pi-free 2.0.15 → 2.1.0

package/config.ts

@@ -9,17 +9,28 @@
  * (e.g. after toggle-{provider}) are visible immediately.
  */
 
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 export {
 	PROVIDER_CLINE,
 	PROVIDER_KILO,
 	PROVIDER_MODAL,
-	PROVIDER_NVIDIA,
 	PROVIDER_QWEN,
 	PROVIDER_ROUTEWAY,
+	PROVIDER_TOKENROUTER,
 } from "./constants.ts";
 import { createLogger } from "./lib/logger.ts";
+import { ensureDir, PI_DATA_DIR } from "./lib/paths.ts";
+
+/**
+ * JSON.parse reviver that strips prototype-pollution payloads.
+ */
+function safeJsonReviver(_key: string, value: unknown): unknown {
+	if (_key === "__proto__" || _key === "constructor") {
+		return undefined;
+	}
+	return value;
+}
 
 const _logger = createLogger("config");
 
@@ -36,6 +47,7 @@ interface PiFreeConfig {
 	novita_api_key?: string;
 	routeway_api_key?: string;
 	fastrouter_api_key?: string;
+	tokenrouter_api_key?: string;
 	kilo_free_only?: boolean;
 	hidden_models?: string[];
 	free_only?: boolean;
@@ -52,6 +64,7 @@ interface PiFreeConfig {
 	novita_show_paid?: boolean;
 	routeway_show_paid?: boolean;
 	fastrouter_show_paid?: boolean;
+	tokenrouter_show_paid?: boolean;
 	openrouter_show_paid?: boolean;
 	opencode_show_paid?: boolean;
 }
@@ -69,6 +82,7 @@ const CONFIG_TEMPLATE: PiFreeConfig = {
 	novita_api_key: "",
 	routeway_api_key: "",
 	fastrouter_api_key: "",
+	tokenrouter_api_key: "",
 
 	kilo_free_only: false,
 	hidden_models: [],
@@ -86,16 +100,16 @@ const CONFIG_TEMPLATE: PiFreeConfig = {
 	novita_show_paid: false,
 	routeway_show_paid: false,
 	fastrouter_show_paid: false,
+	tokenrouter_show_paid: false,
 	openrouter_show_paid: false,
 	opencode_show_paid: false,
 };
 
-const PI_DIR = join(process.env.HOME || process.env.USERPROFILE || "", ".pi");
-const CONFIG_PATH = join(PI_DIR, "free.json");
+const CONFIG_PATH = join(PI_DATA_DIR, "free.json");
 
 function ensureConfigFile(): void {
 	try {
-		mkdirSync(PI_DIR, { recursive: true });
+		ensureDir(PI_DATA_DIR);
 		if (existsSync(CONFIG_PATH)) {
 			let existing: PiFreeConfig;
 			try {
@@ -137,7 +151,10 @@ function ensureConfigFile(): void {
 
 export function loadConfigFile(): PiFreeConfig {
 	try {
-		return JSON.parse(readFileSync(CONFIG_PATH, "utf8")) as PiFreeConfig;
+		return JSON.parse(
+			readFileSync(CONFIG_PATH, "utf8"),
+			safeJsonReviver,
+		) as PiFreeConfig;
 	} catch (err) {
 		_logger.error("Could not parse config file — returning empty config", {
 			path: CONFIG_PATH,
@@ -231,6 +248,13 @@ export function getRoutewayShowPaid(): boolean {
 	return resolveBool("ROUTEWAY_SHOW_PAID", loadConfigFile().routeway_show_paid);
 }
 
+export function getTokenrouterShowPaid(): boolean {
+	return resolveBool(
+		"TOKENROUTER_SHOW_PAID",
+		loadConfigFile().tokenrouter_show_paid,
+	);
+}
+
 export function getFastrouterShowPaid(): boolean {
 	return resolveBool(
 		"FASTROUTER_SHOW_PAID",
@@ -277,6 +301,8 @@ export function getProviderShowPaid(providerId: string): boolean {
 			return getNovitaShowPaid();
 		case "routeway":
 			return getRoutewayShowPaid();
+		case "tokenrouter":
+			return getTokenrouterShowPaid();
 		case "fastrouter":
 			return getFastrouterShowPaid();
 		case "ollama-cloud":
@@ -350,6 +376,10 @@ export function getFastrouterApiKey(): string | undefined {
 	return resolve("FASTROUTER_API_KEY", loadConfigFile().fastrouter_api_key);
 }
 
