@oh-my-pi/pi-coding-agent 14.1.1 → 14.2.0

package/src/web/search/providers/brave.ts

@@ -10,6 +10,7 @@ import { SearchProviderError } from "../../../web/search/types";
 import { clampNumResults, dateToAgeSeconds } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
+import { isApiKeyAvailable } from "./utils";
 
 const BRAVE_SEARCH_URL = "https://api.search.brave.com/res/v1/web/search";
 const DEFAULT_NUM_RESULTS = 10;
@@ -132,11 +133,7 @@ export class BraveProvider extends SearchProvider {
 	readonly label = "Brave";
 
 	isAvailable() {
-		try {
-			return !!findApiKey();
-		} catch {
-			return false;
-		}
+		return isApiKeyAvailable(findApiKey);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {

package/src/web/search/providers/codex.ts

@@ -6,6 +6,8 @@
  * Returns synthesized answers with web search sources.
  */
 import * as os from "node:os";
+import { getBundledModels } from "@oh-my-pi/pi-ai";
+import { decodeJwt } from "@oh-my-pi/pi-ai/utils/oauth/openai-codex";
 import { $env, getAgentDbPath, readSseJson } from "@oh-my-pi/pi-utils";
 import packageJson from "../../../../package.json" with { type: "json" };
 import { AgentStorage } from "../../../session/agent-storage";
@@ -16,14 +18,29 @@ import { SearchProvider } from "./base";
 
 const CODEX_BASE_URL = "https://chatgpt.com/backend-api";
 const CODEX_RESPONSES_PATH = "/codex/responses";
-const DEFAULT_MODEL = "gpt-5-codex-mini";
+const FALLBACK_MODEL = "gpt-5-codex-mini";
+const DEFAULT_MODEL_PREFERENCES = [
+	"gpt-5-codex-mini",
+	"gpt-5.4",
+	"gpt-5.3-codex",
+	"gpt-5.2-codex",
+	"gpt-5.1-codex",
+	"gpt-5-codex",
+];
 const JWT_CLAIM_PATH = "https://api.openai.com/auth";
 const DEFAULT_INSTRUCTIONS =
 	"You are a helpful assistant with web search capabilities. Search the web to answer the user's question accurately and cite your sources.";
 
 function getModel(): string {
 	const configuredModel = $env.PI_CODEX_WEB_SEARCH_MODEL?.trim();
-	return configuredModel ? configuredModel : DEFAULT_MODEL;
+	if (configuredModel) return configuredModel;
+
+	const bundledModels = getBundledModels("openai-codex");
+	const bundledIds = new Set(bundledModels.map(model => model.id));
+	const preferred = DEFAULT_MODEL_PREFERENCES.find(modelId => bundledIds.has(modelId));
+	if (preferred) return preferred;
+	const nonMini = bundledModels.find(model => !model.id.includes("mini") && !model.id.includes("spark"));
+	return nonMini?.id ?? bundledModels[0]?.id ?? FALLBACK_MODEL;
 }
 
 export interface CodexSearchParams {
@@ -44,11 +61,6 @@ interface CodexOAuthCredential {
 	accountId?: string;
 }
 
-/** JWT payload structure for extracting account ID */
-type JwtPayload = {
-	[key: string]: unknown;
-};
-
 /** Codex API response structure */
 interface CodexResponseItem {
 	type: string;
@@ -94,23 +106,6 @@ function isImagePlaceholderAnswer(text: string): boolean {
 	return text.trim().toLowerCase() === "(see attached image)";
 }
 
