v0.7.5

v0.7.5 — Network Proxy, Webhooks & Community Fixes

---

Features

• Network proxy support — configure HTTP/HTTPS proxies with bypass rules directly from App Settings. The proxy engine routes traffic through undici ProxyAgent instances, respects NO_PROXY rules, and configures both Node and Electron browser sessions. (46049d28, 0ed01c48, 81d1b1c3, 0da3f265) - inspired by [@berwinjoule]
• Webhook actions for automations — automations can now fire HTTP webhooks with configurable auth, form payloads, response capture, replay, and persistent retry with exponential backoff. (993c75ce, 588aab6c)
• Gemini 3.1 Flash Lite — added to Google AI Studio preferred defaults. Thanks to @naishyadav for the suggestion in #357. (e36e9a22)
• Dismiss working directory history items — hover-visible X button on each recent directory entry to remove it from history. Thanks to @jjjrmy (#346) and @jonzhan (#391) for requesting this. (3bd55d6d)

Improvements

• History truncation — consolidated all history field truncation to a single HISTORY_FIELD_MAX_LENGTH constant instead of scattered hardcoded limits (8689a1d4)
• Craft source docs — added Collections section to guide with emphasis on the nested title + properties item format (0837afa0)

Bug Fixes

• MiniMax CN authentication — removed incorrect minimax-cn → minimax alias, added lightweight direct HTTP test for Pi providers, and stripped MiniMax-prefix for CN API compatibility. Thanks to @Kathie-yu (#396) and @RimuruW (#386) for reporting. Fixes #396. (612c0e7e)
• Inline code in messages — text between inline badges (sources, skills, files) now renders through the Markdown component, restoring inline code, bold, italic, and links. Thanks to @linusrogge for reporting #378. Fixes #378. (e7f88a38)
• Zod/JSON Schema passthrough — default Zod object schemas to .passthrough() to match JSON Schema semantics where additionalProperties defaults to true. Also preserved additionalProperties in MCP proxy tool schema round-trip. Fixes tools with loosely-typed schemas silently losing fields. (cf4b6ac1, 42c173cf)
• Self-signed TLS certificates — accept self-signed certificates for the configured remote server origin, fixing ERR_CERT_AUTHORITY_INVALID on wss:// connections (7148ebec)
• File attachment in thin client mode — paperclip button now uses browser-native FileReader API instead of server-side fs.readFile(), fixing silent failures when client and server filesystems differ (680cd197)
• URL linkification — strip trailing markdown characters (**, etc.) from linkified URLs that were producing broken links (24385e78, 65b8f350)
• Automation action badges — sidebar now shows correct "Prompt" / "Webhook" badges based on actual action types instead of hardcoding "Prompt" (dc422573)
• Packaged server path fallback — added dist/resources fallback for builds where extraResources output layout differs (edc5f61f)
• $CRAFT_EVENT_DATA missing labels — all automation event payloads now include the session's current labels array, so webhooks and scripts can access label data. Fixes #406. (0f98f090)
• Multi-select non-adjacent sessions — Cmd-click now always toggles selection (standard OS behavior); opening in a new panel moves to Cmd-Shift-click. Fixes #404. (d4d7aff1)
• @ mention autocomplete with spaces — spaces are now allowed in file mention queries (e.g. @app availability.md). The menu auto-closes Slack-style when a space produces no matches. Thanks to @alexzadeh for reporting #398. Fixes #398. (1d063177)

---

v0.7.4

v0.7.4 — Custom Endpoints & Session Branching Overhaul

---

Features

• Custom endpoint support — connect any OpenAI-compatible provider via Pi SDK's registerProvider, with protocol selector, base URL input, and model registration. Fixes #329 (479d6d25)

Improvements

• Custom endpoint UX — protocol selector now appears before the base URL input, and edit-state persistence works reliably across setup routing (aac754d7, d94d36bd, 40b53170)
• CustomEndpointApi cleanup — deduplicated type definition, extracted InitMessage, and fixed model registration replace bug (8f770f62)

