js · @earendil-works/pi-coding-agentHeads-up
@earendil-works/pi-coding-agent < 0.79.0: Unauthorized project-local extension loading
Pi before 0.79.0 loaded project-local extensions and configuration from a repository's .pi directory without user approval. In 0.79.0, project trust gating was
What changed
Pi before 0.79.0 loaded project-local extensions and configuration from a repository's .pi directory without user approval. In 0.79.0, project trust gating was added: on interactive startup, Pi now asks before loading project-local inputs; non-interactive modes ignore them unless --approve is passed.
Who it affects
Users of @earendil-works/pi-coding-agent versions < 0.79.0 who run Pi in repositories they have not reviewed or do not trust.
What to do today
Upgrade @earendil-works/pi-coding-agent to version 0.79.0 or later.
The trail
Collected→
Audited→
Written→
Published