@oh-my-pi/pi-coding-agent 15.5.7 → 15.5.9

package/src/cli/auth-gateway-cli.ts

@@ -19,6 +19,10 @@ import {
 	type Api,
 	AuthBrokerClient,
 	AuthStorage,
+	type CompletionProbe,
+	type CompletionProbeInput,
+	type CredentialCompletionResult,
+	completeSimple,
 	DEFAULT_AUTH_GATEWAY_BIND,
 	type GeneratedProvider,
 	getBundledModels,
@@ -46,6 +50,14 @@ export interface AuthGatewayCommandArgs {
 		 * to wire token-paste plumbing into every local client.
 		 */
 		noAuth?: boolean;
+		/**
+		 * Strict mode for `check` — additionally exercise every credential
+		 * against its provider's chat-completion endpoint. The usage probe (run
+		 * unconditionally) can pass while the chat endpoint still 401s the same
+		 * bearer, so strict mode is the definitive "is this credential
+		 * actually usable" signal. Slower and consumes a tiny amount of quota.
+		 */
+		strict?: boolean;
 	};
 }
 
@@ -342,12 +354,185 @@ export async function runAuthGatewayCommand(cmd: AuthGatewayCommandArgs): Promis
 	}
 }
 
+/**
+ * Providers whose chat endpoint expects a JSON-serialized credential blob
+ * (`{ token, projectId, refreshToken, expiresAt, … }`) rather than the raw
+ * access token. Mirrors `getOAuthApiKey` in `packages/ai/src/utils/oauth`.
+ */
+const STRUCTURED_API_KEY_PROVIDERS: ReadonlySet<string> = new Set([
+	"github-copilot",
+	"google-gemini-cli",
+	"google-antigravity",
+]);
+
+/**
+ * Provider API types that strict-mode chat probes intentionally skip:
+ * - `bedrock-converse-stream` resolves credentials from the AWS env/profile, not the broker bearer.
+ * - `google-vertex` uses Application Default Credentials; the broker bearer is not the right key.
+ * - `cursor-agent` and `pi-native` (gateway forwarding) have transport quirks
+ *   that make a bearer-only "ping" a poor signal.
+ */
+const STRICT_PROBE_SKIPPED_APIS: ReadonlySet<Api> = new Set<Api>([
+	"bedrock-converse-stream",
+	"google-vertex",
+	"cursor-agent",
+]);
+
+/** Max chat models to try per credential before reporting failure. */
+const STRICT_PROBE_MAX_CANDIDATES = 4;
+
+/** Per-attempt deadline. Each candidate gets its own slice instead of sharing one budget. */
+const STRICT_PROBE_PER_ATTEMPT_TIMEOUT_MS = 15_000;
+
+/**
+ * Overall per-credential budget passed to {@link AuthStorage.checkCredentials}.
+ * Big enough to walk every candidate at the per-attempt cap with a small
+ * margin for refresh/network overhead.
+ */
+const STRICT_PROBE_OVERALL_TIMEOUT_MS = STRICT_PROBE_PER_ATTEMPT_TIMEOUT_MS * (STRICT_PROBE_MAX_CANDIDATES + 1);
+
+/** Match upstream errors that mean "this model is gone, try a different one" so we walk the catalog instead of declaring the credential bad. */
+const RETRYABLE_MODEL_ERROR_RE =
+	/not[_ -]found|invalid[_ -]model|model[_ -]is[_ -]not[_ -]valid|no longer supported|deprecated|404|decommissioned/i;
+
+/**
+ * Rank bundled models for a provider in probe order: cheapest first, then by
+ * id for determinism. Filters out non-bearer-auth APIs (Vertex/Bedrock),
+ * pi-native transport (would loop through the gateway), and placeholder /
+ * router entries with negative/missing cost.
+ */
+function pickProbeCandidates(provider: string): Model<Api>[] {
+	const bundled = getBundledModels(provider as GeneratedProvider);
+	if (bundled.length === 0) return [];
+	const candidates = bundled.filter(model => {
+		if (model.transport === "pi-native") return false;
+		if (STRICT_PROBE_SKIPPED_APIS.has(model.api)) return false;
+		if (!model.input.includes("text")) return false;
+		const totalCost = (model.cost?.input ?? 0) + (model.cost?.output ?? 0);
+		if (!Number.isFinite(totalCost) || totalCost < 0) return false;
+		if (model.maxTokens <= 0) return false;
+		return true;
+	});
+	candidates.sort((a, b) => a.cost.input + a.cost.output - (b.cost.input + b.cost.output) || a.id.localeCompare(b.id));
+	return candidates;
+}
+
+/**
+ * Compose the apiKey bytes a provider's chat endpoint expects, given a
+ * post-refresh probe credential. Mirrors `getOAuthApiKey` for the providers
+ * that require a structured blob; otherwise returns the raw access token /
+ * API key.
+ */
+function composeProbeApiKey(provider: string, credential: CompletionProbeInput["credential"]): string {
+	if (credential.type === "api_key") return credential.apiKey;
+	if (!STRUCTURED_API_KEY_PROVIDERS.has(provider)) return credential.accessToken;
+	return JSON.stringify({
+		token: credential.accessToken,
+		enterpriseUrl: credential.enterpriseUrl,
+		projectId: credential.projectId,
+		refreshToken: credential.refreshToken,
+		expiresAt: credential.expiresAt,
+		email: credential.email,
+		accountId: credential.accountId,
+	});
+}
+
+async function probeOneModel(
+	model: Model<Api>,
+	apiKey: string,
+	outerSignal: AbortSignal,
+): Promise<CredentialCompletionResult> {
+	const start = Date.now();
+	const attemptTimeoutSignal = AbortSignal.timeout(STRICT_PROBE_PER_ATTEMPT_TIMEOUT_MS);
+	const attemptSignal = AbortSignal.any([outerSignal, attemptTimeoutSignal]);
+	// `systemPrompt` is mandatory for some providers (Codex 400s "Instructions
+	// are required" without it). `disableReasoning` is intentionally NOT set:
+	// providers like Fireworks reject the "none" effort it maps to, and we'd
+	// rather burn 16 reasoning tokens than misdiagnose a healthy credential.
+	const response = await completeSimple(
+		model,
+		{
+			systemPrompt: ["Connectivity check. Reply with the single word 'pong'."],
+			messages: [{ role: "user", content: "ping", timestamp: start }],
+		},
+		{
+			apiKey,
+			maxTokens: 32,
+			signal: attemptSignal,
+		},
+	);
+	const latencyMs = Date.now() - start;
+	if (response.stopReason === "error" || response.stopReason === "aborted") {
+		return {
+			ok: false,
+			reason: response.errorMessage ?? `chat probe ended with stopReason=${response.stopReason}`,
+			modelId: model.id,
+			latencyMs,
+		};
+	}
+	return { ok: true, modelId: model.id, latencyMs };
+}
+
+/**
+ * Build the {@link CompletionProbe} consumed by
+ * {@link AuthStorage.checkCredentials} in `--strict` mode. Walks the cheapest
+ * candidates per provider, retrying on "model not found / invalid model"
+ * errors so a stale catalog entry doesn't masquerade as a bad credential.
+ * Stops as soon as one model returns a successful response (the credential
+ * authenticated against at least one model in the catalog).
+ */
+function createStrictCompletionProbe(): CompletionProbe {
+	return async (input: CompletionProbeInput): Promise<CredentialCompletionResult> => {
+		const candidates = pickProbeCandidates(input.provider).slice(0, STRICT_PROBE_MAX_CANDIDATES);
+		if (candidates.length === 0) {
+			return { ok: null, reason: `no bearer-compatible probe model bundled for provider ${input.provider}` };
+		}
+		const apiKey = composeProbeApiKey(input.provider, input.credential);
+		let lastFailure: CredentialCompletionResult | undefined;
+		for (const model of candidates) {
+			if (input.signal.aborted) {
+				return {
+					ok: false,
+					reason: "aborted",
+					modelId: model.id,
+				};
+			}
+			const result = await probeOneModel(model, apiKey, input.signal);
+			if (result.ok === true) return result;
+			lastFailure = result;
+			if (!RETRYABLE_MODEL_ERROR_RE.test(result.reason ?? "")) {
+				// Non-model error (401, 403, 5xx, network) — the credential is the
+				// issue, not the catalog. Stop walking.
+				return result;
+			}
+		}
+		return (
+			lastFailure ?? {
+				ok: false,
+				reason: `all ${candidates.length} probe models failed for provider ${input.provider}`,
+			}
+		);
+	};
+}
+
+function formatCompletionStatus(completion: CredentialCompletionResult | undefined): string {
+	if (!completion) return "";
+	if (completion.ok === true) return chalk.green(" [chat: ok]");
+	if (completion.ok === false) return chalk.red(" [chat: FAIL]");
+	return chalk.yellow(" [chat: skip]");
+}
+
 /**
  * `omp auth-gateway check` — probe each broker-supplied credential and print
  * per-credential auth health. Use this when the gateway is returning 401s and
  * you need to find which row in a multi-account pool is the bad one. The
  * aggregate `/v1/usage` endpoint silently drops failed credentials, so a
  * dedicated diagnostic is the only way to see which credentials failed.
+ *
+ * Strict mode (`--strict`) additionally exercises each credential against a
+ * cheap chat model from its provider's bundled catalog. This catches the case
+ * where the usage endpoint reports 200 but the chat endpoint 401s the same
+ * bearer (revoked OAuth scope, mislabeled provider row, etc).
  */
 async function runCheck(flags: AuthGatewayCommandArgs["flags"]): Promise<void> {
 	const brokerConfig = await resolveAuthBrokerConfig();
@@ -363,10 +548,16 @@ async function runCheck(flags: AuthGatewayCommandArgs["flags"]): Promise<void> {
 	const storage = new AuthStorage(store, { sourceLabel: `broker ${brokerConfig.url}` });
 	try {
 		await storage.reload();
-		const results = await storage.checkCredentials();
+		const results = await storage.checkCredentials(
+			flags.strict
+				? { completionProbe: createStrictCompletionProbe(), completionTimeoutMs: STRICT_PROBE_OVERALL_TIMEOUT_MS }
+				: undefined,
+		);
 
 		if (flags.json) {
-			process.stdout.write(`${JSON.stringify({ broker: brokerConfig.url, credentials: results }, null, 2)}\n`);
+			process.stdout.write(
+				`${JSON.stringify({ broker: brokerConfig.url, strict: flags.strict === true, credentials: results }, null, 2)}\n`,
+			);
 		} else {
 			const grouped = new Map<string, typeof results>();
 			for (const row of results) {
@@ -375,7 +566,7 @@ async function runCheck(flags: AuthGatewayCommandArgs["flags"]): Promise<void> {
 				grouped.set(row.provider, list);
 			}
 			const providers = [...grouped.keys()].sort();
-			process.stdout.write(`broker: ${brokerConfig.url}\n`);
+			process.stdout.write(`broker: ${brokerConfig.url}${flags.strict ? chalk.dim(" [strict]") : ""}\n`);
 			for (const provider of providers) {
 				const rows = grouped.get(provider) ?? [];
 				process.stdout.write(`\n${chalk.bold(provider)} (${rows.length})\n`);
@@ -389,19 +580,29 @@ async function runCheck(flags: AuthGatewayCommandArgs["flags"]): Promise<void> {
 					const identity =
 						row.email ?? row.accountId ?? (row.type === "api_key" ? "(api key)" : "(no identity on credential)");
 					const remote = row.remoteRefresh ? chalk.dim(" [remote-refresh]") : "";
-					const reason = row.reason ? chalk.dim(` — ${row.reason}`) : "";
+					const reasonParts: string[] = [];
+					if (row.reason) reasonParts.push(row.reason);
+					if (row.completion?.reason) reasonParts.push(`chat: ${row.completion.reason}`);
+					const reason = reasonParts.length > 0 ? chalk.dim(` — ${reasonParts.join("; ")}`) : "";
+					const chat = formatCompletionStatus(row.completion);
 					process.stdout.write(
-						`  ${status} id=${row.id.toString().padStart(3)} ${row.type.padEnd(7)} ${identity}${remote}${reason}\n`,
+						`  ${status}${chat} id=${row.id.toString().padStart(3)} ${row.type.padEnd(7)} ${identity}${remote}${reason}\n`,
 					);
 				}
 			}
 			const failed = results.filter(row => row.ok === false).length;
 			const unverifiable = results.filter(row => row.ok === null).length;
 			const passing = results.filter(row => row.ok === true).length;
-			process.stdout.write(
-				`\n${chalk.green(`${passing} ok`)}, ${chalk.red(`${failed} failed`)}, ${chalk.yellow(`${unverifiable} unverifiable`)}, ${results.length} total\n`,
-			);
-			if (failed > 0) process.exitCode = 1;
+			const chatFailed = flags.strict ? results.filter(row => row.completion?.ok === false).length : 0;
+			const summaryParts = [
+				chalk.green(`${passing} ok`),
+				chalk.red(`${failed} failed`),
+				chalk.yellow(`${unverifiable} unverifiable`),
+			];
+			if (flags.strict) summaryParts.push(chalk.red(`${chatFailed} chat-failed`));
+			summaryParts.push(`${results.length} total`);
+			process.stdout.write(`\n${summaryParts.join(", ")}\n`);
+			if (failed > 0 || chatFailed > 0) process.exitCode = 1;
 		}
 	} finally {
 		storage.close();

package/src/commands/auth-gateway.ts

@@ -22,13 +22,17 @@ export default class AuthGateway extends Command {
 	};
 
 	static flags = {
-		json: Flags.boolean({ description: "Output JSON (token/status)" }),
+		json: Flags.boolean({ description: "Output JSON (token/status/check)" }),
 		bind: Flags.string({ description: "Bind address for `serve` (host:port)", char: "b" }),
 		regenerate: Flags.boolean({ description: "Regenerate the gateway bearer token (token)" }),
 		"no-auth": Flags.boolean({
 			description:
 				"Disable inbound bearer-token auth (serve). Useful when bound to loopback — any caller is allowed.",
 		}),
+		strict: Flags.boolean({
+			description:
+				"For `check`: additionally probe each credential against its provider's chat-completion endpoint. Slower; consumes a tiny amount of quota per credential.",
+		}),
 	};
 
 	static examples = [
@@ -40,6 +44,7 @@ export default class AuthGateway extends Command {
 		"# Show local gateway + broker config status\n  omp auth-gateway status",
 		"# Probe each broker credential to see which one is producing 401s\n  omp auth-gateway check",
 		"# Same, machine-readable for scripts\n  omp auth-gateway check --json",
+		"# Strict check — also exercises each credential with a real chat-completion ping\n  omp auth-gateway check --strict",
 	];
 
 	async run(): Promise<void> {
@@ -55,6 +60,7 @@ export default class AuthGateway extends Command {
 				bind: flags.bind,
 				regenerate: flags.regenerate,
 				noAuth: flags["no-auth"],
+				strict: flags.strict,
 			},
 		};
 		await initTheme();

package/src/config/settings-schema.ts

@@ -1568,16 +1568,6 @@ export const SETTINGS_SCHEMA = {
 		},
 	},
 
-	"edit.hashlineAutoDropPureInsertDuplicates": {
-		type: "boolean",
-		default: false,
-		ui: {
-			tab: "editing",
-			label: "Hashline Duplicate Insert Drop",
-			description:
-				"Drop payload lines that duplicate adjacent file context — 2+-line context echoes on `↑`/`↓` inserts, and a single boundary line at either edge of an `A-B:` replacement",
-		},
-	},
 	"edit.blockAutoGenerated": {
 		type: "boolean",
 		default: true,
@@ -1605,7 +1595,7 @@ export const SETTINGS_SCHEMA = {
 			tab: "editing",
 			label: "Hash Lines",
 			description:
-				"Include file-hash headers and line numbers in read output for hashline edit mode (¶PATH#hash plus LINE:content)",
+				"Include snapshot-tag headers and line numbers in read output for hashline edit mode (¶PATH#tag plus LINE:content)",
 		},
 	},
 
@@ -2083,6 +2073,17 @@ export const SETTINGS_SCHEMA = {
 		ui: { tab: "tools", label: "Read URLs", description: "Allow the read tool to fetch and process URLs" },
 	},
 
+	"vault.enabled": {
+		type: "boolean",
+		default: false,
+		ui: {
+			tab: "tools",
+			label: "Obsidian Vault",
+			description:
+				"Enable the vault:// internal URL for reading and editing Obsidian vault content via the Obsidian CLI. When disabled, vault:// resolution is refused and the vault:// entry is omitted from the system prompt.",
+		},
+	},
+
 	"github.enabled": {
 		type: "boolean",
 		default: false,

package/src/edit/file-snapshot-store.ts

@@ -2,21 +2,24 @@
  * Session-bound file snapshot store.
  *
  * Used by `read` and `search` to record exactly what the model saw, and by
- * the hashline patcher to recover from stale section hashes (file changed
- * externally between read and edit, or a prior in-session edit advanced
- * the hash). The store is the {@link InMemorySnapshotStore} implementation
+ * the hashline patcher to verify or recover from stale section tags (file
+ * changed externally between read and edit, or a prior in-session edit
+ * advanced the tag). The store is the {@link InMemorySnapshotStore}
  * from `@oh-my-pi/hashline`; the only coding-agent-specific concern here
- * is wiring it onto the per-session {@link ToolSession} object.
+ * is wiring it onto the per-session owner object.
  */
 import { InMemorySnapshotStore } from "@oh-my-pi/hashline";
-import type { ToolSession } from "../tools";
+
+interface FileSnapshotStoreOwner {
+	fileSnapshotStore?: InMemorySnapshotStore;
+}
 
 /**
  * Look up (or lazily create) the file snapshot store attached to a session.
  * Storage lives on `session.fileSnapshotStore` so it ages out exactly with
  * the session itself.
  */
-export function getFileSnapshotStore(session: ToolSession): InMemorySnapshotStore {
+export function getFileSnapshotStore(session: FileSnapshotStoreOwner): InMemorySnapshotStore {
 	if (!session.fileSnapshotStore) session.fileSnapshotStore = new InMemorySnapshotStore();
 	return session.fileSnapshotStore;
 }

package/src/edit/hashline/diff.ts

@@ -5,16 +5,17 @@
  * pair to {@link generateDiffString} so the renderer can show the diff
  * while the tool call is still streaming.
  *
- * Validation is intentionally light: only the section file hash is checked
+ * Validation is intentionally light: only the section snapshot tag is checked
  * (so the preview goes red when anchors are stale), no plan-mode guards
  * and no auto-generated-file refusal — those belong on the write path.
  */
 import {
-	computeFileHash,
 	Patch as HashlinePatch,
 	normalizeToLF,
 	type Patch,
 	type PatchSection,
+	type Snapshot,
+	type SnapshotStore,
 	stripBom,
 } from "@oh-my-pi/hashline";
 import { resolveToCwd } from "../../tools/path-utils";
@@ -22,7 +23,6 @@ import { generateDiffString } from "../diff";
 import { readEditFileText } from "../read-file";
 
 export interface HashlineDiffOptions {
-	autoDropPureInsertDuplicates?: boolean;
 	/**
 	 * Use the streaming-tolerant applier ({@link PatchSection.applyPartialTo})
 	 * so trailing in-flight ops do not throw or emit phantom edits. Streaming
@@ -44,20 +44,34 @@ function hasAnchorScoped(section: PatchSection): boolean {
 	return section.hasAnchorScopedEdit;
 }
 
-function validateSectionHash(section: PatchSection, text: string): string | null {
+function snapshotMatchesCurrent(snapshot: Snapshot, currentText: string, anchorLines: readonly number[]): boolean {
+	if (snapshot.fullText !== undefined) return snapshot.fullText === currentText;
+	for (const lineNumber of anchorLines) {
+		if (snapshot.get(lineNumber) === undefined) return false;
+	}
+	return snapshot.matchesLiveFile(currentText.split("\n"));
+}
+
+function validateSectionHash(
+	section: PatchSection,
+	absolutePath: string,
+	text: string,
+	snapshots: SnapshotStore,
+): string | null {
 	if (section.fileHash === undefined) {
 		return hasAnchorScoped(section)
-			? `Missing hashline file hash for anchored edit to ${section.path}; use \`¶${section.path}#hash\` from your latest read.`
+			? `Missing hashline snapshot tag for anchored edit to ${section.path}; use \`¶${section.path}#tag\` from your latest read.`
 			: null;
 	}
-	const currentHash = computeFileHash(text);
-	if (currentHash === section.fileHash) return null;
-	return `Hashline file hash mismatch for ${section.path}: section is bound to #${section.fileHash}, but current file hashes to #${currentHash}; re-read and try again.`;
+	const snapshot = snapshots.byHash(absolutePath, section.fileHash);
+	if (snapshot && snapshotMatchesCurrent(snapshot, text, section.collectAnchorLines())) return null;
+	return `Hashline snapshot tag mismatch for ${section.path}: section is bound to #${section.fileHash}, but current file does not match that snapshot; re-read and try again.`;
 }
 
 export async function computeHashlineSectionDiff(
 	section: PatchSection,
 	cwd: string,
+	snapshots: SnapshotStore,
 	options: HashlineDiffOptions = {},
 ): Promise<{ diff: string; firstChangedLine: number | undefined } | { error: string }> {
 	try {
@@ -65,11 +79,9 @@ export async function computeHashlineSectionDiff(
 		const rawContent = await readSectionText(absolutePath, section.path);
 		const { text: content } = stripBom(rawContent);
 		const normalized = normalizeToLF(content);
-		const hashError = validateSectionHash(section, normalized);
+		const hashError = validateSectionHash(section, absolutePath, normalized, snapshots);
 		if (hashError) return { error: hashError };
-		const result = options.streaming
-			? section.applyPartialTo(normalized, options)
-			: section.applyTo(normalized, options);
+		const result = options.streaming ? section.applyPartialTo(normalized) : section.applyTo(normalized);
 		if (normalized === result.text) return { error: `No changes would be made to ${section.path}.` };
 		return generateDiffString(normalized, result.text);
 	} catch (err) {
@@ -80,6 +92,7 @@ export async function computeHashlineSectionDiff(
 export async function computeHashlineDiff(
 	input: { input: string },
 	cwd: string,
+	snapshots: SnapshotStore,
 	options: HashlineDiffOptions = {},
 ): Promise<{ diff: string; firstChangedLine: number | undefined } | { error: string }> {
 	let patch: Patch;
@@ -91,5 +104,5 @@ export async function computeHashlineDiff(
 	if (patch.sections.length !== 1) {
 		return { error: "Streaming diff preview supports exactly one hashline section." };
 	}
-	return computeHashlineSectionDiff(patch.sections[0], cwd, options);
+	return computeHashlineSectionDiff(patch.sections[0], cwd, snapshots, options);
 }

package/src/edit/hashline/execute.ts

@@ -37,14 +37,19 @@ export interface ExecuteHashlineSingleOptions {
 	beginDeferredDiagnosticsForPath: (path: string) => WritethroughDeferredHandle;
 }
 
-function getHashlineApplyOptions(session: ToolSession): { autoDropPureInsertDuplicates: boolean } {
-	return {
-		autoDropPureInsertDuplicates: session.settings.get("edit.hashlineAutoDropPureInsertDuplicates"),
-	};
-}
-
 function noChangeDiagnostic(path: string): string {
-	return `Edits to ${path} resulted in no changes being made.`;
+	// The patch parsed and applied cleanly but produced no change — the
+	// `|literal` body rows matched the file content at the targeted lines
+	// byte-for-byte. The model usually misreads this as "wrong anchor, try
+	// again with a bigger payload" and starts duplicating content; the
+	// message below names the cause directly so the next turn can re-read
+	// instead of expanding the patch.
+	return (
+		`Edits to ${path} parsed and applied cleanly, but produced no change: ` +
+		`your body row(s) are byte-identical to the file at the targeted lines. ` +
+		`The bug is somewhere else — re-read the file before issuing another edit. ` +
+		`Do NOT widen the payload or add lines; verify the anchor first.`
+	);
 }
 
 function assertUniqueCanonicalPaths(prepared: readonly PreparedSection[]): void {
@@ -128,8 +133,7 @@ export async function executeHashlineSingle(
 		batchRequest: options.batchRequest,
 	});
 	const snapshots = getFileSnapshotStore(options.session);
-	const applyOptions = getHashlineApplyOptions(options.session);
-	const patcher = new Patcher({ fs, snapshots, applyOptions });
+	const patcher = new Patcher({ fs, snapshots });
 
 	// Single-section fast path: prepare, commit, render.
 	if (patch.sections.length === 1) {

package/src/edit/renderer.ts

@@ -235,24 +235,24 @@ function renderPlainTextPreview(text: string, uiTheme: Theme, filePath?: string)
 
 function formatStreamingDiff(diff: string, rawPath: string, uiTheme: Theme, label = "streaming"): string {
 	if (!diff) return "";
-	// Hunk-aware truncation keeps the change rows themselves visible and
-	// trims surrounding context proportionally so a multi-hunk diff doesn't
-	// turn into just the tail of the last hunk while streaming.
+	// Hunk-aware truncation keeps the change rows themselves visible. Tail-mode
+	// pins the visible window to the bottom of the diff so newly streamed
+	// hunks stay on screen as more arrives, instead of leaving the user stuck
+	// staring at the head of the file while the tail scrolls offscreen.
 	const {
 		text: truncatedDiff,
 		hiddenHunks,
 		hiddenLines,
-	} = truncateDiffByHunk(diff, PREVIEW_LIMITS.DIFF_COLLAPSED_HUNKS, EDIT_STREAMING_PREVIEW_LINES);
+	} = truncateDiffByHunk(diff, PREVIEW_LIMITS.DIFF_COLLAPSED_HUNKS, EDIT_STREAMING_PREVIEW_LINES, { fromTail: true });
 	let text = "\n\n";
-	text += renderDiffColored(truncatedDiff, { filePath: rawPath });
 	if (hiddenHunks > 0 || hiddenLines > 0) {
 		const remainder: string[] = [];
 		if (hiddenHunks > 0) remainder.push(`${hiddenHunks} more hunks`);
 		if (hiddenLines > 0) remainder.push(`${hiddenLines} more lines`);
-		text += uiTheme.fg("dim", `\n… (${label} +${remainder.join(", ")})`);
-	} else {
-		text += uiTheme.fg("dim", `\n(${label})`);
+		text += `${uiTheme.fg("dim", `… (${remainder.join(", ")} above)`)}\n`;
 	}
+	text += renderDiffColored(truncatedDiff, { filePath: rawPath });
+	text += uiTheme.fg("dim", `\n(${label})`);
 	return text;
 }
 
@@ -312,7 +312,7 @@ const MISSING_APPLY_PATCH_END_ERROR = "The last line of the patch must be '*** E
 
 function normalizeHashlineInputPreviewPath(rawPath: string): string {
 	const trimmed = rawPath.trim();
-	const hashStart = /#[0-9a-f]{4}$/u.exec(trimmed)?.index;
+	const hashStart = /#[0-9a-fA-F]{3}$/u.exec(trimmed)?.index;
 	const withoutHash = hashStart === undefined ? trimmed : trimmed.slice(0, hashStart);
 	if (withoutHash.length < 2) return withoutHash;
 	const first = withoutHash[0];

package/src/edit/streaming.ts

@@ -20,6 +20,7 @@ import {
 	END_PATCH_MARKER,
 	type PatchSection as HashlineInputSection,
 	Patch as HashlinePatch,
+	type SnapshotStore,
 } from "@oh-my-pi/hashline";
 import type { Theme } from "../modes/theme/theme";
 import { type EditMode, resolveEditMode } from "../utils/edit-mode";
@@ -39,9 +40,9 @@ export interface PerFileDiffPreview {
 export interface StreamingDiffContext {
 	cwd: string;
 	signal: AbortSignal;
+	snapshots: SnapshotStore;
 	fuzzyThreshold?: number;
 	allowFuzzy?: boolean;
-	hashlineAutoDropPureInsertDuplicates?: boolean;
 	/**
 	 * True while the tool's arguments are still streaming in. Strategies that
 	 * accept free-form text input (apply_patch, hashline) trim the trailing
@@ -325,9 +326,7 @@ const hashlineStrategy: EditStreamingStrategy<HashlineArgs> = {
 			// to parse; suppress until the next chunk arrives. Once args are
 			// complete, surface the error so the model sees what went wrong.
 			if (ctx.isStreaming) return null;
-			const result = await computeHashlineDiff({ input }, ctx.cwd, {
-				autoDropPureInsertDuplicates: ctx.hashlineAutoDropPureInsertDuplicates,
-			});
+			const result = await computeHashlineDiff({ input }, ctx.cwd, ctx.snapshots);
 			ctx.signal.throwIfAborted();
 			return [toPerFilePreview("", result)];
 		}
@@ -346,8 +345,7 @@ const hashlineStrategy: EditStreamingStrategy<HashlineArgs> = {
 		for (let i = 0; i < sectionsToProcess.length; i++) {
 			ctx.signal.throwIfAborted();
 			const section = sectionsToProcess[i];
-			const result = await computeHashlineSectionDiff(section, ctx.cwd, {
-				autoDropPureInsertDuplicates: ctx.hashlineAutoDropPureInsertDuplicates,
+			const result = await computeHashlineSectionDiff(section, ctx.cwd, ctx.snapshots, {
 				streaming: ctx.isStreaming,
 			});
 			ctx.signal.throwIfAborted();

package/src/eval/py/index.ts

@@ -5,7 +5,7 @@ import { checkPythonKernelAvailability } from "./kernel";
 
 const PYTHON_SESSION_PREFIX = "python:";
 
-function namespaceSessionId(sessionId: string): string {
+export function namespaceSessionId(sessionId: string): string {
 	return sessionId.startsWith(PYTHON_SESSION_PREFIX) ? sessionId : `${PYTHON_SESSION_PREFIX}${sessionId}`;
 }
 

package/src/extensibility/custom-tools/types.ts

@@ -100,7 +100,7 @@ export type CustomToolSessionEvent =
 	  }
 	| {
 			reason: "auto_compaction_start";
-			trigger: "threshold" | "overflow" | "idle";
+			trigger: "threshold" | "overflow" | "idle" | "incomplete";
 			action: "context-full" | "handoff";
 	  }
 	| {

package/src/extensibility/shared-events.ts

@@ -203,7 +203,7 @@ export interface TurnEndEvent {
 /** Fired when auto-compaction starts */
 export interface AutoCompactionStartEvent {
 	type: "auto_compaction_start";
-	reason: "threshold" | "overflow" | "idle";
+	reason: "threshold" | "overflow" | "idle" | "incomplete";
 	action: "context-full" | "handoff";
 }