@oh-my-pi/pi-coding-agent 15.3.2 → 15.4.2

package/src/web/search/providers/codex.ts

@@ -2,15 +2,15 @@
  * OpenAI Codex Web Search Provider
  *
  * Uses Codex's built-in web_search tool via the Responses API.
- * Requires OAuth credentials stored in agent.db for provider "openai-codex".
- * Returns synthesized answers with web search sources.
+ * Auth is resolved through `AuthStorage.getOAuthAccess("openai-codex")` so the
+ * broker is the sole refresh authority — this module never opens a sibling
+ * SQLite store, never POSTs the broker sentinel to an OpenAI token endpoint.
  */
 import * as os from "node:os";
-import { getBundledModels } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, getBundledModels } from "@oh-my-pi/pi-ai";
 import { decodeJwt } from "@oh-my-pi/pi-ai/utils/oauth/openai-codex";
-import { $env, getAgentDbPath, readSseJson } from "@oh-my-pi/pi-utils";
+import { $env, readSseJson } from "@oh-my-pi/pi-utils";
 import packageJson from "../../../../package.json" with { type: "json" };
-import { AgentStorage } from "../../../session/agent-storage";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import type { SearchParams } from "./base";
@@ -19,29 +19,48 @@ import { classifyProviderHttpError, withHardTimeout } from "./utils";
 
 const CODEX_BASE_URL = "https://chatgpt.com/backend-api";
 const CODEX_RESPONSES_PATH = "/codex/responses";
-const FALLBACK_MODEL = "gpt-5-codex-mini";
+const FALLBACK_MODEL = "gpt-5.4";
 const DEFAULT_MODEL_PREFERENCES = [
-	"gpt-5-codex-mini",
 	"gpt-5.4",
+	"gpt-5-codex",
+	"gpt-5",
 	"gpt-5.3-codex",
 	"gpt-5.2-codex",
 	"gpt-5.1-codex",
-	"gpt-5-codex",
+	"gpt-5-codex-mini",
 ];
 const JWT_CLAIM_PATH = "https://api.openai.com/auth";
 const DEFAULT_INSTRUCTIONS =
 	"You are a helpful assistant with web search capabilities. Search the web to answer the user's question accurately and cite your sources.";
 
-function getModel(): string {
+function getConfiguredModel(): string | undefined {
 	const configuredModel = $env.PI_CODEX_WEB_SEARCH_MODEL?.trim();
-	if (configuredModel) return configuredModel;
+	return configuredModel ? configuredModel : undefined;
+}
 
+function getDefaultModelCandidates(): string[] {
 	const bundledModels = getBundledModels("openai-codex");
 	const bundledIds = new Set(bundledModels.map(model => model.id));
-	const preferred = DEFAULT_MODEL_PREFERENCES.find(modelId => bundledIds.has(modelId));
-	if (preferred) return preferred;
+	const candidates = DEFAULT_MODEL_PREFERENCES.filter(modelId => bundledIds.has(modelId));
+
+	if (candidates.length > 0) {
+		return candidates;
+	}
+
 	const nonMini = bundledModels.find(model => !model.id.includes("mini") && !model.id.includes("spark"));
-	return nonMini?.id ?? bundledModels[0]?.id ?? FALLBACK_MODEL;
+	if (nonMini) {
+		return [nonMini.id];
+	}
+
+	return bundledModels[0]?.id ? [bundledModels[0].id] : [FALLBACK_MODEL];
+}
+
+function shouldRetryWithNextDefaultModel(error: unknown): boolean {
+	if (!(error instanceof SearchProviderError)) return false;
+	if (error.provider !== "codex" || error.status !== 400) return false;
+	return /model is not supported|requested model is not supported|not supported when using codex with a chatgpt account/i.test(
+		error.message,
+	);
 }
 
 export interface CodexSearchParams {
@@ -53,15 +72,6 @@ export interface CodexSearchParams {
 	search_context_size?: "low" | "medium" | "high";
 }
 
