@undefineds.co/linx 0.3.4 → 0.3.7

package/dist/lib/pi-adapter/runtime.js

@@ -1,23 +1,32 @@
-import { createPiAgentStreamAdapter } from './stream.js';
-import { resolveLinxPiCloudOAuthCredential } from './auth.js';
-import { ensureBrowserConsentLogin, isOidcLoginExpiredError } from '../oidc-auth.js';
+import { createLinxAgentStreamAdapter } from './stream.js';
+import { ensureBrowserConsentLogin, isOidcLoginExpiredError, isOidcTransientRemoteError } from '../oidc-auth.js';
 import { DEFAULT_LINX_CLOUD_MODEL_ID, FALLBACK_LINX_CLOUD_MODEL_IDS, resolvePreferredLinxCloudModelId } from '../default-model.js';
 import { ensureLinxPiTheme } from './theme.js';
-import { AuthStorage, ModelRegistry, SettingsManager, createAgentSessionFromServices, createAgentSessionRuntime, createAgentSessionServices, createBashToolDefinition, createCodingTools, createLocalBashOperations, } from '@mariozechner/pi-coding-agent';
-import { webFetchTool, webSearchTool } from './web-fetch.js';
-import { podReadTool, podWriteTool } from './pod-tools.js';
-import { existsSync } from 'node:fs';
-import { delimiter, dirname, join, resolve } from 'node:path';
+import { AuthStorage, ModelRegistry, SettingsManager, createAgentSessionFromServices, createAgentSessionRuntime, createAgentSessionServices, createCodingTools, createLocalBashOperations, } from '@earendil-works/pi-coding-agent';
+// web_fetch / web_search are now handled by pi-web-access
+import { existsSync, mkdirSync, readdirSync, statSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { basename, dirname, join, resolve } from 'node:path';
+import { createRequire } from 'node:module';
 import { fileURLToPath } from 'node:url';
-import { isRemoteAuthExpiredError } from '../chat-api.js';
-import { installLinxPiRemoteApproval } from './pod-approval.js';
+import { RemoteChatRequestError, isRemoteAuthExpiredError } from '../chat-api.js';
+import { formatLinxCloudTransientMessage } from '../linx-cloud-errors.js';
+import { clearDefaultPodDataSession, getDefaultPodDataSession } from '../pod-data-session.js';
+import { loadCredentials } from '../credentials-store.js';
+import { getSolidLinxAppDir, getSolidLinxPiWebAccessConfigPath } from '../solid-local-store.js';
 const UNDEFINEDS_PROVIDER_ID = 'undefineds';
-const UNDEFINEDS_PROVIDER_LABEL = 'undefineds';
-const UNDEFINEDS_PROVIDER_API = 'openai-completions';
+const UNDEFINEDS_PROVIDER_LABEL = 'LinX Cloud';
+const UNDEFINEDS_PROVIDER_API = 'linx-cloud-chat-completions';
 const UNDEFINEDS_SESSION_ID = 'undefineds_pi_frontend';
 const UNDEFINEDS_AUTH_BRIDGE_ID = 'undefineds-cloud-oauth-bridge';
+export const LINX_RUNTIME_MANAGED_AUTH_KEY = 'linx-runtime-managed-auth';
 const LINX_PACKAGE_SOURCE = '@undefineds.co/linx';
+const LINX_WEB_ACCESS_PACKAGE_SOURCE = 'pi-web-access';
+const LINX_PRODUCT_SKILL_NAMES = new Set(['symphony']);
+const MARKET_XPOD_CLI_SKILL_SOURCE = 'xpod-cli@undefineds';
 export const DEFAULT_LINX_PI_BASH_TIMEOUT_SECONDS = 15;
+const DEFAULT_LINX_CLOUD_CONTEXT_WINDOW = 1_000_000;
+const DEFAULT_LINX_CLOUD_COMPLETION_TIMEOUT_MS = 10 * 60 * 1000;
 export async function resolveLinxStartupLoginPromptDecision(options) {
     if (options.print) {
         return { shouldPrompt: false, reason: 'print-mode' };
@@ -25,10 +34,16 @@ export async function resolveLinxStartupLoginPromptDecision(options) {
     if (options.backend === 'native') {
         return { shouldPrompt: false, reason: 'native-backend' };
     }
-    const resolveCredential = options.resolveCredential ?? resolveLinxPiCloudOAuthCredential;
+    if (!options.resolveSession) {
+        return (options.loadStoredCredentials ?? loadCredentials)()
+            ? { shouldPrompt: false, reason: 'credential-present' }
+            : { shouldPrompt: true, reason: 'missing-credential' };
+    }
+    const resolveSession = options.resolveSession;
+    let session = null;
     try {
-        const credential = await resolveCredential(options.issuerUrl);
-        return credential
+        session = await resolveSession();
+        return session
             ? { shouldPrompt: false, reason: 'credential-present' }
             : { shouldPrompt: true, reason: 'missing-credential' };
     }
@@ -36,8 +51,14 @@ export async function resolveLinxStartupLoginPromptDecision(options) {
         if (isOidcLoginExpiredError(error)) {
             return { shouldPrompt: true, reason: 'expired-credential' };
         }
+        if (isOidcTransientRemoteError(error) && (options.loadStoredCredentials ?? loadCredentials)()) {
+            return { shouldPrompt: false, reason: 'credential-present' };
+        }
         throw error;
     }
+    finally {
+        await session?.close().catch(() => undefined);
+    }
 }
 export function resolveLinxStartupLoginReason(decision) {
     if (!decision.shouldPrompt) {
@@ -51,8 +72,9 @@ export function resolveLinxInteractiveLoginReason(options) {
     }
     return resolveLinxStartupLoginReason(options.startupDecision);
 }
-export function createPiRuntimeAdapter(dependencies, options = {}) {
+export function createLinxRuntimeAdapter(dependencies, options = {}) {
     const backendMode = options.backend ?? 'cloud';
+    const workerBackend = options.workerBackend ?? (backendMode === 'native' ? 'codex' : undefined);
     const cwd = options.cwd ?? process.cwd();
     const requestedModel = options.model?.trim() || undefined;
     let activeModelId = requestedModel ?? DEFAULT_LINX_CLOUD_MODEL_ID;
@@ -62,17 +84,22 @@ export function createPiRuntimeAdapter(dependencies, options = {}) {
     const proxy = backendMode === 'native'
         ? dependencies.createNativeProxy?.({
             cwd,
-            model: activeModelId,
+            model: requestedModel,
             listenPort: options.port,
+            autoEnabled: options.autoEnabled,
+            codexApprovalPolicy: options.codexApprovalPolicy,
+            passthroughArgs: options.passthroughArgs,
+            env: options.backendEnv,
+            resolveEnv: options.resolveBackendEnv,
         })
         : null;
     if (backendMode === 'native' && !proxy) {
-        throw new Error('Native Pi runtime backend requires createNativeProxy');
+        throw new Error('Native LinX runtime backend requires createNativeProxy');
     }
     if (backendMode === 'cloud' && !options.providerConfig?.oauth && !dependencies.createRemoteCompletion) {
-        throw new Error('Cloud Pi runtime backend requires createRemoteCompletion');
+        throw new Error('Cloud LinX runtime backend requires createRemoteCompletion');
     }
-    const streamAdapter = createPiAgentStreamAdapter({
+    const streamAdapter = createLinxAgentStreamAdapter({
         sessionId: proxy?.record.id ?? UNDEFINEDS_SESSION_ID,
         cwd: proxy?.record.cwd ?? cwd,
         model: proxy?.record.model ?? activeModelId,
@@ -89,30 +116,55 @@ export function createPiRuntimeAdapter(dependencies, options = {}) {
         completionBackend: !proxy && dependencies.createRemoteCompletion
             ? {
                 async complete(input) {
-                    const apiKey = input.apiKey && input.apiKey !== 'linx-runtime-managed-auth'
-                        ? input.apiKey
-                        : await resolveLinxPiCloudApiKey({
+                    const authFetch = options.providerConfig?.oauth
+                        ? input.authFetch
+                            ?? resolveRuntimeAuthFetchFromApiKey(input.apiKey)
+                            ?? await resolveLinxPiCloudAuthFetch({
+                                issuerUrl: options.providerConfig?.issuerUrl,
+                                getPodDataSession: options.getPodDataSession,
+                            })
+                        : await resolveLinxPiCloudAuthFetch({
                             issuerUrl: options.providerConfig?.issuerUrl,
-                            explicitApiKey: options.providerConfig?.apiKey,
+                            getPodDataSession: options.getPodDataSession,
                         });
-                    return completeWithAuthRecovery(apiKey, {
+                    return completeWithAuthRecovery(authFetch, {
                         runtimeUrl: baseUrl,
                         model: input.model,
                         messages: withSystemPrompt(input.systemPrompt, input.messages),
                         tools: input.tools,
-                        reasoning: input.reasoning,
                         signal: input.signal,
                     });
                 },
             }
             : undefined,
     });
+    const backendCommandRouter = proxy && typeof proxy.executeCommand === 'function'
+        ? {
+            backend: proxy.record.backend,
+            execute(input) {
+                return proxy.executeCommand(input);
+            },
+            setCwd: typeof proxy.setCwd === 'function'
+                ? (nextCwd) => proxy.setCwd(nextCwd)
+                : undefined,
+            subscribe(listener) {
+                return proxy.subscribe(listener);
+            },
+            setSessionControl: typeof proxy.setSessionControl === 'function'
+                ? (control) => proxy.setSessionControl(control)
+                : undefined,
+        }
+        : undefined;
     return {
         remoteUrl: proxy?.remoteUrl ?? baseUrl,
         sessionId: proxy?.record.id ?? UNDEFINEDS_SESSION_ID,
         cwd: proxy?.record.cwd ?? cwd,
         model: proxy?.record.model ?? activeModelId,
-        backend: proxy?.record.backend ?? UNDEFINEDS_PROVIDER_ID,
+        backend: 'linx',
+        runtimeBackend: workerBackend,
+        autoEnabled: options.autoEnabled === true,
+        symphonyEnabled: options.symphonyEnabled === true,
+        backendCommandRouter,
         streamAdapter,
         createRuntime: async (context) => {
             const authStorage = AuthStorage.inMemory();
@@ -136,74 +188,86 @@ export function createPiRuntimeAdapter(dependencies, options = {}) {
                         },
                         manualRedirectUrl: callbacks.onManualCodeInput,
                     });
+                    clearDefaultPodDataSession();
                     if (result.reusedExistingSession) {
                         callbacks.onProgress?.('Reused existing LinX Cloud session.');
                     }
-                    await syncProviderModels(result.tokenSet.accessToken ?? '', { throwAuthExpired: true });
+                    const authFetch = await resolveLinxPiCloudAuthFetch({
+                        issuerUrl: options.providerConfig?.issuerUrl,
+                        getPodDataSession: options.getPodDataSession,
+                    });
+                    await syncProviderModels({ runtimeFetch: authFetch });
                     return {
                         refresh: result.tokenSet.refreshToken ?? '',
-                        access: result.tokenSet.accessToken ?? '',
+                        access: LINX_RUNTIME_MANAGED_AUTH_KEY,
                         expires: result.tokenSet.expiresAt ? result.tokenSet.expiresAt * 1000 : Date.now() + 60 * 60 * 1000,
                     };
                 },
-                async refreshToken() {
-                    const refreshed = await resolveLinxPiCloudOAuthCredential(options.providerConfig?.issuerUrl);
-                    if (!refreshed) {
-                        throw new Error('Failed to refresh LinX cloud credential for Pi runtime adapter');
