pi-agent-extensions 0.3.1 → 0.3.3

package/extensions/answer/index.ts

@@ -12,6 +12,7 @@
 
 import { complete, type Model, type Api, type UserMessage } from "@mariozechner/pi-ai";
 import type { ExtensionAPI, ExtensionContext } from "@mariozechner/pi-coding-agent";
+import { getRequestAuth, hasRequestAuth } from "../shared/auth.js";
 import { BorderedLoader } from "@mariozechner/pi-coding-agent";
 import {
 	type Component,
@@ -77,15 +78,17 @@ async function selectExtractionModel(
 	currentModel: Model<Api>,
 	modelRegistry: {
 		find: (provider: string, modelId: string) => Model<Api> | undefined;
-		getApiKey: (model: Model<Api>) => Promise<string | undefined>;
+		getApiKeyAndHeaders: (
+			model: Model<Api>,
+		) => Promise<
+			| { ok: true; apiKey?: string; headers?: Record<string, string> }
+			| { ok: false; error: string }
+		>;
 	},
 ): Promise<Model<Api>> {
 	const codexModel = modelRegistry.find("openai-codex", CODEX_MODEL_ID);
-	if (codexModel) {
-		const apiKey = await modelRegistry.getApiKey(codexModel);
-		if (apiKey) {
-			return codexModel;
-		}
+	if (codexModel && (await hasRequestAuth(modelRegistry, codexModel))) {
+		return codexModel;
 	}
 
 	const haikuModel = modelRegistry.find("anthropic", HAIKU_MODEL_ID);
@@ -93,8 +96,7 @@ async function selectExtractionModel(
 		return currentModel;
 	}
 
-	const apiKey = await modelRegistry.getApiKey(haikuModel);
-	if (!apiKey) {
+	if (!(await hasRequestAuth(modelRegistry, haikuModel))) {
 		return currentModel;
 	}
 
@@ -457,7 +459,7 @@ export default function (pi: ExtensionAPI) {
 				loader.onAbort = () => done(null);
 
 				const doExtract = async () => {
-					const apiKey = await ctx.modelRegistry.getApiKey(extractionModel);
+					const requestAuth = await getRequestAuth(ctx.modelRegistry, extractionModel);
 					const userMessage: UserMessage = {
 						role: "user",
 						content: [{ type: "text", text: lastAssistantText! }],
@@ -467,7 +469,7 @@ export default function (pi: ExtensionAPI) {
 					const response = await complete(
 						extractionModel,
 						{ systemPrompt: SYSTEM_PROMPT, messages: [userMessage] },
-						{ apiKey, signal: loader.signal },
+						{ ...requestAuth, signal: loader.signal },
 					);
 
 					if (response.stopReason === "aborted") {

package/extensions/ask-user/modes/print.ts

@@ -40,7 +40,7 @@ export async function createPendingFile(params: AskUserParams, ctx: ExtensionCon
   };
 
   // Write file
-  await writeFile(pendingFile, JSON.stringify(pending, null, 2), "utf-8");
+  await writeFile(pendingFile, JSON.stringify(pending, null, 2), { encoding: "utf-8", mode: 0o600 });
 
   return pendingFile;
 }

package/extensions/context/index.ts

@@ -1,5 +1,5 @@
 /**
- * /context
+ * /context-simple
  *
  * Small TUI view showing what's loaded/available:
  * - extensions (best-effort from registered extension slash commands)
@@ -470,8 +470,8 @@ export default function contextExtension(pi: ExtensionAPI) {
 		}
 	});
 
-	pi.registerCommand("context", {
-		description: "Show loaded context overview",
+	pi.registerCommand("context-simple", {
+		description: "Show loaded context overview", 
 		handler: async (_args, ctx: ExtensionCommandContext) => {
 			const commands = pi.getCommands();
 			const extensionCmds = commands.filter((c) => c.source === "extension");

package/extensions/control/index.ts

@@ -38,9 +38,11 @@
 import type { ExtensionAPI, ExtensionContext, TurnEndEvent, MessageRenderer } from "@mariozechner/pi-coding-agent";
 import { getMarkdownTheme } from "@mariozechner/pi-coding-agent";
 import { complete, type Model, type Api, type UserMessage, type TextContent } from "@mariozechner/pi-ai";
+import { getRequestAuth, hasRequestAuth } from "../shared/auth.js";
 import { StringEnum } from "@mariozechner/pi-ai";
 import { Box, Container, Markdown, Spacer, Text } from "@mariozechner/pi-tui";
 import { Type } from "@sinclair/typebox";
+import crypto from "node:crypto";
 import { promises as fs } from "node:fs";
 import * as net from "node:net";
 import * as os from "node:os";
@@ -155,20 +157,19 @@ async function selectSummarizationModel(
 	currentModel: Model<Api> | undefined,
 	modelRegistry: {
 		find: (provider: string, modelId: string) => Model<Api> | undefined;
-		getApiKey: (model: Model<Api>) => Promise<string | undefined>;
+		getApiKeyAndHeaders: (
+			model: Model<Api>,
+		) => Promise<
+			| { ok: true; apiKey?: string; headers?: Record<string, string> }
+			| { ok: false; error: string }
+		>;
 	},
 ): Promise<Model<Api> | undefined> {
 	const codexModel = modelRegistry.find("openai-codex", CODEX_MODEL_ID);
-	if (codexModel) {
-		const apiKey = await modelRegistry.getApiKey(codexModel);
-		if (apiKey) return codexModel;
-	}
+	if (codexModel && (await hasRequestAuth(modelRegistry, codexModel))) return codexModel;
 
 	const haikuModel = modelRegistry.find("anthropic", HAIKU_MODEL_ID);
-	if (haikuModel) {
-		const apiKey = await modelRegistry.getApiKey(haikuModel);
-		if (apiKey) return haikuModel;
-	}
+	if (haikuModel && (await hasRequestAuth(modelRegistry, haikuModel))) return haikuModel;
 
 	return currentModel;
 }
@@ -603,7 +604,7 @@ async function handleCommand(
 	// Subscribe to turn_end
 	if (command.type === "subscribe") {
 		if (command.event === "turn_end") {
-			const subscriptionId = id ?? `sub_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+			const subscriptionId = id ?? `sub_${crypto.randomBytes(16).toString("hex")}`;
 			state.turnEndSubscriptions.push({ socket, subscriptionId });
 
 			const cleanup = () => {
@@ -645,9 +646,9 @@ async function handleCommand(
 			return;
 		}
 
-		const apiKey = await ctx.modelRegistry.getApiKey(model);
-		if (!apiKey) {
-			respond(false, "get_summary", undefined, "No API key available for summarization model");
+		const requestAuth = await getRequestAuth(ctx.modelRegistry, model);
+		if (!requestAuth) {
+			respond(false, "get_summary", undefined, "No auth available for summarization model");
 			return;
 		}
 
@@ -665,7 +666,7 @@ async function handleCommand(
 			const response = await complete(
 				model,
 				{ systemPrompt: SUMMARIZATION_SYSTEM_PROMPT, messages: [userMessage] },
-				{ apiKey },
+				requestAuth,
 			);
 
 			if (response.stopReason === "aborted" || response.stopReason === "error") {
@@ -1004,10 +1005,6 @@ export default function (pi: ExtensionAPI) {
 		await refreshServer(ctx);
 	});
 
-	pi.on("session_switch", async (_event, ctx) => {
-		await refreshServer(ctx);
-	});
-
 	pi.on("session_shutdown", async () => {
 		if (state.aliasTimer) {
 			clearInterval(state.aliasTimer);

package/extensions/cwd-history/index.ts

@@ -230,8 +230,4 @@ export default function (pi: ExtensionAPI) {
 	pi.on("session_start", (_event, ctx) => {
 		applyEditorWithHistory(pi, ctx);
 	});
-
-	pi.on("session_switch", (_event, ctx) => {
-		applyEditorWithHistory(pi, ctx);
-	});
 }

package/extensions/files/index.ts

@@ -7,6 +7,7 @@
  */
 
 import { spawnSync } from "node:child_process";
+import crypto from "node:crypto";
 import {
 	existsSync,
 	mkdtempSync,
@@ -693,10 +694,10 @@ const openPath = async (pi: ExtensionAPI, ctx: ExtensionContext, target: FileEnt
 };
 
 const openExternalEditor = (tui: TUI, editorCmd: string, content: string): string | null => {
-	const tmpFile = path.join(os.tmpdir(), `pi-files-edit-${Date.now()}.txt`);
+	const tmpFile = path.join(os.tmpdir(), `pi-files-edit-${crypto.randomBytes(16).toString("hex")}.txt`);
 
