@oh-my-pi/pi-coding-agent 15.3.2 → 15.4.2

package/src/tools/yield.ts

@@ -8,15 +8,13 @@ import type { TSchema } from "@oh-my-pi/pi-ai/types";
 import {
 	dereferenceJsonSchema,
 	isValidJsonSchema,
-	type JsonSchemaValidationIssue,
 	type JsonSchemaValidationResult,
 	sanitizeSchemaForStrictMode,
 	tryEnforceStrictSchema,
-	validateJsonSchemaValue,
 } from "@oh-my-pi/pi-ai/utils/schema";
 import { subprocessToolRegistry } from "../task/subprocess-tool-registry";
 import type { ToolSession } from ".";
-import { jtdToJsonSchema, normalizeSchema } from "./jtd-to-json-schema";
+import { buildOutputValidator, formatAllValidationIssues } from "./output-schema-validator";
 
 export interface YieldDetails {
 	data: unknown;
@@ -34,16 +32,6 @@ function formatSchema(schema: unknown): string {
 	}
 }
 
-function formatJsonSchemaIssues(issues: ReadonlyArray<JsonSchemaValidationIssue> | undefined): string {
-	if (!issues || issues.length === 0) return "Unknown schema validation error.";
-	return issues
-		.map(issue => {
-			const path = issue.path.length === 0 ? "" : `${issue.path.map(seg => String(seg)).join("/")}: `;
-			return `${path}${issue.message}`;
-		})
-		.join("; ");
-}
-
 function looseRecordSchema(description: string): Record<string, unknown> {
 	return {
 		type: "object",
@@ -100,6 +88,15 @@ function wrapYieldParameters(dataSchema: Record<string, unknown>): Record<string
 	};
 }
 
+/**
+ * Max consecutive schema-validation failures before the yield tool overrides validation
+ * and lets non-conforming data through. The override is a safety net for schemas the
+ * JTD→JSON-Schema converter cannot fully express; it should not be reached during normal
+ * model retries. Three matches the existing "3 reminders" pattern elsewhere in the agent
+ * runtime.
+ */
+const MAX_SCHEMA_RETRIES = 3;
+
 export class YieldTool implements AgentTool<TSchema, YieldDetails> {
 	readonly name = "yield";
 	readonly label = "Submit Result";
@@ -120,21 +117,14 @@ export class YieldTool implements AgentTool<TSchema, YieldDetails> {
 		let parameters: TSchema;
 
 		try {
-			const schemaResult = normalizeSchema(session.outputSchema);
-			const normalizedSchema =
-				schemaResult.normalized !== undefined ? jtdToJsonSchema(schemaResult.normalized) : undefined;
-			let schemaError = schemaResult.error;
-
-			if (!schemaError && normalizedSchema === false) {
-				schemaError = "boolean false schema rejects all outputs";
-			}
-
-			if (normalizedSchema !== undefined && normalizedSchema !== false && !schemaError) {
-				if (!isValidJsonSchema(normalizedSchema)) {
-					schemaError = "invalid JSON schema";
-				} else {
-					validate = value => validateJsonSchemaValue(normalizedSchema, value);
-				}
+			const {
+				validator,
+				jsonSchema: normalizedSchema,
+				normalized,
+				error: schemaError,
+			} = buildOutputValidator(session.outputSchema);
+			if (validator) {
+				validate = value => validator.validate(value);
 			}
 
