legion-llm 0.8.3 → 0.8.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c8ff10b22b14b6f2f66715088e5388a5d80101a057ab615998828054b2ead6fb
-  data.tar.gz: 0a0ea80f6dac4998b2c22a5a3d6dae18a60b6ebc4253e3de13e08b2d1123671e
+  metadata.gz: 1106f652c69b801af983117b4fc97f6bf547dc4d63f1b1df12eb6f1adb6d51d2
+  data.tar.gz: '00593f91f0467fd63e5a8867017033da483bf0abc4fcfa26641fe97fd66c3674'
 SHA512:
-  metadata.gz: 34b6c658c5faeb980cd84b2db23a745b1a67ba1121ed9b8aa4bb6dfc3922a5a0a87757175181c1006f7a04b14e268c2522ab252da122203e2a85d368ec6f67a4
-  data.tar.gz: d9c86214be062eb4f197e4a94f8302e35c960cda50ec754c532aac7adb92abed03b6454f72079048cdd543cff2b71591e59e00396aafe6dd2df8b2efcfa9bfac
+  metadata.gz: 30c59046ad40659fa02f3bde8db8807b3a9c3b718365dc1be5d92ca01c9cb84e593c4bcab5027f12a591ee12c3f21671ae3695573f5e85b3c5e9d8b7b1ebf74b
+  data.tar.gz: 91368ea195a58f8321cca378febcca27a96685a6a1fe78ac432be88731ee03a4ca050b1782f8d1f24da6045b5f136ea070ee14fd4dbb2eb28e23c8db63f28174