Bug Fixes

• Session branching overhaul — completely reworked the branch/fork flow to eliminate preflight failures, CWD mismatches, and stuck sessions. Branches now fork on first user message instead of during preflight, conversation is properly trimmed at the branch point, and spawn_session names appear correctly in the sidebar. Fixes #392 (a9358817, 1cb1d11c, d337e288, e54f58f0, 0d40bb7e, 7bd83366, 36f46f88, e8db3e2a, and 10 more commits)
• Branch cutoff reliability — Pi and Claude branch cutoffs now use sidecar turn anchors and lineage guards, with proper fallback when UUIDs are missing (ebf0fba7, 20f1dc35, 82b19359, 4bfac3a0)
• Windows: duplicate messages on branch — Windows fs.watch() fires aggressively for atomic writes, causing the ConfigWatcher to re-broadcast session metadata and duplicate messages. Fixed with ID-based dedup in appendMessage(), self-triggered event suppression via signature comparison, and increased debounce to 300ms on Windows (65c959f8)
• Windows: empty branch messages — branch messages were saved with hardcoded source session paths instead of portable {{SESSION_PATH}} tokens, causing path resolution failures on Windows. Fixed by re-tokenizing paths from source → branch directory during message copy (1ab2c9b8)
• Model switching mid-session — ClaudeAgent.setModel now correctly calls super.setModel to update the internal model reference, fixing cases where model changes didn't take effect. Partially addresses #390 (abd1fa4a)
• JSON file link crash — clicking JSON file links for non-existent files no longer crashes the app (bfcb875d)
• Empty text block cache_control — stripped cache_control from empty text blocks in Anthropic API requests, preventing validation errors (4ad37ff3)
• Automation send-timeout — increased send-timeout for the daily discussion points workflow to prevent premature timeouts (669c83cb)

---

v0.7.3

v0.7.3 — OAuth Stability, Background Tasks & Title Generation

---

Features

• Background task UI — tool cards now show a spinner while background tasks (Agent, Task) are running, giving clear visual feedback on active work (20352706)
• Improved title generation — session titles are now generated using spread message selection and language awareness, producing more accurate and natural titles across languages (835ea942, 55b7830c, 46975ac7)
• Exclude filter badges — Alt/Option-click on filter items now adds them as exclusion filters, with a live badge preview when Alt is held (fce25e23, 8a2ebbee)
• Automation lifecycle tests — --validate-server now includes automation lifecycle tests, catching regressions in the automation pipeline (19fe11e9)

Improvements

• MCP schema conversion — oneOf, anyOf, allOf, and nested objects are now correctly handled when converting MCP tool schemas, reducing "unexpected parameter" errors from providers. Partially addresses #308 (64ae9d69)
• Minimax preset split — Minimax provider is now split into separate Global and CN (China) variants with correct regional endpoints. Fixes #386 (d626f732, 5ba42ca3)
• @file mention resolution — file mentions in chat input are now wrapped in semantic markers so the agent can properly read and resolve them. Fixes #293 (15d20c1d)
• Auto-create labels — labels referenced by automations are now auto-created if they don't exist, preventing silent failures (76306c0b)
• Multi-OS CI validation — validate-server workflow now runs on a macOS + Windows + Linux matrix with fail-fast enabled (32f4c91e)
• Title generation language awareness — titles better reflect the language of the conversation. Partially addresses #286 (835ea942, 1892b4c9)

Bug Fixes

• Spurious OAuth re-authentication — fixed a race condition where sources would trigger unnecessary re-auth flows after a successful token refresh, causing connection interruptions and duplicate auth prompts (b98a2b2d, e101301b, a3264b02, 76bb5388, d8632e30)
• MCP source disconnect on token refresh — MCP sources now properly reconnect when an OAuth token is refreshed, instead of staying in a disconnected state (b1b515b2)
• Re-auth menu interaction lock — fixed a race condition where the re-authentication menu could get stuck in a locked state, blocking further user interaction (34dfc91f)
• MCP transport race condition — fixed a race on back-to-back SDK queries that could corrupt the MCP transport layer (f7d3f902)
• Agent/Task activities stuck running — background task tool activities (Agent, Task) no longer get stuck in "running" state when the underlying task completes or errors (6d49ae82)
• Background task memory leak — extracted tool helpers and fixed a memory leak in background task notification handling (6979d063)
• Preamble stripping regression — iterative preamble stripping now handles edge cases in language sanitization and filters out low-signal content more reliably (1892b4c9)
• Duplicate import — removed a duplicate Message import in turn-utils left over from merge of #238 (0aa7045f)

