@oh-my-pi/pi-coding-agent 4.1.0 → 4.2.0

package/CHANGELOG.md

@@ -2,6 +2,46 @@
 
 ## [Unreleased]
 
+## [4.2.0] - 2026-01-10
+
+### Added
+
+- Added `/dump` slash command to copy the full session transcript to the clipboard
+- Added automatic Nerd Fonts detection for terminals like iTerm, WezTerm, Kitty, Ghostty, and Alacritty to set appropriate symbol preset
+- Added `NERD_FONTS` environment variable override (`1` or `0`) to manually control Nerd Fonts symbol preset
+- Added Handlebars templating engine for prompt template rendering with `{{arg}}` helper for positional arguments
+- Added support for custom share scripts at ~/.omp/agent/share.ts to replace default GitHub Gist sharing
+
+### Changed
+
+- Changed rules system to use `read` tool for loading rule content instead of dedicated `rulebook` tool
+- Separated `/export` and `/dump` commands—`/export` now only exports to HTML file, while `/dump` copies session transcript to clipboard
+- Updated `/export` command to no longer accept `--copy` flag (use `/dump` instead)
+- Changed prompt template rendering to use Handlebars instead of simple string replacement
+- Updated prompt layout optimization to normalize indentation and collapse excessive blank lines
+- Changed auth migration to merge credentials per-provider instead of skipping when any credentials exist in database
+- Migrated settings and auth credential storage from JSON files to SQLite database (agent.db)
+- Updated credential migration message to reference agent.db instead of auth.json
+- Renamed Glob tool references to Find tool throughout prompts and documentation
+- Updated project context formatting to use XML-style tags for clearer structure
+- Refined bash tool guidance to prefer dedicated tools (read/grep/find/ls) over bash for file operations
+- Updated system prompt with clearer tone guidelines emphasizing directness and conciseness
+- Revised workflow instructions to require explicit planning for non-trivial tasks
+- Enhanced verification guidance to prefer external feedback loops like tests and linters
+- Added explicit alignment and prohibited behavior sections to improve response quality
+
+### Removed
+
+- Removed `rulebook` tool - rules are now loaded via the `read` tool instead of a dedicated tool
+
+### Fixed
+
+- Fixed message submission lag caused by synchronous history database writes by deferring DB operations with setImmediate
+
+### Security
+
+- Hardened file permissions on agent database directory (700) and database file (600) to restrict access
+
 ## [4.1.0] - 2026-01-10
 ### Added
 

package/README.md

@@ -223,7 +223,8 @@ The agent reads, writes, and edits files, and executes commands via bash.
 | ------------------------- | --------------------------------------------------------------------------- |
 | `/settings`               | Open settings menu (thinking, theme, queue mode, toggles)                   |
 | `/model`                  | Switch models mid-session. Use `/model <search>` or `provider/model` to prefilter/disambiguate. |
-| `/export [file\|--copy]`  | Export session to HTML file or copy to clipboard                            |
+| `/export [file]`          | Export session to HTML file                                                 |
+| `/dump`                   | Copy session transcript to clipboard                                        |
 | `/share`                  | Upload session as secret GitHub gist, get shareable URL (requires `gh` CLI) |
 | `/session`                | Show session info: path, message counts, token usage, cost                  |
 | `/hotkeys`                | Show all keyboard shortcuts                                                 |

package/docs/sdk.md

@@ -374,7 +374,6 @@ All tools are defined in `BUILTIN_TOOLS`:
 - `notebook` - Jupyter notebook editing
 - `output` - Task output retrieval
 - `read` - File reading (text and images)
-- `rulebook` - Rule reference (requires rules)
 - `task` - Subagent spawning
 - `web_fetch` - Web page fetching
 - `web_search` - Web search
@@ -390,10 +389,8 @@ import { BUILTIN_TOOLS, createTools, type ToolSession } from "@oh-my-pi/pi-codin
 const session: ToolSession = {
 	cwd: "/path/to/project",
 	hasUI: false,
-	rulebookRules: [],
 	getSessionFile: () => null,
 	getSessionSpawns: () => "*",
-	getAvailableTools: () => Object.keys(BUILTIN_TOOLS),
 };
 