-/** OAuth credential stored in agent.db */
-interface CodexOAuthCredential {
-	type: "oauth";
-	access: string;
-	refresh?: string;
-	expires: number;
-	accountId?: string;
-}
-
 /** Codex API response structure */
 interface CodexResponseItem {
 	type: string;
@@ -231,7 +241,7 @@ function extractTextSources(text: string): SearchSource[] {
  * @param accessToken - JWT access token
  * @returns Account ID string, or null if not found
  */
-function getAccountId(accessToken: string): string | null {
+function getAccountIdFromJwt(accessToken: string): string | null {
 	const payload = decodeJwt(accessToken);
 	const auth = payload?.[JWT_CLAIM_PATH] as { chatgpt_account_id?: string } | undefined;
 	const accountId = auth?.chatgpt_account_id;
@@ -239,43 +249,25 @@ function getAccountId(accessToken: string): string | null {
 }
 
 /**
- * Finds valid Codex OAuth credentials from agent.db.
- * Checks agent credentials and returns the first non-expired credential.
- * @returns OAuth credential with access token and account ID, or null if none found
+ * Resolve a Codex bearer + accountId through {@link AuthStorage} — the single
+ * refresh authority. Returns `null` when no OAuth credential is configured,
+ * when the credential cannot be refreshed (broker error, revoked token, etc.),
+ * or when the access token carries no `chatgpt_account_id` claim.
  */
-async function findCodexAuth(): Promise<{ accessToken: string; accountId: string } | null> {
-	const expiryBuffer = 5 * 60 * 1000; // 5 minutes
-	const now = Date.now();
-
-	try {
-		const storage = await AgentStorage.open(getAgentDbPath());
-		const records = storage.listAuthCredentials("openai-codex");
-
-		for (const record of records) {
-			const credential = record.credential;
-			if (credential.type !== "oauth") continue;
-
-			const oauthCred = credential as CodexOAuthCredential;
-			if (!oauthCred.access) continue;
-			if (oauthCred.expires <= now + expiryBuffer) continue;
-
-			const accountId = oauthCred.accountId ?? getAccountId(oauthCred.access);
-			if (!accountId) continue;
-
-			return { accessToken: oauthCred.access, accountId };
-		}
-	} catch {
-		return null;
-	}
-
-	return null;
+async function findCodexAuth(
+	authStorage: AuthStorage,
+	sessionId: string | undefined,
+	signal: AbortSignal | undefined,
+): Promise<{ accessToken: string; accountId: string } | null> {
+	const access = await authStorage.getOAuthAccess("openai-codex", sessionId, { signal });
+	if (!access) return null;
+	const accountId = access.accountId ?? getAccountIdFromJwt(access.accessToken);
+	if (!accountId) return null;
+	return { accessToken: access.accessToken, accountId };
 }
 
 /**
  * Builds HTTP headers for Codex API requests.
- * @param accessToken - OAuth access token
- * @param accountId - ChatGPT account ID
- * @returns Headers object for fetch requests
  */
 function buildCodexHeaders(accessToken: string, accountId: string): Record<string, string> {
 	return {
@@ -291,17 +283,19 @@ function buildCodexHeaders(accessToken: string, accountId: string): Record<strin
 
 /**
  * Calls the Codex Responses API with web search tool enabled.
- * Streams the response and collects all events.
- * @param auth - Authentication info (access token and account ID)
- * @param query - Search query from the user
- * @param options - Search options including system prompt and context size
- * @returns Parsed response with answer, sources, and usage
- * @throws {SearchProviderError} If the API request fails
+ * The caller provides the exact model id to send; retry / fallback policy
+ * lives one layer up in `searchCodex()` so we can distinguish explicit user
+ * overrides from the default ChatGPT-account model-selection path.
  */
 async function callCodexSearch(
 	auth: { accessToken: string; accountId: string },
 	query: string,
-	options: { signal?: AbortSignal; systemPrompt?: string; searchContextSize?: "low" | "medium" | "high" },
+	options: {
+		signal?: AbortSignal;
+		systemPrompt?: string;
+		searchContextSize?: "low" | "medium" | "high";
+		modelId: string;
+	},
 ): Promise<{
 	answer: string;
 	sources: SearchSource[];
@@ -312,7 +306,7 @@ async function callCodexSearch(
 	const url = `${CODEX_BASE_URL}${CODEX_RESPONSES_PATH}`;
 	const headers = buildCodexHeaders(auth.accessToken, auth.accountId);
 
