@oh-my-pi/pi-coding-agent 13.12.8 → 13.12.10

package/CHANGELOG.md

@@ -2,6 +2,34 @@
 
 ## [Unreleased]
 
+## [13.12.10] - 2026-03-17
+### Added
+
+- Added `args` field to ShellResult to capture the executed command
+- Added `exit_code` property to ShellResult as an alias for `returncode`
+- Added `check_returncode()` method to ShellResult to raise CalledProcessError on non-zero exit codes
+
+### Changed
+
+- Renamed `code` field to `returncode` in ShellResult (accessible via `code` property for backward compatibility)
+- Updated `run()` command documentation to clarify available ShellResult fields
+
+## [13.12.9] - 2026-03-17
+### Added
+
+- Added `/session delete` command to delete current session with confirmation and return to session selector
+- Added session deletion in session selector via Delete key with confirmation dialog
+
+### Changed
+
+- Changed session deletion callback to return a boolean indicating success, allowing callers to distinguish between failed deletions and upstream cancellations
+
+### Fixed
+
+- Fixed OAuth redirect URI validation to preserve exact configured values without adding trailing slashes
+- Fixed session deletion error handling to display error messages in the session selector UI instead of silently failing
+- Added `oauth.redirectUri`, `oauth.clientSecret`, and `oauth.callbackPath` support for MCP server OAuth config so providers can use exact registered redirect URIs while preserving local callback listener settings ([#445](https://github.com/can1357/oh-my-pi/issues/445))
+
 ## [13.12.8] - 2026-03-16
 
 ### Breaking Changes

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-coding-agent",
-	"version": "13.12.8",
+	"version": "13.12.10",
 	"description": "Coding agent CLI with read, bash, edit, write tools and session management",
 	"homepage": "https://github.com/can1357/oh-my-pi",
 	"author": "Can Boluk",
@@ -41,12 +41,12 @@
 	},
 	"dependencies": {
 		"@mozilla/readability": "^0.6",
-		"@oh-my-pi/omp-stats": "13.12.8",
-		"@oh-my-pi/pi-agent-core": "13.12.8",
-		"@oh-my-pi/pi-ai": "13.12.8",
-		"@oh-my-pi/pi-natives": "13.12.8",
-		"@oh-my-pi/pi-tui": "13.12.8",
-		"@oh-my-pi/pi-utils": "13.12.8",
+		"@oh-my-pi/omp-stats": "13.12.10",
+		"@oh-my-pi/pi-agent-core": "13.12.10",
+		"@oh-my-pi/pi-ai": "13.12.10",
+		"@oh-my-pi/pi-natives": "13.12.10",
+		"@oh-my-pi/pi-tui": "13.12.10",
+		"@oh-my-pi/pi-utils": "13.12.10",
 		"@sinclair/typebox": "^0.34",
 		"@xterm/headless": "^6.0",
 		"ajv": "^8.18",

package/src/capability/mcp.ts

@@ -31,11 +31,17 @@ export interface MCPServer {
 	auth?: {
 		type: "oauth" | "apikey";
 		credentialId?: string;
+		tokenUrl?: string;
+		clientId?: string;
+		clientSecret?: string;
 	};
-	/** OAuth configuration (clientId, callbackPort) for servers requiring explicit client credentials */
+	/** OAuth configuration (clientId, clientSecret, redirectUri, callbackPort, callbackPath) for servers requiring explicit client credentials */
 	oauth?: {
 		clientId?: string;
+		clientSecret?: string;
+		redirectUri?: string;
 		callbackPort?: number;
+		callbackPath?: string;
 	};
 	/** Transport type */
 	transport?: "stdio" | "sse" | "http";

package/src/cli/session-picker.ts

@@ -1,42 +1,52 @@
-/**
- * TUI session selector for --resume flag
- */
 import { ProcessTerminal, TUI } from "@oh-my-pi/pi-tui";
 import { SessionSelectorComponent } from "../modes/components/session-selector";
 import type { SessionInfo } from "../session/session-manager";
+import { FileSessionStorage } from "../session/session-storage";
 
 /** Show TUI session selector and return selected session path or null if cancelled */
 export async function selectSession(sessions: SessionInfo[]): Promise<string | null> {
 	const { promise, resolve } = Promise.withResolvers<string | null>();
 	const ui = new TUI(new ProcessTerminal());
 	let resolved = false;
-	const selector = new SessionSelectorComponent(
-		sessions,
-		(path: string) => {
-			if (!resolved) {
-				resolved = true;
-				ui.stop();
-				resolve(path);
-			}
-		},
-		() => {
-			if (!resolved) {
-				resolved = true;
-				ui.stop();
-				resolve(null);
-			}
-		},
-		() => {
-			if (!resolved) {
-				resolved = true;
-				ui.stop();
-				process.exit(0);
-			}
-		},
-	);
+	const storage = new FileSessionStorage();
 
+	const showSelector = () => {
+		const selector = new SessionSelectorComponent(
+			sessions,
+			(path: string) => {
+				if (!resolved) {
+					resolved = true;
+					ui.stop();
+					resolve(path);
+				}
+			},
+			() => {
+				if (!resolved) {
+					resolved = true;
+					ui.stop();
+					resolve(null);
+				}
+			},
+			() => {
+				if (!resolved) {
+					resolved = true;
+					ui.stop();
+					process.exit(0);
+				}
+			},
+			async (session: SessionInfo) => {
+				// Delete handler - SessionList will show confirmation internally
+				await storage.deleteSessionWithArtifacts(session.path);
+				return true;
+			},
+		);
+		return selector;
+	};
+
+	const selector = showSelector();
+	selector.setOnRequestRender(() => ui.requestRender());
 	ui.addChild(selector);
-	ui.setFocus(selector.getSessionList());
+	ui.setFocus(selector);
 	ui.start();
 	return promise;
 }

package/src/discovery/builtin.ts

@@ -160,8 +160,24 @@ async function loadMCPServers(ctx: LoadContext): Promise<LoadResult<MCPServer>>
 				env: serverConfig.env as Record<string, string> | undefined,
 				url: serverConfig.url as string | undefined,
 				headers: serverConfig.headers as Record<string, string> | undefined,
-				auth: serverConfig.auth as { type: "oauth" | "apikey"; credentialId?: string } | undefined,
-				oauth: serverConfig.oauth as { clientId?: string; callbackPort?: number } | undefined,
+				auth: serverConfig.auth as
+					| {
+							type: "oauth" | "apikey";
+							credentialId?: string;
+							tokenUrl?: string;
+							clientId?: string;
+							clientSecret?: string;
+					  }
+					| undefined,
+				oauth: serverConfig.oauth as
+					| {
+							clientId?: string;
+							clientSecret?: string;
+							redirectUri?: string;
+							callbackPort?: number;
+							callbackPath?: string;
+					  }
+					| undefined,
 				transport: serverConfig.type as "stdio" | "sse" | "http" | undefined,
 				_source: createSourceMeta(PROVIDER_ID, path, level),
 			});

package/src/discovery/mcp-json.ts

@@ -34,9 +34,18 @@ interface MCPConfigFile {
 			auth?: {
 				type: "oauth" | "apikey";
 				credentialId?: string;
+				tokenUrl?: string;
+				clientId?: string;
+				clientSecret?: string;
 			};
 			type?: "stdio" | "sse" | "http";
-			oauth?: { clientId?: string; callbackPort?: number };
+			oauth?: {
+				clientId?: string;
+				clientSecret?: string;
+				redirectUri?: string;
+				callbackPort?: number;
+				callbackPath?: string;
+			};
 		}
 	>;
 }
@@ -93,7 +102,8 @@ function transformMCPConfig(config: MCPConfigFile, source: SourceMeta): MCPServe
 			if (server.env) server.env = expandEnvVarsDeep(server.env);
 			if (server.url) server.url = expandEnvVarsDeep(server.url);
 			if (server.headers) server.headers = expandEnvVarsDeep(server.headers);
-
+			if (server.auth) server.auth = expandEnvVarsDeep(server.auth);
+			if (server.oauth) server.oauth = expandEnvVarsDeep(server.oauth);
 			servers.push(server);
 		}
 	}

package/src/ipy/prelude.py

@@ -305,23 +305,40 @@ if "__omp_prelude_loaded__" not in globals():
 
     class ShellResult:
         """Result from shell command execution."""
-        __slots__ = ("stdout", "stderr", "code")
-        def __init__(self, stdout: str, stderr: str, code: int):
+        __slots__ = ("args", "stdout", "stderr", "returncode")
+        def __init__(self, args: str, stdout: str, stderr: str, returncode: int):
+            self.args = args
             self.stdout = stdout
             self.stderr = stderr
-            self.code = code
+            self.returncode = returncode
+
+        @property
+        def code(self) -> int:
+            return self.returncode
+
+        @property
+        def exit_code(self) -> int:
+            return self.returncode
+
+        def check_returncode(self) -> None:
+            if self.returncode != 0:
+                raise subprocess.CalledProcessError(
+                    self.returncode, self.args, output=self.stdout, stderr=self.stderr
+                )
+
         def __repr__(self):
-            if self.code == 0:
+            if self.returncode == 0:
                 return ""
-            return f"exit code {self.code}"
+            return f"exit code {self.returncode}"
+
         def __bool__(self):
-            return self.code == 0
+            return self.returncode == 0
 
     def _make_shell_result(proc: subprocess.CompletedProcess[str], cmd: str) -> ShellResult:
         """Create ShellResult and emit status."""
         output = proc.stdout + proc.stderr if proc.stderr else proc.stdout
         _emit_status("sh", cmd=cmd[:80], code=proc.returncode, output=output[:500])
-        return ShellResult(proc.stdout, proc.stderr, proc.returncode)
+        return ShellResult(cmd, proc.stdout, proc.stderr, proc.returncode)
 
     import signal as _signal
 
@@ -356,7 +373,7 @@ if "__omp_prelude_loaded__" not in globals():
 
     @_category("Shell")
     def run(cmd: str, *, cwd: str | Path | None = None, timeout: int | None = None) -> ShellResult:
-        """Run a shell command."""
+        """Run a shell command. Returns ShellResult with stdout/stderr and returncode/exit_code fields."""
         shell_path = shutil.which("bash") or shutil.which("sh") or "/bin/sh"
         args = [shell_path, "-c", cmd]
         return _run_with_interrupt(args, str(cwd) if cwd else None, timeout, cmd)

package/src/mcp/oauth-flow.ts

@@ -6,11 +6,97 @@
  */
 
 import type { OAuthController, OAuthCredentials } from "@oh-my-pi/pi-ai";
+import type { OAuthCallbackFlowOptions } from "@oh-my-pi/pi-ai/utils/oauth/callback-server";
 import { OAuthCallbackFlow } from "@oh-my-pi/pi-ai/utils/oauth/callback-server";
 
 const DEFAULT_PORT = 3000;
 const CALLBACK_PATH = "/callback";
 
+function isLoopbackHostname(hostname: string): boolean {
+	return hostname === "localhost" || hostname === "127.0.0.1";
+}
+
+function resolveRedirectUri(redirectUri: string | undefined): string | undefined {
+	const configured = redirectUri;
+	const trimmed = configured?.trim();
+	if (!trimmed) return undefined;
+	if (trimmed !== configured) {
+		throw new Error("OAuth redirect URI must not include surrounding whitespace");
+	}
+
+	const parsed = new URL(configured);
+	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+		throw new Error("OAuth redirect URI must use http or https");
+	}
+	return configured;
+}
+
+function parseRedirectUri(redirectUri: string | undefined): URL | undefined {
+	return redirectUri ? new URL(redirectUri) : undefined;
+}
+
+function getUriPort(uri: URL): number {
+	if (uri.port !== "") return Number(uri.port);
+	return uri.protocol === "https:" ? 443 : 80;
+}
+
+function validateRedirectConfig(config: MCPOAuthConfig, redirectUri: string | undefined): void {
+	const parsed = parseRedirectUri(redirectUri);
+	if (!parsed || parsed.protocol !== "https:" || !isLoopbackHostname(parsed.hostname)) {
+		return;
+	}
+
+	if (config.callbackPort === undefined) {
+		throw new Error(
+			"HTTPS loopback redirect URIs require oauth.callbackPort to point at the local HTTP callback listener behind your TLS terminator",
+		);
+	}
+
+	if (config.callbackPort === getUriPort(parsed)) {
+		throw new Error(
+			"HTTPS loopback redirect URIs cannot reuse the same local port; terminate TLS separately and forward to oauth.callbackPort",
+		);
+	}
+}
+
+function resolveCallbackPort(callbackPort: number | undefined, redirectUri: string | undefined): number {
+	if (callbackPort !== undefined) return callbackPort;
+
+	const parsed = parseRedirectUri(redirectUri);
+	if (!parsed || parsed.protocol !== "http:" || !isLoopbackHostname(parsed.hostname)) {
+		return DEFAULT_PORT;
+	}
+
+	const port = getUriPort(parsed);
+	return Number.isFinite(port) && port > 0 ? port : DEFAULT_PORT;
+}
+
+function resolveCallbackPath(callbackPath: string | undefined, redirectUri: string | undefined): string {
+	const trimmed = callbackPath?.trim();
+	if (trimmed) return trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
+
+	const parsed = parseRedirectUri(redirectUri);
+	if (parsed?.pathname) return parsed.pathname;
+	return CALLBACK_PATH;
+}
+
+function resolveCallbackHostname(redirectUri: string | undefined): string | undefined {
+	const parsed = parseRedirectUri(redirectUri);
+	if (!parsed || !isLoopbackHostname(parsed.hostname)) return undefined;
+	return parsed.hostname;
+}
+
+function resolveCallbackOptions(config: MCPOAuthConfig): OAuthCallbackFlowOptions {
+	const redirectUri = resolveRedirectUri(config.redirectUri);
+	validateRedirectConfig(config, redirectUri);
+	return {
+		preferredPort: resolveCallbackPort(config.callbackPort, redirectUri),
+		callbackPath: resolveCallbackPath(config.callbackPath, redirectUri),
+		callbackHostname: resolveCallbackHostname(redirectUri),
+		redirectUri,
+	};
+}
+
 export interface MCPOAuthConfig {
 	/** Authorization endpoint URL */
 	authorizationUrl: string;
@@ -22,8 +108,12 @@ export interface MCPOAuthConfig {
 	clientSecret?: string;
 	/** OAuth scopes (space-separated) */
 	scopes?: string;
+	/** Exact redirect URI to advertise to the provider */
+	redirectUri?: string;
 	/** Custom callback port (default: 3000) */
 	callbackPort?: number;
+	/** Custom callback path (default: /callback or redirectUri pathname) */
+	callbackPath?: string;
 }
 
 /**
@@ -39,7 +129,7 @@ export class MCPOAuthFlow extends OAuthCallbackFlow {
 		private config: MCPOAuthConfig,
 		ctrl: OAuthController,
 	) {
-		super(ctrl, config.callbackPort ?? DEFAULT_PORT, CALLBACK_PATH);
+		super(ctrl, resolveCallbackOptions(config));
 		this.#resolvedClientId = this.#resolveClientId(config);
 	}
 

package/src/mcp/types.ts

@@ -68,7 +68,10 @@ interface MCPServerConfigBase {
 	/** OAuth configuration for servers requiring explicit client credentials */
 	oauth?: {
 		clientId?: string;
+		clientSecret?: string;
+		redirectUri?: string;
 		callbackPort?: number;
+		callbackPath?: string;
 	};
 }
 

package/src/modes/components/session-selector.ts

@@ -4,6 +4,7 @@ import {
 	Input,
 	matchesKey,
 	padding,
+	replaceTabs,
 	Spacer,
 	Text,
 	truncateToWidth,
@@ -13,6 +14,7 @@ import { theme } from "../../modes/theme/theme";
 import type { SessionInfo } from "../../session/session-manager";
 import { fuzzyFilter } from "../../utils/fuzzy";
 import { DynamicBorder } from "./dynamic-border";
+import { HookSelectorComponent } from "./hook-selector";
 
 /**
  * Custom session list component with multi-line items and search
@@ -26,6 +28,8 @@ class SessionList implements Component {
 	onExit: () => void = () => {};
 	#maxVisible: number = 5; // Max sessions visible (each session is 3 lines: msg + metadata + blank)
 
+	onDeleteRequest?: (session: SessionInfo) => void;
+
 	constructor(
 		private readonly allSessions: SessionInfo[],
 		private readonly showCwd = false,
@@ -59,6 +63,18 @@ class SessionList implements Component {
 		this.#selectedIndex = Math.min(this.#selectedIndex, Math.max(0, this.#filteredSessions.length - 1));
 	}
 
+	removeSession(sessionPath: string): void {
+		const index = this.allSessions.findIndex(s => s.path === sessionPath);
+		if (index === -1) return;
+		this.allSessions.splice(index, 1);
+		// Re-filter to update filteredSessions
+		this.#filterSessions(this.#searchInput.getValue());
+		// Adjust selectedIndex if we deleted the last item or beyond
+		if (this.#selectedIndex >= this.#filteredSessions.length) {
+			this.#selectedIndex = Math.max(0, this.#filteredSessions.length - 1);
+		}
+	}
+
 	invalidate(): void {
 		// No cached state to invalidate currently
 	}
@@ -157,78 +173,105 @@ class SessionList implements Component {
 			lines.push(scrollInfo);
 		}
 
+		// Add keybinding hint
+		lines.push("");
+		lines.push(theme.fg("muted", "  [Del to delete, Enter to select, Esc to cancel]"));
+
 		return lines;
 	}
 
 	handleInput(keyData: string): void {
+		// Delete key - request delete confirmation from parent
+		if (matchesKey(keyData, "delete")) {
+			const selected = this.#filteredSessions[this.#selectedIndex];
+			if (selected && this.onDeleteRequest) {
+				this.onDeleteRequest(selected);
+			}
+			return;
+		}
+
 		// Up arrow
 		if (matchesKey(keyData, "up")) {
 			this.#selectedIndex = Math.max(0, this.#selectedIndex - 1);
+			return;
 		}
 		// Down arrow
-		else if (matchesKey(keyData, "down")) {
+		if (matchesKey(keyData, "down")) {
 			this.#selectedIndex = Math.min(this.#filteredSessions.length - 1, this.#selectedIndex + 1);
+			return;
 		}
 		// Page up - jump up by maxVisible items
-		else if (matchesKey(keyData, "pageUp")) {
+		if (matchesKey(keyData, "pageUp")) {
 			this.#selectedIndex = Math.max(0, this.#selectedIndex - this.#maxVisible);
+			return;
 		}
 		// Page down - jump down by maxVisible items
-		else if (matchesKey(keyData, "pageDown")) {
+		if (matchesKey(keyData, "pageDown")) {
 			this.#selectedIndex = Math.min(this.#filteredSessions.length - 1, this.#selectedIndex + this.#maxVisible);
+			return;
 		}
 		// Enter
-		else if (matchesKey(keyData, "enter") || matchesKey(keyData, "return") || keyData === "\n") {
+		if (matchesKey(keyData, "enter") || matchesKey(keyData, "return") || keyData === "\n") {
 			const selected = this.#filteredSessions[this.#selectedIndex];
 			if (selected && this.onSelect) {
 				this.onSelect(selected.path);
 			}
+			return;
 		}
 		// Escape - cancel
-		else if (matchesKey(keyData, "escape") || matchesKey(keyData, "esc")) {
+		if (matchesKey(keyData, "escape") || matchesKey(keyData, "esc")) {
 			if (this.onCancel) {
 				this.onCancel();
 			}
+			return;
 		}
 		// Ctrl+C - exit
-		else if (matchesKey(keyData, "ctrl+c")) {
+		if (matchesKey(keyData, "ctrl+c")) {
 			this.onExit();
+			return;
 		}
 		// Pass everything else to search input
-		else {
-			this.#searchInput.handleInput(keyData);
-			this.#filterSessions(this.#searchInput.getValue());
-		}
+		this.#searchInput.handleInput(keyData);
+		this.#filterSessions(this.#searchInput.getValue());
 	}
 }
 
 /**
- * Component that renders a session selector
+ * Component that renders a session selector with optional confirmation dialog
  */
 export class SessionSelectorComponent extends Container {
 	#sessionList: SessionList;
+	#confirmationDialog: HookSelectorComponent | null = null;
+	#messageContainer: Container;
+	#onDelete?: (session: SessionInfo) => Promise<boolean>;
+	#onRequestRender?: () => void;
 
 	constructor(
 		sessions: SessionInfo[],
 		onSelect: (sessionPath: string) => void,
 		onCancel: () => void,
 		onExit: () => void,
+		onDelete?: (session: SessionInfo) => Promise<boolean>,
 	) {
 		super();
 
+		this.#messageContainer = new Container();
+		this.#onDelete = onDelete;
 		// Add header
 		this.addChild(new Spacer(1));
 		this.addChild(new Text(theme.bold("Resume Session"), 1, 0));
 		this.addChild(new Spacer(1));
 		this.addChild(new DynamicBorder());
 		this.addChild(new Spacer(1));
-
+		this.addChild(this.#messageContainer);
 		// Create session list
 		this.#sessionList = new SessionList(sessions);
 		this.#sessionList.onSelect = onSelect;
 		this.#sessionList.onCancel = onCancel;
 		this.#sessionList.onExit = onExit;
-
+		this.#sessionList.onDeleteRequest = (session: SessionInfo) => {
+			this.#showDeleteConfirmation(session);
+		};
 		this.addChild(this.#sessionList);
 
 		// Add bottom border
@@ -236,6 +279,63 @@ export class SessionSelectorComponent extends Container {
 		this.addChild(new DynamicBorder());
 	}
 
+	setOnRequestRender(callback: () => void): void {
+		this.#onRequestRender = callback;
+	}
+
+	#clearError(): void {
+		this.#messageContainer.clear();
+	}
+
+	#showError(message: string): void {
+		this.#messageContainer.clear();
+		this.#messageContainer.addChild(new Text(theme.fg("error", `Error: ${replaceTabs(message)}`), 1, 0));
+		this.#messageContainer.addChild(new Spacer(1));
+	}
+
+	#showDeleteConfirmation(session: SessionInfo): void {
+		const displayName = session.title || session.firstMessage.slice(0, 40) || session.id;
+		this.#confirmationDialog = new HookSelectorComponent(
+			`Delete session?\n${displayName}`,
+			["Yes", "No"],
+			async (option: string) => {
+				if (option === "Yes" && this.#onDelete) {
+					this.#clearError();
+					try {
+						const deleted = await this.#onDelete(session);
+						if (deleted) {
+							this.#sessionList.removeSession(session.path);
+						}
+					} catch (err) {
+						this.#showError(err instanceof Error ? err.message : String(err));
+					}
+				}
+				// Close confirmation dialog
+				this.removeChild(this.#confirmationDialog!);
+				this.#confirmationDialog = null;
+				// Request rerender
+				this.#onRequestRender?.();
+			},
+			() => {
+				// Cancel - close confirmation dialog
+				this.removeChild(this.#confirmationDialog!);
+				this.#confirmationDialog = null;
+				// Request rerender
+				this.#onRequestRender?.();
+			},
+		);
+		// Show confirmation dialog
+		this.addChild(this.#confirmationDialog);
+	}
+
+	handleInput(keyData: string): void {
+		if (this.#confirmationDialog) {
+			this.#confirmationDialog.handleInput(keyData);
+		} else {
+			this.#sessionList.handleInput(keyData);
+		}
+	}
+
 	getSessionList(): SessionList {
 		return this.#sessionList;
 	}