-                    }
-                    await syncProviderModels(refreshed.access);
-                    return refreshed;
+                async refreshToken(credentials) {
+                    clearDefaultPodDataSession();
+                    const authFetch = await resolveLinxPiCloudAuthFetch({
+                        issuerUrl: options.providerConfig?.issuerUrl,
+                        getPodDataSession: options.getPodDataSession,
+                    });
+                    await syncProviderModels({ runtimeFetch: authFetch });
+                    return {
+                        type: 'oauth',
+                        refresh: credentials.refresh,
+                        access: LINX_RUNTIME_MANAGED_AUTH_KEY,
+                        expires: Date.now() + 60 * 60 * 1000,
+                    };
                 },
                 getApiKey(credentials) {
-                    return credentials.access;
+                    return credentials.access === LINX_RUNTIME_MANAGED_AUTH_KEY
+                        ? LINX_RUNTIME_MANAGED_AUTH_KEY
+                        : LINX_RUNTIME_MANAGED_AUTH_KEY;
                 },
             };
-            const resolvedOAuth = options.providerConfig?.oauth
-                ? null
-                : await resolveLinxPiCloudOAuthCredential(options.providerConfig?.issuerUrl).catch((error) => {
-                    if (isOidcLoginExpiredError(error)) {
-                        return null;
-                    }
-                    throw error;
-                });
+            const storedCredentials = options.providerConfig?.oauth ? null : loadCredentials();
+            const hasManagedPodSession = !options.providerConfig?.oauth && Boolean(options.getPodDataSession);
             const explicitOAuthCredential = options.providerConfig?.oauth
                 ? await options.providerConfig.oauth.login()
                 : null;
-            const explicitApiKey = options.providerConfig?.apiKey;
-            const authMode = options.providerConfig?.oauth || resolvedOAuth || !explicitApiKey ? 'oauth' : 'apiKey';
-            if (resolvedOAuth?.access) {
-                await syncProviderModels(resolvedOAuth.access, { refreshOnAuthExpired: true });
+            if (storedCredentials || hasManagedPodSession) {
+                const authFetch = await resolveLinxPiCloudAuthFetch({
+                    issuerUrl: options.providerConfig?.issuerUrl,
+                    getPodDataSession: options.getPodDataSession,
+                });
+                await syncProviderModels({ runtimeFetch: authFetch }, { refreshOnAuthExpired: true });
             }
             else if (explicitOAuthCredential?.access) {
-                await syncProviderModels(explicitOAuthCredential.access);
-            }
-            else if (explicitApiKey) {
-                await syncProviderModels(explicitApiKey);
+                await syncProviderModels({ runtimeFetch: createBearerAuthFetch(explicitOAuthCredential.access) });
             }
             modelRegistry.registerProvider(UNDEFINEDS_PROVIDER_ID, {
                 api: UNDEFINEDS_PROVIDER_API,
                 baseUrl,
-                apiKey: 'LINX_RUNTIME_AUTH',
+                apiKey: '$LINX_RUNTIME_AUTH',
                 oauth: linxOAuthProvider,
                 authHeader: false,
                 streamSimple: streamAdapter.streamFn,
                 models: providerModels,
             });
-            if (!options.providerConfig?.oauth && !resolvedOAuth && !explicitApiKey) {
-                authStorage.setRuntimeApiKey(UNDEFINEDS_PROVIDER_ID, 'linx-runtime-managed-auth');
+            if (!options.providerConfig?.oauth) {
+                authStorage.setRuntimeApiKey(UNDEFINEDS_PROVIDER_ID, LINX_RUNTIME_MANAGED_AUTH_KEY);
             }
             if (options.providerConfig?.oauth && explicitOAuthCredential) {
                 authStorage.set(UNDEFINEDS_PROVIDER_ID, { type: 'oauth', ...explicitOAuthCredential });
             }
-            else if (resolvedOAuth) {
-                authStorage.set(UNDEFINEDS_PROVIDER_ID, resolvedOAuth);
-            }
             const settingsManager = SettingsManager.create(context.cwd, context.agentDir);
             ensureLinxPiTheme(context.agentDir);
+            ensurePiWebAccessConfig();
             settingsManager.setTheme('linx');
             const defaultModelId = sanitizeLinxCloudDefaults(settingsManager, requestedModel, providerModels);
             activeModelId = defaultModelId;
             const bundledSkillsDir = resolveBundledLinxSkillsDir();
+            const marketSkillDirs = resolveInstalledMarketSkillDirs();
+            const additionalSkillPaths = [
+                ...(bundledSkillsDir ? [bundledSkillsDir] : []),
+                ...marketSkillDirs,
+            ];
+            const bundledPackagePaths = [
+                resolveBundledPiPackageRoot(LINX_WEB_ACCESS_PACKAGE_SOURCE),
+            ].filter((path) => Boolean(path));
             const services = await createAgentSessionServices({
                 cwd: context.cwd,
                 agentDir: context.agentDir,
@@ -211,48 +275,29 @@ export function createPiRuntimeAdapter(dependencies, options = {}) {
                 settingsManager,
                 modelRegistry,
                 resourceLoaderOptions: {
-                    additionalSkillPaths: bundledSkillsDir ? [bundledSkillsDir] : [],
-                    skillsOverride: bundledSkillsDir
-                        ? (base) => withBundledLinxSkillSourceInfo(base, bundledSkillsDir)
-                        : undefined,
+                    // Built-in: pi-web-access handles web_search, fetch_content, and related web tools.
+                    additionalExtensionPaths: bundledPackagePaths,
+                    additionalSkillPaths,
+                    skillsOverride: (base) => withLinxSkillSourceInfo(base, {
+                        bundledSkillsDir,
+                        marketSkillDirs,
+                    }),
                     systemPromptOverride: overrideLinxSystemPrompt,
                 },
             });
             const selectedModel = modelRegistry.find(UNDEFINEDS_PROVIDER_ID, defaultModelId)
                 ?? modelRegistry.getAvailable().find((candidate) => candidate.provider === UNDEFINEDS_PROVIDER_ID);
             if (!selectedModel) {
-                throw new Error('Failed to resolve undefineds model from the LinX Pi runtime adapter');
+                throw new Error('Failed to resolve undefineds model from the LinX runtime adapter');
             }
             const created = await createAgentSessionFromServices({
                 services,
                 sessionManager: context.sessionManager,
                 sessionStartEvent: context.sessionStartEvent,
                 model: selectedModel,
-                tools: [
-                    'read',
-                    'bash',
-                    'edit',
-                    'write',
-                    'web_fetch',
-                    'web_search',
-                    'pod_read',
-                    'pod_write',
-                ],
-                customTools: [
-                    createLinxPiBashToolDefinition(context.cwd),
-                    webFetchTool,
-                    webSearchTool,
-                    podReadTool,
-                    podWriteTool,
-                ],
             });
             const session = created.session;
             enableLinxXhighThinking(session);
-            restoreLinxThinkingDefault(session, settingsManager);
-            installLinxPiRemoteApproval({
-                session,
-                cwd: context.cwd,
-            });
             if (session.model?.provider !== selectedModel.provider || session.model.id !== selectedModel.id) {
                 await session.setModel(selectedModel);
             }
@@ -267,14 +312,29 @@ export function createPiRuntimeAdapter(dependencies, options = {}) {
                 sessionManager: context.sessionManager,
                 sessionStartEvent: context.sessionStartEvent,
             });
+            runtime.backend = 'linx';
+            runtime.runtimeBackend = workerBackend;
+            runtime.autoEnabled = options.autoEnabled === true;
+            runtime.symphonyEnabled = options.symphonyEnabled === true;
             runtime.linxAuthBridge = {
                 description: UNDEFINEDS_AUTH_BRIDGE_ID,
-                authMode,
                 providerId: UNDEFINEDS_PROVIDER_ID,
                 providerLabel: UNDEFINEDS_PROVIDER_LABEL,
                 runtimeUrl: baseUrl,
                 shouldPromptLoginOnStart,
             };
+            if (backendCommandRouter) {
+                ;
+                runtime.backendCommandRouter = backendCommandRouter;
+            }
+            if (proxy) {
+                ;
+                runtime.backendSessionRef = proxy.record;
+            }
+            if (options.getPodDataSession) {
+                ;
+                runtime.getPodDataSession = options.getPodDataSession;
+            }
             return runtime;
         },
         async start() {
@@ -284,17 +344,17 @@ export function createPiRuntimeAdapter(dependencies, options = {}) {
             await proxy?.close();
         },
     };
-    async function syncProviderModels(apiKey, options = {}) {
-        if (!apiKey || !dependencies.listRemoteModels) {
+    async function syncProviderModels(authSession, options = {}) {
+        if (!dependencies.listRemoteModels) {
             return;
         }
-        const remoteModels = await listRemoteModelsWithAuthRecovery(apiKey, options);
+        const remoteModels = await listRemoteModelsWithAuthRecovery(authSession.runtimeFetch, options);
         if (remoteModels.length === 0) {
             return;
         }
         const mergedModels = mergeLinxProviderModels(remoteModels.map((entry) => ({
             id: entry.id,
-            contextWindow: entry.contextWindow ?? 1_000_000,
+            contextWindow: entry.contextWindow,
         })), activeModelId);
         const nextModels = mergedModels.map((entry) => buildProviderModel(entry));
         providerModels.splice(0, providerModels.length, ...nextModels);
@@ -302,29 +362,24 @@ export function createPiRuntimeAdapter(dependencies, options = {}) {
             activeModelId = resolvePreferredLinxCloudModelId(nextModels, activeModelId);
         }
     }
-    async function listRemoteModelsWithAuthRecovery(apiKey, recoveryOptions) {
+    async function listRemoteModelsWithAuthRecovery(authFetch, recoveryOptions) {
         try {
-            return await dependencies.listRemoteModels(null, baseUrl, apiKey);
+            return await dependencies.listRemoteModels(authFetch, baseUrl, { fallback: false, timeoutMs: 5000 });
         }
         catch (error) {
             if (!isAuthExpiredError(error)) {
                 return [];
             }
             if (recoveryOptions.refreshOnAuthExpired) {
-                const refreshed = await resolveLinxPiCloudOAuthCredential(options.providerConfig?.issuerUrl).catch((refreshError) => {
-                    if (isOidcLoginExpiredError(refreshError)) {
-                        return null;
+                try {
+                    const refreshedAuthFetch = await resolveRefreshedLinxPiCloudAuthFetch();
+                    if (refreshedAuthFetch) {
+                        return await dependencies.listRemoteModels(refreshedAuthFetch, baseUrl, { fallback: false, timeoutMs: 5000 });
                     }
-                    throw refreshError;
-                });
-                if (refreshed?.access) {
-                    try {
-                        return await dependencies.listRemoteModels(null, baseUrl, refreshed.access);
-                    }
-                    catch (retryError) {
-                        if (!isAuthExpiredError(retryError)) {
-                            return [];
-                        }
+                }
+                catch (retryError) {
+                    if (!isAuthExpiredError(retryError)) {
+                        return [];
                     }
                 }
             }
@@ -335,39 +390,48 @@ export function createPiRuntimeAdapter(dependencies, options = {}) {
             return [];
         }
     }
-    async function completeWithAuthRecovery(apiKey, request) {
+    async function completeWithAuthRecovery(authFetch, request) {
         try {
             return await dependencies.createRemoteCompletion({
                 ...request,
-                apiKey,
+                authFetch,
             });
         }
         catch (error) {
             if (!isAuthExpiredError(error)) {
                 throw error;
             }
-            const refreshed = await resolveLinxPiCloudOAuthCredential(options.providerConfig?.issuerUrl).catch((refreshError) => {
-                if (isOidcLoginExpiredError(refreshError)) {
-                    return null;
-                }
-                throw refreshError;
-            });
-            if (!refreshed?.access) {
+            const refreshedAuthFetch = await resolveRefreshedLinxPiCloudAuthFetch();
+            if (!refreshedAuthFetch) {
                 throw error;
             }
             return dependencies.createRemoteCompletion({
                 ...request,
-                apiKey: refreshed.access,
+                authFetch: refreshedAuthFetch,
             });
         }
     }
+    async function resolveRefreshedLinxPiCloudAuthFetch() {
+        clearDefaultPodDataSession();
+        const storedCredentials = loadCredentials();
+        if (storedCredentials || options.getPodDataSession) {
+            return resolveLinxPiCloudAuthFetch({
+                issuerUrl: options.providerConfig?.issuerUrl,
+                getPodDataSession: options.getPodDataSession,
+            });
+        }
+        return null;
+    }
 }
+/** @deprecated Use createLinxRuntimeAdapter. */
+export const createPiRuntimeAdapter = createLinxRuntimeAdapter;
 export function resolveBundledLinxSkillsDir(importMetaUrl = import.meta.url) {
     const moduleDir = dirname(fileURLToPath(importMetaUrl));
     const candidates = [
-        // Published package: dist/lib/pi-adapter/runtime.js -> dist/skills
+        // Published package: dist/lib/pi-adapter/runtime.js -> dist/skills.
+        // This directory is a curated product-skill bundle, not the repo skill root.
         join(moduleDir, '..', '..', 'skills'),
-        // Test/dev bundle: <tmp>/dist/lib/pi-adapter/runtime.js -> repo skills
+        // Test/dev bundle: <tmp>/dist/lib/pi-adapter/runtime.js -> curated product skills.
         resolve(moduleDir, '..', '..', '..', '..', 'skills'),
         // Source-tree fallback when running through a TS loader.
         resolve(moduleDir, '..', '..', '..', '..', '..', 'skills'),
@@ -379,34 +443,156 @@ export function resolveBundledLinxSkillsDir(importMetaUrl = import.meta.url) {
     }
     return null;
 }
-function withBundledLinxSkillSourceInfo(base, bundledSkillsDir) {
+function ensurePiWebAccessConfig() {
+    const config = JSON.stringify({ workflow: 'none' }, null, 2) + '\n';
+    const linxPath = getSolidLinxPiWebAccessConfigPath();
+    const linxDir = getSolidLinxAppDir();
+    if (!existsSync(linxDir)) {
+        mkdirSync(linxDir, { recursive: true });
+    }
+    if (!existsSync(linxPath))
+        writeFileSync(linxPath, config);
+}
+export function resolveBundledPiPackageRoot(packageName, importMetaUrl = import.meta.url) {
+    const moduleDir = dirname(fileURLToPath(importMetaUrl));
+    const vendoredCandidates = [
+        // Published/built package: dist/lib/pi-adapter/runtime.js -> vendor/<package>.
+        resolve(moduleDir, '..', '..', '..', 'vendor', packageName),
+        // Defensive fallback for layouts that place vendor under dist.
+        resolve(moduleDir, '..', '..', 'vendor', packageName),
+    ];
+    for (const candidate of vendoredCandidates) {
+        if (existsSync(join(candidate, 'package.json'))) {
+            return candidate;
+        }
+    }
+    try {
+        const requireFromRuntime = createRequire(importMetaUrl);
+        return dirname(requireFromRuntime.resolve(`${packageName}/package.json`));
+    }
+    catch {
+        return null;
+    }
+}
+function withLinxSkillSourceInfo(base, options) {
+    const { bundledSkillsDir, marketSkillDirs } = options;
+    const filteredSkills = base.skills.filter((skill) => (!bundledSkillsDir
+        || !skill.filePath.startsWith(bundledSkillsDir)
+        || LINX_PRODUCT_SKILL_NAMES.has(skill.name)));
     return {
         ...base,
-        skills: base.skills.map((skill) => (skill.filePath.startsWith(bundledSkillsDir)
-            ? {
-                ...skill,
-                sourceInfo: {
-                    path: skill.filePath,
-                    source: LINX_PACKAGE_SOURCE,
-                    scope: 'temporary',
-                    origin: 'package',
-                    baseDir: bundledSkillsDir,
-                },
+        skills: filteredSkills.map((skill) => {
+            if (bundledSkillsDir && skill.filePath.startsWith(bundledSkillsDir)) {
+                return {
+                    ...skill,
+                    sourceInfo: {
+                        path: skill.filePath,
+                        source: LINX_PACKAGE_SOURCE,
+                        scope: 'temporary',
+                        origin: 'package',
+                        baseDir: bundledSkillsDir,
+                    },
+                };
+            }
+            const marketSkillDir = marketSkillDirs.find((dir) => skill.filePath.startsWith(dir));
+            if (marketSkillDir) {
+                return {
+                    ...skill,
+                    sourceInfo: {
+                        path: skill.filePath,
+                        source: MARKET_XPOD_CLI_SKILL_SOURCE,
+                        scope: 'temporary',
+                        origin: 'marketplace',
+                        version: resolveMarketSkillVersion(marketSkillDir),
+                        baseDir: marketSkillDir,
+                    },
+                };
             }
-            : skill)),
+            return skill;
+        }),
     };
 }
+export function resolveInstalledMarketSkillDirs() {
+    return [resolveInstalledXpodCliMarketSkillDir()].filter((path) => Boolean(path));
+}
+function resolveInstalledXpodCliMarketSkillDir() {
+    const codexHome = process.env.CODEX_HOME?.trim() || join(homedir(), '.codex');
+    const versionsRoot = join(codexHome, 'plugins', 'cache', 'undefineds', 'xpod-cli');
+    if (!existsSync(versionsRoot)) {
+        return null;
+    }
+    const candidates = [];
+    for (const entry of safeReadDir(versionsRoot)) {
+        const versionDir = join(versionsRoot, entry);
+        if (!safeIsDirectory(versionDir)) {
+            continue;
+        }
+        const skillDir = join(versionDir, 'skills', 'xpod-cli');
+        if (existsSync(join(skillDir, 'SKILL.md'))) {
+            candidates.push({ version: entry, dir: skillDir });
+        }
+    }
+    candidates.sort((a, b) => compareVersionLike(b.version, a.version));
+    return candidates[0]?.dir ?? null;
+}
+function resolveMarketSkillVersion(skillDir) {
+    const version = basename(dirname(dirname(skillDir)));
+    return version && version !== 'skills' ? version : undefined;
+}
+function safeReadDir(dir) {
+    try {
+        return readdirSync(dir);
+    }
+    catch {
+        return [];
+    }
+}
+function safeIsDirectory(path) {
+    try {
+        return statSync(path).isDirectory();
+    }
+    catch {
+        return false;
+    }
+}
+function compareVersionLike(a, b) {
+    const left = a.split(/[.-]/u).map((part) => Number(part));
+    const right = b.split(/[.-]/u).map((part) => Number(part));
+    const length = Math.max(left.length, right.length);
+    for (let i = 0; i < length; i += 1) {
+        const l = Number.isFinite(left[i]) ? left[i] : 0;
+        const r = Number.isFinite(right[i]) ? right[i] : 0;
+        if (l !== r) {
+            return l - r;
+        }
+    }
+    return a.localeCompare(b);
+}
+function enableLinxXhighThinking(session) {
+    const originalSupportsXhighThinking = session.supportsXhighThinking?.bind(session);
+    const originalGetAvailableThinkingLevels = session.getAvailableThinkingLevels?.bind(session);
+    session.supportsXhighThinking = () => (session.model?.provider === UNDEFINEDS_PROVIDER_ID && session.model.reasoning
+        ? (session.getAvailableThinkingLevels?.().includes('xhigh') ?? true)
+        : (originalSupportsXhighThinking?.() ?? false));
+    if (originalGetAvailableThinkingLevels) {
+        session.getAvailableThinkingLevels = () => {
+            const levels = originalGetAvailableThinkingLevels();
+            if (session.model?.provider === UNDEFINEDS_PROVIDER_ID && session.model.reasoning && !levels.includes('xhigh')) {
+                return [...levels, 'xhigh'];
+            }
+            return levels;
+        };
+    }
+}
 export function createLinxPiCodingTools(cwd, options = {}) {
     const localBashOperations = options.bashOperations ?? createLocalBashOperations();
     const bashTimeoutSeconds = options.bashTimeoutSeconds ?? DEFAULT_LINX_PI_BASH_TIMEOUT_SECONDS;
     return createCodingTools(cwd, {
         bash: {
-            commandPrefix: buildLinxToolCommandPrefix(),
             operations: {
                 exec(command, workingDirectory, options) {
-                    return localBashOperations.exec(command, workingDirectory ?? process.cwd(), {
+                    return localBashOperations.exec(command, workingDirectory ?? cwd, {
                         ...options,
-                        env: withLinxToolPath(options.env),
                         timeout: typeof options.timeout === 'number'
                             ? options.timeout
                             : bashTimeoutSeconds,
@@ -416,104 +602,147 @@ export function createLinxPiCodingTools(cwd, options = {}) {
         },
     });
 }
-export function createLinxPiBashToolDefinition(cwd, options = {}) {
-    const localBashOperations = options.bashOperations ?? createLocalBashOperations();
-    const bashTimeoutSeconds = options.bashTimeoutSeconds ?? DEFAULT_LINX_PI_BASH_TIMEOUT_SECONDS;
-    return createBashToolDefinition(cwd, {
-        commandPrefix: buildLinxToolCommandPrefix(),
-        operations: {
-            exec(command, workingDirectory, options) {
-                return localBashOperations.exec(command, workingDirectory ?? process.cwd(), {
-                    ...options,
-                    env: withLinxToolPath(options.env),
-                    timeout: typeof options.timeout === 'number'
-                        ? options.timeout
-                        : bashTimeoutSeconds,
-                });
-            },
-        },
-    });
+function isAuthExpiredError(error) {
+    return isRemoteAuthExpiredError(error);
+}
+function createBearerAuthFetch(apiKey) {
+    return async (url, init) => {
+        const headers = new Headers(init?.headers);
+        headers.set('Authorization', `Bearer ${apiKey}`);
+        return fetch(url, { ...init, headers });
+    };
 }
-function buildLinxToolCommandPrefix() {
-    const udfsBin = resolveUdfsToolBinFile();
-    if (!udfsBin) {
-        return undefined;
+function resolveRuntimeAuthFetchFromApiKey(apiKey) {
+    const trimmed = apiKey?.trim();
+    if (!trimmed || trimmed === LINX_RUNTIME_MANAGED_AUTH_KEY) {
+        return null;
     }
-    return `udfs() { node ${shellQuote(udfsBin)} "$@"; }`;
+    return createBearerAuthFetch(trimmed);
 }
-function withLinxToolPath(env) {
-    const nextEnv = { ...(env ?? process.env) };
-    const udfsBinDir = resolveUdfsToolBinDir();
-    if (!udfsBinDir) {
-        return nextEnv;
+async function resolveLinxPiCloudAuthFetch(options) {
+    if (options.getPodDataSession) {
+        return createPodDataSessionAuthFetch(options.getPodDataSession);
     }
-    const pathKey = Object.keys(nextEnv).find((key) => key.toLowerCase() === 'path') ?? 'PATH';
-    const currentPath = nextEnv[pathKey] ?? '';
-    const entries = currentPath.split(delimiter).filter(Boolean);
-    if (!entries.includes(udfsBinDir)) {
-        nextEnv[pathKey] = [udfsBinDir, currentPath].filter(Boolean).join(delimiter);
+    const session = await getDefaultPodDataSession();
+    if (session) {
+        return withCloudCompletionTimeout(session.runtimeFetch);
     }
-    return nextEnv;
+    throw new Error('No LinX cloud login found. Interactive TUI supports /login in-app. For non-interactive --print mode, run `linx login` first.');
 }
-function resolveUdfsToolBinFile(importMetaUrl = import.meta.url) {
-    const udfsBinDir = resolveUdfsToolBinDir(importMetaUrl);
-    if (!udfsBinDir) {
-        return null;
+function createPodDataSessionAuthFetch(getPodDataSession) {
+    if (getPodDataSession !== getDefaultPodDataSession) {
+        return withCloudCompletionTimeout(async (url, init) => {
+            const session = await getPodDataSession();
+            if (session) {
+                try {
+                    return await session.runtimeFetch(url, init);
+                }
+                finally {
+                    await session.close().catch(() => undefined);
+                }
+            }
+            throw new Error('No LinX cloud login found. Interactive TUI supports /login in-app. For non-interactive --print mode, run `linx login` first.');
+        });
     }
-    return join(udfsBinDir, 'udfs.js');
+    let cachedSession = null;
+    let cachedSessionPromise = null;
+    const getCachedSession = async () => {
+        if (cachedSession) {
+            return cachedSession;
+        }
+        if (!cachedSessionPromise) {
+            cachedSessionPromise = getPodDataSession().then((session) => {
+                cachedSession = session;
+                return session;
+            }).finally(() => {
+                cachedSessionPromise = null;
+            });
+        }
+        return cachedSessionPromise;
+    };
+    return withCloudCompletionTimeout(async (url, init) => {
+        const session = await getCachedSession();
+        if (session) {
+            return await session.runtimeFetch(url, init);
+        }
+        throw new Error('No LinX cloud login found. Interactive TUI supports /login in-app. For non-interactive --print mode, run `linx login` first.');
+    });
 }
-function resolveUdfsToolBinDir(importMetaUrl = import.meta.url) {
-    const moduleDir = dirname(fileURLToPath(importMetaUrl));
-    const candidates = [
-        // Published package: @undefineds.co/models dependency next to @undefineds.co/linx.
-        resolve(moduleDir, '..', '..', '..', '..', '@undefineds.co', 'models', 'dist', 'bin'),
-        // Workspace/dev tree: apps/cli/dist/lib/pi-adapter/runtime.js -> packages/models/dist/bin
-        resolve(moduleDir, '..', '..', '..', '..', '..', 'packages', 'models', 'dist', 'bin'),
-        // Source-tree fallback when running through a TS loader.
-        resolve(moduleDir, '..', '..', '..', '..', '..', '..', 'packages', 'models', 'dist', 'bin'),
-    ];
-    return candidates.find((candidate) => existsSync(join(candidate, 'udfs.js'))) ?? null;
+function withCloudCompletionTimeout(fetcher) {
+    return async (url, init) => {
+        if (!isChatCompletionRuntimeUrl(String(url))) {
+            return fetcher(url, init);
+        }
+        const timeoutMs = resolveLinxCloudCompletionTimeoutMs();
+        const controller = new AbortController();
+        const signal = init?.signal
+            ? combineAbortSignals(init.signal, controller.signal)
+            : controller.signal;
+        let timedOut = false;
+        const timer = setTimeout(() => {
+            timedOut = true;
+            controller.abort();
+        }, timeoutMs);
+        try {
+            return await Promise.race([
+                fetcher(url, { ...init, signal }),
+                new Promise((_resolve, reject) => {
+                    controller.signal.addEventListener('abort', () => {
+                        if (timedOut) {
+                            reject(new RemoteChatRequestError(formatLinxCloudTransientMessage(`Request exceeded ${formatTimeoutSeconds(timeoutMs)}s.`), 0, `Timed out waiting for POST ${url}`));
+                        }
+                    }, { once: true });
+                }),
+            ]);
+        }
+        catch (error) {
+            if (timedOut) {
+                throw new RemoteChatRequestError(formatLinxCloudTransientMessage(`Request exceeded ${formatTimeoutSeconds(timeoutMs)}s.`), 0, error instanceof Error ? error.message : String(error));
+            }
+            throw error;
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    };
 }
-function shellQuote(value) {
-    return `'${value.replace(/'/g, `'\\''`)}'`;
+function resolveLinxCloudCompletionTimeoutMs() {
+    const raw = process.env.LINX_CHAT_TIMEOUT_MS;
+    if (!raw) {
+        return DEFAULT_LINX_CLOUD_COMPLETION_TIMEOUT_MS;
+    }
+    const parsed = Number(raw);
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : DEFAULT_LINX_CLOUD_COMPLETION_TIMEOUT_MS;
 }
-function enableLinxXhighThinking(session) {
-    const originalSupportsXhighThinking = session.supportsXhighThinking?.bind(session);
-    const originalSupportsThinking = session.supportsThinking?.bind(session);
-    const originalGetAvailableThinkingLevels = session.getAvailableThinkingLevels?.bind(session);
-    const supportsLinxXhigh = () => (session.model?.provider === UNDEFINEDS_PROVIDER_ID && session.model.reasoning
-        ? true
-        : originalSupportsXhighThinking?.() ?? false);
-    session.supportsXhighThinking = supportsLinxXhigh;
-    if (originalSupportsThinking) {
-        session.supportsThinking = () => (session.model?.provider === UNDEFINEDS_PROVIDER_ID && session.model.reasoning
-            ? true
-            : originalSupportsThinking());
+function formatTimeoutSeconds(timeoutMs) {
+    return Math.max(1, Math.round(timeoutMs / 1000));
+}
+function isChatCompletionRuntimeUrl(value) {
+    try {
+        const target = new URL(value);
+        const segments = target.pathname.split('/').filter(Boolean);
+        return segments.length >= 3
+            && /^v\d+$/.test(segments.at(-3) ?? '')
+            && segments.at(-2) === 'chat'
+            && segments.at(-1) === 'completions';
     }
-    if (originalGetAvailableThinkingLevels) {
-        session.getAvailableThinkingLevels = () => {
-            const levels = originalGetAvailableThinkingLevels();
-            if (supportsLinxXhigh() && !levels.includes('xhigh')) {
-                return [...levels, 'xhigh'];
-            }
-            return levels;
-        };
+    catch {
+        return false;
     }
 }
-function restoreLinxThinkingDefault(session, settingsManager) {
-    if (session.model?.provider !== UNDEFINEDS_PROVIDER_ID || !session.model.reasoning) {
-        return;
+function combineAbortSignals(left, right) {
+    if (typeof AbortSignal.any === 'function') {
+        return AbortSignal.any([left, right]);
     }
-    const defaultThinkingLevel = settingsManager.getDefaultThinkingLevel();
-    if (!defaultThinkingLevel || defaultThinkingLevel === 'off') {
-        return;
+    const controller = new AbortController();
+    const abort = () => controller.abort();
+    if (left.aborted || right.aborted) {
+        abort();
+        return controller.signal;
     }
-    if (session.getAvailableThinkingLevels?.().includes(defaultThinkingLevel)) {
-        session.setThinkingLevel?.(defaultThinkingLevel);
-    }
-}
-function isAuthExpiredError(error) {
-    return isRemoteAuthExpiredError(error);
+    left.addEventListener('abort', abort, { once: true });
+    right.addEventListener('abort', abort, { once: true });
+    return controller.signal;
 }
 function sanitizeLinxCloudDefaults(settingsManager, requestedModel, providerModels) {
     const availableModelIds = new Set(providerModels.map((model) => model.id));
@@ -532,8 +761,11 @@ function buildProviderModel(input) {
     return {
         id: input.id,
         name: input.id,
-        api: 'openai-completions',
+        api: UNDEFINEDS_PROVIDER_API,
         reasoning: true,
+        thinkingLevelMap: {
+            xhigh: 'xhigh',
+        },
         input: ['text'],
         cost: {
             input: 0,
@@ -561,7 +793,7 @@ function mergeLinxProviderModels(models, activeModelId) {
     ]) {
         byId.set(id, {
             id,
-            contextWindow: 1_000_000,
+            contextWindow: normalizeLinxCloudContextWindow(undefined),
         });
     }
     for (const model of models) {
@@ -571,20 +803,15 @@ function mergeLinxProviderModels(models, activeModelId) {
         }
         byId.set(id, {
             id,
-            contextWindow: model.contextWindow,
+            contextWindow: normalizeLinxCloudContextWindow(model.contextWindow),
         });
     }
     return [...byId.values()];
 }
-async function resolveLinxPiCloudApiKey(options) {
-    if (options.explicitApiKey) {
-        return options.explicitApiKey;
-    }
-    const credential = await resolveLinxPiCloudOAuthCredential(options.issuerUrl);
-    if (credential?.access) {
-        return credential.access;
-    }
-    throw new Error('No LinX cloud login found. Interactive TUI supports /login in-app. For non-interactive --print mode, run `linx login` first.');
+function normalizeLinxCloudContextWindow(contextWindow) {
+    return typeof contextWindow === 'number' && Number.isFinite(contextWindow) && contextWindow > 0
+        ? contextWindow
+        : DEFAULT_LINX_CLOUD_CONTEXT_WINDOW;
 }
 function withSystemPrompt(systemPrompt, messages) {
     const prompt = systemPrompt?.trim();
@@ -603,6 +830,9 @@ function overrideLinxSystemPrompt(base) {
         'When replying in Chinese, describe yourself as "AI主理人".',
         'Use a friendly, direct style like: "你好！我是 LinX，一个 AI 主理人，很高兴为你服务！"',
         'Keep Pi-compatible coding agent behavior: read files, run commands, edit code, use tools, and follow project instructions.',
+        'When introducing capabilities, describe only user-facing LinX product abilities and the currently available runtime actions.',
+        'Do not advertise repository-local agent instructions, internal command names, bundled plugin skill names, package names, or developer-only workflows as features the user can call.',
+        'If a capability depends on the current workspace, installed tools, login state, backend, or Symphony mode, state that dependency instead of implying it is always available.',
     ].join('\n');
     if (!original) {
         return identity;