pi-oracle 0.7.6 → 0.7.8

package/extensions/oracle/lib/config.ts

@@ -6,7 +6,7 @@
 import { execFileSync } from "node:child_process";
 import { existsSync, readFileSync } from "node:fs";
 import { homedir } from "node:os";
-import { getAgentDir } from "@earendil-works/pi-coding-agent";
+import { getAgentDir, hasProjectTrustInputs, ProjectTrustStore } from "@earendil-works/pi-coding-agent";
 import { isAbsolute, join, normalize } from "node:path";
 import {
   assertNotKnownBrowserUserDataPath,
@@ -313,27 +313,76 @@ const detectedChromeUserAgent = detectDefaultChromeUserAgent(detectedChromeExecu
 const agentExtensionsDir = join(getAgentDir(), "extensions");
 const detectedChromeProfileName = detectDefaultBrowserProfileSource(process.platform);
 
+export interface OracleConfigLoadOptions {
+  /**
+   * Whether project-local oracle config may be loaded. Omit for the runtime
+   * policy that preserves oracle's historical project-config behavior while
+   * respecting explicit --no-approve and saved distrust decisions.
+   */
+  projectConfigTrusted?: boolean;
+  /** Session cwd used for Pi's saved project-trust decision when config lookup is anchored to a derived project root. */
+  projectConfigTrustCwd?: string;
+}
+
 export interface OracleConfigLoadDetails {
   agentDir: string;
   agentConfigPath: string;
   agentConfigExists: boolean;
   projectConfigPath: string;
   projectConfigExists: boolean;
+  projectConfigTrusted: boolean;
+  projectConfigLoaded: boolean;
+  projectConfigSkippedReason?: string;
   effectiveAuthConfigPath: string;
   effectiveAuthScope: "agent";
 }
 
-export function getOracleConfigLoadDetails(cwd: string): OracleConfigLoadDetails {
+function getProjectTrustCliOverride(argv = process.argv): boolean | undefined {
+  let trusted: boolean | undefined;
+  for (const arg of argv.slice(2)) {
+    if (arg === "--approve" || arg === "-a") trusted = true;
+    if (arg === "--no-approve" || arg === "-na") trusted = false;
+  }
+  return trusted;
+}
+
+function isProjectConfigTrusted(cwd: string, agentDir: string, projectConfigExists: boolean, options?: OracleConfigLoadOptions): boolean {
+  if (options?.projectConfigTrusted !== undefined) return options.projectConfigTrusted;
+  const trustCwd = options?.projectConfigTrustCwd ?? cwd;
+  const cliOverride = getProjectTrustCliOverride();
+  if (cliOverride !== undefined) return cliOverride;
+  if (!projectConfigExists && !hasProjectTrustInputs(trustCwd)) return true;
+  try {
+    const trustStore = new ProjectTrustStore(agentDir);
+    const trustDecision = trustStore.get(trustCwd);
+    const rootDecision = trustCwd !== cwd ? trustStore.get(cwd) : null;
+    if (trustDecision !== null) return trustDecision;
+    if (rootDecision !== null) return rootDecision;
+  } catch {
+    return false;
+  }
+  return true;
+}
+
+export function getOracleConfigLoadDetails(cwd: string, options?: OracleConfigLoadOptions): OracleConfigLoadDetails {
   const agentDir = getAgentDir();
   const projectRoot = getProjectId(cwd);
   const agentConfigPath = join(agentDir, "extensions", "oracle.json");
   const projectConfigPath = join(projectRoot, ".pi", "extensions", "oracle.json");
+  const projectConfigExists = existsSync(projectConfigPath);
+  const projectConfigTrusted = isProjectConfigTrusted(projectRoot, agentDir, projectConfigExists, options);
+  const projectConfigLoaded = projectConfigExists && projectConfigTrusted;
   return {
     agentDir,
     agentConfigPath,
     agentConfigExists: existsSync(agentConfigPath),
     projectConfigPath,
-    projectConfigExists: existsSync(projectConfigPath),
+    projectConfigExists,
+    projectConfigTrusted,
+    projectConfigLoaded,
+    projectConfigSkippedReason: projectConfigExists && !projectConfigTrusted
+      ? "Project oracle config is ignored because this run used --no-approve or the project has a saved untrusted decision."
+      : undefined,
     effectiveAuthConfigPath: agentConfigPath,
     effectiveAuthScope: "agent",
   };
@@ -341,8 +390,11 @@ export function getOracleConfigLoadDetails(cwd: string): OracleConfigLoadDetails
 