 			const schemaHint = formatSchema(normalizedSchema ?? session.outputSchema);
@@ -142,21 +132,15 @@ export class YieldTool implements AgentTool<TSchema, YieldDetails> {
 				? `Structured JSON output (output schema invalid; accepting unconstrained object): ${schemaError}`
 				: `Structured output matching the schema:\n${schemaHint}`;
 			let sanitizedSchema: Record<string, unknown> | undefined;
-			if (
-				!schemaError &&
-				normalizedSchema != null &&
-				typeof normalizedSchema === "object" &&
-				!Array.isArray(normalizedSchema)
-			) {
-				const normalizedRecord = normalizedSchema as Record<string, unknown>;
-				const strictProbe = tryEnforceStrictSchema(normalizedRecord);
+			if (!schemaError && normalizedSchema !== undefined) {
+				const strictProbe = tryEnforceStrictSchema(normalizedSchema);
 				if (strictProbe.strict) {
-					sanitizedSchema = sanitizeSchemaForStrictMode(normalizedRecord);
+					sanitizedSchema = sanitizeSchemaForStrictMode(normalizedSchema);
 				} else {
-					sanitizedSchema = normalizedRecord;
+					sanitizedSchema = normalizedSchema;
 					this.strict = false;
 				}
-			} else if (!schemaError && normalizedSchema === true) {
+			} else if (!schemaError && normalized === true) {
 				sanitizedSchema = {};
 				this.strict = false;
 			}
@@ -229,8 +213,15 @@ export class YieldTool implements AgentTool<TSchema, YieldDetails> {
 				const parsed = this.#validate(data);
 				if (!parsed.success) {
 					this.#schemaValidationFailures++;
-					if (this.#schemaValidationFailures <= 1) {
-						throw new Error(`Output does not match schema: ${formatJsonSchemaIssues(parsed.issues)}`);
+					if (this.#schemaValidationFailures <= MAX_SCHEMA_RETRIES) {
+						const remaining = MAX_SCHEMA_RETRIES - this.#schemaValidationFailures;
+						const retryHint =
+							remaining > 0
+								? ` Call yield again with the corrected shape — ${remaining} retry attempt(s) remain before the schema constraint is dropped.`
+								: " Call yield again with the corrected shape — this is the final retry before the schema constraint is dropped.";
+						throw new Error(
+							`Output does not match schema: ${formatAllValidationIssues(parsed.issues)}.${retryHint}`,
+						);
 					}
 					schemaValidationOverridden = true;
 				}

package/src/utils/edit-mode.ts

@@ -1,6 +1,6 @@
 import { $env } from "@oh-my-pi/pi-utils";
 
-export type EditMode = "replace" | "patch" | "hashline" | "vim" | "apply_patch";
+export type EditMode = "replace" | "patch" | "hashline" | "apply_patch";
 
 export const DEFAULT_EDIT_MODE: EditMode = "hashline";
 
@@ -9,7 +9,6 @@ const EDIT_MODE_IDS = {
 	hashline: "hashline",
 	patch: "patch",
 	replace: "replace",
-	vim: "vim",
 } as const satisfies Record<string, EditMode>;
 
 export const EDIT_MODES = Object.keys(EDIT_MODE_IDS) as EditMode[];

package/src/utils/file-mentions.ts

@@ -12,7 +12,7 @@ import type { ImageContent } from "@oh-my-pi/pi-ai";
 import { glob } from "@oh-my-pi/pi-natives";
 import { fuzzyMatch } from "@oh-my-pi/pi-tui";
 import { formatAge, formatBytes, readImageMetadata } from "@oh-my-pi/pi-utils";
-import { formatHashLines } from "../hashline/hash";
+import { computeFileHash, formatHashlineHeader, formatNumberedLines } from "../hashline/hash";
 import type { FileMentionMessage } from "../session/messages";
 import {
 	DEFAULT_MAX_BYTES,
@@ -356,7 +356,7 @@ export async function generateFileMentionMessages(
 			const content = await Bun.file(absolutePath).text();
 			let { output, lineCount } = buildTextOutput(content);
 			if (options?.useHashLines) {
-				output = formatHashLines(output);
+				output = `${formatHashlineHeader(resolvedPath, computeFileHash(content))}\n${formatNumberedLines(output)}`;
 			}
 			files.push({ path: resolvedPath, content: output, lineCount });
 		} catch {

package/src/web/kagi.ts

@@ -1,5 +1,5 @@
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
-import { findCredential, withHardTimeout } from "./search/providers/utils";
+import type { AuthStorage } from "@oh-my-pi/pi-ai";
+import { withHardTimeout } from "./search/providers/utils";
 
 const KAGI_SEARCH_URL = "https://kagi.com/api/v0/search";
 
@@ -97,6 +97,7 @@ function parseKagiErrorResponse(statusCode: number, responseText: string): KagiA
 
 export interface KagiSearchOptions {
 	limit?: number;
+	sessionId?: string;
 	signal?: AbortSignal;
 }
 
@@ -113,8 +114,12 @@ export interface KagiSearchResult {
 	relatedQuestions: string[];
 }
 