---

v0.7.2

v0.7.2 — Provider Presets, Island System & Bug Fixes

---

Features

• Island system — extracted Island and IslandFollowUpContentView into the shared @craft-agent/ui package as reusable primitives for annotation follow-ups and inline content expansion (7c4ba6af, 2432b421, 4397b284)
• Minimax provider preset — added Minimax as a built-in LLM connection preset with pre-configured base URL and model list (36cf45d5)
• Kimi (Coding) provider preset — added Moonshot's Kimi Coding as a built-in LLM connection preset (c59d9d8d)
• OpenAI regional presets — added OpenAI EU (api.openai.eu) and US (api.openai.us) regional API endpoint presets (bfc2be3c)
• App-level default thinking level — thinking level (off / think / max) can now be set as an app-wide default that persists across sessions and app restarts; workspace-level overrides take precedence (f5593fb1, 7c0f2659)
• Local dev build mode — new CRAFT_DEV_RUNTIME build flag resolves SDK and interceptor from the monorepo during development, with platform-aware bun fallback; adds electron:dist:dev:{mac,win,linux} scripts (506f2b02)

Improvements

• Deferred SDK checks — Anthropic SDK and runtime validation is now deferred from app startup to session creation (strict: false at boot, strict: true at session start), allowing the app to open windows even when SDK/interceptor/Bun are not yet available (cc70ce76)
• Staged typecheck flow — pre-commit hook now runs targeted typecheck only on packages touched by staged files instead of a full monorepo typecheck (538b12f4)
• Toast theming — Sonner toast description text and close button now respect the active theme tokens instead of using hardcoded colors (59cfeab4, caea757f)
• Branch creation hardening — strict SDK-fork semantics for new branches; non-whitespace preflight prompt prevents Anthropic invalid_request errors on branched sessions (9a2f5ed2)

Bug Fixes

• Google OAuth error misclassification — access_denied from a user clicking Cancel was incorrectly shown as "app is blocked by administrator"; fixed the boolean logic (|| → &&) so the special message only appears when Google's error description mentions verification. Fixes #300 (partially)
• Status icon overrides ignored — local status icon filenames were not being discovered due to a missing directory scan; also added .webp support to the icon filename pattern. Fixes #358 (f40d2e41, 0ffee7f6, c11819ef)
• Pi provider routing — custom endpoints now correctly resolve the piAuthProvider field instead of requiring a preset selection. Fixes #363 (f40d2e41)
• Shared session still accessible after delete — session delete now revokes the viewer share link via a DELETE request with a 5-second timeout, preventing deleted sessions from remaining publicly accessible. Fixes #328 (15e4830e, c11819ef)
• @mention autocomplete breaks after space — file matching now uses subsequence search instead of prefix matching, so app comp correctly matches app/components/.... Fixes #298 (c939d930)
• CI bun.lock drift — refreshed bun.lock and pinned bun version in CI to prevent --frozen-lockfile failures. Fixes #359 (9e9cebd2, 15e4830e)
• Transport banner overlaps TopBar — the reconnection banner's Retry button was hidden behind the TopBar's help button; fixed by lifting the 48px TopBar offset to the shared parent container (71abeda4)
• Pi session directory on Windows — session files were created in the wrong directory on Windows due to a path separator issue (d3e83985)
• Copilot OAuth subpath — fixed incorrect OAuth callback path for Pi-based copilot authentication flows (430c6f3d)
• Connection error diagnostics — client-only mode is now logged on startup; connection error messages include the server URL for easier debugging (ff7cf0b8)

---

Special thanks to @dragonguy888, @chouch0u, @DocplannerLech, @thomaszdxsn, and @ImLukeF for their PR contributions, and to @jonzhan, @Novtopro, @lloydwu, @alexzadeh, @galaxyboyleo, and @minak-collab for reporting the issues addressed in this release.