 const tools = await createTools(session);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@oh-my-pi/pi-coding-agent",
-	"version": "4.1.0",
+	"version": "4.2.0",
 	"description": "Coding agent CLI with read, bash, edit, write tools and session management",
 	"type": "module",
 	"ompConfig": {
@@ -39,10 +39,10 @@
 		"prepublishOnly": "bun run generate-template && bun run clean && bun run build"
 	},
 	"dependencies": {
-		"@oh-my-pi/pi-ai": "4.1.0",
-		"@oh-my-pi/pi-agent-core": "4.1.0",
-		"@oh-my-pi/pi-git-tool": "4.1.0",
-		"@oh-my-pi/pi-tui": "4.1.0",
+		"@oh-my-pi/pi-ai": "4.2.0",
+		"@oh-my-pi/pi-agent-core": "4.2.0",
+		"@oh-my-pi/pi-git-tool": "4.2.0",
+		"@oh-my-pi/pi-tui": "4.2.0",
 		"@openai/agents": "^0.3.7",
 		"@sinclair/typebox": "^0.34.46",
 		"ajv": "^8.17.1",
@@ -51,6 +51,7 @@
 		"diff": "^8.0.2",
 		"file-type": "^21.1.1",
 		"glob": "^11.0.3",
+		"handlebars": "^4.7.8",
 		"highlight.js": "^11.11.1",
 		"marked": "^15.0.12",
 		"minimatch": "^10.1.1",

package/src/config.ts

@@ -79,6 +79,15 @@ export function getSettingsPath(): string {
 	return join(getAgentDir(), "settings.json");
 }
 
+/**
+ * Gets the path to agent.db (SQLite database for settings and auth storage).
+ * @param agentDir - Base agent directory, defaults to ~/.omp/agent
+ * @returns Absolute path to the agent.db file
+ */
+export function getAgentDbPath(agentDir: string = getAgentDir()): string {
+	return join(agentDir, "agent.db");
+}
+
 /** Get path to tools directory */
 export function getToolsDir(): string {
 	return join(getAgentDir(), "tools");

