agentxl 1.0.0

package/bin/agentxl.js

@@ -0,0 +1,377 @@
+#!/usr/bin/env node
+
+import { readFileSync, existsSync } from "fs";
+import { resolve, join, dirname } from "path";
+import { fileURLToPath } from "url";
+import { homedir } from "os";
+import { createInterface } from "readline";
+
+// ---------------------------------------------------------------------------
+// Package info
+// ---------------------------------------------------------------------------
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+const pkgPath = join(__dirname, "..", "package.json");
+const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+const VERSION = pkg.version;
+
+// ---------------------------------------------------------------------------
+// Arg parsing
+// ---------------------------------------------------------------------------
+
+const args = process.argv.slice(2);
+const command = args[0];
+
+function getFlag(name) {
+  const eqIdx = args.findIndex((a) => a.startsWith(`--${name}=`));
+  if (eqIdx !== -1) return args[eqIdx].split("=")[1];
+  const spaceIdx = args.indexOf(`--${name}`);
+  if (spaceIdx !== -1 && args[spaceIdx + 1]) return args[spaceIdx + 1];
+  return undefined;
+}
+
+const hasFlag = (name) => args.includes(`--${name}`);
+
+// ---------------------------------------------------------------------------
+// Terminal I/O helpers
+// ---------------------------------------------------------------------------
+
+function prompt(question) {
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+
+function promptSecret(question) {
+  return new Promise((resolve) => {
+    process.stdout.write(question);
+    const rl = createInterface({ input: process.stdin, terminal: false });
+    if (process.stdin.isTTY) process.stdin.setRawMode?.(false);
+    rl.on("line", (line) => {
+      rl.close();
+      process.stdout.write("\n");
+      resolve(line.trim());
+    });
+  });
+}
+
+async function openUrl(url) {
+  const { exec } = await import("child_process");
+  const cmd =
+    process.platform === "win32"
+      ? `start "" "${url}"`
+      : process.platform === "darwin"
+        ? `open "${url}"`
+        : `xdg-open "${url}"`;
+  exec(cmd);
+}
+
+// ---------------------------------------------------------------------------
+// Step-by-step progress output
+// ---------------------------------------------------------------------------
+
+/** Print a step status: ✅ done, ⏳ in progress, ❌ failed */
+function step(icon, text) {
+  console.log(`  ${icon} ${text}`);
+}
+
+// ---------------------------------------------------------------------------
+// Auth flow using Pi SDK
+// ---------------------------------------------------------------------------
+
+async function checkAuth() {
+  const { AuthStorage } = await import("@mariozechner/pi-coding-agent");
+
+  const piAuthPath = join(homedir(), ".pi", "agent", "auth.json");
+  const agentxlAuthPath = join(homedir(), ".agentxl", "auth.json");
+  const authPath = existsSync(piAuthPath) ? piAuthPath : agentxlAuthPath;
+  const authStorage = new AuthStorage(authPath);
+
+  return authStorage.list().length > 0;
+}
+
+async function runAuthFlow() {
+  const { AuthStorage } = await import("@mariozechner/pi-coding-agent");
+  const { getOAuthProviders } = await import("@mariozechner/pi-ai");
+
+  const piAuthPath = join(homedir(), ".pi", "agent", "auth.json");
+  const agentxlAuthPath = join(homedir(), ".agentxl", "auth.json");
+  const authPath = existsSync(piAuthPath) ? piAuthPath : agentxlAuthPath;
+  const authStorage = new AuthStorage(authPath);
+
+  // Check if already authenticated
+  if (authStorage.list().length > 0) {
+    return true;
+  }
+
+  console.log(`
+  No API credentials found. Let's get you set up.
+
+  How would you like to connect?
+
+    Use an existing subscription (no API key needed):
+      1. Claude Pro/Max — sign in with your Anthropic account
+      2. ChatGPT Plus/Pro — sign in with your OpenAI account
+      3. GitHub Copilot — sign in with your GitHub account
+      4. Gemini — sign in with your Google account
+
+    Use an API key:
+      5. Paste an API key (Anthropic, OpenRouter, or OpenAI)
+
+    No account yet?
+      → Create a free OpenRouter account at https://openrouter.ai
+        Get an API key instantly. Free models available.
+`);
+
+  // Build choices — OAuth providers + API key
+  const oauthProviders = getOAuthProviders();
+  const choices = [];
+  for (const p of oauthProviders) {
+    choices.push({ type: "oauth", id: p.id, name: p.name, provider: p });
+  }
+  choices.push({ type: "apikey", id: "apikey", name: "Paste an API key" });
+
+  const answer = await prompt("  Enter choice (1-" + choices.length + "): ");
+  const idx = parseInt(answer, 10) - 1;
+
+  if (isNaN(idx) || idx < 0 || idx >= choices.length) {
+    console.error("\n  Invalid choice. Run 'agentxl login' to try again.\n");
+    return false;
+  }
+
+  const choice = choices[idx];
+
+  if (choice.type === "oauth") {
+    console.log(`\n  Signing in with ${choice.name}...\n`);
+
+    try {
+      await authStorage.login(choice.id, {
+        onAuth: (info) => {
+          console.log(`  🌐 Opening browser for sign-in...`);
+          console.log(`     ${info.url}\n`);
+          if (info.instructions) {
+            console.log(`     ${info.instructions}\n`);
+          }
+          openUrl(info.url);
+        },
+        onPrompt: async (p) => {
+          const answer = await prompt(`  ${p.message}: `);
+          return answer;
+        },
+        onProgress: (message) => {
+          console.log(`  ${message}`);
+        },
+        onManualCodeInput: async () => {
+          const code = await prompt("  Enter the code from the browser: ");
+          return code;
+        },
+      });
+
+      console.log(`\n  ✅ Signed in with ${choice.name}\n`);
+      return true;
+    } catch (err) {
+      console.error(`\n  ❌ Sign-in failed: ${err.message}\n`);
+      return false;
+    }
+  } else {
+    // API key flow
+    console.log(`
+  Paste your API key below.
+
+  Key prefixes:
+    sk-ant-...  → Anthropic (Claude)
+    sk-or-...   → OpenRouter (100+ models)
+    sk-...      → OpenAI (GPT-4o)
+`);
+
+    const key = await promptSecret("  API key: ");
+
+    if (!key) {
+      console.error("\n  No key entered. Run 'agentxl login' to try again.\n");
+      return false;
+    }
+
+    // Auto-detect provider from key prefix
+    let provider;
+    if (key.startsWith("sk-ant-")) provider = "anthropic";
+    else if (key.startsWith("sk-or-")) provider = "openrouter";
+    else if (key.startsWith("sk-")) provider = "openai";
+    else {
+      const p = await prompt("  Could not detect provider. Enter provider name (anthropic/openrouter/openai): ");
+      provider = p.toLowerCase();
+    }
+
+    authStorage.set(provider, { type: "api_key", key });
+    console.log(`\n  ✅ API key saved for ${provider}\n`);
+    return true;
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Commands
+// ---------------------------------------------------------------------------
+
+function printHelp() {
+  console.log(`
+AgentXL v${VERSION} — AI agent for Microsoft Excel
+
+Usage:
+  agentxl start [options]    Start the AgentXL server
+  agentxl login              Set up or change API credentials
+  agentxl --version          Print version
+  agentxl --help             Show this help
+
+Options:
+  --port <number>            Port to listen on (default: 3001)
+  --verbose                  Log all HTTP requests
+
+Examples:
+  agentxl start
+  agentxl start --port 3002
+  agentxl login
+`);
+}
+
+async function start() {
+  const port = parseInt(getFlag("port") || "3001", 10);
+
+  if (isNaN(port) || port < 1 || port > 65535) {
+    console.error(`Error: Invalid port number. Must be 1-65535.`);
+    process.exit(1);
+  }
+
+  console.log(`
+  ┌──────────────────────────────────────┐
+  │         AgentXL v${VERSION.padEnd(19)}│