v0.7.1

v0.7.1 — Stability & Reliability

---

Improvements

• Pi agent engine 0.56.2 — updated from 0.55.0 with GPT-5.4 support (openai, openai-codex, azure-openai-responses), gpt-5.3-codex fallback for GitHub Copilot, Mistral native conversations integration, and OpenCode Go provider support
• Automation session titles — automation-initiated sessions now use the automation's name as the session title instead of a truncated prompt snippet; AI title generation is skipped for these sessions (861a5974, 79b9ebb4)
• CLI validate-server — added --disable-spinner / --no-spinner flag for CI environments; validate-server auto-bootstraps a temp workspace and LLM connection when none exist (84b3378c, 1ea478d7)

Bug Fixes

• Branch creation reliability — fixed a race condition where ERR_STREAM_WRITE_AFTER_END from the SDK's ProcessTransport left branch creation in an infinite loading state; added 15s timeout with interrupt-based cancellation for hung preflight queries (8ff37102, 0dc1d2e6)
• Base64 false positives — replaced heuristic base64 detection with a strict canonicalization pipeline (charset regex, normalize, auto-pad, roundtrip verify) to eliminate false positives on English text and other non-base64 content. Fixes #344
• Cross-machine session recovery — persist cleared sdkSessionId on session expiry recovery, preventing repeated stale-ID failures when syncing sessions across machines. Fixes #342
• Spawn ENOENT during auto-update — detect app bundle swap during auto-update using structured error fields + regex fallback, with bounded single retry. Fixes #268
• Duplicate LLM connections on re-auth — fixed stale React closure in handleReauthenticateConnection that generated new slugs (e.g. chatgpt-plus-2) instead of reusing existing ones; added updateOnly guard on the server side (b735f9df)
• Codex token expiry — Pi/Codex auth-expiry errors now route through the typed_error auth-retry pipeline instead of appearing as red error messages; global refresh mutex prevents cross-session token refresh races (1d85bc87)
• Settings "Check Now" stuck at 0% — unified autoDownload policy between Settings check and native menu so download-progress events arrive correctly (b8ad8c44)

v0.7.0

v0.7.0 — Craft CLI, Headless Server & Architecture Overhaul

---

Craft CLI

A new terminal client for running agent sessions from the command line — no GUI required.

• craft-cli run — launch agent sessions directly from your terminal with prompt input and streaming output
• Multi-provider support — select between multiple LLM connections and models from the CLI
• CI workspace support — create and manage workspaces programmatically for automated workflows
• --validate-server — verify server configuration with prettified diagnostic output
• Redesigned spinner — stays visible during agent thinking for better terminal UX

Why it's cool

This is the first step toward full programmatic control of Craft Agents. Script your agent workflows, integrate into CI/CD pipelines, or run sessions headlessly on remote machines. Partially addresses #343.

Headless Server

Run Craft Agents as a standalone server without the Electron desktop app — deploy on any machine, connect from any client.

• Standalone Bun server — headless entry point that runs without Electron, with sharp eliminated from the bundle
• TLS support — secure remote connections with automatic certificate handling
• Multi-platform build script — distribution packaging for Linux, macOS, and Windows
• Remote mode via env vars — configure headless operation through environment variables
• Thin-client connection state — WebSocket connection status and failure banners in the client

Why it's cool

Deploy Craft Agents on a remote server and connect from anywhere. Run it on your home lab, a cloud VM, or a CI runner. The thin-client mode means the browser UI stays lightweight while all the heavy lifting happens server-side. Partially addresses #291.

Transport & Architecture

The entire inter-process communication layer has been rebuilt from the ground up.

• WebSocket-only RPC — replaced Electron IPC with WebSocket RPC for all communication, enabling remote operation
• Bidirectional RPC — typed push events, server-owned OAuth token management
• Server-core extraction — 14 core handlers, session management, services, and domain utilities extracted into @craft-agent/server-core for reuse across Electron and headless
• Protocol formalization — channels, DTOs, and event maps extracted to @craft-agent/shared/protocol with wire-format stability tests
• Split-brain cleanup — removed dead handler/session copies, added IWindowManager and channel advertisement

Why it's cool

This is the foundation that makes CLI, headless server, and future remote/mobile clients possible. The architecture is now cleanly split between reusable server-core logic and platform-specific shells (Electron, Bun server, CLI).

