@@ -113,7 +113,7 @@ For inner-loop/debug only, use:
 npm run smoke:real:source
 ```
 
-That source-mode smoke loads `extensions/oracle/index.ts` with `pi --no-extensions -e`; it is useful while developing but is not release proof.
+That source-mode smoke loads `extensions/oracle/index.ts` with `pi --approve --no-extensions -e`; it is useful while developing but is not release proof.
 
 ## Artifacts
 

package/extensions/oracle/lib/config.ts

@@ -6,7 +6,7 @@
 import { execFileSync } from "node:child_process";
 import { existsSync, readFileSync } from "node:fs";
 import { homedir } from "node:os";
-import { getAgentDir } from "@earendil-works/pi-coding-agent";
+import { getAgentDir, hasProjectTrustInputs, ProjectTrustStore } from "@earendil-works/pi-coding-agent";
 import { isAbsolute, join, normalize } from "node:path";
 import {
   assertNotKnownBrowserUserDataPath,
@@ -313,27 +313,76 @@ const detectedChromeUserAgent = detectDefaultChromeUserAgent(detectedChromeExecu
 const agentExtensionsDir = join(getAgentDir(), "extensions");
 const detectedChromeProfileName = detectDefaultBrowserProfileSource(process.platform);
 
+export interface OracleConfigLoadOptions {
+  /**
+   * Whether project-local oracle config may be loaded. Omit for the runtime
+   * policy that preserves oracle's historical project-config behavior while
+   * respecting explicit --no-approve and saved distrust decisions.
+   */
+  projectConfigTrusted?: boolean;
+  /** Session cwd used for Pi's saved project-trust decision when config lookup is anchored to a derived project root. */
+  projectConfigTrustCwd?: string;
+}
+
 export interface OracleConfigLoadDetails {
   agentDir: string;
   agentConfigPath: string;
   agentConfigExists: boolean;
   projectConfigPath: string;
   projectConfigExists: boolean;
+  projectConfigTrusted: boolean;
+  projectConfigLoaded: boolean;
+  projectConfigSkippedReason?: string;
   effectiveAuthConfigPath: string;
   effectiveAuthScope: "agent";
 }
 
-export function getOracleConfigLoadDetails(cwd: string): OracleConfigLoadDetails {
+function getProjectTrustCliOverride(argv = process.argv): boolean | undefined {
+  let trusted: boolean | undefined;
+  for (const arg of argv.slice(2)) {
+    if (arg === "--approve" || arg === "-a") trusted = true;
+    if (arg === "--no-approve" || arg === "-na") trusted = false;
+  }
+  return trusted;
+}
+
+function isProjectConfigTrusted(cwd: string, agentDir: string, projectConfigExists: boolean, options?: OracleConfigLoadOptions): boolean {
+  if (options?.projectConfigTrusted !== undefined) return options.projectConfigTrusted;
+  const trustCwd = options?.projectConfigTrustCwd ?? cwd;
+  const cliOverride = getProjectTrustCliOverride();
+  if (cliOverride !== undefined) return cliOverride;
+  if (!projectConfigExists && !hasProjectTrustInputs(trustCwd)) return true;
+  try {
+    const trustStore = new ProjectTrustStore(agentDir);
+    const trustDecision = trustStore.get(trustCwd);
+    const rootDecision = trustCwd !== cwd ? trustStore.get(cwd) : null;
+    if (trustDecision !== null) return trustDecision;
+    if (rootDecision !== null) return rootDecision;
+  } catch {
+    return false;
+  }
+  return true;
+}
+
+export function getOracleConfigLoadDetails(cwd: string, options?: OracleConfigLoadOptions): OracleConfigLoadDetails {
   const agentDir = getAgentDir();
   const projectRoot = getProjectId(cwd);
   const agentConfigPath = join(agentDir, "extensions", "oracle.json");
   const projectConfigPath = join(projectRoot, ".pi", "extensions", "oracle.json");
+  const projectConfigExists = existsSync(projectConfigPath);
+  const projectConfigTrusted = isProjectConfigTrusted(projectRoot, agentDir, projectConfigExists, options);
+  const projectConfigLoaded = projectConfigExists && projectConfigTrusted;
   return {
     agentDir,
     agentConfigPath,
     agentConfigExists: existsSync(agentConfigPath),
     projectConfigPath,
-    projectConfigExists: existsSync(projectConfigPath),
+    projectConfigExists,
+    projectConfigTrusted,
+    projectConfigLoaded,
+    projectConfigSkippedReason: projectConfigExists && !projectConfigTrusted
+      ? "Project oracle config is ignored because this run used --no-approve or the project has a saved untrusted decision."
