pi-free 1.0.8 → 2.0.0

package/providers/ollama/ollama.ts

@@ -0,0 +1,172 @@
+/**
+ * Ollama Cloud Provider Extension
+ *
+ * Provides access to Ollama's cloud-hosted models via ollama.com API.
+ * All models use Ollama's usage-based pricing system:
+ *   - Free tier: Unlimited public models (session limits reset every 5 hours,
+ *     weekly limits reset every 7 days)
+ *   - Pro tier: 50x more cloud usage than Free
+ *   - Max tier: 5x more usage than Pro
+ *
+ * Requires OLLAMA_API_KEY with cloud access.
+ * Get a free key at: https://ollama.com/settings/keys
+ *
+ * Responds to global /free toggle (shows models but warns they're freemium).
+ *
+ * Usage:
+ *   pi install git:github.com/apmantza/pi-free
+ *   # Set OLLAMA_API_KEY env var
+ *   # Models appear in /model selector
+ *   # Use /ollama-toggle to show all vs limited set
+ */
+
+import type {
+	ExtensionAPI,
+	ProviderModelConfig,
+} from "@mariozechner/pi-coding-agent";
+import {
+	applyHidden,
+	getOllamaApiKey,
+	getOllamaShowPaid,
+} from "../../config.ts";
+import {
+	BASE_URL_OLLAMA,
+	DEFAULT_FETCH_TIMEOUT_MS,
+	PROVIDER_OLLAMA,
+} from "../../constants.ts";
+import { createLogger } from "../../lib/logger.ts";
+import { registerWithGlobalToggle } from "../../lib/registry.ts";
+import { fetchWithRetry } from "../../lib/util.ts";
+import { createReRegister, enhanceWithCI } from "../../provider-helper.ts";
+
+const _logger = createLogger("ollama-cloud");
+
+// =============================================================================
+// Fetch + map
+// =============================================================================
+
+async function fetchOllamaModels(
+	apiKey: string,
+): Promise<ProviderModelConfig[]> {
+	// Use OpenAI-compatible /v1/models endpoint for consistency
+	// The native /api/tags returns :cloud suffixes that may not work with /v1/chat/completions
+	const response = await fetchWithRetry(
+		`${BASE_URL_OLLAMA}/v1/models`,
+		{
+			headers: {
+				Authorization: `Bearer ${apiKey}`,
+				"Content-Type": "application/json",
+			},
+		},
+		3,
+		1000,
+		DEFAULT_FETCH_TIMEOUT_MS,
+	);
+
+	if (!response.ok) {
+		throw new Error(
+			`Failed to fetch Ollama models: ${response.status} ${response.statusText}`,
+		);
+	}
+
+	const json = (await response.json()) as {
+		data?: Array<{ id: string; owned_by?: string }>;
+	};
+	const models = json.data ?? [];
+
+	_logger.info(
+		`[ollama-cloud] Fetched ${models.length} models from Ollama Cloud`,
+	);
+
+	// Filter to chat/text generation models only
+	const chatModels = models.filter((m) => {
+		// Skip embedding-only models (typically have "embed" in name)
+		const name = m.id.toLowerCase();
+		if (name.includes("embed")) return false;
+		return true;
+	});
+
+	const result = applyHidden(
+		chatModels.map(
+			(m): ProviderModelConfig => ({
+				id: m.id,
+				name: m.id,
+				// Try to infer reasoning from model name
+				reasoning:
+					m.id.toLowerCase().includes("reasoning") ||
+					m.id.toLowerCase().includes("r1") ||
+					m.id.toLowerCase().includes("thinking"),
+				input: ["text"],
+				// Ollama Cloud uses usage-based pricing (GPU time), not per-token
+				// Free tier has limits but no direct cost per token
+				cost: {
+					input: 0, // Freemium: usage-based, not per-token
+					output: 0,
+					cacheRead: 0,
+					cacheWrite: 0,
+				},
+				// Default context window - Ollama doesn't expose this via /v1/models
+				contextWindow: 32768,
+				maxTokens: 4096, // Default, varies by model
+			}),
+		),
+	);
+
+	return result;
+}
+
+// =============================================================================
+// Extension Entry Point
+// =============================================================================
+
+export default async function (pi: ExtensionAPI) {
+	const apiKey = getOllamaApiKey();
+
+	if (!apiKey) {
+		_logger.info(
+			"[ollama-cloud] Skipping - OLLAMA_API_KEY not set (env var or ~/.pi/free.json)",
+		);
+		return;
+	}
+
+	// Fetch models
+	let allModels: ProviderModelConfig[] = [];
+
+	try {
+		allModels = await fetchOllamaModels(apiKey);
+	} catch (error) {
+		_logger.error("[ollama-cloud] Failed to fetch models at startup", {
+			error: error instanceof Error ? error.message : String(error),
+		});
+		return;
+	}
+
+	// For Ollama, all models share the same free tier
+	// So "free" and "all" are the same set
+	const freeModels = allModels;
+	const stored = { free: freeModels, all: allModels };
+	const hasKey = true;
+
+	// Create re-register function
+	const reRegister = createReRegister(pi, {
+		providerId: PROVIDER_OLLAMA,
+		baseUrl: BASE_URL_OLLAMA,
+		apiKey,
+	});
+
+	// Register with global toggle system
+	registerWithGlobalToggle(PROVIDER_OLLAMA, stored, reRegister, hasKey);
+
+	// Register initial models
+	const initialModels = getOllamaShowPaid() ? allModels : freeModels;
+	pi.registerProvider(PROVIDER_OLLAMA, {
+		baseUrl: BASE_URL_OLLAMA,
+		apiKey,
+		api: "openai-completions" as const,
+		models: enhanceWithCI(initialModels),
+	});
+
+	_logger.info(
+		`[ollama-cloud] Registered ${initialModels.length} models (usage-based free tier)`,
+	);
+}

package/providers/opencode-session.ts

@@ -1,34 +1,34 @@
-/**
- * Shared OpenCode session/request tracking.
- *
- * OpenCode endpoints appear to behave more reliably when a stable session id
- * is included across requests in the same Pi session.
- */
-export function createOpenCodeSessionTracker() {
-	let sessionId = "";
-	let requestCount = 0;
-
-	function generateId(): string {
-		return (
-			Math.random().toString(36).substring(2, 15) +
-			Math.random().toString(36).substring(2, 15)
-		);
-	}
-
-	function getSessionId(): string {
-		if (!sessionId) {
-			sessionId = generateId();
-		}
-		return sessionId;
-	}
-
-	function nextRequestId(): string {
-		requestCount++;
-		return `${getSessionId()}-${requestCount}`;
-	}
-
-	return {
-		getSessionId,
-		nextRequestId,
-	};
-}
+/**
+ * Shared OpenCode session/request tracking.
+ *
+ * OpenCode endpoints appear to behave more reliably when a stable session id
+ * is included across requests in the same Pi session.
+ */
+export function createOpenCodeSessionTracker() {
+	let sessionId = "";
+	let requestCount = 0;
+
+	function generateId(): string {
+		return (
+			Math.random().toString(36).substring(2, 15) +
+			Math.random().toString(36).substring(2, 15)
+		);
+	}
+
+	function getSessionId(): string {
+		if (!sessionId) {
+			sessionId = generateId();
+		}
+		return sessionId;
+	}
+
+	function nextRequestId(): string {
+		requestCount++;
+		return `${getSessionId()}-${requestCount}`;
+	}
+
+	return {
+		getSessionId,
+		nextRequestId,
+	};
+}

package/providers/{qwen-auth.ts → qwen/qwen-auth.ts}

@@ -13,12 +13,12 @@
  */
 
 import crypto from "node:crypto";
-import { spawn } from "node:child_process";
 import type {
 	OAuthCredentials,
 	OAuthLoginCallbacks,
 } from "@mariozechner/pi-ai";
-import { createLogger } from "../lib/logger.ts";
+import { createLogger } from "../../lib/logger.ts";
+import { openBrowser } from "../../lib/open-browser.ts";
 
 const _logger = createLogger("qwen-auth");
 
@@ -37,6 +37,12 @@ const QWEN_OAUTH_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
 const INITIAL_POLL_INTERVAL_MS = 2000;
 const MAX_POLL_INTERVAL_MS = 10000;
 
+// Token refresh buffer: proactively refresh this many ms before actual expiry.
+// Matches qwen-code's SharedTokenManager which uses a 30s buffer.
+// We use 5 minutes (same as pi-core's reference qwen-cli example) to be safe
+// against clock skew, network latency, and server-side early revocation.
+const EXPIRY_BUFFER_MS = 5 * 60 * 1000;
+
 // =============================================================================
 // PKCE Utilities
 // =============================================================================
@@ -46,10 +52,7 @@ function generateCodeVerifier(): string {
 }
 
 function generateCodeChallenge(codeVerifier: string): string {
-	return crypto
-		.createHash("sha256")
-		.update(codeVerifier)
-		.digest("base64url");
+	return crypto.createHash("sha256").update(codeVerifier).digest("base64url");
 }
 
 function generatePKCEPair(): {
@@ -67,33 +70,10 @@ function generatePKCEPair(): {
 
 function objectToUrlEncoded(data: Record<string, string>): string {
 	return Object.keys(data)
-		.map(
-			(key) =>
-				`${encodeURIComponent(key)}=${encodeURIComponent(data[key])}`,
-		)
+		.map((key) => `${encodeURIComponent(key)}=${encodeURIComponent(data[key])}`)
 		.join("&");
 }
 
-function openBrowser(url: string): void {
-	try {
-		if (process.platform === "win32") {
-			// cmd.exe interprets & as a command separator, breaking URLs with query params.
-			// PowerShell's Start-Process treats the URL as a literal string.
-			spawn(
-				"powershell.exe",
-				["-NoProfile", "-NonInteractive", "-Command", `Start-Process "${url.replace(/"/g, '\\"')}"`],
-				{ detached: true, shell: false, windowsHide: true },
-			).unref();
-		} else if (process.platform === "darwin") {
-			spawn("open", [url], { detached: true }).unref();
-		} else {
-			spawn("xdg-open", [url], { detached: true }).unref();
-		}
-	} catch (err) {
-		_logger.debug("Failed to open browser", { error: String(err) });
-	}
-}
-
 function abortableSleep(ms: number, signal?: AbortSignal): Promise<void> {
 	return new Promise((resolve, reject) => {
 		if (signal?.aborted) {
@@ -169,9 +149,7 @@ async function requestDeviceAuthorization(
 		);
 	}
 
-	const result = (await response.json()) as
-		| DeviceAuthorizationData
-		| ErrorData;
+	const result = (await response.json()) as DeviceAuthorizationData | ErrorData;
 
 	if ("error" in result) {
 		throw new Error(
@@ -325,8 +303,8 @@ export async function loginQwen(
 				access: data.access_token!,
 				refresh: data.refresh_token ?? "",
 				expires: data.expires_in
-					? Date.now() + data.expires_in * 1000
-					: Date.now() + 3600 * 1000, // 1 hour default
+					? Date.now() + data.expires_in * 1000 - EXPIRY_BUFFER_MS
+					: Date.now() + 3600 * 1000 - EXPIRY_BUFFER_MS, // 1 hour default minus buffer
 				resource_url: resourceUrl,
 			};
 		}
@@ -354,7 +332,11 @@ export async function loginQwen(
 export async function refreshQwenToken(
 	credentials: OAuthCredentials,
 ): Promise<OAuthCredentials> {
-	if (credentials.expires > Date.now()) return credentials;
+	// Note: we intentionally DO NOT early-return when the token appears valid.
+	// pi-core calls refreshToken() only when it has already determined the token
+	// needs refreshing (Date.now() >= cred.expires). The early return was
+	// redundant and blocked forced-refreshes after server-side token revocation
+	// (where the stored expiry hasn't been reached yet but the token is invalid).
 
 	if (!credentials.refresh) {
 		throw new Error(
@@ -398,21 +380,23 @@ export async function refreshQwenToken(
 	}
 
 	// Preserve resource_url as a proper field (not encoded in refresh token)
-	const resourceUrl = data.resource_url || (credentials.resource_url as string) || "";
+	const resourceUrl =
+		data.resource_url || (credentials.resource_url as string) || "";
 
 	return {
 		access: data.access_token,
 		refresh: data.refresh_token ?? credentials.refresh,
 		expires: data.expires_in
-			? Date.now() + data.expires_in * 1000
-			: Date.now() + 3600 * 1000,
+			? Date.now() + data.expires_in * 1000 - EXPIRY_BUFFER_MS
+			: Date.now() + 3600 * 1000 - EXPIRY_BUFFER_MS,
 		resource_url: resourceUrl,
 	};
 }
 
 // Fallback endpoint used when resource_url is absent from the OAuth token.
 // Mirrors qwen-code's DEFAULT_QWEN_BASE_URL.
-const QWEN_DEFAULT_BASE_URL = "https://dashscope.aliyuncs.com/compatible-mode/v1";
+const QWEN_DEFAULT_BASE_URL =
+	"https://dashscope.aliyuncs.com/compatible-mode/v1";
 
 /**
  * Resolve the API base URL from OAuth credentials.

package/providers/{qwen-models.ts → qwen/qwen-models.ts}

@@ -1,95 +1,101 @@
-/**
- * Qwen OAuth model definitions.
- *
- * Free tier provides Qwen Coder Plus with 1,000 requests/day.
- */
-
-import type { ProviderModelConfig } from "@mariozechner/pi-coding-agent";
-import { createLogger } from "../lib/logger.ts";
-
-const _logger = createLogger("qwen-models");
-
-/**
- * portal.qwen.ai compatibility settings.
- *
- * portal.qwen.ai's OpenAI-compatible API does not support several parameters
- * that the pi framework sends by default.
- */
-export const PORTAL_COMPAT: NonNullable<ProviderModelConfig["compat"]> = {
-	supportsStore: false,
-	supportsDeveloperRole: false,
-	supportsReasoningEffort: false,
-	supportsUsageInStreaming: false,
-	supportsStrictMode: false,
-	maxTokensField: "max_tokens",
-};
-
-/**
- * Fallback model used before OAuth completes or if model discovery fails.
- * The real model ID is resolved dynamically via fetchQwenLiveModels() after auth.
- */
-export const QWEN_FREE_MODELS: ProviderModelConfig[] = [
-	{
-		id: "coder-model",
-		name: "Qwen Coder — Free 1k/day",
-		reasoning: false,
-		input: ["text"],
-		cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
-		contextWindow: 131_072,
-		maxTokens: 16_384,
-		compat: PORTAL_COMPAT,
-	},
-];
-
-/**
- * Fetch Qwen models. For OAuth free tier, the model list is static.
- */
-export async function fetchQwenModels(): Promise<ProviderModelConfig[]> {
-	_logger.info("Qwen OAuth: using static free tier models");
-	return QWEN_FREE_MODELS;
-}
-
-/**
- * Fetch live model list from the Qwen API using the OAuth access token.
- * Returns updated models with real IDs from the server, or the original
- * models unchanged if the request fails.
- */
-export async function fetchQwenLiveModels(
-	baseUrl: string,
-	accessToken: string,
-	templateModels: ProviderModelConfig[],
-): Promise<ProviderModelConfig[]> {
-	try {
-		const response = await fetch(`${baseUrl}/models`, {
-			headers: {
-				Authorization: `Bearer ${accessToken}`,
-				Accept: "application/json",
-			},
-		});
-
-		if (!response.ok) {
-			_logger.info("Qwen /v1/models fetch failed, keeping current model IDs", {
-				status: response.status,
-			});
-			return templateModels;
-		}
-
-		interface ModelEntry { id: string }
-		const data = (await response.json()) as { data?: ModelEntry[] };
-		const ids: string[] = (data.data ?? []).map((m: ModelEntry) => m.id).filter(Boolean);
-
-		_logger.info("Qwen live models discovered", { ids });
-
-		if (ids.length === 0) return templateModels;
-
-		// Prefer a coder model if available, otherwise use the first model
-		const preferred = ids.find((id) => /coder/i.test(id)) ?? ids[0];
-
-		return templateModels.map((m) => ({ ...m, id: preferred }));
-	} catch (err) {
-		_logger.info("Qwen live model fetch error, keeping current model IDs", {
-			error: String(err),
-		});
-		return templateModels;
-	}
-}
+/**
+ * Qwen OAuth model definitions.
+ *
+ * @deprecated The 1,000 req/day free tier is no longer available. Auth is broken.
+ * This provider remains for backward compatibility but should not be used.
+ */
+
+import type { ProviderModelConfig } from "@mariozechner/pi-coding-agent";
+import { createLogger } from "../../lib/logger.ts";
+
+const _logger = createLogger("qwen-models");
+
+/**
+ * portal.qwen.ai compatibility settings.
+ *
+ * portal.qwen.ai's OpenAI-compatible API does not support several parameters
+ * that the pi framework sends by default.
+ */
+export const PORTAL_COMPAT: NonNullable<ProviderModelConfig["compat"]> = {
+	supportsStore: false,
+	supportsDeveloperRole: false,
+	supportsReasoningEffort: false,
+	supportsUsageInStreaming: false,
+	supportsStrictMode: false,
+	maxTokensField: "max_tokens",
+};
+
+/**
+ * Fallback model used before OAuth completes or if model discovery fails.
+ * The real model ID is resolved dynamically via fetchQwenLiveModels() after auth.
+ */
+export const QWEN_FREE_MODELS: ProviderModelConfig[] = [
+	{
+		id: "coder-model",
+		name: "Qwen Coder — DEPRECATED (free tier discontinued)",
+		reasoning: false,
+		input: ["text"],
+		cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+		contextWindow: 131_072,
+		maxTokens: 16_384,
+		compat: PORTAL_COMPAT,
+	},
+];
+
+/**
+ * Fetch Qwen models. Returns static model list for backward compatibility.
+ * @deprecated Qwen free tier is discontinued.
+ */
+export async function fetchQwenModels(): Promise<ProviderModelConfig[]> {
+	_logger.info("Qwen provider is deprecated, returning placeholder models");
+	return QWEN_FREE_MODELS;
+}
+
+/**
+ * Fetch live model list from the Qwen API using the OAuth access token.
+ * Returns updated models with real IDs from the server, or the original
+ * models unchanged if the request fails.
+ */
+export async function fetchQwenLiveModels(
+	baseUrl: string,
+	accessToken: string,
+	templateModels: ProviderModelConfig[],
+): Promise<ProviderModelConfig[]> {
+	try {
+		const response = await fetch(`${baseUrl}/models`, {
+			headers: {
+				Authorization: `Bearer ${accessToken}`,
+				Accept: "application/json",
+			},
+		});
+
+		if (!response.ok) {
+			_logger.info("Qwen /v1/models fetch failed, keeping current model IDs", {
+				status: response.status,
+			});
+			return templateModels;
+		}
+
+		interface ModelEntry {
+			id: string;
+		}
+		const data = (await response.json()) as { data?: ModelEntry[] };
+		const ids: string[] = (data.data ?? [])
+			.map((m: ModelEntry) => m.id)
+			.filter(Boolean);
+
+		_logger.info("Qwen live models discovered", { ids });
+
+		if (ids.length === 0) return templateModels;
+
+		// Prefer a coder model if available, otherwise use the first model
+		const preferred = ids.find((id) => /coder/i.test(id)) ?? ids[0];
+
+		return templateModels.map((m) => ({ ...m, id: preferred }));
+	} catch (err) {
+		_logger.info("Qwen live model fetch error, keeping current model IDs", {
+			error: String(err),
+		});
+		return templateModels;
+	}
+}