npm - omni-pi - Versions diffs - 0.8.0 → 0.8.1 - Mend

omni-pi 0.8.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/PROVIDERS.md +2 -0
package/README.md +3 -1
package/extensions/omni-providers/index.ts +2 -0
package/package.json +1 -1
package/src/anthropic-auth-guard.ts +95 -0

package/PROVIDERS.md CHANGED Viewed

@@ -30,6 +30,8 @@ If a bundled provider already has valid auth in the Pi runtime, Omni-Pi may use
 Use `/manage-providers` to list bundled providers that currently have stored auth and remove that auth when needed.
+Anthropic is API-key-only in Omni-Pi. Anthropic OAuth login is intentionally disabled.
 The bundled-provider list below is expected to stay in sync with the exported provider setup list in `src/model-setup.ts`. The test suite checks that this section matches the code list.
 ### Bundled provider list

package/README.md CHANGED Viewed

@@ -10,7 +10,7 @@ Requires Node.js 22 or newer.
 ## What It Does
-- Starts in normal Pi behavior by default while keeping Omni-Pi branding and UI.
+- Starts in normal Pi behavior with an opinionated setup.
 - `/omni-mode` turns on Omni's specialized interview, plan, build, and verify workflow for the current project.
 - Keeps durable standards and project context in `.omni/`, even when Omni mode is off.
 - Writes specs, tasks, and progress into `.omni/` once Omni mode is enabled.
@@ -96,6 +96,8 @@ Use it when you want to configure:
 Use `/manage-providers` to remove stored auth for bundled Pi providers.
+Anthropic is intentionally API-key-only in Omni-Pi. Anthropic OAuth login is disabled.
 See [PROVIDERS.md](PROVIDERS.md) for the current supported-provider list and auth-management split.
 ## Omni Mode

package/extensions/omni-providers/index.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import { disableAnthropicOAuth } from "../../src/anthropic-auth-guard.js";
 import { refreshAuthenticatedProviderModels } from "../../src/model-setup.js";
 import { registerOmniProviders } from "../../src/providers.js";
@@ -9,6 +10,7 @@ export default async function omniProvidersExtension(
   await registerOmniProviders(api);
   api.on("session_start", async (_event, ctx) => {
+    disableAnthropicOAuth(ctx.modelRegistry);
     await refreshAuthenticatedProviderModels(ctx.modelRegistry);
   });
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "omni-pi",
-  "version": "0.8.0",
+  "version": "0.8.1",
   "description": "Single-agent Pi package that interviews the user, documents the spec, and implements work in bounded slices.",
   "type": "module",
   "license": "MIT",

package/src/anthropic-auth-guard.ts ADDED Viewed

@@ -0,0 +1,95 @@
+interface AnthropicCredential {
+  type: "api_key";
+  key: string;
+}
+interface AuthStorageLike {
+  get?(provider: string): AnthropicCredential | { type: "oauth" } | undefined;
+  getApiKey?(
+    provider: string,
+    options?: { includeFallback?: boolean },
+  ): Promise<string | undefined>;
+  hasAuth?(provider: string): boolean;
+  getOAuthProviders?(): Array<{ id: string; name?: string }>;
+  login?(providerId: string, callbacks: unknown): Promise<void>;
+}
+interface ModelRegistryLike {
+  authStorage: AuthStorageLike;
+  refresh(): void;
+  __omniAnthropicAuthGuardInstalled?: boolean;
+}
+function getAnthropicApiKeyFromStorage(
+  authStorage: AuthStorageLike,
+): string | undefined {
+  const envApiKey = process.env.ANTHROPIC_API_KEY?.trim();
+  if (envApiKey) {
+    return envApiKey;
+  }
+  const stored = authStorage.get?.("anthropic");
+  if (stored?.type === "api_key" && stored.key.trim()) {
+    return stored.key.trim();
+  }
+  return undefined;
+}
+export function disableAnthropicOAuthInAuthStorage(
+  authStorage: AuthStorageLike,
+): void {
+  const originalGetApiKey = authStorage.getApiKey?.bind(authStorage);
+  const originalGetOAuthProviders =
+    authStorage.getOAuthProviders?.bind(authStorage);
+  authStorage.getApiKey = async (
+    provider: string,
+    options?: { includeFallback?: boolean },
+  ) => {
+    if (provider !== "anthropic") {
+      return originalGetApiKey?.(provider, options);
+    }
+    return getAnthropicApiKeyFromStorage(authStorage);
+  };
+  const originalHasAuth = authStorage.hasAuth?.bind(authStorage);
+  authStorage.hasAuth = (provider: string) => {
+    if (provider !== "anthropic") {
+      return originalHasAuth?.(provider) ?? false;
+    }
+    return getAnthropicApiKeyFromStorage(authStorage) !== undefined;
+  };
+  authStorage.getOAuthProviders = () =>
+    (originalGetOAuthProviders?.() ?? []).filter(
+      (provider) => provider.id !== "anthropic",
+    );
+  const originalLogin = authStorage.login?.bind(authStorage);
+  authStorage.login = async (providerId: string, callbacks: unknown) => {
+    if (providerId === "anthropic") {
+      throw new Error(
+        "Anthropic OAuth login is disabled in Omni-Pi. Use an Anthropic API key instead.",
+      );
+    }
+    await originalLogin?.(providerId, callbacks);
+  };
+}
+export function disableAnthropicOAuth(modelRegistry: ModelRegistryLike): void {
+  disableAnthropicOAuthInAuthStorage(modelRegistry.authStorage);
+  if (modelRegistry.__omniAnthropicAuthGuardInstalled) {
+    return;
+  }
+  const originalRefresh = modelRegistry.refresh.bind(modelRegistry);
+  modelRegistry.refresh = () => {
+    originalRefresh();
+    disableAnthropicOAuthInAuthStorage(modelRegistry.authStorage);
+  };
+  modelRegistry.__omniAnthropicAuthGuardInstalled = true;
+}