@oh-my-pi/pi-coding-agent 15.3.2 → 15.4.2

package/src/web/search/providers/kagi.ts

@@ -3,9 +3,10 @@
  *
  * Thin wrapper that adapts shared Kagi API utilities to SearchResponse shape.
  */
+import type { AuthStorage } from "@oh-my-pi/pi-ai";
 import type { SearchResponse } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
-import { findKagiApiKey, KagiApiError, searchWithKagi } from "../../kagi";
+import { KagiApiError, searchWithKagi } from "../../kagi";
 import { clampNumResults } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
@@ -19,14 +20,21 @@ export async function searchKagi(params: {
 	query: string;
 	num_results?: number;
 	signal?: AbortSignal;
+	authStorage: AuthStorage;
+	sessionId?: string;
 }): Promise<SearchResponse> {
 	const numResults = clampNumResults(params.num_results, DEFAULT_NUM_RESULTS, MAX_NUM_RESULTS);
 
 	try {
-		const result = await searchWithKagi(params.query, {
-			limit: numResults,
-			signal: params.signal,
-		});
+		const result = await searchWithKagi(
+			params.query,
+			{
+				limit: numResults,
+				sessionId: params.sessionId,
+				signal: params.signal,
+			},
+			params.authStorage,
+		);
 
 		return {
 			provider: "kagi",
@@ -51,12 +59,8 @@ export class KagiProvider extends SearchProvider {
 	readonly id = "kagi";
 	readonly label = "Kagi";
 
-	async isAvailable() {
-		try {
-			return !!(await findKagiApiKey());
-		} catch {
-			return false;
-		}
+	isAvailable(authStorage: AuthStorage): boolean {
+		return authStorage.hasAuth("kagi");
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
@@ -64,6 +68,8 @@ export class KagiProvider extends SearchProvider {
 			query: params.query,
 			num_results: params.numSearchResults ?? params.limit,
 			signal: params.signal,
+			authStorage: params.authStorage,
+			sessionId: params.sessionId,
 		});
 	}
 }

package/src/web/search/providers/kimi.ts

@@ -4,14 +4,15 @@
  * Uses Moonshot Kimi Code search API to retrieve web results.
  * Endpoint: POST https://api.kimi.com/coding/v1/search
  */
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import type { AuthStorage } from "@oh-my-pi/pi-ai";
 import { $env } from "@oh-my-pi/pi-utils";
+
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import { clampNumResults, dateToAgeSeconds } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, findCredential, isApiKeyAvailable, withHardTimeout } from "./utils";
+import { classifyProviderHttpError, withHardTimeout } from "./utils";
 
 const KIMI_SEARCH_URL = "https://api.kimi.com/coding/v1/search";
 
@@ -24,6 +25,8 @@ export interface KimiSearchParams {
 	num_results?: number;
 	include_content?: boolean;
 	signal?: AbortSignal;
+	authStorage: AuthStorage;
+	sessionId?: string;
 }
 
 interface KimiSearchResult {
@@ -51,14 +54,20 @@ function resolveBaseUrl(): string {
 	return asTrimmed($env.MOONSHOT_SEARCH_BASE_URL) ?? asTrimmed($env.KIMI_SEARCH_BASE_URL) ?? KIMI_SEARCH_URL;
 }
 
-/** Find Kimi search credentials from environment or agent.db credentials. */
-async function findApiKey(): Promise<string | null> {
-	const envKey =
-		asTrimmed($env.MOONSHOT_SEARCH_API_KEY) ??
-		asTrimmed($env.KIMI_SEARCH_API_KEY) ??
-		getEnvApiKey("moonshot") ??
-		null;
-	return findCredential(envKey, "moonshot", "kimi-code");
+/** Find Kimi search credentials from environment or AuthStorage. */
+async function findApiKey(
+	authStorage: AuthStorage,
+	sessionId: string | undefined,
+	signal: AbortSignal | undefined,
+): Promise<string | null> {
+	const envKey = asTrimmed($env.MOONSHOT_SEARCH_API_KEY) ?? asTrimmed($env.KIMI_SEARCH_API_KEY);
+	if (envKey) return envKey;
+
+	return (
+		(await authStorage.getApiKey("moonshot", sessionId, { signal })) ??
+		(await authStorage.getApiKey("kimi-code", sessionId, { signal })) ??
+		null
+	);
 }
 
 async function callKimiSearch(
@@ -99,7 +108,7 @@ async function callKimiSearch(
 
 /** Execute Kimi web search. */
 export async function searchKimi(params: KimiSearchParams): Promise<SearchResponse> {
-	const apiKey = await findApiKey();
+	const apiKey = await findApiKey(params.authStorage, params.sessionId, params.signal);
 	if (!apiKey) {
 		throw new Error(
 			"Kimi search credentials not found. Set MOONSHOT_SEARCH_API_KEY, KIMI_SEARCH_API_KEY, MOONSHOT_API_KEY, or login with 'omp /login moonshot'.",
@@ -141,8 +150,13 @@ export class KimiProvider extends SearchProvider {
 	readonly id = "kimi";
 	readonly label = "Kimi";
 
-	isAvailable(): Promise<boolean> {
-		return isApiKeyAvailable(findApiKey);
+	isAvailable(authStorage: AuthStorage): boolean {
+		return (
+			!!asTrimmed($env.MOONSHOT_SEARCH_API_KEY) ||
+			!!asTrimmed($env.KIMI_SEARCH_API_KEY) ||
+			authStorage.hasAuth("moonshot") ||
+			authStorage.hasAuth("kimi-code")
+		);
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
@@ -150,6 +164,8 @@ export class KimiProvider extends SearchProvider {
 			query: params.query,
 			num_results: params.numSearchResults ?? params.limit,
 			signal: params.signal,
+			authStorage: params.authStorage,
+			sessionId: params.sessionId,
 		});
 	}
 }

package/src/web/search/providers/parallel.ts

@@ -1,27 +1,175 @@
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import type { SearchResponse } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
-import { findParallelApiKey, ParallelApiError, searchWithParallel } from "../../parallel";
+import { ParallelApiError, type ParallelSearchResult, type ParallelSearchSource } from "../../parallel";
 import { clampNumResults } from "../utils";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, toSearchSources } from "./utils";
+import { classifyProviderHttpError, toSearchSources, withHardTimeout } from "./utils";
 
 const DEFAULT_NUM_RESULTS = 10;
 const MAX_NUM_RESULTS = 40;
+const PARALLEL_SEARCH_URL = "https://api.parallel.ai/v1beta/search";
+const PARALLEL_BETA_HEADER = "search-extract-2025-10-10";
 
-export async function searchParallel(params: {
-	query: string;
-	num_results?: number;
-	signal?: AbortSignal;
-}): Promise<SearchResponse> {
-	const numResults = clampNumResults(params.num_results, DEFAULT_NUM_RESULTS, MAX_NUM_RESULTS);
+function isObject(value: unknown): value is object {
+	return typeof value === "object" && value !== null;
+}
+
+function getOwnValue(value: object, key: string): unknown {
+	return Object.getOwnPropertyDescriptor(value, key)?.value;
+}
+
+function getString(value: object, key: string): string | undefined {
+	const field = getOwnValue(value, key);
+	return typeof field === "string" ? field : undefined;
+}
+
+function getObjectArray(value: object, key: string): object[] {
+	const field = getOwnValue(value, key);
+	return Array.isArray(field) ? field.filter(isObject) : [];
+}
+
+function getStringArray(value: object, key: string): string[] {
+	const field = getOwnValue(value, key);
+	return Array.isArray(field) ? field.filter((item): item is string => typeof item === "string") : [];
+}
+
+function extractParallelErrorMessage(payload: unknown): string | null {
+	if (!isObject(payload)) return null;
+
+	const directMessage = getString(payload, "message") ?? getString(payload, "detail") ?? getString(payload, "error");
+	if (directMessage && directMessage.trim().length > 0) {
+		return directMessage.trim();
+	}
+
+	const errorObject = getOwnValue(payload, "error");
+	if (isObject(errorObject)) {
+		const nestedMessage = getString(errorObject, "message") ?? getString(errorObject, "detail");
+		if (nestedMessage && nestedMessage.trim().length > 0) {
+			return nestedMessage.trim();
+		}
+	}
+
+	return null;
+}
+
+function createParallelApiError(statusCode: number, detail?: string): ParallelApiError {
+	return new ParallelApiError(
+		detail ? `Parallel API error (${statusCode}): ${detail}` : `Parallel API error (${statusCode})`,
+		statusCode,
+	);
+}
+
+function parseParallelErrorResponse(statusCode: number, responseText: string): ParallelApiError {
+	const trimmedResponseText = responseText.trim();
+	if (trimmedResponseText.length === 0) {
+		return createParallelApiError(statusCode);
+	}
 
 	try {
-		const result = await searchWithParallel(params.query, [params.query], {
-			mode: "fast",
-			maxCharsPerResult: 10_000,
-			signal: params.signal,
+		const payload: unknown = JSON.parse(trimmedResponseText);
+		return createParallelApiError(statusCode, extractParallelErrorMessage(payload) ?? trimmedResponseText);
+	} catch {
+		return createParallelApiError(statusCode, trimmedResponseText);
+	}
+}
+
+function parseSearchPayload(payload: unknown): ParallelSearchResult {
+	if (!isObject(payload)) {
+		throw new ParallelApiError("Parallel search returned an invalid response payload.");
+	}
+
+	const requestId = getString(payload, "search_id") ?? "";
+	const rawResults = getObjectArray(payload, "results");
+	const sources: ParallelSearchSource[] = [];
+
+	for (const item of rawResults) {
+		const url = getString(item, "url");
+		if (!url) continue;
+
+		const excerpts = getStringArray(item, "excerpts");
+		const snippet = excerpts.length > 0 ? excerpts.join("\n\n") : undefined;
+		sources.push({
+			title: getString(item, "title") ?? url,
+			url,
+			snippet,
+			publishedDate: getString(item, "publish_date"),
+			excerpts,
 		});
+	}
+
+	return {
+		requestId,
+		sources,
+		warnings: [],
+		usage: [],
+	};
+}
+
+async function searchWithAuthStorage(
+	objective: string,
+	queries: string[],
+	params: {
+		signal?: AbortSignal;
+	},
+	authStorage: AuthStorage,
+	sessionId?: string,
+): Promise<ParallelSearchResult> {
+	const apiKey = await authStorage.getApiKey("parallel", sessionId, { signal: params.signal });
+	if (!apiKey) {
+		throw new ParallelApiError(
+			"Parallel credentials not found. Set PARALLEL_API_KEY or login with 'omp /login parallel'.",
+		);
+	}
+
+	const response = await fetch(PARALLEL_SEARCH_URL, {
+		method: "POST",
+		headers: {
+			Accept: "application/json",
+			"Content-Type": "application/json",
+			"x-api-key": apiKey,
+			"parallel-beta": PARALLEL_BETA_HEADER,
+		},
+		body: JSON.stringify({
+			objective,
+			search_queries: queries,
+			mode: "fast",
+			excerpts: {
+				max_chars_per_result: 10_000,
+			},
+		}),
+		signal: withHardTimeout(params.signal),
+	});
+	if (!response.ok) {
+		throw parseParallelErrorResponse(response.status, await response.text());
+	}
+
+	const payload: unknown = await response.json();
+	return parseSearchPayload(payload);
+}
+
+export async function searchParallel(
+	params: {
+		query: string;
+		num_results?: number;
+		signal?: AbortSignal;
+	},
+	authStorage: AuthStorage,
+	sessionId?: string,
+): Promise<SearchResponse> {
+	const numResults = clampNumResults(params.num_results, DEFAULT_NUM_RESULTS, MAX_NUM_RESULTS);
+
+	try {
+		const result = await searchWithAuthStorage(
+			params.query,
+			[params.query],
+			{
+				signal: params.signal,
+			},
+			authStorage,
+			sessionId,
+		);
 
