@oh-my-pi/pi-ai 16.0.2 → 16.0.4

package/CHANGELOG.md

@@ -2,6 +2,28 @@
 
 ## [Unreleased]
 
+## [16.0.4] - 2026-06-17
+
+### Fixed
+
+- Fixed tool argument coercion to parse double-encoded JSON strings, including quoted values like `"300"`, when schema expects a number
+- Fixed object-array coercion to parse JSON object and array strings into proper array arguments instead of wrapping raw strings
+- Fixed handling of malformed JSON container strings for array schema fields so validation now surfaces a top-level `expected array, received string` error rather than nested element errors
+- Fixed ChatGPT/Codex browser login missing connector OAuth scopes and rendering object-shaped token endpoint errors as `[object Object]`. ([#2825](https://github.com/can1357/oh-my-pi/issues/2825))
+- Fixed Zhipu/BigModel GLM-5.2 chat-completions requests so internal `xhigh` effort serializes as provider-native `reasoning_effort: "max"` and tool calls opt into `tool_stream`. ([#2833](https://github.com/can1357/oh-my-pi/issues/2833))
+- Fixed Google Gemini CLI and Antigravity tool calls with `toolChoice: "auto"` serializing an explicit `toolConfig` AUTO mode, which can cause Gemini-3 models to leak raw planning JSON instead of executing tools. ([#2830](https://github.com/can1357/oh-my-pi/issues/2830))
+
+## [16.0.3] - 2026-06-16
+
+### Added
+
+- Exported `renderDelimitedThinking` from the `@oh-my-pi/pi-ai/dialect` barrel so consumers can reuse the dialect's `<thinking>` envelope unwrap-and-rewrap logic (the only `./dialect/rendering` primitive re-exported; the rest stay dialect-internal).
+
+### Fixed
+
+- Fixed OpenAI Responses/Codex tool schema normalization stripping provider-rejected regex lookaround patterns from MCP tool parameter schemas. ([#2784](https://github.com/can1357/oh-my-pi/issues/2784))
+- Fixed OpenAI Responses parallel tool-call routing so late keyed argument deltas for a closed call are dropped instead of being appended to another open call.
+
 ## [16.0.2] - 2026-06-16
 
 ### Added

package/dist/types/dialect/index.d.ts

@@ -5,4 +5,5 @@ export * from "./factory";
 export * from "./history";
 export * from "./inventory";
 export * from "./owned-stream";
+export { renderDelimitedThinking } from "./rendering";
 export * from "./types";

package/dist/types/registry/oauth/openai-codex.d.ts

@@ -3,6 +3,8 @@
  */
 import type { OAuthController, OAuthCredentials } from "./types";
 export declare function decodeJwt<T = Record<string, unknown>>(token: string): T | null;
+/** Formats OpenAI Codex OAuth token endpoint errors for login and refresh failures. */
+export declare function formatOpenAICodexTokenEndpointError(status: number, bodyText: string): string;
 /** Builds the Codex browser OAuth URL used by browser login; exported for auth regression tests. */
 export declare function createOpenAICodexAuthorizationUrl(args: {
     state: string;

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-ai",
-	"version": "16.0.2",
+	"version": "16.0.4",
 	"description": "Unified LLM API with automatic model discovery and provider configuration",
 	"homepage": "https://omp.sh",
 	"author": "Can Boluk",
@@ -38,8 +38,8 @@
 	},
 	"dependencies": {
 		"@bufbuild/protobuf": "^2.12.0",
-		"@oh-my-pi/pi-catalog": "16.0.2",
-		"@oh-my-pi/pi-utils": "16.0.2",
+		"@oh-my-pi/pi-catalog": "16.0.4",
+		"@oh-my-pi/pi-utils": "16.0.4",
 		"partial-json": "^0.1.7",
 		"zod": "^4"
 	},

package/src/dialect/index.ts

@@ -5,4 +5,9 @@ export * from "./factory";
 export * from "./history";
 export * from "./inventory";
 export * from "./owned-stream";
+// `./rendering` is a dialect-internal primitives module deliberately excluded
+// from the barrel. `renderDelimitedThinking` is the one helper an external
+// consumer needs (the legacy markdown `/dump` reuses its `<thinking>` envelope
+// unwrap), so re-export only that symbol rather than `export *`-ing the rest.
+export { renderDelimitedThinking } from "./rendering";
 export * from "./types";