package/src/core/agent-storage.ts

@@ -0,0 +1,450 @@
+import { Database } from "bun:sqlite";
+import { chmodSync, existsSync, mkdirSync } from "node:fs";
+import { dirname } from "node:path";
+import { getAgentDbPath } from "../config";
+import type { AuthCredential } from "./auth-storage";
+import { logger } from "./logger";
+import type { Settings } from "./settings-manager";
+
+/** Prepared SQLite statement type from bun:sqlite */
+type Statement = ReturnType<Database["prepare"]>;
+
+/** Row shape for settings table queries */
+type SettingsRow = {
+	key: string;
+	value: string;
+};
+
+/** Row shape for auth_credentials table queries */
+type AuthRow = {
+	id: number;
+	provider: string;
+	credential_type: string;
+	data: string;
+};
+
+/**
+ * Auth credential with database row ID for updates/deletes.
+ * Wraps AuthCredential with storage metadata.
+ */
+export interface StoredAuthCredential {
+	id: number;
+	provider: string;
+	credential: AuthCredential;
+}
+
+/** Bump when schema changes require migration */
+const SCHEMA_VERSION = 2;
+
+/**
+ * Type guard for plain objects.
+ * @param value - Value to check
+ * @returns True if value is a non-null, non-array object
+ */
+function isRecord(value: unknown): value is Record<string, unknown> {
+	return !!value && typeof value === "object" && !Array.isArray(value);
+}
+
+/**
+ * Converts credential to DB format, stripping the type discriminant from the data blob.
+ * @param credential - The credential to serialize
+ * @returns Object with credentialType and JSON data string, or null for unknown types
+ */
+function serializeCredential(
+	credential: AuthCredential,
+): { credentialType: AuthCredential["type"]; data: string } | null {
+	if (credential.type === "api_key") {
+		return {
+			credentialType: "api_key",
+			data: JSON.stringify({ key: credential.key }),
+		};
+	}
+	if (credential.type === "oauth") {
+		const { type: _type, ...rest } = credential;
+		return {
+			credentialType: "oauth",
+			data: JSON.stringify(rest),
+		};
+	}
+	return null;
+}
+
+/**
+ * Reconstructs credential from DB row, re-adding the type discriminant.
+ * @param row - Database row containing credential data
+ * @returns Reconstructed AuthCredential, or null if parsing fails or type is unknown
+ */
+function deserializeCredential(row: AuthRow): AuthCredential | null {
+	let parsed: unknown;
+	try {
+		parsed = JSON.parse(row.data);
+	} catch (error) {
+		logger.warn("AgentStorage failed to parse auth credential", {
+			provider: row.provider,
+			id: row.id,
+			error: String(error),
+		});
+		return null;
+	}
+	if (!isRecord(parsed)) {
+		logger.warn("AgentStorage auth credential data invalid", {
+			provider: row.provider,
+			id: row.id,
+		});
+		return null;
+	}
+	if (row.credential_type === "api_key") {
+		return { type: "api_key", ...(parsed as Record<string, unknown>) } as AuthCredential;
+	}
+	if (row.credential_type === "oauth") {
+		return { type: "oauth", ...(parsed as Record<string, unknown>) } as AuthCredential;
+	}
+	logger.warn("AgentStorage unknown credential type", {
+		provider: row.provider,
+		id: row.id,
+		type: row.credential_type,
+	});
+	return null;
+}
+
+/**
+ * Unified SQLite storage for agent settings and auth credentials.
+ * Uses singleton pattern per database path; access via AgentStorage.open().
+ */
+export class AgentStorage {
+	private db: Database;
+	private static instances = new Map<string, AgentStorage>();
+
+	private listSettingsStmt: Statement;
+	private insertSettingStmt: Statement;
+	private deleteSettingsStmt: Statement;
+	private listAuthStmt: Statement;
+	private listAuthByProviderStmt: Statement;
+	private insertAuthStmt: Statement;
+	private updateAuthStmt: Statement;
+	private deleteAuthStmt: Statement;
+	private deleteAuthByProviderStmt: Statement;
+	private countAuthStmt: Statement;
+
+	private constructor(dbPath: string) {
+		this.ensureDir(dbPath);
+		this.db = new Database(dbPath);
+
+		this.initializeSchema();
+		this.hardenPermissions(dbPath);
+
+		this.listSettingsStmt = this.db.prepare("SELECT key, value FROM settings");
+		this.insertSettingStmt = this.db.prepare(
+			"INSERT INTO settings (key, value, updated_at) VALUES (?, ?, unixepoch())",
+		);
+		this.deleteSettingsStmt = this.db.prepare("DELETE FROM settings");
+
+		this.listAuthStmt = this.db.prepare(
+			"SELECT id, provider, credential_type, data FROM auth_credentials ORDER BY id ASC",
+		);
+		this.listAuthByProviderStmt = this.db.prepare(
+			"SELECT id, provider, credential_type, data FROM auth_credentials WHERE provider = ? ORDER BY id ASC",
+		);
+		this.insertAuthStmt = this.db.prepare(
+			"INSERT INTO auth_credentials (provider, credential_type, data) VALUES (?, ?, ?) RETURNING id",
+		);
+		this.updateAuthStmt = this.db.prepare(
+			"UPDATE auth_credentials SET credential_type = ?, data = ?, updated_at = unixepoch() WHERE id = ?",
+		);
+		this.deleteAuthStmt = this.db.prepare("DELETE FROM auth_credentials WHERE id = ?");