data/CHANGELOG.md

@@ -1,5 +1,118 @@
 # Legion LLM Changelog
 
+## [0.8.18] - 2026-04-22
+
+### Fixed
+- API caller identity no longer hardcoded as `api:inference`. The inference route now resolves the actual user via `env['legion.principal']` (from Identity::Middleware), `Legion::Identity::Process` (LDAP/Kerberos), or OS username (with email domain stripped). Adds `username` and `hostname` to the `requested_by` hash in audit trails.
+
+## [0.8.17] - 2026-04-22
+
+### Added
+- Audit events now include `system_prompt` (full text sent to provider), `injected_tools` (list of tool names injected), and `identity` (extracted user identity from caller).
+
+### Fixed
+- `tokens` field in audit events was serialized as a `#<data ...>` inspect string instead of a proper hash. Now calls `.to_h` on Data.define objects.
+- `enrichments` in audit events now compacted: array values (e.g. GAIA valence history) reduced to their last element.
+- `timeline` in audit events filtered to only provider, escalation, and tool execution events — diagnostic trace entries (tracing:init, rbac, context:stored, etc.) are stripped.
+
+## [0.8.16] - 2026-04-22
+
+### Fixed
+- `RubyLLM::BadRequestError` (HTTP 400) and `RubyLLM::ContextLengthExceededError` now trigger the provider fallback-retry chain instead of bubbling up as unhandled 500s. Both `run_provider_call_single` and `step_provider_call_stream` retry on the next available provider before giving up.
+- Resolved provider/model is now logged (`log.info`) in `step_routing` so provider errors can be diagnosed from daemon logs without relying on SSE done events.
+
+### Changed
+- Extracted `try_fallback_or_raise` helper from duplicated retry logic in both rescue chains, reducing the auth/bad-request/context-overflow fallback pattern to a single call each.
+
+## [0.8.15] - 2026-04-22
+
+### Changed
+- **5-tier routing model**: restructured from 3 tiers (local/fleet/cloud) to 5 tiers (local/fleet/openai_compat/cloud/frontier). Anthropic and OpenAI are now `:frontier` (direct API); Bedrock, Azure, Gemini are `:cloud` (managed providers). New `:openai_compat` tier for user-configured OpenAI-spec gateways.
+- `Resolution`: added `frontier?`, `openai_compat?`, and `external?` predicates.
+- `TierAssigner`: `user:*` and critical/high priority requests route to `:frontier` instead of `:cloud`.
+- `GatewayInterceptor`: intercepts both `:cloud` and `:frontier` tiers, preserving original tier.
+- Privacy enforcement (`assert_external_allowed!`) blocks all external tiers (cloud + frontier + openai_compat), not just cloud. `never_cloud` constraint now blocks both `:cloud` and `:frontier`. New `never_external` constraint blocks all three external tiers.
+- `resolve_chain` fallback defaults changed from `:cloud`/`:bedrock` to `:frontier`/`:anthropic`.
+
+## [0.8.13] - 2026-04-22
+
+### Fixed
+- Escalation loop now feeds `Router.health_tracker` with an `:error` signal on every failure so the circuit breaker trips when a provider is consistently down — auth failures, rate limits, and general errors all count.
+- `AuthError` and `PrivacyModeError` in escalation are logged with `handled: true` so they appear in logs as gracefully-handled failures rather than uncaught exceptions.
+- `RateLimitError` in escalation is handled the same way (was previously re-raised, aborting the entire chain).
+- Extracted `attempt_escalation` and `record_escalation_failure` from `run_provider_call_with_escalation` to keep the method within Rubocop length limits and make each responsibility clear.
+
+### Changed
+- `CodexConfigLoader`: refactored to extract `read_config` helper (eliminates duplicate file-exist checks in `load` and `read_token`); added `read_openai_api_key` and `read_openai_credential` accessors for the multi-source credential probing chain.
+
+## [0.8.12] - 2026-04-22
+
+### Changed
+- `ClaudeConfigLoader`: `settings_path` and `config_path` are now read from `Legion::LLM.settings.dig(:claude_cli, ...)` instead of hardcoded constants, making both paths configurable. `SECRET_URI_PATTERN` remains a constant — it's a protocol definition, not a runtime knob. Corresponding settings keys added to `Legion::LLM::Settings.claude_cli_defaults`.
+
+## [0.8.11] - 2026-04-22
+
+### Added
+- Multi-source credential detection for all providers: `credential_available_for?` checks resolved env vars, not raw `env://` URI strings, so providers aren't falsely auto-enabled when the env var is unset.
+- `probe_provider_credentials`: when multiple API keys exist for a provider (e.g. both `OPENAI_API_KEY` and `CODEX_API_KEY`), each candidate is tested in order and the first working key is committed; provider is disabled if all fail.
+- `probe_via_model_list`: uses `RubyLLM::Provider.list_models` (a cheap GET with no token cost) to validate credentials before falling back to a lightweight chat probe.
+- `recover_openai_with_codex`: automatically attempts Codex bearer-token fallback when all direct OpenAI keys fail.
+
+### Fixed
