@oh-my-pi/pi-coding-agent 14.5.8 → 14.5.10

package/src/tools/{run-command → recipe}/runner.ts

@@ -9,6 +9,8 @@ export interface RunnerTask {
 	commandPrefix?: string;
 	/** Token passed to the runner command; defaults to `name`. Used when display names are namespaced. */
 	commandName?: string;
+	/** Working directory for the task, relative to the session cwd; absent means the runner's root cwd. */
+	cwd?: string;
 }
 
 export interface DetectedRunner {
@@ -39,16 +41,20 @@ interface PromptTaskModel {
 	paramSig?: string;
 	command?: string;
 	doc?: string;
+	cwd?: string;
 }
 
+const PROMPT_TASK_LIMIT = 20;
+
 interface PromptRunnerModel {
 	id: string;
 	label: string;
 	commandPrefix: string;
 	tasks: PromptTaskModel[];
+	hiddenTaskCount?: number;
 }
 
-export interface RunCommandPromptModel {
+export interface RecipePromptModel {
 	[key: string]: unknown;
 	hasMultipleRunners: boolean;
 	ambiguityExampleRunner?: string;
@@ -101,7 +107,7 @@ function resolveRunnerAndTask(
 ): { runner: DetectedRunner; task: RunnerTask; tail: string } {
 	const { head, tail } = parseOp(op);
 	if (!head) {
-		throw new ToolError(`run_command op is empty. Available tasks:\n${formatAvailableTasks(runners)}`);
+		throw new ToolError(`recipe op is empty. Available tasks:\n${formatAvailableTasks(runners)}`);
 	}
 
 	const colonIndex = head.indexOf(":");
@@ -136,12 +142,18 @@ function resolveRunnerAndTask(
 	);
 }
 
-export function resolveCommand(op: string, runners: DetectedRunner[]): string {
+export interface ResolvedTask {
+	command: string;
+	cwd?: string;
+}
+
+export function resolveCommand(op: string, runners: DetectedRunner[]): ResolvedTask {
 	const { runner, task, tail } = resolveRunnerAndTask(op, runners);
-	return buildCommand(task.commandPrefix ?? runner.commandPrefix, task.commandName ?? task.name, tail);
+	const command = buildCommand(task.commandPrefix ?? runner.commandPrefix, task.commandName ?? task.name, tail);
+	return task.cwd ? { command, cwd: task.cwd } : { command };
 }
 
-export function commandFromOp(op: string | undefined, runners: DetectedRunner[]): string | undefined {
+export function resolveTaskFromOp(op: string | undefined, runners: DetectedRunner[]): ResolvedTask | undefined {
 	if (!op) return undefined;
 	try {
 		return resolveCommand(op, runners);
@@ -150,6 +162,14 @@ export function commandFromOp(op: string | undefined, runners: DetectedRunner[])
 	}
 }
 
+export function commandFromOp(op: string | undefined, runners: DetectedRunner[]): string | undefined {
+	return resolveTaskFromOp(op, runners)?.command;
+}
+
+export function cwdFromOp(op: string | undefined, runners: DetectedRunner[]): string | undefined {
+	return resolveTaskFromOp(op, runners)?.cwd;
+}
+
 export function titleFromOp(op: string | undefined, runners: DetectedRunner[]): string {
 	if (!op) return "Run";
 	const { head } = parseOp(op);
@@ -177,7 +197,7 @@ function findAmbiguityExample(runners: DetectedRunner[]): { runner: string; task
 	return firstRunner && firstTask ? { runner: firstRunner.id, task: firstTask.name } : undefined;
 }
 
-export function buildPromptModel(runners: DetectedRunner[]): RunCommandPromptModel {
+export function buildPromptModel(runners: DetectedRunner[]): RecipePromptModel {
 	const ambiguityExample = findAmbiguityExample(runners);
 	return {
 		hasMultipleRunners: runners.length > 1,
@@ -187,11 +207,12 @@ export function buildPromptModel(runners: DetectedRunner[]): RunCommandPromptMod
 			id: runner.id,
 			label: runner.label,
 			commandPrefix: runner.commandPrefix,
-			tasks: runner.tasks.map(task => ({
+			tasks: runner.tasks.slice(0, PROMPT_TASK_LIMIT).map(task => ({
 				name: task.name,
 				paramSig: task.parameters.length > 0 ? task.parameters.join(" ") : undefined,
 				command: buildCommand(task.commandPrefix ?? runner.commandPrefix, task.commandName ?? task.name, ""),
 				doc: task.doc,
+				cwd: task.cwd,
 			})),
 		})),
 	};

package/src/tools/{run-command → recipe}/runners/pkg.ts

@@ -9,9 +9,23 @@ interface PackageJsonInfo {
 	workspaces: string[];
 }
 
-interface PackageCommandInfo {
-	rootCommandPrefix: string;
-	workspaceCommandPrefix: (relativeDir: string) => string;
+async function resolvePackageRunner(cwd: string): Promise<string> {
+	if ((await isFile(path.join(cwd, "bun.lock"))) || (await isFile(path.join(cwd, "bun.lockb")))) {
+		return "bun run";
+	}
+	if (await isFile(path.join(cwd, "pnpm-lock.yaml"))) {
+		return "pnpm run";
+	}
+	if (await isFile(path.join(cwd, "yarn.lock"))) {
+		return "yarn";
+	}
+	if ((await isFile(path.join(cwd, "package-lock.json"))) || (await isFile(path.join(cwd, "npm-shrinkwrap.json")))) {
+		return "npm run";
+	}
+	if ($which("bun")) {
+		return "bun run";
+	}
+	return "npm run";
 }
 
 function isRecord(value: unknown): value is Record<string, unknown> {
@@ -32,43 +46,6 @@ async function isFile(filePath: string): Promise<boolean> {
 	}
 }
 
-async function resolvePackageRunner(cwd: string): Promise<PackageCommandInfo> {
-	if ((await isFile(path.join(cwd, "bun.lock"))) || (await isFile(path.join(cwd, "bun.lockb")))) {
-		return {
-			rootCommandPrefix: "bun run",
-			workspaceCommandPrefix: relativeDir => `bun --cwd ${shellQuote(relativeDir)} run`,
-		};
-	}
-	if (await isFile(path.join(cwd, "pnpm-lock.yaml"))) {
-		return {
-			rootCommandPrefix: "pnpm run",
-			workspaceCommandPrefix: relativeDir => `pnpm --dir ${shellQuote(relativeDir)} run`,
-		};
-	}
-	if (await isFile(path.join(cwd, "yarn.lock"))) {
-		return {
-			rootCommandPrefix: "yarn",
-			workspaceCommandPrefix: relativeDir => `yarn --cwd ${shellQuote(relativeDir)}`,
-		};
-	}
-	if ((await isFile(path.join(cwd, "package-lock.json"))) || (await isFile(path.join(cwd, "npm-shrinkwrap.json")))) {
-		return {
-			rootCommandPrefix: "npm run",
-			workspaceCommandPrefix: relativeDir => `npm --prefix ${shellQuote(relativeDir)} run`,
-		};
-	}
-	if ($which("bun")) {
-		return {
-			rootCommandPrefix: "bun run",
-			workspaceCommandPrefix: relativeDir => `bun --cwd ${shellQuote(relativeDir)} run`,
-		};
-	}
-	return {
-		rootCommandPrefix: "npm run",
-		workspaceCommandPrefix: relativeDir => `npm --prefix ${shellQuote(relativeDir)} run`,
-	};
-}
-
 function parseWorkspacePatterns(pkg: Record<string, unknown>): string[] {
 	const { workspaces } = pkg;
 	if (Array.isArray(workspaces)) return workspaces.filter((entry): entry is string => typeof entry === "string");
@@ -129,22 +106,17 @@ function packageTaskName(packageName: string | undefined, packageDir: string, sc
 	return `${packageName ?? packageDir}/${scriptName}`;
 }
 
-function tasksForPackage(options: {
-	pkg: PackageJsonInfo;
-	packageDir: string;
-	commandPrefix: string;
-	namespaced: boolean;
-}): RunnerTask[] {
+function tasksForPackage(options: { pkg: PackageJsonInfo; packageDir: string; namespaced: boolean }): RunnerTask[] {
 	return options.pkg.scripts.map(scriptName => ({
 		name: options.namespaced ? packageTaskName(options.pkg.name, options.packageDir, scriptName) : scriptName,
 		doc: options.namespaced ? options.packageDir : undefined,
 		parameters: [],
-		commandPrefix: options.commandPrefix,
+		cwd: options.namespaced ? options.packageDir : undefined,
 		commandName: shellQuote(scriptName),
 	}));
 }
 
-async function readPackageTasks(cwd: string, commandInfo: PackageCommandInfo): Promise<RunnerTask[] | null> {
+async function readPackageTasks(cwd: string): Promise<RunnerTask[] | null> {
 	const rootPkg = await readPackageJson(path.join(cwd, "package.json"));
 	if (!rootPkg) return null;
 	const workspacePackageJsons = await findWorkspacePackageJsons(cwd, rootPkg.workspaces);
@@ -155,7 +127,6 @@ async function readPackageTasks(cwd: string, commandInfo: PackageCommandInfo): P
 			...tasksForPackage({
 				pkg: rootPkg,
 				packageDir: ".",
-				commandPrefix: commandInfo.rootCommandPrefix,
 				namespaced: false,
 			}),
 		);
@@ -169,7 +140,6 @@ async function readPackageTasks(cwd: string, commandInfo: PackageCommandInfo): P
 			...tasksForPackage({
 				pkg,
 				packageDir,
-				commandPrefix: commandInfo.workspaceCommandPrefix(packageDir),
 				namespaced: true,
 			}),
 		);
@@ -183,10 +153,10 @@ export const pkgRunner: TaskRunner = {
 	label: "Pkg",
 	async detect(cwd: string): Promise<DetectedRunner | null> {
 		try {
-			const commandInfo = await resolvePackageRunner(cwd);
-			const tasks = await readPackageTasks(cwd, commandInfo);
+			const commandPrefix = await resolvePackageRunner(cwd);
+			const tasks = await readPackageTasks(cwd);
 			if (!tasks || tasks.length === 0) return null;
-			return { id: "pkg", label: "Pkg", commandPrefix: commandInfo.rootCommandPrefix, tasks };
+			return { id: "pkg", label: "Pkg", commandPrefix, tasks };
 		} catch (err) {
 			logger.debug("package runner probe failed", { error: err instanceof Error ? err.message : String(err) });
 			return null;

package/src/tools/renderers.ts

@@ -23,8 +23,8 @@ import { jobToolRenderer } from "./job";
 import { notebookToolRenderer } from "./notebook";
 import { pythonToolRenderer } from "./python";
 import { readToolRenderer } from "./read";
+import { recipeToolRenderer } from "./recipe/render";
 import { resolveToolRenderer } from "./resolve";
-import { runCommandToolRenderer } from "./run-command/render";
 import { searchToolRenderer } from "./search";
 import { searchToolBm25Renderer } from "./search-tool-bm25";
 import { sshToolRenderer } from "./ssh";
@@ -49,7 +49,7 @@ export const toolRenderers: Record<string, ToolRenderer> = {
 	ast_grep: astGrepToolRenderer as ToolRenderer,
 	ast_edit: astEditToolRenderer as ToolRenderer,
 	bash: bashToolRenderer as ToolRenderer,
-	run_command: runCommandToolRenderer as ToolRenderer,
+	recipe: recipeToolRenderer as ToolRenderer,
 	debug: debugToolRenderer as ToolRenderer,
 	python: pythonToolRenderer as ToolRenderer,
 	calc: calculatorToolRenderer as ToolRenderer,

package/src/utils/git.ts

@@ -150,6 +150,7 @@ const SHORT_LIVED_GIT_CONFIG: readonly (readonly [key: string, value: string])[]
 	["core.fsmonitor", "false"],
 	["core.untrackedCache", "false"],
 ];
+const REMOTE_ALREADY_EXISTS = /remote .* already exists/i;
 
 interface CommandOptions {
 	readonly env?: Record<string, string | undefined>;
@@ -267,6 +268,51 @@ async function tryText(
 	return result.stdout;
 }
 
+// ════════════════════════════════════════════════════════════════════════════
+// Internal: per-repo write serialization
+// ════════════════════════════════════════════════════════════════════════════
+
+// Git uses lock files (`.git/config.lock`, commit-graph chain locks,
+// `packed-refs.lock`, …) for many of its mutating operations. Each is created
+// O_EXCL with no waiter, so concurrent in-process git invocations against the
+// same repository fail immediately rather than block. Worktrees share the
+// primary repo's `.git` directory, so racing across worktrees has the same
+// failure mode. We give callers a single per-repo serialization point keyed by
+// the primary repo root: any block that mutates repo state should hold this
+// lock so unrelated callers cannot collide on git's internal locks.
+const repoWriteChain = new Map<string, Promise<unknown>>();
+
+/**
+ * Serialize an async block that mutates a git repository against other
+ * in-process callers operating on the same repository. The lock is keyed by
+ * the primary repo root so worktrees of the same repo share a single queue.
+ * Failures in one block do not poison the queue for the next caller.
+ *
+ * Not reentrant: do NOT nest acquisitions for the same repo. Helpers in this
+ * module never auto-acquire — callers wrap the critical section themselves.
+ */
+export async function withRepoLock<T>(cwd: string, fn: () => Promise<T>, signal?: AbortSignal): Promise<T> {
+	const key = (await repo.primaryRoot(cwd, signal)) ?? cwd;
+	const prior = repoWriteChain.get(key);
+	const run = (async () => {
+		if (prior) {
+			try {
+				await prior;
+			} catch {
+				// A prior caller failing must not block us from running.
+			}
+		}
+		throwIfAborted(signal);
+		return fn();
+	})();
+	repoWriteChain.set(key, run);
+	try {
+		return await run;
+	} finally {
+		if (repoWriteChain.get(key) === run) repoWriteChain.delete(key);
+	}
+}
+
 function splitLines(text: string): string[] {
 	return text
 		.split("\n")
@@ -955,9 +1001,22 @@ export const remote = {
 		return trimScalar(await tryText(cwd, ["remote", "get-url", name], { readOnly: true, signal }));
 	},
 
-	/** Add a new remote. */
+	/**
+	 * Add a remote pointing at `url`. Idempotent: if a remote named `name`
+	 * already exists with the same URL (e.g. an in-process race or a leftover
+	 * remote from a previous run), this is treated as success. Throws when the
+	 * remote exists with a different URL — that's a real conflict the caller
+	 * needs to resolve, not paper over.
+	 */
 	async add(cwd: string, name: string, url: string, signal?: AbortSignal): Promise<void> {
-		await runEffect(cwd, ["remote", "add", name, url], { signal });
+		const result = await runCommand(cwd, ["remote", "add", name, url], { signal });
+		if (result.exitCode === 0) return;
+		if (REMOTE_ALREADY_EXISTS.test(result.stderr)) {
+			const existing = await remote.url(cwd, name, signal);
+			if (existing === url) return;
+			throw new ToolError(`remote ${name} already exists with URL ${existing ?? "(unset)"}, expected ${url}`);
+		}
+		throw new GitCommandError(["remote", "add", name, url], result);
 	},
 };
 

package/src/web/search/providers/searxng.ts

@@ -9,14 +9,18 @@
  * and various authentication methods (bearer token, basic auth, or none).
  *
  * Configuration via settings:
- *   searxng.endpoint  - Base URL of the SearXNG instance (e.g. https://searx.example.org)
- *   searxng.token     - Optional bearer token for authentication
- *   searxng.categories - Optional comma-separated categories filter
- *   searxng.language  - Optional language code (e.g. en, zh-CN)
+ *   searxng.endpoint      - Base URL of the SearXNG instance (e.g. https://searx.example.org)
+ *   searxng.token         - Optional bearer token for authentication
+ *   searxng.basicUsername - Optional RFC 7617 Basic auth username
+ *   searxng.basicPassword - Optional RFC 7617 Basic auth password
+ *   searxng.categories    - Optional comma-separated categories filter
+ *   searxng.language      - Optional language code (e.g. en, zh-CN)
  *
  * Environment variable fallbacks:
- *   SEARXNG_ENDPOINT  - Base URL of the SearXNG instance
- *   SEARXNG_TOKEN     - Optional bearer token
+ *   SEARXNG_ENDPOINT       - Base URL of the SearXNG instance
+ *   SEARXNG_TOKEN          - Optional bearer token
+ *   SEARXNG_BASIC_USERNAME - Optional RFC 7617 Basic auth username
+ *   SEARXNG_BASIC_PASSWORD - Optional RFC 7617 Basic auth password
  *
  * Reference: https://docs.searxng.org/dev/search_api.html
  */
@@ -61,6 +65,11 @@ interface SearXNGResponse {
 	unresponsive_engines?: Array<[string, string]>;
 }
 
+interface SearXNGAuth {
+	type: "basic" | "bearer";
+	value: string;
+}
+
 /** Find SearXNG endpoint from settings or environment. */
 function findEndpoint(): string | null {
 	try {
@@ -83,6 +92,53 @@ function findToken(): string | null {
 	return process.env.SEARXNG_TOKEN ?? null;
 }
 