-export async function findKagiApiKey(): Promise<string | null> {
-	return findCredential(getEnvApiKey("kagi"), "kagi");
+export async function findKagiApiKey(
+	authStorage: AuthStorage,
+	sessionId?: string,
+	signal?: AbortSignal,
+): Promise<string | null> {
+	return (await authStorage.getApiKey("kagi", sessionId, { signal })) ?? null;
 }
 
 function getAuthHeaders(apiKey: string): Record<string, string> {
@@ -124,8 +129,12 @@ function getAuthHeaders(apiKey: string): Record<string, string> {
 	};
 }
 
-export async function searchWithKagi(query: string, options: KagiSearchOptions = {}): Promise<KagiSearchResult> {
-	const apiKey = await findKagiApiKey();
+export async function searchWithKagi(
+	query: string,
+	options: KagiSearchOptions = {},
+	authStorage: AuthStorage,
+): Promise<KagiSearchResult> {
+	const apiKey = await findKagiApiKey(authStorage, options.sessionId, options.signal);
 	if (!apiKey) {
 		throw new KagiApiError("Kagi credentials not found. Set KAGI_API_KEY or login with 'omp /login kagi'.");
 	}

package/src/web/parallel.ts

@@ -1,4 +1,5 @@
 import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import type { AgentStorage } from "../session/agent-storage";
 import { findCredential, withHardTimeout } from "./search/providers/utils";
 
 const PARALLEL_API_URL = "https://api.parallel.ai";
@@ -73,8 +74,8 @@ export class ParallelApiError extends Error {
 	}
 }
 
-export async function findParallelApiKey(): Promise<string | null> {
-	return findCredential(getEnvApiKey("parallel"), "parallel");
+export function findParallelApiKey(storage: AgentStorage | null | undefined): string | null {
+	return findCredential(storage, getEnvApiKey("parallel"), "parallel");
 }
 
 export function getParallelExtractContent(document: ParallelExtractDocument): string {
@@ -284,9 +285,10 @@ function parseExtractPayload(payload: unknown): ParallelExtractResult {
 export async function searchWithParallel(
 	objective: string,
 	queries: string[],
-	options: ParallelSearchOptions = {},
+	options: ParallelSearchOptions,
+	storage: AgentStorage | null | undefined,
 ): Promise<ParallelSearchResult> {
-	const apiKey = await findParallelApiKey();
+	const apiKey = findParallelApiKey(storage);
 	if (!apiKey) {
 		throw new ParallelApiError(
 			"Parallel credentials not found. Set PARALLEL_API_KEY or login with 'omp /login parallel'.",
@@ -316,9 +318,10 @@ export async function searchWithParallel(
 
 export async function extractWithParallel(
 	urls: string[],
-	options: ParallelExtractOptions = {},
+	options: ParallelExtractOptions,
+	storage: AgentStorage | null | undefined,
 ): Promise<ParallelExtractResult> {
-	const apiKey = await findParallelApiKey();
+	const apiKey = findParallelApiKey(storage);
 	if (!apiKey) {
 		throw new ParallelApiError(
 			"Parallel credentials not found. Set PARALLEL_API_KEY or login with 'omp /login parallel'.",

package/src/web/scrapers/types.ts

@@ -4,6 +4,7 @@
 import { ptree } from "@oh-my-pi/pi-utils";
 import type TurndownService from "turndown";
 
+import type { AgentStorage } from "../../session/agent-storage";
 import { ToolAbortError } from "../../tools/tool-errors";
 
 export { formatNumber } from "@oh-my-pi/pi-utils";
@@ -19,7 +20,12 @@ export interface RenderResult {
 	notes: string[];
 }
 
