@oh-my-pi/pi-coding-agent 3.35.0 → 3.37.0

package/CHANGELOG.md

@@ -2,6 +2,29 @@
 
 ## [Unreleased]
 
+## [3.37.0] - 2026-01-10
+### Changed
+
+- Improved bash command display to show relative paths for working directories within the current directory, and hide redundant `cd` prefix when working directory matches current directory
+
+## [3.36.0] - 2026-01-10
+### Added
+
+- Added `calc` tool for basic mathematical calculations with support for arithmetic operators, parentheses, and hex/binary/octal literals
+- Added support for multiple API credentials per provider with round-robin distribution across sessions
+- Added file locking for auth.json to prevent concurrent write corruption
+- Added clickable OAuth login URL display in terminal
+- Added `workdir` parameter to bash tool to execute commands in a specific directory without requiring `cd` commands
+
+### Changed
+
+- Updated bash tool rendering to display working directory context when `workdir` parameter is used
+
+### Fixed
+
+- Fixed completion notification to only send when interactive mode is in foreground
+- Improved completion notification message to include session title when available
+
 ## [3.35.0] - 2026-01-09
 ### Added
 

package/README.md

@@ -114,10 +114,15 @@ Add API keys to `~/.omp/agent/auth.json`:
 
 ```json
 {
-	"anthropic": { "type": "api_key", "key": "sk-ant-..." },
+	"anthropic": [
+		{ "type": "api_key", "key": "sk-ant-..." },
+		{ "type": "api_key", "key": "sk-ant-..." }
+	],
 	"openai": { "type": "api_key", "key": "sk-..." },
 	"google": { "type": "api_key", "key": "..." }
 }
+
+If a provider has multiple credentials, new sessions round robin across them and stay sticky per session.
 ```
 
 **Option 2: Environment variables**
@@ -152,7 +157,7 @@ omp
 /login  # Select provider, authorize in browser
 ```
 
-**Note:** `/login` replaces any existing API key for that provider with OAuth credentials in `auth.json`.
+**Note:** `/login` replaces any existing API keys for that provider with OAuth credentials in `auth.json`. If OAuth credentials already exist, `/login` appends another entry.
 
 **GitHub Copilot notes:**
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@oh-my-pi/pi-coding-agent",
-	"version": "3.35.0",
+	"version": "3.37.0",
 	"description": "Coding agent CLI with read, bash, edit, write tools and session management",
 	"type": "module",
 	"ompConfig": {
@@ -39,10 +39,10 @@
 		"prepublishOnly": "bun run generate-template && bun run clean && bun run build"
 	},
 	"dependencies": {
-		"@oh-my-pi/pi-ai": "3.35.0",
-		"@oh-my-pi/pi-agent-core": "3.35.0",
-		"@oh-my-pi/pi-git-tool": "3.35.0",
-		"@oh-my-pi/pi-tui": "3.35.0",
+		"@oh-my-pi/pi-ai": "3.37.0",
+		"@oh-my-pi/pi-agent-core": "3.37.0",
+		"@oh-my-pi/pi-git-tool": "3.37.0",
+		"@oh-my-pi/pi-tui": "3.37.0",
 		"@openai/agents": "^0.3.7",
 		"@sinclair/typebox": "^0.34.46",
 		"ajv": "^8.17.1",

package/src/core/agent-session.ts

@@ -745,7 +745,7 @@ export class AgentSession {
 		}
 
 		// Validate API key
-		const apiKey = await this._modelRegistry.getApiKey(this.model);
+		const apiKey = await this._modelRegistry.getApiKey(this.model, this.sessionId);
 		if (!apiKey) {
 			throw new Error(
 				`No API key found for ${this.model.provider}.\n\n` +
@@ -1142,7 +1142,7 @@ export class AgentSession {
 	 * @throws Error if no API key available for the model
 	 */
 	async setModel(model: Model<any>, role: string = "default"): Promise<void> {
