@oh-my-pi/pi-coding-agent 15.10.1 → 15.10.2

package/src/tools/gh-cache-invalidation.ts

@@ -0,0 +1,200 @@
+/**
+ * Detect cache-mutating `gh` subcommands inside a bash invocation and drop
+ * the matching `github-cache` rows so a subsequent `issue://<n>` or
+ * `pr://<n>` read sees the post-mutation state instead of the stale
+ * pre-mutation snapshot.
+ *
+ * Triggered before the bash command runs: on success the cache is now
+ * empty and the next read fetches fresh; on failure the worst case is one
+ * extra `gh` round-trip on the following read. That cost is bounded and
+ * eliminates the much-worse "issue shows OPEN for up to softTtlSec after
+ * `gh issue close`" failure mode reported by users.
+ *
+ * Detector scope: ops that change visible issue/PR state — `close`,
+ * `reopen`, `merge`, `delete`, `ready`, `lock`, `unlock`, `pin`, `unpin`,
+ * `transfer`, plus the comment/review/edit ops that change the rendered
+ * body. We deliberately over-invalidate (e.g. all matching rows for the
+ * number, all auth_keys) because the upside of staleness elimination
+ * dwarfs the cost of one cache miss.
+ */
+import { invalidateAllForNumber } from "./github-cache";
+
+const PR_URL_PATTERN = /^https:\/\/github\.com\/([^/\s]+\/[^/\s]+)\/pull\/(\d+)(?:[/?#].*)?$/i;
+const ISSUE_URL_PATTERN = /^https:\/\/github\.com\/([^/\s]+\/[^/\s]+)\/issues\/(\d+)(?:[/?#].*)?$/i;
+
+/** Subcommands that mutate the rendered issue/PR view in any meaningful way. */
+const MUTATING_ISSUE_SUBCMDS: Record<string, true> = {
+	close: true,
+	reopen: true,
+	delete: true,
+	edit: true,
+	comment: true,
+	lock: true,
+	unlock: true,
+	pin: true,
+	unpin: true,
+	transfer: true,
+	develop: true,
+};
+
+const MUTATING_PR_SUBCMDS: Record<string, true> = {
+	close: true,
+	reopen: true,
+	merge: true,
+	ready: true,
+	edit: true,
+	comment: true,
+	review: true,
+	lock: true,
+	unlock: true,
+};
+/**
+ * Walk a single shell command's token stream looking for a top-level
+ * `gh (issue|pr) <subcmd> <id-or-url>` invocation and return the
+ * invalidation key when one is found. Returns `null` for non-matching
+ * commands so the caller can iterate cheaply.
+ */
+function detectGhMutation(tokens: readonly string[]): { number: number; repo?: string } | null {
+	const ghIdx = tokens.indexOf("gh");
+	if (ghIdx === -1) return null;
+	const subject = tokens[ghIdx + 1];
+	if (subject !== "issue" && subject !== "pr") return null;
+	const subcmd = tokens[ghIdx + 2];
+	if (!subcmd) return null;
+	const expected = subject === "issue" ? MUTATING_ISSUE_SUBCMDS : MUTATING_PR_SUBCMDS;
+	if (!expected[subcmd]) return null;
+
+	let repo: string | undefined;
+	// First pass: scan for --repo so it wins regardless of position relative
+	// to the issue/PR identifier (gh accepts the flag both before and after
+	// the positional argument).
+	for (let i = ghIdx + 3; i < tokens.length; i++) {
+		const token = tokens[i];
+		if (token === "-R" || token === "--repo") {
+			const next = tokens[i + 1];
+			if (next) repo = next;
+			i++;
+			continue;
+		}
+		if (token.startsWith("--repo=")) {
+			repo = token.slice("--repo=".length);
+		}
+	}
+	for (let i = ghIdx + 3; i < tokens.length; i++) {
+		const token = tokens[i];
+		if (token === "-R" || token === "--repo") {
