@oh-my-pi/pi-ai 16.0.8 → 16.0.10

package/CHANGELOG.md

@@ -2,6 +2,31 @@
 
 ## [Unreleased]
 
+## [16.0.10] - 2026-06-18
+
+### Added
+
+- Replaced the old legacy XML-ish `pi` owned tool-calling dialect with the new sigil-delimited format (`§` call header with inline `key=value` scalars, `«…»` verbatim body fence for the dominant string argument, `¤` reasoning, `‡‡` tool result) using single-token markers that never occur in source code. Verbatim fences escalate Markdown-style (`««…»»`) so re-rendered history never collides with payload content, and the scanner gates a bare `§` on an exact known-tool name to avoid swallowing prose. Round-trips and streams through the existing scanner contract at ~46% fewer tokens than the legacy format on typical calls; selectable via `tools.format` or `PI_DIALECT=pi`.
+
+### Changed
+
+- Updated `pi` dialect formatting to use a token-frugal, sigil-delimited format (`§`, `¤`, `‡‡`)
+- Updated `pi` dialect body fences to automatically escalate when content contains fence markers
+- Changed `pi` dialect tool results response format to `‡‡` blocks
+
+### Fixed
+
+- Fixed Bedrock application inference profile ARNs to route requests to the ARN's region instead of the default Bedrock runtime region. ([#3004](https://github.com/can1357/oh-my-pi/issues/3004))
+
+## [16.0.9] - 2026-06-18
+
+### Fixed
+
+- Fixed OAuth login replacing all other active accounts for the same provider, allowing multiple OAuth accounts to coexist concurrently.
+- Fixed legacy `api_key` credentials not being replaced/disabled atomically upon upgrading to OAuth login.
+- Fixed a logic issue where AuthStorage lost session-to-credential stickiness upon CLI restarts, causing cold-starts for server-side prompt cache (KV cache) and wasting tokens.
+- Fixed GitHub Copilot Responses requests rejecting image inputs that carry the `detail: "original"` hint with an HTTP 400 by degrading the hint to `"auto"` for hosts that do not support it; other hosts still preserve native-resolution frames (snapcompact). ([#2822](https://github.com/can1357/oh-my-pi/issues/2822))
+
 ## [16.0.8] - 2026-06-18
 
 ### Fixed

package/dist/types/providers/openai-shared.d.ts

@@ -341,11 +341,12 @@ export declare function repairOrphanResponsesToolOutputs(input: ResponseInput):
  * {@link repairOrphanResponsesToolOutputs}.
  */
 export declare function repairOrphanResponsesToolCalls(input: ResponseInput): ResponseInput;
-export declare function convertResponsesInputContent(content: string | Array<TextContent | ImageContent>, supportsImages: boolean): ResponseInputContent[] | undefined;
+export declare function convertResponsesInputContent(content: string | Array<TextContent | ImageContent>, supportsImages: boolean, supportsImageDetailOriginal: boolean): ResponseInputContent[] | undefined;
 export interface BuildResponsesInputOptions<TApi extends Api> {
     model: Model<TApi>;
     context: Context;
     strictResponsesPairing: boolean;
+    supportsImageDetailOriginal: boolean;
     systemRole?: "system" | "developer";
     nativeHistory?: {
         replay: boolean;
@@ -357,7 +358,7 @@ export interface BuildResponsesInputOptions<TApi extends Api> {
 }
 export declare function buildResponsesInput<TApi extends Api>(options: BuildResponsesInputOptions<TApi>): ResponseInput;
 export declare function convertResponsesAssistantMessage<TApi extends Api>(assistantMsg: AssistantMessage, model: Model<TApi>, msgIndex: number, knownCallIds: Set<string>, includeThinkingSignatures?: boolean, customCallIds?: Set<string>): ResponseInput;
-export declare function appendResponsesToolResultMessages<TApi extends Api>(messages: ResponseInput, toolResult: ToolResultMessage, model: Model<TApi>, strictResponsesPairing: boolean, knownCallIds: ReadonlySet<string>, customCallIds?: ReadonlySet<string>): void;
+export declare function appendResponsesToolResultMessages<TApi extends Api>(messages: ResponseInput, toolResult: ToolResultMessage, model: Model<TApi>, strictResponsesPairing: boolean, supportsImageDetailOriginal: boolean, knownCallIds: ReadonlySet<string>, customCallIds?: ReadonlySet<string>): void;
 /**
  * Per-block accumulation helpers shared by the two Responses decode loops —
  * {@link processResponsesStream} (generic Responses) and the Codex stream

