v2026.3.13: Better hook-env stability, --silent fix, and system install symlinks

A focused bugfix release that significantly improves hook-env stability, fixes the --silent flag to actually suppress all mise output, and resolves broken symlinks when installing tools to system/shared directories.

Fixed

• hook-env watch_files tracking and early-exit stability -- Environment plugins (MiseEnv modules) that return watch_files now properly trigger re-evaluation when those files change. Previously, modifying a watched file (e.g. a secrets config) wouldn't cause mise to pick up the new values until a config change or directory switch. This PR also fixes two related stability issues: projects without a mise.lock file could fail to stabilize because the nonexistent lockfile was unconditionally added to the watch set, and directory mtime changes could cause repeated slow-path fallbacks. #8716 by @rpendleton

• --silent flag now fully suppresses mise output -- The global --silent flag was not being written to Settings, so mise --silent run foo would suppress task stdout/stderr but still show mise's own info/warn messages. Now --silent properly sets quiet=true in settings, making it a true superset of --quiet: it suppresses both mise messages and task output. #8720 by @nkakouros

• mise install --system now creates runtime symlinks correctly -- When installing tools to system/shared directories with --system, the latest and partial-version symlinks (e.g. 18 -> 18.19.0) were only being created in the user install directory, leaving the system directory without proper symlinks. Symlinks are now rebuilt per install directory based on the versions actually present there, with graceful handling of permission errors in shared/system locations. #8722 by @jdx

Added

• Registry: acli (Atlassian CLI) -- Added acli to the registry for interacting with Atlassian Cloud services (Jira, Confluence, Bitbucket) from the terminal. Install with mise install acli. #8721 by @ggoggam

New Contributors

• @rpendleton made their first contribution in #8716
• @ggoggam made their first contribution in #8721

Full Changelog: v2026.3.12...v2026.3.13

v2026.3.12: Supply chain protection for lockfile upgrades

A small but important release that adds supply chain protection for lockfile upgrades and fixes zsh completions broken by the usage v3.1.0 update. This release also includes the binary assets that were missing from v2026.3.11 due to the completions issue.

Security

• Block GitHub tool upgrades when provenance is lost -- When upgrading a github: backend tool, mise now checks whether the prior locked version had provenance verification (e.g., GitHub Attestations). If the new version lacks provenance that the old version had, the upgrade is blocked with an error indicating a potential supply chain attack. The old provenance-verified lockfile entry is preserved, and the error includes both versions for easy investigation. This check applies to mise lock, mise install, and mise use. #8706 by @jdx

  Example error:

  github:example/tool@2.0.0 has no provenance verification on linux-x64,
  but github:example/tool@1.5.0 had github-attestations. This could indicate
  a supply chain attack. Verify the release is authentic before proceeding.
  

Fixed

• Zsh completions updated for usage v3.1.0 -- The prerendered zsh completion script has been regenerated to match the new output format from usage v3.1.0, which switched from _arguments to _describe and changed quoting behavior. This also fixes the binary build failure that prevented v2026.3.11 from publishing release assets. #8715 by @jdx

Full Changelog: v2026.3.11...v2026.3.12

v2026.3.11

Note: This release has no binary assets due to a CI failure caused by a breaking change in usage v3.1.0. The fix is in #8715. All changes below are included in the next release.

This release adds --skip-tools for faster task execution, GitHub token auto-detection from gh CLI, optional args/env fields in task run entries, and fixes across lockfiles, shims, tasks, and environment handling.