+/** Find SearXNG Basic auth username from settings or environment. */
+function findBasicUsername(): string | null {
+	try {
+		const username = settings.get("searxng.basicUsername");
+		if (username !== undefined) return username;
+	} catch {
+		// Settings not initialized yet
+	}
+	return process.env.SEARXNG_BASIC_USERNAME ?? null;
+}
+
+/** Find SearXNG Basic auth password from settings or environment. */
+function findBasicPassword(): string | null {
+	try {
+		const password = settings.get("searxng.basicPassword");
+		if (password !== undefined) return password;
+	} catch {
+		// Settings not initialized yet
+	}
+	return process.env.SEARXNG_BASIC_PASSWORD ?? null;
+}
+
+/** Build the RFC 7617 Basic auth credential using UTF-8 bytes. */
+function buildBasicAuthValue(username: string, password: string): string {
+	return Buffer.from(`${username}:${password}`, "utf-8").toString("base64");
+}
+
+/** Find SearXNG authentication from settings or environment. Basic auth takes precedence over bearer tokens. */
+function findAuth(): SearXNGAuth | null {
+	const basicUsername = findBasicUsername();
+	const basicPassword = findBasicPassword();
+	if (basicUsername !== null || basicPassword !== null) {
+		if (basicUsername === null || basicPassword === null) {
+			throw new Error(
+				"SearXNG Basic auth requires both searxng.basicUsername and searxng.basicPassword, or SEARXNG_BASIC_USERNAME and SEARXNG_BASIC_PASSWORD.",
+			);
+		}
+		if (basicUsername.includes(":")) {
+			throw new Error("SearXNG Basic auth username cannot contain ':' because RFC 7617 uses it as the separator.");
+		}
+		return { type: "basic", value: buildBasicAuthValue(basicUsername, basicPassword) };
+	}
+
+	const token = findToken();
+	return token ? { type: "bearer", value: token } : null;
+}
+
 /** Build the search URL and headers for a SearXNG request */
 function buildRequest(
 	endpoint: string,
@@ -94,7 +150,7 @@ function buildRequest(
 		language?: string;
 		signal?: AbortSignal;
 	},
-	token: string | null,
+	auth: SearXNGAuth | null,
 ): { url: URL; headers: Record<string, string> } {
 	const base = endpoint.replace(/\/+$/, "");
 	const url = new URL(`${base}/search`);
@@ -122,8 +178,10 @@ function buildRequest(
 		Accept: "application/json",
 	};
 
-	if (token) {
-		headers.Authorization = `Bearer ${token}`;
+	if (auth?.type === "basic") {
+		headers.Authorization = `Basic ${auth.value}`;
+	} else if (auth?.type === "bearer") {
+		headers.Authorization = `Bearer ${auth.value}`;
 	}
 
 	return { url, headers };
@@ -139,9 +197,9 @@ async function callSearXNGSearch(
 		language?: string;
 		signal?: AbortSignal;
 	},
-	token: string | null,
+	auth: SearXNGAuth | null,
 ): Promise<SearXNGResponse> {
-	const { url, headers } = buildRequest(endpoint, params, token);
+	const { url, headers } = buildRequest(endpoint, params, auth);
 
 	const response = await fetch(url, {
 		headers,
@@ -172,7 +230,7 @@ export async function searchSearXNG(params: {
 		);
 	}
 
-	const token = findToken();
+	const auth = findAuth();
 
 	let categories: string | undefined;
 	let language: string | undefined;
@@ -190,7 +248,7 @@ export async function searchSearXNG(params: {
 			categories,
 			language,
 		},
-		token,
+		auth,
 	);
 
 	const sources: SearchSource[] = [];

package/src/tools/run-command/render.ts

@@ -1,18 +0,0 @@
-import { createShellRenderer } from "../bash";
-import type { DetectedRunner } from "./runner";
-import { commandFromOp, titleFromOp } from "./runner";
-
-export interface RunCommandRenderArgs {
-	op?: string;
-	__partialJson?: string;
-	[key: string]: unknown;
-}
-
-export function createRunCommandToolRenderer(runners: DetectedRunner[]) {
-	return createShellRenderer<RunCommandRenderArgs>({
-		resolveTitle: args => titleFromOp(args?.op, runners),
-		resolveCommand: args => commandFromOp(args?.op, runners),
-	});
-}
-
-export const runCommandToolRenderer = createRunCommandToolRenderer([]);