-export type SpecialHandler = (url: string, timeout: number, signal?: AbortSignal) => Promise<RenderResult | null>;
+export type SpecialHandler = (
+	url: string,
+	timeout: number,
+	signal?: AbortSignal,
+	storage?: AgentStorage | null,
+) => Promise<RenderResult | null>;
 
 export const MAX_OUTPUT_CHARS = 500_000;
 export const MAX_BYTES = 50 * 1024 * 1024;

package/src/web/scrapers/youtube.ts

@@ -3,6 +3,7 @@ import * as os from "node:os";
 import * as path from "node:path";
 import { ptree, Snowflake } from "@oh-my-pi/pi-utils";
 import { settings } from "../../config/settings";
+import type { AgentStorage } from "../../session/agent-storage";
 import { throwIfAborted } from "../../tools/tool-errors";
 import { ensureTool } from "../../utils/tools-manager";
 import { extractWithParallel, findParallelApiKey, getParallelExtractContent } from "../parallel";
@@ -101,6 +102,7 @@ export const handleYouTube: SpecialHandler = async (
 	url: string,
 	timeout: number,
 	userSignal?: AbortSignal,
+	storage?: AgentStorage | null,
 ): Promise<RenderResult | null> => {
 	throwIfAborted(userSignal);
 	const yt = parseYouTubeUrl(url);
@@ -112,14 +114,18 @@ export const handleYouTube: SpecialHandler = async (
 	const videoUrl = `https://www.youtube.com/watch?v=${yt.videoId}`;
 
 	// Prefer Parallel extract when credentials are available
-	if (settings.get("providers.parallelFetch") && (await findParallelApiKey())) {
+	if (settings.get("providers.parallelFetch") && findParallelApiKey(storage)) {
 		try {
-			const parallelResult = await extractWithParallel([videoUrl], {
-				objective: "Extract the main content of this YouTube video page",
-				excerpts: true,
-				fullContent: false,
-				signal,
-			});
+			const parallelResult = await extractWithParallel(
+				[videoUrl],
+				{
+					objective: "Extract the main content of this YouTube video page",
+					excerpts: true,
+					fullContent: false,
+					signal,
+				},
+				storage,
+			);
 			const firstDocument = parallelResult.results[0];
 			if (firstDocument) {
 				const content = getParallelExtractContent(firstDocument);

package/src/web/search/index.ts

@@ -3,15 +3,16 @@
  *
  * Single tool supporting Anthropic, Perplexity, Exa, Brave, Jina, Kimi, Gemini, Codex, Tavily, Kagi, Z.AI, SearXNG, and Synthetic
  * providers with provider-specific parameters exposed conditionally.
- *
  */
 import type { AgentTool, AgentToolContext, AgentToolResult, AgentToolUpdateCallback } from "@oh-my-pi/pi-agent-core";
+import type { AuthStorage } from "@oh-my-pi/pi-ai";
 import { prompt } from "@oh-my-pi/pi-utils";
 import * as z from "zod/v4";
 import type { CustomTool, CustomToolContext, RenderResultOptions } from "../../extensibility/custom-tools/types";
 import type { Theme } from "../../modes/theme/theme";
 import webSearchSystemPrompt from "../../prompts/system/web-search.md" with { type: "text" };
 import webSearchDescription from "../../prompts/tools/web-search.md" with { type: "text" };
+import { discoverAuthStorage } from "../../sdk";
 import type { ToolSession } from "../../tools";
 import { formatAge } from "../../tools/render-utils";
 import { throwIfAborted } from "../../tools/tool-errors";
@@ -114,18 +115,25 @@ function formatForLLM(response: SearchResponse): string {
 	return parts.join("\n");
 }
 
+interface ExecuteSearchOptions {
+	authStorage: AuthStorage;
+	sessionId?: string;
+	signal?: AbortSignal;
+}
+
 /** Execute web search */
 async function executeSearch(
 	_toolCallId: string,
 	params: SearchQueryParams,
-	signal?: AbortSignal,
+	options: ExecuteSearchOptions,
 ): Promise<{ content: Array<{ type: "text"; text: string }>; details: SearchRenderDetails }> {
+	const { authStorage, sessionId, signal } = options;
 	const providers =
 		params.provider && params.provider !== "auto"
-			? await getSearchProvider(params.provider).then(provider =>
-					provider.isAvailable() ? [provider] : resolveProviderChain("auto"),
+			? await getSearchProvider(params.provider).then(async provider =>
+					(await provider.isAvailable(authStorage)) ? [provider] : resolveProviderChain(authStorage, "auto"),
 				)
-			: await resolveProviderChain();
+			: await resolveProviderChain(authStorage);
 	if (providers.length === 0) {
 		const message = "No web search provider configured.";
 		return {
@@ -148,6 +156,8 @@ async function executeSearch(
 				numSearchResults: params.num_search_results,
 				temperature: params.temperature,
 				signal,
+				authStorage,
+				sessionId,
 			});
 
 			const text = formatForLLM(response);
@@ -190,18 +200,27 @@ async function executeSearch(
 