Highlights

• mise run --skip-tools -- Skip tool installation when running tasks, useful when you know tools are already installed and want faster execution. #8699 by @jdx
• GitHub token auto-detection from gh CLI -- mise now reads GitHub tokens from gh's hosts.yml config, so authenticated GitHub API requests work automatically if you're logged in with gh auth login. #8692 by @jdx
• Optional args and env in task run entries -- Task run entries now support optional args and env fields for more flexible task configuration. #8687 by @jdx

Added

• mise run --skip-tools -- Skip tool installation when running tasks. #8699 by @jdx
• GitHub token from gh CLI -- Automatically read tokens from gh CLI's hosts.yml config. #8692 by @jdx
• Task run entries support args and env -- Optional fields for more flexible task definitions. #8687 by @jdx
• vfox: try_get, try_head, try_download_file -- Non-failing HTTP methods for Lua plugins. #8697 by @jdx
• New registry tools:
  • rtk -- #8683 by @bricelalu

Fixed

• Node: expand tilde in default_packages_file path -- ~/.default-node-packages now resolves correctly. #8709 by @jdx
• Lockfile: skip global config lockfile by default -- Global config no longer generates a lockfile unless explicitly configured. #8707 by @jdx
• Lockfile: respect existing platforms when running mise lock -- Existing platform entries in lockfiles are preserved instead of being overwritten. #8708 by @jdx
• GitHub: rename correct binary when archive contains multiple executables -- Archives with multiple binaries no longer rename the wrong one. #8700 by @jdx
• Task: include idiomatic version files in monorepo task toolset -- .node-version, .python-version, etc. are now picked up in monorepo task directories. #8702 by @jdx
• Task: strip inline args when validating run.tasks references -- Task references with inline args (e.g. "build --release") no longer fail validation. #8701 by @jdx
• Task: inherit task_config.dir for included TOML and file tasks -- Included tasks now correctly inherit the configured working directory. #8689 by @jdx
• Task: improve error message when task files are not executable -- Clearer error when a file task lacks execute permission. #8705 by @jdx
• Task: improve usage spec element support -- Better handling of usage spec elements in task definitions. #8623 by @nkakouros
• Install: skip redundant provenance verification when lockfile has integrity data -- Avoids duplicate verification work. #8688 by @jdx
• Install: skip GitHub API calls for aqua tools in --locked mode -- Locked installs no longer make unnecessary API calls. #8679 by @jdx
• Shim: detect shims by checking shims directory instead of binary name -- Fixes edge cases where shim detection failed. #8694 by @jdx
• Shell: error when no version specified instead of silent no-op -- mise shell node now shows an error instead of doing nothing. #8693 by @jdx
• Env: support multiple --env/-E flags -- Multiple environment overrides can now be specified. #8686 by @jdx
• Env: make module vars available in Tera template context -- Environment variables from env plugins are now accessible in Tera templates. #8682 by @victor-founder
• Config: recognize SSH and other non-HTTPS URLs in get_repo_url -- SSH-style git URLs are now handled correctly. #8666 by @modestman
• Implode: include system data dir in cleanup -- mise implode now removes system-level data directories. #8696 by @jdx
• Respect MISE_COLOR=0 for error output -- color_eyre error formatting now honors the color setting. #8690 by @jdx
• Windows: add usage tool registry support -- #8713 by @jdx

New Contributors

• @victor-founder made their first contribution in #8682
• @modestman made their first contribution in #8666
• @bricelalu made their first contribution in #8683

Full Changelog: v2026.3.10...v2026.3.11

v2026.3.10: Security fix for .tool-versions templates, Python checksum verification, and 15+ bug fixes

This release closes a security gap where .tool-versions files with Tera templates could execute arbitrary commands without a trust check, adds checksum verification for precompiled Python downloads, and ships over 15 bug fixes across tasks, lockfiles, the Rust plugin, bootstrap scripts, and more.

Highlights

• Security: trust check for .tool-versions Tera templates -- .tool-versions files were processed through Tera's render_str() with the exec() function available, allowing arbitrary command execution without any trust verification. A malicious .tool-versions in a cloned repo could silently execute code when a user with mise shell activation cd'd into the directory. Template syntax in .tool-versions now requires mise trust first; plain files continue to work without trust.
• Python checksum verification for precompiled binaries -- Precompiled Python downloads from astral-sh/python-build-standalone are now verified against lockfile checksums at install time, matching the behavior of other core plugins.
• Python freethreaded build exclusion -- Freethreaded Python builds (e.g. Python 3.14+) are now excluded from precompiled selection by default, fixing "missing lib directory" errors. Set python.precompiled_flavor explicitly if you want freethreaded builds.
• mise doctor PATH ordering check -- mise doctor now warns when non-mise directories appear before mise-managed tool paths in PATH, helping diagnose tool shadowing issues.

