@oh-my-pi/pi-ai 14.9.9 → 15.0.1

package/CHANGELOG.md

@@ -2,6 +2,27 @@
 
 ## [Unreleased]
 
+## [15.0.1] - 2026-05-14
+### Breaking Changes
+
+- Increased the minimum Bun runtime version to `>=1.3.14` for the `@aws-?` package
+
+### Added
+
+- Added `installH2Fetch` to patch `globalThis.fetch` so HTTPS requests attempt HTTP/2 over ALPN with automatic HTTP/1.1 fallback when HTTP/2 is unsupported
+- Added priority service-tier traffic to the `premiumRequests` accounting on OpenAI and OpenAI Codex providers. Sending `serviceTier: "priority"` now increments `usage.premiumRequests` by 1 per request, matching the existing GitHub Copilot premium-request budget semantics so downstream consumers (e.g. the `omp stats` "Premium Reqs" card and `/usage`) reflect priority traffic alongside Copilot premium calls.
+
+## [15.0.0] - 2026-05-13
+
+### Added
+
+- Added `AuthStorage.onCredentialDisabled(listener)` — a multi-subscriber `on/off` API for `credential_disabled` events. Returns an unsubscribe function; calling it more than once is a no-op. Multiple subscribers all receive every disable event, with synchronous and async exceptions isolated per-listener so a misbehaving subscriber cannot starve the rest of the chain. Buffer-and-replay semantics are preserved: events emitted while no listener is subscribed are buffered (FIFO, capped at 32) and replayed once to the listener that triggers the empty→non-empty transition. After every subscriber unsubscribes, subsequent disable events buffer again until the next subscribe.
+
+### Fixed
+
+- Fixed OAuth credentials being silently disabled when two omp processes (or any two `AuthStorage` instances sharing a `agent.db`) race on token refresh. Anthropic rotates refresh tokens on every use, so the loser's `invalid_grant` response previously soft-deleted the row that the winner just rotated, forcing the user to `/login` again. `#tryOAuthCredential` now re-reads the row from disk before declaring a definitive failure: if the persisted `refresh` differs from the snapshot it tried, the peer-rotated credential is reloaded and the request retries against the fresh token instead of disabling the live row.
+- Closed a remaining race window in OAuth refresh-failure handling: between re-reading the credential row to check for peer rotation and the subsequent soft-delete, another process could still complete a refresh and rotate the row, leaving us to disable the freshly-rotated credential by `id`. The disable now runs as a single CAS update conditioned on the row's `data` still matching the snapshot we tried to refresh, and on `disabled_cause IS NULL`. If the CAS reports 0 rows changed (peer rotation, or row already disabled by a concurrent failure on the same snapshot), we reload from disk and retry instead of mutating the wrong row or emitting a spurious `credential_disabled` event.
+
 ## [14.9.3] - 2026-05-10
 
 ### Fixed

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-ai",
-	"version": "14.9.9",
+	"version": "15.0.1",
 	"description": "Unified LLM API with automatic model discovery and provider configuration",
 	"homepage": "https://github.com/can1357/oh-my-pi",
 	"author": "Can Boluk",
@@ -46,8 +46,8 @@
 		"@aws-sdk/credential-provider-node": "^3.972.39",
 		"@bufbuild/protobuf": "^2.12.0",
 		"@google/genai": "^1.52.0",
-		"@oh-my-pi/pi-natives": "14.9.9",
-		"@oh-my-pi/pi-utils": "14.9.9",
+		"@oh-my-pi/pi-natives": "15.0.1",
+		"@oh-my-pi/pi-utils": "15.0.1",
 		"@sinclair/typebox": "^0.34.49",
 		"@smithy/node-http-handler": "^4.6.1",
 		"ajv": "^8.20.0",
@@ -58,10 +58,10 @@
 		"zod": "4.4.3"
 	},
 	"devDependencies": {
-		"@types/bun": "^1.3.13"
+		"@types/bun": "^1.3.14"
 	},
 	"engines": {
-		"bun": ">=1.3.7"
+		"bun": ">=1.3.14"
 	},
 	"files": [
 		"src",

