@oh-my-pi/pi-coding-agent 15.11.3 → 15.11.6

package/src/tools/tts.ts

@@ -1,6 +1,7 @@
 // Ported from NousResearch/hermes-agent (MIT) — tools/tts_tool.py L167-171, L896-959.
 
 import type { AgentToolResult } from "@oh-my-pi/pi-agent-core";
+import { type ApiKey, ProviderHttpError, withAuth } from "@oh-my-pi/pi-ai";
 import * as z from "zod/v4";
 import type { CustomTool, CustomToolContext } from "../extensibility/custom-tools/types";
 import { ohMyPiXAIUserAgent, resolveXAIHttpCredentials } from "../lib/xai-http";
@@ -96,27 +97,46 @@ export const ttsTool: CustomTool<typeof ttsSchema, TtsToolDetails> = {
 		const timeoutSignal = AbortSignal.timeout(60_000);
 		const combinedSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;
 
-		const response = await fetch(`${creds.baseURL}/tts`, {
-			method: "POST",
-			headers: {
-				Authorization: `Bearer ${creds.apiKey}`,
-				"Content-Type": "application/json",
-				"User-Agent": ohMyPiXAIUserAgent(),
-			},
-			body: JSON.stringify(payload),
-			signal: combinedSignal,
+		const sessionId = ctx.sessionManager.getSessionId();
+		const apiKey: ApiKey = ctx.modelRegistry.resolver(creds.provider, {
+			sessionId,
+			baseUrl: creds.baseURL,
 		});
-		if (!response.ok) {
-			const detail = await response.text();
-			return {
-				isError: true,
-				content: [
-					{
-						type: "text",
-						text: `xAI TTS failed (${response.status}): ${detail.slice(0, 300)}`,
-					},
-				],
-			};
+
+		let response: Response;
+		try {
+			response = await withAuth(
+				apiKey,
+				async key => {
+					const resp = await fetch(`${creds.baseURL}/tts`, {
+						method: "POST",
+						headers: {
+							Authorization: `Bearer ${key}`,
+							"Content-Type": "application/json",
+							"User-Agent": ohMyPiXAIUserAgent(),
+						},
+						body: JSON.stringify(payload),
+						signal: combinedSignal,
+					});
+					if (!resp.ok) {
+						const detail = await resp.text();
+						throw new ProviderHttpError(`xAI TTS failed (${resp.status}): ${detail.slice(0, 300)}`, resp.status, {
+							headers: resp.headers,
+						});
+					}
+					return resp;
+				},
+				{ signal: combinedSignal },
+			);
+		} catch (error) {
+			const status = (error as { status?: unknown }).status;
+			if (error instanceof Error && typeof status === "number") {
+				return {
+					isError: true,
+					content: [{ type: "text", text: error.message }],
+				};
+			}
+			throw error;
 		}
 		const bytes = new Uint8Array(await response.arrayBuffer());
 		await Bun.write(outputPath, bytes);

package/src/utils/clipboard.ts

@@ -125,6 +125,56 @@ async function readImageViaPowerShell(): Promise<ClipboardImage | null> {
 	}
 }
 