-		const apiKey = await this._modelRegistry.getApiKey(model);
+		const apiKey = await this._modelRegistry.getApiKey(model, this.sessionId);
 		if (!apiKey) {
 			throw new Error(`No API key for ${model.provider}/${model.id}`);
 		}
@@ -1161,7 +1161,7 @@ export class AgentSession {
 	 * @throws Error if no API key available for the model
 	 */
 	async setModelTemporary(model: Model<any>): Promise<void> {
-		const apiKey = await this._modelRegistry.getApiKey(model);
+		const apiKey = await this._modelRegistry.getApiKey(model, this.sessionId);
 		if (!apiKey) {
 			throw new Error(`No API key for ${model.provider}/${model.id}`);
 		}
@@ -1255,7 +1255,7 @@ export class AgentSession {
 		const next = this._scopedModels[nextIndex];
 
 		// Validate API key
-		const apiKey = await this._modelRegistry.getApiKey(next.model);
+		const apiKey = await this._modelRegistry.getApiKey(next.model, this.sessionId);
 		if (!apiKey) {
 			throw new Error(`No API key for ${next.model.provider}/${next.model.id}`);
 		}
@@ -1283,7 +1283,7 @@ export class AgentSession {
 		const nextIndex = direction === "forward" ? (currentIndex + 1) % len : (currentIndex - 1 + len) % len;
 		const nextModel = availableModels[nextIndex];
 
-		const apiKey = await this._modelRegistry.getApiKey(nextModel);
+		const apiKey = await this._modelRegistry.getApiKey(nextModel, this.sessionId);
 		if (!apiKey) {
 			throw new Error(`No API key for ${nextModel.provider}/${nextModel.id}`);
 		}
@@ -1413,7 +1413,7 @@ export class AgentSession {
 				throw new Error("No model selected");
 			}
 
-			const apiKey = await this._modelRegistry.getApiKey(this.model);
+			const apiKey = await this._modelRegistry.getApiKey(this.model, this.sessionId);
 			if (!apiKey) {
 				throw new Error(`No API key for ${this.model.provider}`);
 			}
@@ -1698,7 +1698,7 @@ export class AgentSession {
 				let lastError: unknown;
 
 				for (const candidate of candidates) {
-					const apiKey = await this._modelRegistry.getApiKey(candidate);
+					const apiKey = await this._modelRegistry.getApiKey(candidate, this.sessionId);
 					if (!apiKey) continue;
 
 					let attempt = 0;
@@ -2344,7 +2344,7 @@ export class AgentSession {
 		let summaryDetails: unknown;
 		if (options.summarize && entriesToSummarize.length > 0 && !hookSummary) {
 			const model = this.model!;
-			const apiKey = await this._modelRegistry.getApiKey(model);
+			const apiKey = await this._modelRegistry.getApiKey(model, this.sessionId);
 			if (!apiKey) {
 				throw new Error(`No API key for ${model.provider}`);
 			}

package/src/core/auth-storage.ts

@@ -3,7 +3,17 @@
  * Handles loading, saving, and refreshing credentials from auth.json.
  */
 
-import { chmodSync, existsSync, readFileSync, writeFileSync } from "node:fs";
+import {
+	chmodSync,
+	closeSync,
+	existsSync,
+	openSync,
+	readFileSync,
+	renameSync,
+	statSync,
+	unlinkSync,
+	writeFileSync,
+} from "node:fs";
 import { dirname } from "node:path";
 import {
 	getEnvApiKey,
@@ -29,15 +39,26 @@ export type OAuthCredential = {
 
 export type AuthCredential = ApiKeyCredential | OAuthCredential;
 
-export type AuthStorageData = Record<string, AuthCredential>;
+export type AuthCredentialEntry = AuthCredential | AuthCredential[];
+
+export type AuthStorageData = Record<string, AuthCredentialEntry>;
 
 /**
  * Credential storage backed by a JSON file.
  * Reads from multiple fallback paths, writes to primary path.
