@oh-my-pi/pi-ai 15.5.7 → 15.5.9

package/CHANGELOG.md

@@ -2,6 +2,36 @@
 
 ## [Unreleased]
 
+## [15.5.8] - 2026-05-28
+
+### Added
+
+- Added `CheckCredentialsOptions.completionProbe` (and `completionTimeoutMs`) so `AuthStorage.checkCredentials` can additionally exercise each credential against the provider's chat-completion endpoint after refresh-on-expiry. Result lands on `CredentialHealthResult.completion` ({ok, reason?, modelId?, latencyMs?}) without disturbing the usage `ok` field. Public types: `CompletionProbe`, `CompletionProbeInput`, `CompletionProbeCredential`, `CredentialCompletionResult`. The probe is invoked even when no `UsageProvider` is registered for the row, and is skipped when OAuth refresh fails (the stale bytes would only mask the upstream failure).
+- Added Wafer Pass and Wafer Serverless providers (`wafer-pass`, `wafer-serverless`). OpenAI-compatible (`https://pass.wafer.ai/v1`), bearer auth, `wfr_…` keys. `/login wafer-pass` and `/login wafer-serverless` paste-and-validate the key against `/v1/models`. `WAFER_PASS_API_KEY` and `WAFER_SERVERLESS_API_KEY` environment variables wired into `getEnvApiKey`. Bundled catalog seeds `wafer-pass/{GLM-5.1, Qwen3.5-397B-A17B}` and `wafer-serverless/{GLM-5.1, Kimi-K2.6, Qwen3.5-397B-A17B, Qwen3.6-35B-A3B, qwen3.7-max, deepseek-v4-flash, deepseek-v4-pro}`; dynamic discovery via `/v1/models` overlays additional models at runtime. Pass-tier discovery filters `wafer.tier === "pass_included"`. Pass-SKU costs are seeded at `0` (flat-rate subscription, no per-token charge — matches `kimi-code`/`firepass`/`alibaba-coding-plan`). Serverless costs are the wafer.ai retail rate, derived from the `*_cents_per_million` envelope via `value × 125 / 10000` (e.g. GLM-5.1 `120` → $1.50/M, Kimi-K2.6 `88` → $1.10/M). Reasoning entries get a thinking compat picked from the `wafer.provider` envelope: `zai`/`moonshotai` → zai-style `thinking: { type }`, `qwen` → top-level `enable_thinking`, `deepseek` and unknown upstreams stay unset so `detectOpenAICompat` can pick `reasoning_effort` from the id pattern at request time.
+
+### Changed
+
+- Changed auth-gateway credential resolution to use per-conversation `promptCacheKey`/`sessionId` when calling `AuthStorage.getApiKey`, so repeated turns can keep the same credential until it becomes unavailable
+- Changed auth-gateway and pi-native request handling to align `sessionId` with prompt/context identity before credential lookup
+- Changed Anthropic prompt preparation to downscale image blocks over 2000px when a request includes 20+ images, reducing oversized payloads automatically
+- Changed OpenAI chat request parsing to accept `name` on `tool` messages and fall back to the matching assistant `tool_calls` name, so parsed tool results now carry a proper tool name when the wire omits it
+- Changed `checkCredentials` to skip running `completionProbe` when OAuth refresh fails, so stale bearer tokens are never probed and the refresh failure remains the returned `reason`
+- Changed completion reporting to return `completion: { ok: null, reason: ... }` when a credential has no usable bearer bytes instead of attempting the probe
+- Refactored `AuthStorage.checkCredentials` so OAuth refresh-on-expiry runs up-front and the refreshed credential is shared between the usage probe and the new completion probe; rows without a registered `UsageProvider` no longer short-circuit before the completion probe runs.
+
+### Fixed
+
+- Fixed DeepSeek DSML tool-call envelope leaks on Ollama Cloud and OpenAI-compatible streams by healing leaked envelopes into structured tool calls without displaying raw DSML markers. ([#1462](https://github.com/can1357/oh-my-pi/issues/1462))
+- Fixed auth-gateway to classify usage-limit messages such as `usage_limit_reached`, `resource_exhausted`, and Codex-style `Try again in ~X min` text as 429 `rate_limit_error` responses
+- Fixed auth-gateway usage-limit handling to honor parsed retry hints and switch to a sibling credential via `markUsageLimitReached` instead of invalidating the rate-limited credential
+- Fixed `streamSimple` to retry on usage-limit errors (including message-only error events) before any content is emitted, so `onAuthError` can rotate credentials automatically
+- Fixed auth-gateway error classification to extract embedded status codes and use word-boundary matching, so `GenerateContentRequest` and similar messages are no longer misreported as rate-limit errors
+- Fixed `checkCredentials` to handle `completionProbe` exceptions by recording the failure in `CredentialHealthResult.completion.reason` while still returning the usage probe result
+
+### Fixed
+
+- Fixed Google Vertex's bundled model list to use the authoritative models.dev catalog, including MaaS entries such as `deepseek-ai/deepseek-v3.2-maas` and removing retired Gemini 1.5 fallbacks. ([#1456](https://github.com/can1357/oh-my-pi/issues/1456))
+
 ## [15.5.7] - 2026-05-27
 ### Added
 - `SimpleStreamOptions.openrouterVariant` (`"nitro"`, `"floor"`, `"online"`, `"exacto"`, …) — when set, appends `:<variant>` to OpenRouter model IDs at request time, leaving ids that already carry an explicit `:suffix` untouched. Plumbed through `openai-completions` and the pi-native gateway forwarder.

package/README.md

@@ -62,6 +62,8 @@ Unified LLM API with automatic model discovery, provider configuration, token an
 - **Hugging Face Inference**
 - **xAI**
 - **Venice** (requires `VENICE_API_KEY`)
+- **Wafer Pass** (requires `WAFER_PASS_API_KEY`; flat-rate subscription, includes GLM-5.1 and Qwen3.5-397B-A17B)
+- **Wafer Serverless** (requires `WAFER_SERVERLESS_API_KEY`; pay-as-you-go)
 - **OpenRouter**
 - **Kilo Gateway** (supports OAuth `/login kilo` or `KILO_API_KEY`)
 - **LiteLLM** (requires `LITELLM_API_KEY`)

package/dist/types/auth-gateway/server.d.ts

@@ -14,4 +14,23 @@ export interface AuthGatewayBootOptions extends AuthGatewayServerOptions {
     /** Optional supplier for `/v1/models` listing. Returns the full model array. */
     listModels?: () => Iterable<Model<Api>>;
 }
+/**
+ * Classify an upstream / gateway-internal error into a status code and a
+ * format-neutral type. The order is intentional:
+ *
+ *  1. Honour an explicit numeric `status` property on the thrown error.
+ *  2. Parse a status code embedded in the message string. Provider errors
+ *     virtually always carry one (`Google API error (400): …`, `HTTP 429`,
+ *     `status=503`) and the embedded value is authoritative.
+ *  3. Fall through to **word-boundaried** substring heuristics. The old
+ *     `lower.includes("rate")` test famously matched
+ *     `GenerateContentRequest`, surfacing every Google 400 as a 429
+ *     `rate_limit_error`. The patterns here all require boundaries so they
+ *     don't collide with provider field names.
+ */
+export declare function classifyGatewayError(err: unknown): {
+    status: number;
+    type: string;
+    message: string;
+};
 export declare function startAuthGateway(opts: AuthGatewayBootOptions): AuthGatewayServerHandle;

package/dist/types/auth-storage.d.ts

@@ -75,13 +75,88 @@ export interface CredentialHealthResult {
     reason?: string;
     /** Probe usage report (raw payload stripped) when `ok === true`. */
     report?: Omit<UsageReport, "raw">;
+    /**
+     * Result of the optional end-to-end completion probe (see
+     * {@link CheckCredentialsOptions.completionProbe}). Absent when no probe was
+     * supplied. The completion probe exercises the provider's chat-completion
+     * endpoint with the credential's bearer bytes, which is a stricter signal
+     * than the usage endpoint (some providers happily 200 a `/usage` call while
+     * the chat endpoint 401s the same bearer).
+     */
+    completion?: CredentialCompletionResult;
+}
+/**
+ * Outcome of the end-to-end completion probe. `null` means the probe was
+ * skipped (no bearer bytes were available — e.g. OAuth refresh failed
+ * upstream of the probe).
+ */
+export interface CredentialCompletionResult {
+    ok: boolean | null;
+    /** Failure / unverifiable reason; absent when `ok === true`. */
+    reason?: string;
+    /** Probe model id used (carried back from the caller for display). */
+    modelId?: string;
+    /** Round-trip latency in milliseconds. */
+    latencyMs?: number;
+}
+/**
+ * Credential payload handed to {@link CompletionProbe}. For API-key
+ * credentials only the bytes are exposed; for OAuth, every identity field
+ * carried by the refreshed credential is included so the probe can compose
+ * provider-specific apiKey shapes (e.g. GitHub Copilot / Google Gemini CLI
+ * expect a JSON blob with `token` + `projectId`, not the raw access token).
+ *
+ * `refreshToken` may be {@link REMOTE_REFRESH_SENTINEL} when the credential
+ * lives behind a broker; the chat endpoint never reads it, so the probe can
+ * forward it verbatim into the structured shape without harm.
+ */
+export type CompletionProbeCredential = {
+    type: "api_key";
+    apiKey: string;
+} | {
+    type: "oauth";
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt?: number;
+    accountId?: string;
+    projectId?: string;
+    email?: string;
+    enterpriseUrl?: string;
+};
+/**
+ * Caller-supplied bearer probe. Receives the post-refresh credential for a
+ * single row and reports whether a real chat-completion round-trip succeeds.
+ * The check-credentials pipeline calls this AFTER any OAuth refresh so the
+ * bytes match what a live request would send.
+ */
+export interface CompletionProbeInput {
+    provider: Provider;
+    credentialId: number;
+    credential: CompletionProbeCredential;
+    signal: AbortSignal;
 }
+export type CompletionProbe = (input: CompletionProbeInput) => Promise<CredentialCompletionResult>;
 export interface CheckCredentialsOptions {
     signal?: AbortSignal;
     /** Per-credential probe timeout (ms). Defaults to the configured usage request timeout. */
     timeoutMs?: number;
     /** Provider → base URL override, same shape as {@link AuthStorage.fetchUsageReports}. */
     baseUrlResolver?: (provider: Provider) => string | undefined;
+    /**
+     * Optional end-to-end probe. When provided, `checkCredentials` invokes it
+     * for every credential where a usable bearer is available (API key, or
+     * OAuth access token after refresh-on-expiry succeeded). The result lands
+     * on {@link CredentialHealthResult.completion}.
+     *
+     * The probe runs INDEPENDENTLY of whether a {@link UsageProvider} is
+     * configured: providers without a usage endpoint still benefit from the
+     * extra signal. The probe is NOT invoked when OAuth refresh fails — the
+     * bytes would be stale anyway and the upstream failure is already captured
+     * on `reason`.
+     */
+    completionProbe?: CompletionProbe;
+    /** Per-credential completion probe timeout (ms). Defaults to `timeoutMs`. */
+    completionTimeoutMs?: number;
 }
 /**
  * Sentinel value placed in OAuth `refresh` fields when a credential is shared
@@ -491,6 +566,12 @@ export declare class AuthStorage {
      * soft-disabled rows are already known-bad and don't need a network probe.
      * Environment-variable API keys are not enumerated — the caller's intent
      * here is "which of my stored credentials is broken".
+     *
+     * Pass {@link CheckCredentialsOptions.completionProbe} to additionally
+     * exercise each credential against the provider's chat-completion endpoint
+     * (strict mode). The result lands on
+     * {@link CredentialHealthResult.completion}; the usage `ok` field is
+     * unchanged so callers can tell the two signals apart.
      */
     checkCredentials(options?: CheckCredentialsOptions): Promise<CredentialHealthResult[]>;
     /**

package/dist/types/provider-models/google.d.ts

@@ -19,6 +19,6 @@ export interface GoogleGeminiCliModelManagerConfig {
     endpoint?: string;
 }
 export declare function googleModelManagerOptions(config?: GoogleModelManagerConfig): ModelManagerOptions<"google-generative-ai">;
-export declare function googleVertexModelManagerOptions(config?: GoogleVertexModelManagerConfig): ModelManagerOptions;
+export declare function googleVertexModelManagerOptions(_config?: GoogleVertexModelManagerConfig): ModelManagerOptions;
 export declare function googleAntigravityModelManagerOptions(config?: GoogleAntigravityModelManagerConfig): ModelManagerOptions<"google-gemini-cli">;
 export declare function googleGeminiCliModelManagerOptions(config?: GoogleGeminiCliModelManagerConfig): ModelManagerOptions<"google-gemini-cli">;