Security

• Require trust check for .tool-versions Tera templates -- When template syntax ({{, {%, {#) is detected in a .tool-versions file, mise now requires mise trust before processing it. Plain .tool-versions files without templates are unaffected. #8675 by @jdx

Added

• mise doctor detects PATH ordering issues -- When mise is activated (not shims-only), mise doctor now checks whether non-mise directories appear before mise-managed tool paths in PATH and lists the specific offending entries. #8585 by @jdx
• New registry tools:
  • viteplus (npm:vite-plus) -- #8594 by @risu729
  • ormolu (Haskell formatter) -- #8617 by @3w36zj6
  • pi.dev coding agent -- #8635 by @dector
  • qwen (npm:@qwen-code/qwen-code) -- #8667 by @jianglu
  • hlint (Haskell linter) -- #8670 by @3w36zj6

Fixed

• Python: verify checksums for precompiled binary downloads -- Precompiled Python downloads are now checked against lockfile checksums between HTTP download and tarball extraction, preventing corrupted or tampered downloads from being silently accepted. #8593 by @malept
• Python: exclude freethreaded builds from precompiled selection -- Freethreaded Python builds (e.g. cpython-3.14.3-freethreaded) use lib/python3.14t/ instead of lib/python3.14/, causing installation failures. These are now filtered out by default unless python.precompiled_flavor is explicitly set to a freethreaded variant. #8672 by @jdx
• Config: resolve trust hash collision for same-name directories -- In paranoid mode, configs sharing the same parent directory leaf name (e.g. /projectA/infra/mise.toml and /projectB/infra/mise.toml) would map to a single hash file, silently breaking trust verification. The filename extension is now appended instead of replaced. Previously trusted configs may need a one-time mise trust after upgrading. #8628 by @tdragon
• Lockfile: resolve symlinks when updating -- If a lockfile is a symlink, mise now updates the target file instead of replacing the symlink with a regular file. #8589 by @chancez
• Rust: resolve relative CARGO_HOME/RUSTUP_HOME to absolute paths -- When CARGO_HOME or RUSTUP_HOME is set to a relative path (e.g. .cargo via [env]), the paths are now resolved to absolute before use, preventing broken PATH entries like undefined/bin after changing directories. #8604 by @simonepri
• Bootstrap: preserve argv[0] for shim dispatch -- mise generate bootstrap now emits exec -a "$0" instead of plain exec, preserving the original invocation name so that shim symlinks (e.g. claude -> mise) dispatch correctly. #8521 by @tak848
• Installer: normalize current version before comparison -- The standalone installer now strips the v prefix from MISE_CURRENT_VERSION before comparisons, so embedded checksums and the current-release CDN path are used correctly. #8649 by @tak848
• Tasks: global file tasks not properly marked as such -- #8618 by @roele
• Tasks: handle broken pipe in mise tasks ls -- Piping task output (e.g. mise tasks ls | head) no longer panics with EPIPE. #8608 by @vmaleze
• Tasks: correctly resolve _default files with extensions -- test/_default.sh is now correctly loaded as the test task instead of test:_default. #8646 by @youta1119
• Tasks: fix argument completion with flags in zsh -- Completing task arguments after flags (e.g. mise run build -- -c <TAB>) no longer produces errors. #8601 by @KevSlashNull
• Git: use "origin" as remote name -- Cloned registries now consistently use "origin" as the remote name, fixing fetch failures in some configurations. #8626 by @bentinata
• Shared tools: fix failing rebuild of runtime symlinks -- Installing tools with --system no longer fails when rebuilding runtime symlinks due to incorrect install path resolution. #8647 by @roele
• Flutter: fix version_expr Tera parser collision -- Added spaces around the current element operator in Flutter's version_expr to prevent Tera parser errors. #8616 by @roele