-/**
- * Decodes a JWT token and extracts the payload.
- * @param token - JWT token string
- * @returns Decoded payload, or null if parsing fails
- */
-function decodeJwt(token: string): JwtPayload | null {
-	try {
-		const parts = token.split(".");
-		if (parts.length !== 3) return null;
-		const payload = parts[1] ?? "";
-		const decoded = Buffer.from(payload, "base64").toString("utf-8");
-		return JSON.parse(decoded) as JwtPayload;
-	} catch {
-		return null;
-	}
-}
-
 /**
  * Extracts account ID from a Codex access token.
  * @param accessToken - JWT access token
@@ -223,6 +218,7 @@ async function callCodexSearch(
 		method: "POST",
 		headers,
 		body: JSON.stringify(body),
+		signal: options.signal,
 	});
 
 	if (!response.ok) {

package/src/web/search/providers/gemini.ts

@@ -10,6 +10,7 @@ import {
 	extractRetryDelay,
 	getAntigravityHeaders,
 	getGeminiCliHeaders,
+	refreshAntigravityToken,
 	refreshGoogleCloudToken,
 } from "@oh-my-pi/pi-ai";
 import { getAgentDbPath } from "@oh-my-pi/pi-utils";
@@ -72,6 +73,30 @@ interface GeminiAuth {
 	isAntigravity: boolean;
 	storage: AgentStorage;
 	credentialId: number;
+	credential: GeminiOAuthCredential;
+}
+
+async function refreshGeminiAuth(auth: GeminiAuth): Promise<boolean> {
+	if (!auth.refreshToken) return false;
+	try {
+		const refreshed = auth.isAntigravity
+			? await refreshAntigravityToken(auth.refreshToken, auth.projectId)
+			: await refreshGoogleCloudToken(auth.refreshToken, auth.projectId);
+		auth.accessToken = refreshed.access;
+		auth.refreshToken = refreshed.refresh ?? auth.refreshToken;
+		auth.storage.updateAuthCredential(auth.credentialId, {
+			...auth.credential,
+			access: auth.accessToken,
+			refresh: auth.refreshToken,
+			expires: refreshed.expires,
+		});
+		auth.credential.access = auth.accessToken;
+		auth.credential.refresh = auth.refreshToken;
+		auth.credential.expires = refreshed.expires;
+		return true;
+	} catch {
+		return false;
+	}
 }
 
 /**
@@ -108,7 +133,10 @@ export async function findGeminiAuth(): Promise<GeminiAuth | null> {
 					// Try to refresh if we have a refresh token
 					if (oauthCred.refresh) {
 						try {
-							const refreshed = await refreshGoogleCloudToken(oauthCred.refresh, projectId);
+							const refreshed =
+								provider === "google-antigravity"
+									? await refreshAntigravityToken(oauthCred.refresh, projectId)
+									: await refreshGoogleCloudToken(oauthCred.refresh, projectId);
 							// Update the credential in storage
 							const updated = {
 								...oauthCred,
@@ -124,6 +152,7 @@ export async function findGeminiAuth(): Promise<GeminiAuth | null> {
 								isAntigravity: provider === "google-antigravity",
 								storage,
 								credentialId: record.id,
+								credential: updated,
 							};
 						} catch {
 							// Refresh failed, skip this credential
@@ -141,6 +170,7 @@ export async function findGeminiAuth(): Promise<GeminiAuth | null> {
 					isAntigravity: provider === "google-antigravity",
 					storage,
 					credentialId: record.id,
+					credential: oauthCred,
 				};
 			}
 		}
@@ -310,6 +340,14 @@ async function callGeminiSearch(
 			}
 
 			const errorText = await response.text();
+			const canRefreshAuth =
+				response.status === 401 ||
+				response.status === 403 ||
+				(response.status === 400 &&
+					/api key not valid|invalid credentials|invalid authentication/i.test(errorText));
+			if (canRefreshAuth && attempt === 0 && (await refreshGeminiAuth(auth))) {
+				continue;
+			}
 			const isRetryableStatus =
 				response.status === 429 ||
 				response.status === 500 ||

package/src/web/search/providers/jina.ts

@@ -10,6 +10,7 @@ import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
+import { isApiKeyAvailable } from "./utils";
 
 const JINA_SEARCH_URL = "https://s.jina.ai";
 