package/src/providers/google-gemini-cli.ts

@@ -849,9 +849,12 @@ export function buildRequest(
 		if (options.toolChoice) {
 			const choice = options.toolChoice;
 			if (typeof choice === "string") {
-				request.toolConfig = {
-					functionCallingConfig: { mode: mapToolChoice(choice) },
-				};
+				const mode = mapToolChoice(choice);
+				if (mode !== "AUTO") {
+					request.toolConfig = {
+						functionCallingConfig: { mode },
+					};
+				}
 			} else {
 				request.toolConfig = {
 					functionCallingConfig: {

package/src/providers/openai-completions.ts

@@ -1,6 +1,6 @@
 import type { Effort } from "@oh-my-pi/pi-catalog/effort";
 import { toFirepassWireModelId, toFireworksWireModelId } from "@oh-my-pi/pi-catalog/fireworks-model-id";
-import { isDeepseekModelIdOrName } from "@oh-my-pi/pi-catalog/identity";
+import { isDeepseekModelIdOrName, isGlm52ReasoningEffortModelId } from "@oh-my-pi/pi-catalog/identity";
 import { getSupportedEfforts, resolveWireModelId } from "@oh-my-pi/pi-catalog/model-thinking";
 import { calculateCost } from "@oh-my-pi/pi-catalog/models";
 import type { ResolvedOpenAICompat } from "@oh-my-pi/pi-catalog/types";
@@ -367,7 +367,7 @@ export interface OpenAICompletionsOptions extends StreamOptions {
 	openrouterVariant?: string;
 }
 
-type OpenAICompletionsParams = ChatCompletionCreateParamsStreaming & {
+type OpenAICompletionsParams = Omit<ChatCompletionCreateParamsStreaming, "reasoning_effort"> & {
 	top_k?: number;
 	min_p?: number;
 	repetition_penalty?: number;
@@ -375,6 +375,8 @@ type OpenAICompletionsParams = ChatCompletionCreateParamsStreaming & {
 	enable_thinking?: boolean;
 	chat_template_kwargs?: { enable_thinking: boolean };
 	reasoning?: { effort?: string } | { enabled: false };
+	reasoning_effort?: string | null;
+	tool_stream?: boolean;
 	provider?: OpenAICompat["openRouterRouting"];
 	providerOptions?: { gateway?: { only?: string[]; order?: string[] } };
 };
@@ -1338,6 +1340,10 @@ function buildParams(
 	// `compat.alwaysSendMaxTokens` carries that detection.
 	const requestedMaxTokens =
 		options?.maxTokens ?? (compat.alwaysSendMaxTokens ? (model.maxTokens ?? OPENAI_MAX_OUTPUT_TOKENS) : undefined);
+	const providerOutputClamp =
+		compat.thinkingFormat === "zai" && isGlm52ReasoningEffortModelId(model.id)
+			? (model.maxTokens ?? OPENAI_MAX_OUTPUT_TOKENS)
+			: OPENAI_MAX_OUTPUT_TOKENS;
 	// OpenRouter fans out to upstreams whose output caps differ from the catalog
 	// value (which tracks the highest-cap provider). A max_tokens above the routed
 	// upstream's cap makes OpenRouter silently skip that provider (e.g. Cerebras
@@ -1348,7 +1354,7 @@ function buildParams(
 	const effectiveMaxTokens =
 		requestedMaxTokens === undefined || omitMaxTokensForRouting
 			? undefined
-			: Math.min(requestedMaxTokens, model.maxTokens ?? Number.POSITIVE_INFINITY, OPENAI_MAX_OUTPUT_TOKENS);
+			: Math.min(requestedMaxTokens, model.maxTokens ?? Number.POSITIVE_INFINITY, providerOutputClamp);
 
 	const requestModelId = resolveOpenAICompletionsModelId(model, options);
 	const params: OpenAICompletionsParams = {
@@ -1422,6 +1428,15 @@ function buildParams(
 		// so LiteLLM → Bedrock never sees an empty `toolConfig` block.
 		params.tools = [];
 	}
+	if (
+		compat.thinkingFormat === "zai" &&
+		compat.supportsReasoningEffort &&
+		isGlm52ReasoningEffortModelId(model.id) &&
+		Array.isArray(params.tools) &&
+		params.tools.length > 0
+	) {
+		params.tool_stream = true;
+	}
 
 	if (options?.toolChoice && compat.supportsToolChoice) {
 		params.tool_choice = mapToOpenAICompletionsToolChoice(options.toolChoice);
@@ -1459,13 +1474,24 @@ function buildParams(
 	}
 
 	if (supportsReasoningParams && compat.thinkingFormat === "zai" && model.reasoning) {
-		// Z.ai uses binary thinking: { type: "enabled" | "disabled" }
-		// Must explicitly disable since z.ai defaults to thinking enabled.
-		const enabled = options?.reasoning && !options?.disableReasoning;
+		// Z.AI-style hosts use binary thinking, while GLM-5.2+ also accepts
+		// `reasoning_effort` when thinking is enabled. `minimal` maps to the
+		// provider's skip-thinking path, so keep the effort field absent there.
+		const requestedEffort = options?.reasoning;
+		const mappedEffort =
+			requestedEffort === undefined
+				? undefined
+				: (compat.reasoningEffortMap?.[requestedEffort] ??
+					model.thinking?.effortMap?.[requestedEffort] ??
+					requestedEffort);
+		const enabled = mappedEffort !== undefined && mappedEffort !== "none" && !options?.disableReasoning;
 		params.thinking = { type: enabled ? "enabled" : "disabled" };
 		if (enabled && compat.thinkingKeep) {
 			params.thinking.keep = compat.thinkingKeep;
 		}
+		if (enabled && compat.supportsReasoningEffort) {
+			params.reasoning_effort = mappedEffort;
+		}
 	} else if (supportsReasoningParams && compat.thinkingFormat === "qwen" && model.reasoning) {
 		// Qwen uses top-level enable_thinking: boolean
 		params.enable_thinking = !!options?.reasoning && !options?.disableReasoning;

package/src/providers/openai-responses-shared.ts

@@ -525,6 +525,7 @@ export async function processResponsesStream<TApi extends Api>(
 		lastOpenItem = entry;
 	};
 	const lookupOpenItem = (event: { output_index?: number; item_id?: string }): StreamingItem | undefined => {
+		const hasKey = typeof event.output_index === "number" || event.item_id !== undefined;
 		if (typeof event.output_index === "number") {
 			const found = openItemsByOutputIndex.get(event.output_index);
 			if (found) return found;
@@ -533,8 +534,10 @@ export async function processResponsesStream<TApi extends Api>(
 			const found = openItemsByItemId.get(event.item_id);
 			if (found) return found;
 		}
-		// Fallback for tests / mock providers that omit identifiers on stream events.
-		return lastOpenItem ?? undefined;
+		// Keyed events whose item already closed are stale; drop them instead of
+		// routing to a sibling. Only fully identifierless mock/proxy events use the
+		// legacy singleton fallback.
+		return hasKey ? undefined : (lastOpenItem ?? undefined);
 	};
 	const hasOpenItemKey = (event: { output_index?: number; item_id?: string }): boolean =>
 		typeof event.output_index === "number" || event.item_id !== undefined;

package/src/registry/oauth/openai-codex.ts

@@ -3,6 +3,8 @@
  */
 
 import { OPENAI_HEADER_VALUES } from "@oh-my-pi/pi-catalog/wire/codex";
+import type { FetchImpl } from "../../types";
+import { isRecord } from "../../utils";
 import { OAuthCallbackFlow, type OAuthCallbackFlowOptions } from "./callback-server";
 import { generatePKCE } from "./pkce";
 import type { OAuthController, OAuthCredentials } from "./types";
@@ -12,7 +14,7 @@ const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
 const TOKEN_URL = "https://auth.openai.com/oauth/token";
 const CALLBACK_PORT = 1455;
 const CALLBACK_PATH = "/auth/callback";
-const SCOPE = "openid profile email offline_access";
+const SCOPE = "openid profile email offline_access api.connectors.read api.connectors.invoke";
 const JWT_CLAIM_PATH = "https://api.openai.com/auth";
 const JWT_PROFILE_CLAIM = "https://api.openai.com/profile";
 const TOKEN_REQUEST_TIMEOUT_MS = 15_000;
@@ -62,6 +64,37 @@ interface PKCE {
 	verifier: string;
 	challenge: string;
 }
+function describeTokenEndpointValue(value: unknown): string | undefined {
+	if (typeof value === "string") {
+		const trimmed = value.trim();
+		return trimmed.length > 0 ? trimmed : undefined;
+	}
+	if (typeof value === "number" || typeof value === "boolean") return String(value);
+	if (!isRecord(value)) return undefined;
+
+	const code = describeTokenEndpointValue(value.code ?? value.error);
+	const message = describeTokenEndpointValue(value.message ?? value.error_description ?? value.description);
+	if (code && message && code !== message) return `${code}: ${message}`;
+	return code ?? message ?? JSON.stringify(value);
+}
+
+/** Formats OpenAI Codex OAuth token endpoint errors for login and refresh failures. */
+export function formatOpenAICodexTokenEndpointError(status: number, bodyText: string): string {
+	const trimmed = bodyText.trim();
+	if (trimmed.length === 0) return `${status}`;
+
+	try {
+		const body: unknown = JSON.parse(trimmed);
+		if (!isRecord(body)) return `${status} ${trimmed}`;
+
+		const error = describeTokenEndpointValue(body.error);
+		const description = describeTokenEndpointValue(body.error_description);
+		if (error && description && error !== description) return `${status} ${error}: ${description}`;
+		return `${status} ${error ?? description ?? describeTokenEndpointValue(body.message) ?? trimmed}`;
+	} catch {
+		return `${status} ${trimmed}`;
+	}
+}
 /** Builds the Codex browser OAuth URL used by browser login; exported for auth regression tests. */
 export function createOpenAICodexAuthorizationUrl(args: {
 	state: string;
@@ -87,11 +120,11 @@ export function createOpenAICodexAuthorizationUrl(args: {
 }
 
 class OpenAICodexOAuthFlow extends OAuthCallbackFlow {
-	constructor(
-		ctrl: OAuthController,
-		private readonly pkce: PKCE,
-		private readonly originator: string,
-	) {
+	#pkce: PKCE;
+	#originator: string;
+	#fetch: FetchImpl;
+
+	constructor(ctrl: OAuthController, pkce: PKCE, originator: string, fetchImpl: FetchImpl) {
 		super(ctrl, {
 			preferredPort: CALLBACK_PORT,
 			callbackPath: CALLBACK_PATH,
@@ -101,25 +134,33 @@ class OpenAICodexOAuthFlow extends OAuthCallbackFlow {
 			// registered allowlist entry.
 			redirectUri: `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`,
 		} satisfies OAuthCallbackFlowOptions);
+		this.#pkce = pkce;
+		this.#originator = originator;
+		this.#fetch = fetchImpl;
 	}
 
 	async generateAuthUrl(state: string, redirectUri: string): Promise<{ url: string; instructions?: string }> {
 		const url = createOpenAICodexAuthorizationUrl({
 			state,
 			redirectUri,
-			challenge: this.pkce.challenge,
-			originator: this.originator,
+			challenge: this.#pkce.challenge,
+			originator: this.#originator,
 		});
 		return { url, instructions: "A browser window should open. Complete login to finish." };
 	}
 
 	async exchangeToken(code: string, _state: string, redirectUri: string): Promise<OAuthCredentials> {
-		return exchangeCodeForToken(code, this.pkce.verifier, redirectUri);
+		return exchangeCodeForToken(code, this.#pkce.verifier, redirectUri, this.#fetch);
 	}
 }
 
-async function exchangeCodeForToken(code: string, verifier: string, redirectUri: string): Promise<OAuthCredentials> {
-	const tokenResponse = await fetch(TOKEN_URL, {
+async function exchangeCodeForToken(
+	code: string,
+	verifier: string,
+	redirectUri: string,
+	fetchImpl: FetchImpl = fetch,
+): Promise<OAuthCredentials> {
+	const tokenResponse = await fetchImpl(TOKEN_URL, {
 		method: "POST",
 		headers: { "Content-Type": "application/x-www-form-urlencoded" },
 		body: new URLSearchParams({
@@ -133,13 +174,8 @@ async function exchangeCodeForToken(code: string, verifier: string, redirectUri:
 	});
 
 	if (!tokenResponse.ok) {
-		let detail = `${tokenResponse.status}`;
-		try {
-			const body = (await tokenResponse.json()) as { error?: string; error_description?: string };
-			if (body.error)
-				detail = `${tokenResponse.status} ${body.error}${body.error_description ? `: ${body.error_description}` : ""}`;
-		} catch {}
-		throw new Error(`Token exchange failed: ${detail}`);
+		const bodyText = await tokenResponse.text();
+		throw new Error(`Token exchange failed: ${formatOpenAICodexTokenEndpointError(tokenResponse.status, bodyText)}`);
 	}
 
 	const tokenData = (await tokenResponse.json()) as {
@@ -177,7 +213,7 @@ export type OpenAICodexLoginOptions = OAuthController & {
 export async function loginOpenAICodex(options: OpenAICodexLoginOptions): Promise<OAuthCredentials> {
 	const pkce = await generatePKCE();
 	const originator = options.originator?.trim() || OPENAI_HEADER_VALUES.ORIGINATOR_CODEX;
-	const flow = new OpenAICodexOAuthFlow(options, pkce, originator);
+	const flow = new OpenAICodexOAuthFlow(options, pkce, originator, options.fetch ?? fetch);
 
 	return flow.login();
 }
@@ -285,13 +321,10 @@ export async function refreshOpenAICodexToken(refreshToken: string): Promise<OAu
 	});
 
 	if (!response.ok) {
-		let detail = `${response.status}`;
-		try {
-			const body = (await response.json()) as { error?: string; error_description?: string };
-			if (body.error)
-				detail = `${response.status} ${body.error}${body.error_description ? `: ${body.error_description}` : ""}`;
-		} catch {}
-		throw new Error(`OpenAI Codex token refresh failed: ${detail}`);
+		const bodyText = await response.text();
+		throw new Error(
+			`OpenAI Codex token refresh failed: ${formatOpenAICodexTokenEndpointError(response.status, bodyText)}`,
+		);
 	}
 
 	const tokenData = (await response.json()) as {

package/src/utils/schema/normalize.ts

@@ -936,8 +936,25 @@ export function sanitizeSchemaForOpenAIResponses(schema: JsonObject): JsonObject
  * `normalizeSchemaFor*` dispatcher naming used elsewhere in this module.
  */
 export const normalizeSchemaForOpenAIResponses: (schema: JsonObject) => JsonObject = sanitizeSchemaForOpenAIResponses;
+const OPENAI_UNSUPPORTED_REGEX_LOOKAROUNDS = new Set(["=", "!", "<=", "<!"]);
+const OPENAI_RESPONSES_PATTERN_PROPERTIES_FALLBACK = ".*";
 
-function normalizeOpenAIResponsesSchemaNode(value: unknown, cache: WeakMap<JsonObject, JsonObject>): unknown {
+function hasOpenAIUnsupportedRegexLookaround(pattern: string): boolean {
+	let groupStart = pattern.indexOf("(?");
+	while (groupStart !== -1) {
+		let escapes = 0;
+		for (let i = groupStart - 1; i >= 0 && pattern[i] === "\\"; i--) escapes++;
+		if (escapes % 2 === 0) {
+			const operator =
+				pattern[groupStart + 2] === "<" ? pattern.slice(groupStart + 2, groupStart + 4) : pattern[groupStart + 2];
+			if (OPENAI_UNSUPPORTED_REGEX_LOOKAROUNDS.has(operator)) return true;
+		}
+		groupStart = pattern.indexOf("(?", groupStart + 2);
+	}
+	return false;
+}
+
+function normalizeOpenAIResponsesSchemaNode(value: unknown, cache: WeakMap<JsonObject, unknown>): unknown {
 	if (!isJsonObject(value)) return value;
 
 	// `{}` (empty JSON Schema) ≡ `true` (JSON Schema draft 2020-12 §4.3.1).
@@ -973,11 +990,21 @@ function normalizeOpenAIResponsesSchemaNode(value: unknown, cache: WeakMap<JsonO
 			changed = true;
 			continue;
 		}
+		if (
+			key === "pattern" &&
+			typeof value.pattern === "string" &&
+			hasOpenAIUnsupportedRegexLookaround(value.pattern)
+		) {
+			changed = true;
+			continue;
+		}
 
 		const child = value[key];
 		let next: unknown = child;
-		if (OPENAI_RESPONSES_SCHEMA_MAP_KEYS.has(key) && isJsonObject(child)) {
-			next = normalizeOpenAIResponsesSchemaMap(child, cache);
+		if (key === "patternProperties" && isJsonObject(child)) {
+			next = normalizeOpenAIResponsesSchemaMap(child, cache, true);
+		} else if (OPENAI_RESPONSES_SCHEMA_MAP_KEYS.has(key) && isJsonObject(child)) {
+			next = normalizeOpenAIResponsesSchemaMap(child, cache, false);
 		} else if (OPENAI_RESPONSES_SCHEMA_ARRAY_KEYS.has(key) && Array.isArray(child)) {
 			next = normalizeOpenAIResponsesSchemaArray(child, cache);
 		} else if (OPENAI_RESPONSES_SCHEMA_VALUE_KEYS.has(key) && isJsonObject(child)) {
@@ -1008,7 +1035,7 @@ function normalizeOpenAIResponsesSchemaNode(value: unknown, cache: WeakMap<JsonO
 	// the seeded partial and set `changed = true` for that node, so a node
 	// that finishes with `changed === false` is provably non-cyclic and
 	// referentially equal to its input.
-	const result = changed ? output : value;
+	const result = changed ? (isJsonObjectEmpty(output) ? true : output) : value;
 	cache.set(value, result);
 	return result;
 }
@@ -1022,7 +1049,7 @@ function declaresObjectType(type: unknown): boolean {
 	return false;
 }
 
-function normalizeOpenAIResponsesSchemaArray(value: unknown[], cache: WeakMap<JsonObject, JsonObject>): unknown[] {
+function normalizeOpenAIResponsesSchemaArray(value: unknown[], cache: WeakMap<JsonObject, unknown>): unknown[] {
 	let changed = false;
 	const output = value.map(item => {
 		const next = normalizeOpenAIResponsesSchemaNode(item, cache);
@@ -1032,7 +1059,11 @@ function normalizeOpenAIResponsesSchemaArray(value: unknown[], cache: WeakMap<Js
 	return changed ? output : value;
 }
 
-function normalizeOpenAIResponsesSchemaMap(schemaMap: JsonObject, cache: WeakMap<JsonObject, JsonObject>): JsonObject {
+function normalizeOpenAIResponsesSchemaMap(
+	schemaMap: JsonObject,
+	cache: WeakMap<JsonObject, unknown>,
+	stripUnsupportedRegexKeys: boolean,
+): JsonObject {
 	let changed = false;
 	const output: JsonObject = {};
 	for (const key in schemaMap) {
@@ -1040,11 +1071,29 @@ function normalizeOpenAIResponsesSchemaMap(schemaMap: JsonObject, cache: WeakMap
 		const child = schemaMap[key];
 		const next = normalizeOpenAIResponsesSchemaNode(child, cache);
 		if (next !== child) changed = true;
+		if (stripUnsupportedRegexKeys && hasOpenAIUnsupportedRegexLookaround(key)) {
+			changed = true;
+			appendOpenAIResponsesFallbackPatternProperty(output, next);
+			continue;
+		}
 		output[key] = next;
 	}
 	return changed ? output : schemaMap;
 }
 
+function appendOpenAIResponsesFallbackPatternProperty(output: JsonObject, schema: unknown): void {
+	const existing = output[OPENAI_RESPONSES_PATTERN_PROPERTIES_FALLBACK];
+	if (existing === undefined) {
+		output[OPENAI_RESPONSES_PATTERN_PROPERTIES_FALLBACK] = schema;
+		return;
+	}
+	if (isJsonObject(existing) && Array.isArray(existing.anyOf) && Object.keys(existing).length === 1) {
+		existing.anyOf = [...existing.anyOf, schema];
+		return;
+	}
+	output[OPENAI_RESPONSES_PATTERN_PROPERTIES_FALLBACK] = { anyOf: [existing, schema] };
+}
+
 // ---------------------------------------------------------------------------
 // OpenAI strict mode — sanitize + enforce
 // ---------------------------------------------------------------------------

package/src/utils/validation.ts

@@ -411,6 +411,47 @@ function tryHealMalformedJson(value: string): unknown | undefined {
 	return undefined;
 }
 
+const MAX_NESTED_JSON_STRING_PARSE_DEPTH = 3;
+
+function acceptParsedJsonForTypes(
+	parsed: unknown,
+	source: string,
+	expectedTypes: string[],
+	depth: number,
+): { value: unknown; changed: boolean } {
+	if (parsed === null && source.trim() === "null") {
+		return { value: null, changed: true };
+	}
+	if (matchesExpectedType(parsed, expectedTypes)) {
+		return { value: parsed, changed: true };
+	}
+	if (typeof parsed === "string" && !expectedTypes.includes("string") && depth < MAX_NESTED_JSON_STRING_PARSE_DEPTH) {
+		return tryParseJsonForTypes(parsed, expectedTypes, depth + 1);
+	}
+	return { value: source, changed: false };
+}
+
+function looksLikeJsonContainerString(value: unknown): boolean {
+	if (typeof value !== "string") return false;
+	const trimmed = value.trimStart();
+	if (trimmed.startsWith("{")) {
+		const body = trimmed.slice(1);
+		return body.trimStart().startsWith('"') || body.includes(":") || body.trimStart().startsWith("}");
+	}
+	if (!trimmed.startsWith("[")) return false;
+	const firstItem = trimmed.slice(1).trimStart();
+	return (
+		firstItem.startsWith("{") ||
+		firstItem.startsWith("[") ||
+		firstItem.startsWith('"') ||
+		firstItem.startsWith("]") ||
+		firstItem.startsWith("true") ||
+		firstItem.startsWith("false") ||
+		firstItem.startsWith("null") ||
+		/^-?(?:0|[1-9]\d*)(?:\.\d+)?(?:[eE][+-]?\d+)?(?:\s*(?:,|\]|$))/.test(firstItem)
+	);
+}
+
 /**
  * Attempts to parse a string as JSON if it looks like a JSON literal and
  * the parsed result matches one of the expected types.
@@ -424,7 +465,7 @@ function tryHealMalformedJson(value: string): unknown | undefined {
  * matches an expected type. This prevents false positives like parsing
  * the string `"123"` when the schema actually wants a string.
  */
-function tryParseJsonForTypes(value: string, expectedTypes: string[]): { value: unknown; changed: boolean } {
+function tryParseJsonForTypes(value: string, expectedTypes: string[], depth = 0): { value: unknown; changed: boolean } {
 	const trimmed = value.trim();
 	if (!trimmed) return { value, changed: false };
 
@@ -434,28 +475,20 @@ function tryParseJsonForTypes(value: string, expectedTypes: string[]): { value:
 	}
 
 	// Quick syntactic checks to avoid unnecessary parse attempts
-	const looksJsonObject = trimmed.startsWith("{");
-	const looksJsonArray = trimmed.startsWith("[");
+	const looksJsonObject = trimmed.startsWith("{") && looksLikeJsonContainerString(trimmed);
+	const looksJsonArray = trimmed.startsWith("[") && looksLikeJsonContainerString(trimmed);
+	const looksJsonString = trimmed.startsWith('"') && !expectedTypes.includes("string");
 	const looksJsonLiteral =
 		trimmed === "true" || trimmed === "false" || trimmed === "null" || JSON_NUMBER_PATTERN.test(trimmed);
 
-	if (!looksJsonObject && !looksJsonArray && !looksJsonLiteral) {
+	if (!looksJsonObject && !looksJsonArray && !looksJsonString && !looksJsonLiteral) {
 		return { value, changed: false };
 	}
 
 	try {
 		const parsed = JSON.parse(trimmed) as unknown;
-		// If the string was "null", we parsed it to actual null.
-		// Accept this even if null isn't in expectedTypes — the LLM meant "no value".
-		// normalizeOptionalNullsForSchema will strip it from optional fields, and
-		// the validator will correctly error on required fields.
-		if (parsed === null && trimmed === "null") {
-			return { value: null, changed: true };
-		}
-		// For non-null values, only accept if the parsed type matches what the schema expects
-		if (matchesExpectedType(parsed, expectedTypes)) {
-			return { value: parsed, changed: true };
-		}
+		const accepted = acceptParsedJsonForTypes(parsed, trimmed, expectedTypes, depth);
+		if (accepted.changed) return accepted;
 	} catch {
 		if (looksJsonObject || looksJsonArray) {
 			// Try escaping raw control chars inside string literals (LLMs sometimes
@@ -464,20 +497,21 @@ function tryParseJsonForTypes(value: string, expectedTypes: string[]): { value:
 			if (escapedControls !== trimmed) {
 				try {
 					const parsed = JSON.parse(escapedControls) as unknown;
-					if (matchesExpectedType(parsed, expectedTypes)) {
-						return { value: parsed, changed: true };
-					}
+					const accepted = acceptParsedJsonForTypes(parsed, escapedControls, expectedTypes, depth);
+					if (accepted.changed) return accepted;
 				} catch {}
 			}
 			// Try extracting a valid JSON prefix (handles trailing junk after balanced container)
 			const leading = tryParseLeadingJsonContainer(trimmed);
-			if (leading !== undefined && matchesExpectedType(leading, expectedTypes)) {
-				return { value: leading, changed: true };
+			if (leading !== undefined) {
+				const accepted = acceptParsedJsonForTypes(leading, trimmed, expectedTypes, depth);
+				if (accepted.changed) return accepted;
 			}
 			// Try healing single-character bracket errors near the end of the string
 			const healed = tryHealMalformedJson(trimmed);
-			if (healed !== undefined && matchesExpectedType(healed, expectedTypes)) {
-				return { value: healed, changed: true };
+			if (healed !== undefined) {
+				const accepted = acceptParsedJsonForTypes(healed, trimmed, expectedTypes, depth);
+				if (accepted.changed) return accepted;
 			}
 		}
 		return { value, changed: false };
@@ -1065,14 +1099,22 @@ function coerceArgsFromIssues(args: unknown, issues: FlatIssue[]): { value: unkn
 
 		const currentValue = getValueAtPointer(nextArgs, issue.instancePath);
 		const result = tryCoerceForExpectedTypes(currentValue, issue.expectedTypes);
-		const coercedValue = result.changed
-			? result.value
-			: issue.expectedTypes.includes("array") &&
-					!issue.unionBranch &&
-					currentValue !== undefined &&
-					!Array.isArray(currentValue)
-				? [currentValue]
-				: undefined;
+		let coercedValue = result.changed ? result.value : undefined;
+		if (
+			coercedValue === undefined &&
+			issue.expectedTypes.includes("array") &&
+			!issue.unionBranch &&
+			currentValue !== undefined &&
+			!Array.isArray(currentValue)
+		) {
+			const objectCoercion =
+				typeof currentValue === "string"
+					? tryParseJsonForTypes(currentValue, ["object"])
+					: { value: currentValue, changed: false };
+			if (objectCoercion.changed || !looksLikeJsonContainerString(currentValue)) {
+				coercedValue = [objectCoercion.changed ? objectCoercion.value : currentValue];
+			}
+		}
 		if (coercedValue === undefined) continue;
 
 		if (!owned) {