arisa 3.0.1 → 3.0.3

package/AGENTS.md

@@ -93,10 +93,15 @@ Prefer responses like:
 
 For example, if the user asks for live weather and no weather tool exists, the correct attitude is to propose building a weather tool for the bot rather than only saying real-time access is unavailable.
 
+When creating or editing tools, follow the shared path helpers in `src/runtime/paths.js` and `src/core/tools/tool-config.js`:
+- config in `~/.arisa/tools/<tool>/config.js`
+- temp/runtime files in `~/.arisa/tmp/tools/<tool>/`
+- durable generated files should become artifacts in `~/.arisa/artifacts/`
+
 Consult the local skill for that workflow when building new tools.
 
 ## Safety
 - Do not install or run arbitrary tools outside registered `cli/*` manifests in V1.
 - Prefer tool manifests and CLI help over assumptions.
-- Keep tool configs inside `cli/<tool>/config.js`.
+- Keep tool configs inside `~/.arisa/tools/<tool>/config.js`.
 - Be proactive about extending capabilities, but do it through the project's tool architecture, not through ad hoc one-off behavior.

package/README.md

@@ -1,6 +1,16 @@
 # Arisa
 
-Arisa is a modular Telegram assistant powered by Pi Agent.
+Arisa is a personal Telegram assistant powered by Pi Agent.
+
+## Origin
+
+The initial inspiration was [OpenClaw](https://github.com/openclaw/openclaw). OpenClaw has interesting ideas but carries too much weight: when it generates tools they end up disorganized, and the overall framework feels overloaded for personal use.
+
+The real heart of OpenClaw is Pi Agent — a [minimal terminal coding harness](https://www.youtube.com/watch?v=Dli5slNaJu0) that lets an AI agent reason and act with very little infrastructure. That part is genuinely good.
+
+Telegram bots, on the other hand, work extremely well as a human interface. Simple, reliable, always in your pocket.
+
+So Arisa keeps exactly those two things — Pi Agent and Telegram — and nothing more. No pre-loaded opinions about what the agent should do or which tools it should have. The idea is that the agent builds itself around the user, not the other way around.
 
 It is designed around a simple idea:
 
@@ -10,7 +20,7 @@ It is designed around a simple idea:
 - **capabilities live in isolated CLI tools**
 - **tools can be chained through pipes**
 
-Arisa is meant to grow like Lego blocks. If a capability does not exist yet, the system should prefer adding a new tool instead of stopping at "I can't do that".
+If a capability does not exist yet, the system adds a new tool for it. The agent grows from real use, not from assumptions.
 
 ## Core concept
 
@@ -59,8 +69,13 @@ node index.js run --request-file <json>
 ```
 
 ### Configuration model
-- Telegram runtime config is stored in `data/state/config.json`
-- tool-specific secrets/config live in `cli/<tool>/config.js`
+- all runtime state lives under `~/.arisa/`
+- Telegram runtime config is stored in `~/.arisa/state/config.json`
+- artifact index is stored in `~/.arisa/state/artifacts.json`
+- incoming Telegram attachments are stored directly in `~/.arisa/artifacts/`
+- tool-specific secrets/config live in `~/.arisa/tools/<tool>/config.js`
+- tool runtime temp files and generated outputs live in `~/.arisa/tmp/tools/<tool>/`
+- durable files should end up in `~/.arisa/artifacts/`
 - Pi authentication can use either:
   - an API key entered during bootstrap
   - or Pi's existing OAuth login when supported, such as `openai-codex`
@@ -83,10 +98,11 @@ On first run, Arisa will:
 
 1. ask for a Telegram bot token
 2. ask for the maximum number of authorized chat ids
-3. show a list of Pi models
-4. resolve authentication for the selected Pi provider
-5. validate that Pi Agent works
-6. only then start listening to Telegram
+3. show Pi providers discovered from Pi Agent's model registry
+4. show the models available for the selected provider
+5. resolve authentication for the selected Pi provider
+6. validate that Pi Agent works
+7. only then start listening to Telegram
 
 Telegram bot tokens can be created with:
 
@@ -133,22 +149,25 @@ src/
 cli/
   openai-transcribe/
   openai-tts/
-data/
+~/.arisa/
   state/
   artifacts/
-  chats/
+  tools/
+  tmp/
 ```
 
 ## Philosophy
 
-Arisa should not default to passive answers like "I can't do that" when a missing capability can realistically be implemented as a new tool.
+The agent should not come preloaded with vices or assumptions. It starts minimal and grows through real use — shaped by the user, not by the framework.
 
-The preferred behavior is:
+When a capability is missing:
 
 1. check whether an existing tool can solve the task
-2. if not, propose creating the missing tool
+2. if not, build the missing tool
 3. keep the solution inside the tool architecture
 
+No "I can't do that" when the thing is realistically buildable.
+
 ## Notes
 
 - `AGENTS.md` defines the project-level behavioral rules for Pi Agent

package/cli/openai-transcribe/index.js

@@ -1,14 +1,18 @@
 import { readFile, stat } from "node:fs/promises";
-import path from "node:path";
-import config from "./config.js";
+import defaults from "./config.js";
+import { loadToolConfig } from "../../src/core/tools/tool-config.js";
+import { getToolConfigPath } from "../../src/runtime/paths.js";
+
+const toolName = "openai-transcribe";
+const config = await loadToolConfig(toolName, defaults);
 
 function printHelp() {
-  console.log(`openai-transcribe\n\nUso:\n  node index.js --help\n  node index.js run --request-file <json>\n\nInput esperado:\n  {\n    \"artifact\": { \"path\": \"/abs/audio.ogg\", \"mimeType\": \"audio/ogg\" },\n    \"args\": {}\n  }\n\nConfig en cli/openai-transcribe/config.js:\n  OPENAI_API_KEY\n  MODEL\n`);
+  console.log(`openai-transcribe\n\nUso:\n  node index.js --help\n  node index.js run --request-file <json>\n\nInput esperado:\n  {\n    \"artifact\": { \"path\": \"/abs/audio.ogg\", \"mimeType\": \"audio/ogg\" },\n    \"args\": {}\n  }\n\nConfig en ${getToolConfigPath(toolName)}:\n  OPENAI_API_KEY\n  MODEL\n`);
 }
 
 async function run(requestFile) {
   if (!config.OPENAI_API_KEY) {
-    console.log(JSON.stringify({ ok: false, missingConfig: ["OPENAI_API_KEY"], configPath: path.resolve("config.js") }));
+    console.log(JSON.stringify({ ok: false, missingConfig: ["OPENAI_API_KEY"], configPath: getToolConfigPath(toolName) }));
     return;
   }
 

package/cli/openai-tts/index.js

@@ -1,14 +1,19 @@
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import path from "node:path";
-import config from "./config.js";
+import defaults from "./config.js";
+import { loadToolConfig } from "../../src/core/tools/tool-config.js";
+import { getToolConfigPath, getToolOutDir } from "../../src/runtime/paths.js";
+
+const toolName = "openai-tts";
+const config = await loadToolConfig(toolName, defaults);
 
 function printHelp() {
-  console.log(`openai-tts\n\nUso:\n  node index.js --help\n  node index.js run --request-file <json>\n\nInput esperado:\n  {\n    \"text\": \"hola\",\n    \"artifact\": { \"text\": \"hola\" },\n    \"args\": { \"voice\": \"alloy\" }\n  }\n\nConfig en cli/openai-tts/config.js:\n  OPENAI_API_KEY\n  MODEL\n  VOICE\n`);
+  console.log(`openai-tts\n\nUso:\n  node index.js --help\n  node index.js run --request-file <json>\n\nInput esperado:\n  {\n    \"text\": \"hola\",\n    \"artifact\": { \"text\": \"hola\" },\n    \"args\": { \"voice\": \"alloy\" }\n  }\n\nConfig en ${getToolConfigPath(toolName)}:\n  OPENAI_API_KEY\n  MODEL\n  VOICE\n`);
 }
 
 async function run(requestFile) {
   if (!config.OPENAI_API_KEY) {
-    console.log(JSON.stringify({ ok: false, missingConfig: ["OPENAI_API_KEY"], configPath: path.resolve("config.js") }));
+    console.log(JSON.stringify({ ok: false, missingConfig: ["OPENAI_API_KEY"], configPath: getToolConfigPath(toolName) }));
     return;
   }
 
@@ -39,7 +44,7 @@ async function run(requestFile) {
     return;
   }
 
-  const outDir = path.resolve("out");
+  const outDir = getToolOutDir(toolName);
   await mkdir(outDir, { recursive: true });
   const filePath = path.join(outDir, `speech-${Date.now()}.mp3`);
   const buffer = Buffer.from(await response.arrayBuffer());

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "arisa",
-  "version": "3.0.1",
+  "version": "3.0.3",
   "description": "Telegram + Pi Agent modular assistant",
   "type": "module",
   "main": "src/index.js",

package/src/core/agent/agent-manager.js

@@ -1,32 +1,11 @@
 import path from "node:path";
-import { mkdir } from "node:fs/promises";
-import { AuthStorage, createAgentSession, ModelRegistry, SessionManager, defineTool } from "@mariozechner/pi-coding-agent";
+import { mkdir, unlink } from "node:fs/promises";
+import { createAgentSession, SessionManager, defineTool } from "@mariozechner/pi-coding-agent";
 import { Type } from "@sinclair/typebox";
+import { createPiRuntime, hasProviderAuth } from "./pi-runtime.js";
 
 const agentDir = path.resolve("data/pi-agent");
 