 export function formatOracleAuthConfigRemediation(details: OracleConfigLoadDetails): string {
   const authFields = "auth.chromeProfile / auth.chromeCookiePath / auth.chromiumKeychain";
-  if (!details.projectConfigExists) {
-    return `Set ${authFields} in ${details.effectiveAuthConfigPath}.`;
+  if (!details.projectConfigLoaded) {
+    const projectNote = details.projectConfigSkippedReason
+      ? ` Project config at ${details.projectConfigPath} is present but not loaded because this run explicitly does not trust project-local inputs.`
+      : "";
+    return `Set ${authFields} in ${details.effectiveAuthConfigPath}.${projectNote}`;
   }
   return (
     `Set ${authFields} in ${details.effectiveAuthConfigPath}. ` +
@@ -354,11 +406,13 @@ export function formatOracleAuthConfigSummary(details: OracleConfigLoadDetails):
   const lines = [
     `Effective oracle auth config: ${details.effectiveAuthConfigPath} (agent dir: ${details.agentDir}${details.agentConfigExists ? "" : "; create this file to override auth.*"})`,
   ];
-  if (details.projectConfigExists) {
+  if (details.projectConfigLoaded) {
     lines.push(
       `Project oracle config also loaded: ${details.projectConfigPath} ` +
         `(project scope can override ${[...PROJECT_OVERRIDE_KEYS].join("/")} only; auth.* still comes from ${details.effectiveAuthConfigPath}).`,
     );
+  } else if (details.projectConfigSkippedReason) {
+    lines.push(`Project oracle config present but not loaded: ${details.projectConfigPath}. ${details.projectConfigSkippedReason}`);
   }
   return lines.join("\n");
 }
@@ -665,9 +719,9 @@ function validateOracleConfig(value: unknown): OracleConfig {
   };
 }
 
-export function loadOracleConfig(cwd: string): OracleConfig {
-  const details = getOracleConfigLoadDetails(cwd);
+export function loadOracleConfig(cwd: string, options?: OracleConfigLoadOptions): OracleConfig {
+  const details = getOracleConfigLoadDetails(cwd, options);
   const globalConfig = readJson(details.agentConfigPath);
-  const projectConfig = filterProjectConfig(readJson(details.projectConfigPath));
+  const projectConfig = details.projectConfigLoaded ? filterProjectConfig(readJson(details.projectConfigPath)) : undefined;
   return validateOracleConfig(deepMerge(deepMerge(DEFAULT_CONFIG, globalConfig), projectConfig));
 }

package/extensions/oracle/lib/poller.ts

@@ -5,7 +5,7 @@
 // Invariants/Assumptions: Poller scans are serialized per session key, wake-up delivery is best-effort, and terminal-job notifications always re-read durable job state before send.
 import { existsSync } from "node:fs";
 import type { ExtensionAPI, ExtensionContext } from "@earendil-works/pi-coding-agent";
-import { buildOracleStatusText, buildOracleWakeupNotificationContent } from "../shared/job-observability-helpers.mjs";
+import { buildOracleStatusText, buildOracleWakeupNotificationContent, type OracleReadinessStatus } from "../shared/job-observability-helpers.mjs";
 import { isProcessAlive, readProcessStartedAt } from "../shared/process-helpers.mjs";
 import { isLockTimeoutError, listLeaseMetadata, releaseLease, withGlobalReconcileLock, writeLeaseMetadata } from "./locks.js";
 import {
@@ -46,6 +46,7 @@ interface OraclePollerLifecycle {
 }
 