+      : undefined,
     effectiveAuthConfigPath: agentConfigPath,
     effectiveAuthScope: "agent",
   };
@@ -341,8 +390,11 @@ export function getOracleConfigLoadDetails(cwd: string): OracleConfigLoadDetails
 
 export function formatOracleAuthConfigRemediation(details: OracleConfigLoadDetails): string {
   const authFields = "auth.chromeProfile / auth.chromeCookiePath / auth.chromiumKeychain";
-  if (!details.projectConfigExists) {
-    return `Set ${authFields} in ${details.effectiveAuthConfigPath}.`;
+  if (!details.projectConfigLoaded) {
+    const projectNote = details.projectConfigSkippedReason
+      ? ` Project config at ${details.projectConfigPath} is present but not loaded because this run explicitly does not trust project-local inputs.`
+      : "";
+    return `Set ${authFields} in ${details.effectiveAuthConfigPath}.${projectNote}`;
   }
   return (
     `Set ${authFields} in ${details.effectiveAuthConfigPath}. ` +
@@ -354,11 +406,13 @@ export function formatOracleAuthConfigSummary(details: OracleConfigLoadDetails):
   const lines = [
     `Effective oracle auth config: ${details.effectiveAuthConfigPath} (agent dir: ${details.agentDir}${details.agentConfigExists ? "" : "; create this file to override auth.*"})`,
   ];
-  if (details.projectConfigExists) {
+  if (details.projectConfigLoaded) {
     lines.push(
       `Project oracle config also loaded: ${details.projectConfigPath} ` +
         `(project scope can override ${[...PROJECT_OVERRIDE_KEYS].join("/")} only; auth.* still comes from ${details.effectiveAuthConfigPath}).`,
     );
+  } else if (details.projectConfigSkippedReason) {
+    lines.push(`Project oracle config present but not loaded: ${details.projectConfigPath}. ${details.projectConfigSkippedReason}`);
   }
   return lines.join("\n");
 }
@@ -665,9 +719,9 @@ function validateOracleConfig(value: unknown): OracleConfig {
   };
 }
 
-export function loadOracleConfig(cwd: string): OracleConfig {
-  const details = getOracleConfigLoadDetails(cwd);
+export function loadOracleConfig(cwd: string, options?: OracleConfigLoadOptions): OracleConfig {
+  const details = getOracleConfigLoadDetails(cwd, options);
   const globalConfig = readJson(details.agentConfigPath);
-  const projectConfig = filterProjectConfig(readJson(details.projectConfigPath));
+  const projectConfig = details.projectConfigLoaded ? filterProjectConfig(readJson(details.projectConfigPath)) : undefined;
   return validateOracleConfig(deepMerge(deepMerge(DEFAULT_CONFIG, globalConfig), projectConfig));
 }

package/extensions/oracle/lib/tools.ts

@@ -1264,7 +1264,7 @@ export function registerOracleTools(pi: ExtensionAPI, workerPath: string, authWo
     async execute(_toolCallId, params, _signal, _onUpdate, ctx) {
       try {
         const projectCwd = getProjectId(ctx.cwd);
-        const baseConfig = loadOracleConfig(projectCwd);
+        const baseConfig = loadOracleConfig(projectCwd, { projectConfigTrustCwd: ctx.cwd });
         const provider = normalizeOracleProvider(params.provider, baseConfig.defaults.provider, "oracle_auth");
         const message = await runOracleAuthBootstrap(authWorkerPath, projectCwd, provider);
         return {
@@ -1311,7 +1311,7 @@ export function registerOracleTools(pi: ExtensionAPI, workerPath: string, authWo