package/dist/types/registry/oauth/types.d.ts

@@ -25,6 +25,12 @@ export interface OAuthProviderInfo {
     id: OAuthProviderId;
     name: string;
     available: boolean;
+    /**
+     * Provider id the login stores credentials under, when it differs from `id`
+     * (e.g. `openai-codex-device` ⇒ `openai-codex`). Lets callers map a login
+     * entry back to the model provider it authenticates.
+     */
+    storeCredentialsAs?: string;
 }
 export interface OAuthController {
     onAuth?(info: OAuthAuthInfo): void;

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-ai",
-	"version": "16.0.8",
+	"version": "16.0.10",
 	"description": "Unified LLM API with automatic model discovery and provider configuration",
 	"homepage": "https://omp.sh",
 	"author": "Can Boluk",
@@ -38,8 +38,8 @@
 	},
 	"dependencies": {
 		"@bufbuild/protobuf": "^2.12.0",
-		"@oh-my-pi/pi-catalog": "16.0.8",
-		"@oh-my-pi/pi-utils": "16.0.8",
+		"@oh-my-pi/pi-catalog": "16.0.10",
+		"@oh-my-pi/pi-utils": "16.0.10",
 		"arktype": "^2.2.0",
 		"partial-json": "^0.1.7",
 		"zod": "^4"

package/src/auth-storage.ts

@@ -1352,6 +1352,19 @@ export class AuthStorage {
 		const sessionMap = this.#sessionLastCredential.get(provider) ?? new Map();
 		sessionMap.set(sessionId, { type, index });
 		this.#sessionLastCredential.set(provider, sessionMap);
+
+		try {
+			const credentialId = this.#getStoredCredentials(provider)[index]?.id;
+			if (credentialId !== undefined) {
+				const cacheKey = `session:sticky:${provider}:${sessionId}`;
+				const cacheValue = JSON.stringify({ type, index, credentialId });
+				// Expires in 30 days
+				const expiresAtSec = Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60;
+				this.#store.setCache(cacheKey, cacheValue, expiresAtSec);
+			}
+		} catch (err) {
+			logger.debug("Failed to write session sticky credential to persistent store cache", { err });
+		}
 	}
 
 	/** Retrieves the last credential used by a session. */
@@ -1360,17 +1373,59 @@ export class AuthStorage {
 		sessionId: string | undefined,
 	): { type: AuthCredential["type"]; index: number } | undefined {
 		if (!sessionId) return undefined;
-		return this.#sessionLastCredential.get(provider)?.get(sessionId);
+		let sessionMap = this.#sessionLastCredential.get(provider);
+		if (sessionMap?.has(sessionId)) {
+			return sessionMap.get(sessionId);
+		}
+		try {
+			const cacheKey = `session:sticky:${provider}:${sessionId}`;
+			const raw = this.#store.getCache(cacheKey);
+			if (raw) {
+				const val = JSON.parse(raw) as { type: AuthCredential["type"]; index: number; credentialId?: number };
+
+				if (val.credentialId !== undefined) {
+					const stored = this.#getStoredCredentials(provider);
+					const actualIndex = stored.findIndex(entry => entry.id === val.credentialId);
+					if (actualIndex === -1 || stored[actualIndex]?.credential.type !== val.type) {
+						this.#store.setCache(cacheKey, "", 0);
+						return undefined;
+					}
+					val.index = actualIndex;
+				} else {
+					// Fallback: drop unsafe index-only cache rows to prevent wrong-account routing
+					this.#store.setCache(cacheKey, "", 0);
+					return undefined;
+				}
+
+				if (!sessionMap) {
+					sessionMap = new Map();
+					this.#sessionLastCredential.set(provider, sessionMap);
+				}
+				const sessionVal = { type: val.type, index: val.index };
+				sessionMap.set(sessionId, sessionVal);
+				return sessionVal;
+			}
+		} catch (err) {
+			logger.debug("Failed to read session sticky credential from persistent store cache", { err });
+		}
+		return undefined;
 	}
 