 const activePollers = new Map<string, OracleActivePoller>();
+const readinessBySession = new Map<string, OracleReadinessStatus>();
 const scansInFlight = new Set<string>();
 const POLLER_LOCK_TIMEOUT_MS = 50;
 const WAKEUP_TARGET_LEASE_KIND = "wakeup-target";
@@ -167,19 +168,31 @@ function getJobCountsForSession(sessionFile: string | undefined, cwd: string): {
 function refreshOracleStatusSnapshot(snapshot: OraclePollerContextSnapshot): void {
   if (!snapshot.hasUI) return;
   if (!snapshot.sessionFile) {
-    snapshot.ui.setStatus("oracle", snapshot.ui.theme.fg("accent", "oracle: unavailable"));
+    snapshot.ui.setStatus("oracle", snapshot.ui.theme.fg("error", "oracle: unavailable"));
     return;
   }
   const counts = getJobCountsForSession(snapshot.sessionFile, snapshot.cwd);
-  const statusText = buildOracleStatusText(counts);
-  const tone = counts.active > 0 ? "success" : "accent";
-  snapshot.ui.setStatus("oracle", snapshot.ui.theme.fg(tone, statusText));
+  const readiness = readinessBySession.get(getPollerSessionKey(snapshot.sessionFile, snapshot.cwd)) ?? "loaded";
+  const statusText = buildOracleStatusText(counts, readiness);
+  if (counts.active > 0) {
+    snapshot.ui.setStatus("oracle", snapshot.ui.theme.fg("success", statusText));
+  } else if (readiness === "auth_needed" || readiness === "config_error") {
+    snapshot.ui.setStatus("oracle", snapshot.ui.theme.fg("error", statusText));
+  } else {
+    snapshot.ui.setStatus("oracle", statusText);
+  }
 }
 
 export function refreshOracleStatus(ctx: ExtensionContext): void {
   refreshOracleStatusSnapshot(snapshotPollerContext(ctx));
 }
 
+export function setOracleReadiness(ctx: ExtensionContext, readiness: OracleReadinessStatus): void {
+  const snapshot = snapshotPollerContext(ctx);
+  if (snapshot.sessionFile) readinessBySession.set(getPollerSessionKey(snapshot.sessionFile, snapshot.cwd), readiness);
+  refreshOracleStatusSnapshot(snapshot);
+}
+
 function requestWakeupTurn(pi: ExtensionAPI, job: OraclePollerJob): void {
   pi.sendMessage(
     {
@@ -412,6 +425,7 @@ export function stopPollerForSession(sessionFile: string | undefined, cwd: strin
     if (handle.timer) clearInterval(handle.timer);
     activePollers.delete(sessionKey);
   }
+  readinessBySession.delete(sessionKey);
   const wakeupTargetLeaseKey = getWakeupTargetLeaseKey(sessionKey);
   void releaseLease(WAKEUP_TARGET_LEASE_KIND, wakeupTargetLeaseKey).catch(() => undefined);
 }
@@ -423,6 +437,7 @@ export async function stopAllPollers(): Promise<void> {
     if (handle.timer) clearInterval(handle.timer);
   }
   activePollers.clear();
+  readinessBySession.clear();
   await Promise.all(handles.map(async (handle) => {
     const wakeupTargetLeaseKey = getWakeupTargetLeaseKey(handle.sessionKey);
     await releaseLease(WAKEUP_TARGET_LEASE_KIND, wakeupTargetLeaseKey).catch(() => undefined);

package/extensions/oracle/lib/runtime.ts

@@ -169,6 +169,10 @@ function unreadableAuthSeedProfileMessage(seedDir: string): string {
   return `Oracle auth seed profile is not readable: ${seedDir}. Fix its permissions or rerun /oracle-auth.`;
 }
 