+- `configure_bedrock`/`configure_anthropic`/`configure_openai`: use `resolve_setting_reference` to unwrap `env://` placeholders before passing to RubyLLM config, preventing "key not found" errors when env var is absent.
+- `ClaudeConfigLoader.apply_api_keys`: removed early-return pattern that prevented Bedrock bearer token import from running when no OpenAI key was found.
+
+## [0.8.10] - 2026-04-22
+
+### Changed
+- `compliance_defaults`: `classification_scan` and `encrypt_audit` default to `false`; classification is opt-in, audit encryption is opt-in.
+- `tool_trigger_defaults`: `scan_depth` raised to `10` (was `2`), `tool_limit` raised to `50` (was `10`).
+- `trigger_match.rb`: hardcoded `|| 2` fallback updated to `|| 10` to match new setting default.
+
+## [0.8.9] - 2026-04-22
+
+### Fixed
+- Classification spec: wholesale `Legion::Settings[:llm] = {...}` replacements converted to key-level writes (`[:llm][:default_provider] = :x`) to prevent wiping sibling settings.
+- Audit `encrypt?` specs: updated to test toggle behavior (`false` by default, `true` when `encrypt_audit` setting is enabled) instead of expecting always-on.
+- Trigger match spec: updated scan_depth expectation and before-block to match new defaults.
+
+## [0.8.8] - 2026-04-22
+
+### Changed
+- `Legion::LLM.settings` now calls `Legion::Settings[:llm]` directly — dead `const_defined?('Settings')` branch and `Settings.default` fallback removed. No explicit `require 'legion/settings'` is needed in `llm.rb` because `legion-settings` is a gemspec dependency and is always activated by Bundler before `legion-llm` is required.
+- `settings.rb` bootstrap call simplified from a guarded `begin/rescue` block to a direct `Legion::Settings.merge_settings(...)` call for the same reason.
+
+## [0.8.7] - 2026-04-22
+
+### Changed
+- Eliminated scattered constants and duplicate settings files across the codebase:
+  - `Skills::Settings` module deleted — defaults moved into `Legion::LLM::Settings.skills_defaults`; `Skills.start` no longer calls `Settings.apply` (merge happens at load time via the standard settings bootstrap)
+  - `Fleet::Dispatcher` `DEFAULT_TIMEOUT`/`TIMEOUTS` constants removed — `resolve_timeout` now reads directly from `Legion::LLM.settings.dig(:routing, :tiers, :fleet, :timeouts, ...)`; dead `defined?(Legion::Settings)` guard removed
+  - `Call::Embeddings` `PROVIDER_EMBEDDING_MODELS`, `TARGET_DIMENSION`, `OLLAMA_CONTEXT_CHARS`, `OLLAMA_DEFAULT_CONTEXT_CHARS`, `PREFIX_REGISTRY` constants removed — replaced with `target_dimension`/`embedding_settings` helpers reading from `settings[:embedding]`; `embedding_settings` corrected to use `Legion::LLM.settings` instead of bare `Legion::Settings.dig(:llm, :embedding)`
+  - `Cache::Response` `DEFAULT_TTL`, `SPOOL_THRESHOLD`, `SPOOL_DIR` constants removed — replaced with private `default_ttl`/`spool_threshold`/`spool_dir` helpers reading from `settings[:prompt_caching][:response_cache]`
+- `Settings.embedding_defaults` expanded: added `anthropic`/`gemini` to `provider_models`, added `ollama_context_chars`, `ollama_default_context_chars`, `prefix_registry`
+- `Settings.prompt_caching_defaults.response_cache` gains `spool_threshold_bytes: 8MB`
+
+## [0.8.6] - 2026-04-22
+
+### Changed
+- `Legion::LLM::Settings` is now the canonical module — content moved from `Legion::LLM::Config::Settings` directly into `lib/legion/llm/settings.rb`. The `Config::Settings` indirection and `lib/legion/llm/config/settings.rb` are removed. `service.rb` and any external callers using `Legion::LLM::Settings.default` continue to work unchanged.
+
+## [0.8.5] - 2026-04-22
+
+### Fixed
+- All compliance settings now have explicit defaults defined in `Config::Settings.compliance_defaults` (merged under `llm.compliance`): `classification_scan`, `encrypt_audit`, `phi_block_cloud`, `cloud_providers`, `redact_pii`, `redaction_placeholder`, `strict_hipaa`, `default_level`. Previously these keys were read via `dig` with no guaranteed defaults.
+- `Steps::Classification` now reads compliance settings via `Legion::LLM.settings.dig(:compliance, ...)` (consistent with all other llm settings) instead of bare `Legion::Settings.dig(:compliance, ...)` which targeted the wrong path.
+- Removed dead `defined?(Legion::Settings)` guards in `Steps::Classification` — `legion-settings` is a hard dependency and is always present.
+
+## [0.8.4] - 2026-04-22
+
+### Fixed
+- `Inference::Executor` now normalizes content-blocks arrays (`[{type: "text", text: "..."}]`) to a plain string before passing to `session.ask`. Previously the raw array was forwarded to RubyLLM, which serialized it as `{ type: 'text', text: [{...}] }` — an invalid Anthropic API payload causing HTTP 400 on every request when the Interlink sends structured content blocks.
+
+### Added
+- Audit encryption is now configurable: set `llm.compliance.encrypt_audit: true` in settings to encrypt payloads on the `llm.audit` exchange. Defaults to `false` (plaintext). Applies to `PromptEvent`, `ToolEvent`, and `SkillEvent`.
+
 ## [0.8.3] - 2026-04-22
 