+			i++;
+			continue;
+		}
+		if (token.startsWith("-")) continue;
+		const direct = /^\d+$/.test(token) ? Number(token) : undefined;
+		if (direct !== undefined && Number.isSafeInteger(direct) && direct > 0) {
+			return repo !== undefined ? { number: direct, repo } : { number: direct };
+		}
+		const urlMatch = (subject === "pr" ? PR_URL_PATTERN : ISSUE_URL_PATTERN).exec(token);
+		if (urlMatch) {
+			const num = Number(urlMatch[2]);
+			if (Number.isSafeInteger(num) && num > 0) {
+				// URL carries its own repo and wins over a stray --repo flag.
+				return { number: num, repo: urlMatch[1] };
+			}
+		}
+	}
+	return null;
+}
+
+/**
+ * Conservative tokenizer that splits a bash command into individual word
+ * tokens. Handles single/double-quoted strings, backslash escapes, and
+ * standard operators (`;`, `&&`, `||`, `|`, `&`, newlines) as token
+ * boundaries that emit a sentinel `";"` so the caller treats the segments
+ * as independent command sequences. We do not attempt full POSIX shell
+ * parsing — heredocs, command substitution, and arithmetic expansion are
+ * out of scope; the detector simply falls through when it cannot find a
+ * clean `gh issue|pr <subcmd>` triple.
+ */
+function tokenize(command: string): string[][] {
+	const segments: string[][] = [];
+	let current: string[] = [];
+	let buffer = "";
+	let inSingle = false;
+	let inDouble = false;
+	const pushBuffer = () => {
+		if (buffer.length > 0) {
+			current.push(buffer);
+			buffer = "";
+		}
+	};
+	const pushSegment = () => {
+		pushBuffer();
+		if (current.length > 0) segments.push(current);
+		current = [];
+	};
+	for (let i = 0; i < command.length; i++) {
+		const ch = command[i];
+		if (inSingle) {
+			if (ch === "'") {
+				inSingle = false;
+				continue;
+			}
+			buffer += ch;
+			continue;
+		}
+		if (inDouble) {
+			if (ch === "\\" && i + 1 < command.length) {
+				const next = command[i + 1];
+				if (next === '"' || next === "\\" || next === "$" || next === "`") {
+					buffer += next;
+					i++;
+					continue;
+				}
+			}
+			if (ch === '"') {
+				inDouble = false;
+				continue;
+			}
+			buffer += ch;
+			continue;
+		}
+		if (ch === "'") {
+			inSingle = true;
+			continue;
+		}
+		if (ch === '"') {
+			inDouble = true;
+			continue;
+		}
+		if (ch === "\\" && i + 1 < command.length) {
+			buffer += command[i + 1];
+			i++;
+			continue;
+		}
+		if (ch === " " || ch === "\t") {
+			pushBuffer();
+			continue;
+		}
+		if (ch === "\n" || ch === ";" || ch === "&" || ch === "|" || ch === "(" || ch === ")") {
+			pushSegment();
+			// `&&`, `||` already collapsed by the segment break above.
+			continue;
+		}
+		buffer += ch;
+	}
+	pushSegment();
+	return segments;
+}
+
+/**
+ * Drop `github-cache` rows for any `gh issue|pr <mutating-subcmd>` call
+ * embedded in `command`. Safe to invoke unconditionally; no-op when the
+ * command does not touch GitHub state.
+ */
+export function invalidateGithubCacheForBashCommand(command: string): void {
+	if (!command?.includes("gh")) return;
+	const segments = tokenize(command);
+	for (const segment of segments) {
+		const hit = detectGhMutation(segment);
+		if (!hit) continue;
+		invalidateAllForNumber(hit.number, hit.repo);
+	}
+}

