@intent-systems/nexus 2026.1.5-3 → 2026.1.5-5

package/dist/agents/agent-id.js

@@ -0,0 +1,41 @@
+import fs from "node:fs";
+import path from "node:path";
+import { resolveStateDir } from "../config/paths.js";
+function listAgentIds(stateDir) {
+    const agentsDir = path.join(stateDir, "agents");
+    try {
+        const entries = fs.readdirSync(agentsDir, { withFileTypes: true });
+        return entries
+            .filter((entry) => entry.isDirectory() && !entry.name.startsWith("."))
+            .map((entry) => entry.name)
+            .sort();
+    }
+    catch {
+        return [];
+    }
+}
+export function resolveAgentId(env = process.env) {
+    const override = env.NEXUS_AGENT_ID?.trim();
+    const stateDir = resolveStateDir(env);
+    const available = listAgentIds(stateDir);
+    if (override) {
+        return {
+            ok: true,
+            agentId: override,
+            source: "env",
+            available,
+        };
+    }
+    if (available.length === 1) {
+        return {
+            ok: true,
+            agentId: available[0],
+            source: "auto",
+            available,
+        };
+    }
+    if (available.length > 1) {
+        return { ok: false, reason: "multiple", available };
+    }
+    return { ok: true, agentId: "default", source: "default", available };
+}

