npm - @oh-my-pi/pi-ai - Versions diffs - 13.7.0 → 13.7.3 - Mend

@oh-my-pi/pi-ai 13.7.0 → 13.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/CHANGELOG.md +13 -1
package/package.json +3 -3
package/src/auth-storage.ts +6 -0
package/src/cli.ts +24 -6
package/src/utils/oauth/index.ts +9 -0
package/src/utils/oauth/kagi.ts +46 -0
package/src/utils/oauth/types.ts +1 -0
package/src/utils/schema/dereference.ts +93 -0
package/src/utils/schema/index.ts +1 -0
package/src/utils/schema/sanitize-google.ts +6 -1
package/src/utils/validation.ts +17 -2

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,18 @@
 ## [Unreleased]
+## [13.7.2] - 2026-03-04
+### Added
+- Added support for Kagi API key authentication via `login kagi` command
+- Added Kagi to the list of available OAuth providers
+### Fixed
+- MCP tool schemas with `$ref`/`$defs` are now dereferenced before being sent to LLM providers, fixing dangling references that left models without type definitions
+- Ajv schema validation no longer emits `console.warn()` for non-standard format keywords (e.g. `"uint"`) from MCP servers, preventing TUI corruption
+- Tool schema compilation is now cached per schema identity, eliminating redundant recompilation on every tool call
 ## [13.6.0] - 2026-03-03
 ### Added
@@ -1515,4 +1527,4 @@ _Dedicated to Peter's shoulder ([@steipete](https://twitter.com/steipete))_
 ## [0.9.4] - 2025-11-26
-Initial release with multi-provider LLM support.
+Initial release with multi-provider LLM support.

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-ai",
-	"version": "13.7.0",
+	"version": "13.7.3",
 	"description": "Unified LLM API with automatic model discovery and provider configuration",
 	"homepage": "https://github.com/can1357/oh-my-pi",
 	"author": "Can Boluk",
@@ -38,10 +38,10 @@
 	},
 	"dependencies": {
 		"@anthropic-ai/sdk": "^0.78",
-		"@aws-sdk/client-bedrock-runtime": "^3.1000",
+		"@aws-sdk/client-bedrock-runtime": "^3",
 		"@bufbuild/protobuf": "^2.11",
 		"@google/genai": "^1.43",
-		"@oh-my-pi/pi-utils": "13.7.0",
+		"@oh-my-pi/pi-utils": "13.7.3",
 		"@sinclair/typebox": "^0.34",
 		"@smithy/node-http-handler": "^4.4",
 		"ajv": "^8.18",

package/src/auth-storage.ts CHANGED Viewed

@@ -42,6 +42,7 @@ import { loginGitLabDuo } from "./utils/oauth/gitlab-duo";
 import { loginAntigravity } from "./utils/oauth/google-antigravity";
 import { loginGeminiCli } from "./utils/oauth/google-gemini-cli";
 import { loginHuggingface } from "./utils/oauth/huggingface";
+import { loginKagi } from "./utils/oauth/kagi";
 import { loginKilo } from "./utils/oauth/kilo";
 import { loginKimi } from "./utils/oauth/kimi";
 import { loginLiteLLM } from "./utils/oauth/litellm";
@@ -879,6 +880,11 @@ export class AuthStorage {
 				await saveApiKeyCredential(apiKey);
 				return;
 			}
+			case "kagi": {
+				const apiKey = await loginKagi(ctrl);
+				await saveApiKeyCredential(apiKey);
+				return;
+			}
 			case "nanogpt": {
 				const apiKey = await loginNanoGPT(ctrl);
 				await saveApiKeyCredential(apiKey);

package/src/cli.ts CHANGED Viewed

@@ -7,6 +7,7 @@ import { loginCursor } from "./utils/oauth/cursor";
 import { loginGitHubCopilot } from "./utils/oauth/github-copilot";
 import { loginAntigravity } from "./utils/oauth/google-antigravity";
 import { loginGeminiCli } from "./utils/oauth/google-gemini-cli";
+import { loginKagi } from "./utils/oauth/kagi";
 import { loginKilo } from "./utils/oauth/kilo";
 import { loginKimi } from "./utils/oauth/kimi";
 import { loginMiniMaxCode, loginMiniMaxCodeCn } from "./utils/oauth/minimax-code";
@@ -157,6 +158,22 @@ async function login(provider: OAuthProvider): Promise<void> {
 					},
 				});
 				break;
+			case "kagi": {
+				const apiKey = await loginKagi({
+					onAuth(info) {
+						const { url, instructions } = info;
+						console.log(`\nOpen this URL in your browser:\n${url}`);
+						if (instructions) console.log(instructions);
+						console.log();
+					},
+					onPrompt(p) {
+						return promptFn(`${p.message}${p.placeholder ? ` (${p.placeholder})` : ""}:`);
+					},
+				});
+				storage.saveApiKey(provider, apiKey);
+				console.log(`\nAPI key saved to ~/.omp/agent/agent.db`);
+				return;
+			}
 			case "cursor":
 				credentials = await loginCursor(
@@ -269,12 +286,13 @@ Providers:
   google-gemini-cli Google Gemini CLI
   google-antigravity Antigravity (Gemini 3, Claude, GPT-OSS)
   openai-codex      OpenAI Codex (ChatGPT Plus/Pro)
-  kimi-code        Kimi Code
-  kilo             Kilo Gateway
-  zai              Z.AI (GLM Coding Plan)
-  nanogpt          NanoGPT
-    minimax-code     MiniMax Coding Plan (International)
-    minimax-code-cn  MiniMax Coding Plan (China)
+  kimi-code         Kimi Code
+  kilo              Kilo Gateway
+  kagi              Kagi
+  zai               Z.AI (GLM Coding Plan)
+  nanogpt           NanoGPT
+  minimax-code      MiniMax Coding Plan (International)
+  minimax-code-cn   MiniMax Coding Plan (China)
   cursor            Cursor (Claude, GPT, etc.)
 Examples:

package/src/utils/oauth/index.ts CHANGED Viewed

@@ -28,6 +28,7 @@ import type {
  * - Antigravity (Gemini 3, Claude, GPT-OSS via Google Cloud)
  * - Kimi Code
  * - Kilo Gateway
+ * - Kagi
  * - Cerebras
  * - Hugging Face Inference
  * - Synthetic
@@ -66,6 +67,8 @@ export { loginAntigravity, refreshAntigravityToken } from "./google-antigravity"
 export { loginGeminiCli, refreshGoogleCloudToken } from "./google-gemini-cli";
 // Hugging Face Inference (API key)
 export { loginHuggingface } from "./huggingface";
+// Kagi (API key)
+export { loginKagi } from "./kagi";
 // Kilo Gateway
 export { loginKilo } from "./kilo";
 // Kimi Code
@@ -135,6 +138,11 @@ const builtInOAuthProviders: OAuthProviderInfo[] = [
 		name: "Kilo Gateway",
 		available: true,
 	},
+	{
+		id: "kagi",
+		name: "Kagi",
+		available: true,
+	},
 	{
 		id: "cerebras",
 		name: "Cerebras",
@@ -354,6 +362,7 @@ export async function refreshOAuthToken(
 		case "minimax-code":
 		case "minimax-code-cn":
 		case "moonshot":
+		case "kagi":
 		case "cloudflare-ai-gateway":
 		case "qwen-portal":
 		case "vllm":

package/src/utils/oauth/kagi.ts ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * Kagi login flow.
+ *
+ * Kagi web search uses an API key from the account settings page.
+ * This is an API key flow:
+ * 1. Open browser to Kagi API settings
+ * 2. User copies API key
+ * 3. User pastes key into CLI
+ */
+import type { OAuthController } from "./types";
+const AUTH_URL = "https://kagi.com/settings/api";
+/**
+ * Login to Kagi.
+ *
+ * Opens browser to API settings and prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export async function loginKagi(options: OAuthController): Promise<string> {
+	if (!options.onPrompt) {
+		throw new Error("Kagi login requires onPrompt callback");
+	}
+	options.onAuth?.({
+		url: AUTH_URL,
+		instructions: "Copy your API key from Kagi API settings",
+	});
+	const apiKey = await options.onPrompt({
+		message: "Paste your Kagi API key",
+		placeholder: "kagi_...",
+	});
+	if (options.signal?.aborted) {
+		throw new Error("Login cancelled");
+	}
+	const trimmed = apiKey.trim();
+	if (!trimmed) {
+		throw new Error("API key is required");
+	}
+	return trimmed;
+}

package/src/utils/oauth/types.ts CHANGED Viewed

@@ -20,6 +20,7 @@ export type OAuthProvider =
 	| "huggingface"
 	| "kimi-code"
 	| "kilo"
+	| "kagi"
 	| "litellm"
 	| "lm-studio"
 	| "minimax-code"

package/src/utils/schema/dereference.ts ADDED Viewed

@@ -0,0 +1,93 @@
+/**
+ * Inline `$ref` / `$defs` in a JSON Schema so every consumer sees
+ * the full definition without needing a resolver.
+ *
+ * Handles:
+ * - Local `$ref` pointers (`#/$defs/Foo`, `#/definitions/Foo`)
+ * - Nested `$defs` / `definitions` blocks
+ * - Circular references (breaks the cycle by emitting `{}`)
+ *
+ * After dereferencing, `$defs` and `definitions` are stripped from the root.
+ */
+import { isJsonObject, type JsonObject } from "./types";
+/**
+ * Resolve a JSON-pointer-style `$ref` against the root schema's `$defs`
+ * or `definitions` block. Returns `undefined` for external or unresolvable refs.
+ */
+function resolveLocalRef(ref: string, root: JsonObject): JsonObject | undefined {
+	// Only handle local refs: #/$defs/Name or #/definitions/Name
+	const match = /^#\/(\$defs|definitions)\/(.+)$/.exec(ref);
+	if (!match) return undefined;
+	const [, defsKey, name] = match;
+	const defs = root[defsKey!];
+	if (!isJsonObject(defs)) return undefined;
+	const resolved = defs[name!];
+	return isJsonObject(resolved) ? resolved : undefined;
+}
+/**
+ * Recursively dereference a JSON Schema node, inlining all local `$ref` pointers.
+ */
+function dereferenceNode(node: unknown, root: JsonObject, visiting: Set<string>): unknown {
+	if (!isJsonObject(node)) return node;
+	if (Array.isArray(node)) return node.map(item => dereferenceNode(item, root, visiting));
+	const ref = node.$ref;
+	if (typeof ref === "string") {
+		// Break circular references
+		if (visiting.has(ref)) return {};
+		const resolved = resolveLocalRef(ref, root);
+		if (!resolved) return node; // External ref — leave as-is
+		visiting.add(ref);
+		const inlined = dereferenceNode(resolved, root, visiting);
+		visiting.delete(ref);
+		// Merge sibling keywords (e.g. description, default) from the
+		// referencing node. In draft 2020-12 these are valid alongside $ref.
+		const hasSiblings = Object.keys(node).some(k => k !== "$ref");
+		if (!hasSiblings || !isJsonObject(inlined)) return inlined;
+		const merged: JsonObject = { ...inlined };
+		for (const [key, value] of Object.entries(node)) {
+			if (key !== "$ref") merged[key] = value;
+		}
+		return merged;
+	}
+	const result: JsonObject = {};
+	for (const [key, value] of Object.entries(node)) {
+		// Skip $defs/definitions — they get inlined into consumers
+		if (key === "$defs" || key === "definitions") continue;
+		if (Array.isArray(value)) {
+			result[key] = value.map(item => dereferenceNode(item, root, visiting));
+		} else if (isJsonObject(value)) {
+			result[key] = dereferenceNode(value, root, visiting);
+		} else {
+			result[key] = value;
+		}
+	}
+	return result;
+}
+/**
+ * Dereference all local `$ref` pointers in a JSON Schema, inlining definitions
+ * from `$defs` / `definitions`. The `$defs` block is stripped from the output.
+ *
+ * Non-local refs (e.g. `http://...`) are left untouched.
+ * Circular references are broken with `{}`.
+ *
+ * @returns A new schema object with all local refs inlined, or the input unchanged
+ *          if it's not an object or has no `$defs`/`definitions`.
+ */
+export function dereferenceJsonSchema(schema: unknown): unknown {
+	if (!isJsonObject(schema)) return schema;
+	// Fast path: nothing to dereference
+	const hasDefs = schema.$defs !== undefined || schema.definitions !== undefined;
+	if (!hasDefs) return schema;
+	return dereferenceNode(schema, schema, new Set());
+}

package/src/utils/schema/index.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 export * from "./adapt";
 export * from "./compatibility";
+export * from "./dereference";
 export * from "./equality";
 export * from "./fields";
 export * from "./normalize-cca";

package/src/utils/schema/sanitize-google.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { dereferenceJsonSchema } from "./dereference";
 import { areJsonValuesEqual } from "./equality";
 import { UNSUPPORTED_SCHEMA_FIELDS } from "./fields";
@@ -197,7 +198,11 @@ const MCP_UNSUPPORTED_SCHEMA_FIELDS = new Set(["$schema"]);
  * (`pattern`, `format`, `additionalProperties`, etc.) and `$ref`/`$defs`.
  */
 export function sanitizeSchemaForMCP(value: unknown): unknown {
-	return sanitizeSchemaImpl(value, {
+	// Dereference $ref/$defs first — MCP servers emit standard JSON Schema
+	// with $defs, but providers (Anthropic, Google) only forward `properties`
+	// and `required`, dropping $defs and leaving dangling $ref pointers.
+	const dereferenced = dereferenceJsonSchema(value);
+	return sanitizeSchemaImpl(dereferenced, {
 		insideProperties: false,
 		normalizeTypeArrayToNullable: false,
 		stripNullableKeyword: true,

package/src/utils/validation.ts CHANGED Viewed

@@ -451,12 +451,28 @@ function coerceArgsFromErrors(
 // Create a singleton AJV instance with formats (only if not in browser extension)
 // AJV requires 'unsafe-eval' CSP which is not allowed in Manifest V3
+//
+// Silent logger: MCP servers may declare non-standard format keywords (e.g. "uint")
+// which cause Ajv to emit console.warn() with strict:false — corrupting TUI output.
 const ajv = new Ajv({
 	allErrors: true,
 	strict: false,
+	logger: false,
 });
 addFormats(ajv);
+// Cache compiled validators by schema object identity to avoid
+// re-compiling the same tool schema on every call.
+const compiledSchemaCache = new WeakMap<object, import("ajv").ValidateFunction>();
+function compileSchema(schema: object): import("ajv").ValidateFunction {
+	let validate = compiledSchemaCache.get(schema);
+	if (!validate) {
+		validate = ajv.compile(schema);
+		compiledSchemaCache.set(schema, validate);
+	}
+	return validate;
+}
 const MAX_TYPE_COERCION_PASSES = 5;
 /**
@@ -484,8 +500,7 @@ export function validateToolCall(tools: Tool[], toolCall: ToolCall): any {
 export function validateToolArguments(tool: Tool, toolCall: ToolCall): any {
 	const originalArgs = toolCall.arguments;
-	// Compile the schema
-	const validate = ajv.compile(tool.parameters);
+	const validate = compileSchema(tool.parameters);
 	// Validate the arguments
 	if (validate(originalArgs)) {