+function unauthenticatedAuthSeedProfileMessage(seedDir: string): string {
+  return `Oracle auth seed profile exists but is not authenticated: ${seedDir}. Run /oracle-auth to create a verified auth seed before submitting oracle jobs.`;
+}
+
 function missingBrowserExecutableMessage(executablePath: string): string {
   return `Configured oracle browser executable does not exist: ${executablePath}. Fix browser.executablePath or install Chrome there.`;
 }
@@ -315,6 +319,10 @@ export async function assertOracleAuthSeedProfileReady(config: OracleConfig): Pr
   } catch {
     throw new Error(unreadableAuthSeedProfileMessage(seedDir));
   }
+
+  if (!getSeedGeneration(config)) {
+    throw new Error(unauthenticatedAuthSeedProfileMessage(seedDir));
+  }
 }
 
 export async function assertOracleSubmitPrerequisites(config: OracleConfig): Promise<void> {

package/extensions/oracle/lib/tools.ts

@@ -914,6 +914,15 @@ function buildOracleToolErrorDetails(toolName: OracleToolErrorSource, error: unk
     };
   }
 
+  if (message.startsWith("Oracle auth seed profile exists but is not authenticated: ")) {
+    return {
+      code: "auth_seed_profile_unauthenticated",
+      message,
+      rejectedValue: message.replace(/^Oracle auth seed profile exists but is not authenticated: /, "").replace(/\. Run \/oracle-auth.*$/, ""),
+      suggestedNextStep: "Call oracle_auth or run /oracle-auth once to create a verified auth seed, then retry the oracle tool call.",
+    };
+  }
+
   if (message.startsWith("Failed to parse oracle config ") || message.startsWith("Invalid oracle config:") || message.startsWith("Invalid oracle project config:")) {
     return {
       code: "oracle_config_invalid",
@@ -1151,6 +1160,10 @@ function formatOraclePreflightResponse(details: OraclePreflightDetails): string
   ].filter(Boolean).join("\n");
 }
 
+function isProjectTrusted(ctx: ExtensionContext): boolean {
+  return (ctx as { isProjectTrusted?: () => boolean }).isProjectTrusted?.() ?? true;
+}
+
 async function runOraclePreflight(ctx: ExtensionContext, params: { provider?: unknown; followUpJobId?: unknown } = {}): Promise<OraclePreflightDetails> {
   const sessionFile = getSessionFile(ctx);
   if (!hasPersistedSessionFile(sessionFile)) {
@@ -1174,7 +1187,7 @@ async function runOraclePreflight(ctx: ExtensionContext, params: { provider?: un
     if (followUpJobId !== undefined && typeof followUpJobId !== "string") {
       throw new Error("oracle_preflight followUpJobId must be a string");
     }
-    const baseConfig = loadOracleConfig(ctx.cwd);
+    const baseConfig = loadOracleConfig(ctx.cwd, { projectConfigTrusted: isProjectTrusted(ctx) });
     const followUp = resolveFollowUp(followUpJobId, ctx.cwd);
     provider = normalizeOracleProvider(params.provider, followUp.provider ?? baseConfig.defaults.provider, "oracle_preflight");
     if (followUp.provider && provider !== followUp.provider) {
@@ -1202,7 +1215,7 @@ async function runOraclePreflight(ctx: ExtensionContext, params: { provider?: un
       session: { persisted: true, sessionFile },
       config: { ready: true },
       auth: {
-        ready: !["auth_seed_profile_missing", "auth_seed_profile_unreadable", "auth_seed_profile_invalid_type"].includes(errorDetails.code),
+        ready: !["auth_seed_profile_missing", "auth_seed_profile_unreadable", "auth_seed_profile_invalid_type", "auth_seed_profile_unauthenticated"].includes(errorDetails.code),
         seedProfileDir: config.browser.authSeedProfileDir,
       },
       error: errorDetails,
@@ -1264,9 +1277,9 @@ export function registerOracleTools(pi: ExtensionAPI, workerPath: string, authWo
     async execute(_toolCallId, params, _signal, _onUpdate, ctx) {
       try {
         const projectCwd = getProjectId(ctx.cwd);
-        const baseConfig = loadOracleConfig(projectCwd);
+        const baseConfig = loadOracleConfig(projectCwd, { projectConfigTrustCwd: ctx.cwd, projectConfigTrusted: isProjectTrusted(ctx) });
         const provider = normalizeOracleProvider(params.provider, baseConfig.defaults.provider, "oracle_auth");
-        const message = await runOracleAuthBootstrap(authWorkerPath, projectCwd, provider);
+        const message = await runOracleAuthBootstrap(authWorkerPath, projectCwd, provider, { projectConfigTrustCwd: ctx.cwd, projectConfigTrusted: isProjectTrusted(ctx) });
         return {
           content: [{ type: "text" as const, text: message }],
           details: {
@@ -1311,7 +1324,7 @@ export function registerOracleTools(pi: ExtensionAPI, workerPath: string, authWo
     async execute(_toolCallId, params, _signal, _onUpdate, ctx) {
       try {
         const projectCwd = getProjectId(ctx.cwd);
-        const baseConfig = loadOracleConfig(projectCwd);
+        const baseConfig = loadOracleConfig(projectCwd, { projectConfigTrustCwd: ctx.cwd, projectConfigTrusted: isProjectTrusted(ctx) });
         const originSessionFile = requirePersistedSessionFile(getSessionFile(ctx), "submit oracle jobs");
         const projectId = getProjectId(projectCwd);
         const sessionId = getSessionId(originSessionFile, projectId);

package/extensions/oracle/shared/browser-profile-helpers.d.mts

@@ -10,6 +10,12 @@ export interface ExecutableSearchOptions {
   pathDelimiter?: string;
 }
 
+export interface KnownBrowserUserDataPathMatchDetails {
+  root: string;
+  source: "knownBrowserUserDataDir" | "auth.chromeCookiePath" | "auth.chromeProfile" | "extraProtectedPath";
+  configuredPath?: string;
+}
+
 export const SWEET_COOKIE_SAFE_STORAGE_PASSWORD_ENV_NAMES: readonly [
   "SWEET_COOKIE_CHROME_SAFE_STORAGE_PASSWORD",
   "SWEET_COOKIE_BRAVE_SAFE_STORAGE_PASSWORD",
@@ -40,6 +46,15 @@ export function knownBrowserUserDataPathMatch(
     cookieSources?: { chromeProfile?: string; chromeCookiePath?: string };
   },
 ): string | undefined;
+export function knownBrowserUserDataPathMatchDetails(
+  pathValue: string,
+  options?: BrowserPathOptions & {
+    platform?: OraclePlatform;
+    includeUnsupported?: boolean;
+    extraProtectedPaths?: string[];
+    cookieSources?: { chromeProfile?: string; chromeCookiePath?: string };
+  },
+): KnownBrowserUserDataPathMatchDetails | undefined;
 export function assertNotKnownBrowserUserDataPath(
   pathValue: string,
   label: string,

package/extensions/oracle/shared/browser-profile-helpers.mjs

@@ -224,23 +224,40 @@ function protectedPathsForCookieDb(cookiePath) {
  * @returns {string[]}
  */
 export function protectedCookieSourcePaths(cookieSources) {
+  return protectedCookieSourcePathEntries(cookieSources).map((entry) => entry.path);
+}
+
+function protectedCookieSourcePathEntries(cookieSources) {
   if (!cookieSources) return [];
   const roots = [];
   const cookiePath = typeof cookieSources.chromeCookiePath === "string" && cookieSources.chromeCookiePath.trim()
     ? cookieSources.chromeCookiePath.trim()
     : undefined;
-  if (cookiePath) roots.push(...protectedPathsForCookieDb(cookiePath));
+  if (cookiePath) {
+    roots.push(...protectedPathsForCookieDb(cookiePath).map((path) => ({ path, source: "auth.chromeCookiePath", configuredPath: cookiePath })));
+  }
 