@@ -83,11 +84,7 @@ export class JinaProvider extends SearchProvider {
 	readonly label = "Jina";
 
 	isAvailable() {
-		try {
-			return !!findApiKey();
-		} catch {
-			return false;
-		}
+		return isApiKeyAvailable(findApiKey);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {

package/src/web/search/providers/kagi.ts

@@ -6,9 +6,10 @@
 import type { SearchResponse } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import { findKagiApiKey, KagiApiError, searchWithKagi } from "../../kagi";
-import { clampNumResults, dateToAgeSeconds } from "../utils";
+import { clampNumResults } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
+import { toSearchSources } from "./utils";
 
 const DEFAULT_NUM_RESULTS = 10;
 const MAX_NUM_RESULTS = 40;
@@ -29,13 +30,7 @@ export async function searchKagi(params: {
 
 		return {
 			provider: "kagi",
-			sources: result.sources.slice(0, numResults).map(source => ({
-				title: source.title,
-				url: source.url,
-				snippet: source.snippet,
-				publishedDate: source.publishedDate,
-				ageSeconds: dateToAgeSeconds(source.publishedDate),
-			})),
+			sources: toSearchSources(result.sources, numResults),
 			relatedQuestions: result.relatedQuestions.length > 0 ? result.relatedQuestions : undefined,
 			requestId: result.requestId,
 		};

package/src/web/search/providers/kimi.ts

@@ -11,7 +11,7 @@ import { SearchProviderError } from "../../../web/search/types";
 import { clampNumResults, dateToAgeSeconds } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { findCredential } from "./utils";
+import { findCredential, isApiKeyAvailable } from "./utils";
 
 const KIMI_SEARCH_URL = "https://api.kimi.com/coding/v1/search";
 
@@ -139,12 +139,8 @@ export class KimiProvider extends SearchProvider {
 	readonly id = "kimi";
 	readonly label = "Kimi";
 
-	async isAvailable(): Promise<boolean> {
-		try {
-			return !!(await findApiKey());
-		} catch {
-			return false;
-		}
+	isAvailable(): Promise<boolean> {
+		return isApiKeyAvailable(findApiKey);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {

package/src/web/search/providers/parallel.ts

@@ -1,9 +1,10 @@
 import type { SearchResponse } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import { findParallelApiKey, ParallelApiError, searchWithParallel } from "../../parallel";
-import { clampNumResults, dateToAgeSeconds } from "../utils";
+import { clampNumResults } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
+import { toSearchSources } from "./utils";
 
 const DEFAULT_NUM_RESULTS = 10;
 const MAX_NUM_RESULTS = 40;
@@ -24,13 +25,7 @@ export async function searchParallel(params: {
 
 		return {
 			provider: "parallel",
-			sources: result.sources.slice(0, numResults).map(source => ({
-				title: source.title,
-				url: source.url,
-				snippet: source.snippet,
-				publishedDate: source.publishedDate,
-				ageSeconds: dateToAgeSeconds(source.publishedDate),
-			})),
+			sources: toSearchSources(result.sources, numResults),
 			requestId: result.requestId,
 		};
 	} catch (err) {

package/src/web/search/providers/synthetic.ts

@@ -10,7 +10,7 @@ import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { findCredential } from "./utils";
+import { findCredential, isApiKeyAvailable } from "./utils";
 
 const SYNTHETIC_SEARCH_URL = "https://api.synthetic.new/v2/search";
 
@@ -95,12 +95,8 @@ export class SyntheticProvider extends SearchProvider {
 	readonly id = "synthetic";
 	readonly label = "Synthetic";
 
-	async isAvailable(): Promise<boolean> {
-		try {
-			return !!(await findApiKey());
-		} catch {
-			return false;
-		}
+	isAvailable(): Promise<boolean> {
+		return isApiKeyAvailable(findApiKey);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {

package/src/web/search/providers/tavily.ts

@@ -10,7 +10,7 @@ import { SearchProviderError } from "../../../web/search/types";
 import { clampNumResults, dateToAgeSeconds } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { findCredential } from "./utils";
+import { findCredential, isApiKeyAvailable } from "./utils";
 
 const TAVILY_SEARCH_URL = "https://api.tavily.com/search";
 const DEFAULT_NUM_RESULTS = 5;
@@ -63,17 +63,25 @@ export async function findApiKey(): Promise<string | null> {
 	return findCredential(getEnvApiKey("tavily"), "tavily");
 }
 
-function buildRequestBody(params: TavilySearchParams): Record<string, unknown> {
+/** Exported for testing. Builds the Tavily request body from unified params. */
+export function buildRequestBody(params: TavilySearchParams): Record<string, unknown> {
 	const numResults = clampNumResults(params.num_results, DEFAULT_NUM_RESULTS, MAX_NUM_RESULTS);
-	return {
+	// Tavily's `topic` (general/news/finance) and `time_range` are orthogonal
+	// dimensions in the upstream API. Recency is a temporal filter only; it must
+	// not narrow the index to news-only, which would break technical queries
+	// (release notes, docs, GitHub) whenever a user sets --recency. Always use
+	// the default "general" topic and only send `time_range` when recency is set.
+	const body: Record<string, unknown> = {
 		query: params.query,
 		search_depth: "basic",
-		topic: params.recency ? "news" : "general",
-		time_range: params.recency,
 		max_results: numResults,
 		include_answer: "advanced",
 		include_raw_content: false,
 	};
+	if (params.recency) {
+		body.time_range = params.recency;
+	}
+	return body;
 }
 
 async function callTavilySearch(apiKey: string, params: TavilySearchParams): Promise<TavilySearchResponse> {
@@ -143,12 +151,8 @@ export class TavilyProvider extends SearchProvider {
 	readonly id = "tavily";
 	readonly label = "Tavily";
 
-	async isAvailable(): Promise<boolean> {
-		try {
-			return !!(await findApiKey());
-		} catch {
-			return false;
-		}
+	isAvailable(): Promise<boolean> {
+		return isApiKeyAvailable(findApiKey);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {

package/src/web/search/providers/utils.ts

@@ -1,5 +1,7 @@
 import { getAgentDbPath } from "@oh-my-pi/pi-utils";
 import { AgentStorage } from "../../../session/agent-storage";
+import type { SearchSource } from "../../../web/search/types";
+import { dateToAgeSeconds } from "../utils";
 
 /**
  * Search for an API credential by checking an env-derived key first,
@@ -34,3 +36,37 @@ export async function findCredential(
 
 	return null;
 }
+
+/**
+ * Probe whether a provider's API key lookup resolves to a truthy value.
+ * Swallows lookup errors and reports unavailability.
+ */
+export async function isApiKeyAvailable(findApiKey: () => string | null | Promise<string | null>) {
+	try {
+		return !!(await findApiKey());
+	} catch {
+		return false;
+	}
+}
+
+/**
+ * Map a provider's raw source list to the unified SearchSource shape,
+ * clamped to the requested result count and annotated with ageSeconds.
+ */
+export function toSearchSources(
+	sources: ReadonlyArray<{
+		title: string;
+		url: string;
+		snippet?: string;
+		publishedDate?: string;
+	}>,
+	numResults: number,
+): SearchSource[] {
+	return sources.slice(0, numResults).map(source => ({
+		title: source.title,
+		url: source.url,
+		snippet: source.snippet,
+		publishedDate: source.publishedDate,
+		ageSeconds: dateToAgeSeconds(source.publishedDate),
+	}));
+}

package/src/web/search/providers/zai.ts

@@ -11,7 +11,7 @@ import { SearchProviderError } from "../../../web/search/types";
 import { dateToAgeSeconds } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { findCredential } from "./utils";
+import { findCredential, isApiKeyAvailable } from "./utils";
 
 const ZAI_MCP_URL = "https://api.z.ai/api/mcp/web_search_prime/mcp";
 const ZAI_TOOL_NAME = "webSearchPrime";
@@ -294,12 +294,8 @@ export class ZaiProvider extends SearchProvider {
 	readonly id = "zai";
 	readonly label = "Z.AI";
 
-	async isAvailable(): Promise<boolean> {
-		try {
-			return !!(await findApiKey());
-		} catch {
-			return false;
-		}
+	isAvailable(): Promise<boolean> {
+		return isApiKeyAvailable(findApiKey);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {