@oh-my-pi/pi-coding-agent 15.5.6 → 15.5.8

package/src/lib/xai-http.ts

@@ -0,0 +1,124 @@
+// Ported from NousResearch/hermes-agent (MIT) — tools/xai_http.py.
+
+import { getBundledModels } from "@oh-my-pi/pi-ai";
+import { $env } from "@oh-my-pi/pi-utils";
+import type { ModelRegistry } from "../config/model-registry";
+
+const DEFAULT_BASE_URL = "https://api.x.ai/v1";
+
+interface XAICredentials {
+	provider: "xai-oauth" | "xai";
+	apiKey: string;
+	baseURL: string;
+}
+
+export function ohMyPiXAIUserAgent(): string {
+	return "oh-my-pi/xai";
+}
+
+type XAIProvider = "xai-oauth" | "xai";
+
+/**
+ * Resolve the HTTP base URL for an xAI tool call.
+ *
+ * Precedence:
+ *   1. `model.baseUrl` from the registry IF the user pinned a per-model
+ *      override — i.e. `merged.baseUrl` differs from the seeded/bundled
+ *      default for the (provider, id) pair. Mirrors the chat path's per-model
+ *      contract (`openai-responses.ts: model.baseUrl`).
+ *   2. `ModelRegistry.getProviderBaseUrl(provider)` — provider-level override
+ *      (e.g. `providers.xai-oauth.baseUrl` from models.yml). Reached when the
+ *      modelId does not appear in the registry under this provider, which
+ *      happens for tool-only ids like `grok-imagine-image` that
+ *      `applyXAIOAuthCuration` filters out via `XAI_NON_CHAT_PREFIXES`.
+ *      Without this leg, a registry-configured proxy is silently bypassed for
+ *      image/TTS traffic.
+ *   3. `XAI_BASE_URL` env var (legacy global override, preserved).
+ *   4. `DEFAULT_BASE_URL = "https://api.x.ai/v1"`.
+ *
+ * The override gate at step 1 uses `bundled?.baseUrl ?? DEFAULT_BASE_URL` as
+ * the canonical default sentinel. For xai (which has bundled entries) this
+ * compares against the bundled value; for xai-oauth (no bundled entries —
+ * models.json carries no xai-oauth records when the seed is absent, the
+ * picker is seeded statically from `xaiOAuthModelManagerOptions` with
+ * `baseUrl: DEFAULT_BASE_URL`) the sentinel falls back to DEFAULT_BASE_URL
+ * so the env leg remains reachable. Without that fallback, every xai-oauth
+ * model id forces `!bundled === true` and short-circuits XAI_BASE_URL
+ * silently. Lookup is scoped to (provider, id); matching by id alone would
+ * let xai-oauth entries hijack a xai tool call (or vice versa) when the
+ * same model id ships under both descriptors.
+ */
+function resolveXAIBaseURL(modelRegistry: ModelRegistry, provider: XAIProvider, modelId: string | undefined): string {
+	if (modelId) {
+		const merged = modelRegistry.getAll().find(m => m.id === modelId && m.provider === provider);
+		if (merged?.baseUrl) {
+			const bundled = getBundledModels(provider as Parameters<typeof getBundledModels>[0]).find(
+				m => m.id === modelId,
+			);
+			const providerDefault = bundled?.baseUrl ?? DEFAULT_BASE_URL;
+			if (merged.baseUrl !== providerDefault) {
+				return merged.baseUrl.replace(/\/$/, "");
+			}
+		}
+	}
+	const providerBaseUrl = modelRegistry.getProviderBaseUrl(provider);
+	if (providerBaseUrl) {
+		const normalized = providerBaseUrl.replace(/\/$/, "");
+		if (normalized !== DEFAULT_BASE_URL) return normalized;
+	}
+	return ($env.XAI_BASE_URL || DEFAULT_BASE_URL).replace(/\/$/, "");
+}
+
+/**
+ * Resolve xAI credentials for HTTP tool calls.
+ *
+ * Credential priority:
+ *   1. xai-oauth — only when a *dedicated* xai-oauth source exists. Composed
+ *      of two checks against the registry layer:
+ *        a. `authStorage.hasNonEnvCredential("xai-oauth")` covers stored
+ *           credentials (OAuth or api_key), runtime overrides (CLI
+ *           `--api-key` for xai-oauth), config overrides (models.yml
+ *           `providers.xai-oauth.apiKey`), and fallback resolvers.
+ *        b. `$env.XAI_OAUTH_TOKEN` covers the xai-oauth-specific env var.
+ *      `XAI_API_KEY` is intentionally NOT a signal here, even though the
+ *      env-fallback map (`stream.ts: "xai-oauth"`) lets xai-oauth borrow it
+ *      as a back-compat convenience: the borrow lets API-key-only setups
+ *      satisfy the xai-oauth branch and then resolve baseUrl under
+ *      xai-oauth instead of xai, silently bypassing `providers.xai.baseUrl`
+ *      overrides for image/TTS traffic. The gate routes the borrow case to
+ *      step 2 while preserving every dedicated xai-oauth path.
+ *   2. xai (plain API key). Delegates to ModelRegistry.getApiKeyForProvider
+ *      which runs AuthStorage.getApiKey's full cascade: runtime override →
+ *      models.yml config override → stored api_key credential → OAuth
+ *      resolution → XAI_API_KEY env var → custom fallback resolver.
+ *
+ * baseURL: see `resolveXAIBaseURL` above. Resolved AFTER the credential
+ * decision so the scoped (provider, id) lookup is unambiguous. `modelId`
+ * is optional; probes / tool-availability checks pass `undefined` and fall
+ * through to env/default.
+ *
+ * Returns null when neither credential is available. Caller is responsible
+ * for surfacing an actionable error message in that case.
+ */
+export async function resolveXAIHttpCredentials(
+	modelRegistry: ModelRegistry,
+	modelId?: string,
+): Promise<XAICredentials | null> {
+	const hasDedicatedXaiOAuth =
+		modelRegistry.authStorage.hasNonEnvCredential("xai-oauth") || Boolean($env.XAI_OAUTH_TOKEN);
+	if (hasDedicatedXaiOAuth) {
+		const oauthKey = await modelRegistry.getApiKeyForProvider("xai-oauth");
+		if (oauthKey) {
+			const baseURL = resolveXAIBaseURL(modelRegistry, "xai-oauth", modelId);
+			return { provider: "xai-oauth", apiKey: oauthKey, baseURL };
+		}
+	}
+
+	const apiKey = await modelRegistry.getApiKeyForProvider("xai");
+	if (apiKey) {
+		const baseURL = resolveXAIBaseURL(modelRegistry, "xai", modelId);
+		return { provider: "xai", apiKey, baseURL };
+	}
+
+	return null;
+}

package/src/main.ts

@@ -9,7 +9,6 @@ import * as fs from "node:fs/promises";
 import * as os from "node:os";
 import * as path from "node:path";
 import { createInterface } from "node:readline/promises";
-import { keepaliveWhile } from "@oh-my-pi/pi-agent-core";
 import type { ImageContent } from "@oh-my-pi/pi-ai";
 import {
 	$env,
@@ -316,7 +315,7 @@ async function runInteractiveMode(
 	}
 
 	while (true) {
-		const input = await keepaliveWhile(mode.getUserInput());
+		const input = await mode.getUserInput();
 		await submitInteractiveInput(mode, session, input);
 	}
 }

package/src/mcp/transports/http.ts

@@ -16,8 +16,23 @@ import type {
 	MCPTransport,
 } from "../../mcp/types";
 import { toJsonRpcError } from "../../mcp/types";
-import { createMCPTimeout, getNeverAbortSignal, resolveMCPTimeoutMs } from "../timeout";
+import { createMCPTimeout, getNeverAbortSignal, isMCPTimeoutEnabled, resolveMCPTimeoutMs } from "../timeout";
 
+const HTTP_SSE_CONNECT_TIMEOUT_MS = 1_000;
+/**
+ * Best-effort startup deadline for the optional Streamable HTTP GET SSE listener.
+ *
+ * Returns `0` (disabled) when the operator has explicitly disabled MCP client-side
+ * timeouts via `timeout: 0` or `OMP_MCP_TIMEOUT_MS=0`, mirroring the rest of the
+ * MCP timeout surface. Otherwise caps the wait at one second and scales below
+ * short request timeouts so connect-time never exceeds the request budget.
+ */
+export function resolveSSEConnectTimeoutMs(configTimeout?: number): number {
+	const requestTimeout = resolveMCPTimeoutMs(configTimeout);
+	if (!isMCPTimeoutEnabled(requestTimeout)) return 0;
+	const boundedTimeout = Math.min(HTTP_SSE_CONNECT_TIMEOUT_MS, Math.floor(requestTimeout / 4));
+	return Math.max(1, boundedTimeout);
+}
 /**
  * HTTP transport for MCP servers.
  * Uses POST for requests, supports SSE responses.
@@ -73,6 +88,15 @@ export class HttpTransport implements MCPTransport {
 		}
 
 		let response: Response;
+		let timedOut = false;
+		const startupTimeoutMs = resolveSSEConnectTimeoutMs(this.config.timeout);
+		const timeoutId =
+			startupTimeoutMs > 0
+				? setTimeout(() => {
+						timedOut = true;
+						this.#sseConnection?.abort();
+					}, startupTimeoutMs)
+				: null;
 		try {
 			response = await fetch(this.config.url, {
 				method: "GET",
@@ -81,13 +105,16 @@ export class HttpTransport implements MCPTransport {
 			});
 		} catch (error) {
 			this.#sseConnection = null;
-			if (error instanceof Error && error.name !== "AbortError") {
+			if (error instanceof Error && error.name !== "AbortError" && !timedOut) {
 				this.onError?.(error);
 			}
 			return;
+		} finally {
+			if (timeoutId !== null) clearTimeout(timeoutId);
 		}
 
 		if (response.status === 405 || !response.ok || !response.body) {
+			await response.body?.cancel();
 			this.#sseConnection = null;
 			return;
 		}

package/src/modes/components/tool-execution.ts

@@ -1,3 +1,4 @@
+import type { SnapshotStore } from "@oh-my-pi/hashline";
 import type { AgentTool } from "@oh-my-pi/pi-agent-core";
 import {
 	Box,
@@ -105,10 +106,10 @@ function resolveEditModeForTool(toolName: string, tool: AgentTool | undefined):
 }
 
 export interface ToolExecutionOptions {
+	snapshots?: SnapshotStore;
 	showImages?: boolean; // default: true (only used if terminal supports images)
 	editFuzzyThreshold?: number;
 	editAllowFuzzy?: boolean;
-	hashlineAutoDropPureInsertDuplicates?: boolean;
 }
 
 export interface ToolExecutionHandle {
@@ -142,7 +143,7 @@ export class ToolExecutionComponent extends Container {
 	#showImages: boolean;
 	#editFuzzyThreshold: number | undefined;
 	#editAllowFuzzy: boolean | undefined;
-	#hashlineAutoDropPureInsertDuplicates: boolean | undefined;
+	#snapshots?: SnapshotStore;
 	#isPartial = true;
 	#tool?: AgentTool;
 	#ui: TUI;
@@ -189,7 +190,7 @@ export class ToolExecutionComponent extends Container {
 		this.#showImages = options.showImages ?? true;
 		this.#editFuzzyThreshold = options.editFuzzyThreshold;
 		this.#editAllowFuzzy = options.editAllowFuzzy;
-		this.#hashlineAutoDropPureInsertDuplicates = options.hashlineAutoDropPureInsertDuplicates;
+		this.#snapshots = options.snapshots;
 		this.#tool = tool;
 		this.#ui = ui;
 		this.#cwd = cwd;
@@ -266,12 +267,13 @@ export class ToolExecutionComponent extends Container {
 
 		try {
 			const isStreaming = !this.#argsComplete;
+			if (editMode === "hashline" && !this.#snapshots) return;
 			const previews = await strategy.computeDiffPreview(effectiveArgs, {
 				cwd: this.#cwd,
 				signal: controller.signal,
+				snapshots: this.#snapshots!,
 				fuzzyThreshold: this.#editFuzzyThreshold,
 				allowFuzzy: this.#editAllowFuzzy,
-				hashlineAutoDropPureInsertDuplicates: this.#hashlineAutoDropPureInsertDuplicates,
 				isStreaming,
 			});
 			if (controller.signal.aborted) return;

