@oh-my-pi/pi-ai 15.1.9 → 15.2.1

package/CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## [Unreleased]
 
+## [15.2.0] - 2026-05-21
+
+### Fixed
+
+- Fixed `/login` (and `/logout`, plus any `AuthStorage.set` / `remove` call) against a remote auth-broker throwing `RemoteAuthCredentialStore is read-only on the client. Use 'omp auth-broker login <provider>' to mutate credentials.` Added three optional async write hooks to `AuthCredentialStore` (`upsertAuthCredentialRemote`, `replaceAuthCredentialsRemote`, `deleteAuthCredentialsRemote`); `RemoteAuthCredentialStore` implements them via the broker's `POST /v1/credential` and `POST /v1/credential/:id/disable` endpoints and applies the broker's authoritative post-write entries to the local snapshot. `AuthStorage` routes through the hooks when present, so OAuth and API-key logins (and logouts) initiated from a broker-backed client now persist server-side and surface immediately without waiting for the long-poll snapshot tick.
+
 ## [15.1.9] - 2026-05-21
 
 ### Fixed

package/dist/types/auth-broker/remote-store.d.ts

@@ -40,6 +40,26 @@ export declare class RemoteAuthCredentialStore implements AuthCredentialStore {
     replaceAuthCredentialsForProvider(_provider: string, _credentials: AuthCredential[]): StoredAuthCredential[];
     upsertAuthCredentialForProvider(_provider: string, _credential: AuthCredential): StoredAuthCredential[];
     deleteAuthCredentialsForProvider(_provider: string, _disabledCause: string): void;
+    /**
+     * Upsert a single credential through the broker. The broker server is the
+     * canonical writer — see `POST /v1/credential`. The redacted snapshot
+     * entries returned by the server replace the provider's rows in our local
+     * snapshot, and the global snapshot is then refreshed in the background so
+     * any concurrent peer (refresh, generation bump) stays in sync.
+     */
+    upsertAuthCredentialRemote(provider: string, credential: AuthCredential): Promise<StoredAuthCredential[]>;
+    /**
+     * Replace-all semantics: disable every active credential for the provider,
+     * then upload each of the new credentials. Used by API-key login so a new
+     * key clobbers any previously stored key for the same provider.
+     */
+    replaceAuthCredentialsRemote(provider: string, credentials: AuthCredential[]): Promise<StoredAuthCredential[]>;
+    /**
+     * Logout: disable every active credential for the provider on the broker,
+     * then drop them from the local snapshot. Refresh fetches the authoritative
+     * post-state in the background.
+     */
+    deleteAuthCredentialsRemote(provider: string, disabledCause: string): Promise<void>;
     getCache(key: string): string | null;
     setCache(key: string, value: string, expiresAtSec: number): void;
     cleanExpiredCache(): void;

package/dist/types/auth-storage.d.ts

@@ -152,6 +152,29 @@ export interface AuthCredentialStore {
     markCredentialSuspect?(credentialId: number, opts?: {
         signal?: AbortSignal;
     }): Promise<void>;
+    /**
+     * Optional async write hook for upserting a single credential. When present,
+     * `AuthStorage.#upsertOAuthCredential` routes through this instead of the
+     * sync `upsertAuthCredentialForProvider`. `RemoteAuthCredentialStore` uses
+     * it to send the upsert to the broker via `POST /v1/credential`.
+     *
+     * Implementations MUST update the in-memory snapshot before returning so the
+     * post-write read path is consistent.
+     */
+    upsertAuthCredentialRemote?(provider: string, credential: AuthCredential): Promise<StoredAuthCredential[]>;
+    /**
+     * Optional async write hook for replace-all semantics (e.g. API-key login
+     * overwriting any previous keys for the same provider). When present,
+     * `AuthStorage.set` routes through this instead of the sync
+     * `replaceAuthCredentialsForProvider`.
+     */
+    replaceAuthCredentialsRemote?(provider: string, credentials: AuthCredential[]): Promise<StoredAuthCredential[]>;
+    /**
+     * Optional async write hook for clearing every credential for a provider
+     * (logout). When present, `AuthStorage.remove` routes through this instead
+     * of the sync `deleteAuthCredentialsForProvider`.
+     */
+    deleteAuthCredentialsRemote?(provider: string, disabledCause: string): Promise<void>;
 }
 /**
  * Event payload describing a credential that was just soft-disabled.

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-ai",
-	"version": "15.1.9",
+	"version": "15.2.1",
 	"description": "Unified LLM API with automatic model discovery and provider configuration",
 	"homepage": "https://omp.sh",
 	"author": "Can Boluk",
@@ -43,7 +43,7 @@
 	"dependencies": {
 		"@anthropic-ai/sdk": "^0.94.0",
 		"@bufbuild/protobuf": "^2.12.0",
-		"@oh-my-pi/pi-utils": "15.1.9",
+		"@oh-my-pi/pi-utils": "15.2.1",
 		"openai": "^6.36.0",
 		"partial-json": "^0.1.7",
 		"zod": "4.4.3"

package/src/auth-broker/remote-store.ts

@@ -11,6 +11,7 @@ import { scheduler } from "node:timers/promises";
 import { logger } from "@oh-my-pi/pi-utils";
 import {
 	type AuthCredential,
+	type AuthCredentialSnapshotEntry,
 	type AuthCredentialStore,
 	type OAuthCredential,
 	REMOTE_REFRESH_SENTINEL,
@@ -212,6 +213,94 @@ export class RemoteAuthCredentialStore implements AuthCredentialStore {
 		);
 	}
 
+	/**
+	 * Upsert a single credential through the broker. The broker server is the
+	 * canonical writer — see `POST /v1/credential`. The redacted snapshot
+	 * entries returned by the server replace the provider's rows in our local
+	 * snapshot, and the global snapshot is then refreshed in the background so
+	 * any concurrent peer (refresh, generation bump) stays in sync.
+	 */
+	async upsertAuthCredentialRemote(provider: string, credential: AuthCredential): Promise<StoredAuthCredential[]> {
+		const { entries } = await this.#client.uploadCredential(provider, credential);
+		this.#applyProviderEntries(provider, entries);
+		void this.refreshSnapshot().catch(error => {
+			logger.debug("auth-broker snapshot refresh after upload failed", { error: String(error) });
+		});
+		return this.listAuthCredentials(provider);
+	}
+
+	/**
+	 * Replace-all semantics: disable every active credential for the provider,
+	 * then upload each of the new credentials. Used by API-key login so a new
+	 * key clobbers any previously stored key for the same provider.
+	 */
+	async replaceAuthCredentialsRemote(
+		provider: string,
+		credentials: AuthCredential[],
+	): Promise<StoredAuthCredential[]> {
+		const existing = this.listAuthCredentials(provider);
+		for (const entry of existing) {
+			try {
+				await this.#client.disableCredential(entry.id, "replaced by newer credential");
+			} catch (error) {
+				logger.warn("auth-broker disable during replace failed", {
+					provider,
+					id: entry.id,
+					error: String(error),
+				});
+			}
+		}
+		// Snapshot reflects the disables before we add the new rows so a concurrent
+		// reader cannot momentarily see old + new together for the same provider.
+		this.#removeProviderEntries(provider);
+		for (const credential of credentials) {
+			const { entries } = await this.#client.uploadCredential(provider, credential);
+			this.#applyProviderEntries(provider, entries);
+		}
+		void this.refreshSnapshot().catch(error => {
+			logger.debug("auth-broker snapshot refresh after replace failed", { error: String(error) });
+		});
+		return this.listAuthCredentials(provider);
+	}
+
+	/**
+	 * Logout: disable every active credential for the provider on the broker,
+	 * then drop them from the local snapshot. Refresh fetches the authoritative
+	 * post-state in the background.
+	 */
+	async deleteAuthCredentialsRemote(provider: string, disabledCause: string): Promise<void> {
+		const existing = this.listAuthCredentials(provider);
+		for (const entry of existing) {
+			try {
+				await this.#client.disableCredential(entry.id, disabledCause);
+			} catch (error) {
+				logger.warn("auth-broker disable during delete failed", {
+					provider,
+					id: entry.id,
+					error: String(error),
+				});
+			}
+		}
+		this.#removeProviderEntries(provider);
+		void this.refreshSnapshot().catch(error => {
+			logger.debug("auth-broker snapshot refresh after delete failed", { error: String(error) });
+		});
+	}
+
+	#applyProviderEntries(provider: string, entries: AuthCredentialSnapshotEntry[]): void {
+		// `entries` is the broker's authoritative post-upsert list of rows for
+		// `provider`. Drop our existing rows for the same provider and splice in
+		// the fresh set — preserving every other provider's rows in place.
+		const others = this.#snapshot.credentials.filter(entry => entry.provider !== provider);
+		const incoming = entries.map(entry => ({ ...entry, rotatesInMs: null }));
+		this.#snapshot = { ...this.#snapshot, credentials: [...others, ...incoming] };
+	}
+
+	#removeProviderEntries(provider: string): void {
+		const next = this.#snapshot.credentials.filter(entry => entry.provider !== provider);
+		this.#snapshot = { ...this.#snapshot, credentials: next };
+	}
+
 	getCache(key: string): string | null {
 		const entry = this.#cache.get(key);
 		if (!entry) return null;

package/src/auth-storage.ts

@@ -198,6 +198,29 @@ export interface AuthCredentialStore {
 	 * {@link AuthStorage.invalidateCredentialMatching} fall back to `reload()`.
 	 */
 	markCredentialSuspect?(credentialId: number, opts?: { signal?: AbortSignal }): Promise<void>;
+	/**
+	 * Optional async write hook for upserting a single credential. When present,
+	 * `AuthStorage.#upsertOAuthCredential` routes through this instead of the
+	 * sync `upsertAuthCredentialForProvider`. `RemoteAuthCredentialStore` uses
+	 * it to send the upsert to the broker via `POST /v1/credential`.
+	 *
+	 * Implementations MUST update the in-memory snapshot before returning so the
+	 * post-write read path is consistent.
+	 */
+	upsertAuthCredentialRemote?(provider: string, credential: AuthCredential): Promise<StoredAuthCredential[]>;
+	/**
+	 * Optional async write hook for replace-all semantics (e.g. API-key login
+	 * overwriting any previous keys for the same provider). When present,
+	 * `AuthStorage.set` routes through this instead of the sync
+	 * `replaceAuthCredentialsForProvider`.
+	 */
+	replaceAuthCredentialsRemote?(provider: string, credentials: AuthCredential[]): Promise<StoredAuthCredential[]>;
+	/**
+	 * Optional async write hook for clearing every credential for a provider
+	 * (logout). When present, `AuthStorage.remove` routes through this instead
+	 * of the sync `deleteAuthCredentialsForProvider`.
+	 */
+	deleteAuthCredentialsRemote?(provider: string, disabledCause: string): Promise<void>;
 }
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -1076,7 +1099,9 @@ export class AuthStorage {
 	async set(provider: string, credential: AuthCredentialEntry): Promise<void> {
 		const normalized = Array.isArray(credential) ? credential : [credential];
 		const deduped = this.#dedupeOAuthCredentials(provider, normalized);
-		const stored = this.#store.replaceAuthCredentialsForProvider(provider, deduped);
+		const stored = this.#store.replaceAuthCredentialsRemote
+			? await this.#store.replaceAuthCredentialsRemote(provider, deduped)
+			: this.#store.replaceAuthCredentialsForProvider(provider, deduped);
 		this.#setStoredCredentials(
 			provider,
 			stored.map(record => ({ id: record.id, credential: record.credential })),
@@ -1085,7 +1110,9 @@ export class AuthStorage {
 	}
 
 	async #upsertOAuthCredential(provider: string, credential: OAuthCredential): Promise<void> {
-		const stored = this.#store.upsertAuthCredentialForProvider(provider, credential);
+		const stored = this.#store.upsertAuthCredentialRemote
+			? await this.#store.upsertAuthCredentialRemote(provider, credential)
+			: this.#store.upsertAuthCredentialForProvider(provider, credential);
 		this.#setStoredCredentials(
 			provider,
 			stored.map(record => ({ id: record.id, credential: record.credential })),
@@ -1097,7 +1124,11 @@ export class AuthStorage {
 	 * Remove credential for a provider.
 	 */
 	async remove(provider: string): Promise<void> {
-		this.#store.deleteAuthCredentialsForProvider(provider, "deleted by user");
+		if (this.#store.deleteAuthCredentialsRemote) {
+			await this.#store.deleteAuthCredentialsRemote(provider, "deleted by user");
+		} else {
+			this.#store.deleteAuthCredentialsForProvider(provider, "deleted by user");
+		}
 		this.#setStoredCredentials(provider, []);
 		this.#resetProviderAssignments(provider);
 	}

package/src/utils/http-inspector.ts

@@ -129,7 +129,11 @@ function formatCapturedHttpError(captured: CapturedHttpErrorResponse | undefined
 	if (!payload) return bodyText;
 
 	const errorPayload = getObjectProperty(payload, "error") ?? payload;
-	const message = getStringProperty(errorPayload, "message") ?? getStringProperty(payload, "message") ?? bodyText;
+	// {"error": "string"} — the error value is a plain string, not a nested object.
+	// Fall back to it when the structured fields ("message", etc.) are absent.
+	const stringError = errorPayload === payload ? getStringProperty(payload, "error") : undefined;
+	const message =
+		getStringProperty(errorPayload, "message") ?? getStringProperty(payload, "message") ?? stringError ?? bodyText;
 	const extras = [
 		getStringProperty(errorPayload, "type") ?? getStringProperty(payload, "type"),
 		getStringProperty(errorPayload, "param") ?? getStringProperty(payload, "param"),

package/src/utils/overflow.ts

@@ -108,9 +108,12 @@ export function isContextOverflow(message: AssistantMessage, contextWindow?: num
 			return true;
 		}
 
-		// Cerebras and Mistral return 400/413 with no body for context overflow
+		// Cerebras and Mistral return 400/413 with no body for context overflow.
+		// Proxy providers (e.g. api.synthetic.new) wrap upstream 400/413 no-body
+		// responses in a JSON envelope, so the status code phrase may appear
+		// anywhere in the message rather than at its start.
 		// Note: 429 is rate limiting (requests/tokens per time), NOT context overflow
-		if (/^4(00|13)\s*(status code)?\s*\(no body\)/i.test(message.errorMessage)) {
+		if (/\b4(00|13)\s*(status code)?\s*\(no body\)/i.test(message.errorMessage)) {
 			return true;
 		}
 	}