@oh-my-pi/pi-coding-agent 12.7.6 → 12.8.0

package/src/modes/controllers/input-controller.ts

@@ -2,12 +2,12 @@ import * as fs from "node:fs/promises";
 import type { AgentMessage } from "@oh-my-pi/pi-agent-core";
 import { copyToClipboard, readImageFromClipboard, sanitizeText } from "@oh-my-pi/pi-natives";
 import { $env } from "@oh-my-pi/pi-utils";
-import type { SettingPath, SettingValue } from "../../config/settings";
 import { settings } from "../../config/settings";
 import { theme } from "../../modes/theme/theme";
 import type { InteractiveModeContext } from "../../modes/types";
 import type { AgentSessionEvent } from "../../session/agent-session";
 import { SKILL_PROMPT_MESSAGE_TYPE, type SkillPromptDetails } from "../../session/messages";
+import { executeBuiltinSlashCommand } from "../../slash-commands/builtin-registry";
 import { getEditorCommand, openInEditor } from "../../utils/external-editor";
 import { resizeImage } from "../../utils/image-resize";
 import { generateSessionTitle, setTerminalTitle } from "../../utils/title-generator";
@@ -24,6 +24,19 @@ export class InputController {
 	constructor(private ctx: InteractiveModeContext) {}
 
 	setupKeyHandlers(): void {
+		this.ctx.editor.shouldBypassAutocompleteOnEscape = () =>
+			Boolean(
+				this.ctx.loadingAnimation ||
+					this.ctx.session.isStreaming ||
+					this.ctx.session.isCompacting ||
+					this.ctx.session.isGeneratingHandoff ||
+					this.ctx.session.isBashRunning ||
+					this.ctx.session.isPythonRunning ||
+					this.ctx.autoCompactionLoader ||
+					this.ctx.retryLoader ||
+					this.ctx.autoCompactionEscapeHandler ||
+					this.ctx.retryEscapeHandler,
+			);
 		this.ctx.editor.onEscape = () => {
 			if (this.ctx.loadingAnimation) {
 				this.restoreQueuedMessagesToEditor({ abort: true });
@@ -172,191 +185,13 @@ export class InputController {
 
 			if (!text) return;
 