 ### Fixed

data/CLAUDE.md

@@ -186,21 +186,27 @@ Note: Backward-compat aliases live in lib/legion/llm/compat.rb (const_missing-ba
 
 ### Routing Architecture
 
-Three-tier dispatch model. Local-first avoids unnecessary network hops; fleet offloads to shared hardware via Transport; cloud is the fallback for frontier models.
+Five-tier dispatch model. Local-first avoids unnecessary network hops; fleet offloads to shared hardware via Transport; openai_compat routes to user-configured gateways; cloud handles managed cloud providers; frontier is the fallback for direct frontier model providers.
 
 ```
-┌─────────────────────────────────────────────────────────┐
-│              Legion::LLM Router (per-node)               │
-│                                                          │
-│  Tier 1: LOCAL  → Ollama on this machine (direct HTTP)   │
-│          Zero network overhead, no Transport              │
-│                                                          │
-│  Tier 2: FLEET  → Ollama on Mac Studios / GPU servers    │
-│          Via Fleet::Dispatcher RPC over AMQP             │
-│                                                          │
-│  Tier 3: CLOUD  → Bedrock / Anthropic / OpenAI / Gemini │
-│          Existing provider API calls                     │
-└─────────────────────────────────────────────────────────┘
+┌──────────────────────────────────────────────────────────────┐
+│               Legion::LLM Router (per-node)                   │
+│                                                               │
+│  Tier 1: LOCAL        → Ollama on this machine (direct HTTP)  │
+│          Zero network overhead, no Transport                   │
+│                                                               │
+│  Tier 2: FLEET        → Ollama on Mac Studios / GPU servers   │
+│          Via Fleet::Dispatcher RPC over AMQP                  │
+│                                                               │
+│  Tier 3: OPENAI_COMPAT → User-configured OpenAI-spec gateways│
+│          UAIS, Kong AI, custom endpoints                      │
+│                                                               │
+│  Tier 4: CLOUD        → Bedrock, Azure, Gemini/Vertex AI     │
+│          Managed cloud provider API calls                     │
+│                                                               │
+│  Tier 5: FRONTIER     → Anthropic, OpenAI direct              │
+│          Direct API calls to frontier model providers          │
+└──────────────────────────────────────────────────────────────┘
 ```
 
 ### Routing Resolution Flow
@@ -392,9 +398,12 @@ Nested under `Legion::Settings[:llm][:routing]`:
 |-----|------|---------|-------------|
 | `enabled` | Boolean | `false` | Enable routing (opt-in) |
 | `default_intent` | Hash | `{ privacy: 'normal', capability: 'moderate', cost: 'normal' }` | Defaults merged into every intent |
+| `tier_priority` | Array | `%w[local fleet openai_compat cloud frontier]` | Ordered tier preference for routing |
 | `tiers.local` | Hash | `{ provider: 'ollama' }` | Local tier config |
 | `tiers.fleet` | Hash | `{ queue: 'llm.inference', timeout_seconds: 30 }` | Fleet tier config |
-| `tiers.cloud` | Hash | `{ providers: ['bedrock', 'anthropic'] }` | Cloud tier config |
+| `tiers.openai_compat` | Hash | `{ gateways: [] }` | User-configured OpenAI-compatible gateways |
+| `tiers.cloud` | Hash | `{ providers: ['bedrock', 'azure', 'gemini'] }` | Managed cloud provider API calls |
+| `tiers.frontier` | Hash | `{ providers: ['anthropic', 'openai'] }` | Direct API frontier providers |
 | `health.window_seconds` | Integer | `300` | Rolling window for latency tracking |
 | `health.circuit_breaker.failure_threshold` | Integer | `3` | Consecutive failures before circuit opens |
 | `health.circuit_breaker.cooldown_seconds` | Integer | `60` | Seconds before circuit transitions to half_open |
@@ -426,7 +435,7 @@ Each rule is a hash with:
 
 | Dimension | Values | Default | Effect |
 |-----------|--------|---------|--------|
-| `privacy` | `:strict`, `:normal` | `:normal` | `:strict` -> never cloud (via `never_cloud` constraint rules) |
+| `privacy` | `:strict`, `:normal` | `:normal` | `:strict` -> never external (via `never_external` constraint rules, blocks cloud + frontier + openai_compat) |
 | `capability` | `:basic`, `:moderate`, `:reasoning` | `:moderate` | Higher prefers larger/cloud models |
 | `cost` | `:minimize`, `:normal` | `:normal` | `:minimize` prefers local/fleet |
 

data/lib/legion/llm/api/native/helpers.rb

@@ -326,6 +326,58 @@ module Legion
                 end
               end
 
+              define_method(:resolve_caller_identity) do |rack_env|
+                return rack_env['legion.tenant_id'] if rack_env['legion.tenant_id']
+
+                kerb = begin
+                  Legion::Settings.dig(:kerberos, :username)
+                rescue StandardError
+                  nil
+                end
+                return "user:#{kerb}" if kerb.is_a?(String) && !kerb.empty?
+
+                principal = rack_env['legion.principal']
+                return "user:#{principal.canonical_name}" if principal.respond_to?(:canonical_name) && principal.canonical_name != 'system'
+
+                if defined?(Legion::Identity::Process)
+                  name = Legion::Identity::Process.canonical_name
+                  return "user:#{name}" if name && name != 'anonymous'
+                end
+
+                raw = ENV.fetch('USER', nil) || ENV.fetch('LOGNAME', nil) || 'anonymous'
+                username = raw.include?('@') ? raw.split('@').first : raw
+                "user:#{username}"
+              end
+
+              define_method(:resolve_requested_by) do |rack_env, identity_string|
+                hostname = begin
+                  Legion::Settings[:client][:hostname]
+                rescue StandardError
+                  Socket.gethostname
+                end
+                username = identity_string.delete_prefix('user:')
+
+                kerb = begin
+                  Legion::Settings.dig(:kerberos, :username)
+                rescue StandardError
+                  nil
+                end
+                if kerb.is_a?(String) && !kerb.empty?
+                  return { identity: identity_string, type: :user, credential: :kerberos,
+                           username: kerb, hostname: hostname }
+                end
+
+                principal = rack_env['legion.principal']
+                if principal.respond_to?(:canonical_name) && principal.canonical_name != 'system'
+                  return { identity: identity_string, type: principal.kind || :user,
+                           credential: principal.source || :local,
+                           username: principal.canonical_name, hostname: hostname }
+                end
+
+                { identity: identity_string, type: :user, credential: :local,
+                  username: username, hostname: hostname }
+              end
+
               define_method(:token_value) do |tokens, key|
                 return nil if tokens.nil?
                 return tokens[key] || tokens[key.to_s] if tokens.is_a?(Hash)

data/lib/legion/llm/api/native/inference.rb

@@ -42,7 +42,7 @@ module Legion
               tools = raw_tools || []
               validate_tools!(tools) unless tools.empty?
 
-              caller_identity = env['legion.tenant_id'] || 'api:inference'
+              caller_identity = resolve_caller_identity(env)
               last_user = messages.select { |m| (m[:role] || m['role']).to_s == 'user' }.last
               prompt    = (last_user || {})[:content] || (last_user || {})['content'] || ''
 
@@ -79,7 +79,7 @@ module Legion
               server_caller_fields = {
                 source:       'api',
                 path:         request.path,
-                requested_by: { identity: caller_identity, type: :user, credential: :api }
+                requested_by: resolve_requested_by(env, caller_identity)
               }
               effective_caller = server_caller_fields.merge(safe_caller_fields)
               caller_summary = [effective_caller[:source], effective_caller[:path]].compact.join(':')

data/lib/legion/llm/cache/response.rb

@@ -10,28 +10,21 @@ module Legion
       module Response
         extend Legion::Logging::Helper
 
-        DEFAULT_TTL      = 300
-        SPOOL_THRESHOLD  = 8 * 1024 * 1024 # 8 MB
-        SPOOL_DIR        = File.expand_path('~/.legionio/data/spool/llm_responses').freeze
-
         module_function
 
-        # Sets status to :pending for a new request.
-        def init_request(request_id, ttl: DEFAULT_TTL)
+        def init_request(request_id, ttl: default_ttl)
           cache_set(status_key(request_id), 'pending', ttl)
         end
 
-        # Writes response, meta, and marks status as :done.
-        def complete(request_id, response:, meta:, ttl: DEFAULT_TTL)
+        def complete(request_id, response:, meta:, ttl: default_ttl)
           write_response(request_id, response, ttl)
-          cache_set(meta_key(request_id), ::JSON.dump(meta), ttl)
+          cache_set(meta_key(request_id), Legion::JSON.dump(meta), ttl)
           cache_set(status_key(request_id), 'done', ttl)
         end
 
-        # Writes error details and marks status as :error.
-        def fail_request(request_id, code:, message:, ttl: DEFAULT_TTL)
+        def fail_request(request_id, code:, message:, ttl: default_ttl)
           log.warn("ResponseCache fail_request request_id=#{request_id} code=#{code} message=#{message}")
-          payload = ::JSON.dump({ code: code, message: message })
+          payload = Legion::JSON.dump({ code: code, message: message })
           cache_set(error_key(request_id), payload, ttl)
           cache_set(status_key(request_id), 'error', ttl)
         end
@@ -67,9 +60,7 @@ module Legion
           ::JSON.parse(raw, symbolize_names: true)
         end
 
-        # Blocking poll. Returns { status: :done, response:, meta: },
-        # { status: :error, error: }, or { status: :timeout }.
-        def poll(request_id, timeout: DEFAULT_TTL, interval: 0.1)
+        def poll(request_id, timeout: default_ttl, interval: 0.1)
           deadline = ::Process.clock_gettime(::Process::CLOCK_MONOTONIC) + timeout
 
           loop do
@@ -124,18 +115,21 @@ module Legion
           Legion::Cache.set(key, value, ttl)
         end
 
-        private_class_method def self.spool_dir
-          configured = if defined?(Legion::Settings) && Legion::Settings.respond_to?(:dig)
-                         Legion::Settings.dig(:llm, :prompt_caching, :response_cache, :spool_dir)
-                       end
-          configured = configured.to_s.strip
-          return SPOOL_DIR if configured.empty?
+        private_class_method def self.default_ttl
+          Legion::LLM.settings.dig(:prompt_caching, :response_cache, :ttl_seconds) || 300
+        end
 
-          File.expand_path(configured)
+        private_class_method def self.spool_threshold
+          Legion::LLM.settings.dig(:prompt_caching, :response_cache, :spool_threshold_bytes) || (8 * 1024 * 1024)
+        end
+
+        private_class_method def self.spool_dir
+          configured = Legion::LLM.settings.dig(:prompt_caching, :response_cache, :spool_dir).to_s.strip
+          configured.empty? ? File.expand_path('~/.legionio/data/spool/llm_responses') : File.expand_path(configured)
         end
 
         private_class_method def self.write_response(request_id, response_text, ttl)
-          if response_text.bytesize > SPOOL_THRESHOLD
+          if response_text.bytesize > spool_threshold
             log.warn("ResponseCache spool overflow request_id=#{request_id} bytes=#{response_text.bytesize}")
             FileUtils.mkdir_p(spool_dir)
             path = File.join(spool_dir, "#{request_id}.txt")

data/lib/legion/llm/call/claude_config_loader.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'json'
+
 require 'legion/logging/helper'
 module Legion
   module LLM
@@ -7,28 +9,79 @@ module Legion
       module ClaudeConfigLoader
         extend Legion::Logging::Helper
 
-        CLAUDE_SETTINGS = File.expand_path('~/.claude/settings.json')
-        CLAUDE_CONFIG   = File.expand_path('~/.claude.json')
+        SECRET_URI_PATTERN = %r{\A(?:env|vault|lease)://}
 
         module_function
 
+        def claude_settings_path
+          File.expand_path(Legion::LLM.settings.dig(:claude_cli, :settings_path) || '~/.claude/settings.json')
+        end
+
+        def claude_config_path
+          File.expand_path(Legion::LLM.settings.dig(:claude_cli, :config_path) || '~/.claude.json')
+        end
+
         def load
-          config = read_json(CLAUDE_SETTINGS).merge(read_json(CLAUDE_CONFIG))
+          config = merged_config
           return if config.empty?
 
           apply_claude_config(config)
         end
 
+        def merged_config
+          read_json(claude_settings_path).merge(read_json(claude_config_path))
+        end
+
         def read_json(path)
           return {} unless File.exist?(path)
 
-          require 'json'
           ::JSON.parse(File.read(path), symbolize_names: true)
         rescue StandardError => e
           handle_exception(e, level: :debug)
           {}
         end
 
+        def anthropic_api_key
+          config = merged_config
+          first_present(
+            config[:anthropicApiKey],
+            config.dig(:env, :ANTHROPIC_API_KEY)
+          )
+        end
+
+        def openai_api_key
+          config = merged_config
+          first_present(
+            config[:openaiApiKey],
+            config.dig(:env, :OPENAI_API_KEY),
+            config.dig(:env, :CODEX_API_KEY)
+          )
+        end
+
+        def bedrock_bearer_token
+          env = read_json(claude_settings_path)[:env]
+          return nil unless env.is_a?(Hash)
+
+          direct = first_present(env[:AWS_BEARER_TOKEN_BEDROCK], env['AWS_BEARER_TOKEN_BEDROCK'])
+          return direct if direct
+
+          match = env.find do |key, value|
+            name = key.to_s.upcase
+            next false unless name.include?('AWS')
+            next false unless name.include?('BEARER')
+            next false unless name.include?('TOKEN')
+            next false unless name.include?('BEDROCK')
+
+            !normalize_secret(value).nil?
+          end
+          normalize_secret(match&.last)
+        end
+
+        def oauth_account_available?
+          oauth = read_json(claude_config_path)[:oauthAccount]
+          oauth.is_a?(Hash) && oauth.any? { |_k, value| !normalize_secret(value).nil? }
+        end
+
         def apply_claude_config(config)
           apply_api_keys(config)
           apply_model_preference(config)
@@ -38,15 +91,23 @@ module Legion
           llm = Legion::LLM.settings
           providers = llm[:providers]
 