+// PowerShell one-liner that emits the clipboard text verbatim on stdout, or
+// nothing when the clipboard holds no text. `[Console]::Out.Write` avoids the
+// trailing newline Write-Output would add; output encoding is forced to UTF-8
+// so non-ASCII text survives the interop boundary regardless of console
+// codepage.
+const POWERSHELL_TEXT_SCRIPT = `
+$ErrorActionPreference = 'Stop'
+[Console]::OutputEncoding = [Text.Encoding]::UTF8
+[Console]::Out.Write([string](Get-Clipboard -Raw))
+`;
+
+/**
+ * Read clipboard text through Windows PowerShell — native win32 or the WSL
+ * host over interop.
+ *
+ * Same rationale as `readImageViaPowerShell`: under WSL, the WSLg Wayland
+ * clipboard only works when `wl-clipboard` happens to be installed in the
+ * distro, while `powershell.exe` is always reachable. Forcing UTF-8 output
+ * encoding keeps non-ASCII text intact regardless of the console codepage
+ * (the legacy win32 `Get-Clipboard` shell-out mangled it), and `Bun.spawn`
+ * keeps a cold PowerShell start off the TUI event loop.
+ *
+ * Returns null when the bridge fails (WSL callers fall through to
+ * wl-paste/xclip); an empty string is a successful "no text" read.
+ */
+async function readTextViaPowerShell(): Promise<string | null> {
+	try {
+		const proc = Bun.spawn(["powershell.exe", "-NoProfile", "-NonInteractive", "-Command", POWERSHELL_TEXT_SCRIPT], {
+			stdout: "pipe",
+			stderr: "ignore",
+			stdin: "ignore",
+		});
+		const timer = setTimeout(() => proc.kill(), POWERSHELL_TIMEOUT_MS);
+		let stdout = "";
+		try {
+			stdout = await new Response(proc.stdout).text();
+			await proc.exited;
+		} catch (err) {
+			logger.warn("clipboard: powershell text read failed", { error: String(err) });
+			return null;
+		} finally {
+			clearTimeout(timer);
+		}
+		if (proc.exitCode !== 0) return null;
+		return stdout.replaceAll("\r\n", "\n");
+	} catch {
+		return null;
+	}
+}
+
 /**
  * Read an image from the system clipboard.
  *
@@ -165,14 +215,16 @@ export async function readTextFromClipboard(): Promise<string> {
 			return execSync("pbpaste", { encoding: "utf8", timeout: 2000 }).toString();
 		}
 		if (p === "win32") {
-			return execSync('powershell.exe -NoProfile -Command "Get-Clipboard"', {
-				encoding: "utf8",
-				timeout: 2000,
-			}).toString();
+			return (await readTextViaPowerShell()) ?? "";
 		}
 		if (process.env.TERMUX_VERSION) {
 			return execSync("termux-clipboard-get", { encoding: "utf8", timeout: 2000 }).toString();
 		}
+		if (isWsl()) {
+			const text = await readTextViaPowerShell();
+			if (text !== null) return text;
+			// Bridge failed — fall through to the wl-paste/xclip paths below.
+		}
 		const hasWaylandDisplay = Boolean(process.env.WAYLAND_DISPLAY);
 		const hasX11Display = Boolean(process.env.DISPLAY);
 		if (hasWaylandDisplay) {

package/src/utils/commit-message-generator.ts

@@ -112,11 +112,7 @@ export async function generateCommitMessage(
 					messages: [{ role: "user", content: userMessage, timestamp: Date.now() }],
 				},
 				{
-					apiKey: registry.resolver(candidate.model.provider, {
-						sessionId,
-						baseUrl: candidate.model.baseUrl,
-						modelId: candidate.model.id,
-					}),
+					apiKey: registry.resolver(candidate.model, sessionId),
 					maxTokens,
 					reasoning: toReasoningEffort(candidate.thinkingLevel),
 				},

package/src/utils/session-color.ts

@@ -1,4 +1,4 @@
-import { hslToHex, relativeLuminance } from "@oh-my-pi/pi-utils";
+import { hexToHsv, hslToHex, relativeLuminance } from "@oh-my-pi/pi-utils";
 
 /**
  * Derive a stable hue (0-359) from a string using djb2 hash.
@@ -25,23 +25,97 @@ function accentLuminanceCap(surfaceLuminance: number): number {
 	return Math.max(0, (surfaceLuminance + 0.05) / ACCENT_MIN_CONTRAST - 0.05);
 }
 