-function getOAuthProviderForModelProvider(provider) {
-  if (provider === "openai-codex") return "openai-codex";
-  if (provider === "anthropic") return "anthropic";
-  if (provider === "google") return "google-gemini-cli";
-  if (provider === "google-antigravity") return "google-antigravity";
-  if (provider === "github-copilot") return "github-copilot";
-  return provider;
-}
-
-function normalizePiConfig(pi) {
-  const provider = pi.provider === "codex" ? "openai" : pi.provider;
-  let model = pi.model;
-  if (pi.provider === "codex") {
-    if (model === "5.4") model = "gpt-5.4";
-    else if (model === "5.4-mini") model = "gpt-5.4-mini";
-    else if (model === "5.4-nano") model = "gpt-5.4-nano";
-    else if (model === "5.4-pro") model = "gpt-5.4-pro";
-    else if (!model.startsWith("gpt-")) model = `gpt-${model}`;
-  }
-  return { provider, model };
-}
-
 export class AgentManager {
   constructor({ config, artifactStore, toolRegistry }) {
     this.config = config;
@@ -41,20 +20,16 @@ export class AgentManager {
   }
 
   async validatePiAgent() {
-    const authStorage = AuthStorage.create();
-    const normalized = normalizePiConfig(this.config.pi);
-    if (this.config.pi.apiKey) {
-      authStorage.setRuntimeApiKey(normalized.provider, this.config.pi.apiKey);
-    }
-
-    const modelRegistry = ModelRegistry.create(authStorage);
-    const model = modelRegistry.find(normalized.provider, normalized.model);
+    const { authStorage, modelRegistry } = createPiRuntime({
+      provider: this.config.pi.provider,
+      apiKey: this.config.pi.apiKey
+    });
+    const model = modelRegistry.find(this.config.pi.provider, this.config.pi.model);
     if (!model) {
-      throw new Error(`Model not found: ${this.config.pi.provider}/${this.config.pi.model} (resolved to ${normalized.provider}/${normalized.model})`);
+      throw new Error(`Model not found: ${this.config.pi.provider}/${this.config.pi.model}`);
     }
-    const oauthProvider = getOAuthProviderForModelProvider(normalized.provider);
-    if (!this.config.pi.apiKey && !modelRegistry.hasConfiguredAuth(normalized.provider) && !authStorage.hasAuth(oauthProvider)) {
-      throw new Error(`No auth found for ${normalized.provider}. Provide a Pi API key in bootstrap, or authenticate with the internal /login flow during bootstrap.`);
+    if (!this.config.pi.apiKey && !hasProviderAuth(this.config.pi.provider, { authStorage, modelRegistry })) {
+      throw new Error(`No auth found for ${this.config.pi.provider}. Provide a Pi API key in bootstrap, or authenticate with Pi login for this provider during bootstrap.`);
     }
 
     const { session } = await createAgentSession({
@@ -70,17 +45,14 @@ export class AgentManager {
     if (this.sessions.has(chatId)) return this.sessions.get(chatId);
 
     await mkdir(agentDir, { recursive: true });
-    const authStorage = AuthStorage.create();
-    const normalized = normalizePiConfig(this.config.pi);
-    if (this.config.pi.apiKey) {
-      authStorage.setRuntimeApiKey(normalized.provider, this.config.pi.apiKey);
-    }
-    const modelRegistry = ModelRegistry.create(authStorage);
-    const model = modelRegistry.find(normalized.provider, normalized.model);
-    if (!model) throw new Error(`Model not found: ${this.config.pi.provider}/${this.config.pi.model} (resolved to ${normalized.provider}/${normalized.model})`);
-    const oauthProvider = getOAuthProviderForModelProvider(normalized.provider);
-    if (!this.config.pi.apiKey && !modelRegistry.hasConfiguredAuth(normalized.provider) && !authStorage.hasAuth(oauthProvider)) {
-      throw new Error(`No auth found for ${normalized.provider}. Re-run bootstrap and complete login for this provider before Telegram starts.`);
+    const { authStorage, modelRegistry } = createPiRuntime({
+      provider: this.config.pi.provider,
+      apiKey: this.config.pi.apiKey
+    });
+    const model = modelRegistry.find(this.config.pi.provider, this.config.pi.model);
+    if (!model) throw new Error(`Model not found: ${this.config.pi.provider}/${this.config.pi.model}`);
+    if (!this.config.pi.apiKey && !hasProviderAuth(this.config.pi.provider, { authStorage, modelRegistry })) {
+      throw new Error(`No auth found for ${this.config.pi.provider}. Re-run bootstrap and complete login for this provider before Telegram starts.`);
     }
 
     const cwd = path.resolve("data/chats", String(chatId));
@@ -131,7 +103,7 @@ export class AgentManager {
       defineTool({
         name: "set_tool_config",
         label: "Set tool config",
-        description: "Write a value into cli/<tool>/config.js.",
+        description: "Write a value into ~/.arisa/tools/<tool>/config.js.",
         parameters: Type.Object({ name: Type.String(), field: Type.String(), value: Type.String() }),
         execute: async (_id, params) => {
           await this.toolRegistry.load();
@@ -186,6 +158,7 @@ export class AgentManager {
               metadata: { tool: params.name }
             });
             result.output.artifactId = generated.id;
+            await unlink(result.output.filePath).catch(() => {});
           }
 
           return {
@@ -210,6 +183,7 @@ export class AgentManager {
             return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }], details: result };
           }
           await telegram.sendAudio(result.output.filePath, params.text);
+          await unlink(result.output.filePath).catch(() => {});
           return { content: [{ type: "text", text: "Audio enviado por Telegram." }], details: result };
         }
       })

package/src/core/agent/pi-runtime.js

@@ -0,0 +1,61 @@
+import { AuthStorage, ModelRegistry } from "@mariozechner/pi-coding-agent";
+
+function compareText(a, b) {
+  return a.localeCompare(b, undefined, { sensitivity: "base", numeric: true });
+}
+
+export function createPiRuntime({ provider, apiKey } = {}) {
+  const authStorage = AuthStorage.create();
+  if (provider && apiKey) {
+    authStorage.setRuntimeApiKey(provider, apiKey);
+  }
+  const modelRegistry = ModelRegistry.create(authStorage);
+  const oauthProviders = authStorage.getOAuthProviders();
+  return { authStorage, modelRegistry, oauthProviders };
+}
+
+export function hasProviderAuth(provider, { authStorage, modelRegistry }) {
+  return modelRegistry.hasConfiguredAuth(provider) || authStorage.hasAuth(provider);
+}
+
+export function supportsProviderOAuth(provider, { oauthProviders }) {
+  return oauthProviders.some((item) => item.id === provider);
+}
+
+export function listPiProviders(runtime = createPiRuntime()) {
+  const { modelRegistry, oauthProviders } = runtime;
+  const allModels = modelRegistry.getAll();
+  const oauthIds = new Set(oauthProviders.map((item) => item.id));
+  const counts = new Map();
+  for (const model of allModels) {
+    counts.set(model.provider, (counts.get(model.provider) || 0) + 1);
+  }
+
+  return [...counts.keys()]
+    .map((provider) => ({
+      provider,
+      authConfigured: hasProviderAuth(provider, runtime),
+      supportsOAuth: oauthIds.has(provider),
+      modelCount: counts.get(provider) || 0
+    }))
+    .sort((a, b) => {
+      if (a.authConfigured !== b.authConfigured) return a.authConfigured ? -1 : 1;
+      if (a.supportsOAuth !== b.supportsOAuth) return a.supportsOAuth ? -1 : 1;
+      return compareText(a.provider, b.provider);
+    });
+}
+
+export function listProviderModels(provider, runtime = createPiRuntime()) {
+  return runtime.modelRegistry
+    .getAll()
+    .filter((model) => model.provider === provider)
+    .sort((a, b) => compareText(a.name || a.id, b.name || b.id));
+}
+
+export function findPiModel({ provider, model, apiKey } = {}) {
+  const runtime = createPiRuntime({ provider, apiKey });
+  return {
+    ...runtime,
+    model: provider && model ? runtime.modelRegistry.find(provider, model) : null
+  };
+}

package/src/core/artifacts/artifact-store.js

@@ -1,9 +1,7 @@
 import { mkdir, readFile, writeFile, copyFile } from "node:fs/promises";
 import path from "node:path";
 import crypto from "node:crypto";
-
-const rootDir = path.resolve("data/artifacts");
-const indexFile = path.resolve("data/state/artifacts.json");
+import { artifactsDir as rootDir, artifactsIndexFile as indexFile } from "../../runtime/paths.js";
 
 async function loadIndex() {
   try {

package/src/core/tools/tool-config.js

@@ -0,0 +1,35 @@
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import path from "node:path";
+import { getToolConfigPath } from "../../runtime/paths.js";
+
+export function parseConfigModule(source) {
+  const normalized = source.replace(/^export\s+default/, "return");
+  return new Function(normalized)();
+}
+
+export function serializeConfigModule(config) {
+  const lines = Object.entries(config).map(([key, value]) => `  ${key}: ${JSON.stringify(value)}`);
+  return `export default {\n${lines.join(",\n")}\n};\n`;
+}
+
+export async function readConfigModule(filePath, fallback = {}) {
+  try {
+    const source = await readFile(filePath, "utf8");
+    return parseConfigModule(source);
+  } catch {
+    return fallback;
+  }
+}
+
+export async function loadToolConfig(toolName, defaults = {}) {
+  const configPath = getToolConfigPath(toolName);
+  const stored = await readConfigModule(configPath, {});
+  return { ...defaults, ...stored };
+}
+
+export async function writeToolConfig(toolName, config) {
+  const configPath = getToolConfigPath(toolName);
+  await mkdir(path.dirname(configPath), { recursive: true });
+  await writeFile(configPath, serializeConfigModule(config), "utf8");
+  return configPath;
+}

package/src/core/tools/tool-registry.js

@@ -1,6 +1,8 @@
-import { readdir, readFile, writeFile, unlink } from "node:fs/promises";
+import { mkdir, readdir, readFile, unlink, writeFile } from "node:fs/promises";
 import path from "node:path";
 import { spawn } from "node:child_process";
+import { getToolConfigPath, getToolTmpDir } from "../../runtime/paths.js";
+import { loadToolConfig, parseConfigModule, writeToolConfig } from "./tool-config.js";
 
 const cliRoot = path.resolve("cli");
 
@@ -15,16 +17,6 @@ function runProcess(command, args, options = {}) {
   });
 }
 
-function parseConfigModule(source) {
-  const normalized = source.replace(/^export\s+default/, "return");
-  return new Function(normalized)();
-}
-
-function serializeConfigModule(config) {
-  const lines = Object.entries(config).map(([key, value]) => `  ${key}: ${JSON.stringify(value)}`);
-  return `export default {\n${lines.join(",\n")}\n};\n`;
-}
-
 export class ToolRegistry {
   constructor() {
     this.tools = new Map();
@@ -47,12 +39,15 @@ export class ToolRegistry {
       try {
         const manifest = JSON.parse(await readFile(manifestPath, "utf8"));
         const configSource = await readFile(configPath, "utf8");
-        const config = parseConfigModule(configSource);
+        const defaults = parseConfigModule(configSource);
+        const config = await loadToolConfig(manifest.name, defaults);
         this.tools.set(manifest.name, {
           ...manifest,
           dir: toolDir,
           entry: path.join(toolDir, manifest.entry || "index.js"),
-          configPath,
+          localConfigPath: configPath,
+          configPath: getToolConfigPath(manifest.name),
+          defaults,
           config
         });
       } catch {
@@ -87,15 +82,18 @@ export class ToolRegistry {
     if (!tool) throw new Error(`Tool not found: ${name}`);
     const config = { ...(tool.config || {}) };
     config[field] = value;
-    await writeFile(tool.configPath, serializeConfigModule(config), "utf8");
+    const configPath = await writeToolConfig(name, config);
     tool.config = config;
-    return { ok: true, tool: name, field, configPath: tool.configPath };
+    tool.configPath = configPath;
+    return { ok: true, tool: name, field, configPath };
   }
 
   async run({ name, request }) {
     const tool = this.get(name);
     if (!tool) throw new Error(`Tool not found: ${name}`);
-    const requestFile = path.join(tool.dir, `.request-${Date.now()}.json`);
+    const tmpDir = getToolTmpDir(name);
+    await mkdir(tmpDir, { recursive: true });
+    const requestFile = path.join(tmpDir, `.request-${Date.now()}.json`);
     await writeFile(requestFile, `${JSON.stringify(request, null, 2)}\n`, "utf8");
     const result = await runProcess("node", [tool.entry, "run", "--request-file", requestFile], {
       cwd: tool.dir,

package/src/runtime/bootstrap.js

@@ -1,12 +1,10 @@
-import { mkdir, readFile, writeFile } from "node:fs/promises";
-import path from "node:path";
+import { readFile, writeFile } from "node:fs/promises";
 import readline from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
 import { spawn } from "node:child_process";
-import { AuthStorage, ModelRegistry } from "@mariozechner/pi-coding-agent";
-
-const stateDir = path.resolve("data/state");
-const configFile = path.join(stateDir, "config.json");
+import { AuthStorage } from "@mariozechner/pi-coding-agent";
+import { createPiRuntime, hasProviderAuth, listPiProviders, listProviderModels, supportsProviderOAuth } from "../core/agent/pi-runtime.js";
+import { configFile, ensureArisaHome } from "./paths.js";
 
 async function exists(file) {
   try {
@@ -17,49 +15,6 @@ async function exists(file) {
   }
 }
 
-function getBootstrapModels() {
-  const authStorage = AuthStorage.create();
-  const modelRegistry = ModelRegistry.create(authStorage);
-  const preferred = [
-    ["openai-codex", "gpt-5.4"],
-    ["openai-codex", "gpt-5.4-mini"],
-    ["openai", "gpt-4.1"],
-    ["anthropic", "claude-sonnet-4-6"],
-    ["anthropic", "claude-opus-4-6"],
-    ["google", "gemini-3.1-pro-preview"],
-  ];
-
-  const models = preferred
-    .map(([provider, model]) => modelRegistry.find(provider, model))
-    .filter(Boolean)
-    .map((model) => ({ provider: model.provider, id: model.id, label: `${model.provider}/${model.id}` }));
-
-  if (!models.length) {
-    return modelRegistry.getAll().slice(0, 10).map((model) => ({
-      provider: model.provider,
-      id: model.id,
-      label: `${model.provider}/${model.id}`,
-    }));
-  }
-
-  return models;
-}
-
-function getOAuthProviderForModelProvider(provider) {
-  if (provider === "openai-codex") return "openai-codex";
-  if (provider === "anthropic") return "anthropic";
-  if (provider === "google") return "google-gemini-cli";
-  if (provider === "google-antigravity") return "google-antigravity";
-  if (provider === "github-copilot") return "github-copilot";
-  return provider;
-}
-
-function hasExistingPiAuth(provider) {
-  const authStorage = AuthStorage.create();
-  const modelRegistry = ModelRegistry.create(authStorage);
-  const oauthProvider = getOAuthProviderForModelProvider(provider);
-  return modelRegistry.hasConfiguredAuth(provider) || authStorage.hasAuth(oauthProvider);
-}
 
 async function maybeOpenExternal(url) {
   if (!url) return;
@@ -79,9 +34,7 @@ async function maybeOpenExternal(url) {
 
 async function runInternalPiLogin(provider, rl) {
   const authStorage = AuthStorage.create();
-  const oauthProvider = getOAuthProviderForModelProvider(provider);
-  const available = authStorage.getOAuthProviders();
-  const selected = available.find((item) => item.id === oauthProvider);
+  const selected = authStorage.getOAuthProviders().find((item) => item.id === provider);
   if (!selected) {
     throw new Error(`No internal OAuth login flow is available for ${provider}.`);
   }
@@ -93,7 +46,7 @@ async function runInternalPiLogin(provider, rl) {
     manualCodeReject = reject;
   });
 
-  await authStorage.login(oauthProvider, {
+  await authStorage.login(provider, {
     onAuth: async ({ url, instructions }) => {
       console.log(`${instructions || "Open this URL to continue authentication:"}\n${url}\n`);
       await maybeOpenExternal(url);
@@ -127,7 +80,7 @@ async function runInternalPiLogin(provider, rl) {
 }
 
 export async function bootstrapIfNeeded({ force = false } = {}) {
-  await mkdir(stateDir, { recursive: true });
+  await ensureArisaHome();
   if (!force && await exists(configFile)) return;
 
   const rl = readline.createInterface({ input, output });
@@ -137,58 +90,63 @@ export async function bootstrapIfNeeded({ force = false } = {}) {
     return value || fallback;
   };
 
-  const askYesNo = async (label, fallback = true) => {
-    const hint = fallback ? "Y/n" : "y/N";
-    const value = (await rl.question(`${label} (${hint}): `)).trim().toLowerCase();
-    if (!value) return fallback;
-    return value === "y" || value === "yes";
-  };
-
   console.log("\n== Arisa bootstrap ==\n");
   console.log("Telegram bot token tip: get it from https://t.me/BotFather");
   const telegramApiKey = await ask("Telegram API key / bot token");
   const telegramMaxChatIds = Number(await ask("Maximum authorized chat IDs", "1"));
 
-  const models = getBootstrapModels();
-  console.log("\nAvailable Pi models:");
+  const runtime = createPiRuntime();
+  const providers = listPiProviders(runtime);
+  console.log("\nAvailable Pi providers:");
+  providers.forEach((item, index) => {
+    const authLabel = item.authConfigured ? "auth: configured" : item.supportsOAuth ? "auth: login or API key" : "auth: API key";
+    console.log(`${index + 1}. ${item.provider} (${item.modelCount} models, ${authLabel})`);
+  });
+
+  const selectedProviderIndex = Number(await ask("Select Pi provider by number", "1"));
+  const selectedProvider = providers[Math.max(0, Math.min(providers.length - 1, selectedProviderIndex - 1))];
+  const models = listProviderModels(selectedProvider.provider, runtime);
+  console.log(`\nAvailable models for ${selectedProvider.provider}:`);
   models.forEach((model, index) => {
-    const authStatus = hasExistingPiAuth(model.provider) ? "auth: configured" : "auth: missing";
-    const providerLabel = model.provider;
-    console.log(`${index + 1}. ${providerLabel}/${model.id} (${authStatus})`);
+    const capabilities = [model.reasoning ? "reasoning" : null, model.input?.includes("image") ? "image" : null].filter(Boolean).join(", ");
+    const suffix = capabilities ? ` [${capabilities}]` : "";
+    console.log(`${index + 1}. ${model.id}${suffix}`);
   });
-  const selectedIndex = Number(await ask("Select Pi model by number", "1"));
-  const selectedModel = models[Math.max(0, Math.min(models.length - 1, selectedIndex - 1))];
-  const selectedAuthReady = hasExistingPiAuth(selectedModel.provider);
+
+  const selectedModelIndex = Number(await ask("Select Pi model by number", "1"));
+  const selectedModel = models[Math.max(0, Math.min(models.length - 1, selectedModelIndex - 1))];
+  const selectedAuthReady = hasProviderAuth(selectedProvider.provider, runtime);
+  const providerSupportsOAuth = supportsProviderOAuth(selectedProvider.provider, runtime);
   console.log(`Selected model: ${selectedModel.provider}/${selectedModel.id}`);
-  console.log(`Existing Pi auth for ${selectedModel.provider}: ${selectedAuthReady ? "yes" : "no"}`);
-  console.log("Pi auth tip: if this provider supports Pi login, leaving the API key empty will start the internal login flow.");
+  console.log(`Existing Pi auth for ${selectedProvider.provider}: ${selectedAuthReady ? "yes" : "no"}`);
+  if (providerSupportsOAuth) {
+    console.log("Pi auth tip: leaving the API key empty will start Pi's internal login flow for this provider.");
+  }
 
   let piApiKey = "";
   while (true) {
-    piApiKey = (await rl.question(`Pi API key for ${selectedModel.provider} (optional): `)).trim();
+    piApiKey = (await rl.question(`Pi API key for ${selectedProvider.provider} (optional): `)).trim();
     if (piApiKey) break;
-    if (hasExistingPiAuth(selectedModel.provider)) break;
+    if (hasProviderAuth(selectedProvider.provider, createPiRuntime())) break;
 
-    const oauthProvider = getOAuthProviderForModelProvider(selectedModel.provider);
-    const supportsInternalLogin = oauthProvider !== selectedModel.provider || ["anthropic", "openai-codex", "google-gemini-cli", "google-antigravity", "github-copilot"].includes(oauthProvider);
-    if (!supportsInternalLogin) {
-      console.log(`No existing Pi auth found for ${selectedModel.provider}. This provider requires an API key.`);
+    if (!providerSupportsOAuth) {
+      console.log(`No existing Pi auth found for ${selectedProvider.provider}. This provider requires an API key.`);
       continue;
     }
 
-    console.log(`No existing Pi auth found for ${selectedModel.provider}. Starting internal Pi login...`);
+    console.log(`No existing Pi auth found for ${selectedProvider.provider}. Starting internal Pi login...`);
     try {
-      await runInternalPiLogin(selectedModel.provider, rl);
+      await runInternalPiLogin(selectedProvider.provider, rl);
     } catch (error) {
       console.log(`Internal Pi login failed: ${error instanceof Error ? error.message : String(error)}`);
     }
 
-    if (hasExistingPiAuth(selectedModel.provider)) {
-      console.log(`Detected Pi auth for ${selectedModel.provider}. Continuing bootstrap.`);
+    if (hasProviderAuth(selectedProvider.provider, createPiRuntime())) {
+      console.log(`Detected Pi auth for ${selectedProvider.provider}. Continuing bootstrap.`);
       break;
     }
 
-    console.log(`Pi auth for ${selectedModel.provider} is still missing after login.`);
+    console.log(`Pi auth for ${selectedProvider.provider} is still missing after login.`);
   }
 
   const config = {
@@ -198,7 +156,7 @@ export async function bootstrapIfNeeded({ force = false } = {}) {
       authorizedChatIds: []
     },
     pi: {
-      provider: selectedModel.provider,
+      provider: selectedProvider.provider,
       model: selectedModel.id,
       apiKey: piApiKey
     },

package/src/runtime/paths.js

@@ -0,0 +1,39 @@
+import { mkdir } from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+
+export const arisaHomeDir = path.join(os.homedir(), ".arisa");
+export const stateDir = path.join(arisaHomeDir, "state");
+export const configFile = path.join(stateDir, "config.json");
+export const artifactsDir = path.join(arisaHomeDir, "artifacts");
+export const artifactsIndexFile = path.join(stateDir, "artifacts.json");
+export const toolsDir = path.join(arisaHomeDir, "tools");
+export const tmpDir = path.join(arisaHomeDir, "tmp");
+
+export function getToolDir(toolName) {
+  return path.join(toolsDir, toolName);
+}
+
+export function getToolConfigPath(toolName) {
+  return path.join(getToolDir(toolName), "config.js");
+}
+
+export function getToolRuntimeDir(toolName) {
+  return path.join(tmpDir, "tools", toolName);
+}
+
+export function getToolOutDir(toolName) {
+  return path.join(getToolRuntimeDir(toolName), "out");
+}
+
+export function getToolTmpDir(toolName) {
+  return path.join(getToolRuntimeDir(toolName), "tmp");
+}
+
+export async function ensureArisaHome() {
+  await mkdir(stateDir, { recursive: true });
+  await mkdir(artifactsDir, { recursive: true });
+  await mkdir(toolsDir, { recursive: true });
+  await mkdir(tmpDir, { recursive: true });
+}
+

package/src/transport/telegram/bot.js

@@ -97,7 +97,7 @@ export async function createTelegramBot({ config, artifactStore, toolRegistry, a
     const { transcript, toolResult } = await maybeTranscribeIncomingAudio({ artifact, toolRegistry, artifactStore });
     if (artifact?.kind === "audio" && !transcript) {
       if (toolResult?.missingConfig?.includes("OPENAI_API_KEY")) {
-        throw new Error("I need the OpenAI API key for cli/openai-transcribe/config.js before I can transcribe incoming audio.");
+        throw new Error("I need the OpenAI API key for ~/.arisa/tools/openai-transcribe/config.js before I can transcribe incoming audio.");
       }
       throw new Error(toolResult?.error || "Audio transcription failed.");
     }

package/src/transport/telegram/media.js

@@ -1,18 +1,9 @@
-import { mkdir, writeFile } from "node:fs/promises";
-import path from "node:path";
-
-const inboxDir = path.resolve("data/inbox");
-
-async function downloadToFile(ctx, fileId, fileName) {
-  await mkdir(inboxDir, { recursive: true });
+async function downloadToBuffer(ctx, fileId) {
   const file = await ctx.api.getFile(fileId);
   const url = `https://api.telegram.org/file/bot${ctx.api.token}/${file.file_path}`;
   const response = await fetch(url);
   if (!response.ok) throw new Error(`Download failed: ${response.status}`);
-  const buffer = Buffer.from(await response.arrayBuffer());
-  const target = path.join(inboxDir, fileName);
-  await writeFile(target, buffer);
-  return target;
+  return Buffer.from(await response.arrayBuffer());
 }
 
 export async function captureIncomingArtifact(ctx, artifactStore) {
@@ -25,10 +16,10 @@ export async function captureIncomingArtifact(ctx, artifactStore) {
 
   if (ctx.message?.voice) {
     const fileName = `${ctx.chat.id}-${ctx.msg.message_id}.ogg`;
-    const tempPath = await downloadToFile(ctx, ctx.message.voice.file_id, fileName);
-    return artifactStore.createFromFile({
-      originalPath: tempPath,
+    const content = await downloadToBuffer(ctx, ctx.message.voice.file_id);
+    return artifactStore.createGeneratedFile({
       fileName,
+      content,
       kind: "audio",
       mimeType: "audio/ogg",
       source: baseSource,
@@ -38,10 +29,10 @@ export async function captureIncomingArtifact(ctx, artifactStore) {
 
   if (ctx.message?.document) {
     const fileName = ctx.message.document.file_name || `${ctx.chat.id}-${ctx.msg.message_id}`;
-    const tempPath = await downloadToFile(ctx, ctx.message.document.file_id, fileName);
-    return artifactStore.createFromFile({
-      originalPath: tempPath,
+    const content = await downloadToBuffer(ctx, ctx.message.document.file_id);
+    return artifactStore.createGeneratedFile({
       fileName,
+      content,
       kind: "document",
       mimeType: ctx.message.document.mime_type || "application/octet-stream",
       source: baseSource,
@@ -52,10 +43,10 @@ export async function captureIncomingArtifact(ctx, artifactStore) {
   if (ctx.message?.photo?.length) {
     const photo = ctx.message.photo.at(-1);
     const fileName = `${ctx.chat.id}-${ctx.msg.message_id}.jpg`;
-    const tempPath = await downloadToFile(ctx, photo.file_id, fileName);
-    return artifactStore.createFromFile({
-      originalPath: tempPath,
+    const content = await downloadToBuffer(ctx, photo.file_id);
+    return artifactStore.createGeneratedFile({
       fileName,
+      content,
       kind: "image",
       mimeType: "image/jpeg",
       source: baseSource,