package/src/modes/controllers/event-controller.ts

@@ -3,6 +3,7 @@ import { calculatePromptTokens } from "@oh-my-pi/pi-agent-core/compaction/compac
 import type { AssistantMessage, ImageContent } from "@oh-my-pi/pi-ai";
 import { type Component, Loader, TERMINAL, Text } from "@oh-my-pi/pi-tui";
 import { settings } from "../../config/settings";
+import { getFileSnapshotStore } from "../../edit/file-snapshot-store";
 import { AssistantMessageComponent } from "../../modes/components/assistant-message";
 import {
 	ReadToolGroupComponent,
@@ -329,10 +330,10 @@ export class EventController {
 						content.name,
 						renderArgs,
 						{
+							snapshots: getFileSnapshotStore(this.ctx.session),
 							showImages: settings.get("terminal.showImages"),
 							editFuzzyThreshold: settings.get("edit.fuzzyThreshold"),
 							editAllowFuzzy: settings.get("edit.fuzzyMatch"),
-							hashlineAutoDropPureInsertDuplicates: settings.get("edit.hashlineAutoDropPureInsertDuplicates"),
 						},
 						tool,
 						this.ctx.ui,
@@ -444,10 +445,10 @@ export class EventController {
 				event.toolName,
 				event.args,
 				{
+					snapshots: getFileSnapshotStore(this.ctx.session),
 					showImages: settings.get("terminal.showImages"),
 					editFuzzyThreshold: settings.get("edit.fuzzyThreshold"),
 					editAllowFuzzy: settings.get("edit.fuzzyMatch"),
-					hashlineAutoDropPureInsertDuplicates: settings.get("edit.hashlineAutoDropPureInsertDuplicates"),
 				},
 				tool,
 				this.ctx.ui,
@@ -598,7 +599,13 @@ export class EventController {
 		};
 		this.ctx.statusContainer.clear();
 		const reasonText =
-			event.reason === "overflow" ? "Context overflow detected, " : event.reason === "idle" ? "Idle " : "";
+			event.reason === "overflow"
+				? "Context overflow detected, "
+				: event.reason === "incomplete"
+					? "Response incomplete, "
+					: event.reason === "idle"
+						? "Idle "
+						: "";
 		const actionLabel = event.action === "handoff" ? "Auto-handoff" : "Auto context-full maintenance";
 		this.ctx.autoCompactionLoader = new Loader(
 			this.ctx.ui,

package/src/modes/controllers/selector-controller.ts

@@ -29,7 +29,12 @@ import {
 import type { InteractiveModeContext } from "../../modes/types";
 import { type SessionInfo, SessionManager } from "../../session/session-manager";
 import { FileSessionStorage } from "../../session/session-storage";
-import { isSearchProviderPreference, setPreferredImageProvider, setPreferredSearchProvider } from "../../tools";
+import {
+	isImageProviderPreference,
+	isSearchProviderPreference,
+	setPreferredImageProvider,
+	setPreferredSearchProvider,
+} from "../../tools";
 import { setSessionTerminalTitle } from "../../utils/title-generator";
 import { AgentDashboard } from "../components/agent-dashboard";
 import { AssistantMessageComponent } from "../components/assistant-message";
@@ -374,7 +379,7 @@ export class SelectorController {
 				}
 				break;
 			case "providers.image":
-				if (value === "auto" || value === "openai" || value === "gemini" || value === "openrouter") {
+				if (isImageProviderPreference(value)) {
 					setPreferredImageProvider(value);
 				}
 				break;

package/src/modes/interactive-mode.ts

@@ -4,7 +4,13 @@
  */
 import * as fs from "node:fs/promises";
 import * as path from "node:path";
-import { type Agent, type AgentMessage, type AgentToolResult, ThinkingLevel } from "@oh-my-pi/pi-agent-core";
+import {
+	type Agent,
+	type AgentMessage,
+	type AgentToolResult,
+	EventLoopKeepalive,
+	ThinkingLevel,
+} from "@oh-my-pi/pi-agent-core";
 import type { CompactionOutcome } from "@oh-my-pi/pi-agent-core/compaction";
 import {
 	type AssistantMessage,
@@ -619,7 +625,9 @@ export class InteractiveMode implements InteractiveModeContext {
 		};
 		this.#scheduleLoopAutoSubmit();
 		this.#scheduleGoalContinuation();
-		return promise;
+
+		using _ = new EventLoopKeepalive();
+		return await promise;
 	}
 
 	#scheduleLoopAutoSubmit(): void {
@@ -1012,7 +1020,7 @@ export class InteractiveMode implements InteractiveModeContext {
 	}
 
 	async #getPlanFilePath(): Promise<string> {
-		return "local://PLAN.md";
+		return this.session.getPlanReferencePath() || "local://PLAN.md";
 	}
 
 	#resolvePlanFilePath(planFilePath: string): string {

package/src/modes/utils/ui-helpers.ts

@@ -2,6 +2,7 @@ import type { AgentMessage } from "@oh-my-pi/pi-agent-core";
 import type { AssistantMessage, ImageContent, Message } from "@oh-my-pi/pi-ai";
 import { type Component, Spacer, Text, TruncatedText } from "@oh-my-pi/pi-tui";
 import { settings } from "../../config/settings";
+import { getFileSnapshotStore } from "../../edit/file-snapshot-store";
 import { AssistantMessageComponent } from "../../modes/components/assistant-message";
 import { BashExecutionComponent } from "../../modes/components/bash-execution";
 import { BranchSummaryMessageComponent } from "../../modes/components/branch-summary-message";
@@ -377,10 +378,10 @@ export class UiHelpers {
 						content.name,
 						renderArgs,
 						{
+							snapshots: getFileSnapshotStore(this.ctx.session),
 							showImages: settings.get("terminal.showImages"),
 							editFuzzyThreshold: settings.get("edit.fuzzyThreshold"),
 							editAllowFuzzy: settings.get("edit.fuzzyMatch"),
-							hashlineAutoDropPureInsertDuplicates: settings.get("edit.hashlineAutoDropPureInsertDuplicates"),
 						},
 						tool,
 						this.ctx.ui,

package/src/prompts/system/system-prompt.md

@@ -59,6 +59,9 @@ With most FS/bash-like tools, static references to them will automatically resol
    - `/<path>`: JSON field extraction
 - `artifact://<id>`: Artifact content
 - `local://<name>.md`: Plan artifacts and shared content with subagents
+{{#if hasObsidian}}
+- `vault://<vault>/<path>`: Obsidian vault content (read/edit). `vault://` lists vaults; `vault://_/…` targets the active vault. File-scoped `?op=outline|backlinks|links|tags|properties|tasks|base|…`; vault-scoped `?op=search&q=…|daily|tasks|orphans|unresolved|bases|…`.
+{{/if}}
 - `mcp://<uri>`: MCP resource
 - `issue://<N>` (or `issue://<owner>/<repo>/<N>`): GitHub issue view; cached on disk so re-reads are free. Bare `issue://` (or `issue://<owner>/<repo>`) lists recent issues; supports `?state=open|closed|all&limit=&author=&label=`.
 - `pr://<N>` (or `pr://<owner>/<repo>/<N>`): GitHub PR view; same cache. Append `?comments=0` to drop the comments section. Bare `pr://` (or `pr://<owner>/<repo>`) lists recent PRs; supports `?state=open|closed|merged|all&limit=&author=&label=`.

package/src/prompts/tools/ast-edit.md

@@ -14,7 +14,7 @@ Performs structural AST-aware rewrites via native ast-grep.
 </instruction>
 
 <output>
-- Replacement summary, per-file replacement counts, and change diffs as `¶src/foo.ts#1a2b`, `-12:before`, `+12:after` lines in hashline mode
+- Replacement summary, per-file replacement counts, and change diffs as `¶src/foo.ts#0a`, `-12:before`, `+12:after` lines in hashline mode
 - Parse issues when files cannot be processed
 </output>
 

package/src/prompts/tools/ast-grep.md

@@ -18,7 +18,7 @@ Performs structural code search using AST matching via native ast-grep.
 