+/** Minimum angular distance in hue degrees from any theme color to avoid visual collision. */
+const MIN_HUE_DISTANCE = 10;
+/** Saturation threshold below which hue is meaningless (near-gray). */
+const MIN_SATURATION_FOR_HUE = 0.1;
+
+/** Angular distance between two hue values (0-360). */
+function hueDistance(a: number, b: number): number {
+	const d = Math.abs(a - b);
+	return Math.min(d, 360 - d);
+}
+
+/**
+ * Parse hue (0-360) from a hex color string.
+ * Returns undefined for near-gray colors where hue is not meaningful.
+ */
+function hexToHue(hex: string): number | undefined {
+	const hsv = hexToHsv(hex);
+	if (hsv.s < MIN_SATURATION_FOR_HUE) return undefined;
+	return hsv.h;
+}
+
+/**
+ * Find a hue at least {@link MIN_HUE_DISTANCE} from all occupied hues,
+ * clamped to [lo, hi] to prevent leaving the intended hue band.
+ * Returns `target` unchanged if no safe hue exists within bounds.
+ */
+function findSafeHue(target: number, occupied: number[], lo: number, hi: number): number {
+	if (occupied.length === 0) return target;
+	if (occupied.every(h => hueDistance(target, h) >= MIN_HUE_DISTANCE)) {
+		return target;
+	}
+	for (let d = 1; d <= hi - lo; d++) {
+		for (const dir of [1, -1]) {
+			const candidate = Math.max(lo, Math.min(hi, target + d * dir));
+			if (occupied.every(h => hueDistance(candidate, h) >= MIN_HUE_DISTANCE)) {
+				return candidate;
+			}
+		}
+	}
+	// fallback: keep the original target if no safe spot exists within the band
+	return target;
+}
+
+/** Hue range low and high for dark themes (warm: red → yellow → green). */
+const DARK_HUE_START = 0;
+const DARK_HUE_END = 120;
+/** Hue range low and high for light themes (cool: cyan → blue → purple). */
+const LIGHT_HUE_START = 180;
+const LIGHT_HUE_END = 300;
+
 /**
- * Derive a stable CSS hex accent color from a session name.
+ * Derive a stable CSS hex accent color from a session name and the active theme.
+ *
+ * Picks a hue from a **dark/light-specific range** so the accent feels natural
+ * for the theme type (warm on dark, cool on light). The session name hash
+ * determines the exact hue within the range. The result is checked against
+ * all theme color hues and shifted if it lands within {@link MIN_HUE_DISTANCE}
+ * of an existing theme hue, but is clamped to the hue band so it never
+ * drifts into an unrelated part of the spectrum.
  *
  * On dark themes (`surfaceLuminance` undefined) the accent is vivid (high
  * saturation, high lightness). On light themes the lightness is reduced until the
  * accent's perceived luminance clears {@link ACCENT_MIN_CONTRAST} against the
  * actual surface it renders on — so it stays legible on near-white *and* mid-light
- * backgrounds — while keeping the same per-session hue.
+ * backgrounds.
+ *
+ * @param name — session name for per-session uniqueness.
+ * @param themeColorHexes — all theme colors to check collision against.
+ * @param surfaceLuminance — undefined on dark themes; WCAG luminance of the
+ *   status-line background on light themes.
  */
-export function getSessionAccentHex(name: string, surfaceLuminance?: number): string {
-	const hue = nameToHue(name);
+export function getSessionAccentHex(name: string, themeColorHexes: string[], surfaceLuminance?: number): string {
+	// 1. Pick hue range based on theme mode
+	const hueStart = surfaceLuminance === undefined ? DARK_HUE_START : LIGHT_HUE_START;
+	const hueEnd = surfaceLuminance === undefined ? DARK_HUE_END : LIGHT_HUE_END;
+	const range = hueEnd - hueStart;
+
+	// 2. Session name picks within the range
+	let targetHue = hueStart + (nameToHue(name) % range);
+
+	// 3. Shift away if too close to any theme color — stays within [hueStart, hueEnd]
+	const themeHues = themeColorHexes.map(hexToHue).filter((h): h is number => h !== undefined);
+	targetHue = findSafeHue(targetHue, themeHues, hueStart, hueEnd);
+
+	// 4. Lightness/contrast — vivid on dark, bisected for AA on light
 	if (surfaceLuminance === undefined) {
-		return hslToHex(hue, ACCENT_SATURATION, ACCENT_DARK_LIGHTNESS);
+		return hslToHex(targetHue, ACCENT_SATURATION, ACCENT_DARK_LIGHTNESS);
 	}
 
 	const cap = accentLuminanceCap(surfaceLuminance);
-	const top = hslToHex(hue, ACCENT_SATURATION, ACCENT_DARK_LIGHTNESS);
+	const top = hslToHex(targetHue, ACCENT_SATURATION, ACCENT_DARK_LIGHTNESS);
 	if ((relativeLuminance(top) ?? 0) <= cap) return top;
 
 	// Bisect lightness: `lo` always yields luminance <= cap, `hi` always above it.
@@ -49,13 +123,13 @@ export function getSessionAccentHex(name: string, surfaceLuminance?: number): st
 	let hi = ACCENT_DARK_LIGHTNESS;
 	for (let i = 0; i < 20; i++) {
 		const mid = (lo + hi) / 2;
-		if ((relativeLuminance(hslToHex(hue, ACCENT_SATURATION, mid)) ?? 0) > cap) {
+		if ((relativeLuminance(hslToHex(targetHue, ACCENT_SATURATION, mid)) ?? 0) > cap) {
 			hi = mid;
 		} else {
 			lo = mid;
 		}
 	}
-	return hslToHex(hue, ACCENT_SATURATION, lo);
+	return hslToHex(targetHue, ACCENT_SATURATION, lo);
 }
 
 /**

package/src/utils/title-generator.ts

@@ -258,7 +258,7 @@ export async function generateTitleOnline(
 				tools: [setTitleTool],
 			},
 			{
-				apiKey: registry.resolver(model.provider, { sessionId, baseUrl: model.baseUrl, modelId: model.id }),
+				apiKey: registry.resolver(model, sessionId),
 				maxTokens,
 				disableReasoning: true,
 				toolChoice: { type: "tool", name: SET_TITLE_TOOL_NAME },

package/src/web/kagi.ts

@@ -6,7 +6,7 @@
  * through the shared {@link AuthStorage} broker (Bearer token), and responses
  * are categorized result buckets rather than the legacy flat object array.
  */
-import type { AuthStorage, FetchImpl } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, type FetchImpl, withAuth } from "@oh-my-pi/pi-ai";
 import { withHardTimeout } from "./search/providers/utils";
 
 const KAGI_SEARCH_URL = "https://kagi.com/api/v1/search";
@@ -173,14 +173,6 @@ export interface KagiSearchResult {
 	answer?: string;
 }
 
-export async function findKagiApiKey(
-	authStorage: AuthStorage,
-	sessionId?: string,
-	signal?: AbortSignal,
-): Promise<string | null> {
-	return (await authStorage.getApiKey("kagi", sessionId, { signal })) ?? null;
-}
-
 /**
  * Compute a YYYY-MM-DD date string `recency` units before now, in UTC.
  * UTC keeps the recency window deterministic regardless of host timezone and
@@ -247,27 +239,34 @@ export async function searchWithKagi(
 	options: KagiSearchOptions = {},
 	authStorage: AuthStorage,
 ): Promise<KagiSearchResult> {
-	const apiKey = await findKagiApiKey(authStorage, options.sessionId, options.signal);
-	if (!apiKey) {
-		throw new KagiApiError("Kagi credentials not found. Set KAGI_API_KEY or login with 'omp /login kagi'.");
-	}
-
 	const fetchImpl = options.fetch ?? fetch;
+	const body = JSON.stringify(buildRequestBody(query, options));
+
+	const response = await withAuth(
+		authStorage.resolver("kagi", { sessionId: options.sessionId }),
+		async apiKey => {
+			const res = await fetchImpl(KAGI_SEARCH_URL, {
+				method: "POST",
+				headers: {
+					Authorization: `Bearer ${apiKey}`,
+					"Content-Type": "application/json",
+					Accept: "application/json",
+				},
+				body,
+				signal: withHardTimeout(options.signal),
+			});
+
+			if (!res.ok) {
+				throw parseKagiErrorResponse(res.status, await res.text());
+			}
 
-	const response = await fetchImpl(KAGI_SEARCH_URL, {
-		method: "POST",
-		headers: {
-			Authorization: `Bearer ${apiKey}`,
-			"Content-Type": "application/json",
-			Accept: "application/json",
+			return res;
 		},
-		body: JSON.stringify(buildRequestBody(query, options)),
-		signal: withHardTimeout(options.signal),
-	});
-
-	if (!response.ok) {
-		throw parseKagiErrorResponse(response.status, await response.text());
-	}
+		{
+			signal: options.signal,
+			missingKeyMessage: "Kagi credentials not found. Set KAGI_API_KEY or login with 'omp /login kagi'.",
+		},
+	);
 
 	const payload = (await response.json()) as KagiSearchResponse;
 	if (payload.error && payload.error.length > 0) {

package/src/web/search/providers/codex.ts

@@ -7,7 +7,7 @@
  * SQLite store, never POSTs the broker sentinel to an OpenAI token endpoint.
  */
 import * as os from "node:os";
-import type { AuthStorage, FetchImpl } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, type FetchImpl, type OAuthAccess, withOAuthAccess } from "@oh-my-pi/pi-ai";
 import { decodeJwt } from "@oh-my-pi/pi-ai/oauth/openai-codex";
 import { getBundledModels } from "@oh-my-pi/pi-catalog/models";
 import { $env, readSseJson } from "@oh-my-pi/pi-utils";
@@ -287,12 +287,12 @@ async function findCodexAuth(
 	authStorage: AuthStorage,
 	sessionId: string | undefined,
 	signal: AbortSignal | undefined,
-): Promise<{ accessToken: string; accountId: string } | null> {
+): Promise<{ access: OAuthAccess; accountId: string } | null> {
 	const access = await authStorage.getOAuthAccess("openai-codex", sessionId, { signal });
 	if (!access) return null;
 	const accountId = access.accountId ?? getAccountIdFromJwt(access.accessToken);
 	if (!accountId) return null;
-	return { accessToken: access.accessToken, accountId };
+	return { access, accountId };
 }
 
 /**
@@ -495,8 +495,8 @@ async function callCodexSearch(
  *   `gpt-5-codex-mini` first on ChatGPT accounts, which OpenAI rejects.
  */
 export async function searchCodex(params: SearchParams): Promise<SearchResponse> {
-	const auth = await findCodexAuth(params.authStorage, params.sessionId, params.signal);
-	if (!auth) {
+	const seed = await findCodexAuth(params.authStorage, params.sessionId, params.signal);
+	if (!seed) {
 		throw new Error(
 			"No Codex OAuth credentials found. Login with 'omp /login openai-codex' to enable Codex web search.",
 		);
@@ -505,42 +505,44 @@ export async function searchCodex(params: SearchParams): Promise<SearchResponse>
 	const configuredModel = getConfiguredModel();
 	const modelCandidates = configuredModel ? [configuredModel] : getDefaultModelCandidates();
 
-	let result:
-		| {
-				answer: string;
-				sources: SearchSource[];
-				model: string;
-				requestId: string;
-				usage?: { inputTokens: number; outputTokens: number; totalTokens: number };
-		  }
-		| undefined;
-	let lastError: unknown;
-
-	for (let index = 0; index < modelCandidates.length; index += 1) {
-		const modelId = modelCandidates[index];
-		if (!modelId) continue;
-
-		try {
-			result = await callCodexSearch(auth, params.query, {
-				signal: params.signal,
-				systemPrompt: params.systemPrompt,
-				searchContextSize: "high",
-				modelId,
-				fetch: params.fetch,
-			});
-			break;
-		} catch (error) {
-			lastError = error;
-			const isLastCandidate = index === modelCandidates.length - 1;
-			if (configuredModel || isLastCandidate || !shouldRetryWithNextDefaultModel(error)) {
-				throw error;
+	const result = await withOAuthAccess(
+		params.authStorage,
+		"openai-codex",
+		async access => {
+			// Derive ALL auth material from the access this attempt received —
+			// a refreshed/rotated credential carries a different bearer and
+			// ChatGPT account id than the seed.
+			const accountId = access.accountId ?? getAccountIdFromJwt(access.accessToken);
+			if (!accountId) {
+				throw new Error("Codex OAuth credential is missing a ChatGPT account id");
 			}
-		}
-	}
-
-	if (!result) {
-		throw lastError ?? new Error("Codex search failed without returning a result");
-	}
+			const auth = { accessToken: access.accessToken, accountId };
+
+			let lastError: unknown;
+			for (let index = 0; index < modelCandidates.length; index += 1) {
+				const modelId = modelCandidates[index];
+				if (!modelId) continue;
+
+				try {
+					return await callCodexSearch(auth, params.query, {
+						signal: params.signal,
+						systemPrompt: params.systemPrompt,
+						searchContextSize: "high",
+						modelId,
+						fetch: params.fetch,
+					});
+				} catch (error) {
+					lastError = error;
+					const isLastCandidate = index === modelCandidates.length - 1;
+					if (configuredModel || isLastCandidate || !shouldRetryWithNextDefaultModel(error)) {
+						throw error;
+					}
+				}
+			}
+			throw lastError ?? new Error("Codex search failed without returning a result");
+		},
+		{ sessionId: params.sessionId, signal: params.signal, seed: seed.access },
+	);
 
 	let sources = result.sources;
 

package/src/web/search/providers/gemini.ts

@@ -8,7 +8,7 @@
  * sibling SQLite store and never POSTs the broker sentinel to a Google token
  * endpoint.
  */
-import type { AuthStorage, FetchImpl } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, type FetchImpl, type OAuthAccess, withOAuthAccess } from "@oh-my-pi/pi-ai";
 import {
 	ANTIGRAVITY_SYSTEM_INSTRUCTION,
 	getAntigravityUserAgent,
@@ -72,25 +72,29 @@ interface GeminiAuth {
 	isAntigravity: boolean;
 }
 
+/** First configured Gemini OAuth provider plus its pre-resolved access. */
+interface GeminiAuthSeed {
+	provider: GeminiProviderId;
+	access: OAuthAccess;
+	projectId: string;
+}
+
 /**
  * Walks the configured Gemini OAuth providers in deterministic order and
  * returns the first one that yields a usable access token + projectId via
  * {@link AuthStorage.getOAuthAccess}. AuthStorage handles refresh + broker
  * routing internally; this helper never touches refresh tokens directly.
+ * The resolved access seeds `withOAuthAccess` so the happy path resolves once.
  */
 export async function findGeminiAuth(
 	authStorage: AuthStorage,
 	sessionId: string | undefined,
 	signal: AbortSignal | undefined,
-): Promise<GeminiAuth | null> {
+): Promise<GeminiAuthSeed | null> {
 	for (const provider of GEMINI_PROVIDERS) {
 		const access = await authStorage.getOAuthAccess(provider, sessionId, { signal });
 		if (!access?.accessToken || !access.projectId) continue;
-		return {
-			accessToken: access.accessToken,
-			projectId: access.projectId,
-			isAntigravity: provider === "google-antigravity",
-		};
+		return { provider, access, projectId: access.projectId };
 	}
 	return null;
 }
@@ -390,26 +394,42 @@ async function callGeminiSearch(
  * Executes a web search using Google Gemini with Google Search grounding.
  */
 export async function searchGemini(params: GeminiSearchParams): Promise<SearchResponse> {
-	const auth = await findGeminiAuth(params.authStorage, params.sessionId, params.signal);
-	if (!auth) {
+	const seed = await findGeminiAuth(params.authStorage, params.sessionId, params.signal);
+	if (!seed) {
 		throw new Error(
 			"No Gemini OAuth credentials found. Login with 'omp /login google-gemini-cli' or 'omp /login google-antigravity' to enable Gemini web search.",
 		);
 	}
 
-	const result = await callGeminiSearch(
-		auth,
-		params.query,
-		params.system_prompt,
-		params.max_output_tokens,
-		params.temperature,
-		{
-			google_search: params.google_search,
-			code_execution: params.code_execution,
-			url_context: params.url_context,
-		},
-		params.fetch,
-		params.signal,
+	const isAntigravity = seed.provider === "google-antigravity";
+	const result = await withOAuthAccess(
+		params.authStorage,
+		seed.provider,
+		access =>
+			// Derive bearer + projectId from the access this attempt received; a
+			// re-resolved access may omit projectId, in which case the seed's
+			// project is still the right tenant for the credential. The
+			// `fetchWithRetry` transport backoff stays INSIDE this attempt — auth
+			// retry wraps transport retry.
+			callGeminiSearch(
+				{
+					accessToken: access.accessToken,
+					projectId: access.projectId ?? seed.projectId,
+					isAntigravity,
+				},
+				params.query,
+				params.system_prompt,
+				params.max_output_tokens,
+				params.temperature,
+				{
+					google_search: params.google_search,
+					code_execution: params.code_execution,
+					url_context: params.url_context,
+				},
+				params.fetch,
+				params.signal,
+			),
+		{ sessionId: params.sessionId, signal: params.signal, seed: seed.access },
 	);
 
 	let sources = result.sources;

package/src/web/search/providers/perplexity.ts

@@ -8,7 +8,7 @@
  * - Anonymous via `www.perplexity.ai/rest/sse/perplexity_ask`
  */
 
-import { type AuthStorage, type FetchImpl, getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, type FetchImpl, getEnvApiKey, type OAuthAccess, withOAuthAccess } from "@oh-my-pi/pi-ai";
 import { $env, readSseJson } from "@oh-my-pi/pi-utils";
 import type {
 	PerplexityMessageOutput,
@@ -43,7 +43,7 @@ type PerplexityAuth =
 	  }
 	| {
 			type: "oauth";
-			token: string;
+			access: OAuthAccess;
 	  }
 	| {
 			type: "cookies";
@@ -302,11 +302,11 @@ function jwtExpiryMs(token: string): number | undefined {
 	}
 }
 
-async function findOAuthToken(
+async function findOAuthAccess(
 	authStorage: AuthStorage,
 	sessionId: string | undefined,
 	signal: AbortSignal | undefined,
-): Promise<string | null> {
+): Promise<OAuthAccess | null> {
 	try {
 		// `getOAuthAccess` returns the raw OAuth bearer only — runtime/config
 		// api_key overrides and stored api_key credentials are intentionally
@@ -314,12 +314,12 @@ async function findOAuthToken(
 		// `www.perplexity.ai` session/SSE endpoint.
 		const access = await authStorage.getOAuthAccess("perplexity", sessionId, { signal });
 		const token = access?.accessToken;
-		if (!token) return null;
+		if (!access || !token) return null;
 		// Trust the JWT's own `exp` claim if it has one; otherwise treat as
 		// non-expiring. Perplexity session JWTs commonly omit `exp`.
 		const jwtExpiry = jwtExpiryMs(token);
 		if (jwtExpiry !== undefined && jwtExpiry <= Date.now() + OAUTH_EXPIRY_BUFFER_MS) return null;
-		return token;
+		return access;
 	} catch {
 		return null;
 	}
@@ -339,9 +339,9 @@ async function findPerplexityAuth(
 	const apiKey = findApiKey();
 
 	// 2. OAuth/session bearer from AuthStorage.
-	const oauthToken = await findOAuthToken(authStorage, sessionId, signal);
-	if (oauthToken) {
-		return { type: "oauth", token: oauthToken };
+	const oauthAccess = await findOAuthAccess(authStorage, sessionId, signal);
+	if (oauthAccess) {
+		return { type: "oauth", access: oauthAccess };
 	}
 
 	// 3. PERPLEXITY_API_KEY env var
@@ -646,7 +646,19 @@ export async function searchPerplexity(params: PerplexitySearchParams): Promise<
 	const auth = await findPerplexityAuth(params.authStorage, params.sessionId, params.signal);
 
 	if (auth.type !== "api_key") {
-		const askResult = await callPerplexityAsk(auth, params);
+		// OAuth bearer mode routes the whole authenticated unit (the ask
+		// session/SSE request) through the central auth-retry policy so a 401 or
+		// usage-limit force-refreshes, then rotates to a sibling credential.
+		// Cookie/env/anonymous modes have no rotatable credential — untouched.
+		const askResult =
+			auth.type === "oauth"
+				? await withOAuthAccess(
+						params.authStorage,
+						"perplexity",
+						access => callPerplexityAsk({ type: "oauth", token: access.accessToken }, params),
+						{ sessionId: params.sessionId, signal: params.signal, seed: auth.access },
+					)
+				: await callPerplexityAsk(auth, params);
 		return applySourceLimit(
 			{
 				provider: "perplexity",