 /**
  * Execute a web search query for CLI/testing workflows.
+ *
+ * `authStorage` may be omitted; in that case we discover one via the standard
+ * factory (`discoverAuthStorage`), which honours `OMP_AUTH_BROKER_URL` and
+ * otherwise opens the local SQLite credential store.
  */
 export async function runSearchQuery(
 	params: SearchQueryParams,
+	options: { authStorage?: AuthStorage; sessionId?: string; signal?: AbortSignal } = {},
 ): Promise<{ content: Array<{ type: "text"; text: string }>; details: SearchRenderDetails }> {
-	return executeSearch("cli-web-search", params);
+	const authStorage = options.authStorage ?? (await discoverAuthStorage());
+	return executeSearch("cli-web-search", params, {
+		authStorage,
+		sessionId: options.sessionId,
+		signal: options.signal,
+	});
 }
 
 /**
  * Web search tool implementation.
  *
  * Supports Anthropic, Perplexity, Exa, Brave, Jina, Kimi, Gemini, Codex, Z.AI, SearXNG, and Synthetic providers with automatic fallback.
- * Session is accepted for interface consistency but not used.
  */
 export class WebSearchTool implements AgentTool<typeof webSearchSchema, SearchRenderDetails> {
 	readonly name = "web_search";
@@ -212,7 +231,10 @@ export class WebSearchTool implements AgentTool<typeof webSearchSchema, SearchRe
 	readonly loadMode = "discoverable";
 	readonly summary = "Search the web for up-to-date information";
 
-	constructor(_session: ToolSession) {
+	#session: ToolSession;
+
+	constructor(session: ToolSession) {
+		this.#session = session;
 		this.description = prompt.render(webSearchDescription);
 	}
 
@@ -223,7 +245,9 @@ export class WebSearchTool implements AgentTool<typeof webSearchSchema, SearchRe
 		_onUpdate?: AgentToolUpdateCallback<SearchRenderDetails>,
 		_context?: AgentToolContext,
 	): Promise<AgentToolResult<SearchRenderDetails>> {
-		return executeSearch(_toolCallId, params, signal);
+		const authStorage = this.#session.authStorage ?? (await discoverAuthStorage());
+		const sessionId = this.#session.getSessionId?.() ?? undefined;
+		return executeSearch(_toolCallId, params, { authStorage, sessionId, signal });
 	}
 }
 
@@ -238,10 +262,12 @@ export const webSearchCustomTool: CustomTool<typeof webSearchSchema, SearchRende
 		toolCallId: string,
 		params: SearchToolParams,
 		_onUpdate,
-		_ctx: CustomToolContext,
+		ctx: CustomToolContext,
 		signal?: AbortSignal,
 	) {
-		return executeSearch(toolCallId, params, signal);
+		const authStorage = ctx.modelRegistry?.authStorage ?? (await discoverAuthStorage());
+		const sessionId = ctx.sessionManager.getSessionId();
+		return executeSearch(toolCallId, params, { authStorage, sessionId, signal });
 	},
 
 	renderCall(args: SearchToolParams, options: RenderResultOptions, theme: Theme) {

package/src/web/search/provider.ts

@@ -8,6 +8,7 @@
 // The `label`/`id` metadata is kept inline so callers needing a display name
 // (error formatting, UI listings) do not force a load.
 
+import type { AuthStorage } from "@oh-my-pi/pi-ai";
 import type { SearchProvider } from "./providers/base";
 import type { SearchProviderId } from "./types";
 
@@ -64,7 +65,7 @@ const PROVIDER_META: Record<SearchProviderId, ProviderMeta> = {
 	},
 	codex: {
 		id: "codex",
-		label: "Codex",
+		label: "OpenAI",
 		load: async () => new (await import("./providers/codex")).CodexProvider(),
 	},
 	tavily: {
@@ -148,13 +149,14 @@ export function setPreferredSearchProvider(provider: SearchProviderId | "auto"):
  * is walked, so unconfigured providers never pay the load cost.
  */
 export async function resolveProviderChain(
+	authStorage: AuthStorage,
 	preferredProvider: SearchProviderId | "auto" = preferredProvId,
 ): Promise<SearchProvider[]> {
 	const providers: SearchProvider[] = [];
 
 	if (preferredProvider !== "auto") {
 		const provider = await getSearchProvider(preferredProvider);
-		if (await provider.isAvailable()) {
+		if (await provider.isAvailable(authStorage)) {
 			providers.push(provider);
 		}
 	}
@@ -162,7 +164,7 @@ export async function resolveProviderChain(
 	for (const id of SEARCH_PROVIDER_ORDER) {
 		if (id === preferredProvider) continue;
 		const provider = await getSearchProvider(id);
-		if (await provider.isAvailable()) {
+		if (await provider.isAvailable(authStorage)) {
 			providers.push(provider);
 		}
 	}

package/src/web/search/providers/anthropic.ts

@@ -7,10 +7,11 @@
 import {
 	type AnthropicAuthConfig,
 	type AnthropicSystemBlock,
+	type AuthStorage,
+	buildAnthropicAuthConfig,
 	buildAnthropicSearchHeaders,
 	buildAnthropicSystemBlocks,
 	buildAnthropicUrl,
-	findAnthropicAuth,
 	stripClaudeToolPrefix,
 } from "@oh-my-pi/pi-ai";
 import { $env } from "@oh-my-pi/pi-utils";
@@ -34,9 +35,7 @@ export interface AnthropicSearchParams {
 	query: string;
 	system_prompt?: string;
 	num_results?: number;
-	/** Maximum output tokens. Defaults to 4096. */
 	max_tokens?: number;
-	/** Sampling temperature (0–1). Lower = more focused/factual. */
 	temperature?: number;
 	signal?: AbortSignal;
 }
@@ -242,30 +241,47 @@ function parseResponse(response: AnthropicApiResponse): SearchResponse {
  * @returns Search response with synthesized answer, sources, and citations
  * @throws {Error} If no Anthropic credentials are configured
  */
-export async function searchAnthropic(params: AnthropicSearchParams): Promise<SearchResponse> {
-	const auth = await findAnthropicAuth();
+export async function searchAnthropic(
+	params: SearchParams | AnthropicSearchParams,
+	_legacyStorage?: unknown,
+): Promise<SearchResponse> {
+	const searchApiKey = $env.ANTHROPIC_SEARCH_API_KEY;
+	const searchBaseUrl = $env.ANTHROPIC_SEARCH_BASE_URL;
+	let auth: AnthropicAuthConfig | undefined;
+
+	if (searchApiKey) {
+		auth = buildAnthropicAuthConfig(searchApiKey, searchBaseUrl);
+	} else if ("authStorage" in params) {
+		const apiKey = await params.authStorage.getApiKey("anthropic", params.sessionId, {
+			signal: params.signal,
+		});
+		if (apiKey) auth = buildAnthropicAuthConfig(apiKey);
+	}
+
 	if (!auth) {
 		throw new Error(
-			"No Anthropic credentials found. Set ANTHROPIC_API_KEY or configure OAuth in ~/.omp/agent/agent.db",
+			"No Anthropic credentials found. Set ANTHROPIC_SEARCH_API_KEY or ANTHROPIC_API_KEY, or configure Anthropic OAuth.",
 		);
 	}
 
 	const model = getModel();
+	const systemPrompt = "authStorage" in params ? params.systemPrompt : params.system_prompt;
+	const maxTokens = "authStorage" in params ? params.maxOutputTokens : params.max_tokens;
 	const response = await callSearch(
 		auth,
 		model,
 		params.query,
-		params.system_prompt,
-		params.max_tokens,
+		systemPrompt,
+		maxTokens,
 		params.temperature,
 		params.signal,
 	);
 
 	const result = parseResponse(response);
 
-	// Apply num_results limit if specified
-	if (params.num_results && result.sources.length > params.num_results) {
-		result.sources = result.sources.slice(0, params.num_results);
+	const numResults = "authStorage" in params ? (params.numSearchResults ?? params.limit) : params.num_results;
+	if (numResults && result.sources.length > numResults) {
+		result.sources = result.sources.slice(0, numResults);
 	}
 
 	return result;
@@ -276,18 +292,11 @@ export class AnthropicProvider extends SearchProvider {
 	readonly id = "anthropic";
 	readonly label = "Anthropic";
 
