pi-free 2.2.0 → 2.2.2

package/CHANGELOG.md

@@ -7,6 +7,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.2.2] - 2026-06-19
+
+### Refactored
+
+- `config.ts`: Introduced `PROVIDER_META` table that pairs each
+  provider's ID, env-var prefix, and typed config key. `getProviderShowPaid`
+  now delegates to a generic `resolveShowPaidForProvider` resolver
+  instead of a 17-case switch. New `PROVIDER_OPENROUTER`, `PROVIDER_OPENCODE`,
+  and `PROVIDER_FASTROUTER` constants added to `constants.ts` and used
+  in the table (DRYKISS DRY/Architecture findings).
+- `index.ts`: Wrap dynamic built-in provider import in `try/catch`
+  with full error+stack logging to both `~/.pi/free.log` and stderr
+  (DRYKISS Resilience finding).
+- `providers/bai/bai.ts`: Improve startup-failure message to point users
+  at `~/.pi/free.log` and their API key (DRYKISS Resilience finding).
+
+## [2.2.1] - 2026-06-19
+
+### Security
+
+- `~/.pi/free.json` (which contains API keys for paid providers) is now
+  written and re-tightened with mode `0600` (owner read/write only) on
+  every startup and on every write. Previously the file was world-readable
+  on Unix. No-op on Windows. Closes DRYKISS finding.
+
+### Fixed
+
+- Wrap quota monitoring and telemetry event handlers in `try/catch` so a
+  failed status-bar update or telemetry write can never break the agent
+  loop (DRYKISS resilience findings).
+
 ## [2.2.0] - 2026-06-19
 
 ### Added

package/config.ts

@@ -9,13 +9,35 @@
  * (e.g. after toggle-{provider}) are visible immediately.
  */
 
-import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { chmodSync, existsSync, readFileSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
+import {
+	PROVIDER_BAI,
+	PROVIDER_CLINE,
+	PROVIDER_FASTROUTER,
+	PROVIDER_KILO,
+	PROVIDER_OLLAMA,
+	PROVIDER_OPENCODE,
+	PROVIDER_OPENROUTER,
+	PROVIDER_ROUTEWAY,
+	PROVIDER_TOKENROUTER,
+	PROVIDER_ZENMUX,
+	PROVIDER_CROFAI,
+	PROVIDER_CODESTRAL,
+	PROVIDER_LLM7,
+	PROVIDER_DEEPINFRA,
+	PROVIDER_SAMBANOVA,
+	PROVIDER_TOGETHER,
+	PROVIDER_NOVITA,
+} from "./constants.ts";
 export {
 	PROVIDER_BAI,
 	PROVIDER_CLINE,
+	PROVIDER_FASTROUTER,
 	PROVIDER_KILO,
 	PROVIDER_MODAL,
+	PROVIDER_OPENCODE,
+	PROVIDER_OPENROUTER,
 	PROVIDER_QWEN,
 	PROVIDER_ROUTEWAY,
 	PROVIDER_TOKENROUTER,
@@ -130,6 +152,9 @@ function ensureConfigFile(): void {
 				);
 				return;
 			}
+			// Always tighten permissions on startup, even if contents are
+			// unchanged — older installs may have a world-readable file.
+			restrictConfigFilePermissions();
 			// Merge with template to add any missing keys, preserving existing values
 			const merged = { ...CONFIG_TEMPLATE, ...existing };
 			if (JSON.stringify(merged) !== JSON.stringify(existing)) {
@@ -138,6 +163,7 @@ function ensureConfigFile(): void {
 					`${JSON.stringify(merged, null, 2)}\n`,
 					"utf8",
 				);
+				restrictConfigFilePermissions();
 			}
 		} else {
 			writeFileSync(
@@ -145,6 +171,7 @@ function ensureConfigFile(): void {
 				`${JSON.stringify(CONFIG_TEMPLATE, null, 2)}\n`,
 				"utf8",
 			);
+			restrictConfigFilePermissions();
 		}
 	} catch (err) {
 		_logger.warn("Could not create config file", {
@@ -154,6 +181,24 @@ function ensureConfigFile(): void {
 	}
 }
 