   const profile = typeof cookieSources.chromeProfile === "string" && cookieSources.chromeProfile.trim()
     ? cookieSources.chromeProfile.trim()
     : undefined;
   if (profile && looksLikeFilesystemPath(profile)) {
     const normalizedProfile = normalizedAbsolutePath(profile);
-    if (isCookiesDbPath(normalizedProfile)) roots.push(...protectedPathsForCookieDb(normalizedProfile));
-    else roots.push(normalizedProfile, dirname(normalizedProfile));
+    if (isCookiesDbPath(normalizedProfile)) {
+      roots.push(...protectedPathsForCookieDb(normalizedProfile).map((path) => ({ path, source: "auth.chromeProfile", configuredPath: profile })));
+    } else {
+      roots.push({ path: normalizedProfile, source: "auth.chromeProfile", configuredPath: profile }, { path: dirname(normalizedProfile), source: "auth.chromeProfile", configuredPath: profile });
+    }
   }
 
-  return [...new Set(roots.map((root) => normalize(root)))];
+  const seen = new Set();
+  return roots
+    .map((root) => ({ ...root, path: normalize(root.path) }))
+    .filter((root) => {
+      const key = `${root.path}\0${root.source}\0${root.configuredPath}`;
+      if (seen.has(key)) return false;
+      seen.add(key);
+      return true;
+    });
 }
 
 /**
@@ -249,19 +266,24 @@ export function protectedCookieSourcePaths(cookieSources) {
  * @returns {string | undefined}
  */
 export function knownBrowserUserDataPathMatch(pathValue, options = {}) {
+  return knownBrowserUserDataPathMatchDetails(pathValue, options)?.root;
+}
+
+export function knownBrowserUserDataPathMatchDetails(pathValue, options = {}) {
   const platform = options.platform ?? process.platform;
   const normalizedPath = normalizedAbsolutePath(pathValue, options);
   const resolvedPath = resolvePathThroughExistingAncestorsSync(normalizedPath);
   const roots = [
-    ...browserUserDataDirsForPlatform(platform, { ...options, includeUnsupported: options.includeUnsupported ?? true }),
-    ...protectedCookieSourcePaths(options.cookieSources),
-    ...((options.extraProtectedPaths ?? [])),
+    ...browserUserDataDirsForPlatform(platform, { ...options, includeUnsupported: options.includeUnsupported ?? true })
+      .map((path) => ({ path, source: "knownBrowserUserDataDir" })),
+    ...protectedCookieSourcePathEntries(options.cookieSources),
+    ...((options.extraProtectedPaths ?? [])).map((path) => ({ path, source: "extraProtectedPath" })),
   ];
   for (const root of roots) {
-    const normalizedRoot = normalizedAbsolutePath(root, options);
-    if (pathInsideOrEqual(normalizedPath, normalizedRoot)) return normalizedRoot;
+    const normalizedRoot = normalizedAbsolutePath(root.path, options);
+    if (pathInsideOrEqual(normalizedPath, normalizedRoot)) return { root: normalizedRoot, source: root.source, configuredPath: root.configuredPath };
     const resolvedRoot = resolvePathThroughExistingAncestorsSync(normalizedRoot) ?? normalizedRoot;
-    if (resolvedPath && pathInsideOrEqual(resolvedPath, resolvedRoot)) return resolvedRoot;
+    if (resolvedPath && pathInsideOrEqual(resolvedPath, resolvedRoot)) return { root: resolvedRoot, source: root.source, configuredPath: root.configuredPath };
   }
   return undefined;
 }
@@ -273,10 +295,12 @@ export function knownBrowserUserDataPathMatch(pathValue, options = {}) {
  * @returns {void}
  */
 export function assertNotKnownBrowserUserDataPath(pathValue, label, options = {}) {
-  const match = knownBrowserUserDataPathMatch(pathValue, options);
-  if (match) {
-    throw new Error(`${label} must not point into a real browser user-data directory (${match}): ${pathValue}`);
+  const match = knownBrowserUserDataPathMatchDetails(pathValue, options);
+  if (!match) return;
+  if (match.source === "auth.chromeCookiePath" || match.source === "auth.chromeProfile") {
+    throw new Error(`${label} is inside the browser profile root inferred from ${match.source} (${match.configuredPath} -> ${match.root}): ${pathValue}`);
   }
+  throw new Error(`${label} must not point into a real browser user-data directory (${match.root}): ${pathValue}`);
 }
 