-	isAvailable() {
-		return findAnthropicAuth().then(Boolean);
+	isAvailable(authStorage: AuthStorage): Promise<boolean> | boolean {
+		return Boolean($env.ANTHROPIC_SEARCH_API_KEY) || authStorage.hasAuth("anthropic");
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
-		return searchAnthropic({
-			query: params.query,
-			system_prompt: params.systemPrompt,
-			num_results: params.numSearchResults ?? params.limit,
-			max_tokens: params.maxOutputTokens,
-			temperature: params.temperature,
-			signal: params.signal,
-		});
+		return searchAnthropic(params);
 	}
 }

package/src/web/search/providers/base.ts

@@ -1,6 +1,16 @@
+import type { AuthStorage } from "@oh-my-pi/pi-ai";
 import type { SearchProviderId, SearchResponse } from "../types";
 
-/** Shared web search parameters passed to providers. */
+/**
+ * Shared web search parameters passed to providers.
+ *
+ * `authStorage` is the **only** credential source providers may consult.
+ * Opening a sibling SQLite handle or calling provider-direct refresh helpers
+ * (e.g. `refreshOpenAICodexToken`, `refreshGoogleCloudToken`) is prohibited:
+ * it races the broker's per-credential refresh and POSTs the broker sentinel
+ * (`REMOTE_REFRESH_SENTINEL`) to the upstream token endpoint, which classifies
+ * as `invalid_grant` and disables the row.
+ */
 export interface SearchParams {
 	query: string;
 	limit?: number;
@@ -26,6 +36,20 @@ export interface SearchParams {
 	googleSearch?: Record<string, unknown>;
 	codeExecution?: Record<string, unknown>;
 	urlContext?: Record<string, unknown>;
+	/**
+	 * The single source of truth for credentials. Providers MUST consult this
+	 * handle exclusively (`getApiKey` for bearer-style auth, `getOAuthAccess`
+	 * when identity metadata is required). Do not open `AgentStorage` or any
+	 * `AuthCredentialStore` directly — that bypasses the broker pipeline and
+	 * the per-credential single-flight refresh.
+	 */
+	authStorage: AuthStorage;
+	/**
+	 * Optional session id used as the round-robin / sticky key when selecting
+	 * among multiple credentials for the same provider. Pass through from the
+	 * caller's agent session when available; otherwise omit.
+	 */
+	sessionId?: string;
 }
 
 /** Base class for web search providers. */
@@ -33,6 +57,15 @@ export abstract class SearchProvider {
 	abstract readonly id: SearchProviderId;
 	abstract readonly label: string;
 
-	abstract isAvailable(): Promise<boolean> | boolean;
+	/**
+	 * Indicates whether this provider has the credentials/config it needs to
+	 * service a request right now. Implementations consult the passed
+	 * {@link AuthStorage} — never a sibling store.
+	 */
+	abstract isAvailable(authStorage: AuthStorage): Promise<boolean> | boolean;
+
+	/**
+	 * Execute a search. Credentials MUST be resolved through `params.authStorage`.
+	 */
 	abstract search(params: SearchParams): Promise<SearchResponse>;
 }

package/src/web/search/providers/brave.ts

@@ -4,13 +4,13 @@
  * Calls Brave's web search REST API and maps results into the unified
  * SearchResponse shape used by the web search tool.
  */
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import { clampNumResults, dateToAgeSeconds } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, isApiKeyAvailable, withHardTimeout } from "./utils";
+import { classifyProviderHttpError, withHardTimeout } from "./utils";
 
 const BRAVE_SEARCH_URL = "https://api.search.brave.com/res/v1/web/search";
 const DEFAULT_NUM_RESULTS = 10;
@@ -134,8 +134,8 @@ export class BraveProvider extends SearchProvider {
 	readonly id = "brave";
 	readonly label = "Brave";
 
-	isAvailable() {
-		return isApiKeyAvailable(findApiKey);
+	isAvailable(_authStorage: AuthStorage): boolean {
+		return !!findApiKey();
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {