This PR includes three main improvements:
1. Tailscale Binary Detection with Fallback Strategies
- Added findTailscaleBinary() with multi-strategy detection:
* PATH lookup via 'which' command
* Known macOS app path (/Applications/Tailscale.app/Contents/MacOS/Tailscale)
* find /Applications for Tailscale.app
* locate database lookup
- Added getTailscaleBinary() with caching
- Updated all Tailscale operations to use detected binary
- Added TUI warning when Tailscale binary not found for serve/funnel modes
2. Custom Gateway IP Binding with Fallback
- New bind mode "custom" allowing user-specified IP with fallback to 0.0.0.0
- Removed "tailnet" mode (folded into "auto")
- All modes now support graceful fallback: custom (if fail → 0.0.0.0), loopback (127.0.0.1 → 0.0.0.0), auto (tailnet → 0.0.0.0), lan (0.0.0.0)
- Added customBindHost config option for custom bind mode
- Added canBindTo() helper to test IP availability before binding
- Updated configure and onboarding wizards with new bind mode options
3. Health Probe Password Auth Fix
- Gateway probe now tries both new and old passwords
- Fixes issue where password change fails health check if gateway hasn't restarted yet
- Uses nextConfig password first, falls back to baseConfig password if needed
Files changed:
- src/infra/tailscale.ts: Binary detection + caching
- src/gateway/net.ts: IP binding with fallback logic
- src/config/types.ts: BridgeBindMode type + customBindHost field
- src/commands/configure.ts: Health probe dual-password try + Tailscale detection warning + bind mode UI
- src/wizard/onboarding.ts: Tailscale detection warning + bind mode UI
- src/gateway/server.ts: Use new resolveGatewayBindHost
- src/gateway/call.ts: Updated preferTailnet logic (removed "tailnet" mode)
- src/commands/onboard-types.ts: Updated GatewayBind type
- src/commands/onboard-helpers.ts: resolveControlUiLinks updated
- src/cli/*.ts: Updated bind mode casts
- src/gateway/call.test.ts: Removed "tailnet" mode test
Claude's extended thinking feature generates thought_signature fields
(message IDs like "msg_abc123...") in content blocks. When these are
sent to Google's Gemini API, it expects Base64-encoded bytes and
rejects Claude's format with a 400 error.
This commit adds stripThoughtSignatures() to remove these fields from
assistant message content blocks during sanitization, enabling session
histories to be shared across different providers (e.g., Claude → Gemini).
Fixes cross-provider session bug where switching from Claude-thinking
to Gemini (or vice versa) would fail with:
"Invalid value at 'thought_signature' (TYPE_BYTES), Base64 decoding failed"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add validateAnthropicTurns() to merge consecutive user messages that can
occur when steering messages are injected during streaming. This prevents
the API from rejecting requests due to improper role alternation.
Changes:
- Add validateAnthropicTurns() function in pi-embedded-helpers.ts
- Integrate validation into sanitization pipeline in pi-embedded-runner.ts
- Add user-friendly error message for role ordering errors
- Add comprehensive tests for the new validation function
- Enforces strict buffering when enforceFinalTag is enabled.
- Prevents 'thinking out loud' planning steps (e.g. '*Locating Manulife*') from leaking to WhatsApp.
- Hardens <final> tag stripping to remove nested/hallucinated tags.
- Added src/utils/provider-utils.ts to track reasoning provider logic
- Updated isReasoningTagProvider to loosely match 'google-antigravity' (fixes sub-models)
- Enabled enforceFinalTag in reply.ts when provider matches
- Verified <final> tag stripping logic in pi-embedded-subscribe.ts
- Updated pi-embedded-runner to use consistent provider check for prompt hints
When block streaming is enabled with verbose=off, tool blocks are hidden
but their boundary information was lost. Text segments before and after
tool execution would get coalesced into a single message because the
coalescer had no signal that a tool had executed between them.
This adds an onBlockReplyFlush callback that fires on tool_execution_start,
allowing the block reply pipeline to flush pending text before the tool
runs. This preserves natural message boundaries even when tools are hidden.
Fixes the issue where:
text → [hidden tool] → text → rendered as one merged message
Now correctly renders as:
text → [hidden tool] → text → two separate messages
Co-diagnosed-by: Krill (Discord assistant)
Windows system utilities like ipconfig, systeminfo, etc. write directly to
the console via WriteConsole API instead of stdout. When Node.js spawns
cmd.exe with piped stdio, these utilities produce empty output.
Changes:
- Switch from cmd.exe to PowerShell on Windows (properly redirects output)
- Disable detached mode on Windows (PowerShell doesn't pipe stdout when detached)
- Add windowsHide option to prevent console window flashing
- Update tests to use PowerShell-compatible syntax (Start-Sleep, semicolons)
The previous prompt was too permissive about skipping announcements.
Updated to strongly encourage announcing results since the requester
is waiting for a response.
- Add 'You MUST announce your result' instruction
- Clarify ANNOUNCE_SKIP is only for complete failures
- Improve guidance on providing useful summaries
The previous immediate probe (timeoutMs: 0) only caught already-completed
runs. Cross-process spawns need to actually wait via agent.wait RPC for
the gateway to signal completion, then trigger the announce flow.
- Rename probeImmediateCompletion to waitForSubagentCompletion
- Use 10 minute wait timeout for agent.wait RPC
- Remove leftover debug console.log statements
- Use resolveExtraParams() which was defined but unused
- Create streamFn wrapper that injects config-driven params
- Apply to both compaction and run sessions
Config path: agents.defaults.models["provider/model"].params.temperature
Example:
agents.defaults.models["anthropic/claude-sonnet-4"].params.temperature = 0.7
agents.defaults.models["openai/gpt-4"].params.maxTokens = 8192
Peter Steinberger
Gregor's Bot
George Pickett
Shadow
Jefferson Warrior
Friederike Seiler
meaningfool
Marc
Sebastian
Travis Hinton
Shadow
Muhammed Mukhthar CM
Gabriel Trigo
Abhi
hsrvc
L36 Server
Drake Thomsen
Aaron Konyer
Mustafa Tag Eldeen
Keith the Silly Goose
Sash Catanzarite
The Admiral
myfunc
user
Peter Siska
Ayaan Zaidi
Ayaan Zaidi
Nicholas Spisak
Marc Terns