+/**
+ * Restrict `~/.pi/free.json` to owner read/write (0600). The file may
+ * contain API keys for paid providers, so it must never be world-readable.
+ * Best-effort: if chmod is not supported on the platform/filesystem,
+ * log a warning and continue (the keys are still safe inside the user's
+ * home directory).
+ */
+function restrictConfigFilePermissions(): void {
+	try {
+		chmodSync(CONFIG_PATH, 0o600);
+	} catch (err) {
+		_logger.warn("Could not restrict config file permissions to 0600", {
+			path: CONFIG_PATH,
+			error: err instanceof Error ? err.message : String(err),
+		});
+	}
+}
+
 export function loadConfigFile(): PiFreeConfig {
 	try {
 		return JSON.parse(
@@ -196,6 +241,56 @@ function resolveBool(envKey: string, fileVal?: boolean): boolean {
 	return fileVal === true;
 }
 
+// =============================================================================
+// Per-provider metadata table
+// Adding a new provider only requires a single entry here plus the
+// corresponding field in the PiFreeConfig interface and CONFIG_TEMPLATE.
+// Each entry pairs the provider ID with its env-var prefix (used for both
+// the API key and show_paid flag) and the typed key on PiFreeConfig.
+// =============================================================================
+
+interface ProviderMeta {
+	id: string;
+	/** Env var prefix, e.g. "KILO" => KILO_SHOW_PAID and KILO_API_KEY */
+	prefix: string;
+	/** Typed accessor returning the show_paid value from PiFreeConfig */
+	showPaidKey: keyof PiFreeConfig;
+}
+
+const PROVIDER_META: readonly ProviderMeta[] = [
+	{ id: PROVIDER_KILO, prefix: "KILO", showPaidKey: "kilo_show_paid" },
+	{ id: PROVIDER_CLINE, prefix: "CLINE", showPaidKey: "cline_show_paid" },
+	{ id: PROVIDER_ZENMUX, prefix: "ZENMUX", showPaidKey: "zenmux_show_paid" },
+	{ id: PROVIDER_CROFAI, prefix: "CROFAI", showPaidKey: "crofai_show_paid" },
+	{ id: PROVIDER_CODESTRAL, prefix: "CODESTRAL", showPaidKey: "codestral_show_paid" },
+	{ id: PROVIDER_LLM7, prefix: "LLM7", showPaidKey: "llm7_show_paid" },
+	{ id: PROVIDER_DEEPINFRA, prefix: "DEEPINFRA", showPaidKey: "deepinfra_show_paid" },
+	{ id: PROVIDER_SAMBANOVA, prefix: "SAMBANOVA", showPaidKey: "sambanova_show_paid" },
+	{ id: PROVIDER_TOGETHER, prefix: "TOGETHER", showPaidKey: "together_show_paid" },
+	{ id: PROVIDER_NOVITA, prefix: "NOVITA", showPaidKey: "novita_show_paid" },
+	{ id: PROVIDER_ROUTEWAY, prefix: "ROUTEWAY", showPaidKey: "routeway_show_paid" },
+	{ id: PROVIDER_TOKENROUTER, prefix: "TOKENROUTER", showPaidKey: "tokenrouter_show_paid" },
+	{ id: PROVIDER_BAI, prefix: "BAI", showPaidKey: "bai_show_paid" },
+	{ id: PROVIDER_FASTROUTER, prefix: "FASTROUTER", showPaidKey: "fastrouter_show_paid" },
+	{ id: PROVIDER_OLLAMA, prefix: "OLLAMA", showPaidKey: "ollama_show_paid" },
+	{ id: PROVIDER_OPENROUTER, prefix: "OPENROUTER", showPaidKey: "openrouter_show_paid" },
+	{ id: PROVIDER_OPENCODE, prefix: "OPENCODE", showPaidKey: "opencode_show_paid" },
+];
+
+const PROVIDER_META_BY_ID = new Map(PROVIDER_META.map((m) => [m.id, m]));
+
+/**
+ * Generic show_paid resolver backed by PROVIDER_META. Returns false
+ * for unknown provider IDs (matches the previous switch default).
+ */
+function resolveShowPaidForProvider(providerId: string): boolean {
+	const meta = PROVIDER_META_BY_ID.get(providerId);
+	if (!meta) return false;
+	const cfg = loadConfigFile();
+	const fileVal = cfg[meta.showPaidKey];
+	return resolveBool(`${meta.prefix}_SHOW_PAID`, fileVal as boolean | undefined);
+}
+
 // =============================================================================
 // Per-provider paid-model flags (getters so toggles reflect immediately)
 // =============================================================================
@@ -287,44 +382,7 @@ export function getOpencodeShowPaid(): boolean {
 }
 