Editor & UI

• Rich block interactions — tiptap image support, slash menu for inserting content blocks, and theme fallback
• Model fallback chain — automatic fallback between models when one is unavailable, with improved playground theming
• Browser tooling — better lifecycle management, metadata badge components, and safe-mode boundaries

Security

• Block unencrypted WebSocket — remote connections now require wss:// (TLS); plaintext ws:// is rejected
• Certificate generation — fixed curve name in cert generation script

Bug Fixes

• Pi 3-tier model persistence — fixed model save/hydration for Best/Balanced/Fast tiers. Fixes #336
• Multi-panel input focus — fixed focus scoping and race handling that caused keystrokes to jump between panels. Fixes #339
• Pi Azure base URL — propagate Azure base URL to Pi subprocess
• Deep-link routing — corrected deep-link client targeting with regression tests
• Split-turn expansion — fixed TurnCard expansion key collisions
• Explore mode false positive — no longer flags node arrow syntax (=>) as a write operation
• Onboarding loop — fixed onboarding always showing + silent connection save failures
• Copilot model listing — use GitHub OAuth token for CopilotClient model listing
• Label badge overlap — prevent premature label badge overlap in UI
• Transport hardening — hardened WebSocket startup routing, codec, and session watcher isolation
• OAuth fixes — open OAuth browser locally via shell.openExternal, accept /oauth/callback path
• Event payloads — consistent sources:changed and skills:changed payload shapes
• Global config guard — ensure config.json exists before handler registration

v0.6.0

v0.6.0 — Built-in Browser, Document Tools & Multi-Panel

---

Integrated Browser

Craft Agent now has a full built-in browser — no extensions, no external tools. The agent can browse the web, fill forms, extract data, and take screenshots, all from within the app.

• In-app browser panes — Browser windows open as panels alongside your conversation, so you can watch the agent navigate in real time
• Privileged execution approval — Sensitive browser actions require explicit approval, keeping you in control
• Smart screenshots — JPEG by default for faster, smaller captures with proper DPI scaling
• Full CLI command set — Navigate, click, fill, scroll, screenshot, evaluate JS, manage downloads, and more

Why it's cool

This unlocks true end-to-end automation. Connect any data source and let the agent act on it — fill out forms, submit reports, navigate dashboards, and complete multi-step workflows entirely hands-free. Combine browser actions with your connected sources: "pull this week's metrics from Amplitude, fill out the weekly report form in our internal tool, and post the summary to Slack." The browser closes the gap between data and action.

Document Tools

Built-in tools for working with PDF, Word, Excel, PowerPoint, images, and more — no Python packages or external dependencies needed.

• markitdown — Universal document-to-markdown converter (docx, xlsx, pptx, pdf, html, ipynb)
• pdf-tool — Extract text, merge, split, and inspect PDF files
• xlsx-tool — Read, write, and export Excel spreadsheets
• docx-tool — Create and edit Word documents
• pptx-tool — Inspect and work with PowerPoint files
• img-tool — Resize, convert, and extract metadata from images
• doc-diff — Compare two documents side by side
• ical-tool — Read and parse calendar files

Why it's cool

No more "install pandas" or "pip install python-docx" — document manipulation just works. Ask the agent to "merge these 5 PDFs into one", "convert this Word doc to markdown", "resize all images in this folder to 800px wide", or "compare these two contracts and highlight differences." Combine with sources for workflows like "download the latest report from Google Drive, extract the data table, and create a Linear issue for each action item."

Branching & Multi-Panel Layout

The workspace now supports branching conversations and viewing multiple panels simultaneously.

• Session branching — Fork a conversation at any point to explore different approaches without losing your original thread
• Multi-panel view — Open browser, documents, and conversations side by side
• New session list design — Cleaner, more organized session management

Why it's cool

Explore two different implementation strategies in parallel, keep a browser panel open while coding, or compare outputs side by side. Branching means you never have to worry about "going down the wrong path" — just branch and try both.

Model Updates

• Sonnet 4.6 — Migrated all Sonnet 4.5 connections to Sonnet 4.6 automatically
• Copilot model matching — Fixed model ID resolution for GitHub Copilot connections
• Connection compatibility — Fixed anthropic_compat connections rejecting bare model names

Improvements

• Explore mode safety baseline — Default allowlist now includes common typecheck commands (bun run typecheck, tsc --noEmit, etc.) alongside existing read-only search commands
• Session tool reliability — Aligned tool listing and execution across all backends (Claude, Pi, session-mcp-server) to prevent drift
• Permission mode handling — Improved session-state tracking for permission mode transitions
• Workspace scoping — Source and skill broadcasts are now scoped to the active workspace
• Automations discoverability — Added "Learn More" and "Add Automation" to empty automations state, plus Help menu link
• Feature flag robustness — Runtime-safe evaluation prevents import-order issues in debug sessions
• Typecheck coverage — typecheck:all now includes session-tools-core

Bug Fixes

• Oversized images — Prevented oversized images from permanently breaking sessions
• Image resize — Hardened image resize with better error scoping and metadata stripping
• Tool input history — Stripped _displayName/_intent metadata from session history display
• Window drag region — Fixed TopBar drag area
• Noisy logging — Cleaned up debug logging; downgraded readFile ENOENT to debug level
• Duplicate models — Fixed duplicate model entries during connection migration
• Git Bash (Windows) — Fixed onboarding check that was skipped since v0.5.0

v0.5.1

v0.5.1 — Automations

---

Automations

Automations (formerly hooks/tasks) now have a full management UI — no more editing JSON files by hand.

• Sidebar panel — Browse, search, and filter automations by type (All, Scheduled, Event-driven)
• Enable / Disable — Toggle individual automations on or off without deleting them
• Duplicate & Delete — Clone an existing automation or remove it, with batch support for multi-select
• Execution history — Each automation records success/failure to a timeline, viewable in the detail page
• In-app editing — Edit button on the automation detail page for quick changes
• Test runner — Manually trigger an automation to verify it works before waiting for the real event

LLM Connection & Model on Prompt Actions

Prompt actions can now specify which AI provider and model to use for the session they create:

{
  "type": "prompt",
  "prompt": "Review overnight @github pull requests",
  "llmConnection": "my-openrouter",
  "model": "anthropic/claude-sonnet-4.5"
}

The llmConnection value is the slug of an LLM connection from AI Settings. Validation catches missing connections (error) and model/provider mismatches (warning) before runtime.

Config Format

The canonical config file is now automations.json with version 2 format. Legacy hooks.json is no longer loaded — rename and update to continue using your existing automations.

Improvements

• API sources for all providers — API sources (Slack, Gmail) are now exposed to the MCP pool, making them available to non-Anthropic backends like Copilot, Codex, and Gemini
• Skill metadata — requiredSources and icon fields are now displayed in the skill info page (#290)
• Automations list sorting — Sorted by most recent execution for quick access to active automations
• Setup agent event — New event type for agent initialization automations
• Cron year display — Shows year in next-run previews when runs span multiple years

Bug Fixes

• File mentions — File and folder mentions in chat messages are no longer stripped; they now resolve to absolute paths for the agent (#293)
• Config watcher directory — ConfigWatcherManager no longer creates sources/ and skills/ directories inside the session's working directory instead of the workspace root
• Automation test handler — Manual "Test" now resolves @mentions, enables sources, and passes llmConnection/model/permissionMode (same code path as the scheduler)
• Install scripts — Fetch YAML manifests directly instead of relying on the version endpoint; multiple PowerShell 5.1 compatibility fixes (#273)

Breaking Changes

• Legacy config removed — hooks.json is no longer read and there is no automatic migration. If you had existing hooks, you'll need to recreate them as automations in the new automations.json format. The easiest way is to describe your workflows to the agent — e.g. "set up a daily standup briefing at 9am" — and it will create the configuration for you. See the Automations docs for the full format reference.

v0.5.0

v0.5.0 — Use Any LLM Provider

---

New Provider Connections

• Codex · ChatGPT Plus — Sign in with your ChatGPT Plus or Pro subscription to use OpenAI's Codex models directly (#2, #44)
• GitHub Copilot — Connect your GitHub Copilot subscription with one-click device code authentication (#49)
• Google AI Studio — Use Gemini models with your Google AI Studio API key. First-class support with native Google Search grounding built in. (#240)
• OpenRouter, Ollama & custom endpoints — Bring your own API key for any OpenAI-compatible provider — OpenRouter, Ollama, or any custom endpoint (#14, #27)
• Searchable model picker — When a provider has many models, choose from three tiers (Best, Balanced, Fast) via searchable dropdowns with smart defaults

Improvements

• Provider icons — Connection settings now show the upstream provider's logo and name so you can tell your connections apart at a glance
• MCP sources work with all providers — Your connected MCP sources are now proxied to non-Anthropic backends, so tools like Linear, GitHub, and Slack work regardless of which LLM you're using
• Session list redesign — Reusable entity-list primitives for a cleaner, more consistent UI
• Skill metadata — requiredSources and icon are now displayed in the skill info page and accepted by validation (#290, #249)
• Copilot model filtering — Only models enabled by your organization's policy are shown (92200095)

Bug Fixes

• Status icon colors — Restored colors in the right-click context menu (6fa9b85b)
• Windows paths — Fixed backslash handling in workspace slug extraction (3d22e75f)
• Model tier preservation — Your selected models are no longer silently overwritten by provider defaults (1ddfe96f)
• Windows build — Fixed native module resolution (koffi), Vite OOM, and interceptor file packaging for reliable Windows builds (0ae044a2, ff791b03, 258e3e39)
• Windows runtime — Upgraded vendored Bun 1.3.5 → 1.3.9 to fix Windows crash (c4f46abc)
• Pi SDK 0.55.0 — Bumped Pi SDK to fix streaming freezes and malformed OpenAI partial chunk JSON (718d4ad6)
• Install scripts — Fixed Windows and macOS/Linux install scripts to work without the version endpoint; scripts now fetch YAML manifests directly (#273, #276)

Security

• Web-fetch hardening — Protection against SSRF, unbounded reads, and other edge cases (3904a786)
• Explore mode — Blocked find -exec and similar shell escape vectors (#272)

Infrastructure

• Cloudflare migration — Migrated R2 bucket and Workers to new Cloudflare account (55bb899e)
• CI — Windows builds now use windows-latest runner (c4ac80a6)

Breaking Changes

• Codex/Copilot backends consolidated — The standalone Codex and Copilot backends have been replaced by a unified Pi SDK backend. Existing Codex and Copilot connections will need to be re-configured through the new onboarding flow.
• Removed Claude OAuth via Pi — The option to use a Claude subscription through the Pi backend was removed for Anthropic ToS compliance. Use the direct Claude Pro/Max connection instead.

v0.4.8

v0.4.8 — LLM Tool & Plugin Fix

---

Features

• call_llm tool — Invoke a secondary LLM for focused subtasks like summarization, classification, and structured extraction. Supported across all three backends: Claude, Codex, and Copilot. Works with both API key (full features) and OAuth (basic features). Supports parallel calls, file attachments, and structured JSON output (eb0a3476, fa91af4c, b6e5c85f)

Bug Fixes

• Plugin name resolution — Skills failed to resolve when the workspace directory name didn't match the SDK plugin name. Now reads the actual plugin name from .claude-plugin/plugin.json (b7904cb7)
• Skill live reload — Adding a workspace skill caused global and project skills to disappear until restart. All reload paths now use loadAllSkills to return the full three-tier list (4172fd82)
• Codex event queue race condition — Tool results and assistant text could be lost when async item/completed handlers were still running at turn/completed. Fixed by deferring queue completion until all handlers finish (fa91af4c)

Internal

• Copilot runMiniCompletion now functional — enables title generation on the Copilot backend (fa91af4c)
• Copilot event adapter suppresses reasoning/intent events (fa91af4c)
• call_llm model badge shown in TurnCard activity rows (8bb4bcd2)