@oh-my-pi/pi-coding-agent 15.3.2 → 15.4.1

package/src/web/search/providers/parallel.ts

@@ -1,27 +1,175 @@
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import type { SearchResponse } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
-import { findParallelApiKey, ParallelApiError, searchWithParallel } from "../../parallel";
+import { ParallelApiError, type ParallelSearchResult, type ParallelSearchSource } from "../../parallel";
 import { clampNumResults } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, toSearchSources } from "./utils";
+import { classifyProviderHttpError, toSearchSources, withHardTimeout } from "./utils";
 
 const DEFAULT_NUM_RESULTS = 10;
 const MAX_NUM_RESULTS = 40;
+const PARALLEL_SEARCH_URL = "https://api.parallel.ai/v1beta/search";
+const PARALLEL_BETA_HEADER = "search-extract-2025-10-10";
 
-export async function searchParallel(params: {
-	query: string;
-	num_results?: number;
-	signal?: AbortSignal;
-}): Promise<SearchResponse> {
-	const numResults = clampNumResults(params.num_results, DEFAULT_NUM_RESULTS, MAX_NUM_RESULTS);
+function isObject(value: unknown): value is object {
+	return typeof value === "object" && value !== null;
+}
+
+function getOwnValue(value: object, key: string): unknown {
+	return Object.getOwnPropertyDescriptor(value, key)?.value;
+}
+
+function getString(value: object, key: string): string | undefined {
+	const field = getOwnValue(value, key);
+	return typeof field === "string" ? field : undefined;
+}
+
+function getObjectArray(value: object, key: string): object[] {
+	const field = getOwnValue(value, key);
+	return Array.isArray(field) ? field.filter(isObject) : [];
+}
+
+function getStringArray(value: object, key: string): string[] {
+	const field = getOwnValue(value, key);
+	return Array.isArray(field) ? field.filter((item): item is string => typeof item === "string") : [];
+}
+
+function extractParallelErrorMessage(payload: unknown): string | null {
+	if (!isObject(payload)) return null;
+
+	const directMessage = getString(payload, "message") ?? getString(payload, "detail") ?? getString(payload, "error");
+	if (directMessage && directMessage.trim().length > 0) {
+		return directMessage.trim();
+	}
+
+	const errorObject = getOwnValue(payload, "error");
+	if (isObject(errorObject)) {
+		const nestedMessage = getString(errorObject, "message") ?? getString(errorObject, "detail");
+		if (nestedMessage && nestedMessage.trim().length > 0) {
+			return nestedMessage.trim();
+		}
+	}
+
+	return null;
+}
+
+function createParallelApiError(statusCode: number, detail?: string): ParallelApiError {
+	return new ParallelApiError(
+		detail ? `Parallel API error (${statusCode}): ${detail}` : `Parallel API error (${statusCode})`,
+		statusCode,
+	);
+}
+
+function parseParallelErrorResponse(statusCode: number, responseText: string): ParallelApiError {
+	const trimmedResponseText = responseText.trim();
+	if (trimmedResponseText.length === 0) {
+		return createParallelApiError(statusCode);
+	}
 
 	try {
-		const result = await searchWithParallel(params.query, [params.query], {
-			mode: "fast",
-			maxCharsPerResult: 10_000,
-			signal: params.signal,
+		const payload: unknown = JSON.parse(trimmedResponseText);
+		return createParallelApiError(statusCode, extractParallelErrorMessage(payload) ?? trimmedResponseText);
+	} catch {
+		return createParallelApiError(statusCode, trimmedResponseText);
+	}
+}
+
+function parseSearchPayload(payload: unknown): ParallelSearchResult {
+	if (!isObject(payload)) {
+		throw new ParallelApiError("Parallel search returned an invalid response payload.");
+	}
+
+	const requestId = getString(payload, "search_id") ?? "";
+	const rawResults = getObjectArray(payload, "results");
+	const sources: ParallelSearchSource[] = [];
+
+	for (const item of rawResults) {
+		const url = getString(item, "url");
+		if (!url) continue;
+
+		const excerpts = getStringArray(item, "excerpts");
+		const snippet = excerpts.length > 0 ? excerpts.join("\n\n") : undefined;
+		sources.push({
+			title: getString(item, "title") ?? url,
+			url,
+			snippet,
+			publishedDate: getString(item, "publish_date"),
+			excerpts,
 		});
+	}
+
+	return {
+		requestId,
+		sources,
+		warnings: [],
+		usage: [],
+	};
+}
+
+async function searchWithAuthStorage(
+	objective: string,
+	queries: string[],
+	params: {
+		signal?: AbortSignal;
+	},
+	authStorage: AuthStorage,
+	sessionId?: string,
+): Promise<ParallelSearchResult> {
+	const apiKey = await authStorage.getApiKey("parallel", sessionId, { signal: params.signal });
+	if (!apiKey) {
+		throw new ParallelApiError(
+			"Parallel credentials not found. Set PARALLEL_API_KEY or login with 'omp /login parallel'.",
+		);
+	}
+
+	const response = await fetch(PARALLEL_SEARCH_URL, {
+		method: "POST",
+		headers: {
+			Accept: "application/json",
+			"Content-Type": "application/json",
+			"x-api-key": apiKey,
+			"parallel-beta": PARALLEL_BETA_HEADER,
+		},
+		body: JSON.stringify({
+			objective,
+			search_queries: queries,
+			mode: "fast",
+			excerpts: {
+				max_chars_per_result: 10_000,
+			},
+		}),
+		signal: withHardTimeout(params.signal),
+	});
+	if (!response.ok) {
+		throw parseParallelErrorResponse(response.status, await response.text());
+	}
+
+	const payload: unknown = await response.json();
+	return parseSearchPayload(payload);
+}
+
+export async function searchParallel(
+	params: {
+		query: string;
+		num_results?: number;
+		signal?: AbortSignal;
+	},
+	authStorage: AuthStorage,
+	sessionId?: string,
+): Promise<SearchResponse> {
+	const numResults = clampNumResults(params.num_results, DEFAULT_NUM_RESULTS, MAX_NUM_RESULTS);
+
+	try {
+		const result = await searchWithAuthStorage(
+			params.query,
+			[params.query],
+			{
+				signal: params.signal,
+			},
+			authStorage,
+			sessionId,
+		);
 
 		return {
 			provider: "parallel",
@@ -44,19 +192,19 @@ export class ParallelProvider extends SearchProvider {
 	readonly id = "parallel";
 	readonly label = "Parallel";
 
-	async isAvailable() {
-		try {
-			return !!(await findParallelApiKey());
-		} catch {
-			return false;
-		}
+	isAvailable(authStorage: AuthStorage) {
+		return !!getEnvApiKey("parallel") || authStorage.hasAuth("parallel");
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
-		return searchParallel({
-			query: params.query,
-			num_results: params.numSearchResults ?? params.limit,
-			signal: params.signal,
-		});
+		return searchParallel(
+			{
+				query: params.query,
+				num_results: params.numSearchResults ?? params.limit,
+				signal: params.signal,
+			},
+			params.authStorage,
+			params.sessionId,
+		);
 	}
 }

package/src/web/search/providers/perplexity.ts

@@ -3,13 +3,12 @@
  *
  * Supports three auth modes:
  * - Cookies (`PERPLEXITY_COOKIES`) via `www.perplexity.ai/rest/sse/perplexity_ask`
- * - OAuth JWT (stored in `agent.db`) via `www.perplexity.ai/rest/sse/perplexity_ask`
+ * - OAuth/session bearer via `AuthStorage` and `www.perplexity.ai/rest/sse/perplexity_ask`
  * - API key (`PERPLEXITY_API_KEY`) via `api.perplexity.ai/chat/completions`
  */
 
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
-import { $env, getAgentDbPath, readSseJson } from "@oh-my-pi/pi-utils";
-import { AgentStorage } from "../../../session/agent-storage";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { $env, readSseJson } from "@oh-my-pi/pi-utils";
 import type {
 	PerplexityMessageOutput,
 	PerplexityRequest,
@@ -34,12 +33,6 @@ const OAUTH_EXPIRY_BUFFER_MS = 5 * 60 * 1000;
 const OAUTH_API_VERSION = "2.18";
 const OAUTH_USER_AGENT = "Perplexity/641 CFNetwork/1568 Darwin/25.2.0";
 
-interface PerplexityOAuthCredential {
-	type: "oauth";
-	access: string;
-	expires: number;
-}
-
 type PerplexityAuth =
 	| {
 			type: "api_key";
@@ -168,6 +161,8 @@ export interface PerplexitySearchParams {
 	temperature?: number;
 	/** Number of search results to retrieve. Defaults to 10. */
 	num_search_results?: number;
+	authStorage: AuthStorage;
+	sessionId?: string;
 }
 
 /** Find PERPLEXITY_API_KEY from environment or .env files (also checks PPLX_API_KEY) */
@@ -194,41 +189,49 @@ function jwtExpiryMs(token: string): number | undefined {
 	}
 }
 
-async function findOAuthToken(): Promise<string | null> {
-	const now = Date.now();
+async function findOAuthToken(
+	authStorage: AuthStorage,
+	sessionId: string | undefined,
+	signal: AbortSignal | undefined,
+): Promise<string | null> {
 	try {
-		const storage = await AgentStorage.open(getAgentDbPath());
-		const records = storage.listAuthCredentials("perplexity");
-		for (const record of records) {
-			if (record.credential.type !== "oauth") continue;
-			const credential = record.credential as PerplexityOAuthCredential;
-			if (!credential.access) continue;
-			// Trust the JWT's own `exp` claim if it has one; otherwise treat as
-			// non-expiring. The stored `expires` field is unreliable: older logins
-			// wrote `loginTime + 1h` even though Perplexity JWTs typically lack `exp`.
-			const jwtExpiry = jwtExpiryMs(credential.access);
-			if (jwtExpiry !== undefined && jwtExpiry <= now + OAUTH_EXPIRY_BUFFER_MS) continue;
-			return credential.access;
-		}
+		// `getOAuthAccess` returns the raw OAuth bearer only — runtime/config
+		// api_key overrides and stored api_key credentials are intentionally
+		// suppressed so we don't POST an `api.perplexity.ai` key to the
+		// `www.perplexity.ai` session/SSE endpoint.
+		const access = await authStorage.getOAuthAccess("perplexity", sessionId, { signal });
+		const token = access?.accessToken;
+		if (!token) return null;
+		// Trust the JWT's own `exp` claim if it has one; otherwise treat as
+		// non-expiring. Perplexity session JWTs commonly omit `exp`.
+		const jwtExpiry = jwtExpiryMs(token);
+		if (jwtExpiry !== undefined && jwtExpiry <= Date.now() + OAUTH_EXPIRY_BUFFER_MS) return null;
+		return token;
 	} catch {
 		return null;
 	}
-	return null;
 }
 
-async function findPerplexityAuth(): Promise<PerplexityAuth | null> {
+async function findPerplexityAuth(
+	authStorage: AuthStorage,
+	sessionId: string | undefined,
+	signal: AbortSignal | undefined,
+): Promise<PerplexityAuth | null> {
 	// 1. PERPLEXITY_COOKIES env var
 	const cookies = $env.PERPLEXITY_COOKIES?.trim();
 	if (cookies) {
 		return { type: "cookies", cookies };
 	}
-	// 2. OAuth token from agent.db
-	const oauthToken = await findOAuthToken();
+
+	const apiKey = findApiKey();
+
+	// 2. OAuth/session bearer from AuthStorage.
+	const oauthToken = await findOAuthToken(authStorage, sessionId, signal);
 	if (oauthToken) {
 		return { type: "oauth", token: oauthToken };
 	}
+
 	// 3. PERPLEXITY_API_KEY env var
-	const apiKey = findApiKey();
 	if (apiKey) {
 		return { type: "api_key", token: apiKey };
 	}
@@ -493,7 +496,7 @@ function applySourceLimit(result: SearchResponse, limit?: number): SearchRespons
 
 /** Execute Perplexity web search */
 export async function searchPerplexity(params: PerplexitySearchParams): Promise<SearchResponse> {
-	const auth = await findPerplexityAuth();
+	const auth = await findPerplexityAuth(params.authStorage, params.sessionId, params.signal);
 	if (!auth) {
 		throw new Error("Perplexity auth not found. Set PERPLEXITY_COOKIES, PERPLEXITY_API_KEY, or login via OAuth.");
 	}
@@ -551,12 +554,8 @@ export class PerplexityProvider extends SearchProvider {
 	readonly id = "perplexity";
 	readonly label = "Perplexity";
 
-	async isAvailable() {
-		try {
-			return !!(await findPerplexityAuth());
-		} catch {
-			return false;
-		}
+	isAvailable(authStorage: AuthStorage): boolean {
+		return !!$env.PERPLEXITY_COOKIES?.trim() || authStorage.hasAuth("perplexity") || !!findApiKey();
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
@@ -569,6 +568,8 @@ export class PerplexityProvider extends SearchProvider {
 			system_prompt: params.systemPrompt,
 			search_recency_filter: params.recency,
 			num_results: params.limit,
+			authStorage: params.authStorage,
+			sessionId: params.sessionId,
 		});
 	}
 }

package/src/web/search/providers/searxng.ts

@@ -25,6 +25,8 @@
  * Reference: https://docs.searxng.org/dev/search_api.html
  */
 