 export function getProviderShowPaid(providerId: string): boolean {
-	switch (providerId) {
-		case "kilo":
-			return getKiloShowPaid();
-		case "cline":
-			return getClineShowPaid();
-		case "zenmux":
-			return getZenmuxShowPaid();
-		case "crofai":
-			return getCrofaiShowPaid();
-		case "codestral":
-			return getCodestralShowPaid();
-		case "llm7":
-			return getLlm7ShowPaid();
-		case "deepinfra":
-			return getDeepinfraShowPaid();
-		case "sambanova":
-			return getSambanovaShowPaid();
-		case "together":
-			return getTogetherShowPaid();
-		case "novita":
-			return getNovitaShowPaid();
-		case "routeway":
-			return getRoutewayShowPaid();
-		case "tokenrouter":
-			return getTokenrouterShowPaid();
-		case "bai":
-			return getBaiShowPaid();
-		case "fastrouter":
-			return getFastrouterShowPaid();
-		case "ollama-cloud":
-			return getOllamaShowPaid();
-		case "openrouter":
-			return getOpenrouterShowPaid();
-		case "opencode":
-			return getOpencodeShowPaid();
-		default:
-			return false;
-	}
+	return resolveShowPaidForProvider(providerId);
 }
 
 // =============================================================================

package/constants.ts

@@ -26,6 +26,11 @@ export const PROVIDER_ROUTEWAY = "routeway";
 export const PROVIDER_TOKENROUTER = "tokenrouter";
 export const PROVIDER_BAI = "bai";
 
+// Built-in pi providers that pi-free wraps with toggles
+export const PROVIDER_OPENROUTER = "openrouter";
+export const PROVIDER_OPENCODE = "opencode";
+export const PROVIDER_FASTROUTER = "fastrouter";
+
 export const ALL_UNIQUE_PROVIDERS = [
 	PROVIDER_KILO,
 	PROVIDER_CLINE,

package/index.ts

@@ -222,29 +222,42 @@ function setupQuotaMonitoring(pi: ExtensionAPI) {
 	(pi as any).on(
 		"after_provider_response",
 		(event: { status: number; headers: Record<string, string> }, ctx: any) => {
-			const providerId = ctx.model?.provider;
-			if (!providerId) return;
+			try {
+				const providerId = ctx.model?.provider;
+				if (!providerId) return;
 
-			processQuotaResponse(providerId, event.headers);
+				processQuotaResponse(providerId, event.headers);
 
-			// Update status bar with quota for the active provider
-			const status = formatQuotaStatus(providerId);
-			if (status) {
-				ctx.ui.setStatus("quota", status);
+				// Update status bar with quota for the active provider
+				const status = formatQuotaStatus(providerId);
+				if (status) {
+					ctx.ui.setStatus("quota", status);
+				}
+			} catch (err) {
+				// Quota monitoring is best-effort — never break the agent flow
+				_logger.warn("quota monitoring failed", {
+					error: err instanceof Error ? err.message : String(err),
+				});
 			}
 		},
 	);
 
 	// Clear quota status when switching away from a provider
 	pi.on("model_select", (_event, ctx) => {
-		const providerId = ctx.model?.provider;
-		if (!providerId) {
-			ctx.ui.setStatus("quota", undefined);
-			return;
+		try {
+			const providerId = ctx.model?.provider;
+			if (!providerId) {
+				ctx.ui.setStatus("quota", undefined);
+				return;
+			}
+			// Show cached quota on provider switch (if still fresh)
+			const status = formatQuotaStatus(providerId);
+			ctx.ui.setStatus("quota", status);
+		} catch (err) {
+			_logger.warn("quota status update failed", {
+				error: err instanceof Error ? err.message : String(err),
+			});
 		}
-		// Show cached quota on provider switch (if still fresh)
-		const status = formatQuotaStatus(providerId);
-		ctx.ui.setStatus("quota", status);
 	});
 }
 