package/dist/types/provider-models/openai-compat.d.ts

@@ -127,6 +127,12 @@ export interface FirepassModelManagerConfig {
  * See https://docs.fireworks.ai/firepass.
  */
 export declare function firepassModelManagerOptions(_config?: FirepassModelManagerConfig): ModelManagerOptions<"openai-completions">;
+export interface WaferModelManagerConfig {
+    apiKey?: string;
+    baseUrl?: string;
+}
+export declare function waferPassModelManagerOptions(config?: WaferModelManagerConfig): ModelManagerOptions<"openai-completions">;
+export declare function waferServerlessModelManagerOptions(config?: WaferModelManagerConfig): ModelManagerOptions<"openai-completions">;
 export interface MistralModelManagerConfig {
     apiKey?: string;
     baseUrl?: string;

package/dist/types/providers/openai-chat-server-schema.d.ts

@@ -322,6 +322,7 @@ export declare const toolMessageSchema: z.ZodObject<{
         type: z.ZodString;
     }, z.core.$loose>]>>]>>;
     tool_call_id: z.ZodOptional<z.ZodString>;
+    name: z.ZodPipe<z.ZodOptional<z.ZodString>, z.ZodTransform<string | undefined, string | undefined>>;
 }, z.core.$strip>;
 /**
  * Legacy `function` role (pre-tools API). Translated to a `tool` role
@@ -526,6 +527,7 @@ export declare const messageSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
         type: z.ZodString;
     }, z.core.$loose>]>>]>>;
     tool_call_id: z.ZodOptional<z.ZodString>;
+    name: z.ZodPipe<z.ZodOptional<z.ZodString>, z.ZodTransform<string | undefined, string | undefined>>;
 }, z.core.$strip>, z.ZodObject<{
     role: z.ZodLiteral<"function">;
     name: z.ZodString;
@@ -736,6 +738,7 @@ export declare const openaiChatRequestSchema: z.ZodObject<{
             type: z.ZodString;
         }, z.core.$loose>]>>]>>;
         tool_call_id: z.ZodOptional<z.ZodString>;
+        name: z.ZodPipe<z.ZodOptional<z.ZodString>, z.ZodTransform<string | undefined, string | undefined>>;
     }, z.core.$strip>, z.ZodObject<{
         role: z.ZodLiteral<"function">;
         name: z.ZodString;

package/dist/types/types.d.ts

@@ -48,7 +48,7 @@ export interface ThinkingConfig {
     /** Provider-specific transport used to encode the selected effort. */
     mode: ThinkingControlMode;
 }
-export type KnownProvider = "alibaba-coding-plan" | "amazon-bedrock" | "anthropic" | "google" | "google-gemini-cli" | "google-antigravity" | "google-vertex" | "openai" | "openai-codex" | "kimi-code" | "minimax-code" | "minimax-code-cn" | "github-copilot" | "fireworks" | "firepass" | "gitlab-duo" | "cursor" | "deepseek" | "xai" | "xai-oauth" | "groq" | "cerebras" | "openrouter" | "kilo" | "vercel-ai-gateway" | "zai" | "zhipu-coding-plan" | "mistral" | "minimax" | "opencode-go" | "opencode-zen" | "synthetic" | "cloudflare-ai-gateway" | "huggingface" | "litellm" | "moonshot" | "nvidia" | "nanogpt" | "ollama" | "ollama-cloud" | "qianfan" | "qwen-portal" | "together" | "venice" | "vllm" | "xiaomi" | "zenmux" | "lm-studio";
+export type KnownProvider = "alibaba-coding-plan" | "amazon-bedrock" | "anthropic" | "google" | "google-gemini-cli" | "google-antigravity" | "google-vertex" | "openai" | "openai-codex" | "kimi-code" | "minimax-code" | "minimax-code-cn" | "github-copilot" | "fireworks" | "firepass" | "gitlab-duo" | "cursor" | "deepseek" | "xai" | "xai-oauth" | "groq" | "cerebras" | "openrouter" | "kilo" | "vercel-ai-gateway" | "zai" | "zhipu-coding-plan" | "mistral" | "minimax" | "opencode-go" | "opencode-zen" | "synthetic" | "cloudflare-ai-gateway" | "huggingface" | "litellm" | "moonshot" | "nvidia" | "nanogpt" | "ollama" | "ollama-cloud" | "qianfan" | "qwen-portal" | "together" | "venice" | "vllm" | "xiaomi" | "wafer-pass" | "wafer-serverless" | "zenmux" | "lm-studio";
 export type Provider = KnownProvider | string;
 import type { Effort } from "./model-thinking";
 /** Token budgets for each thinking level (token-based providers only) */

package/dist/types/utils/discovery/index.d.ts

@@ -2,4 +2,3 @@ export * from "./antigravity";
 export * from "./codex";
 export * from "./gemini";
 export * from "./openai-compatible";
-export * from "./vertex";

package/dist/types/utils/oauth/types.d.ts

@@ -7,7 +7,7 @@ export type OAuthCredentials = {
     email?: string;
     accountId?: string;
 };
-export type OAuthProvider = "alibaba-coding-plan" | "anthropic" | "cerebras" | "cloudflare-ai-gateway" | "cursor" | "deepseek" | "fireworks" | "firepass" | "github-copilot" | "google-gemini-cli" | "google-antigravity" | "gitlab-duo" | "huggingface" | "kimi-code" | "kilo" | "kagi" | "litellm" | "lm-studio" | "minimax-code" | "minimax-code-cn" | "moonshot" | "nvidia" | "nanogpt" | "ollama" | "ollama-cloud" | "openai-codex" | "openai-codex-device" | "opencode-go" | "openrouter" | "opencode-zen" | "parallel" | "perplexity" | "qianfan" | "qwen-portal" | "synthetic" | "tavily" | "together" | "venice" | "vercel-ai-gateway" | "vllm" | "xai-oauth" | "xiaomi" | "zenmux" | "zai" | "zhipu-coding-plan";
+export type OAuthProvider = "alibaba-coding-plan" | "anthropic" | "cerebras" | "cloudflare-ai-gateway" | "cursor" | "deepseek" | "fireworks" | "firepass" | "github-copilot" | "google-gemini-cli" | "google-antigravity" | "gitlab-duo" | "huggingface" | "kimi-code" | "kilo" | "kagi" | "litellm" | "lm-studio" | "minimax-code" | "minimax-code-cn" | "moonshot" | "nvidia" | "nanogpt" | "ollama" | "ollama-cloud" | "openai-codex" | "openai-codex-device" | "opencode-go" | "openrouter" | "opencode-zen" | "parallel" | "perplexity" | "qianfan" | "qwen-portal" | "synthetic" | "tavily" | "together" | "venice" | "vercel-ai-gateway" | "wafer-pass" | "wafer-serverless" | "vllm" | "xai-oauth" | "xiaomi" | "zenmux" | "zai" | "zhipu-coding-plan";
 export type OAuthProviderId = OAuthProvider | (string & {});
 export type OAuthPrompt = {
     message: string;

package/dist/types/utils/oauth/wafer.d.ts

@@ -0,0 +1,2 @@
+export declare const loginWaferPass: (options: import("./types").OAuthController) => Promise<string>;
+export declare const loginWaferServerless: (options: import("./types").OAuthController) => Promise<string>;

package/dist/types/utils/stream-markup-healing.d.ts

@@ -0,0 +1,83 @@
+/**
+ * Streaming-safe filters for leaked chat-template tool-call and thinking markup.
+ *
+ * Hosted models sometimes leak raw template markup into visible `content` instead
+ * of returning structured events. One `StreamMarkupHealing` instance owns one stream
+ * and one grammar selected by options:
+ *
+ * - `kimi`: Kimi K2 `<|tool_calls_section_begin|>` sections.
+ * - `dsml`: DeepSeek `<｜DSML｜tool_calls>` envelopes.
+ * - `antml`: Anthropic `<antml:function_calls>` envelopes (`function_calls`, `invoke`, `parameter`).
+ * - `thinking`: plain `<think>` / `<thinking>` blocks used by MiniMax-style streams.
+ *
+ * The parser strips marker bytes, reconstructs embedded calls, emits thinking
+ * deltas for thinking blocks, and holds partial tags across chunk boundaries.
+ */
+export interface HealedToolCall {
+    readonly id: string;
+    readonly name: string;
+    readonly arguments: string;
+}
+export type StreamMarkupHealingPattern = "kimi" | "dsml" | "antml" | "thinking";
+export interface StreamMarkupHealingOptions {
+    readonly pattern: StreamMarkupHealingPattern;
+}
+export type StreamMarkupHealingEvent = {
+    readonly type: "text";
+    readonly text: string;
+} | {
+    readonly type: "thinking";
+    readonly thinking: string;
+} | {
+    readonly type: "toolCall";
+    readonly call: HealedToolCall;
+};
+/**
+ * State machine that consumes streamed visible text and emits cleaned text,
+ * thinking deltas, and reconstructed tool calls.
+ *
+ * Feed only one stream channel (usually `delta.content` / `message.content`).
+ * Mixing reasoning and visible text into the same instance can corrupt the
+ * held-back partial tag buffer.
+ */
+export declare class StreamMarkupHealing {
+    #private;
+    constructor(options: StreamMarkupHealingOptions);
+    get pattern(): StreamMarkupHealingPattern;
+    /**
+     * Feed a chunk and return visible text only. Reconstructed tool calls are
+     * stored for {@link drainCompleted}; thinking blocks are intentionally not
+     * returned by this compatibility helper. Use {@link feedEvents} when the
+     * caller needs ordered text/thinking/tool-call events.
+     */
+    feed(text: string): string;
+    /** Feed a chunk and return cleaned text/thinking/tool-call events in stream order. */
+    feedEvents(text: string): StreamMarkupHealingEvent[];
+    /**
+     * Like {@link feed}, but discards completed calls. Used when the upstream
+     * chunk also carries structured `tool_calls`, keeping that structured payload
+     * as the single source of truth.
+     */
+    consumeWithoutCalls(text: string): string;
+    /** Drain accumulated tool calls from calls to {@link feed}. */
+    drainCompleted(): HealedToolCall[];
+    /**
+     * Flush held-back stream-end fragments as ordered events. Partial tool-call
+     * sections/envelopes are dropped; unterminated thinking blocks are emitted as
+     * thinking, matching the previous MiniMax parser behavior.
+     */
+    flushEvents(): StreamMarkupHealingEvent[];
+    /** Flush held-back text only. Reconstructed calls are retained for {@link drainCompleted}. */
+    flushPending(): string;
+    /** True once any configured tool-call section/envelope has fully closed. */
+    get sectionClosed(): boolean;
+}
+/** Cheap model/provider gate for Kimi-K2 chat-template token leaks. */
+export declare function modelMayLeakKimiToolCalls(provider: string, modelId: string): boolean;
+/** Cheap model/provider gate for DeepSeek DSML envelope leaks. */
+export declare function modelMayLeakDsmlToolCalls(provider: string, modelId: string): boolean;
+/** Cheap model/provider gate for Anthropic ANTML function-call envelope leaks. */
+export declare function modelMayLeakAntmlToolCalls(provider: string, modelId: string): boolean;
+export declare function getStreamMarkupHealingPattern(provider: string, modelId: string, options?: {
+    readonly parseThinkingTags?: boolean;
+}): StreamMarkupHealingPattern | undefined;

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-ai",
-	"version": "15.5.7",
+	"version": "15.5.9",
 	"description": "Unified LLM API with automatic model discovery and provider configuration",
 	"homepage": "https://omp.sh",
 	"author": "Can Boluk",
@@ -40,7 +40,7 @@
 	"dependencies": {
 		"@anthropic-ai/sdk": "^0.94.0",
 		"@bufbuild/protobuf": "^2.12.0",
-		"@oh-my-pi/pi-utils": "15.5.7",
+		"@oh-my-pi/pi-utils": "15.5.9",
 		"openai": "^6.36.0",
 		"partial-json": "^0.1.7",
 		"zod": "4.4.3"