+  │      AI agent for Microsoft Excel    │
+  └──────────────────────────────────────┘
+`);
+
+  // ── Step 1: Load modules ───────────────────────────────────────────────
+  let ensureCerts, startServer, stopServer, setVerbose;
+  try {
+    const certs = await import("../dist/server/certs.js");
+    const server = await import("../dist/server/index.js");
+    ensureCerts = certs.ensureCerts;
+    startServer = server.startServer;
+    stopServer = server.stopServer;
+    setVerbose = server.setVerbose;
+  } catch (err) {
+    step("❌", "Could not load AgentXL server modules");
+    console.error("     Run 'npm run build' first to compile TypeScript.");
+    console.error(`     ${err.message}`);
+    process.exit(1);
+  }
+
+  // ── Step 2: Check auth ─────────────────────────────────────────────────
+  const hasAuth = await checkAuth();
+  if (hasAuth) {
+    step("✅", "Auth ready");
+  } else {
+    const authed = await runAuthFlow();
+    if (!authed) process.exit(1);
+    step("✅", "Auth ready");
+  }
+
+  // ── Step 3: HTTPS certificates ─────────────────────────────────────────
+  try {
+    const certPair = await ensureCerts();
+    step("✅", "HTTPS certificate ready");
+
+    // ── Step 4: Start server ───────────────────────────────────────────────
+    if (hasFlag("verbose")) setVerbose(true);
+    await startServer(port, certPair);
+    step("✅", `Server running at https://localhost:${port}`);
+  } catch (err) {
+    step("❌", `Server failed to start: ${err.message}`);
+    process.exit(1);
+  }
+
+  // ── Post-start guidance ────────────────────────────────────────────────
+  const manifestPath = resolve(__dirname, "..", "manifest", "manifest.xml");
+  const manifestExists = existsSync(manifestPath);
+
+  console.log(`
+  ─────────────────────────────────────────────────
+  All systems go. Here's what to do next:
+  ─────────────────────────────────────────────────
+
+  🌐 Test in browser (confirm everything works):
+     https://localhost:${port}/taskpane/
+
+  📎 Load in Excel (one-time setup):
+     1. Excel → File → Options → Trust Center → Trust Center Settings
+     2. Trusted Add-in Catalogs → add path: ${manifestExists ? dirname(manifestPath) : "[manifest folder]"}
+     3. Check "Show in Menu" → OK → OK
+     4. Restart Excel
+     5. Insert → My Add-ins → SHARED FOLDER → AgentXL → Add
+
+  After setup, just run 'agentxl start' and click
+  AgentXL on the Home ribbon. No re-sideloading needed.
+
+  💬 Try your first message:
+     "What can you help me with in this workbook?"
+`);
+
+  // ── Graceful shutdown ──────────────────────────────────────────────────
+  let shuttingDown = false;
+  const shutdown = () => {
+    if (shuttingDown) return;
+    shuttingDown = true;
+    console.log("\n  AgentXL stopped. Goodbye!\n");
+    const forceExit = setTimeout(() => process.exit(0), 2000);
+    forceExit.unref?.();
+    stopServer().then(() => process.exit(0));
+  };
+
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+}
+
+async function login() {
+  console.log("");
+  const authed = await runAuthFlow();
+  if (authed) {
+    console.log("  Run 'agentxl start' to launch the server.\n");
+  }
+  process.exit(authed ? 0 : 1);
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+if (hasFlag("version") || command === "--version") {
+  console.log(VERSION);
+  process.exit(0);
+}
+
+if (hasFlag("help") || command === "--help" || command === "help") {
+  printHelp();
+  process.exit(0);
+}
+
+if (command === "start") {
+  start().catch((err) => {
+    console.error(`\n  ❌ ${err.message || err}\n`);
+    process.exit(1);
+  });
+} else if (command === "login") {
+  login().catch((err) => {
+    console.error(`\n  ❌ ${err.message || err}\n`);
+    process.exit(1);
+  });
+} else if (!command) {
+  printHelp();
+  process.exit(0);
+} else {
+  console.error(`Unknown command: ${command}`);
+  console.error(`Run 'agentxl --help' for usage.`);
+  process.exit(1);
+}

package/dist/agent/auth.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth.d.ts.map

package/dist/agent/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/agent/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC"}

package/dist/agent/auth.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth.js.map

package/dist/agent/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/agent/auth.ts"],"names":[],"mappings":""}

package/dist/agent/models.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Default model selection per provider.
+ *
+ * Checks providers in order: Anthropic → OpenRouter → OpenAI.
+ * Prefers subscriptions (OAuth) over API keys — subscriptions are already paid for.
+ * Returns the first model that has auth configured.
+ */
+import type { Model, Api } from "@mariozechner/pi-ai";
+import type { ModelRegistry } from "@mariozechner/pi-coding-agent";
+/**
+ * Get the best available model based on configured auth.
+ *
+ * Priority:
+ * 1. Subscriptions (OAuth) — Anthropic, OpenAI Codex (already paid for)
+ * 2. API keys — OpenRouter, OpenAI, etc.
+ *
+ * Within each tier, checks PREFERRED_MODELS in order.
+ * Returns null if no provider has auth configured.
+ */
+export declare function getDefaultModel(modelRegistry: ModelRegistry): Model<Api> | null;
+//# sourceMappingURL=models.d.ts.map

package/dist/agent/models.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../src/agent/models.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAUnE;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAC7B,aAAa,EAAE,aAAa,GAC3B,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAsBnB"}

package/dist/agent/models.js

@@ -0,0 +1,46 @@
+/**
+ * Default model selection per provider.
+ *
+ * Checks providers in order: Anthropic → OpenRouter → OpenAI.
+ * Prefers subscriptions (OAuth) over API keys — subscriptions are already paid for.
+ * Returns the first model that has auth configured.
+ */
+/** Provider → preferred model ID, checked in priority order. */
+const PREFERRED_MODELS = [
+    { provider: "anthropic", modelId: "claude-sonnet-4-20250514" },
+    { provider: "openai-codex", modelId: "gpt-5.1" },
+    { provider: "openrouter", modelId: "anthropic/claude-sonnet-4" },
+    { provider: "openai", modelId: "gpt-4o" },
+];
+/**
+ * Get the best available model based on configured auth.
+ *
+ * Priority:
+ * 1. Subscriptions (OAuth) — Anthropic, OpenAI Codex (already paid for)
+ * 2. API keys — OpenRouter, OpenAI, etc.
+ *
+ * Within each tier, checks PREFERRED_MODELS in order.
+ * Returns null if no provider has auth configured.
+ */
+export function getDefaultModel(modelRegistry) {
+    // Only consider models that have auth configured
+    const available = modelRegistry.getAvailable();
+    if (available.length === 0)
+        return null;
+    // Split into OAuth (subscriptions) vs API key models
+    const oauthModels = available.filter((m) => modelRegistry.isUsingOAuth(m));
+    const apiKeyModels = available.filter((m) => !modelRegistry.isUsingOAuth(m));
+    // Check preferred models — subscriptions first, then API keys
+    for (const pool of [oauthModels, apiKeyModels]) {
+        for (const { provider, modelId } of PREFERRED_MODELS) {
+            const match = pool.find((m) => m.provider === provider && m.id === modelId);
+            if (match)
+                return match;
+        }
+    }
+    // Fallback: first OAuth model, then first API key model
+    if (oauthModels.length > 0)
+        return oauthModels[0];
+    return available[0];
+}
+//# sourceMappingURL=models.js.map

package/dist/agent/models.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"models.js","sourceRoot":"","sources":["../../src/agent/models.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,gEAAgE;AAChE,MAAM,gBAAgB,GAAiD;IACrE,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,0BAA0B,EAAE;IAC9D,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE;IAChD,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,2BAA2B,EAAE;IAChE,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC1C,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,aAA4B;IAE5B,iDAAiD;IACjD,MAAM,SAAS,GAAG,aAAa,CAAC,YAAY,EAAE,CAAC;IAC/C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,qDAAqD;IACrD,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAE7E,8DAA8D;IAC9D,KAAK,MAAM,IAAI,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;QAC/C,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC;YACrD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,EAAE,KAAK,OAAO,CACnD,CAAC;YACF,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC;IAClD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC"}

package/dist/agent/provider/azure-provider.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=azure-provider.d.ts.map

package/dist/agent/provider/azure-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-provider.d.ts","sourceRoot":"","sources":["../../../src/agent/provider/azure-provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC"}

package/dist/agent/provider/azure-provider.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=azure-provider.js.map

package/dist/agent/provider/azure-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-provider.js","sourceRoot":"","sources":["../../../src/agent/provider/azure-provider.ts"],"names":[],"mappings":""}

package/dist/agent/session.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Pi SDK agent session management.
+ *
+ * Module-level singleton: one session, persists across requests.
+ * Provides init, get, reset, and auth-check exports for the server.
+ */
+import { AuthStorage, ModelRegistry, type AgentSession } from "@mariozechner/pi-coding-agent";
+declare let authStorage: AuthStorage;
+declare let modelRegistry: ModelRegistry;
+/**
+ * Initialize a new agent session.
+ * Picks the best available model, creates a Pi SDK session with no built-in
+ * tools (Excel-only agent — custom tools come in Module 2).
+ */
+export declare function initSession(): Promise<AgentSession>;
+/**
+ * Get the current session, or create one if none exists.
+ */
+export declare function getSession(): Promise<AgentSession>;
+/**
+ * Check if any provider has auth configured.
+ * Fast check — does not refresh OAuth tokens.
+ */
+export declare function isAuthenticated(): boolean;
+/**
+ * Get the provider for the model the session is actually using.
+ * Before a session is created, returns the provider that getDefaultModel()
+ * would select — same ranking logic, same result.
+ */
+export declare function getAuthProvider(): string | null;
+/**
+ * Dispose the current session, rebuild auth, and clear state.
+ * Called when auth changes so the next request creates a fresh session
+ * from the current auth source.
+ */
+export declare function resetSession(): void;
+/**
+ * Abort the current in-flight prompt, if any.
+ * Used on client disconnect to stop wasting tokens.
+ */
+export declare function abortSession(): Promise<void>;
+export { authStorage, modelRegistry };
+//# sourceMappingURL=session.d.ts.map

package/dist/agent/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/agent/session.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAEL,WAAW,EACX,aAAa,EAGb,KAAK,YAAY,EAClB,MAAM,+BAA+B,CAAC;AA2BvC,QAAA,IAAI,WAAW,aAAqC,CAAC;AACrD,QAAA,IAAI,aAAa,eAAiC,CAAC;AA0BnD;;;;GAIG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,YAAY,CAAC,CA8BzD;AAED;;GAEG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC,CAKxD;AAED;;;GAGG;AACH,wBAAgB,eAAe,IAAI,OAAO,CAIzC;AAED;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,CAQ/C;AAED;;;;GAIG;AACH,wBAAgB,YAAY,IAAI,IAAI,CAMnC;AAED;;;GAGG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAQlD;AAGD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}

package/dist/agent/session.js

@@ -0,0 +1,145 @@
+/**
+ * Pi SDK agent session management.
+ *
+ * Module-level singleton: one session, persists across requests.
+ * Provides init, get, reset, and auth-check exports for the server.
+ */
+import { join } from "path";
+import { homedir } from "os";
+import { existsSync } from "fs";
+import { createAgentSession, AuthStorage, ModelRegistry, SessionManager, SettingsManager, } from "@mariozechner/pi-coding-agent";
+import { getDefaultModel } from "./models.js";
+// ---------------------------------------------------------------------------
+// Paths
+// ---------------------------------------------------------------------------
+const AGENTXL_DIR = join(homedir(), ".agentxl");
+const AGENTXL_AUTH_PATH = join(AGENTXL_DIR, "auth.json");
+const PI_AUTH_PATH = join(homedir(), ".pi", "agent", "auth.json");
+/**
+ * Resolve auth file path.
+ * Uses AgentXL's own auth.json if it exists, otherwise falls back to
+ * Pi's auth.json. This lets users who already have Pi set up get seamless
+ * auth — same subscriptions, same OAuth tokens, auto-refreshed.
+ */
+function resolveAuthPath() {
+    if (existsSync(AGENTXL_AUTH_PATH))
+        return AGENTXL_AUTH_PATH;
+    if (existsSync(PI_AUTH_PATH))
+        return PI_AUTH_PATH;
+    return AGENTXL_AUTH_PATH; // default (will be created on first auth)
+}
+// ---------------------------------------------------------------------------
+// Singletons — rebuilt on resetSession() to pick up auth changes
+// ---------------------------------------------------------------------------
+let authStorage = new AuthStorage(resolveAuthPath());
+let modelRegistry = new ModelRegistry(authStorage);
+/** Active agent session (null until first prompt) */
+let currentSession = null;
+/** Provider selected for the active session */
+let selectedProvider = null;
+// ---------------------------------------------------------------------------
+// Internal: rebuild auth/model singletons
+// ---------------------------------------------------------------------------
+/**
+ * Rebuild AuthStorage and ModelRegistry from current auth path.
+ * Called by resetSession() so runtime auth changes are picked up.
+ */
+function rebuildAuth() {
+    authStorage = new AuthStorage(resolveAuthPath());
+    modelRegistry = new ModelRegistry(authStorage);
+    selectedProvider = null;
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Initialize a new agent session.
+ * Picks the best available model, creates a Pi SDK session with no built-in
+ * tools (Excel-only agent — custom tools come in Module 2).
+ */
+export async function initSession() {
+    // Refresh to pick up any new keys
+    modelRegistry.refresh();
+    const model = getDefaultModel(modelRegistry);
+    if (!model) {
+        throw new Error("No model available. Run 'agentxl login' to set up authentication " +
+            "(API key or subscription).");
+    }
+    // Track the selected provider
+    selectedProvider = model.provider;
+    const { session } = await createAgentSession({
+        model,
+        thinkingLevel: "medium",
+        tools: [], // No built-in tools (read/bash/edit/write)
+        customTools: [], // Excel tools come in Module 2
+        sessionManager: SessionManager.inMemory(),
+        settingsManager: SettingsManager.inMemory({
+            compaction: { enabled: false },
+        }),
+        authStorage,
+        modelRegistry,
+    });
+    currentSession = session;
+    return session;
+}
+/**
+ * Get the current session, or create one if none exists.
+ */
+export async function getSession() {
+    if (currentSession) {
+        return currentSession;
+    }
+    return initSession();
+}
+/**
+ * Check if any provider has auth configured.
+ * Fast check — does not refresh OAuth tokens.
+ */
+export function isAuthenticated() {
+    modelRegistry.refresh();
+    const available = modelRegistry.getAvailable();
+    return available.length > 0;
+}
+/**
+ * Get the provider for the model the session is actually using.
+ * Before a session is created, returns the provider that getDefaultModel()
+ * would select — same ranking logic, same result.
+ */
+export function getAuthProvider() {
+    // If a session exists, return its actual provider
+    if (selectedProvider)
+        return selectedProvider;
+    // No session yet — preview what getDefaultModel() would pick
+    modelRegistry.refresh();
+    const model = getDefaultModel(modelRegistry);
+    return model?.provider ?? null;
+}
+/**
+ * Dispose the current session, rebuild auth, and clear state.
+ * Called when auth changes so the next request creates a fresh session
+ * from the current auth source.
+ */
+export function resetSession() {
+    if (currentSession) {
+        currentSession.dispose();
+        currentSession = null;
+    }
+    rebuildAuth();
+}
+/**
+ * Abort the current in-flight prompt, if any.
+ * Used on client disconnect to stop wasting tokens.
+ */
+export async function abortSession() {
+    if (currentSession) {
+        try {
+            await currentSession.abort();
+        }
+        catch {
+            // Ignore errors during abort — session may already be idle
+        }
+    }
+}
+// Exports for testing
+export { authStorage, modelRegistry };
+//# sourceMappingURL=session.js.map