  */
 export class AuthStorage {
+	// File locking configuration for concurrent access protection
+	private static readonly lockRetryDelayMs = 50; // Polling interval when waiting for lock
+	private static readonly lockTimeoutMs = 5000; // Max wait time before failing
+	private static readonly lockStaleMs = 30000; // Age threshold for auto-removing orphaned locks
+
 	private data: AuthStorageData = {};
 	private runtimeOverrides: Map<string, string> = new Map();
+	/** Tracks next credential index per provider:type key for round-robin distribution */
+	private providerRoundRobinIndex: Map<string, number> = new Map();
+	/** Maps provider:type -> sessionId -> credentialIndex for session-sticky credential assignment */
+	private sessionCredentialIndexes: Map<string, Map<string, number>> = new Map();
 	private fallbackResolver?: (provider: string) => string | undefined;
 
 	/**
@@ -105,24 +126,244 @@ export class AuthStorage {
 	 * Save credentials to disk.
 	 */
 	private async save(): Promise<void> {
-		writeFileSync(this.authPath, JSON.stringify(this.data, null, 2));
-		chmodSync(this.authPath, 0o600);
-		const dir = dirname(this.authPath);
-		chmodSync(dir, 0o700);
+		const lockFd = await this.acquireLock();
+		const tempPath = this.getTempPath();
+
+		try {
+			writeFileSync(tempPath, JSON.stringify(this.data, null, 2), { mode: 0o600 });
+			renameSync(tempPath, this.authPath);
+			chmodSync(this.authPath, 0o600);
+			const dir = dirname(this.authPath);
+			chmodSync(dir, 0o700);
+		} finally {
+			this.safeUnlink(tempPath);
+			this.releaseLock(lockFd);
+		}
+	}
+
+	/** Returns the lock file path (auth.json.lock) */
+	private getLockPath(): string {
+		return `${this.authPath}.lock`;
+	}
+
+	/** Returns a unique temp file path using pid and timestamp to avoid collisions */
+	private getTempPath(): string {
+		return `${this.authPath}.tmp-${process.pid}-${Date.now()}`;
+	}
+
+	/** Checks if lock file is older than lockStaleMs (orphaned by crashed process) */
+	private isLockStale(lockPath: string): boolean {
+		try {
+			const stats = statSync(lockPath);
+			return Date.now() - stats.mtimeMs > AuthStorage.lockStaleMs;
+		} catch {
+			return false;
+		}
 	}
 
 	/**
-	 * Get credential for a provider.
+	 * Acquires exclusive file lock using O_EXCL atomic create.
+	 * Polls with exponential backoff, removes stale locks from crashed processes.
+	 * @returns File descriptor for the lock (must be passed to releaseLock)
+	 */
+	private async acquireLock(): Promise<number> {
+		const lockPath = this.getLockPath();
+		const start = Date.now();
+		const timeoutMs = AuthStorage.lockTimeoutMs;
+		const retryDelayMs = AuthStorage.lockRetryDelayMs;
+
+		while (true) {
+			try {
+				// O_EXCL fails if file exists, providing atomic lock acquisition
+				return openSync(lockPath, "wx", 0o600);
+			} catch (error) {
+				const err = error as NodeJS.ErrnoException;
+				if (err.code !== "EEXIST") {
+					throw err;
+				}
+				if (this.isLockStale(lockPath)) {
+					this.safeUnlink(lockPath);
+					logger.warn("AuthStorage lock was stale, removing", { path: lockPath });
+					continue;
+				}
+				if (Date.now() - start > timeoutMs) {
+					throw new Error(`Timed out waiting for auth lock: ${lockPath}`);
+				}
+				await new Promise((resolve) => setTimeout(resolve, retryDelayMs));
+			}
+		}
+	}
+
+	/** Releases file lock by closing fd and removing lock file */
+	private releaseLock(lockFd: number): void {
+		const lockPath = this.getLockPath();
+		try {
+			closeSync(lockFd);
+		} catch (error) {
+			logger.warn("AuthStorage failed to close lock file", { error: String(error) });
+		}
+		this.safeUnlink(lockPath);
+	}
+
+	/** Removes file if it exists, ignoring ENOENT errors */
+	private safeUnlink(path: string): void {
+		try {
+			unlinkSync(path);
+		} catch (error) {
+			const err = error as NodeJS.ErrnoException;
+			if (err.code !== "ENOENT") {
+				logger.warn("AuthStorage failed to remove file", { path, error: String(error) });
+			}
+		}
+	}
+
+	/** Normalizes credential storage format: single credential becomes array of one */
+	private normalizeCredentialEntry(entry: AuthCredentialEntry | undefined): AuthCredential[] {
+		if (!entry) return [];
+		return Array.isArray(entry) ? entry : [entry];
+	}
+
+	/** Returns all credentials for a provider as an array */
+	private getCredentialsForProvider(provider: string): AuthCredential[] {
+		return this.normalizeCredentialEntry(this.data[provider]);
+	}
+
+	/** Composite key for round-robin tracking: "anthropic:oauth" or "openai:api_key" */
+	private getProviderTypeKey(provider: string, type: AuthCredential["type"]): string {
+		return `${provider}:${type}`;
+	}
+
+	/**
+	 * Returns next index in round-robin sequence for load distribution.
+	 * Increments stored counter and wraps at total.
+	 */
+	private getNextRoundRobinIndex(providerKey: string, total: number): number {
+		if (total <= 1) return 0;
+		const current = this.providerRoundRobinIndex.get(providerKey) ?? -1;
+		const next = (current + 1) % total;
+		this.providerRoundRobinIndex.set(providerKey, next);
+		return next;
+	}
+
+	/**
+	 * Selects credential index with session affinity.
+	 * Sessions reuse their assigned credential; new sessions get next round-robin index.
+	 * This ensures a session always uses the same credential for consistency.
+	 */
+	private selectCredentialIndex(providerKey: string, sessionId: string | undefined, total: number): number {
+		if (total <= 1) return 0;
+		if (!sessionId) return 0;
+
+		const sessionMap = this.sessionCredentialIndexes.get(providerKey);
+		const existing = sessionMap?.get(sessionId);
+		if (existing !== undefined && existing < total) {
+			return existing;
+		}
+
+		// New session: assign next round-robin credential and cache the assignment
+		const next = this.getNextRoundRobinIndex(providerKey, total);
+		const updatedSessionMap = sessionMap ?? new Map<string, number>();
+		updatedSessionMap.set(sessionId, next);
+		this.sessionCredentialIndexes.set(providerKey, updatedSessionMap);
+		return next;
+	}
+
+	/**
+	 * Selects a credential of the specified type for a provider.
+	 * Returns both the credential and its index in the original array (for updates/removal).
+	 * Uses session-sticky selection when multiple credentials exist.
+	 */
+	private selectCredentialByType<T extends AuthCredential["type"]>(
+		provider: string,
+		type: T,
+		sessionId?: string,
+	): { credential: Extract<AuthCredential, { type: T }>; index: number } | undefined {
+		const credentials = this.getCredentialsForProvider(provider)
+			.map((credential, index) => ({ credential, index }))
+			.filter(
+				(entry): entry is { credential: Extract<AuthCredential, { type: T }>; index: number } =>
+					entry.credential.type === type,
+			);
+
+		if (credentials.length === 0) return undefined;
+		if (credentials.length === 1) return credentials[0];
+
+		const providerKey = this.getProviderTypeKey(provider, type);
+		const selectedIndex = this.selectCredentialIndex(providerKey, sessionId, credentials.length);
+		return credentials[selectedIndex];
+	}
+
+	/**
+	 * Clears round-robin and session assignment state for a provider.
+	 * Called when credentials are added/removed to prevent stale index references.
+	 */
+	private resetProviderAssignments(provider: string): void {
+		for (const key of this.providerRoundRobinIndex.keys()) {
+			if (key.startsWith(`${provider}:`)) {
+				this.providerRoundRobinIndex.delete(key);
+			}
+		}
+		for (const key of this.sessionCredentialIndexes.keys()) {
+			if (key.startsWith(`${provider}:`)) {
+				this.sessionCredentialIndexes.delete(key);
+			}
+		}
+	}
+
+	/** Updates credential at index in-place (used for OAuth token refresh) */
+	private replaceCredentialAt(provider: string, index: number, credential: AuthCredential): void {
+		const entry = this.data[provider];
+		if (!entry) return;
+
+		if (Array.isArray(entry)) {
+			if (index >= 0 && index < entry.length) {
+				const updated = [...entry];
+				updated[index] = credential;
+				this.data[provider] = updated;
+			}
+			return;
+		}
+
+		if (index === 0) {
+			this.data[provider] = credential;
+		}
+	}
+
+	/**
+	 * Removes credential at index (used when OAuth refresh fails).
+	 * Cleans up provider entry if last credential removed.
+	 */
+	private removeCredentialAt(provider: string, index: number): void {
+		const entry = this.data[provider];
+		if (!entry) return;
+
+		if (Array.isArray(entry)) {
+			const updated = entry.filter((_value, idx) => idx !== index);
+			if (updated.length > 0) {
+				this.data[provider] = updated;
+			} else {
+				delete this.data[provider];
+			}
+		} else {
+			delete this.data[provider];
+		}
+
+		this.resetProviderAssignments(provider);
+	}
+
+	/**
+	 * Get credential for a provider (first entry if multiple).
 	 */
 	get(provider: string): AuthCredential | undefined {
-		return this.data[provider] ?? undefined;
+		return this.getCredentialsForProvider(provider)[0];
 	}
 
 	/**
 	 * Set credential for a provider.
 	 */
-	async set(provider: string, credential: AuthCredential): Promise<void> {
+	async set(provider: string, credential: AuthCredentialEntry): Promise<void> {
 		this.data[provider] = credential;
+		this.resetProviderAssignments(provider);
 		await this.save();
 	}
 
@@ -131,6 +372,7 @@ export class AuthStorage {
 	 */
 	async remove(provider: string): Promise<void> {
 		delete this.data[provider];
+		this.resetProviderAssignments(provider);
 		await this.save();
 	}
 
@@ -145,7 +387,7 @@ export class AuthStorage {
 	 * Check if credentials exist for a provider in auth.json.
 	 */
 	has(provider: string): boolean {
-		return provider in this.data;
+		return this.getCredentialsForProvider(provider).length > 0;
 	}
 
 	/**
@@ -154,14 +396,30 @@ export class AuthStorage {
 	 */
 	hasAuth(provider: string): boolean {
 		if (this.runtimeOverrides.has(provider)) return true;
-		if (this.data[provider]) return true;
+		if (this.getCredentialsForProvider(provider).length > 0) return true;
 		if (getEnvApiKey(provider)) return true;
 		if (this.fallbackResolver?.(provider)) return true;
 		return false;
 	}
 
 	/**
-	 * Get all credentials (for passing to getOAuthApiKey).
+	 * Check if OAuth credentials are configured for a provider.
+	 */
+	hasOAuth(provider: string): boolean {
+		return this.getCredentialsForProvider(provider).some((credential) => credential.type === "oauth");
+	}
+
+	/**
+	 * Get OAuth credentials for a provider.
+	 */
+	getOAuthCredential(provider: string): OAuthCredential | undefined {
+		return this.getCredentialsForProvider(provider).find(
+			(credential): credential is OAuthCredential => credential.type === "oauth",
+		);
+	}
+
+	/**
+	 * Get all credentials.
 	 */
 	getAll(): AuthStorageData {
 		return { ...this.data };
@@ -207,7 +465,14 @@ export class AuthStorage {
 				throw new Error(`Unknown OAuth provider: ${provider}`);
 		}
 
-		await this.set(provider, { type: "oauth", ...credentials });
+		const newCredential: OAuthCredential = { type: "oauth", ...credentials };
+		const existing = this.getCredentialsForProvider(provider);
+		if (existing.length === 0) {
+			await this.set(provider, newCredential);
+			return;
+		}
+
+		await this.set(provider, [...existing, newCredential]);
 	}
 
 	/**
@@ -226,37 +491,37 @@ export class AuthStorage {
 	 * 4. Environment variable
 	 * 5. Fallback resolver (models.json custom providers)
 	 */
-	async getApiKey(provider: string): Promise<string | undefined> {
+	async getApiKey(provider: string, sessionId?: string): Promise<string | undefined> {
 		// Runtime override takes highest priority
 		const runtimeKey = this.runtimeOverrides.get(provider);
 		if (runtimeKey) {
 			return runtimeKey;
 		}
 
-		const cred = this.data[provider];
-
-		if (cred?.type === "api_key") {
-			return cred.key;
+		const apiKeySelection = this.selectCredentialByType(provider, "api_key", sessionId);
+		if (apiKeySelection) {
+			return apiKeySelection.credential.key;
 		}
 
-		if (cred?.type === "oauth") {
-			// Filter to only oauth credentials for getOAuthApiKey
-			const oauthCreds: Record<string, OAuthCredentials> = {};
-			for (const [key, value] of Object.entries(this.data)) {
-				if (value.type === "oauth") {
-					oauthCreds[key] = value;
-				}
-			}
+		const oauthSelection = this.selectCredentialByType(provider, "oauth", sessionId);
+		if (oauthSelection) {
+			const oauthCreds: Record<string, OAuthCredentials> = {
+				[provider]: oauthSelection.credential,
+			};
 
 			try {
 				const result = await getOAuthApiKey(provider as OAuthProvider, oauthCreds);
 				if (result) {
-					this.data[provider] = { type: "oauth", ...result.newCredentials };
+					this.replaceCredentialAt(provider, oauthSelection.index, { type: "oauth", ...result.newCredentials });
 					await this.save();
 					return result.apiKey;
 				}
 			} catch {
-				await this.remove(provider);
+				this.removeCredentialAt(provider, oauthSelection.index);
+				await this.save();
+				if (this.getCredentialsForProvider(provider).some((credential) => credential.type === "oauth")) {
+					return this.getApiKey(provider, sessionId);
+				}
 			}
 		}
 

package/src/core/model-registry.ts

@@ -187,8 +187,8 @@ export class ModelRegistry {
 		const combined = [...builtInModels, ...customModels];
 
 		// Update github-copilot base URL based on OAuth credentials
-		const copilotCred = this.authStorage.get("github-copilot");
-		if (copilotCred?.type === "oauth") {
+		const copilotCred = this.authStorage.getOAuthCredential("github-copilot");
+		if (copilotCred) {
 			const domain = copilotCred.enterpriseUrl
 				? (normalizeDomain(copilotCred.enterpriseUrl) ?? undefined)
 				: undefined;
@@ -390,22 +390,21 @@ export class ModelRegistry {
 	/**
 	 * Get API key for a model.
 	 */
-	async getApiKey(model: Model<Api>): Promise<string | undefined> {
-		return this.authStorage.getApiKey(model.provider);
+	async getApiKey(model: Model<Api>, sessionId?: string): Promise<string | undefined> {
+		return this.authStorage.getApiKey(model.provider, sessionId);
 	}
 
 	/**
 	 * Get API key for a provider (e.g., "openai").
 	 */
-	async getApiKeyForProvider(provider: string): Promise<string | undefined> {
-		return this.authStorage.getApiKey(provider);
+	async getApiKeyForProvider(provider: string, sessionId?: string): Promise<string | undefined> {
+		return this.authStorage.getApiKey(provider, sessionId);
 	}
 
 	/**
 	 * Check if a model is using OAuth credentials (subscription).
 	 */
 	isUsingOAuth(model: Model<Api>): boolean {
-		const cred = this.authStorage.get(model.provider);
-		return cred?.type === "oauth";
+		return this.authStorage.hasOAuth(model.provider);
 	}
 }

package/src/core/sdk.ts

@@ -538,6 +538,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 
 	const sessionManager = options.sessionManager ?? SessionManager.create(cwd);
 	time("sessionManager");
+	const sessionId = sessionManager.getSessionId();
 
 	// Check if session has existing data to restore
 	const existingSession = sessionManager.buildSessionContext();
@@ -554,7 +555,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 		const parsedModel = parseModelString(defaultModelStr);
 		if (parsedModel) {
 			const restoredModel = modelRegistry.find(parsedModel.provider, parsedModel.id);
-			if (restoredModel && (await modelRegistry.getApiKey(restoredModel))) {
+			if (restoredModel && (await modelRegistry.getApiKey(restoredModel, sessionId))) {
 				model = restoredModel;
 			}
 		}
@@ -570,7 +571,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 			const parsedModel = parseModelString(settingsDefaultModel);
 			if (parsedModel) {
 				const settingsModel = modelRegistry.find(parsedModel.provider, parsedModel.id);
-				if (settingsModel && (await modelRegistry.getApiKey(settingsModel))) {
+				if (settingsModel && (await modelRegistry.getApiKey(settingsModel, sessionId))) {
 					model = settingsModel;
 				}
 			}
@@ -580,7 +581,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 	// Fall back to first available model with a valid API key
 	if (!model) {
 		for (const m of modelRegistry.getAll()) {
-			if (await modelRegistry.getApiKey(m)) {
+			if (await modelRegistry.getApiKey(m, sessionId)) {
 				model = m;
 				break;
 			}
@@ -921,7 +922,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 			if (!currentModel) {
 				throw new Error("No model selected");
 			}
-			const key = await modelRegistry.getApiKey(currentModel);
+			const key = await modelRegistry.getApiKey(currentModel, sessionId);
 			if (!key) {
 				throw new Error(`No API key found for provider "${currentModel.provider}"`);
 			}

package/src/core/system-prompt.ts

@@ -72,6 +72,7 @@ const toolDescriptions: Record<ToolName, string> = {
 	ask: "Ask user for input or clarification",
 	read: "Read file contents",
 	bash: "Execute bash commands (npm, docker, etc.)",
+	calc: "{ calculations: array of { expression: string, prefix: string, suffix: string } } Basic calculations.",
 	ssh: "Execute commands on remote hosts via SSH",
 	edit: "Make surgical edits to files (find exact text and replace)",
 	write: "Create or overwrite files",

package/src/core/title-generator.ts

@@ -68,11 +68,13 @@ export async function findTitleModel(registry: ModelRegistry, savedSmolModel?: s
  * @param firstMessage The first user message
  * @param registry Model registry
  * @param savedSmolModel Optional saved smol model from settings (provider/modelId format)
+ * @param sessionId Optional session id for sticky API key selection
  */
 export async function generateSessionTitle(
 	firstMessage: string,
 	registry: ModelRegistry,
 	savedSmolModel?: string,
+	sessionId?: string,
 ): Promise<string | null> {
 	const candidates = getTitleModelCandidates(registry, savedSmolModel);
 	if (candidates.length === 0) {
@@ -86,7 +88,7 @@ export async function generateSessionTitle(
 	const userMessage = `<user-message>\n${truncatedMessage}\n</user-message>`;
 
 	for (const model of candidates) {
-		const apiKey = await registry.getApiKey(model);
+		const apiKey = await registry.getApiKey(model, sessionId);
 		if (!apiKey) {
 			logger.debug("title-generator: no API key for model", { provider: model.provider, id: model.id });
 			continue;