-	const requestedModel = getModel();
+	const requestedModel = options.modelId;
 
 	const body: Record<string, unknown> = {
 		model: requestedModel,
@@ -457,29 +451,67 @@ async function callCodexSearch(
 
 /**
  * Executes a web search using OpenAI Codex's built-in web search tool.
- * Requires OAuth credentials stored in agent.db for provider "openai-codex".
- * @param params - Search parameters including query and optional settings
- * @returns Search response with synthesized answer, sources, and usage
- * @throws {Error} If no Codex OAuth credentials are configured
+ *
+ * Default-model behavior:
+ * - If `PI_CODEX_WEB_SEARCH_MODEL` is set, use it exactly once and surface any
+ *   upstream error verbatim.
+ * - Otherwise prefer ChatGPT-account-safe bundled defaults (GPT-5.4, GPT-5
+ *   Codex, GPT-5, …) and retry the next candidate only when Codex returns the
+ *   known 400 "model is not supported" family. This avoids selecting
+ *   `gpt-5-codex-mini` first on ChatGPT accounts, which OpenAI rejects.
  */
-export async function searchCodex(params: CodexSearchParams): Promise<SearchResponse> {
-	const auth = await findCodexAuth();
+export async function searchCodex(params: SearchParams): Promise<SearchResponse> {
+	const auth = await findCodexAuth(params.authStorage, params.sessionId, params.signal);
 	if (!auth) {
 		throw new Error(
 			"No Codex OAuth credentials found. Login with 'omp /login openai-codex' to enable Codex web search.",
 		);
 	}
 
-	const result = await callCodexSearch(auth, params.query, {
-		systemPrompt: params.system_prompt,
-		searchContextSize: params.search_context_size ?? "high",
-	});
+	const configuredModel = getConfiguredModel();
+	const modelCandidates = configuredModel ? [configuredModel] : getDefaultModelCandidates();
+
+	let result:
+		| {
+				answer: string;
+				sources: SearchSource[];
+				model: string;
+				requestId: string;
+				usage?: { inputTokens: number; outputTokens: number; totalTokens: number };
+		  }
+		| undefined;
+	let lastError: unknown;
+
+	for (let index = 0; index < modelCandidates.length; index += 1) {
+		const modelId = modelCandidates[index];
+		if (!modelId) continue;
+
+		try {
+			result = await callCodexSearch(auth, params.query, {
+				signal: params.signal,
+				systemPrompt: params.systemPrompt,
+				searchContextSize: "high",
+				modelId,
+			});
+			break;
+		} catch (error) {
+			lastError = error;
+			const isLastCandidate = index === modelCandidates.length - 1;
+			if (configuredModel || isLastCandidate || !shouldRetryWithNextDefaultModel(error)) {
+				throw error;
+			}
+		}
+	}
+
+	if (!result) {
+		throw lastError ?? new Error("Codex search failed without returning a result");
+	}
 
 	let sources = result.sources;
 
-	// Apply num_results limit if specified
-	if (params.num_results && sources.length > params.num_results) {
-		sources = sources.slice(0, params.num_results);
+	const numResults = params.numSearchResults ?? params.limit;
+	if (numResults && sources.length > numResults) {
+		sources = sources.slice(0, numResults);
 	}
 
 	return {
@@ -500,28 +532,25 @@ export async function searchCodex(params: CodexSearchParams): Promise<SearchResp
 
 /**
  * Checks if Codex web search is available.
- * @returns True if valid OAuth credentials exist for openai-codex
  */
-export async function hasCodexSearch(): Promise<boolean> {
-	const auth = await findCodexAuth();
-	return auth !== null;
+export async function hasCodexSearch(authStorage: AuthStorage): Promise<boolean> {
+	// `isAvailable` runs before every request — keep the probe cheap.
+	// `hasOAuth(...)` is a synchronous in-memory check that returns true as soon
+	// as a Codex OAuth credential is loaded, without driving the refresh
+	// pipeline. The actual refresh happens lazily in `searchCodex`.
+	return authStorage.hasOAuth("openai-codex");
 }
 
 /** Search provider for OpenAI Codex web search. */
 export class CodexProvider extends SearchProvider {
 	readonly id = "codex";
-	readonly label = "Codex";
+	readonly label = "OpenAI";
 
-	isAvailable(): Promise<boolean> {
-		return Promise.resolve(hasCodexSearch());
+	isAvailable(authStorage: AuthStorage): Promise<boolean> | boolean {
+		return hasCodexSearch(authStorage);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
-		return searchCodex({
-			signal: params.signal,
-			query: params.query,
-			system_prompt: params.systemPrompt,
-			num_results: params.numSearchResults ?? params.limit,
-		});
+		return searchCodex(params);
 	}
 }

package/src/web/search/providers/exa.ts

@@ -6,9 +6,10 @@
  * Requests per-result summaries via `contents.summary` and synthesizes
  * them into a combined `answer` string on the SearchResponse.
  */
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import { settings } from "../../../config/settings";
 import { callExaTool, findApiKey, isSearchResponse } from "../../../exa/mcp-client";
+
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import { dateToAgeSeconds } from "../utils";
@@ -249,7 +250,7 @@ export class ExaProvider extends SearchProvider {
 	readonly id = "exa";
 	readonly label = "Exa";
 
-	isAvailable(): boolean {
+	isAvailable(_authStorage: AuthStorage): boolean {
 		try {
 			if (settings.get("exa.enabled") === false || settings.get("exa.enableSearch") === false) {
 				return false;

package/src/web/search/providers/gemini.ts

@@ -2,15 +2,20 @@
  * Google Gemini Web Search Provider
  *
  * Uses Gemini's Google Search grounding via Cloud Code Assist API.
- * Requires OAuth credentials stored in agent.db for provider "google-gemini-cli" or "google-antigravity".
- * Returns synthesized answers with citations and source metadata from grounding chunks.
+ * Auth is resolved through `AuthStorage.getOAuthAccess(...)` for both
+ * `google-gemini-cli` (stable prod) and `google-antigravity` (daily sandbox)
+ * — the broker is the sole refresh authority, so this module never opens a
+ * sibling SQLite store and never POSTs the broker sentinel to a Google token
+ * endpoint.
  */
-import { ANTIGRAVITY_SYSTEM_INSTRUCTION, getAntigravityUserAgent, getGeminiCliHeaders } from "@oh-my-pi/pi-ai";
-import { refreshAntigravityToken } from "@oh-my-pi/pi-ai/utils/oauth/google-antigravity";
-import { refreshGoogleCloudToken } from "@oh-my-pi/pi-ai/utils/oauth/google-gemini-cli";
-import { fetchWithRetry, getAgentDbPath } from "@oh-my-pi/pi-utils";
+import {
+	ANTIGRAVITY_SYSTEM_INSTRUCTION,
+	type AuthStorage,
+	getAntigravityUserAgent,
+	getGeminiCliHeaders,
+} from "@oh-my-pi/pi-ai";
+import { fetchWithRetry } from "@oh-my-pi/pi-utils";
 
-import { AgentStorage } from "../../../session/agent-storage";
 import type { SearchCitation, SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import type { SearchParams } from "./base";
@@ -26,6 +31,9 @@ const MAX_RETRIES = 3;
 const BASE_DELAY_MS = 1000;
 const RATE_LIMIT_BUDGET_MS = 5 * 60 * 1000;
 
+const GEMINI_PROVIDERS = ["google-gemini-cli", "google-antigravity"] as const;
+type GeminiProviderId = (typeof GEMINI_PROVIDERS)[number];
+
 interface GeminiToolParams {
 	google_search?: Record<string, unknown>;
 	code_execution?: Record<string, unknown>;
@@ -41,6 +49,8 @@ export interface GeminiSearchParams extends GeminiToolParams {
 	/** Sampling temperature (0–1). Lower = more focused/factual. */
 	temperature?: number;
 	signal?: AbortSignal;
+	authStorage: AuthStorage;
+	sessionId?: string;
 }
 
 export function buildGeminiRequestTools(params: GeminiToolParams): Array<Record<string, Record<string, unknown>>> {
@@ -54,131 +64,40 @@ export function buildGeminiRequestTools(params: GeminiToolParams): Array<Record<
 	return tools;
 }
 
-/** OAuth credential stored in agent.db */
-interface GeminiOAuthCredential {
-	type: "oauth";
-	access: string;
-	refresh?: string;
-	expires: number;
-	projectId?: string;
-}
-
-/** Auth info for Gemini API requests */
+/** Resolved auth for a Gemini API request. */
 interface GeminiAuth {
 	accessToken: string;
-	refreshToken?: string;
 	projectId: string;
 	isAntigravity: boolean;
-	storage: AgentStorage;
-	credentialId: number;
-	credential: GeminiOAuthCredential;
-}
-
-async function refreshGeminiAuth(auth: GeminiAuth): Promise<boolean> {
-	if (!auth.refreshToken) return false;
-	try {
-		const refreshed = auth.isAntigravity
-			? await refreshAntigravityToken(auth.refreshToken, auth.projectId)
-			: await refreshGoogleCloudToken(auth.refreshToken, auth.projectId);
-		auth.accessToken = refreshed.access;
-		auth.refreshToken = refreshed.refresh ?? auth.refreshToken;
-		auth.storage.updateAuthCredential(auth.credentialId, {
-			...auth.credential,
-			access: auth.accessToken,
-			refresh: auth.refreshToken,
-			expires: refreshed.expires,
-		});
-		auth.credential.access = auth.accessToken;
-		auth.credential.refresh = auth.refreshToken;
-		auth.credential.expires = refreshed.expires;
-		return true;
-	} catch {
-		return false;
-	}
 }
 
 /**
- * Finds valid Gemini OAuth credentials from agent.db.
- * Checks google-gemini-cli first (stable prod), then google-antigravity (daily sandbox).
- * @returns OAuth credential with access token and project ID, or null if none found
+ * Walks the configured Gemini OAuth providers in deterministic order and
+ * returns the first one that yields a usable access token + projectId via
+ * {@link AuthStorage.getOAuthAccess}. AuthStorage handles refresh + broker
+ * routing internally; this helper never touches refresh tokens directly.
  */
-export async function findGeminiAuth(): Promise<GeminiAuth | null> {
-	const expiryBuffer = 5 * 60 * 1000; // 5 minutes
-	const now = Date.now();
-
-	// Try providers in deterministic order: gemini-cli first, then antigravity
-	const providers = ["google-gemini-cli", "google-antigravity"] as const;
-
-	try {
-		const storage = await AgentStorage.open(getAgentDbPath());
-
-		for (const provider of providers) {
-			const records = storage.listAuthCredentials(provider);
-
-			for (const record of records) {
-				const credential = record.credential;
-				if (credential.type !== "oauth") continue;
-
-				const oauthCred = credential as GeminiOAuthCredential;
-				if (!oauthCred.access) continue;
-
-				// Get projectId from credential
-				const projectId = oauthCred.projectId;
-				if (!projectId) continue;
-
-				// Check if token is expired (or about to expire)
-				if (oauthCred.expires <= now + expiryBuffer) {
-					// Try to refresh if we have a refresh token
-					if (oauthCred.refresh) {
-						try {
-							const refreshed =
-								provider === "google-antigravity"
-									? await refreshAntigravityToken(oauthCred.refresh, projectId)
-									: await refreshGoogleCloudToken(oauthCred.refresh, projectId);
-							// Update the credential in storage
-							const updated = {
-								...oauthCred,
-								access: refreshed.access,
-								refresh: refreshed.refresh ?? oauthCred.refresh,
-								expires: refreshed.expires,
-							};
-							storage.updateAuthCredential(record.id, updated);
-							return {
-								accessToken: refreshed.access,
-								refreshToken: refreshed.refresh ?? oauthCred.refresh,
-								projectId,
-								isAntigravity: provider === "google-antigravity",
-								storage,
-								credentialId: record.id,
-								credential: updated,
-							};
-						} catch {
-							// Refresh failed, skip this credential
-							continue;
-						}
-					}
-					// No refresh token or refresh failed
-					continue;
-				}
-
-				return {
-					accessToken: oauthCred.access,
-					refreshToken: oauthCred.refresh,
-					projectId,
-					isAntigravity: provider === "google-antigravity",
-					storage,
-					credentialId: record.id,
-					credential: oauthCred,
-				};
-			}
-		}
-	} catch {
-		return null;
+export async function findGeminiAuth(
+	authStorage: AuthStorage,
+	sessionId: string | undefined,
+	signal: AbortSignal | undefined,
+): Promise<GeminiAuth | null> {
+	for (const provider of GEMINI_PROVIDERS) {
+		const access = await authStorage.getOAuthAccess(provider, sessionId, { signal });
+		if (!access?.accessToken || !access.projectId) continue;
+		return {
+			accessToken: access.accessToken,
+			projectId: access.projectId,
+			isAntigravity: provider === "google-antigravity",
+		};
 	}
-
 	return null;
 }
 
+function hasGeminiOAuth(authStorage: AuthStorage): boolean {
+	return GEMINI_PROVIDERS.some((provider: GeminiProviderId) => authStorage.hasOAuth(provider));
+}
+
 /** Cloud Code Assist API response types */
 interface GeminiGroundingChunk {
 	web?: {
@@ -224,20 +143,20 @@ interface CloudCodeResponseChunk {
 
 /**
  * Calls the Cloud Code Assist API with Google Search grounding enabled.
- * @param auth - Authentication info (access token and project ID)
- * @param query - Search query from the user
- * @param systemPrompt - Optional system prompt
- * @returns Parsed response with answer, sources, and usage
- * @throws {SearchProviderError} If the API request fails
+ *
+ * If a request returns a refreshable auth failure (401/403/auth-flavoured 400),
+ * we ask AuthStorage to invalidate + refresh the credential and retry once.
+ * Provider-direct refresh helpers are intentionally not used: AuthStorage owns
+ * the single-flight refresh and broker round-trip.
  */
 async function callGeminiSearch(
 	auth: GeminiAuth,
 	query: string,
-	systemPrompt?: string,
-	maxOutputTokens?: number,
-	temperature?: number,
-	toolParams: GeminiToolParams = {},
-	signal?: AbortSignal,
+	systemPrompt: string | undefined,
+	maxOutputTokens: number | undefined,
+	temperature: number | undefined,
+	toolParams: GeminiToolParams,
+	signal: AbortSignal | undefined,
 ): Promise<{
 	answer: string;
 	sources: SearchSource[];
@@ -316,29 +235,13 @@ async function callGeminiSearch(
 	const urlFor = (attempt: number) =>
 		`${endpoints[Math.min(attempt, endpoints.length - 1)]}/v1internal:streamGenerateContent?alt=sse`;
 
-	let response = await fetchWithRetry(urlFor, {
+	const response = await fetchWithRetry(urlFor, {
 		...buildInit(),
 		maxAttempts: MAX_RETRIES + 1,
 		defaultDelayMs: attempt => BASE_DELAY_MS * 2 ** attempt,
 		maxDelayMs: RATE_LIMIT_BUDGET_MS,
 	});
 
-	if (!response.ok) {
-		const errorText = await response.clone().text();
-		const canRefreshAuth =
-			response.status === 401 ||
-			response.status === 403 ||
-			(response.status === 400 && /api key not valid|invalid credentials|invalid authentication/i.test(errorText));
-		if (canRefreshAuth && (await refreshGeminiAuth(auth))) {
-			response = await fetchWithRetry(urlFor, {
-				...buildInit(),
-				maxAttempts: MAX_RETRIES + 1,
-				defaultDelayMs: attempt => BASE_DELAY_MS * 2 ** attempt,
-				maxDelayMs: RATE_LIMIT_BUDGET_MS,
-			});
-		}
-	}
-
 	if (!response.ok) {
 		const errorText = await response.text();
 		const classified = classifyProviderHttpError("gemini", response.status, errorText);
@@ -482,13 +385,9 @@ async function callGeminiSearch(
 
 /**
  * Executes a web search using Google Gemini with Google Search grounding.
- * Requires OAuth credentials stored in agent.db for provider "google-gemini-cli" or "google-antigravity".
- * @param params - Search parameters including query and optional settings
- * @returns Search response with synthesized answer, sources, and citations
- * @throws {Error} If no Gemini OAuth credentials are configured
  */
 export async function searchGemini(params: GeminiSearchParams): Promise<SearchResponse> {
-	const auth = await findGeminiAuth();
+	const auth = await findGeminiAuth(params.authStorage, params.sessionId, params.signal);
 	if (!auth) {
 		throw new Error(
 			"No Gemini OAuth credentials found. Login with 'omp /login google-gemini-cli' or 'omp /login google-antigravity' to enable Gemini web search.",
@@ -511,7 +410,6 @@ export async function searchGemini(params: GeminiSearchParams): Promise<SearchRe
 
 	let sources = result.sources;
 
-	// Apply num_results limit if specified
 	if (params.num_results && sources.length > params.num_results) {
 		sources = sources.slice(0, params.num_results);
 	}
@@ -532,8 +430,11 @@ export class GeminiProvider extends SearchProvider {
 	readonly id = "gemini";
 	readonly label = "Gemini";
 
-	isAvailable() {
-		return findGeminiAuth().then(Boolean);
+	isAvailable(authStorage: AuthStorage): boolean {
+		// Cheap, in-memory check — avoids driving the refresh pipeline during
+		// the provider-chain probe. `searchGemini` calls `getOAuthAccess` which
+		// will refresh lazily on the actual request.
+		return hasGeminiOAuth(authStorage);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
@@ -547,6 +448,8 @@ export class GeminiProvider extends SearchProvider {
 			code_execution: params.codeExecution,
 			url_context: params.urlContext,
 			signal: params.signal,
+			authStorage: params.authStorage,
+			sessionId: params.sessionId,
 		});
 	}
 }

package/src/web/search/providers/jina.ts

@@ -5,12 +5,12 @@
  * cleaned content.
  */
 
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, isApiKeyAvailable, withHardTimeout } from "./utils";
+import { classifyProviderHttpError, withHardTimeout } from "./utils";
 
 const JINA_SEARCH_URL = "https://s.jina.ai";
 
@@ -87,8 +87,8 @@ export class JinaProvider extends SearchProvider {
 	readonly id = "jina";
 	readonly label = "Jina";
 
-	isAvailable() {
-		return isApiKeyAvailable(findApiKey);
+	isAvailable(_authStorage: AuthStorage): boolean {
+		return !!findApiKey();
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {