@oh-my-pi/pi-coding-agent 15.1.2 → 15.1.3

package/src/config/model-registry.ts

@@ -242,13 +242,14 @@ export const ModelsConfigFile = new ConfigFile<ModelsConfig>("models", ModelsCon
 	},
 );
 
-/** Provider override config (baseUrl, headers, apiKey, compat) without custom models */
+/** Provider override config (baseUrl, headers, apiKey, compat, transport) without custom models */
 interface ProviderOverride {
 	baseUrl?: string;
 	headers?: Record<string, string>;
 	apiKey?: string;
 	authHeader?: boolean;
 	compat?: Model<Api>["compat"];
+	transport?: Model<Api>["transport"];
 }
 
 interface DiscoveryProviderConfig {
@@ -792,6 +793,10 @@ export class ModelRegistry {
 		this.#customProviderApiKeys.clear();
 		this.#keylessProviders.clear();
 		this.#discoverableProviders = [];
+		// Drop config-sourced apiKeys from AuthStorage before reload; entries
+		// removed from models.yml must actually disappear from the resolver, not
+		// linger from the previous parse. The post-load setters below repopulate.
+		this.authStorage.clearConfigApiKeys();
 		// Restore runtime API keys before #loadModels — survives because
 		// #loadModels only calls .set() on #customProviderApiKeys, never reassigns it.
 		for (const [k, v] of this.#runtimeProviderApiKeys) {
@@ -1081,14 +1086,15 @@ export class ModelRegistry {
 		const configuredProviders = new Set(Object.keys(value.providers ?? {}));
 
 		for (const [providerName, providerConfig] of providerEntries) {
-			// Always set overrides when baseUrl/headers/apiKey/authHeader/compat/disableStrictTools are present
+			// Always set overrides when baseUrl/headers/apiKey/authHeader/compat/disableStrictTools/transport are present
 			if (
 				providerConfig.baseUrl ||
 				providerConfig.headers ||
 				providerConfig.apiKey ||
 				providerConfig.authHeader !== undefined ||
 				providerConfig.compat ||
-				providerConfig.disableStrictTools
+				providerConfig.disableStrictTools ||
+				providerConfig.transport
 			) {
 				const disableStrictCompat = providerConfig.disableStrictTools ? { disableStrictTools: true } : undefined;
 				overrides.set(providerName, {
@@ -1097,6 +1103,7 @@ export class ModelRegistry {
 					apiKey: providerConfig.apiKey,
 					authHeader: providerConfig.authHeader,
 					compat: mergeCompat(providerConfig.compat, disableStrictCompat),
+					transport: providerConfig.transport,
 				});
 			}
 
@@ -1117,9 +1124,14 @@ export class ModelRegistry {
 				});
 			}
 
-			// Always store API key for fallback resolver
+			// Store API key for fallback resolver AND register as config override
+			// so it wins over OAuth tokens from the broker — when the user pins a
+			// bearer in models.yml (e.g. for an auth-gateway baseUrl), that bearer
+			// must authenticate the outbound request.
 			if (providerConfig.apiKey) {
 				this.#customProviderApiKeys.set(providerName, providerConfig.apiKey);
+				const resolved = resolveApiKeyConfig(providerConfig.apiKey);
+				if (resolved) this.authStorage.setConfigApiKey(providerName, resolved);
 			}
 