@@ -261,7 +274,14 @@ function setupTelemetry(pi: ExtensionAPI) {
 		const provider = ctx.model?.provider;
 		const model = ctx.model?.id;
 		if (provider && model) {
-			startModelCall(provider, model);
+			try {
+				startModelCall(provider, model);
+			} catch (err) {
+				// Telemetry is best-effort — never break the agent flow
+				_logger.warn("telemetry startModelCall failed", {
+					error: err instanceof Error ? err.message : String(err),
+				});
+			}
 		}
 	});
 
@@ -300,17 +320,24 @@ function setupTelemetry(pi: ExtensionAPI) {
 		const cost = usage?.cost?.total ?? 0;
 		const isError = msg.stopReason === "error" || !!msg.errorMessage;
 
-		await recordModelCall(
-			provider,
-			model,
-			{ input: inputTokens, output: outputTokens, totalTokens },
-			cost,
-			{
-				success: !isError,
-				stopReason: msg.stopReason,
-				errorMessage: msg.errorMessage,
-			},
-		);
+		try {
+			await recordModelCall(
+				provider,
+				model,
+				{ input: inputTokens, output: outputTokens, totalTokens },
+				cost,
+				{
+					success: !isError,
+					stopReason: msg.stopReason,
+					errorMessage: msg.errorMessage,
+				},
+			);
+		} catch (err) {
+			// Telemetry is best-effort — never break the agent flow
+			_logger.warn("telemetry recordModelCall failed", {
+				error: err instanceof Error ? err.message : String(err),
+			});
+		}
 	});
 }
 
@@ -352,10 +379,22 @@ export default async function piFreeEntry(pi: ExtensionAPI) {
 
 	// Setup dynamic built-in providers (Mistral, Groq, Cerebras, xAI, Hugging Face,
 	// OpenRouter/OpenCode from Pi auth, and FastRouter public model discovery)
-	const { setupDynamicBuiltInProviders } = await import(
-		"./providers/dynamic-built-in/index.ts"
-	);
-	await setupDynamicBuiltInProviders(pi);
+	try {
+		const { setupDynamicBuiltInProviders } = await import(
+			"./providers/dynamic-built-in/index.ts"
+		);
+		await setupDynamicBuiltInProviders(pi);
+	} catch (err) {
+		// Dynamic providers are a best-effort enhancement — if the import
+		// or init fails (e.g. upstream API change), continue with the
+		// already-registered static providers rather than failing the whole
+		// extension load. Log full error (message + stack) to the structured
+		// log so the user can investigate, but never block startup.
+		_logger.error("[pi-free] Dynamic built-in providers failed to load", {
+			error: err instanceof Error ? err.message : String(err),
+			stack: err instanceof Error ? err.stack : undefined,
+		});
+	}
 
 	// Setup toggles for pi's built-in providers (e.g., OpenCode)
 	setupBuiltInProviderToggles(pi);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "pi-free",
-	"version": "2.2.0",
+	"version": "2.2.2",
 	"type": "module",
 	"description": "AI model providers for Pi with free model filtering and dynamic model fetching",
 	"keywords": [

package/providers/bai/bai.ts

@@ -184,7 +184,12 @@ export default async function baiProvider(pi: ExtensionAPI) {
 	const allModels = await fetchBaiModels(apiKey);
 
 	if (allModels.length === 0) {
-		_logger.warn("[bai] No text chat models available");
+		// Either the API failed (already logged inside fetchBaiModels) or
+		// the API returned zero text chat models. We can't tell the user
+		// which, but we can give a hint to check the log / their key.
+		_logger.warn(
+			"[bai] No text chat models available — verify BAI_API_KEY is valid and see ~/.pi/free.log for details",
+		);
 		return;
 	}