+import type { AuthStorage } from "@oh-my-pi/pi-ai";
+
 import { settings } from "../../../config/settings";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
@@ -288,7 +290,7 @@ export class SearXNGProvider extends SearchProvider {
 	readonly id = "searxng";
 	readonly label = "SearXNG";
 
-	isAvailable() {
+	isAvailable(_authStorage: AuthStorage): boolean {
 		try {
 			return !!findEndpoint();
 		} catch {

package/src/web/search/providers/synthetic.ts

@@ -5,12 +5,12 @@
  * Endpoint: POST https://api.synthetic.new/v2/search
  */
 
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, findCredential, isApiKeyAvailable, withHardTimeout } from "./utils";
+import { classifyProviderHttpError, withHardTimeout } from "./utils";
 
 const SYNTHETIC_SEARCH_URL = "https://api.synthetic.new/v2/search";
 
@@ -25,9 +25,13 @@ interface SyntheticSearchResponse {
 	results: SyntheticSearchResult[];
 }
 
-/** Find Synthetic API key from environment or agent.db credentials. */
-export async function findApiKey(): Promise<string | null> {
-	return findCredential(getEnvApiKey("synthetic"), "synthetic");
+/** Resolve Synthetic API key through the shared auth storage pipeline. */
+export function findApiKey(
+	authStorage: AuthStorage,
+	sessionId?: string,
+	signal?: AbortSignal,
+): Promise<string | undefined> {
+	return authStorage.getApiKey("synthetic", sessionId, { signal });
 }
 
 /** Call Synthetic search API. */
@@ -61,12 +65,8 @@ async function callSyntheticSearch(
 }
 
 /** Execute Synthetic web search. */
-export async function searchSynthetic(params: {
-	query: string;
-	num_results?: number;
-	signal?: AbortSignal;
-}): Promise<SearchResponse> {
-	const apiKey = await findApiKey();
+export async function searchSynthetic(params: SearchParams): Promise<SearchResponse> {
+	const apiKey = await findApiKey(params.authStorage, params.sessionId, params.signal);
 	if (!apiKey) {
 		throw new Error("Synthetic credentials not found. Set SYNTHETIC_API_KEY or login with 'omp /login synthetic'.");
 	}
@@ -84,7 +84,8 @@ export async function searchSynthetic(params: {
 		});
 	}
 
-	const limitedSources = params.num_results ? sources.slice(0, params.num_results) : sources;
+	const numResults = params.numSearchResults ?? params.limit;
+	const limitedSources = numResults ? sources.slice(0, numResults) : sources;
 
 	return {
 		provider: "synthetic",
@@ -97,15 +98,11 @@ export class SyntheticProvider extends SearchProvider {
 	readonly id = "synthetic";
 	readonly label = "Synthetic";
 
-	isAvailable(): Promise<boolean> {
-		return isApiKeyAvailable(findApiKey);
+	isAvailable(authStorage: AuthStorage): boolean {
+		return authStorage.hasAuth("synthetic") || !!getEnvApiKey("synthetic");
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
-		return searchSynthetic({
-			query: params.query,
-			num_results: params.numSearchResults ?? params.limit,
-			signal: params.signal,
-		});
+		return searchSynthetic(params);
 	}
 }

package/src/web/search/providers/tavily.ts

@@ -4,13 +4,13 @@
  * Uses Tavily's agent-focused search API to return structured results with an
  * optional synthesized answer.
  */
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import { clampNumResults, dateToAgeSeconds } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, findCredential, isApiKeyAvailable, withHardTimeout } from "./utils";
+import { classifyProviderHttpError, withHardTimeout } from "./utils";
 
 const TAVILY_SEARCH_URL = "https://api.tavily.com/search";
 const DEFAULT_NUM_RESULTS = 5;
@@ -58,9 +58,13 @@ function getErrorMessage(value: unknown): string | null {
 	return null;
 }
 
-/** Find Tavily API key from environment or agent.db credentials. */
-export async function findApiKey(): Promise<string | null> {
-	return findCredential(getEnvApiKey("tavily"), "tavily");
+/** Find Tavily API key through AuthStorage's unified refresh pipeline. */
+export async function findApiKey(
+	authStorage: AuthStorage,
+	sessionId: string | undefined,
+	signal: AbortSignal | undefined,
+): Promise<string | null> {
+	return (await authStorage.getApiKey("tavily", sessionId, { signal })) ?? null;
 }
 
 /** Exported for testing. Builds the Tavily request body from unified params. */
@@ -116,16 +120,22 @@ async function callTavilySearch(apiKey: string, params: TavilySearchParams): Pro
 }
 
 /** Execute Tavily web search. */
-export async function searchTavily(params: TavilySearchParams): Promise<SearchResponse> {
-	const apiKey = await findApiKey();
+export async function searchTavily(params: SearchParams): Promise<SearchResponse> {
+	const tavilyParams: TavilySearchParams = {
+		query: params.query,
+		num_results: params.numSearchResults ?? params.limit,
+		recency: params.recency,
+		signal: params.signal,
+	};
+	const apiKey = await findApiKey(params.authStorage, params.sessionId, params.signal);
 	if (!apiKey) {
 		throw new Error(
-			'Tavily credentials not found. Set TAVILY_API_KEY or store an API key for provider "tavily" in agent.db.',
+			'Tavily credentials not found. Set TAVILY_API_KEY or configure an API key for provider "tavily".',
 		);
 	}
 
-	const numResults = clampNumResults(params.num_results, DEFAULT_NUM_RESULTS, MAX_NUM_RESULTS);
-	const response = await callTavilySearch(apiKey, params);
+	const numResults = clampNumResults(tavilyParams.num_results, DEFAULT_NUM_RESULTS, MAX_NUM_RESULTS);
+	const response = await callTavilySearch(apiKey, tavilyParams);
 	const sources: SearchSource[] = [];
 
 	for (const result of response.results ?? []) {
@@ -153,16 +163,11 @@ export class TavilyProvider extends SearchProvider {
 	readonly id = "tavily";
 	readonly label = "Tavily";
 
-	isAvailable(): Promise<boolean> {
-		return isApiKeyAvailable(findApiKey);
+	isAvailable(authStorage: AuthStorage): boolean {
+		return authStorage.hasAuth("tavily") || !!getEnvApiKey("tavily");
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
-		return searchTavily({
-			query: params.query,
-			num_results: params.numSearchResults ?? params.limit,
-			recency: params.recency,
-			signal: params.signal,
-		});
+		return searchTavily(params);
 	}
 }

package/src/web/search/providers/utils.ts

@@ -1,5 +1,4 @@
-import { getAgentDbPath } from "@oh-my-pi/pi-utils";
-import { AgentStorage } from "../../../session/agent-storage";
+import type { AgentStorage } from "../../../session/agent-storage";
 import { SearchProviderError, type SearchProviderId, type SearchSource } from "../../../web/search/types";
 import { dateToAgeSeconds } from "../utils";
 
@@ -7,17 +6,24 @@ import { dateToAgeSeconds } from "../utils";
  * Search for an API credential by checking an env-derived key first,
  * then falling back to agent.db stored credentials for the given providers.
  *
+ * The caller MUST supply an open {@link AgentStorage} handle so the helper
+ * never reaches out to global filesystem state; both the unified web_search
+ * chain and one-shot CLI calls open storage exactly once and thread it
+ * through every provider.
+ *
+ * @param storage - Open agent storage handle
  * @param envKey - Pre-resolved environment variable value (or null)
  * @param storageProviders - Provider names to look up in AgentStorage
  */
-export async function findCredential(
+export function findCredential(
+	storage: AgentStorage | null | undefined,
 	envKey: string | null | undefined,
 	...storageProviders: string[]
-): Promise<string | null> {
+): string | null {
 	if (envKey) return envKey;
+	if (!storage) return null;
 
 	try {
-		const storage = await AgentStorage.open(getAgentDbPath());
 		for (const provider of storageProviders) {
 			const records = storage.listAuthCredentials(provider);
 			for (const record of records) {
@@ -37,18 +43,6 @@ export async function findCredential(
 	return null;
 }
 
-/**
- * Probe whether a provider's API key lookup resolves to a truthy value.
- * Swallows lookup errors and reports unavailability.
- */
-export async function isApiKeyAvailable(findApiKey: () => string | null | Promise<string | null>) {
-	try {
-		return !!(await findApiKey());
-	} catch {
-		return false;
-	}
-}
-
 /**
  * Default hard ceiling for a single web-search round-trip. 60s tolerates
  * legitimate slow LLM-mediated responses (anthropic web_search_20250305,

package/src/web/search/providers/zai.ts

@@ -4,14 +4,14 @@
  * Calls Z.AI's remote MCP server (`webSearchPrime`) and adapts results into
  * the unified SearchResponse shape used by the web search tool.
  */
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import { asRecord, asString } from "../../../web/scrapers/utils";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import { dateToAgeSeconds } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, findCredential, isApiKeyAvailable, withHardTimeout } from "./utils";
+import { classifyProviderHttpError, withHardTimeout } from "./utils";
 
 const ZAI_MCP_URL = "https://api.z.ai/api/mcp/web_search_prime/mcp";
 const ZAI_TOOL_NAME = "web_search_prime";
@@ -21,6 +21,8 @@ export interface ZaiSearchParams {
 	query: string;
 	num_results?: number;
 	signal?: AbortSignal;
+	authStorage: AuthStorage;
+	sessionId?: string;
 }
 
 interface ZaiSearchResult {
@@ -51,9 +53,13 @@ interface JsonRpcPayload {
 	error?: JsonRpcError;
 }
 
-/** Find Z.AI API credentials from environment or saved auth storage. */
-export async function findApiKey(): Promise<string | null> {
-	return findCredential(getEnvApiKey("zai"), "zai");
+/** Resolve Z.AI API credentials through the unified auth storage pipeline. */
+export async function findApiKey(
+	authStorage: AuthStorage,
+	sessionId?: string,
+	signal?: AbortSignal,
+): Promise<string | null> {
+	return (await authStorage.getApiKey("zai", sessionId, { signal })) ?? null;
 }
 
 async function callZaiTool(apiKey: string, args: Record<string, unknown>, signal?: AbortSignal): Promise<unknown> {
@@ -272,7 +278,7 @@ function toSources(results: ZaiSearchResult[]): SearchSource[] {
 
 /** Execute Z.AI web search via remote MCP endpoint. */
 export async function searchZai(params: ZaiSearchParams): Promise<SearchResponse> {
-	const apiKey = await findApiKey();
+	const apiKey = await findApiKey(params.authStorage, params.sessionId, params.signal);
 	if (!apiKey) {
 		throw new Error("Z.AI credentials not found. Set ZAI_API_KEY or login with 'omp /login zai'.");
 	}
@@ -298,8 +304,8 @@ export class ZaiProvider extends SearchProvider {
 	readonly id = "zai";
 	readonly label = "Z.AI";
 
-	isAvailable(): Promise<boolean> {
-		return isApiKeyAvailable(findApiKey);
+	isAvailable(authStorage: AuthStorage): Promise<boolean> | boolean {
+		return authStorage.hasAuth("zai") || !!getEnvApiKey("zai");
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
@@ -307,6 +313,8 @@ export class ZaiProvider extends SearchProvider {
 			query: params.query,
 			num_results: params.numSearchResults ?? params.limit,
 			signal: params.signal,
+			authStorage: params.authStorage,
+			sessionId: params.sessionId,
 		});
 	}
 }

package/dist/types/hashline/parser.d.ts

@@ -1,7 +0,0 @@
-import type { HashlineCursor, HashlineEdit } from "./types";
-export declare function cloneCursor(cursor: HashlineCursor): HashlineCursor;
-export declare function parseHashline(diff: string): HashlineEdit[];
-export declare function parseHashlineWithWarnings(diff: string): {
-    edits: HashlineEdit[];
-    warnings: string[];
-};

package/dist/types/mcp/discoverable-tool-metadata.d.ts

@@ -1,7 +0,0 @@
-/**
- * Back-compat re-export layer.
- * All types and functions have moved to src/tool-discovery/tool-index.ts.
- * This file exists solely so existing imports continue to compile without changes.
- */
-export type { DiscoverableMCPSearchDocument, DiscoverableMCPSearchIndex, DiscoverableMCPSearchResult, DiscoverableMCPTool, DiscoverableMCPToolServerSummary, DiscoverableMCPToolSummary, } from "../tool-discovery/tool-index";
-export { buildDiscoverableMCPSearchIndex, collectDiscoverableMCPTools, formatDiscoverableMCPToolServerSummary, getDiscoverableMCPTool, isMCPToolName, searchDiscoverableMCPTools, selectDiscoverableMCPToolNamesByServer, summarizeDiscoverableMCPTools, } from "../tool-discovery/tool-index";