package/src/tools/github-cache.ts

@@ -316,6 +316,31 @@ export function invalidate(
 	}
 }
 
+/**
+ * Drop every cached row for a given issue/PR number, regardless of repo,
+ * auth key, include_comments flag, or row kind ({@link CacheKind}). Best-effort:
+ * swallows DB failures the same way {@link invalidate} does.
+ *
+ * Used by the bash-side detector that reacts to `gh issue close` / `gh pr merge`
+ * style mutations. Repo + auth-key narrowing is intentionally skipped because
+ * the bash command often does not name the repo (defaults to cwd's `gh`
+ * config) and resolving the *current* repo from `cwd` for every bash call would
+ * be far more expensive than a write-amplified DELETE.
+ */
+export function invalidateAllForNumber(number: number, repo?: string): void {
+	const db = openDb();
+	if (!db) return;
+	try {
+		if (repo === undefined) {
+			db.prepare("DELETE FROM github_view_cache WHERE number = ?").run(number);
+		} else {
+			db.prepare("DELETE FROM github_view_cache WHERE number = ? AND repo = ?").run(number, normalizeRepo(repo));
+		}
+	} catch (err) {
+		logger.debug("github cache: invalidateAllForNumber failed", { err: String(err) });
+	}
+}
+
 /** Drop every cached row. Test helper. */
 export function clearAll(): void {
 	const db = openDb();

package/src/tools/inspect-image.ts

@@ -5,7 +5,7 @@ import { prompt } from "@oh-my-pi/pi-utils";
 import * as z from "zod/v4";
 import { extractTextContent } from "../commit/utils";
 
-import { expandRoleAlias, resolveModelFromString } from "../config/model-resolver";
+import { expandRoleAlias, getModelMatchPreferences, resolveModelFromString } from "../config/model-resolver";
 import inspectImageDescription from "../prompts/tools/inspect-image.md" with { type: "text" };
 import inspectImageSystemPromptTemplate from "../prompts/tools/inspect-image-system.md" with { type: "text" };
 import {
@@ -72,7 +72,7 @@ export class InspectImageTool implements AgentTool<typeof inspectImageSchema, In
 			throw new ToolError("No models available for inspect_image.");
 		}
 
-		const matchPreferences = { usageOrder: this.session.settings.getStorage()?.getModelUsageOrder() };
+		const matchPreferences = getModelMatchPreferences(this.session.settings);
 		const resolvePattern = (pattern: string | undefined): Model<Api> | undefined => {
 			if (!pattern) return undefined;
 			const expanded = expandRoleAlias(pattern, this.session.settings);

package/src/tools/path-utils.ts

@@ -601,6 +601,23 @@ export function parseSearchPath(filePath: string): ParsedSearchPath {
 	};
 }
 
+/**
+ * Async sibling of {@link parseSearchPath} that prefers literal interpretation
+ * when a path containing glob metacharacters resolves to an existing entry on
+ * disk. Disambiguates Next.js/SvelteKit routes like `apps/[id]/page.tsx` —
+ * without this, `[id]` is parsed as a glob character class and silently
+ * matches nothing.
+ */
+export async function parseSearchPathPreferringLiteral(filePath: string, cwd: string): Promise<ParsedSearchPath> {
+	if (!hasGlobPathChars(filePath) || isInternalUrlPath(filePath)) return parseSearchPath(filePath);
+	try {
+		await fs.promises.stat(resolveToCwd(filePath, cwd));
+		return { basePath: filePath };
+	} catch {
+		return parseSearchPath(filePath);
+	}
+}
+
 // Parse a find pattern into a base directory path and a glob pattern.
 // Examples:
 //   src/app/**/\*.tsx -> { basePath: "src/app", globPattern: "**/*.tsx", hasGlob: true }
@@ -707,7 +724,7 @@ async function resolveSearchPathItems(
 
 	const parsedItems = await Promise.all(
 		pathItems.map(async item => {
-			const parsedPath = parseSearchPath(item);
+			const parsedPath = await parseSearchPathPreferringLiteral(item, cwd);
 			const absoluteBasePath = resolveToCwd(parsedPath.basePath, cwd);
 			const stat = await fs.promises.stat(absoluteBasePath);
 			return { raw: item, parsedPath, absoluteBasePath, stat };
@@ -946,6 +963,15 @@ export async function resolveToolSearchScope(opts: ToolScopeOptions): Promise<To
 	if (rawPaths.some(rawPath => rawPath.length === 0)) {
 		throw new ToolError("`paths` must contain non-empty paths or globs");
 	}
+	// External (http/https/ftp/file) URLs are not searchable; route the caller
+	// to `read` instead of letting the path-resolver surface a confusing
+	// "Path not found" for a slash-stripped URL.
+	const externalUrl = rawPaths.find(rawPath => /^(?:https?|ftp|file|ws|wss):\/\//i.test(rawPath));
+	if (externalUrl) {
+		throw new ToolError(
+			`Cannot ${internalUrlAction} external URL: ${externalUrl}. Use \`read\` to fetch web content, then search the returned text.`,
+		);
+	}
 	const internalRouter = InternalUrlRouter.instance();
 	const resolvedPathInputs: string[] = [];
 	const immutableSourcePaths = new Set<string>();
@@ -989,7 +1015,7 @@ export async function resolveToolSearchScope(opts: ToolScopeOptions): Promise<To
 	let multiTargets: ResolvedSearchTarget[] | undefined;
 	let exactFilePaths: string[] | undefined;
 	if (effectivePaths.length === 1) {
-		const parsedPath = parseSearchPath(effectivePaths[0] ?? ".");
+		const parsedPath = await parseSearchPathPreferringLiteral(effectivePaths[0] ?? ".", cwd);
 		searchPath = resolveToCwd(parsedPath.basePath, cwd);
 		globFilter = parsedPath.glob;
 		scopePath = formatPathRelativeToCwd(searchPath, cwd);

package/src/tools/plan-mode-guard.ts

@@ -1,4 +1,6 @@
-import { resolveLocalUrlToPath, resolveVaultUrlToPath } from "../internal-urls";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { resolveLocalRoot, resolveLocalUrlToPath, resolveVaultUrlToPath } from "../internal-urls";
 import type { ToolSession } from ".";
 import { normalizeLocalScheme, resolveToCwd } from "./path-utils";
 import { ToolError } from "./tool-errors";
@@ -6,11 +8,54 @@ import { ToolError } from "./tool-errors";
 const VAULT_SCHEME_PREFIX = "vault:";
 const LOCAL_SCHEME_PREFIX = "local:";
 
-/** True when `targetPath` addresses the session-local artifact sandbox
- *  (`local://…`). Those files are not part of the working tree, so plan mode
- *  treats them as freely writable scratch/plan space. */
-function targetsLocalSandbox(targetPath: string): boolean {
-	return normalizeLocalScheme(targetPath).startsWith(LOCAL_SCHEME_PREFIX);
+/** Resolve the absolute path of the session's `local://` artifact sandbox.
+ *  Returns `null` when the session has no artifact wiring (e.g. tests). */
+function localSandboxRoot(session: ToolSession): string | null {
+	try {
+		return path.resolve(
+			resolveLocalRoot({
+				getArtifactsDir: session.getArtifactsDir,
+				getSessionId: session.getSessionId,
+			}),
+		);
+	} catch {
+		return null;
+	}
+}
+
+/** True when `absolutePath` resolves inside `root` (== root or under it). */
+function isWithinRoot(absolutePath: string, root: string): boolean {
+	if (absolutePath === root) return true;
+	const sep = `${root}${path.sep}`;
+	return absolutePath.startsWith(sep);
+}
+
+/** True when `targetPath` addresses the session-local artifact sandbox.
+ *  Accepts both `local://…` URLs and absolute paths pointing inside the
+ *  resolved sandbox root — the latter is what `read local://…` echoes back
+ *  in the `[path#tag]` header. Those files are not part of the working tree,
+ *  so plan mode treats them as freely writable scratch/plan space. */
+function targetsLocalSandbox(session: ToolSession, targetPath: string): boolean {
+	const normalized = normalizeLocalScheme(targetPath);
+	if (normalized.startsWith(LOCAL_SCHEME_PREFIX)) return true;
+	if (!path.isAbsolute(normalized)) return false;
+	const root = localSandboxRoot(session);
+	if (!root) return false;
+	// Compare both raw and realpath-normalized forms so that
+	// `/tmp/…` vs `/private/tmp/…` (macOS) and other symlink-collapsed
+	// roots both resolve to the same sandbox identity.
+	const resolved = path.resolve(normalized);
+	if (isWithinRoot(resolved, root)) return true;
+	try {
+		const realRoot = fs.realpathSync.native(root);
+		if (isWithinRoot(resolved, realRoot)) return true;
+		// `resolved` itself may live in `/tmp/...` while `realRoot` is `/private/tmp/...`;
+		// realpath the parent dir of `resolved` so we catch that direction too.
+		const realParent = fs.realpathSync.native(path.dirname(resolved));
+		return isWithinRoot(path.join(realParent, path.basename(resolved)), realRoot);
+	} catch {
+		return false;
+	}
 }
 