     async execute(_toolCallId, params, _signal, _onUpdate, ctx) {
       try {
         const projectCwd = getProjectId(ctx.cwd);
-        const baseConfig = loadOracleConfig(projectCwd);
+        const baseConfig = loadOracleConfig(projectCwd, { projectConfigTrustCwd: ctx.cwd });
         const originSessionFile = requirePersistedSessionFile(getSessionFile(ctx), "submit oracle jobs");
         const projectId = getProjectId(projectCwd);
         const sessionId = getSessionId(originSessionFile, projectId);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-oracle",
-  "version": "0.7.6",
+  "version": "0.7.7",
   "description": "ChatGPT and Grok web-oracle extension for pi with isolated browser auth, async jobs, and project-context archives.",
   "private": false,
   "license": "MIT",
@@ -83,8 +83,8 @@
     "protobufjs": "7.6.1"
   },
   "devDependencies": {
-    "@earendil-works/pi-ai": "^0.78.1",
-    "@earendil-works/pi-coding-agent": "^0.78.1",
+    "@earendil-works/pi-ai": "^0.79.0",
+    "@earendil-works/pi-coding-agent": "^0.79.0",
     "@types/node": "^22.19.19",
     "esbuild": "^0.28.0",
     "tsx": "^4.22.3",

package/scripts/oracle-real-smoke.mjs

@@ -22,7 +22,7 @@ function usage() {
   console.log(`Usage: node scripts/oracle-real-smoke.mjs <doctor|run> [--mode packed|source]
 
 Modes:
-  packed  Release proof. npm pack -> clean pi project -> npm install tarball -> pi install -l -> run through installed package. Default.
+  packed  Release proof. npm pack -> clean pi project -> npm install tarball -> pi install -l --approve -> run through installed package. Default.
   source  Inner-loop/debug only. Loads this checkout with pi --no-extensions -e extensions/oracle/index.ts.
 
 Environment:
@@ -257,12 +257,12 @@ async function preparePackedProject({ runDir, provider, model, timeoutMs }) {
 
   await mustRun(installDir, "npm-init", npm, ["init", "-y"], { cwd: piProject, env: process.env, timeoutMs: 60_000 });
   await mustRun(installDir, "packed-node-install", npm, ["install", "--no-save", tarballPath], { cwd: piProject, env: process.env, timeoutMs: 120_000 });
-  await mustRun(installDir, "pi-install", piCommand(), ["install", "-l", `./node_modules/${PACKAGE_NAME}`], {
+  await mustRun(installDir, "pi-install", piCommand(), ["install", "-l", `./node_modules/${PACKAGE_NAME}`, "--approve"], {
     cwd: piProject,
     env: { ...process.env, PI_OFFLINE: "1" },
     timeoutMs: 120_000,
   });
-  const piList = await mustRun(installDir, "pi-list", piCommand(), ["list"], {
+  const piList = await mustRun(installDir, "pi-list", piCommand(), ["list", "--approve"], {
     cwd: piProject,
     env: { ...process.env, PI_OFFLINE: "1" },
     timeoutMs: 60_000,
@@ -342,6 +342,7 @@ console.log(JSON.stringify(result, null, 2));
 async function runPiAgent({ prepared, agentDir, sessionDir, jobsDir, prompt, outDir, label, timeoutMs, stopAfterJobArchive = false }) {
   mkdirSync(outDir, { recursive: true });
   const args = [
+    "--approve",
     "--print",
     "--provider", prepared.provider,
     "--model", prepared.model,

package/scripts/platform-smoke/platform-build-windows.ps1

@@ -122,7 +122,7 @@ if ($PackTarball -and $PiCli -and (Test-Path -LiteralPath $TarballPath)) {
   if ($PACKED_NODE_INSTALL_EXIT -eq 0) {
     $PreviousPiOffline = $env:PI_OFFLINE