 <output>
 - Grouped matches with file path, byte range, line/column ranges, metavariable captures
-- Match lines are numbered under a file-hash header in hashline mode: `¶src/foo.ts#1a2b`, `*42:content` for the matched line, ` 43:content` for context
+- Match lines are numbered under a file snapshot tag header in hashline mode: `¶src/foo.ts#0a`, `*42:content` for the matched line, ` 43:content` for context
 - Summary counts (`totalMatches`, `filesWithMatches`, `filesSearched`) and parse issues when present
 </output>
 

package/src/prompts/tools/read.md

@@ -8,7 +8,7 @@ Read files, directories, archives, SQLite databases, images, documents, internal
 
 ## Parameters
 
-- `path` — required. Local path, internal URI (`skill://`, `agent://`, `artifact://`, `memory://`, `rule://`, `local://`, `mcp://`), or URL. Append `:<sel>` for line ranges, raw mode, or special modes (e.g. `src/foo.ts:50-200`, `src/foo.ts:raw`, `db.sqlite:users:42`).
+- `path` — required. Local path, internal URI (`skill://`, `agent://`, `artifact://`, `memory://`, `rule://`, `local://`, `vault://`, `mcp://`), or URL. Append `:<sel>` for line ranges, raw mode, or special modes (e.g. `src/foo.ts:50-200`, `src/foo.ts:raw`, `db.sqlite:users:42`).
 
 ## Selectors
 
@@ -28,7 +28,7 @@ Append `:<sel>` to `path`. The bare path falls back to the default mode.
 
 - Reading a directory path returns a depth-limited dirent listing.
 {{#if IS_HL_MODE}}
-- Reading a file with an explicit selector emits a file-hash header and numbered lines: `¶src/foo.ts#1a2b` then `41:def alpha():`. Copy the `¶PATH#HASH` header for anchored edits; ops use bare line numbers. NEVER fabricate the hash.
+- Reading a file with an explicit selector emits a file snapshot tag header and numbered lines: `¶src/foo.ts#0a` then `41:def alpha():`. Copy the `¶PATH#TAG` header for anchored edits; ops use bare line numbers. NEVER fabricate the tag.
 {{else}}
 {{#if IS_LINE_NUMBER_MODE}}
 - Reading a file with an explicit selector returns lines prefixed with line numbers: `41|def alpha():`.
@@ -70,7 +70,7 @@ For `.sqlite`, `.sqlite3`, `.db`, `.db3`:
 
 # Internal URIs
 
-`skill://<name>`, `agent://<id>`, `artifact://<id>`, `memory://root`, `rule://<name>`, `local://<name>.md`, `mcp://<uri>` resolve transparently and accept the same line selectors as filesystem paths. Use `artifact://<id>` to recover full output that a previous bash/eval/tool result spilled or truncated.
+`skill://<name>`, `agent://<id>`, `artifact://<id>`, `memory://root`, `rule://<name>`, `local://<name>.md`, `vault://<vault>/<path>`, `mcp://<uri>` resolve transparently and accept the same line selectors as filesystem paths. Use `artifact://<id>` to recover full output that a previous bash/eval/tool result spilled or truncated.
 
 <critical>
 - You MUST use `read` for every file, directory, archive, and URL inspection. `cat`, `head`, `tail`, `less`, `more`, `ls`, `tar`, `unzip`, `curl`, `wget` are FORBIDDEN — any such bash call is a bug, regardless of how short or convenient it looks.

package/src/prompts/tools/search.md

@@ -9,7 +9,7 @@ Searches files using powerful regex matching.
 
 <output>
 {{#if IS_HL_MODE}}
-- Text output emits a file-hash header per matched file plus numbered lines: `¶src/login.ts#3c4d`, `*42:if (user.id) {` (match), ` 43:return user;` (context). Copy the header for anchored edits; ops use bare line numbers.
+- Text output emits a file snapshot tag header per matched file plus numbered lines: `¶src/login.ts#1f`, `*42:if (user.id) {` (match), ` 43:return user;` (context). Copy the header for anchored edits; ops use bare line numbers.
 {{else}}
 {{#if IS_LINE_NUMBER_MODE}}
 - Text output is line-number-prefixed

package/src/sdk.ts

@@ -10,6 +10,7 @@ import {
 } from "@oh-my-pi/pi-agent-core";
 import {
 	type CredentialDisabledEvent,
+	isUsageLimitError,
 	type Message,
 	type Model,
 	type SimpleStreamOptions,
@@ -23,6 +24,7 @@ import type { Component } from "@oh-my-pi/pi-tui";
 import {
 	$env,
 	$flag,
+	extractRetryHint,
 	getAgentDbPath,
 	getAgentDir,
 	getProjectDir,
@@ -129,6 +131,7 @@ import {
 	FindTool,
 	getSearchTools,
 	HIDDEN_TOOLS,
+	isImageProviderPreference,
 	isSearchProviderPreference,
 	type LspStartupServerInfo,
 	loadSshTool,
@@ -148,6 +151,7 @@ import { ToolContextStore } from "./tools/context";
 import { getImageGenTools } from "./tools/image-gen";
 import { wrapToolWithMetaNotice } from "./tools/output-meta";
 import { queueResolveHandler } from "./tools/resolve";
+import { ttsTool } from "./tools/tts";
 import { EventBus } from "./utils/event-bus";
 import { buildNamedToolChoice } from "./utils/tool-choice";
 import { buildWorkspaceTree, type WorkspaceTree } from "./workspace-tree";
@@ -893,12 +897,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 	}
 
 	const imageProvider = settings.get("providers.image");
-	if (
-		imageProvider === "auto" ||
-		imageProvider === "openai" ||
-		imageProvider === "gemini" ||
-		imageProvider === "openrouter"
-	) {
+	if (isImageProviderPreference(imageProvider)) {
 		setPreferredImageProvider(imageProvider);
 	}
 
@@ -1319,6 +1318,10 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 			customTools.push(...(imageGenTools as unknown as CustomTool[]));
 		}
 
+		if (settings.get("tts.enabled")) {
+			customTools.push(ttsTool as unknown as CustomTool);
+		}
+
 		// Add web search tools
 		if (options.toolNames?.includes("web_search")) {
 			customTools.push(...getSearchTools());
@@ -1876,21 +1879,49 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 				}
 				return key;
 			},
-			streamFn: (streamModel, context, streamOptions) =>
-				streamSimple(streamModel, context, {
+			streamFn: (streamModel, context, streamOptions) => {
+				const openrouterRoutingPreset = settings.get("providers.openrouterVariant");
+				const openrouterVariant =
+					openrouterRoutingPreset && openrouterRoutingPreset !== "default" ? openrouterRoutingPreset : undefined;
+				return streamSimple(streamModel, context, {
 					...streamOptions,
+					openrouterVariant: streamOptions?.openrouterVariant ?? openrouterVariant,
 					onAuthError: async (provider, oldKey, error) => {
+						const message = error instanceof Error ? error.message : String(error);
+						// streamSimple invokes this for both 401 auth failures AND
+						// rotatable usage-limit errors (Codex usage_limit_reached,
+						// Anthropic usage_limit_reached, etc.). The two need
+						// different storage actions: a real 401 means the credential
+						// is bad and should be marked suspect; a usage limit just
+						// means this account is parked until reset and should be
+						// temporarily blocked so a sibling can pick the request up.
+						if (isUsageLimitError(message)) {
+							const retryAfterMs = extractRetryHint(undefined, message);
+							const switched = await modelRegistry.authStorage.markUsageLimitReached(provider, agent.sessionId, {
+								retryAfterMs,
+								signal: streamOptions?.signal,
+							});
+							logger.debug("Retrying provider request after usage-limit block", {
+								provider,
+								switched,
+								retryAfterMs,
+								error: message,
+							});
+							if (!switched) return undefined;
+							return modelRegistry.getApiKeyForProvider(provider, agent.sessionId);
+						}
 						await modelRegistry.authStorage.invalidateCredentialMatching(provider, oldKey, {
 							signal: streamOptions?.signal,
 							sessionId: agent.sessionId,
 						});
 						logger.debug("Retrying provider request after credential invalidation", {
 							provider,
-							error: error instanceof Error ? error.message : String(error),
+							error: message,
 						});
 						return modelRegistry.getApiKeyForProvider(provider, agent.sessionId);
 					},
-				}),
+				});
+			},
 			cursorExecHandlers,
 			transformToolCallArguments: (args, _toolName) => {
 				let result = args;