 /**
@@ -55,7 +100,7 @@ export function enforcePlanModeWrite(
 		throw new ToolError("Plan mode: deleting files is not allowed.");
 	}
 
-	if (targetsLocalSandbox(targetPath)) return;
+	if (targetsLocalSandbox(session, targetPath)) return;
 
 	throw new ToolError(
 		"Plan mode: the working tree is read-only. Write your plan to a local://<slug>-plan.md file instead.",

package/src/tools/read.ts

@@ -9,7 +9,7 @@ import type { Component } from "@oh-my-pi/pi-tui";
 import { Text } from "@oh-my-pi/pi-tui";
 import { getRemoteDir, logger, prompt, readImageMetadata, untilAborted } from "@oh-my-pi/pi-utils";
 import * as z from "zod/v4";
-import { getFileSnapshotStore, recordFileSnapshot } from "../edit/file-snapshot-store";
+import { canonicalSnapshotKey, getFileSnapshotStore, recordFileSnapshot } from "../edit/file-snapshot-store";
 import { normalizeToLF } from "../edit/normalize";
 import { isNotebookPath, readEditableNotebookText } from "../edit/notebook";
 import type { RenderResultOptions } from "../extensibility/custom-tools/types";
@@ -131,7 +131,7 @@ function recordFullHashlineContext(
 ): HashlineHeaderContext | undefined {
 	if (!absolutePath || !path.isAbsolute(absolutePath)) return undefined;
 	const normalized = normalizeToLF(fullText);
-	const tag = getFileSnapshotStore(session).record(absolutePath, normalized);
+	const tag = getFileSnapshotStore(session).record(canonicalSnapshotKey(absolutePath), normalized);
 	return {
 		header: formatHashlineHeader(displayPath, tag),
 		tag,
@@ -1750,15 +1750,25 @@ export class ReadTool implements AgentTool<typeof readSchema, ReadToolDetails> {
 			// Convert document via markit.
 			const result = await convertFileWithMarkit(absolutePath, signal);
 			if (result.ok) {
-				// Apply truncation to converted content
-				const truncation = truncateHead(result.content);
-				const outputText = truncation.content;
-
-				details = { truncation };
-				sourcePath = absolutePath;
-				truncationInfo = { result: truncation, options: { direction: "head", startLine: 1 } };
-
-				content = [{ type: "text", text: outputText }];
+				// Route the converted markdown through the in-memory text builder
+				// so line-range selectors (`file.pdf:50-100`, `:5-16,40-80`) and
+				// raw mode apply against the converted output. Without this,
+				// `file.pdf:50-100` silently returned the head of the document
+				// because only `truncateHead` was being applied.
+				if (isMultiRange(parsed) && parsed.kind === "lines") {
+					return this.#buildInMemoryMultiRangeResult(result.content, parsed.ranges, {
+						details: { resolvedPath: absolutePath },
+						sourcePath: absolutePath,
+						entityLabel: "document",
+					});
+				}
+				const { offset, limit } = selToOffsetLimit(parsed);
+				return this.#buildInMemoryTextResult(result.content, offset, limit, {
+					details: { resolvedPath: absolutePath },
+					sourcePath: absolutePath,
+					entityLabel: "document",
+					raw: isRawSelector(parsed),
+				});
 			} else if (result.error) {
 				content = [{ type: "text", text: `[Cannot read ${ext} file: ${result.error || "conversion failed"}]` }];
 			} else {
@@ -1944,7 +1954,10 @@ export class ReadTool implements AgentTool<typeof readSchema, ReadToolDetails> {
 						// full file and any anchor validates while the file is unchanged.
 						const isWholeFile = offset === undefined && limit === undefined && !wasTruncated;
 						const tag = isWholeFile
-							? getFileSnapshotStore(this.session).record(absolutePath, normalizeToLF(collectedLines.join("\n")))
+							? getFileSnapshotStore(this.session).record(
+									canonicalSnapshotKey(absolutePath),
+									normalizeToLF(collectedLines.join("\n")),
+								)
 							: await recordFileSnapshot(this.session, absolutePath);
 						if (tag) {
 							hashContext = hashlineHeaderContext(formatPathRelativeToCwd(absolutePath, this.session.cwd), tag);

package/src/tools/search.ts

@@ -83,6 +83,7 @@ const searchSchema = z
 		gitignore: z.boolean().optional().describe("respect gitignore"),
 		skip: z
 			.number()
+			.nullable()
 			.optional()
 			.describe("files to skip before collecting results — use to paginate when the prior call hit the file limit"),
 	})
@@ -107,6 +108,10 @@ export const SINGLE_FILE_MATCHES = 200;
  * (DEFAULT_FILE_LIMIT files × MULTI_FILE_PER_FILE_MATCHES matches) plus
  * pagination headroom so the caller can see total file count. */
 const INTERNAL_TOTAL_CAP = 2000;
+/** Mirrors `MAX_FILE_BYTES` in `crates/pi-natives/src/grep.rs`. Native grep
+ * silently returns no matches for files larger than this; surface a warning
+ * when the caller explicitly targeted such a file so they know to chunk it. */
+const NATIVE_GREP_MAX_FILE_BYTES = 4 * 1024 * 1024;
 
 /**
  * Parsed `paths` entry — a path (possibly archive-shaped) plus an optional
@@ -666,7 +671,8 @@ export class SearchTool implements AgentTool<typeof searchSchema, SearchToolDeta
 				throw new ToolError("Pattern must not be empty");
 			}
 
-			const normalizedSkip = skip === undefined ? 0 : Number.isFinite(skip) ? Math.floor(skip) : Number.NaN;
+			const normalizedSkip =
+				skip === undefined || skip === null ? 0 : Number.isFinite(skip) ? Math.floor(skip) : Number.NaN;
 			if (normalizedSkip < 0 || !Number.isFinite(normalizedSkip)) {
 				throw new ToolError("Skip must be a non-negative number");
 			}
@@ -728,7 +734,7 @@ export class SearchTool implements AgentTool<typeof searchSchema, SearchToolDeta
 					// reason instead of a downstream "path not found" from the scope resolver.
 					throw new ToolError(
 						`Cannot search archive member(s): ${archiveUnreadable.join(", ")}. ` +
-							`Read the file directly with \`read <archive>:<member>\` and grep the returned content, ` +
+							`Read the member with \`read <archive>:<member>\` and inspect the returned text, ` +
 							`or pass a UTF-8 text member.`,
 					);
 				}
@@ -991,6 +997,34 @@ export class SearchTool implements AgentTool<typeof searchSchema, SearchToolDeta
 					: "";
 				const { record: recordFile, list: fileList } = createFileRecorder();
 				const fileMatchCounts = new Map<string, number>();
+				// Detect explicit file targets that exceed the native grep size cap.
+				// Native silently returns no matches above the cap; without this note the
+				// caller sees "no matches" for a literal pattern that visibly exists.
+				const oversizedNote = await (async (): Promise<string | undefined> => {
+					const explicitFileTargets: string[] = [];
+					if (exactFilePaths) {
+						explicitFileTargets.push(...exactFilePaths);
+					} else if (searchablePaths.length > 0 && !isDirectory && !multiTargets) {
+						explicitFileTargets.push(searchPath);
+					}
+					if (explicitFileTargets.length === 0) return undefined;
+					const oversized: string[] = [];
+					await Promise.all(
+						explicitFileTargets.map(async target => {
+							try {
+								const st = await stat(target);
+								if (st.isFile() && st.size > NATIVE_GREP_MAX_FILE_BYTES) {
+									oversized.push(path.relative(this.session.cwd, target) || target);
+								}
+							} catch {
+								// Stat failures here are surfaced by other code paths.
+							}
+						}),
+					);
+					if (oversized.length === 0) return undefined;
+					const limitMb = Math.floor(NATIVE_GREP_MAX_FILE_BYTES / (1024 * 1024));
+					return `Skipped oversized files (>${limitMb}MB grep limit; split the file or narrow with \`read\`): ${oversized.join(", ")}`;
+				})();
 				const archiveNote =
 					archiveUnreadable.length > 0
 						? `Skipped archive entries (search supports text members only): ${archiveUnreadable.join(", ")}`
@@ -1002,7 +1036,8 @@ export class SearchTool implements AgentTool<typeof searchSchema, SearchToolDeta
 				const missingPathsNote =
 					missingPathsForNote.length > 0 ? `Skipped missing paths: ${missingPathsForNote.join(", ")}` : undefined;
 				const warningNote =
-					[missingPathsNote, archiveNote].filter((s): s is string => Boolean(s)).join("\n") || undefined;
+					[missingPathsNote, archiveNote, oversizedNote].filter((s): s is string => Boolean(s)).join("\n") ||
+					undefined;
 				if (selectedMatches.length === 0) {
 					const details: SearchToolDetails = {
 						scopePath,

package/src/tools/write.ts

@@ -8,7 +8,7 @@ import type { Component } from "@oh-my-pi/pi-tui";
 import { isEnoent, isRecord, prompt, untilAborted } from "@oh-my-pi/pi-utils";
 import * as z from "zod/v4";
 
-import { getFileSnapshotStore } from "../edit/file-snapshot-store";
+import { canonicalSnapshotKey, getFileSnapshotStore } from "../edit/file-snapshot-store";
 import { normalizeToLF } from "../edit/normalize";
 import type { RenderResultOptions } from "../extensibility/custom-tools/types";
 import { InternalUrlRouter } from "../internal-urls";
@@ -132,7 +132,7 @@ function stripWriteContent(session: ToolSession, content: string): { text: strin
 function maybeWriteSnapshotHeader(session: ToolSession, absolutePath: string, content: string): string | undefined {
 	if (!resolveFileDisplayMode(session).hashLines) return undefined;
 	const normalized = normalizeToLF(content);
-	const tag = getFileSnapshotStore(session).record(absolutePath, normalized);
+	const tag = getFileSnapshotStore(session).record(canonicalSnapshotKey(absolutePath), normalized);
 	return formatHashlineHeader(formatPathRelativeToCwd(absolutePath, session.cwd), tag);
 }
 

package/src/tools/yield.ts

@@ -20,6 +20,14 @@ export interface YieldDetails {
 	data: unknown;
 	status: "success" | "aborted";
 	error?: string;
+	/**
+	 * Set when the yield tool exhausted its in-tool schema-retry budget
+	 * (MAX_SCHEMA_RETRIES) and accepted the data anyway. Surfaced so the
+	 * executor's post-mortem finalizer can honor the override instead of
+	 * re-rejecting the same payload with `schema_violation` — keeping the
+	 * subagent's acceptance and the parent's view of the result in lockstep.
+	 */
+	schemaOverridden?: boolean;
 }
 
 function formatSchema(schema: unknown): string {
@@ -237,7 +245,7 @@ export class YieldTool implements AgentTool<TSchema, YieldDetails> {
 					: "Result submitted.";
 		return {
 			content: [{ type: "text", text: responseText }],
-			details: { data, status, error: errorMessage },
+			details: { data, status, error: errorMessage, schemaOverridden: schemaValidationOverridden || undefined },
 		};
 	}
 }
@@ -254,6 +262,7 @@ subprocessToolRegistry.register<YieldDetails>("yield", {
 			data: record.data,
 			status,
 			error: typeof record.error === "string" ? record.error : undefined,
+			schemaOverridden: record.schemaOverridden === true ? true : undefined,
 		};
 	},
 	shouldTerminate: event => !event.isError,

package/src/utils/commit-message-generator.ts

@@ -8,7 +8,7 @@ import { completeSimple } from "@oh-my-pi/pi-ai";
 import { logger, prompt } from "@oh-my-pi/pi-utils";
 