     $env:PI_OFFLINE = "1"
-    & $PiCli install -l (Join-Path ".\node_modules" $PackageName) 1> $PiInstallOut 2> $PiInstallErr
+    & $PiCli install -l (Join-Path ".\node_modules" $PackageName) --approve 1> $PiInstallOut 2> $PiInstallErr
     $PI_INSTALL_EXIT = Exit-CodeFromLastCommand
     if ($null -eq $PreviousPiOffline) { Remove-Item Env:\PI_OFFLINE -ErrorAction SilentlyContinue } else { $env:PI_OFFLINE = $PreviousPiOffline }
   } else {
@@ -148,7 +148,7 @@ if ($PiCli) {
   Push-Location $PiProject
   $PreviousPiOffline = $env:PI_OFFLINE
   $env:PI_OFFLINE = "1"
-  & $PiCli list 1> $PiListOut 2> $PiListErr
+  & $PiCli list --approve 1> $PiListOut 2> $PiListErr
   $PI_LIST_EXIT = Exit-CodeFromLastCommand
   if ($null -eq $PreviousPiOffline) { Remove-Item Env:\PI_OFFLINE -ErrorAction SilentlyContinue } else { $env:PI_OFFLINE = $PreviousPiOffline }
   Pop-Location

package/scripts/platform-smoke/targets.mjs

@@ -194,13 +194,13 @@ export function buildPlatformBuildCommand(targetName = "ubuntu", packageName = "
   lines.push('echo "PLATFORM_PACKED_NODE_INSTALL_EXIT=$PACKED_NODE_INSTALL_EXIT"');
   lines.push(...posixSection("PACKED_NODE_INSTALL_STDOUT", 'cat "$PACK_DIR/packed-node-install.stdout.txt" 2>/dev/null || true'));
   lines.push(...posixSection("PACKED_NODE_INSTALL_STDERR", 'cat "$PACK_DIR/packed-node-install.stderr.txt" 2>/dev/null || true'));
-  lines.push(`if [ "$PACKED_NODE_INSTALL_EXIT" -eq 0 ] && [ -n "$PI_CLI" ]; then (cd "$PI_PROJECT" && PI_OFFLINE=1 "$PI_CLI" install -l ./node_modules/${packageName} >"$PACK_DIR/pi-install.stdout.txt" 2>"$PACK_DIR/pi-install.stderr.txt"); PI_INSTALL_EXIT=$?; else echo "packed npm install failed or missing pi cli" >"$PACK_DIR/pi-install.stderr.txt"; PI_INSTALL_EXIT=1; fi`);
+  lines.push(`if [ "$PACKED_NODE_INSTALL_EXIT" -eq 0 ] && [ -n "$PI_CLI" ]; then (cd "$PI_PROJECT" && PI_OFFLINE=1 "$PI_CLI" install -l ./node_modules/${packageName} --approve >"$PACK_DIR/pi-install.stdout.txt" 2>"$PACK_DIR/pi-install.stderr.txt"); PI_INSTALL_EXIT=$?; else echo "packed npm install failed or missing pi cli" >"$PACK_DIR/pi-install.stderr.txt"; PI_INSTALL_EXIT=1; fi`);
   lines.push('echo "PLATFORM_PI_INSTALL_EXIT=$PI_INSTALL_EXIT"');
   lines.push(...posixSection("PI_INSTALL_STDOUT", 'cat "$PACK_DIR/pi-install.stdout.txt" 2>/dev/null || true'));
   lines.push(...posixSection("PI_INSTALL_STDERR", 'cat "$PACK_DIR/pi-install.stderr.txt" 2>/dev/null || true'));
   lines.push("");
   lines.push('echo "=== pi list ==="');
-  lines.push('if [ -n "$PI_CLI" ]; then (cd "$PI_PROJECT" && PI_OFFLINE=1 "$PI_CLI" list >"$PACK_DIR/pi-list.stdout.txt" 2>"$PACK_DIR/pi-list.stderr.txt"); PI_LIST_EXIT=$?; else echo "missing pi cli" >"$PACK_DIR/pi-list.stderr.txt"; PI_LIST_EXIT=1; fi');
+  lines.push('if [ -n "$PI_CLI" ]; then (cd "$PI_PROJECT" && PI_OFFLINE=1 "$PI_CLI" list --approve >"$PACK_DIR/pi-list.stdout.txt" 2>"$PACK_DIR/pi-list.stderr.txt"); PI_LIST_EXIT=$?; else echo "missing pi cli" >"$PACK_DIR/pi-list.stderr.txt"; PI_LIST_EXIT=1; fi');
   lines.push('echo "PLATFORM_PI_LIST_EXIT=$PI_LIST_EXIT"');
   lines.push(...posixSection("PI_LIST_STDOUT", 'cat "$PACK_DIR/pi-list.stdout.txt" 2>/dev/null || true'));
   lines.push(...posixSection("PI_LIST_STDERR", 'cat "$PACK_DIR/pi-list.stderr.txt" 2>/dev/null || true'));