+export function getTokenrouterApiKey(): string | undefined {
+	return resolve("TOKENROUTER_API_KEY", loadConfigFile().tokenrouter_api_key);
+}
+
 export function getOllamaApiKey(): string | undefined {
 	return resolve("OLLAMA_API_KEY", loadConfigFile().ollama_api_key);
 }
@@ -394,10 +424,10 @@ function readAuthJsonKey(
 
 	// Check auth.json
 	try {
-		const authPath = join(PI_DIR, "agent", "auth.json");
+		const authPath = join(PI_DATA_DIR, "agent", "auth.json");
 		if (!existsSync(authPath)) return undefined;
 		const raw = readFileSync(authPath, "utf8");
-		const auth = JSON.parse(raw) as Record<
+		const auth = JSON.parse(raw, safeJsonReviver) as Record<
 			string,
 			{ type?: string; key?: string }
 		>;
@@ -479,7 +509,7 @@ export function saveConfig(updates: Partial<PiFreeConfig>): void {
 
 		let existing: PiFreeConfig;
 		try {
-			existing = JSON.parse(raw) as PiFreeConfig;
+			existing = JSON.parse(raw, safeJsonReviver) as PiFreeConfig;
 		} catch (parseErr) {
 			// File exists but is corrupt. REFUSE to overwrite it with a partial
 			// config — that would permanently destroy the user's keys.
@@ -508,6 +538,90 @@ export function saveConfig(updates: Partial<PiFreeConfig>): void {
 	}
 }
 
+/**
+ * Serialise all config RMW operations to prevent concurrent updates
+ * from clobbering each other (e.g. two provider probes finishing at the
+ * same time both writing hidden_models and losing the other's update).
+ */
+class ConfigLock {
+	private promise: Promise<void> = Promise.resolve();
+
+	async acquire(): Promise<() => void> {
+		let release: () => void;
+		const newPromise = new Promise<void>((resolve) => {
+			release = resolve;
+		});
+		const previous = this.promise;
+		this.promise = previous.then(() => newPromise);
+		await previous;
+		return release!;
+	}
+}
+
+const _configLock = new ConfigLock();
+
+/**
+ * Atomically read-modify-write the config file. The updater function
+ * receives the current parsed config and returns the partial updates to
+ * merge. Concurrent calls are serialised by an internal lock.
+ *
+ * If the config file is corrupt, the updater is NOT called and the file
+ * is left untouched (matches saveConfig's safety behaviour).
+ */
+export async function updateConfig(
+	updater: (current: PiFreeConfig) => Partial<PiFreeConfig>,
+): Promise<void> {
+	const release = await _configLock.acquire();
+	try {
+		const raw = readRawConfigFile();
+		if (raw === undefined) {
+			// File doesn't exist — start from template, apply updater once
+			const updated = updater({ ...CONFIG_TEMPLATE });
+			const merged = { ...CONFIG_TEMPLATE, ...updated };
+			writeFileSync(
+				CONFIG_PATH,
+				`${JSON.stringify(merged, null, 2)}\n`,
+				"utf8",
+			);
+			_logger.info("Config updated (new file)", {
+				path: CONFIG_PATH,
+				keys: Object.keys(updated),
+			});
+			return;
+		}
+
+		let existing: PiFreeConfig;
+		try {
+			existing = JSON.parse(raw, safeJsonReviver) as PiFreeConfig;
+		} catch (parseErr) {
+			_logger.error(
+				"REFUSING to update config — existing file is corrupt. Fix or delete ~/.pi/free.json manually.",
+				{
+					path: CONFIG_PATH,
+					error:
+						parseErr instanceof Error ? parseErr.message : String(parseErr),
+				},
+			);
+			return;
+		}
+
+		const updated = updater(existing);
+		const merged = { ...existing, ...updated };
+		writeFileSync(CONFIG_PATH, `${JSON.stringify(merged, null, 2)}\n`, "utf8");
+		_logger.info("Config updated", {
+			path: CONFIG_PATH,
+			keys: Object.keys(updated),
+		});
+	} catch (err) {
+		_logger.error("Failed to update config", {
+			path: CONFIG_PATH,
+			error: err instanceof Error ? err.message : String(err),
+		});
+	} finally {
+		release();
+	}
+}
+
 export function getConfig(): PiFreeConfig {
 	return loadConfigFile();
 }