-			// Handle slash commands
-			if (text === "/settings") {
-				this.ctx.showSettingsSelector();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/plan") {
-				await this.ctx.handlePlanModeCommand();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/model" || text === "/models") {
-				this.ctx.showModelSelector();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text.startsWith("/export")) {
-				await this.ctx.handleExportCommand(text);
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/dump") {
-				await this.ctx.handleDumpCommand();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/share") {
-				await this.ctx.handleShareCommand();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/browser" || text.startsWith("/browser ")) {
-				const arg = text.slice(8).trim().toLowerCase();
-				const current = settings.get("browser.headless" as SettingPath) as boolean;
-				let next = current;
-				if (!(settings.get("browser.enabled" as SettingPath) as boolean)) {
-					this.ctx.showWarning("Browser tool is disabled (enable in settings)");
-					this.ctx.editor.setText("");
-					return;
-				}
-				if (!arg) {
-					next = !current;
-				} else if (["headless", "hidden"].includes(arg)) {
-					next = true;
-				} else if (["visible", "show", "headful"].includes(arg)) {
-					next = false;
-				} else {
-					this.ctx.showStatus("Usage: /browser [headless|visible]");
-					this.ctx.editor.setText("");
-					return;
-				}
-				settings.set("browser.headless" as SettingPath, next as SettingValue<SettingPath>);
-				const tool = this.ctx.session.getToolByName("browser");
-				if (tool && "restartForModeChange" in tool) {
-					try {
-						await (tool as { restartForModeChange: () => Promise<void> }).restartForModeChange();
-					} catch (error) {
-						this.ctx.showWarning(
-							`Failed to restart browser: ${error instanceof Error ? error.message : String(error)}`,
-						);
-						this.ctx.editor.setText("");
-						return;
-					}
-				}
-				this.ctx.showStatus(`Browser mode: ${next ? "headless" : "visible"}`);
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/copy") {
-				await this.ctx.handleCopyCommand();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/session") {
-				await this.ctx.handleSessionCommand();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/usage") {
-				await this.ctx.handleUsageCommand();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/changelog") {
-				await this.ctx.handleChangelogCommand();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/hotkeys") {
-				this.ctx.handleHotkeysCommand();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/extensions" || text === "/status") {
-				this.ctx.showExtensionsDashboard();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/branch") {
-				if (settings.get("doubleEscapeAction") === "tree") {
-					this.ctx.showTreeSelector();
-				} else {
-					this.ctx.showUserMessageSelector();
-				}
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/tree") {
-				this.ctx.showTreeSelector();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/login") {
-				this.ctx.showOAuthSelector("login");
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/logout") {
-				this.ctx.showOAuthSelector("logout");
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/new") {
-				this.ctx.editor.setText("");
-				await this.ctx.handleClearCommand();
-				return;
-			}
-			if (text === "/fork") {
-				this.ctx.editor.setText("");
-				await this.ctx.handleForkCommand();
-				return;
-			}
-			if (text === "/move" || text.startsWith("/move ")) {
-				const targetPath = text.slice(6).trim();
-				if (!targetPath) {
-					this.ctx.showError("Usage: /move <path>");
-					this.ctx.editor.setText("");
-					return;
-				}
-				this.ctx.editor.setText("");
-				await this.ctx.handleMoveCommand(targetPath);
-				return;
-			}
-			if (text === "/compact" || text.startsWith("/compact ")) {
-				const customInstructions = text.startsWith("/compact ") ? text.slice(9).trim() : undefined;
-				this.ctx.editor.setText("");
-				await this.ctx.handleCompactCommand(customInstructions);
-				return;
-			}
-			if (text === "/handoff" || text.startsWith("/handoff ")) {
-				const customInstructions = text.startsWith("/handoff ") ? text.slice(9).trim() : undefined;
-				this.ctx.editor.setText("");
-				await this.ctx.handleHandoffCommand(customInstructions);
-				return;
-			}
-			if (text === "/background" || text === "/bg") {
-				this.ctx.editor.setText("");
-				this.handleBackgroundCommand();
-				return;
-			}
-			if (text === "/debug") {
-				this.ctx.showDebugSelector();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/memory" || text.startsWith("/memory ")) {
-				this.ctx.editor.setText("");
-				await this.ctx.handleMemoryCommand(text);
-				return;
-			}
-			if (text === "/resume") {
-				this.ctx.showSessionSelector();
-				this.ctx.editor.setText("");
-				return;
-			}
-			if (text === "/quit" || text === "/exit") {
-				this.ctx.editor.setText("");
-				void this.ctx.shutdown();
-				return;
-			}
-			// Handle MCP server management commands
-			if (text === "/mcp" || text.startsWith("/mcp ")) {
-				this.ctx.editor.addToHistory(text);
-				this.ctx.editor.setText("");
-				await this.ctx.handleMCPCommand(text);
+			// Handle built-in slash commands
+			if (
+				await executeBuiltinSlashCommand(text, {
+					ctx: this.ctx,
+					handleBackgroundCommand: () => this.handleBackgroundCommand(),
+				})
+			) {
 				return;
 			}
 

package/src/modes/controllers/mcp-command-controller.ts

@@ -8,7 +8,14 @@ import { getMCPConfigPath, getProjectDir } from "@oh-my-pi/pi-utils/dirs";
 import type { SourceMeta } from "../../capability/types";
 import { analyzeAuthError, discoverOAuthEndpoints, MCPManager } from "../../mcp";
 import { connectToServer, disconnectServer, listTools } from "../../mcp/client";
-import { addMCPServer, readMCPConfigFile, removeMCPServer, updateMCPServer } from "../../mcp/config-writer";
+import {
+	addMCPServer,
+	readDisabledServers,
+	readMCPConfigFile,
+	removeMCPServer,
+	setServerDisabled,
+	updateMCPServer,
+} from "../../mcp/config-writer";
 import { MCPOAuthFlow } from "../../mcp/oauth-flow";
 import type { MCPServerConfig, MCPServerConnection } from "../../mcp/types";
 import type { OAuthCredential } from "../../session/auth-storage";
@@ -774,7 +781,12 @@ export class MCPCommandController {
 				}
 			}
 
-			if (userServers.length === 0 && projectServers.length === 0 && discoveredServers.length === 0) {
+			if (
+				userServers.length === 0 &&
+				projectServers.length === 0 &&
+				discoveredServers.length === 0 &&
+				(userConfig.disabledServers ?? []).length === 0
+			) {
 				this.#showMessage(
 					[
 						"",
@@ -868,6 +880,17 @@ export class MCPCommandController {
 					lines.push("");
 				}
 			}
+
+			// Show servers disabled via /mcp disable (from third-party configs)
+			const disabledServers = await readDisabledServers(userPath);
+			const relevantDisabled = disabledServers.filter(n => !configServerNames.has(n));
+			if (relevantDisabled.length > 0) {
+				lines.push(theme.fg("accent", "Disabled") + theme.fg("muted", " (discovered servers):"));
+				for (const name of relevantDisabled) {
+					lines.push(`  ${theme.fg("accent", name)}${theme.fg("warning", " ◌ disabled")}`);
+				}
+				lines.push("");
+			}
 			this.#showMessage(lines.join("\n"));
 		} catch (error) {
 			this.ctx.showError(`Failed to list servers: ${error instanceof Error ? error.message : String(error)}`);
@@ -1061,7 +1084,41 @@ export class MCPCommandController {
 		try {
 			const found = await this.#findConfiguredServer(name);
 			if (!found) {
-				this.ctx.showError(`Server "${name}" not found.`);
+				// Check if this is a discovered server from a third-party config
+				const userConfigPath = getMCPConfigPath("user", getProjectDir());
+				const disabledServers = new Set(await readDisabledServers(userConfigPath));
+				const isDiscovered = this.ctx.mcpManager?.getSource(name);
+				const isCurrentlyDisabled = disabledServers.has(name);
+				if (!isDiscovered && !isCurrentlyDisabled) {
+					this.ctx.showError(`Server "${name}" not found.`);
+					return;
+				}
+				if (isCurrentlyDisabled === !enabled) {
+					this.#showMessage(
+						["", theme.fg("muted", `Server "${name}" is already ${enabled ? "enabled" : "disabled"}.`), ""].join(
+							"\n",
+						),
+					);
+					return;
+				}
+				await setServerDisabled(userConfigPath, name, !enabled);
+				if (enabled) {
+					await this.#reloadMCP();
+					const state = await this.#waitForServerConnectionWithAnimation(name);
+					const status =
+						state === "connected"
+							? theme.fg("success", "Connected")
+							: state === "connecting"
+								? theme.fg("muted", "Connecting")
+								: theme.fg("warning", "Not connected yet");
+					this.#showMessage(
+						["", theme.fg("success", `\u2713 Enabled "${name}"`), "", `  Status: ${status}`, ""].join("\n"),
+					);
+				} else {
+					await this.ctx.mcpManager?.disconnectServer(name);
+					await this.ctx.session.refreshMCPTools(this.ctx.mcpManager?.getTools() ?? []);
+					this.#showMessage(["", theme.fg("success", `\u2713 Disabled "${name}"`), ""].join("\n"));
+				}
 				return;
 			}
 

package/src/modes/interactive-mode.ts

@@ -911,8 +911,8 @@ export class InteractiveMode implements InteractiveModeContext {
 		return this.#commandController.handleUsageCommand(reports);
 	}
 
-	async handleChangelogCommand(): Promise<void> {
-		await this.#commandController.handleChangelogCommand();
+	async handleChangelogCommand(showFull = false): Promise<void> {
+		await this.#commandController.handleChangelogCommand(showFull);
 	}
 
 	handleHotkeysCommand(): void {

package/src/modes/types.ts

@@ -140,7 +140,7 @@ export interface InteractiveModeContext {
 	handleCopyCommand(): Promise<void>;
 	handleSessionCommand(): Promise<void>;
 	handleUsageCommand(reports?: UsageReport[] | null): Promise<void>;
-	handleChangelogCommand(): Promise<void>;
+	handleChangelogCommand(showFull?: boolean): Promise<void>;
 	handleHotkeysCommand(): void;
 	handleDumpCommand(): Promise<void>;
 	handleClearCommand(): Promise<void>;

package/src/sdk.ts

@@ -47,6 +47,7 @@ import {
 import { disposeAllKernelSessions } from "./ipy/executor";
 import { discoverAndLoadMCPTools, type MCPManager, type MCPToolsLoadResult } from "./mcp";
 import { buildMemoryToolDeveloperInstructions, startMemoryStartupTask } from "./memories";
+import { collectEnvSecrets, loadSecrets, obfuscateMessages, SecretObfuscator } from "./secrets";
 import { AgentSession } from "./session/agent-session";
 import { AuthStorage } from "./session/auth-storage";
 import { convertToLlm } from "./session/messages";
@@ -1127,6 +1128,25 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 		});
 	};
 
+	// Load and create secret obfuscator if secrets are enabled
+	let obfuscator: SecretObfuscator | undefined;
+	if (settings.get("secrets.enabled")) {
+		const fileEntries = await loadSecrets(cwd, agentDir);
+		const envEntries = collectEnvSecrets();
+		const allEntries = [...envEntries, ...fileEntries];
+		if (allEntries.length > 0) {
+			obfuscator = new SecretObfuscator(allEntries);
+		}
+		time("loadSecrets");
+	}
+
+	// Final convertToLlm: chain block-images filter with secret obfuscation
+	const convertToLlmFinal = (messages: AgentMessage[]): Message[] => {
+		const converted = convertToLlmWithBlockImages(messages);
+		if (!obfuscator?.hasSecrets()) return converted;
+		return obfuscateMessages(obfuscator, converted);
+	};
+
 	const setToolUIContext = (uiContext: ExtensionUIContext, hasUI: boolean) => {
 		toolContextStore.setUIContext(uiContext, hasUI);
 	};
@@ -1146,7 +1166,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 			thinkingLevel,
 			tools: initialTools,
 		},
-		convertToLlm: convertToLlmWithBlockImages,
+		convertToLlm: convertToLlmFinal,
 		sessionId: sessionManager.getSessionId(),
 		transformContext: extensionRunner
 			? async messages => {
@@ -1171,6 +1191,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 			return key;
 		},
 		cursorExecHandlers,
+		transformToolCallArguments: obfuscator?.hasSecrets() ? args => obfuscator!.deobfuscateObject(args) : undefined,
 	});
 	cursorEventEmitter = event => agent.emitExternalEvent(event);
 	debugStartup("sdk:createAgent");
@@ -1207,6 +1228,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 		rebuildSystemPrompt,
 		ttsrManager,
 		forceCopilotAgentInitiator,
+		obfuscator,
 	});
 	debugStartup("sdk:createAgentSession");
 	time("createAgentSession");

package/src/secrets/index.ts

@@ -0,0 +1,116 @@
+import * as path from "node:path";
+import { isEnoent, logger } from "@oh-my-pi/pi-utils";
+import { YAML } from "bun";
+import type { SecretEntry } from "./obfuscator";
+import { compileSecretRegex } from "./regex";
+
+export { obfuscateMessages, type SecretEntry, SecretObfuscator } from "./obfuscator";
+
+/**
+ * Load secrets from project-local and global secrets.yml files.
+ * Project-local entries override global entries with matching content.
+ */
+export async function loadSecrets(cwd: string, agentDir: string): Promise<SecretEntry[]> {
+	const projectPath = path.join(cwd, ".omp", "secrets.yml");
+	const globalPath = path.join(agentDir, "secrets.yml");
+
+	const globalEntries = await loadSecretsFile(globalPath);
+	const projectEntries = await loadSecretsFile(projectPath);
+
+	if (globalEntries.length === 0) return projectEntries;
+	if (projectEntries.length === 0) return globalEntries;
+
+	// Merge: project overrides global by content match
+	const projectContents = new Set(projectEntries.map(e => e.content));
+	const merged = [...globalEntries.filter(e => !projectContents.has(e.content)), ...projectEntries];
+	return merged;
+}
+
+/** Minimum env var value length to consider as a secret. */
+const MIN_ENV_VALUE_LENGTH = 8;
+
+/** Env var name patterns that indicate secret values. */
+const SECRET_ENV_PATTERNS = /(?:KEY|SECRET|TOKEN|PASSWORD|PASS|AUTH|CREDENTIAL|PRIVATE|OAUTH)(?:_|$)/i;
+
+/** Collect environment variable values that look like secrets. */
+export function collectEnvSecrets(): SecretEntry[] {
+	const entries: SecretEntry[] = [];
+	const seen = new Set<string>();
+	for (const [name, value] of Object.entries(process.env)) {
+		if (!value || value.length < MIN_ENV_VALUE_LENGTH) continue;
+		if (!SECRET_ENV_PATTERNS.test(name)) continue;
+		if (seen.has(value)) continue;
+		seen.add(value);
+		entries.push({ type: "plain", content: value, mode: "obfuscate" });
+	}
+	return entries;
+}
+
+async function loadSecretsFile(filePath: string): Promise<SecretEntry[]> {
+	try {
+		const text = await Bun.file(filePath).text();
+		const raw = YAML.parse(text);
+		if (!Array.isArray(raw)) {
+			logger.warn("secrets.yml must be a YAML array", { path: filePath });
+			return [];
+		}
+		const entries: SecretEntry[] = [];
+		for (let i = 0; i < raw.length; i++) {
+			const entry = raw[i];
+			if (!validateEntry(entry, filePath, i)) continue;
+			entries.push({
+				type: entry.type,
+				content: entry.content,
+				mode: entry.mode ?? "obfuscate",
+				replacement: entry.replacement,
+				flags: entry.flags,
+			});
+		}
+		return entries;
+	} catch (err) {
+		if (isEnoent(err)) return [];
+		logger.warn("Failed to load secrets.yml", { path: filePath, error: String(err) });
+		return [];
+	}
+}
+
+function validateEntry(entry: unknown, filePath: string, index: number): entry is SecretEntry {
+	if (entry === null || typeof entry !== "object") {
+		logger.warn(`secrets.yml[${index}]: entry must be an object`, { path: filePath });
+		return false;
+	}
+	const e = entry as Record<string, unknown>;
+	if (e.type !== "plain" && e.type !== "regex") {
+		logger.warn(`secrets.yml[${index}]: type must be "plain" or "regex"`, { path: filePath });
+		return false;
+	}
+	if (typeof e.content !== "string" || e.content.length === 0) {
+		logger.warn(`secrets.yml[${index}]: content must be a non-empty string`, { path: filePath });
+		return false;
+	}
+	if (e.mode !== undefined && e.mode !== "obfuscate" && e.mode !== "replace") {
+		logger.warn(`secrets.yml[${index}]: mode must be "obfuscate" or "replace"`, { path: filePath });
+		return false;
+	}
+	if (e.replacement !== undefined && typeof e.replacement !== "string") {
+		logger.warn(`secrets.yml[${index}]: replacement must be a string`, { path: filePath });
+		return false;
+	}
+	if (e.flags !== undefined && typeof e.flags !== "string") {
+		logger.warn(`secrets.yml[${index}]: flags must be a string`, { path: filePath });
+		return false;
+	}
+	if (e.type === "regex") {
+		try {
+			compileSecretRegex(e.content as string, e.flags as string | undefined);
+		} catch (error) {
+			logger.warn(`secrets.yml[${index}]: invalid regex pattern`, {
+				path: filePath,
+				pattern: e.content,
+				error: String(error),
+			});
+			return false;
+		}
+	}
+	return true;
+}