 	/** Clears the last credential used by a session for a provider. */
 	#clearSessionCredential(provider: string, sessionId: string | undefined): void {
 		if (!sessionId) return;
 		const sessionMap = this.#sessionLastCredential.get(provider);
-		if (!sessionMap) return;
-		sessionMap.delete(sessionId);
-		if (sessionMap.size === 0) {
-			this.#sessionLastCredential.delete(provider);
+		if (sessionMap) {
+			sessionMap.delete(sessionId);
+			if (sessionMap.size === 0) {
+				this.#sessionLastCredential.delete(provider);
+			}
+		}
+		try {
+			const cacheKey = `session:sticky:${provider}:${sessionId}`;
+			this.#store.setCache(cacheKey, "", 0);
+		} catch (err) {
+			logger.debug("Failed to clear session sticky credential from persistent store cache", { err });
 		}
 	}
 
@@ -1549,6 +1604,17 @@ export class AuthStorage {
 		return rows;
 	}
 
+	async #upsertOAuthCredential(provider: string, credential: OAuthCredential): Promise<void> {
+		const stored = this.#store.upsertAuthCredentialRemote
+			? await this.#store.upsertAuthCredentialRemote(provider, credential)
+			: this.#store.upsertAuthCredentialForProvider(provider, credential);
+		this.#setStoredCredentials(
+			provider,
+			stored.map(entry => ({ id: entry.id, credential: entry.credential })),
+		);
+		this.#resetProviderAssignments(provider);
+	}
+
 	/**
 	 * Remove credential for a provider.
 	 */
@@ -1786,10 +1852,10 @@ export class AuthStorage {
 			return;
 		}
 		const newCredential: OAuthCredential = { type: "oauth", ...result };
-		// Use set() instead of #upsertOAuthCredential to replace ALL existing credentials
-		// (including legacy api_key rows from older versions) with the new OAuth credential.
-		// This ensures getApiKey() doesn't match an old api_key row before the new OAuth row.
-		await this.set(def.storeCredentialsAs ?? provider, newCredential);
+		// Use #upsertOAuthCredential to upsert the new credential.
+		// Any legacy api_key rows from older versions will be cleaned up so they do not
+		// shadow the new OAuth row, while preserving other active OAuth credentials.
+		await this.#upsertOAuthCredential(def.storeCredentialsAs ?? provider, newCredential);
 	}
 
 	/**
@@ -4916,6 +4982,14 @@ export class SqliteAuthCredentialStore implements AuthCredentialStore {
 				identityKey: resolveRowCredentialIdentityKey(providerName, row),
 			}));
 
+			if (item.type === "oauth") {
+				for (const row of existing) {
+					if (row.credential && row.credential.type === "api_key") {
+						this.#deleteStmt.run("replaced by oauth login", row.id);
+					}
+				}
+			}
+
 			let targetId: number | null = null;
 			for (const row of existing) {
 				if (!matchesReplacementCredential(providerName, row.credential, row.identityKey, item)) continue;

package/src/dialect/owned-stream.ts

@@ -19,7 +19,7 @@ const RESPONSE_OPEN_TOKENS: Record<Dialect, readonly string[]> = {
 	minimax: ["<function_results>", "<tool_response>"],
 	deepseek: ["<｜tool▁outputs▁begin｜>", "<｜tool▁output▁begin｜>"],
 	harmony: ["<|start|>functions."],
-	pi: ["<tool_response>"],
+	pi: ["‡‡"],
 	qwen3: ["<tool_response>"],
 	gemini: ["```tool_outputs"],
 	gemma: ["<|tool_response>"],

package/src/dialect/pi.md

@@ -1,57 +1,55 @@
 ## Format guide
 
-A tool call is a `<call:NAME>…</call:NAME>` block (or self-closing `<call:NAME …/>`) written as plain assistant text; arguments are given as tag attributes, child elements, or a verbatim inline body.
+A tool call begins with `§` immediately followed by the function NAME (start each call on its own line). Scalar arguments follow on the same line as `key=value` pairs; a single large or multi-line string argument goes in a verbatim body fenced by `«…»` right after the header.
 
-```text
-<call:read path="src/a.ts" offset=50/>
-```
-
-Objects and arrays use child elements, repeating an element for each array item:
+Scalar-only call (the line ends the call):
 
 ```text
-<call:configure>
-<object>
-<y>4</y>
-<list>alpha</list>
-<list>beta</list>
-</object>
-</call:configure>
+§read path=src/a.ts offset=50 limit=200
 ```
 
-A single string argument can fill the body directly:
+Call with a verbatim body — everything between `«` and `»` is taken literally, no quoting or escaping:
 
 ```text
-<call:edit>
+§edit path=src/server/auth.ts«
 *** Begin Patch
-...
+*** Update File: src/server/auth.ts
+@@ class AuthService
+-  login(user) {
++  async login(user, opts) {
 *** End Patch
-</call:edit>
+»
 ```
 
-Tool results arrive as response blocks, read in call order:
+Argument values:
+
+- Strings are written bare and verbatim (`path=src/a.ts`). Quote with `"…"` only when the value contains spaces or starts with `"`, `[`, or `{` (`_i="run the tests"`).
+- Numbers, booleans, and `null` are JSON literals (`offset=50`, `force=true`).
+- Arrays and objects are inline JSON (`paths=["src","test"]`).
+- The body fence holds the call's first long/multi-line string parameter; its key is implied, never written.
+
+Private reasoning goes in a `¤…¤` block before your calls:
 
 ```text
-<tool_response>
-verbatim tool result
-</tool_response>
+¤
+brief reasoning
+¤
 ```
 
-Private reasoning goes in a `<thinking>…</thinking>` block before your calls:
+Tool results arrive in `‡‡…‡‡` blocks, read in call order:
 
 ```text
-<thinking>
-brief reasoning
-</thinking>
+‡‡
+verbatim tool result
+‡‡
 ```
 
 ## Rules
 
-- `NAME` must match a listed function; never wrap calls in JSON or fences.
-- Use attributes only for top-level scalars; put objects, arrays, and long strings in child elements.
-- Strings are verbatim (no quotes, no entity escaping); numbers, booleans, and null are JSON literals.
-- An object opens a child block whose scalar subfields may also be attributes; an array repeats its element once per item.
-- The inline body fills the first unset string-typed parameter and may contain any raw text except `</call:NAME>`.
-- Emit parallel calls as consecutive blocks. NEVER invent call ids; results are positional.
-- Private reasoning goes in a `<thinking>…</thinking>` block before your calls; NEVER put calls inside it.
-- Read each `<tool_response>` in call order. NEVER emit `<tool_response>` yourself.
+- `NAME` MUST match a listed function; never wrap calls in JSON or fences.
+- Put each scalar argument once as `key=value`; reserve the `«…»` body for the one dominant string argument (file contents, patches, commands, queries).
+- Body text is verbatim — include no surrounding quotes. If the body itself contains `»`, widen BOTH guillemet fences equally (`««…»»`, `«««…»»»`).
+- Emit parallel calls as consecutive `§…` blocks. NEVER invent call ids; results are positional.
+- Private reasoning goes in a `¤…¤` block before your calls; NEVER put calls inside it, and keep a literal `¤` out of the reasoning text.
+- Read each `‡‡…‡‡` result in call order. NEVER emit a `‡‡` block yourself.
 - After emitting your tool calls, YOU MUST EMIT THE STOP SEQUENCE AND HALT.