package/constants.ts

@@ -9,7 +9,6 @@
 
 export const PROVIDER_KILO = "kilo";
 export const PROVIDER_CLINE = "cline";
-export const PROVIDER_NVIDIA = "nvidia";
 export const PROVIDER_CLOUDFLARE = "cloudflare";
 export const PROVIDER_OLLAMA = "ollama-cloud";
 /** @deprecated Qwen provider is deprecated. The 1,000 req/day free tier is no longer available. */
@@ -24,11 +23,11 @@ export const PROVIDER_SAMBANOVA = "sambanova";
 export const PROVIDER_TOGETHER = "together";
 export const PROVIDER_NOVITA = "novita";
 export const PROVIDER_ROUTEWAY = "routeway";
+export const PROVIDER_TOKENROUTER = "tokenrouter";
 
 export const ALL_UNIQUE_PROVIDERS = [
 	PROVIDER_KILO,
 	PROVIDER_CLINE,
-	PROVIDER_NVIDIA,
 	/** @deprecated Qwen free tier no longer available */
 	PROVIDER_QWEN,
 	PROVIDER_MODAL,
@@ -42,6 +41,7 @@ export const ALL_UNIQUE_PROVIDERS = [
 	PROVIDER_TOGETHER,
 	PROVIDER_NOVITA,
 	PROVIDER_ROUTEWAY,
+	PROVIDER_TOKENROUTER,
 ] as const;
 
 // =============================================================================
@@ -49,7 +49,6 @@ export const ALL_UNIQUE_PROVIDERS = [
 // =============================================================================
 
 export const BASE_URL_KILO = "https://api.kilo.ai/api/gateway";
-export const BASE_URL_NVIDIA = "https://integrate.api.nvidia.com/v1";
 export const BASE_URL_CLOUDFLARE = "https://api.cloudflare.com/client/v4";
 export const BASE_URL_OLLAMA = "https://ollama.com/v1"; // OpenAI-compatible API endpoint
 export const BASE_URL_CLINE = "https://api.cline.bot/api/v1";
@@ -65,6 +64,7 @@ export const BASE_URL_SAMBANOVA = "https://api.sambanova.ai/v1";
 export const BASE_URL_TOGETHER = "https://api.together.xyz/v1";
 export const BASE_URL_NOVITA = "https://api.novita.ai/openai/v1";
 export const BASE_URL_ROUTEWAY = "https://api.routeway.ai/v1";
+export const BASE_URL_TOKENROUTER = "https://api.tokenrouter.com/v1";
 
 /** Cline fetches free models from OpenRouter */
 export const BASE_URL_OPENROUTER = "https://openrouter.ai/api/v1";
@@ -85,12 +85,6 @@ export const URL_MODAL_TOS = "https://modal.com/terms";
 
 export const CLINE_AUTH_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
 
-// =============================================================================
-// Configuration thresholds
-// =============================================================================
-
-export const NVIDIA_MIN_SIZE_B = 70; // Minimum model size for NVIDIA NIM
-
 // =============================================================================
 // Timeouts (milliseconds)
 // =============================================================================

package/index.ts

@@ -15,6 +15,7 @@
  * - SambaNova: Fast inference on RDU hardware (free tier, no credit card)
  * - Together: Fast inference on 200+ open-source models ($1 trial credit)
  * - Routeway: OpenAI-compatible gateway with free `:free` models
+ * - TokenRouter: OpenAI-compatible gateway routing to 90+ models
  * - LLM7: AI gateway (free default/fast selectors)
  */
 
@@ -50,7 +51,7 @@ import sambanova from "./providers/sambanova/sambanova.ts";
 import together from "./providers/together/together.ts";
 import novita from "./providers/novita/novita.ts";
 import routeway from "./providers/routeway/routeway.ts";
-import nvidia from "./providers/nvidia/nvidia.ts";
+import tokenRouter from "./providers/tokenrouter/tokenrouter.ts";
 import ollama from "./providers/ollama/ollama.ts";
 import zenmux from "./providers/zenmux/zenmux.ts";
 
@@ -67,7 +68,7 @@ function setupGlobalCommands(pi: ExtensionAPI) {
 		handler: async (_args, ctx) => {
 			const current = getGlobalFreeOnly();
 			const next = !current;
-			applyGlobalFilter(pi, next, { force: true });
+			applyGlobalFilter(next, { force: true });
 
 			const registry = getProviderRegistry();
 			const providerCount = registry.size;
@@ -111,11 +112,7 @@ function setupGlobalCommands(pi: ExtensionAPI) {
 				"cerebras",
 			]);
 			// Freemium providers - all models share a free tier quota
-			const freemiumProviders = new Set([
-				"nvidia",
-				"sambanova",
-				"ollama-cloud",
-			]);
+			const freemiumProviders = new Set(["sambanova", "ollama-cloud"]);
 			// Trial credit providers - one-time credits, otherwise paid
 			const trialCreditProviders = new Set(["deepinfra"]);
 
@@ -208,7 +205,7 @@ function setupGlobalCommands(pi: ExtensionAPI) {
 	pi.registerCommand("clear-free-telemetry", {
 		description: "Clear all model telemetry data",
 		handler: async (_args, ctx) => {
-			clearTelemetry();
+			await clearTelemetry();
 			ctx.ui.notify("Telemetry data cleared", "info");
 		},
 	});
@@ -268,7 +265,7 @@ function setupTelemetry(pi: ExtensionAPI) {
 	});
 
 	// Record telemetry when a turn completes
-	pi.on("turn_end", (event, ctx) => {
+	pi.on("turn_end", async (event, ctx) => {
 		if (!ctx.model) return;
 		if (!isFreeModel(ctx.model as any)) return;
 
@@ -302,14 +299,16 @@ function setupTelemetry(pi: ExtensionAPI) {
 		const cost = usage?.cost?.total ?? 0;
 		const isError = msg.stopReason === "error" || !!msg.errorMessage;
 
-		recordModelCall(
+		await recordModelCall(
 			provider,
 			model,
 			{ input: inputTokens, output: outputTokens, totalTokens },
 			cost,
-			!isError,
-			msg.stopReason,
-			msg.errorMessage,
+			{
+				success: !isError,
+				stopReason: msg.stopReason,
+				errorMessage: msg.errorMessage,
+			},
 		);
 	});
 }
@@ -334,7 +333,6 @@ export default async function piFreeEntry(pi: ExtensionAPI) {
 	// Load all unique providers
 	// Each provider will register itself with the global toggle system
 	await Promise.allSettled([
-		nvidia(pi),
 		kilo(pi),
 		ollama(pi),
 		cline(pi),
@@ -347,6 +345,7 @@ export default async function piFreeEntry(pi: ExtensionAPI) {
 		together(pi),
 		novita(pi),
 		routeway(pi),
+		tokenRouter(pi),
 	]);
 
 	// Setup dynamic built-in providers (Mistral, Groq, Cerebras, xAI, Hugging Face,
@@ -362,7 +361,7 @@ export default async function piFreeEntry(pi: ExtensionAPI) {
 	// Apply initial global filter if free-only mode is enabled
 	if (globalFreeOnly) {
 		_logger.info("[pi-free] Applying initial free-only filter");
-		applyGlobalFilter(pi, true);
+		applyGlobalFilter(true);
 	}
 
 	const registry = getProviderRegistry();

package/lib/built-in-toggle.ts

@@ -23,6 +23,7 @@ import {
 	isFreeModel,
 	registerWithGlobalToggle,
 } from "./registry.ts";
+import { wrapSessionStartHandler } from "./session-start-metrics.ts";
 import { createToggleState } from "./toggle-state.ts";
 import {
 	OPENCODE_DYNAMIC_API,
@@ -34,7 +35,16 @@ import {
 const _logger = createLogger("built-in-toggle");
 
 // OpenCode requires per-request ids; see createOpenCodeStreamSimple().
-const _opencodeSession = createOpenCodeSessionTracker();
+// Lazy-initialised because the OpenCode dynamic fetcher in
+// providers/dynamic-built-in/ usually wins the race for `opencode`,
+// leaving this fallback capture unused — no point allocating the
+// session tracker on every module import.
+let _opencodeSession: ReturnType<typeof createOpenCodeSessionTracker> | null =
+	null;
+function getOpenCodeSession() {
+	if (!_opencodeSession) _opencodeSession = createOpenCodeSessionTracker();
+	return _opencodeSession;
+}
 
 // =============================================================================
 // Configuration
@@ -90,22 +100,25 @@ export function setupBuiltInProviderToggles(pi: ExtensionAPI): void {
 	}
 
 	// Capture built-in models on session start and apply initial filter
-	pi.on("session_start", async (_event, ctx) => {
-		for (const config of activeConfigs) {
-			if (providerStates.has(config.id)) {
-				// Already captured — skip to avoid re-registering
-				continue;
-			}
+	pi.on(
+		"session_start",
+		wrapSessionStartHandler("built-in-toggle", async (_event, ctx) => {
+			for (const config of activeConfigs) {
+				if (providerStates.has(config.id)) {
+					// Already captured — skip to avoid re-registering
+					continue;
+				}
 
-			const state = tryCaptureProvider(pi, config, ctx);
-			if (!state) continue;
+				const state = tryCaptureProvider(pi, config, ctx);
+				if (!state) continue;
 
-			const applied = state.toggleState.applyCurrent(state.reRegister);
-			_logger.info(
-				`[built-in-toggle] ${config.id}: applied ${applied.mode} mode with ${applied.models.length} models`,
-			);
-		}
-	});
+				const applied = state.toggleState.applyCurrent(state.reRegister);
+				_logger.info(
+					`[built-in-toggle] ${config.id}: applied ${applied.mode} mode with ${applied.models.length} models`,
+				);
+			}
+		}),
+	);
 }
 
 // =============================================================================
@@ -140,7 +153,7 @@ function tryCaptureProvider(
 			apiKey: apiKeyEnv,
 			api: isOpenCodeProvider(config.id) ? OPENCODE_DYNAMIC_API : api,
 			...(isOpenCodeProvider(config.id)
-				? { streamSimple: createOpenCodeStreamSimple(_opencodeSession) }
+				? { streamSimple: createOpenCodeStreamSimple(getOpenCodeSession()) }
 				: {}),
 			models,
 		});

package/lib/json-persistence.ts

@@ -1,17 +1,47 @@
 /**
  * Shared JSON persistence utilities.
- * Consolidates file I/O patterns from usage-store.ts and free-tier-limits.ts
+ * Consolidated file I/O patterns from usage-store.ts and free-tier-limits.ts
  */
 
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
 import { dirname } from "node:path";
 import { createLogger } from "./logger.ts";
+import { ensureDir } from "./paths.ts";
 
 const _logger = createLogger("json-persistence");
 
+/**
+ * JSON.parse reviver that strips prototype-pollution payloads.
+ * Filters out `__proto__` and `constructor` keys at every level of the
+ * parsed object, preventing attackers from polluting Object.prototype
+ * through crafted config/cache files.
+ */
+function safeJsonReviver(_key: string, value: unknown): unknown {
+	if (_key === "__proto__" || _key === "constructor") {
+		return undefined;
+	}
+	return value;
+}
+
 export interface JSONStore<T> {
 	load(): T;
 	save(data: T): void;
+	update(updater: (data: T) => T): Promise<T>;
+}
+
+class Lock {
+	private promise: Promise<void> = Promise.resolve();
+
+	async acquire(): Promise<() => void> {
+		let release: () => void;
+		const newPromise = new Promise<void>((resolve) => {
+			release = resolve;
+		});
+		const previous = this.promise;
+		this.promise = previous.then(() => newPromise);
+		await previous;
+		return release!;
+	}
 }
 
 /**
@@ -22,16 +52,23 @@ export function createJSONStore<T extends object>(
 	defaultValue: T,
 ): JSONStore<T> {
 	let cached: T | null = null;
+	const lock = new Lock();
 
 	function load(): T {
 		if (cached) return cached;
 		try {
 			if (existsSync(filepath)) {
-				cached = JSON.parse(readFileSync(filepath, "utf-8")) as T;
+				cached = JSON.parse(
+					readFileSync(filepath, "utf-8"),
+					safeJsonReviver,
+				) as T;
 				return cached;
 			}
 		} catch (err) {
-			_logger.warn("Failed to load JSON store, using default", { filepath, error: err });
+			_logger.warn("Failed to load JSON store, using default", {
+				filepath,
+				error: err,
+			});
 		}
 		cached = defaultValue;
 		return cached;
@@ -40,62 +77,93 @@ export function createJSONStore<T extends object>(
 	function save(data: T): void {
 		cached = data;
 		try {
-			const dir = dirname(filepath);
-			if (!existsSync(dir)) {
-				mkdirSync(dir, { recursive: true });
-			}
+			ensureDir(dirname(filepath));
 			writeFileSync(filepath, `${JSON.stringify(data, null, 2)}\n`, "utf-8");
 		} catch (err) {
 			_logger.warn("Failed to save JSON store", { filepath, error: err });
 		}
 	}
 
-	return { load, save };
+	async function update(updater: (data: T) => T): Promise<T> {
+		const release = await lock.acquire();
+		try {
+			const data = load();
+			const updated = updater(data);
+			save(updated);
+			return updated;
+		} finally {
+			release();
+		}
+	}
+
+	return { load, save, update };
 }
 
 /**
  * Create a JSONL (newline-delimited JSON) store for append-only logs.
+ *
+ * `append` and `clear` are async and serialised by an internal lock to
+ * prevent interleaved writes (e.g. `clear` truncating the file while
+ * `append` is mid-write).
  */
 export function createJSONLStore<T extends object>(
 	filepath: string,
 ): {
 	load(): T[];
-	append(entry: T): void;
-	clear(): void;
+	append(entry: T): Promise<void>;
+	clear(): Promise<void>;
 } {
+	const lock = new Lock();
+
 	function load(): T[] {
 		try {
 			if (existsSync(filepath)) {
 				const content = readFileSync(filepath, "utf-8");
-				return content
-					.split("\n")
-					.filter((line) => line.trim())
-					.map((line) => JSON.parse(line) as T);
+				const lines = content.split("\n").filter((line) => line.trim());
+				const entries: T[] = [];
+				for (const [index, line] of lines.entries()) {
+					try {
+						entries.push(JSON.parse(line, safeJsonReviver) as T);
+					} catch (err) {
+						_logger.warn("Malformed JSONL line skipped", {
+							filepath,
+							line: index + 1,
+							error: err,
+						});
+					}
+				}
+				return entries;
 			}
 		} catch (err) {
-			_logger.warn("Failed to load JSONL store, using empty array", { filepath, error: err });
+			_logger.warn("Failed to load JSONL store, using empty array", {
+				filepath,
+				error: err,
+			});
 		}
 		return [];
 	}
 
-	function append(entry: T): void {
+	async function append(entry: T): Promise<void> {
+		const release = await lock.acquire();
 		try {
-			const dir = dirname(filepath);
-			if (!existsSync(dir)) {
-				mkdirSync(dir, { recursive: true });
-			}
+			ensureDir(dirname(filepath));
 			const line = JSON.stringify(entry);
 			writeFileSync(filepath, `${line}\n`, { flag: "a", encoding: "utf-8" });
 		} catch (err) {
 			_logger.warn("Failed to append to JSONL store", { filepath, error: err });
+		} finally {
+			release();
 		}
 	}
 
-	function clear(): void {
+	async function clear(): Promise<void> {
+		const release = await lock.acquire();
 		try {
 			writeFileSync(filepath, "", "utf-8");
 		} catch (err) {
 			_logger.warn("Failed to clear JSONL store", { filepath, error: err });
+		} finally {
+			release();
 		}
 	}