 		return {
 			provider: "parallel",
@@ -44,19 +192,19 @@ export class ParallelProvider extends SearchProvider {
 	readonly id = "parallel";
 	readonly label = "Parallel";
 
-	async isAvailable() {
-		try {
-			return !!(await findParallelApiKey());
-		} catch {
-			return false;
-		}
+	isAvailable(authStorage: AuthStorage) {
+		return !!getEnvApiKey("parallel") || authStorage.hasAuth("parallel");
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
-		return searchParallel({
-			query: params.query,
-			num_results: params.numSearchResults ?? params.limit,
-			signal: params.signal,
-		});
+		return searchParallel(
+			{
+				query: params.query,
+				num_results: params.numSearchResults ?? params.limit,
+				signal: params.signal,
+			},
+			params.authStorage,
+			params.sessionId,
+		);
 	}
 }

package/src/web/search/providers/perplexity.ts

@@ -3,13 +3,12 @@
  *
  * Supports three auth modes:
  * - Cookies (`PERPLEXITY_COOKIES`) via `www.perplexity.ai/rest/sse/perplexity_ask`
- * - OAuth JWT (stored in `agent.db`) via `www.perplexity.ai/rest/sse/perplexity_ask`
+ * - OAuth/session bearer via `AuthStorage` and `www.perplexity.ai/rest/sse/perplexity_ask`
  * - API key (`PERPLEXITY_API_KEY`) via `api.perplexity.ai/chat/completions`
  */
 
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
-import { $env, getAgentDbPath, readSseJson } from "@oh-my-pi/pi-utils";
-import { AgentStorage } from "../../../session/agent-storage";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { $env, readSseJson } from "@oh-my-pi/pi-utils";
 import type {
 	PerplexityMessageOutput,
 	PerplexityRequest,
@@ -34,12 +33,6 @@ const OAUTH_EXPIRY_BUFFER_MS = 5 * 60 * 1000;
 const OAUTH_API_VERSION = "2.18";
 const OAUTH_USER_AGENT = "Perplexity/641 CFNetwork/1568 Darwin/25.2.0";
 
-interface PerplexityOAuthCredential {
-	type: "oauth";
-	access: string;
-	expires: number;
-}
-
 type PerplexityAuth =
 	| {
 			type: "api_key";
@@ -168,6 +161,8 @@ export interface PerplexitySearchParams {
 	temperature?: number;
 	/** Number of search results to retrieve. Defaults to 10. */
 	num_search_results?: number;
+	authStorage: AuthStorage;
+	sessionId?: string;
 }
 
 /** Find PERPLEXITY_API_KEY from environment or .env files (also checks PPLX_API_KEY) */
@@ -194,41 +189,49 @@ function jwtExpiryMs(token: string): number | undefined {
 	}
 }
 
-async function findOAuthToken(): Promise<string | null> {
-	const now = Date.now();
+async function findOAuthToken(
+	authStorage: AuthStorage,
+	sessionId: string | undefined,
+	signal: AbortSignal | undefined,
+): Promise<string | null> {
 	try {
-		const storage = await AgentStorage.open(getAgentDbPath());
-		const records = storage.listAuthCredentials("perplexity");
-		for (const record of records) {
-			if (record.credential.type !== "oauth") continue;
-			const credential = record.credential as PerplexityOAuthCredential;
-			if (!credential.access) continue;
-			// Trust the JWT's own `exp` claim if it has one; otherwise treat as
-			// non-expiring. The stored `expires` field is unreliable: older logins
-			// wrote `loginTime + 1h` even though Perplexity JWTs typically lack `exp`.
-			const jwtExpiry = jwtExpiryMs(credential.access);
-			if (jwtExpiry !== undefined && jwtExpiry <= now + OAUTH_EXPIRY_BUFFER_MS) continue;
-			return credential.access;
-		}
+		// `getOAuthAccess` returns the raw OAuth bearer only — runtime/config
+		// api_key overrides and stored api_key credentials are intentionally
+		// suppressed so we don't POST an `api.perplexity.ai` key to the
+		// `www.perplexity.ai` session/SSE endpoint.
+		const access = await authStorage.getOAuthAccess("perplexity", sessionId, { signal });
+		const token = access?.accessToken;
+		if (!token) return null;
+		// Trust the JWT's own `exp` claim if it has one; otherwise treat as
+		// non-expiring. Perplexity session JWTs commonly omit `exp`.
+		const jwtExpiry = jwtExpiryMs(token);
+		if (jwtExpiry !== undefined && jwtExpiry <= Date.now() + OAUTH_EXPIRY_BUFFER_MS) return null;
+		return token;
 	} catch {
 		return null;
 	}
-	return null;
 }
 
-async function findPerplexityAuth(): Promise<PerplexityAuth | null> {
+async function findPerplexityAuth(
+	authStorage: AuthStorage,
+	sessionId: string | undefined,
+	signal: AbortSignal | undefined,
+): Promise<PerplexityAuth | null> {
 	// 1. PERPLEXITY_COOKIES env var
 	const cookies = $env.PERPLEXITY_COOKIES?.trim();
 	if (cookies) {
 		return { type: "cookies", cookies };
 	}
-	// 2. OAuth token from agent.db
-	const oauthToken = await findOAuthToken();
+
+	const apiKey = findApiKey();
+
+	// 2. OAuth/session bearer from AuthStorage.
+	const oauthToken = await findOAuthToken(authStorage, sessionId, signal);
 	if (oauthToken) {
 		return { type: "oauth", token: oauthToken };
 	}
+
 	// 3. PERPLEXITY_API_KEY env var
-	const apiKey = findApiKey();
 	if (apiKey) {
 		return { type: "api_key", token: apiKey };
 	}
@@ -493,7 +496,7 @@ function applySourceLimit(result: SearchResponse, limit?: number): SearchRespons
 
 /** Execute Perplexity web search */
 export async function searchPerplexity(params: PerplexitySearchParams): Promise<SearchResponse> {
-	const auth = await findPerplexityAuth();
+	const auth = await findPerplexityAuth(params.authStorage, params.sessionId, params.signal);
 	if (!auth) {
 		throw new Error("Perplexity auth not found. Set PERPLEXITY_COOKIES, PERPLEXITY_API_KEY, or login via OAuth.");
 	}
@@ -551,12 +554,8 @@ export class PerplexityProvider extends SearchProvider {
 	readonly id = "perplexity";
 	readonly label = "Perplexity";
 
-	async isAvailable() {
-		try {
-			return !!(await findPerplexityAuth());
-		} catch {
-			return false;
-		}
+	isAvailable(authStorage: AuthStorage): boolean {
+		return !!$env.PERPLEXITY_COOKIES?.trim() || authStorage.hasAuth("perplexity") || !!findApiKey();
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
@@ -569,6 +568,8 @@ export class PerplexityProvider extends SearchProvider {
 			system_prompt: params.systemPrompt,
 			search_recency_filter: params.recency,
 			num_results: params.limit,
+			authStorage: params.authStorage,
+			sessionId: params.sessionId,
 		});
 	}
 }

package/src/web/search/providers/searxng.ts

@@ -25,6 +25,8 @@
  * Reference: https://docs.searxng.org/dev/search_api.html
  */
 