Changed

• Removed hidden --prefix and --interleave flags from mise run -- These flags were hidden in December 2024 when --output was introduced as their replacement. Their short forms (-p, -i) could silently consume flags intended for tasks. Use --output prefix or --output interleave instead. #8669 by @nkakouros

Breaking Changes

• .tool-versions with Tera templates now require trust -- If you have .tool-versions files using template syntax ({{, {%, {#), you will need to run mise trust in those directories. Plain .tool-versions files are unaffected. #8675
• Trust hash files regenerated -- Due to the hash collision fix, previously trusted configs in paranoid mode may need a one-time mise trust after upgrading. #8628
• --prefix/-p and --interleave/-i removed from mise run -- Use --output prefix or --output interleave instead (available since December 2024). #8669

New Contributors

• @nkakouros made their first contribution in #8669
• @jianglu made their first contribution in #8667
• @tak848 made their first contribution in #8521
• @bentinata made their first contribution in #8626
• @tdragon made their first contribution in #8628
• @nygmaaa made their first contribution in #8642
• @youta1119 made their first contribution in #8646
• @chancez made their first contribution in #8589
• @dector made their first contribution in #8635

Full Changelog: v2026.3.9...v2026.3.10

v2026.3.9: Shared install directories, secret redaction, and better Ctrl-C handling

This release introduces experimental shared install directories for multi-user environments, improves secret redaction in mise set and task output, and fixes several issues with Ctrl-C handling, tool auto-installation before prepare steps, and aqua symlink_bins behavior.

Highlights

• Shared and system install directories -- Pre-install tools to /usr/local/share/mise/installs (or a custom path) so all users on a machine or in a container can share them without re-downloading. Ideal for Docker images, devcontainers, and bastion hosts.
• Secret redaction in mise set -- Environment variables marked redact = true or matching redactions patterns are now hidden in mise set output by default, with --no-redact to override.
• Faster latest-version resolution for GitHub tools -- The GitHub backend now hits the releases/latest API endpoint directly instead of paginating through all releases, which is significantly faster for repositories with many pre-releases.

Added

• [experimental] Shared and system install directories -- mise install --system installs tools to /usr/local/share/mise/installs (or MISE_SYSTEM_DATA_DIR/installs), where every user's mise instance will find them automatically. mise install --shared <path> installs to a custom shared directory. Additional read-only lookup directories can be configured via the shared_install_dirs setting or MISE_SHARED_INSTALL_DIRS (colon-separated). Shared versions appear in mise ls with (system) or (shared) labels. See the updated Docker cookbook for usage examples. #8581 by @jdx

• GitHub backend uses releases/latest endpoint -- Resolving the latest stable version for GitHub-hosted tools now calls the dedicated releases/latest API endpoint instead of paginating through all releases. This is especially helpful for repositories with many pre-releases (e.g. unikraft/kraftkit) where the old approach required fetching multiple pages. Falls back to the previous behavior if the endpoint fails or the result doesn't match a configured version_prefix. #8516 by @roele

• vfox tool plugins record provenance in lockfiles -- mise lock and mise install now record and enforce supply-chain provenance (GitHub Attestations, SLSA, Cosign) for vfox tool plugins, bringing them to parity with aqua and github backends for downgrade-attack detection. #8544 by @malept

Fixed

• mise set now redacts secrets by default -- Values with redact = true or matching redactions glob patterns are shown as [redacted] in mise set output. Age-encrypted values default to redacted unless explicitly redact = false. Use --no-redact to reveal raw values. Task-specific env vars from env._.file or task-level redact = true are also now properly redacted in mise run output. #8583 by @jdx

• Aqua symlink_bins now works for packages without a files field -- When an aqua registry entry has no files field, symlink_bins = true previously left .mise-bins empty, making the tool invisible on PATH. Now the inferred main binary is included in the symlink directory, matching the existing install-time fallback logic. #8550 by @AlexanderTheGrey

• Ctrl-C reliably interrupts tool downloads during mise run -- Previously, mise run disabled Ctrl-C exit handling before tool installation began, so pressing Ctrl-C during a download was silently ignored. Now Ctrl-C exits immediately during downloads, and during task execution the first Ctrl-C kills child processes while a second Ctrl-C force-exits mise. #8571 by @jdx

• File task headers now allow spaces around = -- Task header lines like #MISE env._.file = "env.yaml" (with spaces around =) are now parsed correctly. Previously only #MISE env._.file="env.yaml" (no spaces) was recognized. #8574 by @roele

• mise prepare installs config tools before running prepare steps -- On clean machines, prepare steps that depend on tools declared in [tools] (e.g. uv) would fail because the tools hadn't been installed yet. Now both mise prepare and mise run install all configured tools before executing prepare commands. #8582 by @jdx

Changed

• MISE_SYSTEM_DIR has been renamed to MISE_SYSTEM_CONFIG_DIR for clarity alongside the new MISE_SYSTEM_DATA_DIR. The old name is still supported as a legacy alias. #8581

New Contributors

• @AlexanderTheGrey made their first contribution in #8550

Full Changelog: v2026.3.8...v2026.3.9

v2026.3.8: Wrapper recursion fix and lockfile provenance correction

A small patch release that fixes infinite recursion in mise exec when wrapper scripts and shims coexist in PATH, and corrects lockfile provenance detection for aqua tools with opts-only cosign configurations.

Fixed

• mise exec no longer infinite-loops when wrapper scripts and shims are both in PATH -- In devcontainer setups (and similar environments), a wrapper script like .devcontainer/bin/gitleaks that calls mise x -- gitleaks would resolve back to itself instead of the real binary when the wrapper directory appeared before the shims directory in PATH. This caused infinite recursion until the environment exceeded ARG_MAX, producing confusing errors. The fix reorders the internal lookup PATH so that mise-managed tool bin directories are checked before system PATH entries, ensuring the real binary is always found first. The child process still inherits the full unmodified PATH. #8560 by @jdx

• Lockfile no longer records unverifiable cosign provenance for opts-only aqua tools -- Tools like yamlfmt, trufflehog, and tflint configure cosign in the aqua registry with only CLI opts (e.g. --certificate-identity) but no key or bundle config. mise lock was recording provenance = "cosign" for these tools, but mise install can only verify cosign natively via key-based or bundle-based flows, causing "Lockfile requires cosign provenance ... but no verification was used" errors on install. Now cosign provenance is only recorded when the tool has a key or bundle config that can actually be verified. #8559 by @jdx

Added

• turbo added to the registry -- Turborepo, the high-performance build system for JavaScript and TypeScript codebases, can now be installed via mise use turbo. #8553 by @igas
• workmux added to the registry -- workmux, a tool for git worktrees + tmux windows for zero-friction parallel development, can now be installed via mise use workmux. #8555 by @ifraixedes

New Contributors

• @himkt made their first contribution in #8558
• @ifraixedes made their first contribution in #8555
• @igas made their first contribution in #8553

Full Changelog: v2026.3.7...v2026.3.8

v2026.3.7: Cleaner conda PATH handling

A small patch release that fixes conda packages polluting PATH with dozens of transitive dependency binaries.

Fixed

• Conda backend no longer exposes transitive dependency binaries on PATH -- Installing a conda package such as conda:postgresql would previously add every binary from every transitive dependency to PATH. For example, conda:postgresql exposed 106 binaries including ncurses utilities (clear, reset, tput, tabs), openldap commands (ldapadd), and krb5 tools (kinit) -- all of which could shadow standard system commands. Now only binaries belonging to the main requested package are placed on PATH (e.g., psql, pg_dump, createdb, initdb, pg_ctl, postgres, etc.). Dependency binaries remain installed and available to packages that need them internally, but are no longer visible on PATH. No user configuration is needed -- this is automatic for all new conda installs, and existing installs gracefully fall back to the previous behavior. #8543 by @simonepri

New Contributors

• @simonepri made their first contribution in #8543

Full Changelog: v2026.3.6...v2026.3.7

v2026.3.6: Per-environment lockfiles, Windows fixes, and fork bomb prevention

This release redesigns environment-specific lockfiles for better CI isolation, fixes a critical fork bomb caused by shim recursion in go: backend tools, and addresses several Windows-specific issues including locked .exe shims and env._.source support.

Highlights

• Per-environment lockfiles replace the previous env tag system, so mise.test.toml now generates mise.test.lock instead of tagging entries in a shared mise.lock. This means CI caches are no longer invalidated by dev-only tool changes.
• Fork bomb prevention strips mise shims from dependency environment PATHs, fixing infinite process spawning when go: backend tools are configured alongside an uninstalled Go version in shims mode.
• Windows .exe shim handling gracefully renames locked shim executables instead of failing with "Access is denied" during reshim.

Changed

• Lockfiles are now per-environment -- Environment-specific configs now get their own lockfiles (mise.test.toml -> mise.test.lock, mise.local.toml -> mise.local.lock) instead of using env = ["test"] tags in a single mise.lock. This improves CI cache isolation -- environments that don't set MISE_ENV only depend on mise.lock, so dev tool version bumps won't invalidate CI caches. Old lockfiles with env fields are silently accepted and migrated on the next mise lock. #8523 by @jdx

  Config file	Lockfile
  mise.toml	mise.lock
  mise.test.toml	mise.test.lock
  mise.local.toml	mise.local.lock

• touch_outputs removed from prepare providers -- The touch_outputs configuration option has been removed from prepare providers. Freshness checking now uses blake3 content hashing exclusively, so touching output modification times is no longer necessary. #8535 by @jdx

Fixed

• Fork bomb when using go: backend tools in shims mode -- When a go: backend tool (e.g., go:github.com/pulumi/upgrade-provider) was configured alongside a Go version that wasn't installed, and the version cache was cleared, mise could enter infinite shim recursion -- the Go shim would call mise exec, which would resolve the go: backend, which would call go list via the shim, and so on. The fix strips mise's shims directory from the PATH in dependency_env, ensuring dependency tools either resolve to a real installed binary or fail cleanly. This applies to all backends that use dependency environments (go, npm, gem, dotnet, spm, elixir). #8475 by @pose

• Locked .exe shims on Windows during reshim -- mise reshim would fail with "Access is denied" on Windows when .exe shims were locked by running processes. The fix removes shims individually (instead of wiping the entire directory) and uses a rename-to-.old fallback for locked files, which Windows allows even when the file is in use. The .old files are cleaned up on the next reshim. #8517 by @davireis

• env._.source now works on Windows -- env._.source would fail on Windows because it searched for bash without the .exe extension. The Windows API executable search now correctly looks for bash.exe. #8520 by @pjeby

• GitHub @latest version resolution -- The github: backend would fail with a 404 when using @latest because it constructed /releases/tags/latest instead of using GitHub's /releases/latest API endpoint. This was a regression introduced in v2026.3.5. #8532 by @jdx

• Fish shell shim PATH ordering on re-source -- When config.fish is re-sourced (e.g., in VS Code integrated terminals), mise activate fish --shims now correctly moves shims to the front of PATH using fish_add_path --global --move, instead of silently skipping them because they were already present. Other shells are unaffected. #8534 by @jdx

• Task output prefix disambiguation -- When running the same task multiple times with different arguments (e.g., mise run greet alice ::: greet bob), output prefixes now include the arguments to distinguish runs ([greet alice] vs [greet bob]). Arguments are only included when disambiguation is needed; single-instance tasks keep clean prefixes. Long prefixes are truncated to 40 characters. #8533, #8536 by @jdx

• Non-MRI Ruby on Windows -- Requesting non-MRI Ruby engines (jruby, truffleruby, etc.) on Windows now fails early with a clear error message explaining that only standard MRI Ruby is supported via RubyInstaller2, instead of producing a confusing 404 from an invalid download URL. #8539 by @jdx

Added

• Registry: tigerbeetle -- Added tigerbeetle (github:tigerbeetle/tigerbeetle) to the tool registry. #8514 by @risu729

Breaking Changes

• Per-environment lockfiles: If you were relying on env tags within mise.lock for environment-specific version pinning, running mise lock will migrate to the new format automatically, creating separate mise.<env>.lock files. Make sure to commit the new lockfiles and update your .gitignore if needed for mise.<env>.local.lock files.
• touch_outputs removed: If you were using touch_outputs in prepare provider configuration, that field is no longer recognized. Freshness is now determined entirely by blake3 hashing of source files.

New Contributors

• @pjeby made their first contribution in #8520
• @davireis made their first contribution in #8517
• @Aurorxa made their first contribution in #8511

Full Changelog: v2026.3.5...v2026.3.6

v2026.3.5: Provenance tracking in lockfiles and task deduplication fix

This release adds supply-chain security improvements by recording provenance verification results in lockfiles, exposes libc variant detection to vfox plugins, and fixes several bugs including duplicate task execution, offline mode hangs, and Windows binary identification.

Highlights

• Provenance tracking in lockfiles prevents downgrade attacks by recording which verification mechanism was used for each tool, and refusing to install if that mechanism is later disabled.
• Task delegation deduplication fixes a bug where shared dependency tasks could run multiple times when using run = [{ task }].
• Offline mode fix prevents mise env, hook-env, activate, and exec from hanging when resolving "latest" versions behind private registries.

Added

• Provenance verification results stored in lockfiles -- mise lock now records which provenance mechanism (SLSA, GitHub attestations, cosign, or minisign) was used to verify each tool per platform. On subsequent installs, mise refuses to proceed if the recorded verification mechanism is disabled or unavailable, protecting against downgrade/stripping attacks. The lockfile format also changes from inline tables to dotted-key subtables for platform entries, improving readability. Existing lockfiles remain backwards-compatible and will be updated on the next mise lock. #8495 by @jdx

• RUNTIME.envType for vfox plugins -- Vfox Lua plugins can now check RUNTIME.envType to determine the libc variant at runtime ("gnu" for glibc, "musl" for musl Linux, nil on non-Linux). This lets plugins select the correct binary variant for the host system. #8493 by @malept

  if RUNTIME.envType == "musl" then
      -- download musl-compatible binary
  elseif RUNTIME.envType == "gnu" then
      -- download glibc-compatible binary
  end

• Registry: portless -- Added portless (npm:portless) to the tool registry. #8508 by @risu729

Fixed

• Shared dependency tasks no longer run multiple times with task delegation -- When a task uses run = [{ task }] to delegate, the sub-graph now inherits knowledge of tasks already completed in the parent graph, preventing shared dependencies from executing more than once. #8497 by @vadimpiven

• "latest" version no longer triggers network calls in prefer-offline mode -- mise env, hook-env, activate, and exec with prefer_offline enabled would still make a remote call to resolve "latest" versions (e.g., npm:pkg = "latest"). If the registry held the connection open waiting for credentials, mise would hang indefinitely. This is now skipped, matching the existing offline guard for fully-qualified versions. #8500 by @jdx

• Windows: mise binary correctly identified without .exe extension -- On Windows, argv[0] can resolve to mise (without .exe), mise.bat, or mise.cmd, all of which were incorrectly treated as shims. This caused mise --help and mise --version to silently fail in some environments (e.g., conda-forge CI). A unified is_mise_binary() helper now handles all these variants. #8503 by @jdx, with credit to @salim-b for identifying the issue in #8496

Full Changelog: v2026.3.4...v2026.3.5

v2026.3.4: Runtime musl detection, interactive tasks, and platform install fixes

A feature-rich release that adds runtime musl/glibc detection for correct binary selection on Linux, a new interactive task field for exclusive terminal access, and several important fixes for platform-specific tool installation, the standalone installer, and Ruby precompiled binary discovery.

Highlights

• Runtime musl/glibc detection ensures mise downloads the right binary variant regardless of how mise itself was compiled, with lockfile support for both libc variants.
• interactive task field provides a targeted way to give a task exclusive terminal access without forcing all tasks to run sequentially.
• Platform install fixes correct multiple issues where registry-defined platform options were ignored or mangled, affecting tools like flyway and http-backend tools with platform-specific URLs.
• Installer safety guard prevents accidental data loss when MISE_INSTALL_PATH points to an existing directory.

Added

• interactive field for tasks -- Mark a task with interactive = true to give it exclusive terminal access (stdin/stdout/stderr) while other non-interactive tasks continue running in parallel. This is a more targeted alternative to raw = true, which forces jobs=1 globally -- interactive only blocks concurrent tasks while the interactive task is actively running. #8491 by @jdx

  [tasks.deploy]
  run = "deploy.sh"
  interactive = true  # gets exclusive stdin/stdout/stderr access

• Runtime musl/glibc detection for correct libc variant selection -- mise now detects musl libc at runtime (by checking for /lib/ld-musl-*) instead of using compile-time configuration. This means a musl-built mise running on a glibc system (or vice versa) will correctly select the right binary variant. Lockfiles now include separate entries for linux-x64-musl and linux-arm64-musl platforms. Existing lockfiles without musl entries continue to work and will be updated on the next mise lock. #8490 by @jdx

• Header comment in generated lockfiles -- mise.lock files now include a @generated header comment, making it clear the file is auto-generated and should not be edited manually. #8481 by @ivy

  # @generated - this file is auto-generated by `mise lock` https://mise.jdx.dev/dev-tools/mise-lock.html
  
  [[tools.node]]
  version = "22.14.0"
  ...

• Preserve .exe extensions on Windows -- The github, gitlab, forgejo, and http backends now automatically keep executable extensions (.exe, .bat, .cmd) when using bin or rename_exe options on Windows, fixing tools like yt-dlp that were broken by extension stripping. #8424 by @iki

Fixed

• Registry platform options now applied during install -- Platform-specific options like asset_pattern defined in the tool registry were silently ignored during installation because nested TOML structures were flattened to strings. This caused tools like flyway to select the wrong asset (e.g., alpine instead of linux-x64). #8492 by @jdx

• Tool opts stored as native TOML to fix platform switching -- Switching an http: tool from a single URL to platform-specific URLs ([tools."http:X".platforms]) could fail because cached options in .mise-installs.toml were mangled during round-tripping. Options are now stored as proper TOML fields with automatic migration of old manifests. #8448 by @jdx

• Installer errors if MISE_INSTALL_PATH is a directory -- Setting MISE_INSTALL_PATH to an existing directory (e.g., ~/tmp instead of ~/tmp/mise) caused the installer to rm -rf that directory, potentially deleting important files. The installer now detects this and exits with a clear error message suggesting a file path. #8468 by @jdx

• Prepare sources/outputs resolve relative to dir -- When a prepare provider sets dir, relative source and output paths now correctly resolve against project_root/dir instead of just project_root. This fixes freshness tracking in monorepo setups where prepare providers target subdirectories. #8472 by @jdx

• Ruby precompiled binary lookup for older versions -- Precompiled Ruby discovery used paginated release listing (first page only), so versions beyond the first 30 releases (like Ruby 3.2.2) silently fell back to compiling from source. The lookup now fetches the specific release by tag directly. #8488 by @jdx

• JSON schema supports structured objects in task depends -- The JSON schema for depends, depends_post, and wait_for now correctly accepts the structured { task, args?, env? } object syntax that the runtime already supported, fixing IDE validation errors. #8463 by @risu729

• Broken pipe no longer panics in task output -- Task output macros used println!/eprintln! which panic on broken pipes (e.g., when piping mise output to head). Replaced with calm_io equivalents that gracefully handle closed stdout/stderr. #8485 by @vmaleze

• Scoped npm package names no longer panic -- Using @scope/pkg (e.g., @anthropic-ai/claude-code) without the npm: backend prefix caused an internal panic. The parser now correctly treats the leading @ as part of the package name and provides a proper error message. #8477 by @jdx

New Contributors

• @ivy made their first contribution in #8481
• @iki made their first contribution in #8424

Full Changelog: v2026.3.3...v2026.3.4