-          if config[:anthropicApiKey] && providers.dig(:anthropic, :api_key).nil?
-            providers[:anthropic][:api_key] = config[:anthropicApiKey]
+          anthropic_key = first_present(config[:anthropicApiKey], config.dig(:env, :ANTHROPIC_API_KEY))
+          if anthropic_key && !setting_has_usable_credential?(providers.dig(:anthropic, :api_key))
+            providers[:anthropic][:api_key] = anthropic_key
             log.debug 'Imported Anthropic API key from Claude CLI config'
           end
 
-          return unless config[:openaiApiKey] && providers.dig(:openai, :api_key).nil?
+          openai_key = first_present(config[:openaiApiKey], config.dig(:env, :OPENAI_API_KEY), config.dig(:env, :CODEX_API_KEY))
+          if openai_key && !setting_has_usable_credential?(providers.dig(:openai, :api_key))
+            providers[:openai][:api_key] = openai_key
+            log.debug 'Imported OpenAI API key from Claude CLI config'
+          end
+
+          bedrock_token = bedrock_bearer_token
+          return unless bedrock_token && !setting_has_usable_credential?(providers.dig(:bedrock, :bearer_token))
 
-          providers[:openai][:api_key] = config[:openaiApiKey]
-          log.debug 'Imported OpenAI API key from Claude CLI config'
+          providers[:bedrock][:bearer_token] = bedrock_token
+          log.debug 'Imported Bedrock bearer token from Claude settings.json env section'
         end
 
         def apply_model_preference(config)
@@ -59,6 +120,52 @@ module Legion
           llm[:default_model] = model
           log.debug "Imported model preference from Claude CLI config: #{model}"
         end
+
+        def setting_has_usable_credential?(value)
+          !resolve_setting_reference(value).nil?
+        end
+
+        def resolve_setting_reference(value)
+          case value
+          when Array
+            value.each do |entry|
+              resolved = resolve_setting_reference(entry)
+              return resolved unless resolved.nil?
+            end
+            nil
+          when String
+            resolved = normalize_secret(value)
+            return nil if resolved.nil?
+
+            if resolved.start_with?('env://')
+              env_name = resolved.sub('env://', '')
+              return normalize_secret(ENV.fetch(env_name, nil))
+            end
+            return nil if resolved.match?(SECRET_URI_PATTERN)
+
+            resolved
+          else
+            normalize_secret(value)
+          end
+        end
+
+        def first_present(*values)
+          values.each do |value|
+            normalized = normalize_secret(value)
+            return normalized unless normalized.nil?
+          end
+          nil
+        end
+
+        def normalize_secret(value)
+          return nil if value.nil?
+          return value unless value.is_a?(String)
+
+          normalized = value.strip
+          return nil if normalized.empty?
+
+          normalized
+        end
       end
     end
   end

data/lib/legion/llm/call/codex_config_loader.rb

@@ -15,18 +15,14 @@ module Legion
         module_function
 
         def load
-          return unless File.exist?(CODEX_AUTH)
-
-          config = read_json(CODEX_AUTH)
+          config = read_config
           return if config.empty?
 
           apply_codex_config(config)
         end
 
         def read_token
-          return nil unless File.exist?(CODEX_AUTH)
-
-          config = read_json(CODEX_AUTH)
+          config = read_config
           return nil if config.empty?
           return nil unless config[:auth_mode] == 'chatgpt'
 
@@ -37,6 +33,29 @@ module Legion
           token
         end
 
+        def read_openai_api_key
+          config = read_config
+          return nil if config.empty?
+
+          key = config[:OPENAI_API_KEY] || config[:openai_api_key]
+          return nil unless key.is_a?(String)
+
+          key = key.strip
+          return nil if key.empty?
+
+          key
+        end
+
+        def read_openai_credential
+          read_token || read_openai_api_key
+        end
+
+        def read_config
+          return {} unless File.exist?(CODEX_AUTH)
+
+          read_json(CODEX_AUTH)
+        end
+
         def read_json(path)
           ::JSON.parse(File.read(path), symbolize_names: true)
         rescue StandardError => e