@oh-my-pi/pi-coding-agent 13.10.0 → 13.10.1

package/CHANGELOG.md

@@ -2,6 +2,15 @@
 
 ## [Unreleased]
 
+## [13.10.1] - 2026-03-10
+### Added
+
+- Exported `submitInteractiveInput()` function for programmatic submission of user input in interactive mode
+- Added proactive OAuth token refresh for MCP server connections with 5-minute expiry buffer
+- Added reactive 401/403 retry with automatic token refresh on HTTP MCP transports
+- Added `refreshMCPOAuthToken()` for standard OAuth 2.0 refresh_token grants
+- Persisted `tokenUrl`, `clientId`, and `clientSecret` in MCP auth config for cross-session token refresh
+
 ## [13.10.0] - 2026-03-10
 ### Fixed
 

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-coding-agent",
-	"version": "13.10.0",
+	"version": "13.10.1",
 	"description": "Coding agent CLI with read, bash, edit, write tools and session management",
 	"homepage": "https://github.com/can1357/oh-my-pi",
 	"author": "Can Boluk",
@@ -41,12 +41,12 @@
 	},
 	"dependencies": {
 		"@mozilla/readability": "^0.6",
-		"@oh-my-pi/omp-stats": "13.10.0",
-		"@oh-my-pi/pi-agent-core": "13.10.0",
-		"@oh-my-pi/pi-ai": "13.10.0",
-		"@oh-my-pi/pi-natives": "13.10.0",
-		"@oh-my-pi/pi-tui": "13.10.0",
-		"@oh-my-pi/pi-utils": "13.10.0",
+		"@oh-my-pi/omp-stats": "13.10.1",
+		"@oh-my-pi/pi-agent-core": "13.10.1",
+		"@oh-my-pi/pi-ai": "13.10.1",
+		"@oh-my-pi/pi-natives": "13.10.1",
+		"@oh-my-pi/pi-tui": "13.10.1",
+		"@oh-my-pi/pi-utils": "13.10.1",
 		"@sinclair/typebox": "^0.34",
 		"@xterm/headless": "^6.0",
 		"ajv": "^8.18",

package/src/main.ts

@@ -26,6 +26,7 @@ import { exportFromFile } from "./export/html";
 import type { ExtensionUIContext } from "./extensibility/extensions/types";
 import { InteractiveMode, runPrintMode, runRpcMode } from "./modes";
 import { initTheme, stopThemeWatcher } from "./modes/theme/theme";
+import type { SubmittedUserInput } from "./modes/types";
 import { type CreateAgentSessionOptions, createAgentSession, discoverAuthStorage } from "./sdk";
 import type { AgentSession } from "./session/agent-session";
 import { resolveResumableSession, type SessionInfo, SessionManager } from "./session/session-manager";
@@ -66,6 +67,29 @@ export interface InteractiveModeNotify {
 	message: string;
 }
 
+export async function submitInteractiveInput(
+	mode: Pick<InteractiveMode, "markPendingSubmissionStarted" | "finishPendingSubmission" | "showError">,
+	session: Pick<AgentSession, "prompt">,
+	input: SubmittedUserInput,
+): Promise<void> {
+	if (input.cancelled) {
+		return;
+	}
+
+	try {
+		// Continue shortcuts submit an already-started empty prompt with no optimistic user message.
+		if (!input.started && !mode.markPendingSubmissionStarted(input)) {
+			return;
+		}
+		await session.prompt(input.text, { images: input.images });
+	} catch (error: unknown) {
+		const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
+		mode.showError(errorMessage);
+	} finally {
+		mode.finishPendingSubmission(input);
+	}
+}
+
 async function runInteractiveMode(
 	session: AgentSession,
 	version: string,
@@ -126,20 +150,7 @@ async function runInteractiveMode(
 
 	while (true) {
 		const input = await mode.getUserInput();
-		if (input.cancelled) {
-			continue;
-		}
-		try {
-			if (!mode.markPendingSubmissionStarted(input)) {
-				continue;
-			}
-			await session.prompt(input.text, { images: input.images });
-		} catch (error: unknown) {
-			const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
-			mode.showError(errorMessage);
-		} finally {
-			mode.finishPendingSubmission(input);
-		}
+		await submitInteractiveInput(mode, session, input);
 	}
 }
 

package/src/mcp/manager.ts

@@ -25,9 +25,11 @@ import {
 	unsubscribeFromResources,
 } from "./client";
 import { loadAllMCPConfigs, validateServerConfig } from "./config";
+import { refreshMCPOAuthToken } from "./oauth-flow";
 import type { MCPToolDetails } from "./tool-bridge";
 import { DeferredMCPTool, MCPTool } from "./tool-bridge";
 import type { MCPToolCache } from "./tool-cache";
+import { HttpTransport } from "./transports/http";
 import type {
 	MCPGetPromptResult,
 	MCPPrompt,
@@ -315,6 +317,18 @@ export class MCPManager {
 						this.#pendingConnections.delete(name);
 						this.#connections.set(name, connection);
 					}
+
+					// Wire auth refresh for HTTP transports so 401s trigger token refresh
+					if (connection.transport instanceof HttpTransport && config.auth?.type === "oauth") {
+						connection.transport.onAuthError = async () => {
+							const refreshed = await this.#resolveAuthConfig(config, true);
+							if (refreshed.type === "http" || refreshed.type === "sse") {
+								return refreshed.headers ?? null;
+							}
+							return null;
+						};
+					}
+
 					return connection;
 				},
 				error => {
@@ -814,15 +828,39 @@ export class MCPManager {
 	/**
 	 * Resolve OAuth credentials and shell commands in config.
 	 */
-	async #resolveAuthConfig(config: MCPServerConfig): Promise<MCPServerConfig> {
+	async #resolveAuthConfig(config: MCPServerConfig, forceRefresh = false): Promise<MCPServerConfig> {
 		let resolved: MCPServerConfig = { ...config };
 
 		const auth = config.auth;
 		if (auth?.type === "oauth" && auth.credentialId && this.#authStorage) {
 			const credentialId = auth.credentialId;
 			try {
-				const credential = this.#authStorage.get(credentialId);
+				let credential = this.#authStorage.get(credentialId);
 				if (credential?.type === "oauth") {
+					// Proactive refresh: 5-minute buffer before expiry
+					// Force refresh: on 401/403 auth errors (revoked tokens, clock skew, missing expires)
+					const REFRESH_BUFFER_MS = 5 * 60_000;
+					const shouldRefresh =
+						forceRefresh || (credential.expires && Date.now() >= credential.expires - REFRESH_BUFFER_MS);
+					if (shouldRefresh && credential.refresh && auth.tokenUrl) {
+						try {
+							const refreshed = await refreshMCPOAuthToken(
+								auth.tokenUrl,
+								credential.refresh,
+								auth.clientId,
+								auth.clientSecret,
+							);
+							const refreshedCredential = { type: "oauth" as const, ...refreshed };
+							await this.#authStorage.set(credentialId, refreshedCredential);
+							credential = refreshedCredential;
+						} catch (refreshError) {
+							logger.warn("MCP OAuth refresh failed, using existing token", {
+								credentialId,
+								error: refreshError,
+							});
+						}
+					}
+
 					if (resolved.type === "http" || resolved.type === "sse") {
 						resolved = {
 							...resolved,

package/src/mcp/oauth-flow.ts

@@ -254,3 +254,44 @@ export class MCPOAuthFlow extends OAuthCallbackFlow {
 		}
 	}
 }
+
+/**
+ * Refresh an MCP OAuth token using the standard refresh_token grant.
+ * Returns updated credentials; preserves the old refresh token if the server doesn't rotate it.
+ */
+export async function refreshMCPOAuthToken(
+	tokenUrl: string,
+	refreshToken: string,
+	clientId?: string,
+	clientSecret?: string,
+): Promise<OAuthCredentials> {
+	const params = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: refreshToken,
+	});
+	if (clientId) params.set("client_id", clientId);
+	if (clientSecret) params.set("client_secret", clientSecret);
+
+	const response = await fetch(tokenUrl, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: params.toString(),
+	});
+
+	if (!response.ok) {
+		const text = await response.text();
+		throw new Error(`MCP OAuth refresh failed: ${response.status} ${text}`);
+	}
+
+	const data = (await response.json()) as {
+		access_token: string;
+		refresh_token?: string;
+		expires_in?: number;
+	};
+	const expiresIn = data.expires_in ?? 3600;
+	return {
+		access: data.access_token,
+		refresh: data.refresh_token ?? refreshToken,
+		expires: Date.now() + expiresIn * 1000,
+	};
+}

package/src/mcp/transports/http.ts

@@ -26,6 +26,8 @@ export class HttpTransport implements MCPTransport {
 	onClose?: () => void;
 	onError?: (error: Error) => void;
 	onNotification?: (method: string, params: unknown) => void;
+	/** Called on 401/403 to attempt token refresh. Returns updated headers or null. */
+	onAuthError?: () => Promise<Record<string, string> | null>;
 
 	constructor(private config: MCPHttpServerConfig | MCPSseServerConfig) {}
 
@@ -102,6 +104,27 @@ export class HttpTransport implements MCPTransport {
 		method: string,
 		params?: Record<string, unknown>,
 		options?: MCPRequestOptions,
+	): Promise<T> {
+		try {
+			return await this.#executeRequest<T>(method, params, options);
+		} catch (error) {
+			// Retry once on auth failure if onAuthError is wired
+			if (this.onAuthError && error instanceof Error && /^HTTP (401|403):/.test(error.message)) {
+				const newHeaders = await this.onAuthError();
+				if (newHeaders) {
+					// Persist refreshed headers so subsequent requests use them directly
+					this.config = { ...this.config, headers: newHeaders };
+					return this.#executeRequest<T>(method, params, options);
+				}
+			}
+			throw error;
+		}
+	}
+
+	async #executeRequest<T>(
+		method: string,
+		params: Record<string, unknown> | undefined,
+		options: MCPRequestOptions | undefined,
 	): Promise<T> {
 		if (!this.#connected) {
 			throw new Error("Transport not connected");

package/src/mcp/types.ts

@@ -49,6 +49,12 @@ export interface MCPAuthConfig {
 	type: "oauth" | "apikey";
 	/** Credential ID for OAuth (references agent.db) */
 	credentialId?: string;
+	/** Token endpoint URL — persisted for proactive token refresh */
+	tokenUrl?: string;
+	/** Client ID — persisted for token refresh */
+	clientId?: string;
+	/** Client secret — persisted for token refresh */
+	clientSecret?: string;
 }
 
 /** Base server config with shared options */

package/src/modes/components/mcp-add-wizard.ts

@@ -1030,6 +1030,9 @@ export class MCPAddWizard extends Container {
 				config.auth = {
 					type: "oauth",
 					credentialId: this.#state.oauthCredentialId,
+					tokenUrl: this.#state.oauthTokenUrl || undefined,
+					clientId: this.#state.oauthClientId || undefined,
+					clientSecret: this.#state.oauthClientSecret || undefined,
 				};
 			}
 
@@ -1054,6 +1057,9 @@ export class MCPAddWizard extends Container {
 			config.auth = {
 				type: "oauth",
 				credentialId: this.#state.oauthCredentialId,
+				tokenUrl: this.#state.oauthTokenUrl || undefined,
+				clientId: this.#state.oauthClientId || undefined,
+				clientSecret: this.#state.oauthClientSecret || undefined,
 			};
 		}
 
@@ -1250,6 +1256,9 @@ export class MCPAddWizard extends Container {
 				config.auth = {
 					type: "oauth",
 					credentialId: this.#state.oauthCredentialId,
+					tokenUrl: this.#state.oauthTokenUrl || undefined,
+					clientId: this.#state.oauthClientId || undefined,
+					clientSecret: this.#state.oauthClientSecret || undefined,
 				};
 			}
 
@@ -1275,6 +1284,9 @@ export class MCPAddWizard extends Container {
 			config.auth = {
 				type: "oauth",
 				credentialId: this.#state.oauthCredentialId,
+				tokenUrl: this.#state.oauthTokenUrl || undefined,
+				clientId: this.#state.oauthClientId || undefined,
+				clientSecret: this.#state.oauthClientSecret || undefined,
 			};
 		}
 

package/src/modes/components/settings-defs.ts

@@ -226,7 +226,7 @@ const OPTION_PROVIDERS: Partial<Record<SettingPath, OptionProvider>> = {
 			label: "Auto",
 			description: "Preferred web-search provider",
 		},
-		{ value: "exa", label: "Exa", description: "Requires EXA_API_KEY" },
+		{ value: "exa", label: "Exa", description: "Uses Exa API when EXA_API_KEY is set; falls back to Exa MCP" },
 		{ value: "brave", label: "Brave", description: "Requires BRAVE_API_KEY" },
 		{ value: "jina", label: "Jina", description: "Requires JINA_API_KEY" },
 		{ value: "kimi", label: "Kimi", description: "Requires MOONSHOT_SEARCH_API_KEY or MOONSHOT_API_KEY" },

package/src/modes/controllers/mcp-command-controller.ts

@@ -413,6 +413,9 @@ export class MCPCommandController {
 								auth: {
 									type: "oauth",
 									credentialId,
+									tokenUrl: oauth.tokenUrl,
+									clientId: oauth.clientId ?? finalConfig.oauth?.clientId,
+									clientSecret: undefined,
 								},
 							};
 						} catch (oauthError) {
@@ -1296,7 +1299,9 @@ export class MCPCommandController {
 			}
 
 			const currentAuth = (
-				found.config as MCPServerConfig & { auth?: { type: "oauth" | "apikey"; credentialId?: string } }
+				found.config as MCPServerConfig & {
+					auth?: { type: "oauth" | "apikey"; credentialId?: string; clientSecret?: string };
+				}
 			).auth;
 			if (currentAuth?.type === "oauth") {
 				await this.#removeManagedOAuthCredential(currentAuth.credentialId);
@@ -1321,6 +1326,9 @@ export class MCPCommandController {
 				auth: {
 					type: "oauth",
 					credentialId,
+					tokenUrl: oauth.tokenUrl,
+					clientId: oauth.clientId ?? found.config.oauth?.clientId,
+					clientSecret: currentAuth?.clientSecret,
 				},
 			};
 			await updateMCPServer(found.filePath, name, updated);

package/src/session/session-manager.ts

@@ -629,15 +629,11 @@ function writeTerminalBreadcrumb(cwd: string, sessionFile: string): void {
 	const terminalId = getTerminalId();
 	if (!terminalId) return;
 
-	try {
-		const breadcrumbDir = path.join(getDefaultAgentDir(), TERMINAL_SESSIONS_DIR);
-		const breadcrumbFile = path.join(breadcrumbDir, terminalId);
-		const content = `${cwd}\n${sessionFile}\n`;
-		// Bun.write auto-creates parent dirs
-		void Bun.write(breadcrumbFile, content);
-	} catch {
-		// Best-effort — don't break session creation if breadcrumb fails
-	}
+	const breadcrumbDir = path.join(getDefaultAgentDir(), TERMINAL_SESSIONS_DIR);
+	const breadcrumbFile = path.join(breadcrumbDir, terminalId);
+	const content = `${cwd}\n${sessionFile}\n`;
+	// Best-effort — don't break session creation if breadcrumb fails
+	Bun.write(breadcrumbFile, content).catch(() => {});
 }
 
 /**

package/src/tools/json-tree.ts

@@ -14,7 +14,7 @@ export const JSON_TREE_SCALAR_LEN_COLLAPSED = 60;
 export const JSON_TREE_SCALAR_LEN_EXPANDED = 2000;
 
 /** Keys injected by the harness that should not be displayed to users */
-const HIDDEN_ARG_KEYS = new Set([INTENT_FIELD]);
+const HIDDEN_ARG_KEYS = new Set([INTENT_FIELD, "__partialJson"]);
 
 /** Strip harness-internal keys from tool args for display */
 export function stripInternalArgs(args: Record<string, unknown>): Record<string, unknown> {