 /**

package/extensions/oracle/shared/job-observability-helpers.d.mts

@@ -62,6 +62,8 @@ export interface OracleStatusCounts {
   queued: number;
 }
 
+export type OracleReadinessStatus = "unavailable" | "loaded" | "auth_needed" | "config_error" | "ready";
+
 export declare function formatBytes(bytes: number): string;
 export declare function formatOracleLifecycleEvent(event: OracleJobLifecycleEvent | undefined): string | undefined;
 export declare function formatOracleCancelOutcome(job: { id: string; status: string }): string;
@@ -71,4 +73,4 @@ export declare function buildOracleWakeupNotificationContent(
   options?: { responsePath?: string; responseAvailable?: boolean; artifactsPath?: string },
 ): string;
 export declare function formatOracleSubmitResponse(job: OracleJobSummaryLike & { promptPath: string; archivePath: string }, options: OracleSubmitResponseOptions): string;
-export declare function buildOracleStatusText(counts: OracleStatusCounts): string;
+export declare function buildOracleStatusText(counts: OracleStatusCounts, readiness?: OracleReadinessStatus): string;

package/extensions/oracle/shared/job-observability-helpers.mjs

@@ -254,19 +254,28 @@ export function formatOracleSubmitResponse(job, options) {
 
 /**
  * @param {OracleStatusCounts} counts
+ * @param {"unavailable" | "loaded" | "auth_needed" | "config_error" | "ready"} [readiness]
  * @returns {string}
  */
-export function buildOracleStatusText(counts) {
+export function buildOracleStatusText(counts, readiness = "loaded") {
+  const readinessText = {
+    unavailable: "unavailable",
+    loaded: "loaded",
+    auth_needed: "auth needed",
+    config_error: "config error",
+    ready: "ready",
+  }[readiness] ?? "loaded";
+  const readinessSuffix = readiness === "ready" ? "" : `, ${readinessText}`;
   if (counts.active > 0 && counts.queued > 0) {
-    return `oracle: running (${counts.active}), queued (${counts.queued})`;
+    return `oracle: running (${counts.active}), queued (${counts.queued})${readinessSuffix}`;
   }
   if (counts.active > 0) {
     const suffix = counts.active > 1 ? ` (${counts.active})` : "";
-    return `oracle: running${suffix}`;
+    return `oracle: running${suffix}${readinessSuffix}`;
   }
   if (counts.queued > 0) {
     const suffix = counts.queued > 1 ? ` (${counts.queued})` : "";
-    return `oracle: queued${suffix}`;
+    return `oracle: queued${suffix}${readinessSuffix}`;
   }
-  return "oracle: ready";
+  return `oracle: ${readinessText}`;
 }

package/extensions/oracle/worker/chatgpt-flow-helpers.d.mts

@@ -3,9 +3,18 @@ export interface OracleStableValueState {
   stableCount: number;
 }
 
+export interface OracleSendAcceptanceState {
+  url?: string;
+  urlKnown?: boolean;
+  assistantCount?: number;
+  stopStreaming?: boolean;
+}
+
 export declare function assistantSnapshotSlice(snapshot: string, composerLabel: string, responseIndex: number): string | undefined;
 export declare function stripUrlQueryAndHash(url: string | undefined): string;
 export declare function isConversationPathUrl(url: string): boolean;
+export declare function conversationIdFromUrl(url: string | undefined): string | undefined;
+export declare function providerSendAccepted(before: OracleSendAcceptanceState, after: OracleSendAcceptanceState): boolean;
 export declare function resolveStableConversationUrlCandidate(url: string, previousChatUrl?: string): string | undefined;
 export declare function nextStableValueState(
   state: Partial<OracleStableValueState> | undefined,

package/extensions/oracle/worker/chatgpt-flow-helpers.mjs

@@ -5,6 +5,7 @@
 // Invariants/Assumptions: Snapshot text comes from agent-browser `snapshot -i`; URL inputs may be malformed and must fail safely.
 
 /** @typedef {import("./chatgpt-flow-helpers.d.mts").OracleStableValueState} OracleStableValueState */
+/** @typedef {import("./chatgpt-flow-helpers.d.mts").OracleSendAcceptanceState} OracleSendAcceptanceState */
 
 /**
  * @param {string} snapshot
@@ -52,13 +53,39 @@ export function stripUrlQueryAndHash(url) {
  * @returns {boolean}
  */
 export function isConversationPathUrl(url) {
+  return Boolean(conversationIdFromUrl(url));
+}
+
+/**
+ * @param {string | undefined} url
+ * @returns {string | undefined}
+ */
+export function conversationIdFromUrl(url) {
+  if (typeof url !== "string" || !url.trim()) return undefined;
   try {
-    return /\/(?:c|chat)\/[A-Za-z0-9-]+$/i.test(new URL(url).pathname);
+    const match = new URL(url).pathname.match(/\/(?:c|chat)\/([A-Za-z0-9-]+)$/i);
+    return match?.[1];
   } catch {
-    return false;
+    return undefined;
   }
 }
 
+/**
+ * @param {OracleSendAcceptanceState} before
+ * @param {OracleSendAcceptanceState} after
+ * @returns {boolean}
+ */
+export function providerSendAccepted(before, after) {
+  const beforeUrlKnown = before.urlKnown !== false;
+  const afterUrlKnown = after.urlKnown !== false;
+  const beforeConversationId = beforeUrlKnown ? conversationIdFromUrl(before.url) : undefined;
+  const afterConversationId = afterUrlKnown ? conversationIdFromUrl(after.url) : undefined;
+  if (beforeUrlKnown && afterUrlKnown && afterConversationId && afterConversationId !== beforeConversationId) return true;
+  if ((after.assistantCount ?? 0) > (before.assistantCount ?? 0)) return true;
+  if (after.stopStreaming === true && before.stopStreaming !== true) return true;
+  return false;
+}
+
 /**
  * @param {string} url
  * @param {string | undefined} previousChatUrl

package/extensions/oracle/worker/chatgpt-ui-helpers.d.mts

@@ -10,6 +10,7 @@ export interface OracleUiSelection {
 export declare const CHATGPT_CANONICAL_APP_ORIGINS: readonly string[];
 
 export declare function buildAllowedChatGptOrigins(chatUrl: string, authUrl?: string): string[];
+export declare function stripChatGptResponseChrome(value: string | undefined): string;
 export declare function matchesModelFamilyLabel(label: string | undefined, family: OracleUiModelFamily): boolean;
 export declare function matchesRequestedModelControlLabel(label: string | undefined, selection: OracleUiSelection): boolean;
 export declare function matchesCompactIntelligenceOpenerLabel(label: string | undefined): boolean;