package/dist/agents/auth-profiles.js

@@ -1,8 +1,8 @@
 import { execFileSync } from "node:child_process";
 import fs from "node:fs";
 import lockfile from "proper-lockfile";
+import { buildCredentialIndex, ensureCredentialIndexSync, listCredentialEntriesSync, readCredentialRecordSync, resolveDefaultEnvVar, resolveOAuthBundle, resolveCredentialIndexPath, resolveCredentialValue, writeCredentialIndexSync, writeCredentialRecordSync, } from "../credentials/store.js";
 import { createSubsystemLogger } from "../logging.js";
-import { buildCredentialIndex, ensureCredentialIndexSync, listCredentialEntriesSync, readCredentialRecordSync, resolveCredentialIndexPath, resolveCredentialValue, writeCredentialIndexSync, writeCredentialRecordSync, } from "../credentials/store.js";
 import { refreshChutesTokens } from "./chutes-oauth.js";
 import { normalizeProviderId } from "./model-selection.js";
 export const CLAUDE_CLI_PROFILE_ID = "anthropic:claude-cli";
@@ -22,17 +22,24 @@ function parseProfileId(profileId) {
     const parts = profileId.split(":");
     if (parts.length === 1)
         return { provider: profileId, account: "default" };
-    return { provider: parts[0] ?? profileId, account: parts.slice(1).join(":") || "default" };
+    return {
+        provider: parts[0] ?? profileId,
+        account: parts.slice(1).join(":") || "default",
+    };
 }
 function isEmailLike(value) {
     const trimmed = value.trim();
-    return Boolean(trimmed && trimmed.includes("@") && trimmed.includes("."));
+    return Boolean(trimmed?.includes("@") && trimmed.includes("."));
 }
 function pickPreferredEntry(entries) {
     if (entries.length === 0)
         return null;
     const byType = (type) => entries.find((entry) => entry.record.type === type);
-    return byType("api_key") ?? byType("token") ?? byType("oauth") ?? entries[0] ?? null;
+    return (byType("api_key") ??
+        byType("token") ??
+        byType("oauth") ??
+        entries[0] ??
+        null);
 }
 function resolveCredentialEmail(entry) {
     const metaEmail = entry.record.metadata?.email;
@@ -113,7 +120,8 @@ export function loadAuthProfileStore() {
     rebuilt.order = existing.order;
     rebuilt.lastGood = existing.lastGood;
     rebuilt.usageStats = existing.usageStats;
-    const servicesChanged = JSON.stringify(rebuilt.services) !== JSON.stringify(existing.services ?? {});
+    const servicesChanged = JSON.stringify(rebuilt.services) !==
+        JSON.stringify(existing.services ?? {});
     if (servicesChanged) {
         writeIndex(rebuilt);
     }
@@ -166,6 +174,31 @@ export async function setAuthProfileOrder(params) {
 function resolveAuthIdForProvider(entry) {
     return entry.authId;
 }
+function buildAuthPayload(credential) {
+    if (credential.type === "api_key") {
+        return { value: credential.key ?? "" };
+    }
+    if (credential.type === "token") {
+        const value = credential.token ?? "";
+        if (!credential.expires)
+            return { value };
+        return {
+            value: JSON.stringify({
+                token: value,
+                expiresAt: credential.expires,
+            }),
+            format: "json",
+        };
+    }
+    return {
+        value: JSON.stringify({
+            accessToken: credential.access,
+            refreshToken: credential.refresh,
+            expiresAt: credential.expires,
+        }),
+        format: "json",
+    };
+}
 export function upsertAuthProfile(params) {
     const { provider, account } = parseProfileId(params.profileId);
     const authId = resolveAuthIdForProvider({
@@ -176,33 +209,43 @@ export function upsertAuthProfile(params) {
         record: {
             owner: "user",
             type: params.credential.type,
-            storage: { provider: "plaintext" },
+            storage: { provider: "env", var: "NEXUS_DUMMY" },
         },
     });
     const record = {
         owner: "user",
         type: params.credential.type,
         configuredAt: new Date().toISOString(),
-        storage: { provider: "plaintext" },
+        storage: { provider: "env", var: "NEXUS_DUMMY" },
         metadata: {
             addedBy: "nexus upsertAuthProfile",
         },
+        ...(params.credential.type !== "api_key" && params.credential.expires
+            ? { expiresAt: params.credential.expires }
+            : {}),
     };
     if (params.credential.type === "api_key") {
         record.key = params.credential.key;
     }
     else if (params.credential.type === "token") {
         record.token = params.credential.token;
-        record.expiresAt = params.credential.expires;
     }
     else {
         record.accessToken = params.credential.access;
         record.refreshToken = params.credential.refresh;
-        record.expiresAt = params.credential.expires;
     }
-    const secretValue = record.key ?? record.token ?? record.accessToken;
+    const payload = buildAuthPayload(params.credential);
+    const envVar = resolveDefaultEnvVar({
+        service: provider,
+        type: params.credential.type,
+    });
+    record.storage = {
+        provider: "env",
+        var: envVar,
+        ...(payload.format ? { format: payload.format } : {}),
+    };
     const allowKeychain = process.env.NEXUS_KEYCHAIN_ENABLED === "1";
-    if (secretValue && allowKeychain && process.platform === "darwin") {
+    if (payload.value && allowKeychain && process.platform === "darwin") {
         const keychainService = `nexus.${provider}`;
         const keychainAccount = account;
         try {
@@ -214,18 +257,26 @@ export function upsertAuthProfile(params) {
                 "-a",
                 keychainAccount,
                 "-w",
-                secretValue,
+                payload.value,
             ]);
-            record.storage = { provider: "keychain", service: keychainService, account: keychainAccount };
-            record.key = undefined;
-            record.token = undefined;
-            record.accessToken = undefined;
-            record.refreshToken = undefined;
+            record.storage = {
+                provider: "keychain",
+                service: keychainService,
+                account: keychainAccount,
+                ...(payload.format ? { format: payload.format } : {}),
+            };
         }
         catch (err) {
-            log.warn("keychain write failed; storing plaintext credential", { err: String(err) });
+            process.env[envVar] = payload.value;
+            log.warn("keychain write failed; using env credential fallback", {
+                err: String(err),
+                envVar,
+            });
         }
     }
+    else if (payload.value) {
+        process.env[envVar] = payload.value;
+    }
     writeCredentialRecordSync(provider, account, authId, record);
     const index = readIndex();
     index.lastUpdated = new Date().toISOString();
@@ -302,7 +353,10 @@ export async function clearAuthProfileCooldown(params) {
 export async function markAuthProfileGood(params) {
     const providerKey = normalizeProviderId(params.provider);
     const updated = await updateIndexWithLock((index) => {
-        index.lastGood = { ...(index.lastGood ?? {}), [providerKey]: params.profileId };
+        index.lastGood = {
+            ...index.lastGood,
+            [providerKey]: params.profileId,
+        };
         return true;
     });
     if (updated) {
@@ -337,17 +391,52 @@ export async function resolveApiKeyForProfile(params) {
             const providerKey = normalizeProviderId(cred.provider);
             if (providerKey === "chutes" && record.type === "oauth") {
                 try {
+                    const bundle = await resolveOAuthBundle(record);
+                    const accessToken = bundle.accessToken ?? record.accessToken;
+                    const refreshToken = bundle.refreshToken ?? record.refreshToken;
+                    const oauthExpires = bundle.expiresAt !== undefined ? bundle.expiresAt : record.expiresAt;
+                    const oauthExpiresAt = typeof oauthExpires === "number"
+                        ? oauthExpires
+                        : Number.parseInt(String(oauthExpires), 10);
+                    if (!accessToken || !refreshToken) {
+                        throw new Error("Missing OAuth refresh token for chutes.");
+                    }
                     const refreshed = await refreshChutesTokens({
                         credential: {
-                            access: record.accessToken,
-                            refresh: record.refreshToken,
-                            expires: expiresAt,
+                            access: accessToken,
+                            refresh: refreshToken,
+                            expires: oauthExpiresAt,
                             email: cred.email,
-                            clientId: typeof record.metadata?.clientId === "string" ? record.metadata.clientId : undefined,
+                            clientId: typeof record.metadata?.clientId === "string"
+                                ? record.metadata.clientId
+                                : undefined,
                         },
                     });
-                    record.accessToken = refreshed.access;
-                    record.refreshToken = refreshed.refresh;
+                    const refreshedPayload = JSON.stringify({
+                        accessToken: refreshed.access,
+                        refreshToken: refreshed.refresh,
+                        expiresAt: refreshed.expires,
+                    });
+                    if (record.storage.provider === "keychain") {
+                        execFileSync("security", [
+                            "add-generic-password",
+                            "-U",
+                            "-s",
+                            record.storage.service,
+                            "-a",
+                            record.storage.account,
+                            "-w",
+                            refreshedPayload,
+                        ]);
+                        record.storage = { ...record.storage, format: "json" };
+                    }
+                    else if (record.storage.provider === "env") {
+                        process.env[record.storage.var] = refreshedPayload;
+                        record.storage = { ...record.storage, format: "json" };
+                    }
+                    else {
+                        throw new Error("Cannot persist refreshed token without keychain/env.");
+                    }
                     record.expiresAt = refreshed.expires;
                     record.lastVerified = new Date().toISOString();
                     if (typeof refreshed.clientId === "string") {

package/dist/agents/identity-state.js

@@ -0,0 +1,79 @@
+import fs from "node:fs";
+import path from "node:path";
+import { resolveBootstrapPath, resolveStateDir } from "../config/paths.js";
+import { resolveAgentId } from "./agent-id.js";
+function readField(pathname, label) {
+    try {
+        const raw = fs.readFileSync(pathname, "utf-8");
+        const regex = new RegExp(`^[-*]?\\s*${label}\\s*:\\s*(.+)$`, "im");
+        const match = raw.match(regex);
+        return match?.[1]?.trim();
+    }
+    catch {
+        return undefined;
+    }
+}
+function hasPopulatedField(pathname) {
+    try {
+        const raw = fs.readFileSync(pathname, "utf-8");
+        const lines = raw.split(/\r?\n/);
+        return lines.some((line) => {
+            const match = line.match(/^[-*]?\s*[^:]+:\s*(.+)$/);
+            if (!match)
+                return false;
+            return match[1].trim().length > 0;
+        });
+    }
+    catch {
+        return false;
+    }
+}
+function resolveAgentFromState(resolution, stateDir) {
+    if (!resolution.ok) {
+        return {
+            ok: false,
+            reason: "multiple_agents",
+            agentOptions: resolution.available,
+        };
+    }
+    const agentId = resolution.agentId;
+    const agentIdentityDir = path.join(stateDir, "agents", agentId, "identity");
+    const userIdentityDir = path.join(stateDir, "user", "identity");
+    const agentIdentityPath = path.join(agentIdentityDir, "IDENTITY.md");
+    const agentSoulPath = path.join(agentIdentityDir, "SOUL.md");
+    const agentMemoryPath = path.join(agentIdentityDir, "MEMORY.md");
+    const userProfilePath = path.join(userIdentityDir, "PROFILE.md");
+    const bootstrapPath = resolveBootstrapPath(undefined, stateDir);
+    const agentIdentityExists = fs.existsSync(agentIdentityPath);
+    const agentSoulExists = fs.existsSync(agentSoulPath);
+    const agentMemoryExists = fs.existsSync(agentMemoryPath);
+    const userProfileExists = fs.existsSync(userProfilePath);
+    const hasIdentity = hasPopulatedField(agentIdentityPath) && hasPopulatedField(userProfilePath);
+    const agentName = readField(agentIdentityPath, "Name");
+    const userName = readField(userProfilePath, "Name");
+    return {
+        ok: true,
+        snapshot: {
+            agentId,
+            agentIdSource: resolution.source,
+            agentOptions: resolution.available,
+            agentName,
+            userName,
+            agentIdentityPath,
+            agentSoulPath,
+            agentMemoryPath,
+            userProfilePath,
+            bootstrapPath,
+            agentIdentityExists,
+            agentSoulExists,
+            agentMemoryExists,
+            userProfileExists,
+            hasIdentity,
+        },
+    };
+}
+export function resolveIdentitySnapshot(env = process.env) {
+    const stateDir = resolveStateDir(env);
+    const resolution = resolveAgentId(env);
+    return resolveAgentFromState(resolution, stateDir);
+}

package/dist/agents/model-auth.js

@@ -97,6 +97,7 @@ export function resolveEnvApiKey(provider) {
         openrouter: "OPENROUTER_API_KEY",
         zai: "ZAI_API_KEY",
         mistral: "MISTRAL_API_KEY",
+        minimax: "MINIMAX_API_KEY",
     };
     const envVar = envMap[provider];
     if (!envVar)

package/dist/agents/model-fallback.js

@@ -1,5 +1,5 @@
 import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "./defaults.js";
-import { buildModelAliasIndex, modelKey, parseModelRef, resolveModelRefFromString, } from "./model-selection.js";
+import { buildModelAliasIndex, modelKey, parseModelRef, resolveConfiguredModelRef, resolveModelRefFromString, } from "./model-selection.js";
 function isAbortError(err) {
     if (!err || typeof err !== "object")
         return false;
@@ -78,8 +78,13 @@ function resolveImageFallbackCandidates(params) {
     return candidates;
 }
 function resolveFallbackCandidates(params) {
-    const provider = params.provider.trim() || DEFAULT_PROVIDER;
-    const model = params.model.trim() || DEFAULT_MODEL;
+    const fallbackDefault = resolveConfiguredModelRef({
+        cfg: params.cfg ?? {},
+        defaultProvider: DEFAULT_PROVIDER,
+        defaultModel: DEFAULT_MODEL,
+    });
+    const provider = params.provider?.trim() || fallbackDefault.provider;
+    const model = params.model?.trim() || fallbackDefault.model;
     const aliasIndex = buildModelAliasIndex({
         cfg: params.cfg ?? {},
         defaultProvider: DEFAULT_PROVIDER,
@@ -99,12 +104,13 @@ function resolveFallbackCandidates(params) {
         candidates.push(candidate);
     };
     addCandidate({ provider, model }, false);
-    const modelFallbacks = (() => {
-        const model = params.cfg?.agent?.model;
-        if (model && typeof model === "object")
-            return model.fallbacks ?? [];
-        return [];
-    })();
+    const modelFallbacks = params.fallbacksOverride ??
+        (() => {
+            const model = params.cfg?.agent?.model;
+            if (model && typeof model === "object")
+                return model.fallbacks ?? [];
+            return [];
+        })();
     for (const raw of modelFallbacks) {
         const resolved = resolveModelRefFromString({
             raw: String(raw ?? ""),

package/dist/agents/model-selection.js

@@ -132,7 +132,7 @@ export function buildAllowedModelSet(params) {
         }
     }
     const allowedCatalog = params.catalog.filter((entry) => allowedKeys.has(modelKey(entry.provider, entry.id)));
-    if (allowedCatalog.length === 0) {
+    if (allowedCatalog.length === 0 && allowedKeys.size === 0) {
         return {
             allowAny: true,
             allowedCatalog: params.catalog,

package/dist/agents/models-config.js

@@ -83,7 +83,7 @@ function resolveMinimaxApiKeyFromStore(store) {
     }
     return undefined;
 }
-function resolveImplicitProviders(params) {
+function _resolveImplicitProviders(params) {
     const providers = {};
     const minimaxEnv = resolveEnvApiKey("minimax");
     const authStore = ensureAuthProfileStore(params.agentDir);
@@ -93,7 +93,7 @@ function resolveImplicitProviders(params) {
     }
     return providers;
 }
-async function maybeBuildCopilotProvider(params) {
+async function _maybeBuildCopilotProvider(params) {
     const env = params.env ?? process.env;
     const authStore = ensureAuthProfileStore(params.agentDir);
     const profileIds = listProfilesForProvider(authStore, "github-copilot");
@@ -106,7 +106,10 @@ async function maybeBuildCopilotProvider(params) {
     if (!selectedGithubToken && hasProfile) {
         const profileId = profileIds[0];
         if (profileId) {
-            const resolved = await resolveApiKeyForProfile({ store: authStore, profileId });
+            const resolved = await resolveApiKeyForProfile({
+                store: authStore,
+                profileId,
+            });
             if (resolved?.apiKey)
                 selectedGithubToken = resolved.apiKey;
         }
@@ -134,17 +137,20 @@ async function maybeBuildCopilotProvider(params) {
 }
 export async function ensureNexusModelsJson(config, agentDirOverride) {
     const cfg = config ?? loadConfig();
-    const providers = cfg.models?.providers;
-    if (!providers || Object.keys(providers).length === 0) {
-        const agentDir = agentDirOverride?.trim()
-            ? agentDirOverride.trim()
-            : resolveNexusAgentDir();
-        return { agentDir, wrote: false };
-    }
-    const mode = cfg.models?.mode ?? DEFAULT_MODE;
     const agentDir = agentDirOverride?.trim()
         ? agentDirOverride.trim()
         : resolveNexusAgentDir();
+    const explicitProviders = cfg.models?.providers ?? {};
+    const implicitProviders = _resolveImplicitProviders({ agentDir });
+    const copilotProvider = await _maybeBuildCopilotProvider({ agentDir });
+    if (copilotProvider && !explicitProviders["github-copilot"]) {
+        implicitProviders["github-copilot"] = copilotProvider;
+    }
+    const providers = { ...implicitProviders, ...explicitProviders };
+    if (Object.keys(providers).length === 0) {
+        return { agentDir, wrote: false };
+    }
+    const mode = cfg.models?.mode ?? DEFAULT_MODE;
     const targetPath = path.join(agentDir, "models.json");
     let mergedProviders = providers;
     let existingRaw = "";