+import type { AuthStorage } from "@oh-my-pi/pi-ai";
+
 import { settings } from "../../../config/settings";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
@@ -288,7 +290,7 @@ export class SearXNGProvider extends SearchProvider {
 	readonly id = "searxng";
 	readonly label = "SearXNG";
 
-	isAvailable() {
+	isAvailable(_authStorage: AuthStorage): boolean {
 		try {
 			return !!findEndpoint();
 		} catch {

package/src/web/search/providers/synthetic.ts

@@ -5,12 +5,12 @@
  * Endpoint: POST https://api.synthetic.new/v2/search
  */
 
-import { getEnvApiKey } from "@oh-my-pi/pi-ai";
+import { type AuthStorage, getEnvApiKey } from "@oh-my-pi/pi-ai";
 import type { SearchResponse, SearchSource } from "../../../web/search/types";
 import { SearchProviderError } from "../../../web/search/types";
 import type { SearchParams } from "./base";
 import { SearchProvider } from "./base";
-import { classifyProviderHttpError, findCredential, isApiKeyAvailable, withHardTimeout } from "./utils";
+import { classifyProviderHttpError, withHardTimeout } from "./utils";
 
 const SYNTHETIC_SEARCH_URL = "https://api.synthetic.new/v2/search";
 
@@ -25,9 +25,13 @@ interface SyntheticSearchResponse {
 	results: SyntheticSearchResult[];
 }
 
-/** Find Synthetic API key from environment or agent.db credentials. */
-export async function findApiKey(): Promise<string | null> {
-	return findCredential(getEnvApiKey("synthetic"), "synthetic");
+/** Resolve Synthetic API key through the shared auth storage pipeline. */
+export function findApiKey(
+	authStorage: AuthStorage,
+	sessionId?: string,
+	signal?: AbortSignal,
+): Promise<string | undefined> {
+	return authStorage.getApiKey("synthetic", sessionId, { signal });
 }
 
 /** Call Synthetic search API. */
@@ -61,12 +65,8 @@ async function callSyntheticSearch(
 }
 
 /** Execute Synthetic web search. */
-export async function searchSynthetic(params: {
-	query: string;
-	num_results?: number;
-	signal?: AbortSignal;
-}): Promise<SearchResponse> {
-	const apiKey = await findApiKey();
+export async function searchSynthetic(params: SearchParams): Promise<SearchResponse> {
+	const apiKey = await findApiKey(params.authStorage, params.sessionId, params.signal);
 	if (!apiKey) {
 		throw new Error("Synthetic credentials not found. Set SYNTHETIC_API_KEY or login with 'omp /login synthetic'.");
 	}
@@ -84,7 +84,8 @@ export async function searchSynthetic(params: {
 		});
 	}
 
-	const limitedSources = params.num_results ? sources.slice(0, params.num_results) : sources;
+	const numResults = params.numSearchResults ?? params.limit;
+	const limitedSources = numResults ? sources.slice(0, numResults) : sources;
 
 	return {
 		provider: "synthetic",
@@ -97,15 +98,11 @@ export class SyntheticProvider extends SearchProvider {
 	readonly id = "synthetic";
 	readonly label = "Synthetic";
 
-	isAvailable(): Promise<boolean> {
-		return isApiKeyAvailable(findApiKey);
+	isAvailable(authStorage: AuthStorage): boolean {
+		return authStorage.hasAuth("synthetic") || !!getEnvApiKey("synthetic");
 	}
 
 	search(params: SearchParams): Promise<SearchResponse> {
-		return searchSynthetic({
-			query: params.query,
-			num_results: params.numSearchResults ?? params.limit,
-			signal: params.signal,
-		});
+		return searchSynthetic(params);
 	}
 }