package/src/auth-storage.ts

@@ -154,6 +154,12 @@ const USAGE_CACHE_PREFIX = "usage_cache:";
 const USAGE_REPORT_TTL_MS = 30_000;
 const DEFAULT_USAGE_REQUEST_TIMEOUT_MS = 3_000;
 const DEFAULT_OAUTH_REFRESH_TIMEOUT_MS = 10_000;
+/**
+ * Cap on the buffered credential_disabled backlog held while no handler is attached.
+ * In practice the backlog is 0–N where N ≈ active providers (≤ ~20). The cap exists so
+ * pathological detach-without-reattach loops can't grow memory unboundedly.
+ */
+const MAX_PENDING_DISABLED_EVENTS = 32;
 
 type UsageCacheEntry<T> = {
 	value: T;
@@ -283,7 +289,16 @@ export class AuthStorage {
 	#fallbackResolver?: (provider: string) => string | undefined;
 	#store: AuthCredentialStore;
 	#configValueResolver: (config: string) => Promise<string | undefined>;
-	#onCredentialDisabled?: (event: CredentialDisabledEvent) => void | Promise<void>;
+	#credentialDisabledListeners: Set<(event: CredentialDisabledEvent) => void | Promise<void>> = new Set();
+	/**
+	 * Buffer for credential_disabled events fired while no listener is subscribed.
+	 * Drained (in insertion order) to the first listener that triggers the empty→non-empty
+	 * transition via {@link AuthStorage.onCredentialDisabled}. Bounded at
+	 * {@link MAX_PENDING_DISABLED_EVENTS}; oldest entries are dropped to keep memory predictable
+	 * if a long-lived AuthStorage somehow accumulates a backlog (provider count is naturally small,
+	 * but a process that runs without subscribers for a long time shouldn't grow this unboundedly).
+	 */
+	#pendingDisabledEvents: CredentialDisabledEvent[] = [];
 	#closed = false;
 
 	constructor(store: AuthCredentialStore, options: AuthStorageOptions = {}) {
@@ -294,7 +309,11 @@ export class AuthStorage {
 		this.#usageCache = new AuthStorageUsageCache(this.#store);
 		this.#usageFetch = options.usageFetch ?? fetch;
 		this.#usageRequestTimeoutMs = options.usageRequestTimeoutMs ?? DEFAULT_USAGE_REQUEST_TIMEOUT_MS;
-		this.#onCredentialDisabled = options.onCredentialDisabled;
+		if (options.onCredentialDisabled) {
+			// Constructor-registered subscribers are permanent for this AuthStorage's lifetime;
+			// the unsubscribe handle is intentionally discarded.
+			this.onCredentialDisabled(options.onCredentialDisabled);
+		}
 		this.#usageLogger =
 			options.usageLogger ??
 			({
@@ -324,6 +343,39 @@ export class AuthStorage {
 		this.#store.close();
 	}
 
+	/**
+	 * Subscribe to {@link CredentialDisabledEvent}s. Multiple subscribers are supported and
+	 * each fires for every disable event; subscribers are invoked in registration order with
+	 * exceptions and async rejections isolated per-listener so a misbehaving subscriber
+	 * cannot break the disable path or starve the rest of the chain.
+	 *
+	 * If `credential_disabled` events were emitted while no listener was subscribed, they are
+	 * replayed (in insertion order) to the listener that triggers the empty→non-empty
+	 * transition. The drain is one-shot — listeners that subscribe after that no longer see
+	 * past events.
+	 *
+	 * Returns an unsubscribe function. The function is idempotent: calling it more than once
+	 * is a no-op. After every subscriber has unsubscribed, subsequent disable events buffer
+	 * again until the next subscribe.
+	 *
+	 * @param listener Callback invoked with each disable event. May be sync or async.
+	 * @returns A function that removes this listener from the subscriber set.
+	 */
+	onCredentialDisabled(listener: (event: CredentialDisabledEvent) => void | Promise<void>): () => void {
+		const wasEmpty = this.#credentialDisabledListeners.size === 0;
+		this.#credentialDisabledListeners.add(listener);
+		if (wasEmpty && this.#pendingDisabledEvents.length > 0) {
+			const drained = this.#pendingDisabledEvents;
+			this.#pendingDisabledEvents = [];
+			for (const event of drained) {
+				this.#invokeListener(listener, event);
+			}
+		}
+		return () => {
+			this.#credentialDisabledListeners.delete(listener);
+		};
+	}
+
 	/**
 	 * Set a runtime API key override (not persisted to disk).
 	 * Used for CLI --api-key flag.
@@ -615,33 +667,65 @@ export class AuthStorage {
 	}
 
 	/**
-	 * Disables credential at index (used when OAuth refresh fails).
-	 * The credential remains in the database but is excluded from active queries.
-	 * Cleans up provider entry if last credential disabled.
+	 * CAS-style disable used when OAuth refresh definitively fails: only disables
+	 * persisted `data` still matches the credential we attempted to refresh.
+	 * Returns `false` when a peer rotated the row between our pre-check and the
+	 * disable, so the caller can reload and retry instead of clobbering the
+	 * freshly-rotated credential.
 	 */
-	#disableCredentialAt(provider: string, index: number, disabledCause: string): void {
+	#tryDisableCredentialAtIfMatches(
+		provider: string,
+		index: number,
+		expectedCredential: AuthCredential,
+		disabledCause: string,
+	): boolean {
 		const entries = this.#getStoredCredentials(provider);
-		if (index < 0 || index >= entries.length) return;
-		this.#store.deleteAuthCredential(entries[index].id, disabledCause);
+		if (index < 0 || index >= entries.length) return false;
+		const target = entries[index];
+		const serialized = serializeCredential(provider, expectedCredential);
+		if (!serialized) return false;
+		const disabled = this.#store.tryDisableAuthCredentialIfMatches(target.id, serialized.data, disabledCause);
+		if (!disabled) return false;
 		const updated = entries.filter((_value, idx) => idx !== index);
 		this.#setStoredCredentials(provider, updated);
 		this.#resetProviderAssignments(provider);
 		this.#emitCredentialDisabled({ provider, disabledCause });
+		return true;
 	}
 
 	#emitCredentialDisabled(event: CredentialDisabledEvent): void {
-		const handler = this.#onCredentialDisabled;
-		if (!handler) return;
-		const logHandlerError = (error: unknown): void => {
-			logger.warn("onCredentialDisabled handler threw", { provider: event.provider, error: String(error) });
+		if (this.#credentialDisabledListeners.size === 0) {
+			// No subscribers — buffer for later replay. Cap the backlog so a process that runs
+			// without subscribers for a long time can't grow memory unboundedly; drop oldest
+			// under pressure.
+			if (this.#pendingDisabledEvents.length >= MAX_PENDING_DISABLED_EVENTS) {
+				this.#pendingDisabledEvents.shift();
+			}
+			this.#pendingDisabledEvents.push(event);
+			return;
+		}
+		// Snapshot before iteration so a listener that subscribes/unsubscribes during fan-out
+		// can't observe a partially-mutated set or receive an event it just registered for.
+		const listeners = [...this.#credentialDisabledListeners];
+		for (const listener of listeners) {
+			this.#invokeListener(listener, event);
+		}
+	}
+
+	#invokeListener(
+		listener: (event: CredentialDisabledEvent) => void | Promise<void>,
+		event: CredentialDisabledEvent,
+	): void {
+		const logListenerError = (error: unknown): void => {
+			logger.warn("onCredentialDisabled listener threw", { provider: event.provider, error: String(error) });
 		};
 		try {
-			const result = handler(event);
+			const result = listener(event);
 			if (result && typeof (result as PromiseLike<void>).then === "function") {
-				(result as Promise<void>).catch(logHandlerError);
+				(result as Promise<void>).catch(logListenerError);
 			}
 		} catch (error) {
-			logHandlerError(error);
+			logListenerError(error);
 		}
 	}
 
@@ -1993,8 +2077,45 @@ export class AuthStorage {
 			});
 
 			if (isDefinitiveFailure) {
-				// Permanently disable invalid credentials with an explicit cause for inspection/debugging
-				this.#disableCredentialAt(provider, selection.index, `oauth refresh failed: ${errorMsg}`);
+				// The credential at this index may have been rotated by another process between
+				// our in-memory snapshot and the refresh attempt: Anthropic rotates refresh
+				// tokens on every use, so the peer's success leaves our stored token invalid.
+				// Re-read the row from disk before marking it disabled — if the persisted
+				// refresh token has changed, the peer rotation succeeded and we should pick
+				// up the new credential instead of soft-deleting the row that the peer just
+				// updated.
+				const credentialId = this.#getStoredCredentials(provider)[selection.index]?.id;
+				if (credentialId !== undefined) {
+					const latestRow = this.#store.listAuthCredentials(provider).find(row => row.id === credentialId);
+					const latestCredential = latestRow?.credential;
+					if (latestCredential?.type === "oauth" && latestCredential.refresh !== selection.credential.refresh) {
+						logger.debug("OAuth refresh race detected; another process rotated token first", {
+							provider,
+							index: selection.index,
+							credentialId,
+						});
+						await this.reload();
+						return this.getApiKey(provider, sessionId, options);
+					}
+				}
+				// Permanently disable invalid credentials with an explicit cause for inspection/debugging.
+				// Use a CAS-style disable conditioned on the row still containing the stale credential
+				// we tried to refresh, so a peer rotation that lands between the pre-check above and
+				// this disable doesn't soft-delete the freshly-rotated row.
+				const disabled = this.#tryDisableCredentialAtIfMatches(
+					provider,
+					selection.index,
+					selection.credential,
+					`oauth refresh failed: ${errorMsg}`,
+				);
+				if (!disabled) {
+					logger.debug("OAuth refresh disable lost CAS; reloading after peer rotation", {
+						provider,
+						index: selection.index,
+					});
+					await this.reload();
+					return this.getApiKey(provider, sessionId, options);
+				}
 				if (this.#getCredentialsForProvider(provider).some(credential => credential.type === "oauth")) {
 					return this.getApiKey(provider, sessionId, options);
 				}
@@ -2280,6 +2401,7 @@ export class AuthCredentialStore {
 	#insertStmt: Statement;
 	#updateStmt: Statement;
 	#deleteStmt: Statement;
+	#deleteIfMatchesStmt: Statement;
 	#deleteByProviderStmt: Statement;
 	#hardDeleteStmt: Statement;
 	#getCacheStmt: Statement;
@@ -2309,6 +2431,9 @@ export class AuthCredentialStore {
 		this.#deleteStmt = this.#db.prepare(
 			`UPDATE auth_credentials SET disabled_cause = ?, updated_at = ${SQLITE_NOW_EPOCH} WHERE id = ?`,
 		);
+		this.#deleteIfMatchesStmt = this.#db.prepare(
+			`UPDATE auth_credentials SET disabled_cause = ?, updated_at = ${SQLITE_NOW_EPOCH} WHERE id = ? AND data = ? AND disabled_cause IS NULL`,
+		);
 		this.#deleteByProviderStmt = this.#db.prepare(
 			`UPDATE auth_credentials SET disabled_cause = ?, updated_at = ${SQLITE_NOW_EPOCH} WHERE provider = ? AND disabled_cause IS NULL`,
 		);
@@ -2707,6 +2832,23 @@ export class AuthCredentialStore {
 		}
 	}
 
+	/**
+	 * CAS-style disable: only soft-deletes the row when its `data` column still
+	 * matches `expectedData` and the row has not already been disabled. Used by
+	 * the OAuth refresh-failure path to avoid clobbering a peer that rotated the
+	 * row between our pre-check and the disable.
+	 */
+	tryDisableAuthCredentialIfMatches(id: number, expectedData: string, disabledCause: string): boolean {
+		try {
+			const result = this.#deleteIfMatchesStmt.run(normalizeDisabledCause(disabledCause), id, expectedData) as {
+				changes: number;
+			};
+			return result.changes === 1;
+		} catch {
+			return false;
+		}
+	}
+
 	deleteAuthCredentialsForProvider(provider: string, disabledCause: string): void {
 		try {
 			this.#deleteByProviderStmt.run(normalizeDisabledCause(disabledCause), provider);
@@ -2816,6 +2958,7 @@ export class AuthCredentialStore {
 		this.#insertStmt.finalize();
 		this.#updateStmt.finalize();
 		this.#deleteStmt.finalize();
+		this.#deleteIfMatchesStmt.finalize();
 		this.#deleteByProviderStmt.finalize();
 		this.#hardDeleteStmt.finalize();
 		this.#getCacheStmt.finalize();

package/src/index.ts

@@ -37,6 +37,7 @@ export * from "./usage/zai";
 export * from "./utils/anthropic-auth";
 export * from "./utils/discovery";
 export * from "./utils/event-stream";
+export * from "./utils/h2-fetch";
 export * from "./utils/overflow";
 export * from "./utils/retry";
 export * from "./utils/schema";

package/src/provider-models/ollama.ts

@@ -1,3 +1,4 @@
+import { fetchWithRetry } from "@oh-my-pi/pi-utils";
 import type { ModelManagerOptions } from "../model-manager";
 import { Effort } from "../model-thinking";
 import type { ThinkingConfig } from "../types";
@@ -18,6 +19,8 @@ type OllamaShowResponse = {
 	model_info?: Record<string, unknown>;
 };
 
+const OLLAMA_RETRY_DELAYS_MS = [2_000, 5_000, 10_000];
+
 function trimTrailingSlash(value: string): string {
 	return value.endsWith("/") ? value.slice(0, -1) : value;
 }
@@ -94,9 +97,10 @@ export function ollamaCloudModelManagerOptions(
 			if (!apiKey) {
 				return [];
 			}
-			const response = await fetch(`${baseUrl}/api/tags`, {
+			const response = await fetchWithRetry(`${baseUrl}/api/tags`, {
 				method: "GET",
 				headers: createCloudHeaders(apiKey),
+				defaultDelayMs: OLLAMA_RETRY_DELAYS_MS,
 			});
 			if (!response.ok) {
 				throw new Error(`HTTP ${response.status} from ${baseUrl}/api/tags`);

package/src/providers/anthropic.ts

@@ -1,5 +1,6 @@
 import * as nodeCrypto from "node:crypto";
 import * as fs from "node:fs";
+import { scheduler } from "node:timers/promises";
 import * as tls from "node:tls";
 import Anthropic, { type ClientOptions as AnthropicSdkClientOptions } from "@anthropic-ai/sdk";
 import type {
@@ -8,7 +9,14 @@ import type {
 	MessageParam,
 	RawMessageStreamEvent,
 } from "@anthropic-ai/sdk/resources/messages";
-import { $env, abortableSleep, isEnoent, readSseEvents } from "@oh-my-pi/pi-utils";
+import {
+	$env,
+	extractHttpStatusFromError,
+	isEnoent,
+	isRetryableError,
+	isUnexpectedSocketCloseMessage,
+	readSseEvents,
+} from "@oh-my-pi/pi-utils";
 import { hasOpus47ApiRestrictions, mapEffortToAnthropicAdaptiveEffort } from "../model-thinking";
 import { calculateCost } from "../models";
 import { getEnvApiKey, OUTPUT_FALLBACK_BUFFER } from "../stream";
@@ -48,12 +56,7 @@ import { getStreamFirstEventTimeoutMs, getStreamIdleTimeoutMs, iterateWithIdleTi
 import { parseJsonWithRepair, parseStreamingJson } from "../utils/json-parse";
 import { parseGitHubCopilotApiKey } from "../utils/oauth/github-copilot";
 import { notifyProviderResponse } from "../utils/provider-response";
-import {
-	extractHttpStatusFromError,
-	isCopilotRetryableError,
-	isRetryableError,
-	isUnexpectedSocketCloseMessage,
-} from "../utils/retry";
+import { isCopilotTransientModelError } from "../utils/retry";
 import { COMBINATOR_KEYS, NO_STRICT } from "../utils/schema";
 import { notifyRawSseEvent, wrapFetchForSseDebug } from "../utils/sse-debug";
 import {
@@ -844,7 +847,7 @@ function isProviderRetryableStreamEnvelopeError(error: unknown): boolean {
 
 export function isProviderRetryableError(error: unknown, provider?: string): boolean {
 	if (!(error instanceof Error)) return false;
-	if (provider === "github-copilot" && isCopilotRetryableError(error)) return true;
+	if (provider === "github-copilot" && isCopilotTransientModelError(error)) return true;
 	const msg = error.message.toLowerCase();
 	if (
 		isUnexpectedSocketCloseMessage(msg) ||
@@ -1287,7 +1290,7 @@ export const streamAnthropic: StreamFunction<"anthropic-messages"> = (
 					}
 					providerRetryAttempt++;
 					const delayMs = PROVIDER_BASE_DELAY_MS * 2 ** (providerRetryAttempt - 1);
-					await abortableSleep(delayMs, options?.signal);
+					await scheduler.wait(delayMs, { signal: options?.signal });
 					output.content.length = 0;
 					output.responseId = undefined;
 					output.errorMessage = strictFallbackErrorMessage;

package/src/providers/azure-openai-responses.ts

@@ -6,17 +6,15 @@ import type {
 	ResponseInput,
 } from "openai/resources/responses/responses";
 import { getEnvApiKey } from "../stream";
-import {
-	type Api,
-	type AssistantMessage,
-	type Context,
-	type Model,
-	type ServiceTier,
-	type StreamFunction,
-	type StreamOptions,
-	shouldSendServiceTier,
-	type Tool,
-	type ToolChoice,
+import type {
+	AssistantMessage,
+	Context,
+	Model,
+	ServiceTier,
+	StreamFunction,
+	StreamOptions,
+	Tool,
+	ToolChoice,
 } from "../types";
 import { normalizeSystemPrompts } from "../utils";
 import { createAbortSourceTracker } from "../utils/abort";
@@ -33,8 +31,11 @@ import { mapToOpenAIResponsesToolChoice } from "../utils/tool-choice";
 import { normalizeOpenAIResponsesPromptCacheKey, supportsDeveloperRole } from "./openai-responses";
 import {
 	appendResponsesToolResultMessages,
+	applyCommonResponsesSamplingParams,
+	applyResponsesReasoningParams,
 	convertResponsesAssistantMessage,
 	convertResponsesInputContent,
+	createInitialResponsesAssistantMessage,
 	normalizeResponsesToolCallIdForTransform,
 	processResponsesStream,
 } from "./openai-responses-shared";
@@ -101,23 +102,11 @@ export const streamAzureOpenAIResponses: StreamFunction<"azure-openai-responses"
 		let firstTokenTime: number | undefined;
 		const deploymentName = resolveDeploymentName(model, options);
 
-		const output: AssistantMessage = {
-			role: "assistant",
-			content: [],
-			api: "azure-openai-responses" as Api,
-			provider: model.provider,
-			model: model.id,
-			usage: {
-				input: 0,
-				output: 0,
-				cacheRead: 0,
-				cacheWrite: 0,
-				totalTokens: 0,
-				cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
-			},
-			stopReason: "stop",
-			timestamp: Date.now(),
-		};
+		const output: AssistantMessage = createInitialResponsesAssistantMessage(
+			"azure-openai-responses",
+			model.provider,
+			model.id,
+		);
 		let rawRequestDump: RawHttpRequestDump | undefined;
 		const abortTracker = createAbortSourceTracker(options?.signal);
 		const firstEventTimeoutAbortError = new Error(AZURE_OPENAI_RESPONSES_FIRST_EVENT_TIMEOUT_MESSAGE);
@@ -279,31 +268,7 @@ function buildParams(
 		prompt_cache_key: normalizeOpenAIResponsesPromptCacheKey(options?.sessionId),
 	};
 
-	if (options?.maxTokens) {
-		params.max_output_tokens = options?.maxTokens;
-	}
-
-	if (options?.temperature !== undefined) {
-		params.temperature = options?.temperature;
-	}
-	if (options?.topP !== undefined) {
-		params.top_p = options.topP;
-	}
-	if (options?.topK !== undefined) {
-		params.top_k = options.topK;
-	}
-	if (options?.minP !== undefined) {
-		params.min_p = options.minP;
-	}
-	if (options?.presencePenalty !== undefined) {
-		params.presence_penalty = options.presencePenalty;
-	}
-	if (options?.repetitionPenalty !== undefined) {
-		params.repetition_penalty = options.repetitionPenalty;
-	}
-	if (shouldSendServiceTier(options?.serviceTier, model.provider)) {
-		params.service_tier = options.serviceTier;
-	}
+	applyCommonResponsesSamplingParams(params, options, model.provider);
 
 	if (context.tools) {
 		params.tools = convertTools(context.tools);
@@ -312,36 +277,7 @@ function buildParams(
 		}
 	}
 
-	if (model.reasoning) {
-		// Always request encrypted reasoning content so reasoning items can be
-		// replayed in multi-turn conversations when store is false (items aren't
-		// persisted server-side, so we must include the full content).
-		// See: https://github.com/can1357/oh-my-pi/issues/41
-		params.include = ["reasoning.encrypted_content"];
-
-		if (options?.reasoning || options?.reasoningSummary !== undefined) {
-			const reasoningParams: NonNullable<typeof params.reasoning> = {
-				effort: options?.reasoning || "medium",
-			};
-			if (options?.reasoningSummary !== null) {
-				reasoningParams.summary = options?.reasoningSummary || "auto";
-			}
-			params.reasoning = reasoningParams;
-		} else {
-			if (model.name.toLowerCase().startsWith("gpt-5")) {
-				// Jesus Christ, see https://community.openai.com/t/need-reasoning-false-option-for-gpt-5/1351588/7
-				messages.push({
-					role: "developer",
-					content: [
-						{
-							type: "input_text",
-							text: "# Juice: 0 !important",
-						},
-					],
-				});
-			}
-		}
-	}
+	applyResponsesReasoningParams(params, model, options, messages);
 
 	return params;
 }