 	try {
-		writeFileSync(tmpFile, content, "utf8");
+		writeFileSync(tmpFile, content, { encoding: "utf8", mode: 0o600 });
 		tui.stop();
 
 		const [editor, ...editorArgs] = editorCmd.split(" ");
@@ -813,15 +814,15 @@ const openDiff = async (pi: ExtensionAPI, ctx: ExtensionContext, target: FileEnt
 			ctx.ui.notify(errorMessage, "error");
 			return;
 		}
-		writeFileSync(tmpFile, result.stdout ?? "", "utf8");
+		writeFileSync(tmpFile, result.stdout ?? "", { encoding: "utf8", mode: 0o600 });
 	} else {
-		writeFileSync(tmpFile, "", "utf8");
+		writeFileSync(tmpFile, "", { encoding: "utf8", mode: 0o600 });
 	}
 
 	let workingPath = target.resolvedPath;
 	if (!existsSync(target.resolvedPath)) {
 		workingPath = path.join(tmpDir, `pi-files-working-${path.basename(target.displayPath)}`);
-		writeFileSync(workingPath, "", "utf8");
+		writeFileSync(workingPath, "", { encoding: "utf8", mode: 0o600 });
 	}
 
 	const openResult = await pi.exec("code", ["--diff", tmpFile, workingPath], { cwd: gitRoot });

package/extensions/handoff/index.ts

@@ -22,6 +22,7 @@ import {
   serializeConversation,
 } from "@mariozechner/pi-coding-agent";
 
+import { getRequestAuthOrThrow } from "../shared/auth.js";
 import { loadConfig, validateGoal } from "./config.js";
 import { ProgressLoader, EXTRACTION_PHASES } from "./progress.js";
 import {
@@ -290,7 +291,7 @@ async function doExtraction(
   model: Model<any>,
   signal?: AbortSignal,
 ): Promise<ExtractionResult> {
-  const apiKey = await ctx.modelRegistry.getApiKey(model);
+  const requestAuth = await getRequestAuthOrThrow(ctx.modelRegistry, model);
 
   // Build user message
   const userMessage: Message = {
@@ -305,7 +306,7 @@ async function doExtraction(
   const response = await complete(
     model,
     { systemPrompt: EXTRACTION_SYSTEM_PROMPT, messages: [userMessage] },
-    { apiKey, signal },
+    { ...requestAuth, signal },
   );
 
   if (response.stopReason === "aborted") {
@@ -347,7 +348,7 @@ async function doExtraction(
       systemPrompt: EXTRACTION_SYSTEM_PROMPT,
       messages: [userMessage, assistantMessage, retryMessage],
     },
-    { apiKey, signal },
+    { ...requestAuth, signal },
   );
 
   if (retryResponse.stopReason === "aborted") {
@@ -383,7 +384,7 @@ async function doExtractionWithPhases(
   signal: AbortSignal,
   onPhase: (phase: string) => void,
 ): Promise<ExtractionResult> {
-  const apiKey = await ctx.modelRegistry.getApiKey(model);
+  const requestAuth = await getRequestAuthOrThrow(ctx.modelRegistry, model);
 
   // Phase 1: Analyzing conversation
   onPhase(EXTRACTION_PHASES[0]);
@@ -404,7 +405,7 @@ async function doExtractionWithPhases(
   const response = await complete(
     model,
     { systemPrompt: EXTRACTION_SYSTEM_PROMPT, messages: [userMessage] },
-    { apiKey, signal },
+    { ...requestAuth, signal },
   );
 
   if (response.stopReason === "aborted") {
@@ -451,7 +452,7 @@ async function doExtractionWithPhases(
       systemPrompt: EXTRACTION_SYSTEM_PROMPT,
       messages: [userMessage, assistantMessage, retryMessage],
     },
-    { apiKey, signal },
+    { ...requestAuth, signal },
   );
 
   if (retryResponse.stopReason === "aborted") {

package/extensions/loop/index.ts

@@ -8,10 +8,11 @@
 
 import { Type } from "@sinclair/typebox";
 import { complete, type Api, type Model, type UserMessage } from "@mariozechner/pi-ai";
-import type { ExtensionAPI, ExtensionContext, SessionSwitchEvent } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI, ExtensionContext } from "@mariozechner/pi-coding-agent";
 import { compact } from "@mariozechner/pi-coding-agent";
 import { Container, type SelectItem, SelectList, Text } from "@mariozechner/pi-tui";
 import { DynamicBorder } from "@mariozechner/pi-coding-agent";
+import { getRequestAuth, hasRequestAuth } from "../shared/auth.js";
 
 type LoopMode = "tests" | "custom" | "self";
 
@@ -87,22 +88,22 @@ function getConditionText(mode: LoopMode, condition?: string): string {
 
 async function selectSummaryModel(
 	ctx: ExtensionContext,
-): Promise<{ model: Model<Api>; apiKey: string } | null> {
+): Promise<{ model: Model<Api>; requestAuth: { apiKey?: string; headers?: Record<string, string> } } | null> {
 	if (!ctx.model) return null;
 
 	if (ctx.model.provider === "anthropic") {
 		const haikuModel = ctx.modelRegistry.find("anthropic", HAIKU_MODEL_ID);
-		if (haikuModel) {
-			const apiKey = await ctx.modelRegistry.getApiKey(haikuModel);
-			if (apiKey) {
-				return { model: haikuModel, apiKey };
+		if (haikuModel && (await hasRequestAuth(ctx.modelRegistry, haikuModel))) {
+			const requestAuth = await getRequestAuth(ctx.modelRegistry, haikuModel);
+			if (requestAuth) {
+				return { model: haikuModel, requestAuth };
 			}
 		}
 	}
 
-	const apiKey = await ctx.modelRegistry.getApiKey(ctx.model);
-	if (!apiKey) return null;
-	return { model: ctx.model, apiKey };
+	const requestAuth = await getRequestAuth(ctx.modelRegistry, ctx.model);
+	if (!requestAuth) return null;
+	return { model: ctx.model, requestAuth };
 }
 
 async function summarizeBreakoutCondition(
@@ -124,7 +125,7 @@ async function summarizeBreakoutCondition(
 	const response = await complete(
 		selection.model,
 		{ systemPrompt: SUMMARY_SYSTEM_PROMPT, messages: [userMessage] },
-		{ apiKey: selection.apiKey },
+		selection.requestAuth,
 	);
 
 	if (response.stopReason === "aborted" || response.stopReason === "error") {
@@ -400,15 +401,22 @@ export default function loopExtension(pi: ExtensionAPI): void {
 
 	pi.on("session_before_compact", async (event, ctx) => {
 		if (!loopState.active || !loopState.mode || !ctx.model) return;
-		const apiKey = await ctx.modelRegistry.getApiKey(ctx.model);
-		if (!apiKey) return;
+		const requestAuth = await getRequestAuth(ctx.modelRegistry, ctx.model);
+		if (!requestAuth) return;
 
 		const instructionParts = [event.customInstructions, getCompactionInstructions(loopState.mode, loopState.condition)]
 			.filter(Boolean)
 			.join("\n\n");
 
 		try {
-			const compaction = await compact(event.preparation, ctx.model, apiKey, instructionParts, event.signal);
+			const compaction = await compact(
+				event.preparation,
+				ctx.model,
+				requestAuth.apiKey ?? "",
+				requestAuth.headers,
+				instructionParts,
+				event.signal,
+			);
 			return { compaction };
 		} catch (error) {
 			if (ctx.hasUI) {
@@ -439,8 +447,4 @@ export default function loopExtension(pi: ExtensionAPI): void {
 	pi.on("session_start", async (_event, ctx) => {
 		await restoreLoopState(ctx);
 	});
-
-	pi.on("session_switch", async (_event: SessionSwitchEvent, ctx) => {
-		await restoreLoopState(ctx);
-	});
 }

package/extensions/nvidia-nim/index.ts

@@ -69,7 +69,7 @@ export function loadModelsConfigSync(): NvidiaModelsConfig | null {
 export async function saveModelsConfig(config: NvidiaModelsConfig): Promise<void> {
   const configPath = getConfigPath();
   await fs.mkdir(path.dirname(configPath), { recursive: true });
-  await fs.writeFile(configPath, JSON.stringify(config, null, 2), "utf-8");
+  await fs.writeFile(configPath, JSON.stringify(config, null, 2), { encoding: "utf-8", mode: 0o600 });
 }
 
 /** Parse model IDs from editor text, ignoring comments and blank lines.

package/extensions/review/index.ts

@@ -485,10 +485,6 @@ export default function reviewExtension(pi: ExtensionAPI) {
 		applyReviewState(ctx);
 	});
 
-	pi.on("session_switch", (_event, ctx) => {
-		applyReviewState(ctx);
-	});
-
 	pi.on("session_tree", (_event, ctx) => {
 		applyReviewState(ctx);
 	});

package/extensions/shared/auth.ts

@@ -0,0 +1,40 @@
+import type { Api, Model, ProviderStreamOptions } from "@mariozechner/pi-ai";
+
+export type RequestAuth = Pick<ProviderStreamOptions, "apiKey" | "headers">;
+
+type ModelRegistryWithRequestAuth = {
+	getApiKeyAndHeaders: (
+		model: Model<Api>,
+	) => Promise<
+		| { ok: true; apiKey?: string; headers?: Record<string, string> }
+		| { ok: false; error: string }
+	>;
+};
+
+export async function getRequestAuth(
+	modelRegistry: ModelRegistryWithRequestAuth,
+	model: Model<Api>,
+): Promise<RequestAuth | undefined> {
+	const auth = await modelRegistry.getApiKeyAndHeaders(model);
+	if (!auth.ok) return undefined;
+	return { apiKey: auth.apiKey, headers: auth.headers };
+}
+
+export async function getRequestAuthOrThrow(
+	modelRegistry: ModelRegistryWithRequestAuth,
+	model: Model<Api>,
+): Promise<RequestAuth> {
+	const auth = await modelRegistry.getApiKeyAndHeaders(model);
+	if (!auth.ok) {
+		throw new Error(auth.error);
+	}
+	return { apiKey: auth.apiKey, headers: auth.headers };
+}
+
+export async function hasRequestAuth(
+	modelRegistry: ModelRegistryWithRequestAuth,
+	model: Model<Api>,
+): Promise<boolean> {
+	const auth = await modelRegistry.getApiKeyAndHeaders(model);
+	return auth.ok;
+}

package/extensions/todos/index.ts

@@ -923,7 +923,7 @@ async function readTodoFile(filePath: string, idFallback: string): Promise<TodoR
 }
 
 async function writeTodoFile(filePath: string, todo: TodoRecord) {
-	await fs.writeFile(filePath, serializeTodo(todo), "utf8");
+	await fs.writeFile(filePath, serializeTodo(todo), { encoding: "utf8", mode: 0o600 });
 }
 
 async function generateTodoId(todosDir: string): Promise<string> {
@@ -955,14 +955,14 @@ async function acquireLock(
 
 	for (let attempt = 0; attempt < 2; attempt += 1) {
 		try {
-			const handle = await fs.open(lockPath, "wx");
+			const handle = await fs.open(lockPath, "wx", 0o600);
 			const info: LockInfo = {
 				id,
 				pid: process.pid,
 				session,
 				created_at: new Date(now).toISOString(),
 			};
-			await handle.writeFile(JSON.stringify(info, null, 2), "utf8");
+			await handle.writeFile(JSON.stringify(info, null, 2), { encoding: "utf8", mode: 0o600 });
 			await handle.close();
 			return async () => {
 				try {

package/extensions/whimsical/index.ts

@@ -263,7 +263,7 @@ async function saveStateToSettings(): Promise<void> {
   } satisfies PersistedWhimsyConfig;
 
   await fs.mkdir(dir, { recursive: true });
-  await fs.writeFile(settingsPath, JSON.stringify(parsed, null, 2), "utf-8");
+  await fs.writeFile(settingsPath, JSON.stringify(parsed, null, 2), { encoding: "utf-8", mode: 0o600 });
 }
 
 async function ensureStateLoaded(): Promise<void> {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-agent-extensions",
-  "version": "0.3.1",
+  "version": "0.3.3",
   "description": "Collection of extensions for pi coding agent",
   "type": "module",
   "repository": {
@@ -62,7 +62,7 @@
   },
   "devDependencies": {
     "@sinclair/typebox": "^0.34.48",
-    "tsx": "^4.19.0"
+    "tsx": "^4.21.0"
   },
   "scripts": {
     "test": "node --import tsx --test 'tests/**/*.test.ts' 'tests/*.test.ts'"