+		this.deleteAuthByProviderStmt = this.db.prepare("DELETE FROM auth_credentials WHERE provider = ?");
+		this.countAuthStmt = this.db.prepare("SELECT COUNT(*) as count FROM auth_credentials");
+	}
+
+	/**
+	 * Creates tables if missing and migrates legacy single-blob settings to key-value format.
+	 * Handles v1 to v2 schema migration for settings table.
+	 */
+	private initializeSchema(): void {
+		this.db.exec(`
+PRAGMA journal_mode=WAL;
+PRAGMA synchronous=NORMAL;
+
+CREATE TABLE IF NOT EXISTS auth_credentials (
+	id INTEGER PRIMARY KEY AUTOINCREMENT,
+	provider TEXT NOT NULL,
+	credential_type TEXT NOT NULL,
+	data TEXT NOT NULL,
+	created_at INTEGER NOT NULL DEFAULT (unixepoch()),
+	updated_at INTEGER NOT NULL DEFAULT (unixepoch())
+);
+CREATE INDEX IF NOT EXISTS idx_auth_provider ON auth_credentials(provider);
+
+CREATE TABLE IF NOT EXISTS schema_version (version INTEGER PRIMARY KEY);
+`);
+
+		const settingsInfo = this.db.prepare("PRAGMA table_info(settings)").all() as Array<{ name?: string }>;
+		const hasSettingsTable = settingsInfo.length > 0;
+		const hasKey = settingsInfo.some((column) => column.name === "key");
+		const hasValue = settingsInfo.some((column) => column.name === "value");
+
+		if (!hasSettingsTable) {
+			this.db.exec(`
+CREATE TABLE settings (
+	key TEXT PRIMARY KEY,
+	value TEXT NOT NULL,
+	updated_at INTEGER NOT NULL DEFAULT (unixepoch())
+);
+`);
+		} else if (!hasKey || !hasValue) {
+			// Migrate v1 schema: single JSON blob in `data` column → per-key rows
+			let legacySettings: Record<string, unknown> | null = null;
+			const row = this.db.prepare("SELECT data FROM settings WHERE id = 1").get() as { data?: string } | undefined;
+			if (row?.data) {
+				try {
+					const parsed = JSON.parse(row.data);
+					if (isRecord(parsed)) {
+						legacySettings = parsed;
+					} else {
+						logger.warn("AgentStorage legacy settings invalid shape");
+					}
+				} catch (error) {
+					logger.warn("AgentStorage failed to parse legacy settings", { error: String(error) });
+				}
+			}
+
+			const migrate = this.db.transaction((settings: Record<string, unknown> | null) => {
+				this.db.exec("DROP TABLE settings");
+				this.db.exec(`
+CREATE TABLE settings (
+	key TEXT PRIMARY KEY,
+	value TEXT NOT NULL,
+	updated_at INTEGER NOT NULL DEFAULT (unixepoch())
+);
+`);
+				if (settings) {
+					const insert = this.db.prepare(
+						"INSERT INTO settings (key, value, updated_at) VALUES (?, ?, unixepoch())",
+					);
+					for (const [key, value] of Object.entries(settings)) {
+						if (value === undefined) continue;
+						const serialized = JSON.stringify(value);
+						if (serialized === undefined) continue;
+						insert.run(key, serialized);
+					}
+				}
+			});
+
+			migrate(legacySettings);
+		}
+
+		const versionRow = this.db.prepare("SELECT version FROM schema_version ORDER BY version DESC LIMIT 1").get() as
+			| { version?: number }
+			| undefined;
+		if (versionRow?.version !== undefined && versionRow.version !== SCHEMA_VERSION) {
+			logger.warn("AgentStorage schema version mismatch", {
+				current: versionRow.version,
+				expected: SCHEMA_VERSION,
+			});
+		}
+		this.db.prepare("INSERT OR REPLACE INTO schema_version(version) VALUES (?)").run(SCHEMA_VERSION);
+	}
+
+	/**
+	 * Returns singleton instance for the given database path, creating if needed.
+	 * @param dbPath - Path to the SQLite database file (defaults to config path)
+	 * @returns AgentStorage instance for the given path
+	 */
+	static open(dbPath: string = getAgentDbPath()): AgentStorage {
+		const existing = AgentStorage.instances.get(dbPath);
+		if (existing) return existing;
+		const storage = new AgentStorage(dbPath);
+		AgentStorage.instances.set(dbPath, storage);
+		return storage;
+	}
+
+	/**
+	 * Retrieves all settings from storage.
+	 * @returns Settings object, or null if no settings are stored
+	 */
+	getSettings(): Settings | null {
+		const rows = (this.listSettingsStmt.all() as SettingsRow[]) ?? [];
+		if (rows.length === 0) return null;
+		const settings: Record<string, unknown> = {};
+		for (const row of rows) {
+			try {
+				settings[row.key] = JSON.parse(row.value) as unknown;
+			} catch (error) {
+				logger.warn("AgentStorage failed to parse setting", {
+					key: row.key,
+					error: String(error),
+				});
+			}
+		}
+		return settings as Settings;
+	}
+
+	/**
+	 * Atomically replaces all settings in storage.
+	 * Uses delete-then-insert within a transaction for consistency.
+	 * @param settings - Settings object to persist
+	 */
+	saveSettings(settings: Settings): void {
+		const entries = Object.entries(settings).filter(([, value]) => value !== undefined);
+		const replace = this.db.transaction((rows: Array<[string, unknown]>) => {
+			this.deleteSettingsStmt.run();
+			for (const [key, value] of rows) {
+				const serialized = JSON.stringify(value);
+				if (serialized === undefined) continue;
+				this.insertSettingStmt.run(key, serialized);
+			}
+		});
+
+		try {
+			replace(entries);