 			// Parse per-model overrides
@@ -1183,6 +1195,7 @@ export class ModelRegistry {
 							headers: providerOverride.headers
 								? { ...model.headers, ...providerOverride.headers }
 								: model.headers,
+							...(providerOverride.transport !== undefined ? { transport: providerOverride.transport } : {}),
 						}
 					: model;
 			}),
@@ -1684,11 +1697,12 @@ export class ModelRegistry {
 			authHeader: override.authHeader ?? baseOverride?.authHeader,
 			headers: override.headers ? { ...(baseOverride?.headers ?? {}), ...override.headers } : baseOverride?.headers,
 			compat: override.compat ? mergeCompat(baseOverride?.compat, override.compat) : baseOverride?.compat,
+			transport: override.transport ?? baseOverride?.transport,
 		};
 	}
 	#applyProviderTransportOverride<T extends { baseUrl?: string; headers?: Record<string, string> }>(
 		entry: T,
-		override: Pick<ProviderOverride, "baseUrl" | "headers" | "authHeader" | "apiKey">,
+		override: Pick<ProviderOverride, "baseUrl" | "headers" | "authHeader" | "apiKey" | "transport">,
 	): T {
 		const headers = mergeAuthHeader(
 			override.headers ? { ...entry.headers, ...override.headers } : entry.headers,
@@ -1699,6 +1713,9 @@ export class ModelRegistry {
 			...entry,
 			baseUrl: override.baseUrl ?? entry.baseUrl,
 			headers,
+			// Preserve the model's existing transport when the override omits one;
+			// providers without a `transport` field keep the default per-API dispatch.
+			...(override.transport !== undefined ? { transport: override.transport } : {}),
 		};
 	}
 	#applyRuntimeProviderOverrides(models: Model<Api>[]): Model<Api>[] {
@@ -1766,6 +1783,8 @@ export class ModelRegistry {
 			if (modelDefs.length === 0) continue; // Override-only, no custom models
 			if (providerConfig.apiKey) {
 				this.#customProviderApiKeys.set(providerName, providerConfig.apiKey);
+				const resolved = resolveApiKeyConfig(providerConfig.apiKey);
+				if (resolved) this.authStorage.setConfigApiKey(providerName, resolved);
 			}
 			for (const modelDef of modelDefs) {
 				const providerCompat = providerConfig.disableStrictTools
@@ -2008,6 +2027,7 @@ export class ModelRegistry {
 		this.#runtimeProviderApiKeys.delete(providerName);
 		this.#runtimeProviderOverrides.delete(providerName);
 		this.#runtimeModelOverlays = this.#runtimeModelOverlays.filter(overlay => overlay.provider !== providerName);
+		this.authStorage.removeConfigApiKey(providerName);
 	}
 
 	/**
@@ -2115,6 +2135,8 @@ export class ModelRegistry {
 			this.#customProviderApiKeys.set(providerName, config.apiKey);
 			// Persist runtime API keys so they survive #reloadStaticModels() cycles
 			this.#runtimeProviderApiKeys.set(providerName, config.apiKey);
+			const resolved = resolveApiKeyConfig(config.apiKey);
+			if (resolved) this.authStorage.setConfigApiKey(providerName, resolved);
 		}
 
 		if (config.models && config.models.length > 0) {
@@ -2168,12 +2190,19 @@ export class ModelRegistry {
 			return;
 		}
 
-		if (config.baseUrl || config.headers || config.apiKey || config.authHeader !== undefined) {
+		if (
+			config.baseUrl ||
+			config.headers ||
+			config.apiKey ||
+			config.authHeader !== undefined ||
+			config.transport !== undefined
+		) {
 			const transportOverride = {
 				baseUrl: config.baseUrl,
 				headers: config.headers,
 				apiKey: config.apiKey,
 				authHeader: config.authHeader,
+				transport: config.transport,
 			};
 			const nextRuntimeOverride = this.#mergeProviderOverride(
 				this.#runtimeProviderOverrides.get(providerName),
@@ -2221,6 +2250,8 @@ export interface ProviderConfigInput {
 	headers?: Record<string, string>;
 	compat?: Model<Api>["compat"];
 	authHeader?: boolean;
+	/** Streaming transport override — see {@link Model.transport}. */
+	transport?: Model<Api>["transport"];
 	oauth?: {
 		name: string;
 		login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials | string>;

package/src/config/model-resolver.ts

@@ -13,6 +13,7 @@ import {
 	modelsAreEqual,
 } from "@oh-my-pi/pi-ai";
 import { fuzzyMatch } from "@oh-my-pi/pi-tui";
+import { logger } from "@oh-my-pi/pi-utils";
 import chalk from "chalk";
 import MODEL_PRIO from "../priority.json" with { type: "json" };
 import { parseThinkingLevel, resolveThinkingLevelForModel } from "../thinking";
@@ -116,12 +117,16 @@ function cloneModelWithRequestedId(model: Model<Api>, requestedId: string): Mode
 	};
 }
 
-const providerModelIndexCache = new WeakMap<readonly Model<Api>[], Map<string, Model<Api> | null>>();
+const kProviderModelIndex = Symbol("model-resolver.providerIndex");
+type ModelsWithProviderIndex = readonly Model<Api>[] & {
+	[kProviderModelIndex]?: Map<string, Model<Api> | null>;
+};
 
 function getProviderModelIndex(availableModels: readonly Model<Api>[]): Map<string, Model<Api> | null> {
-	let index = providerModelIndexCache.get(availableModels);
-	if (index) return index;
-	index = new Map<string, Model<Api> | null>();
+	const tagged = availableModels as ModelsWithProviderIndex;
+	const cached = tagged[kProviderModelIndex];
+	if (cached) return cached;
+	const index = new Map<string, Model<Api> | null>();
 	for (const m of availableModels) {
 		const key = `${m.provider.toLowerCase()}\u0000${m.id.toLowerCase()}`;
 		if (index.has(key)) {
@@ -130,7 +135,7 @@ function getProviderModelIndex(availableModels: readonly Model<Api>[]): Map<stri
 			index.set(key, m);
 		}
 	}
-	providerModelIndexCache.set(availableModels, index);
+	tagged[kProviderModelIndex] = index;
 	return index;
 }
 
@@ -887,7 +892,7 @@ export async function resolveModelScope(
 			});
 
 			if (matchingModels.length === 0) {
-				console.warn(chalk.yellow(`Warning: No models match pattern "${pattern}"`));
+				logger.warn(`No models match pattern "${pattern}"`);
 				continue;
 			}
 
@@ -930,11 +935,11 @@ export async function resolveModelScope(
 		);
 
 		if (warning) {
-			console.warn(chalk.yellow(`Warning: ${warning}`));
+			logger.warn(warning);
 		}
 
 		if (!model) {
-			console.warn(chalk.yellow(`Warning: No models match pattern "${pattern}"`));
+			logger.warn(`No models match pattern "${pattern}"`);
 			continue;
 		}
 

package/src/config/models-config-schema.ts

@@ -151,6 +151,14 @@ const ProviderConfigSchema = z.object({
 	models: z.array(ModelDefinitionSchema).optional(),
 	modelOverrides: z.record(z.string(), ModelOverrideSchema).optional(),
 	disableStrictTools: z.boolean().optional(),
+	/**
+	 * Streaming transport override. When set to `"pi-native"`, omp dispatches
+	 * every model under this provider via the auth-gateway's
+	 * `POST /v1/pi/stream` endpoint instead of the per-provider SDK. The
+	 * provider's `baseUrl` must point at a compatible `omp auth-gateway`
+	 * and `apiKey` must carry the gateway bearer.
+	 */
+	transport: z.literal("pi-native").optional(),
 });
 
 const EquivalenceConfigSchema = z.object({

package/src/config/settings-schema.ts

@@ -234,6 +234,13 @@ export const SETTINGS_SCHEMA = {
 	// ────────────────────────────────────────────────────────────────────────
 	lastChangelogVersion: { type: "string", default: undefined },
 
+	// Auth broker — credentials proxied through a remote `omp auth-broker serve`
+	// host. Hidden from the UI; populate via env vars or hand-edited config.yml.
+	// Env (`OMP_AUTH_BROKER_URL` / `OMP_AUTH_BROKER_TOKEN`) takes precedence so
+	// per-machine overrides remain trivial.
+	"auth.broker.url": { type: "string", default: undefined },
+	"auth.broker.token": { type: "string", default: undefined },
+
 	autoResume: {
 		type: "boolean",
 		default: false,
@@ -909,6 +916,16 @@ export const SETTINGS_SCHEMA = {
 		},
 	},
 
+	emojiAutocomplete: {
+		type: "boolean",
+		default: true,
+		ui: {
+			tab: "interaction",
+			label: "Emoji Autocomplete",
+			description: "Suggest emojis from `:name:` shortcodes and expand text emoticons like `:D` or `:-)`",
+		},
+	},
+
 	"startup.quiet": {
 		type: "boolean",
 		default: false,
@@ -2636,6 +2653,41 @@ export const SETTINGS_SCHEMA = {
 		},
 	},
 
+	"dev.autoqaPush.endpoint": {
+		type: "string",
+		// Bundled QA collector — runs `/work/pi-www/autoqa` behind qa.omp.sh.
+		// Override via `PI_AUTO_QA_PUSH_URL` or `dev.autoqaPush.endpoint`
+		// in `config.yml` to point at a self-hosted instance.
+		default: "https://qa.omp.sh/v1/grievances" as const,
+		ui: {
+			tab: "tools",
+			label: "Auto QA Push Endpoint",
+			description: "Full URL that receives the JSON payload (default ships to https://qa.omp.sh/v1/grievances)",
+		},
+	},
+
+	"dev.autoqaPush.token": {
+		type: "string",
+		default: undefined,
+	},
+
+	/**
+	 * User decision on sharing automatic `report_tool_issue` grievances.
+	 *
+	 *   - `"unset"`  — never asked; the first `report_tool_issue` invocation
+	 *                  pops a consent dialog and persists the answer here.
+	 *   - `"granted"` — record and (when push is configured) ship grievances.
+	 *   - `"denied"`  — silently no-op every `report_tool_issue` call.
+	 *
+	 * Owned by `packages/coding-agent/src/tools/report-tool-issue.ts` via the
+	 * process-global consent handler registered by `InteractiveMode`.
+	 */
+	"dev.autoqa.consent": {
+		type: "enum",
+		values: ["unset", "granted", "denied"] as const,
+		default: "unset" as const,
+	},
+
 	"thinkingBudgets.minimal": { type: "number", default: 1024 },
 
 	"thinkingBudgets.low": { type: "number", default: 2048 },

package/src/cursor.ts

@@ -13,7 +13,7 @@ import type {
 	CursorExecHandlers as ICursorExecHandlers,
 	ToolResultMessage,
 } from "@oh-my-pi/pi-ai";
-import { sanitizeText } from "@oh-my-pi/pi-natives";
+import { sanitizeText } from "@oh-my-pi/pi-utils";
 import { resolveToCwd } from "./tools/path-utils";
 
 interface CursorExecBridgeOptions {

package/src/debug/log-formatting.ts

@@ -1,4 +1,4 @@
-import { sanitizeText } from "@oh-my-pi/pi-natives";
+import { sanitizeText } from "@oh-my-pi/pi-utils";
 import { replaceTabs, truncateToWidth, wrapTextWithAnsi } from "../tools/render-utils";
 
 export function formatDebugLogLine(line: string, maxWidth: number): string {

package/src/debug/log-viewer.ts

@@ -1,4 +1,3 @@
-import { sanitizeText } from "@oh-my-pi/pi-natives";
 import {
 	type Component,
 	extractPrintableText,
@@ -8,6 +7,7 @@ import {
 	truncateToWidth,
 	visibleWidth,
 } from "@oh-my-pi/pi-tui";
+import { sanitizeText } from "@oh-my-pi/pi-utils";
 import { theme } from "../modes/theme/theme";
 import { copyToClipboard } from "../utils/clipboard";
 import {

package/src/debug/profiler.ts

@@ -121,6 +121,10 @@ export async function startCpuProfile(): Promise<ProfilerSession> {
 	session.connect();
 
 	await session.post("Profiler.enable");
+	// Default CDP interval is 1ms, which mis-attributes await-resumption samples
+	// to the line after `await` (one sparse sample inherits the entire wait). 100µs
+	// scatters samples enough to keep CPU vs. async-wait attribution honest.
+	await session.post("Profiler.setSamplingInterval", { interval: 100 });
 	await session.post("Profiler.start");
 
 	return {

package/src/debug/raw-sse-buffer.ts

@@ -37,43 +37,50 @@ export interface RawSseDebugSnapshot {
 	lastUpdatedAt?: number;
 }
 
-function modelProvider(model: Model | undefined): string | undefined {
-	return model?.provider;
-}
-
-function modelId(model: Model | undefined): string | undefined {
-	return model?.id;
-}
-
-function modelApi(model: Model | undefined): string | undefined {
-	return model?.api;
-}
+// Per-record char counts are stored in a parallel array (`#recordChars`) on
+// the buffer rather than stamped onto each record via a symbol property.
+// Stamping triggered hidden-class transitions in V8/JSC — the previous
+// revision saw `trimRawLines` regress 4× (0.5s → 2.0s in a 50s profile)
+// because every event-record allocation went through the slow dictionary
+// path. The parallel array keeps records as plain monomorphic objects.
+type TrimResult = { raw: string[]; truncated: boolean; originalChars: number; chars: number };
 
-function countRecordChars(record: RawSseDebugRecord): number {
-	if (record.kind === "response") return formatRawSseResponseComment(record).length + 1;
-	return record.raw.reduce((sum, line) => sum + line.length + 1, 1);
-}
+// Single-pass trim. Returns the final `chars` count using the historical
+// formula `reduce(line.length + 1, init = 1)` so the new accounting matches
+// the previous `countRecordChars` byte-for-byte (the trailing +1 covers the
+// record-level newline that `rawRecordText` appends in `toRawText`).
+//
+// When the event fits within budget the input `raw` array is returned
+// **by reference** — see the ownership contract documented at
+// `RawSseDebugBuffer.recordEvent` below.
+function trimRawLines(raw: string[]): TrimResult {
+	let originalChars = 0;
+	for (let i = 0; i < raw.length; i++) originalChars += raw[i].length + 1;
 
-function trimRawLines(raw: string[]): { raw: string[]; truncated: boolean; originalChars: number } {
-	const originalChars = raw.reduce((sum, line) => sum + line.length + 1, 0);
 	if (originalChars <= MAX_RAW_SSE_EVENT_CHARS) {
-		return { raw: [...raw], truncated: false, originalChars };
+		return { raw, truncated: false, originalChars, chars: originalChars + 1 };
 	}
 
 	const trimmed: string[] = [];
 	let remaining = MAX_RAW_SSE_EVENT_CHARS;
+	let chars = 1; // matches reduce(.., init = 1)
 	for (const line of raw) {
 		if (remaining <= 0) break;
 		if (line.length + 1 <= remaining) {
 			trimmed.push(line);
+			chars += line.length + 1;
 			remaining -= line.length + 1;
 			continue;
 		}
-		trimmed.push(line.slice(0, Math.max(0, remaining)));
+		const slice = line.slice(0, Math.max(0, remaining));
+		trimmed.push(slice);
+		chars += slice.length + 1;
 		remaining = 0;
 	}
-	trimmed.push(`: omp-debug-truncated originalChars=${originalChars}`);
-	return { raw: trimmed, truncated: true, originalChars };
+	const tail = `: omp-debug-truncated originalChars=${originalChars}`;
+	trimmed.push(tail);
+	chars += tail.length + 1;
+	return { raw: trimmed, truncated: true, originalChars, chars };
 }
 
 export function formatRawSseIsoTime(timestamp: number): string {
@@ -110,6 +117,11 @@ function metadataTransport(response: ProviderResponseMetadata): string | undefin
 
 export class RawSseDebugBuffer {
 	#records: RawSseDebugRecord[] = [];
+	// Parallel to `#records`: `#recordChars[i]` is the precomputed char count
+	// for `#records[i]`. Kept in lockstep by `#append` (push both) and
+	// `#enforceLimits` (shift both). See the comment above the class for why
+	// this is a sidecar array instead of a per-record property.
+	#recordChars: number[] = [];
 	#totalChars = 0;
 	#droppedRecords = 0;
 	#droppedChars = 0;
@@ -117,6 +129,7 @@ export class RawSseDebugBuffer {
 	#lastUpdatedAt: number | undefined;
 	#nextSequence = 1;
 	#listeners = new Set<() => void>();
+	#emitScheduled = false;
 
 	subscribe(listener: () => void): () => void {
 		this.#listeners.add(listener);
@@ -124,34 +137,46 @@ export class RawSseDebugBuffer {
 	}
 
 	recordResponse(response: ProviderResponseMetadata, model?: Model): void {
-		this.#append({
+		const record: RawSseDebugRecord = {
 			kind: "response",
 			sequence: this.#nextSequence++,
 			timestamp: Date.now(),
-			provider: modelProvider(model),
-			model: modelId(model),
-			api: modelApi(model),
+			provider: model?.provider,
+			model: model?.id,
+			api: model?.api,
 			status: response.status,
 			requestId: response.requestId,
 			transport: metadataTransport(response),
-		});
+		};
+		this.#append(record, formatRawSseResponseComment(record).length + 1);
 	}
 
+	// Ownership contract for `event.raw`:
+	//   The caller (either `notifyRawSseEvent` in `packages/ai/src/utils/sse-debug.ts`
+	//   or `SseTeeParser.#dispatch` directly) hands us a freshly-allocated
+	//   `string[]` per event and never retains, mutates, or re-dispatches it.
+	//   That lets `trimRawLines` keep the array by reference instead of
+	//   cloning on every chunk — a measurable savings on the streaming hot
+	//   path. If a future observer-chain mutates the array, restore the
+	//   `raw.slice()` defensive copy inside `trimRawLines`.
 	recordEvent(event: RawSseEvent, model?: Model): void {
 		const trimmed = trimRawLines(event.raw);
 		this.#totalEvents += 1;
-		this.#append({
-			kind: "event",
-			sequence: this.#nextSequence++,
-			timestamp: Date.now(),
-			provider: modelProvider(model),
-			model: modelId(model),
-			api: modelApi(model),
-			event: event.event,
-			raw: trimmed.raw,
-			truncated: trimmed.truncated,
-			originalChars: trimmed.originalChars,
-		});
+		this.#append(
+			{
+				kind: "event",
+				sequence: this.#nextSequence++,
+				timestamp: Date.now(),
+				provider: model?.provider,
+				model: model?.id,
+				api: model?.api,
+				event: event.event,
+				raw: trimmed.raw,
+				truncated: trimmed.truncated,
+				originalChars: trimmed.originalChars,
+			},
+			trimmed.chars,
+		);
 	}
 
 	snapshot(): RawSseDebugSnapshot {
@@ -165,12 +190,14 @@ export class RawSseDebugBuffer {
 	}
 
 	toRawText(): string {
+		// Reads the live array directly: `rawRecordText` only computes a string
+		// from each record, so no caller-visible mutation is possible.
 		return this.#records.map(rawRecordText).join("\n");
 	}
 
-	#append(record: RawSseDebugRecord): void {
-		const chars = countRecordChars(record);
+	#append(record: RawSseDebugRecord, chars: number): void {
 		this.#records.push(record);
+		this.#recordChars.push(chars);
 		this.#totalChars += chars;
 		this.#lastUpdatedAt = record.timestamp;
 		this.#enforceLimits();
@@ -179,9 +206,9 @@ export class RawSseDebugBuffer {
 
 	#enforceLimits(): void {
 		while (this.#records.length > MAX_RAW_SSE_EVENTS || this.#totalChars > MAX_RAW_SSE_CHARS) {
-			const dropped = this.#records.shift();
-			if (!dropped) return;
-			const chars = countRecordChars(dropped);
+			if (this.#records.length === 0) return;
+			this.#records.shift();
+			const chars = this.#recordChars.shift() ?? 0;
 			this.#totalChars = Math.max(0, this.#totalChars - chars);
 			this.#droppedRecords += 1;
 			this.#droppedChars += chars;
@@ -189,6 +216,26 @@ export class RawSseDebugBuffer {
 	}
 
 	#emit(): void {
+		const count = this.#listeners.size;
+		if (count === 0) return;
+		// With a single listener (the common case — RawSse debug viewer is the
+		// only subscriber), keep eager emit so per-event semantics are
+		// preserved. With multiple listeners, coalesce bursts of events into
+		// one microtask-deferred fan-out to avoid N×M listener invocations
+		// during a streaming response.
+		if (count === 1) {
+			this.#fanOut();
+			return;
+		}
+		if (this.#emitScheduled) return;
+		this.#emitScheduled = true;
+		queueMicrotask(() => {
+			this.#emitScheduled = false;
+			this.#fanOut();
+		});
+	}
+
+	#fanOut(): void {
 		for (const listener of this.#listeners) {
 			try {
 				listener();
@@ -199,31 +246,25 @@ export class RawSseDebugBuffer {
 	}
 }
 
-const fallbackBuffers = new WeakMap<object, RawSseDebugBuffer>();
 const globalFallbackBuffer = new RawSseDebugBuffer();
+const kRawSseDebugBuffer = Symbol("debug.rawSseBuffer");
+type OwnerWithBuffer = object & { rawSseDebugBuffer?: unknown; [kRawSseDebugBuffer]?: RawSseDebugBuffer };
 
 export function resolveRawSseDebugBuffer(owner?: object): RawSseDebugBuffer {
 	if (!owner) return globalFallbackBuffer;
 
-	const candidate = (owner as { rawSseDebugBuffer?: unknown }).rawSseDebugBuffer;
-	if (candidate instanceof RawSseDebugBuffer) return candidate;
+	const tagged = owner as OwnerWithBuffer;
+	const declared = tagged.rawSseDebugBuffer;
+	if (declared instanceof RawSseDebugBuffer) return declared;
 
-	const existing = fallbackBuffers.get(owner);
+	const existing = tagged[kRawSseDebugBuffer];
 	if (existing) return existing;
 
 	const buffer = new RawSseDebugBuffer();
-	fallbackBuffers.set(owner, buffer);
-	if (Object.isExtensible(owner)) {
-		try {
-			Object.defineProperty(owner, "rawSseDebugBuffer", {
-				value: buffer,
-				configurable: true,
-				enumerable: false,
-				writable: true,
-			});
-		} catch {
-			// The WeakMap fallback remains usable if the session object rejects extension.
-		}
+	try {
+		tagged[kRawSseDebugBuffer] = buffer;
+	} catch {
+		// Non-extensible owner: caller gets a fresh buffer on each call.
 	}
 	return buffer;
 }

package/src/debug/raw-sse.ts

@@ -1,5 +1,5 @@
-import { sanitizeText } from "@oh-my-pi/pi-natives";
 import { type Component, matchesKey, padding, replaceTabs, truncateToWidth, visibleWidth } from "@oh-my-pi/pi-tui";
+import { sanitizeText } from "@oh-my-pi/pi-utils";
 import { theme } from "../modes/theme/theme";
 import { copyToClipboard } from "../utils/clipboard";
 import { formatRawSseIsoTime, type RawSseDebugBuffer, rawSseRecordLines } from "./raw-sse-buffer";

package/src/discovery/agents.ts

@@ -33,13 +33,24 @@ function getUserPathCandidates(ctx: LoadContext, ...segments: string[]): string[
 	return AGENT_DIR_CANDIDATES.map(baseDir => path.join(ctx.home, baseDir, ...segments));
 }
 
-/** Project-level paths: walk up from cwd to repoRoot, returning .agent/<segments> and .agents/<segments> at each level. */
-function getProjectPathCandidates(ctx: LoadContext, ...segments: string[]): string[] {
+/**
+ * Project-level paths: walk up from cwd to repoRoot, returning `.agent/<segments>`
+ * and `.agents/<segments>` at each ancestor.
+ *
+ * The user home directory is skipped: `~/.agent[s]/` is by definition
+ * user-level config and is already enumerated by {@link getUserPathCandidates}.
+ * Without this guard, any cwd under `$HOME` (with no closer git repoRoot) would
+ * walk up to home and yield duplicate project+user entries for the same
+ * directory — see https://github.com/can1357/oh-my-pi/issues/1116.
+ */
+export function getProjectPathCandidates(ctx: LoadContext, ...segments: string[]): string[] {
 	const paths: string[] = [];
 	let current = ctx.cwd;
 	while (true) {
-		for (const baseDir of AGENT_DIR_CANDIDATES) {
-			paths.push(path.join(current, baseDir, ...segments));
+		if (current !== ctx.home) {
+			for (const baseDir of AGENT_DIR_CANDIDATES) {
+				paths.push(path.join(current, baseDir, ...segments));
+			}
 		}
 		if (current === (ctx.repoRoot ?? ctx.home)) break;
 		const parent = path.dirname(current);

package/src/edit/modes/apply-patch.ts

@@ -14,11 +14,7 @@ import { ApplyPatchError } from "../diff";
 import type { PatchEditEntry } from "./patch";
 
 export const applyPatchSchema = z.object({
-	input: z
-		.string()
-		.describe(
-			"Full Codex apply_patch envelope, including '*** Begin Patch' and '*** End Patch'. Contains any mix of Add/Delete/Update (with optional Move to) file operations.",
-		),
+	input: z.string().describe("apply_patch envelope"),
 });
 
 export type ApplyPatchParams = z.infer<typeof applyPatchSchema>;