package/dist/agents/pi-embedded-runner.js

@@ -1,11 +1,13 @@
 import fs from "node:fs/promises";
 import os from "node:os";
+import { streamSimple } from "@mariozechner/pi-ai";
 import { buildSystemPrompt, createAgentSession, discoverAuthStorage, discoverModels, SessionManager, SettingsManager, } from "@mariozechner/pi-coding-agent";
 import { formatToolAggregate } from "../auto-reply/tool-meta.js";
 import { getMachineDisplayName } from "../infra/machine-name.js";
 import { createSubsystemLogger } from "../logging.js";
 import { splitMediaFromOutput } from "../media/parse.js";
 import { enqueueCommandInLane, } from "../process/command-queue.js";
+import { resolveTelegramReactionLevel } from "../telegram/reaction-level.js";
 import { resolveUserPath } from "../utils.js";
 import { resolveNexusAgentDir } from "./agent-paths.js";
 import { markAuthProfileCooldown, markAuthProfileGood, markAuthProfileUsed, } from "./auth-profiles.js";
@@ -18,7 +20,6 @@ import { extractAssistantText } from "./pi-embedded-utils.js";
 import { toToolDefinitions } from "./pi-tool-definition-adapter.js";
 import { createNexusCodingTools } from "./pi-tools.js";
 import { resolveSandboxContext } from "./sandbox.js";
-import { resolveTelegramReactionLevel } from "../telegram/reaction-level.js";
 import { applySkillEnvOverrides, applySkillEnvOverridesFromSnapshot, buildWorkspaceSkillSnapshot, loadWorkspaceSkillEntries, } from "./skills.js";
 import { buildAgentSystemPromptAppend } from "./system-prompt.js";
 import { normalizeUsage } from "./usage.js";
@@ -46,7 +47,7 @@ const GOOGLE_SCHEMA_UNSUPPORTED_KEYWORDS = new Set([
     "minProperties",
     "maxProperties",
 ]);
-function isAntigravityClaudeModel(provider, modelId) {
+function _isAntigravityClaudeModel(provider, modelId) {
     if (provider !== "google-antigravity")
         return false;
     return modelId.trim().toLowerCase().includes("claude");
@@ -69,8 +70,9 @@ function findUnsupportedSchemaKeywords(schema, path) {
     }
     return violations;
 }
-function logToolSchemasForGoogle(params) {
-    if (params.provider !== "google-antigravity" && params.provider !== "google-gemini-cli") {
+function _logToolSchemasForGoogle(params) {
+    if (params.provider !== "google-antigravity" &&
+        params.provider !== "google-gemini-cli") {
         return;
     }
     const toolNames = params.tools.map((tool, index) => `${index}:${tool.name}`);
@@ -91,6 +93,89 @@ function logToolSchemasForGoogle(params) {
         }
     }
 }
+/**
+ * Resolve provider-specific extra params from model config.
+ *
+ * Example config:
+ *   agent.models["anthropic/claude-sonnet-4-5"].params.temperature = 0.7
+ *   agent.models["openai/gpt-4.1-mini"].params.maxTokens = 8192
+ */
+export function resolveExtraParams(params) {
+    const modelKey = `${params.provider}/${params.modelId}`;
+    const modelConfig = params.cfg?.agent?.models?.[modelKey];
+    let extraParams = modelConfig?.params ? { ...modelConfig.params } : undefined;
+    // Auto-enable thinking for ZAI GLM-4.x models when not explicitly configured.
+    // Skip if user explicitly disabled thinking via --thinking off.
+    if (params.provider === "zai" && params.thinkLevel !== "off") {
+        const modelIdLower = params.modelId.toLowerCase();
+        const isGlm4 = modelIdLower.includes("glm-4");
+        if (isGlm4) {
+            const hasThinkingConfig = extraParams?.thinking !== undefined;
+            if (!hasThinkingConfig) {
+                // GLM-4.7 supports preserved thinking (reasoning kept across turns).
+                // GLM-4.5/4.6 use interleaved thinking (reasoning cleared each turn).
+                const isGlm47 = modelIdLower.includes("glm-4.7");
+                const clearThinking = !isGlm47;
+                extraParams = {
+                    ...extraParams,
+                    thinking: {
+                        type: "enabled",
+                        clear_thinking: clearThinking,
+                    },
+                };
+                log.debug(`auto-enabled thinking for ${modelKey}: type=enabled, clear_thinking=${clearThinking}`);
+            }
+        }
+    }
+    return extraParams;
+}
+/**
+ * Create a wrapped streamFn that injects extra params (like temperature) from config.
+ *
+ * This wraps the default streamSimple with config-driven params for each model.
+ */
+function createStreamFnWithExtraParams(extraParams) {
+    if (!extraParams || Object.keys(extraParams).length === 0) {
+        return undefined;
+    }
+    const streamParams = {};
+    if (typeof extraParams.temperature === "number") {
+        streamParams.temperature = extraParams.temperature;
+    }
+    if (typeof extraParams.maxTokens === "number") {
+        streamParams.maxTokens = extraParams.maxTokens;
+    }
+    if (Object.keys(streamParams).length === 0) {
+        return undefined;
+    }
+    log.debug(`creating streamFn wrapper with params: ${JSON.stringify(streamParams)}`);
+    const wrappedStreamFn = (model, context, options) => {
+        const mergedOptions = {
+            ...streamParams,
+            ...options,
+        };
+        return streamSimple(model, context, mergedOptions);
+    };
+    return wrappedStreamFn;
+}
+/**
+ * Apply extra params (like temperature) to an agent's streamFn.
+ *
+ * Call this after createAgentSession to wire up config-driven model params.
+ */
+function applyExtraParamsToAgent(agent, cfg, provider, modelId, thinkLevel) {
+    const extraParams = resolveExtraParams({
+        cfg,
+        provider,
+        modelId,
+        thinkLevel,
+    });
+    const wrappedStreamFn = createStreamFnWithExtraParams(extraParams);
+    if (wrappedStreamFn) {
+        log.debug(`applying extraParams to agent streamFn for ${provider}/${modelId}`);
+        agent.streamFn = wrappedStreamFn;
+    }
+}
 /**
  * Limits conversation history to the last N user turns (and their associated
  * assistant responses). This reduces token usage for long-running DM sessions.
@@ -136,7 +221,9 @@ export function getDmHistoryLimitFromSessionKey(sessionKey, config, messageChann
     const raw = sessionKey?.trim() ?? "";
     if (!raw)
         return undefined;
-    if (raw.startsWith("group:") || raw.includes(":group:") || raw.includes(":channel:")) {
+    if (raw.startsWith("group:") ||
+        raw.includes(":group:") ||
+        raw.includes(":channel:")) {
         return undefined;
     }
     const parts = raw.split(":").filter(Boolean);
@@ -176,7 +263,7 @@ export function getDmHistoryLimitFromSessionKey(sessionKey, config, messageChann
             return undefined;
     }
 }
-function resolveReactionGuidance(params) {
+function _resolveReactionGuidance(params) {
     if (!params.config)
         return undefined;
     const rawChannel = params.messageChannel ?? params.messageProvider ?? "";
@@ -488,6 +575,7 @@ export async function compactEmbeddedPiSession(params) {
                 skills: promptSkills,
                 contextFiles,
             });
+            applyExtraParamsToAgent(session.agent, params.config, provider, modelId, params.thinkLevel);
             try {
                 const prior = await sanitizeSessionMessagesImages(session.messages, "session:history");
                 if (prior.length > 0) {
@@ -705,6 +793,7 @@ export async function runEmbeddedPiAgent(params) {
                     skills: promptSkills,
                     contextFiles,
                 });
+                applyExtraParamsToAgent(session.agent, params.config, provider, modelId, thinkLevel);
                 const prior = await sanitizeSessionMessagesImages(session.messages, "session:history");
                 if (prior.length > 0) {
                     session.agent.replaceMessages(prior);
@@ -837,7 +926,7 @@ export async function runEmbeddedPiAgent(params) {
                 if (shouldRotate) {
                     // Mark current profile for cooldown before rotating
                     if (lastProfileId) {
-                        markAuthProfileCooldown({
+                        void markAuthProfileCooldown({
                             store: authStore,
                             profileId: lastProfileId,
                         });
@@ -906,13 +995,16 @@ export async function runEmbeddedPiAgent(params) {
                     .filter((p) => p.text || p.mediaUrl || (p.mediaUrls && p.mediaUrls.length > 0));
                 log.debug(`embedded run done: runId=${params.runId} sessionId=${params.sessionId} durationMs=${Date.now() - started} aborted=${aborted}`);
                 if (lastProfileId) {
-                    markAuthProfileGood({
+                    void markAuthProfileGood({
                         store: authStore,
                         provider,
                         profileId: lastProfileId,
                     });
                     // Track usage for round-robin rotation
-                    markAuthProfileUsed({ store: authStore, profileId: lastProfileId });
+                    void markAuthProfileUsed({
+                        store: authStore,
+                        profileId: lastProfileId,
+                    });
                 }
                 return {
                     payloads: payloads.length ? payloads : undefined,