+		} catch (error) {
+			logger.error("AgentStorage failed to save settings", { error: String(error) });
+		}
+	}
+
+	/**
+	 * Checks if any auth credentials exist in storage.
+	 * @returns True if at least one credential is stored
+	 */
+	hasAuthCredentials(): boolean {
+		const row = this.countAuthStmt.get() as { count?: number } | undefined;
+		return (row?.count ?? 0) > 0;
+	}
+
+	/**
+	 * Lists auth credentials, optionally filtered by provider.
+	 * @param provider - Optional provider name to filter by
+	 * @returns Array of stored credentials with their database IDs
+	 */
+	listAuthCredentials(provider?: string): StoredAuthCredential[] {
+		const rows =
+			(provider
+				? (this.listAuthByProviderStmt.all(provider) as AuthRow[])
+				: (this.listAuthStmt.all() as AuthRow[])) ?? [];
+
+		const results: StoredAuthCredential[] = [];
+		for (const row of rows) {
+			const credential = deserializeCredential(row);
+			if (!credential) continue;
+			results.push({ id: row.id, provider: row.provider, credential });
+		}
+		return results;
+	}
+
+	/**
+	 * Atomically replaces all credentials for a provider.
+	 * Useful for OAuth token refresh where old tokens should be discarded.
+	 * @param provider - Provider name (e.g., "anthropic", "openai")
+	 * @param credentials - New credentials to store
+	 * @returns Array of newly stored credentials with their database IDs
+	 */
+	replaceAuthCredentialsForProvider(provider: string, credentials: AuthCredential[]): StoredAuthCredential[] {
+		const replace = this.db.transaction((providerName: string, items: AuthCredential[]) => {
+			this.deleteAuthByProviderStmt.run(providerName);
+			const inserted: StoredAuthCredential[] = [];
+			for (const credential of items) {
+				const record = this.insertAuthCredential(providerName, credential);
+				if (record) inserted.push(record);
+			}
+			return inserted;
+		});
+
+		return replace(provider, credentials);
+	}
+
+	/**
+	 * Updates an existing auth credential by ID.
+	 * @param id - Database row ID of the credential to update
+	 * @param credential - New credential data
+	 */
+	updateAuthCredential(id: number, credential: AuthCredential): void {
+		const serialized = serializeCredential(credential);
+		if (!serialized) {
+			logger.warn("AgentStorage updateAuthCredential invalid type", { id, type: credential.type });
+			return;
+		}
+		try {
+			this.updateAuthStmt.run(serialized.credentialType, serialized.data, id);
+		} catch (error) {
+			logger.warn("AgentStorage updateAuthCredential failed", { id, error: String(error) });
+		}
+	}
+
+	/**
+	 * Deletes an auth credential by ID.
+	 * @param id - Database row ID of the credential to delete
+	 */
+	deleteAuthCredential(id: number): void {
+		try {
+			this.deleteAuthStmt.run(id);
+		} catch (error) {
+			logger.warn("AgentStorage deleteAuthCredential failed", { id, error: String(error) });
+		}
+	}
+
+	/**
+	 * Deletes all auth credentials for a provider.
+	 * @param provider - Provider name whose credentials should be deleted
+	 */
+	deleteAuthCredentialsForProvider(provider: string): void {
+		try {
+			this.deleteAuthByProviderStmt.run(provider);
+		} catch (error) {
+			logger.warn("AgentStorage deleteAuthCredentialsForProvider failed", {
+				provider,
+				error: String(error),
+			});
+		}
+	}
+
+	/**
+	 * Inserts a new auth credential for a provider.
+	 * @param provider - Provider name (e.g., "anthropic", "openai")
+	 * @param credential - Credential to insert
+	 * @returns Stored credential with database ID, or null on failure
+	 */
+	private insertAuthCredential(provider: string, credential: AuthCredential): StoredAuthCredential | null {
+		const serialized = serializeCredential(credential);
+		if (!serialized) {
+			logger.warn("AgentStorage insertAuthCredential invalid type", { provider, type: credential.type });
+			return null;
+		}
+		try {
+			const row = this.insertAuthStmt.get(provider, serialized.credentialType, serialized.data) as
+				| { id?: number }
+				| undefined;
+			if (!row?.id) {
+				logger.warn("AgentStorage insertAuthCredential missing id", { provider });
+				return null;
+			}
+			return { id: row.id, provider, credential };
+		} catch (error) {
+			logger.warn("AgentStorage insertAuthCredential failed", { provider, error: String(error) });
+			return null;
+		}
+	}
+
+	/**
+	 * Ensures the parent directory for the database file exists.
+	 * @param dbPath - Path to the database file
+	 */
+	private ensureDir(dbPath: string): void {
+		mkdirSync(dirname(dbPath), { recursive: true });
+	}
+
+	private hardenPermissions(dbPath: string): void {
+		const dir = dirname(dbPath);
+		try {
+			chmodSync(dir, 0o700);
+		} catch (error) {
+			logger.warn("AgentStorage failed to chmod agent dir", { path: dir, error: String(error) });
+		}
+
+		if (!existsSync(dbPath)) return;
+		try {
+			chmodSync(dbPath, 0o600);
+		} catch (error) {
+			logger.warn("AgentStorage failed to chmod db file", { path: dbPath, error: String(error) });
+		}
+	}
+}