 import type { ModelRegistry } from "../config/model-registry";
-import { resolveModelRoleValue } from "../config/model-resolver";
+import { getModelMatchPreferences, resolveModelRoleValue } from "../config/model-resolver";
 import type { Settings } from "../config/settings";
 import MODEL_PRIO from "../priority.json" with { type: "json" };
 import commitSystemPrompt from "../prompts/system/commit-message-system.md" with { type: "text" };
@@ -51,7 +51,7 @@ function getSmolModelCandidates(
 		candidates.push({ model, thinkingLevel });
 	};
 
-	const matchPreferences = { usageOrder: settings.getStorage()?.getModelUsageOrder() };
+	const matchPreferences = getModelMatchPreferences(settings);
 	const configuredSmol = resolveModelRoleValue(settings.getModelRole("smol"), availableModels, {
 		settings,
 		matchPreferences,

package/src/utils/enhanced-paste.ts

@@ -7,6 +7,8 @@ const PASTE_EVENT_NAME_BASE64 = Buffer.from("Paste event", "utf8").toString("bas
 
 const IMAGE_MIME_PRIORITY = ["image/png", "image/jpeg", "image/webp", "image/gif"] as const;
 const TEXT_MIME_TYPE = "text/plain";
+/** Kitty's "give me the list of available MIME types" sentinel — see `TARGETS_MIME` in `kitty/clipboard.py`. */
+const MIME_LISTING_TARGET = ".";
 
 type PasteReadKind = "image" | "text";
 
@@ -18,6 +20,7 @@ export interface Osc5522Packet {
 interface PasteListingState {
 	phase: "listing";
 	mimes: string[];
+	kittyDotPayload?: true;
 	pw?: string;
 	loc?: string;
 }
@@ -144,6 +147,25 @@ export class EnhancedPasteController {
 		if (!mimeType) return;
 
 		if (state.phase === "listing") {
+			// Kitty (as of writing) implements the "list available MIME types"
+			// response shape by sending a single DATA packet with `mime="."` and
+			// the available types packed into the payload as a whitespace-
+			// separated list (see `fulfill_read_request` in
+			// kovidgoyal/kitty:kitty/clipboard.py). The 5522-mode ancillary
+			// spec instead encodes each type as its own DATA packet with an
+			// empty payload. Support both — fall through to the per-packet
+			// form when the dot sentinel has no payload, or when the packet
+			// already names a concrete MIME type.
+			if (mimeType === MIME_LISTING_TARGET) {
+				if (!packet.payload) return;
+				const listing = decodeBase64Utf8(packet.payload);
+				if (!listing) return;
+				state.kittyDotPayload = true;
+				for (const candidate of listing.split(/\s+/)) {
+					if (candidate && candidate !== MIME_LISTING_TARGET) state.mimes.push(candidate);
+				}
+				return;
+			}
 			state.mimes.push(mimeType);
 			return;
 		}
@@ -192,11 +214,17 @@ export class EnhancedPasteController {
 			chunks: [],
 		};
 
-		const metadata = [`type=read`, `mime=${Buffer.from(selected.mimeType, "utf8").toString("base64")}`];
+		const encodedMime = Buffer.from(selected.mimeType, "utf8").toString("base64");
+		const metadata = ["type=read"];
 		if (state.loc) metadata.push(`loc=${state.loc}`);
 		if (state.pw) {
 			metadata.push(`pw=${state.pw}`, `name=${PASTE_EVENT_NAME_BASE64}`);
 		}
-		this.#handlers.write(`${OSC5522_PREFIX}${metadata.join(":")}${OSC_TERMINATOR_ST}`);
+		if (state.kittyDotPayload) {
+			this.#handlers.write(`${OSC5522_PREFIX}${metadata.join(":")};${encodedMime}${OSC_TERMINATOR_BEL}`);
+			return;
+		}
+		metadata.push(`mime=${encodedMime}`);
+		this.#handlers.write(`${OSC5522_PREFIX}${metadata.join(":")}${OSC_TERMINATOR_BEL}`);
 	}
 }