@aitne/shared 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Aitne contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/advisor-models.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Advisor model allowlist — single source of truth for which Claude
+ * model IDs the Claude Agent SDK accepts as the `advisor_20260301`
+ * server-side tool.
+ *
+ * The SDK ships its own substring-based allowlist (`zR6` / `w88` in
+ * SDK 0.2.98) that currently matches only `*opus-4-6` and
+ * `*sonnet-4-6`. Opus 4.7 is the daemon's preferred heavy main model
+ * but is silently rejected by the SDK's advisor path — see
+ * `docs/advisor.md` §"SDK compatibility" and the auto-memory entry
+ * `project_advisor_sdk_constraint`.
+ *
+ * Three places must agree on this allowlist:
+ *   1. `packages/daemon/src/settings/runtime-settings.ts`
+ *      — runtime-config zod refine
+ *   2. `packages/daemon/src/api/routes/backends.ts`
+ *      — `PUT /api/backends/advisor` body schema
+ *   3. `packages/dashboard/src/components/settings/backends-and-plans-section.tsx`
+ *      — dropdown filter + form fallback default
+ *
+ * Update them by bumping this list. The first element is the canonical
+ * default surfaced when no model has been picked yet (preserved from
+ * the prior triple-hardcoded value).
+ *
+ * Tests intentionally hardcode these IDs as fixtures
+ * (`docs/maintenance.md` §"Adding a model" "Pitfalls"). Don't alias
+ * test fixtures to this constant — the fixture stability is the point.
+ */
+export declare const ADVISOR_ALLOWED_MODELS: readonly ["claude-sonnet-4-6", "claude-opus-4-6"];
+export type AdvisorModel = (typeof ADVISOR_ALLOWED_MODELS)[number];
+/** Default advisor model surfaced in the dashboard when no value is set. */
+export declare const DEFAULT_ADVISOR_MODEL: AdvisorModel;
+export declare function isAdvisorModel(value: unknown): value is AdvisorModel;
+//# sourceMappingURL=advisor-models.d.ts.map

package/dist/advisor-models.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"advisor-models.d.ts","sourceRoot":"","sources":["../src/advisor-models.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,eAAO,MAAM,sBAAsB,mDAGzB,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,sBAAsB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEnE,4EAA4E;AAC5E,eAAO,MAAM,qBAAqB,EAAE,YAAwC,CAAC;AAE7E,wBAAgB,cAAc,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,YAAY,CAKpE"}

package/dist/advisor-models.js

@@ -0,0 +1,39 @@
+/**
+ * Advisor model allowlist — single source of truth for which Claude
+ * model IDs the Claude Agent SDK accepts as the `advisor_20260301`
+ * server-side tool.
+ *
+ * The SDK ships its own substring-based allowlist (`zR6` / `w88` in
+ * SDK 0.2.98) that currently matches only `*opus-4-6` and
+ * `*sonnet-4-6`. Opus 4.7 is the daemon's preferred heavy main model
+ * but is silently rejected by the SDK's advisor path — see
+ * `docs/advisor.md` §"SDK compatibility" and the auto-memory entry
+ * `project_advisor_sdk_constraint`.
+ *
+ * Three places must agree on this allowlist:
+ *   1. `packages/daemon/src/settings/runtime-settings.ts`
+ *      — runtime-config zod refine
+ *   2. `packages/daemon/src/api/routes/backends.ts`
+ *      — `PUT /api/backends/advisor` body schema
+ *   3. `packages/dashboard/src/components/settings/backends-and-plans-section.tsx`
+ *      — dropdown filter + form fallback default
+ *
+ * Update them by bumping this list. The first element is the canonical
+ * default surfaced when no model has been picked yet (preserved from
+ * the prior triple-hardcoded value).
+ *
+ * Tests intentionally hardcode these IDs as fixtures
+ * (`docs/maintenance.md` §"Adding a model" "Pitfalls"). Don't alias
+ * test fixtures to this constant — the fixture stability is the point.
+ */
+export const ADVISOR_ALLOWED_MODELS = [
+    "claude-sonnet-4-6",
+    "claude-opus-4-6",
+];
+/** Default advisor model surfaced in the dashboard when no value is set. */
+export const DEFAULT_ADVISOR_MODEL = ADVISOR_ALLOWED_MODELS[0];
+export function isAdvisorModel(value) {
+    return (typeof value === "string"
+        && ADVISOR_ALLOWED_MODELS.includes(value));
+}
+//# sourceMappingURL=advisor-models.js.map

package/dist/advisor-models.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"advisor-models.js","sourceRoot":"","sources":["../src/advisor-models.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,mBAAmB;IACnB,iBAAiB;CACT,CAAC;AAIX,4EAA4E;AAC5E,MAAM,CAAC,MAAM,qBAAqB,GAAiB,sBAAsB,CAAC,CAAC,CAAC,CAAC;AAE7E,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;WACrB,sBAA4C,CAAC,QAAQ,CAAC,KAAK,CAAC,CACjE,CAAC;AACJ,CAAC"}

package/dist/agent-identity.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Default proper-noun the agent uses to sign messages, when the operator
+ * has not explicitly set `agentDisplayName`. Tracks `APP_NAME` so a rebrand
+ * propagates to fresh installs while existing operators keep whatever name
+ * they chose (DB value > default).
+ */
+export declare const DEFAULT_AGENT_DISPLAY_NAME = "Aitne";
+export declare function normalizeAgentDisplayName(name: string | null | undefined): string;
+export declare function validateAgentDisplayName(name: string | null | undefined): string | null;
+export declare function formatAgentOutboundLabel(name: string | null | undefined): string;
+//# sourceMappingURL=agent-identity.d.ts.map

package/dist/agent-identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-identity.d.ts","sourceRoot":"","sources":["../src/agent-identity.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,eAAO,MAAM,0BAA0B,UAAW,CAAC;AAEnD,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC9B,MAAM,CAOR;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC9B,MAAM,GAAG,IAAI,CASf;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC9B,MAAM,CAER"}

package/dist/agent-identity.js

@@ -0,0 +1,29 @@
+import { APP_NAME } from "./branding.js";
+/**
+ * Default proper-noun the agent uses to sign messages, when the operator
+ * has not explicitly set `agentDisplayName`. Tracks `APP_NAME` so a rebrand
+ * propagates to fresh installs while existing operators keep whatever name
+ * they chose (DB value > default).
+ */
+export const DEFAULT_AGENT_DISPLAY_NAME = APP_NAME;
+export function normalizeAgentDisplayName(name) {
+    const trimmed = (name ?? "").trim().replace(/\s+/g, " ");
+    const unwrapped = trimmed.startsWith("[") && trimmed.endsWith("]")
+        ? trimmed.slice(1, -1).trim()
+        : trimmed;
+    return unwrapped || DEFAULT_AGENT_DISPLAY_NAME;
+}
+export function validateAgentDisplayName(name) {
+    const normalized = normalizeAgentDisplayName(name);
+    if (normalized.length > 40) {
+        return "Must be 40 characters or fewer";
+    }
+    if (/[\r\n<>]/.test(normalized)) {
+        return "Must be a single line without angle brackets";
+    }
+    return null;
+}
+export function formatAgentOutboundLabel(name) {
+    return `[${normalizeAgentDisplayName(name)}]`;
+}
+//# sourceMappingURL=agent-identity.js.map

package/dist/agent-identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-identity.js","sourceRoot":"","sources":["../src/agent-identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,QAAQ,CAAC;AAEnD,MAAM,UAAU,yBAAyB,CACvC,IAA+B;IAE/B,MAAM,OAAO,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,SAAS,GACb,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC9C,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;QAC7B,CAAC,CAAC,OAAO,CAAC;IACd,OAAO,SAAS,IAAI,0BAA0B,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,IAA+B;IAE/B,MAAM,UAAU,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC3B,OAAO,gCAAgC,CAAC;IAC1C,CAAC;IACD,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAChC,OAAO,8CAA8C,CAAC;IACxD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,IAA+B;IAE/B,OAAO,IAAI,yBAAyB,CAAC,IAAI,CAAC,GAAG,CAAC;AAChD,CAAC"}

package/dist/alerts.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Notifications Center — alert types surfaced on the Overview page.
+ *
+ * See docs/design/20-notifications-center.md for the schema rationale,
+ * severity rules, and dismissal model.
+ *
+ * Each alert is detected by a pure function on the daemon side and
+ * concatenated into `/api/health.alerts`. The dashboard renders them
+ * severity-sorted in the NotificationsPanel.
+ */
+export type AlertSeverity = "error" | "warning" | "info";
+export type AlertSource = "system" | "auth" | "mail" | "config" | "cost" | "setup";
+export interface Alert {
+    /**
+     * Stable identifier scoped to the alert's content.
+     * Examples: `mail.reconsent.acct_42`, `cost.daily_cap`, `command.conflict.deploy`.
+     * Used as the localStorage dismiss key on the client.
+     */
+    id: string;
+    severity: AlertSeverity;
+    /** One-line action statement (e.g. "Gmail account needs re-authentication"). */
+    title: string;
+    /** Optional context, ≤2 sentences. */
+    description?: string;
+    /** Relative deep link to the page that fixes this. */
+    href?: string;
+    source: AlertSource;
+    /**
+     * Whether the user can dismiss this. By design:
+     * - error → false
+     * - warning → true (snoozes 24h)
+     * - info → true (dismisses permanently per fingerprint)
+     */
+    dismissable: boolean;
+    /** ISO timestamp when this alert was first detected in this state. */
+    detectedAt: string;
+    /**
+     * Content fingerprint. When the underlying state changes (e.g. a new
+     * conflict appears) this changes too, so a previously-dismissed alert
+     * resurfaces. Detectors compute it deterministically.
+     */
+    fingerprint: string;
+}
+//# sourceMappingURL=alerts.d.ts.map

package/dist/alerts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"alerts.d.ts","sourceRoot":"","sources":["../src/alerts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;AAEzD,MAAM,MAAM,WAAW,GACnB,QAAQ,GACR,MAAM,GACN,MAAM,GACN,QAAQ,GACR,MAAM,GACN,OAAO,CAAC;AAEZ,MAAM,WAAW,KAAK;IACpB;;;;OAIG;IACH,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,aAAa,CAAC;IACxB,gFAAgF;IAChF,KAAK,EAAE,MAAM,CAAC;IACd,sCAAsC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sDAAsD;IACtD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,WAAW,CAAC;IACpB;;;;;OAKG;IACH,WAAW,EAAE,OAAO,CAAC;IACrB,sEAAsE;IACtE,UAAU,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,WAAW,EAAE,MAAM,CAAC;CACrB"}

package/dist/alerts.js

@@ -0,0 +1,12 @@
+/**
+ * Notifications Center — alert types surfaced on the Overview page.
+ *
+ * See docs/design/20-notifications-center.md for the schema rationale,
+ * severity rules, and dismissal model.
+ *
+ * Each alert is detected by a pure function on the daemon side and
+ * concatenated into `/api/health.alerts`. The dashboard renders them
+ * severity-sorted in the NotificationsPanel.
+ */
+export {};
+//# sourceMappingURL=alerts.js.map

package/dist/alerts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"alerts.js","sourceRoot":"","sources":["../src/alerts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG"}

package/dist/backend-api-key-config.d.ts

@@ -0,0 +1,337 @@
+/**
+ * Per-backend provider auth configuration.
+ *
+ * Direct API keys (Anthropic / OpenAI / Google) are the long-standing path,
+ * but Claude Code's SDK also supports cloud-hosted Anthropic deployments,
+ * and Gemini CLI supports Vertex AI:
+ *
+ * Claude Code:
+ *  - Amazon Bedrock     → CLAUDE_CODE_USE_BEDROCK=1 + AWS creds (access key /
+ *                         bearer token / profile) + AWS_REGION
+ *  - Google Vertex AI   → CLAUDE_CODE_USE_VERTEX=1  + ANTHROPIC_VERTEX_PROJECT_ID +
+ *                         CLOUD_ML_REGION (creds via Application Default
+ *                         Credentials chain or GOOGLE_APPLICATION_CREDENTIALS file)
+ *  - Microsoft Foundry  → CLAUDE_CODE_USE_FOUNDRY=1 + ANTHROPIC_FOUNDRY_RESOURCE
+ *                         (or ANTHROPIC_FOUNDRY_BASE_URL) + optional
+ *                         ANTHROPIC_FOUNDRY_API_KEY (Entra ID auto-fallback)
+ *
+ * Gemini CLI:
+ *  - Vertex AI          → GOOGLE_GENAI_USE_VERTEXAI=true + GOOGLE_CLOUD_PROJECT +
+ *                         GOOGLE_CLOUD_LOCATION (auth via ADC / service account
+ *                         file / Vertex API key)
+ *
+ * Codex CLI's Azure OpenAI mode requires a `~/.codex/config.toml` file and is
+ * NOT exposed through this surface — env-var mirroring is insufficient to
+ * configure it. Codex stays direct-API-key only here.
+ *
+ * The daemon stores the chosen provider + its credentials as a single JSON
+ * blob in the OS keychain (`backend.<id>.api_key`). At startup and on every
+ * UI mutation the daemon mirrors the active provider's env vars into
+ * `process.env`, so the unchanged Claude SDK / Codex CLI / Gemini CLI
+ * subprocesses pick them up via the same inherited-env path.
+ *
+ * Backwards compatibility: legacy entries written before this feature were
+ * raw strings (the API key itself). `parseBackendApiKeyConfig` accepts both
+ * the new JSON shape and the legacy raw-string form.
+ *
+ * Env-var spec sources (verified 2026-05):
+ *  - https://code.claude.com/docs/en/amazon-bedrock
+ *  - https://code.claude.com/docs/en/google-vertex-ai
+ *  - https://code.claude.com/docs/en/microsoft-foundry
+ *  - https://geminicli.com/docs/get-started/authentication/
+ */
+import { z } from "zod";
+import type { BackendId } from "./backend.js";
+export declare const CLAUDE_API_KEY_PROVIDERS: readonly ["anthropic", "bedrock", "vertex", "foundry"];
+export type ClaudeApiKeyProvider = (typeof CLAUDE_API_KEY_PROVIDERS)[number];
+export declare const CODEX_API_KEY_PROVIDERS: readonly ["openai", "azure-openai"];
+export type CodexApiKeyProvider = (typeof CODEX_API_KEY_PROVIDERS)[number];
+export declare const GEMINI_API_KEY_PROVIDERS: readonly ["google", "gemini-vertex"];
+export type GeminiApiKeyProvider = (typeof GEMINI_API_KEY_PROVIDERS)[number];
+export type ApiKeyProvider = ClaudeApiKeyProvider | CodexApiKeyProvider | GeminiApiKeyProvider;
+export declare const API_KEY_PROVIDERS_BY_BACKEND: Record<BackendId, readonly ApiKeyProvider[]>;
+export declare function defaultApiKeyProvider(backendId: BackendId): ApiKeyProvider;
+export declare function isApiKeyProviderForBackend(backendId: BackendId, provider: string): provider is ApiKeyProvider;
+export declare const anthropicApiKeyConfigSchema: z.ZodObject<{
+    provider: z.ZodLiteral<"anthropic">;
+    apiKey: z.ZodString;
+}, z.core.$strip>;
+/**
+ * Per-provider model pinning fields. Setting any of these mirrors to the
+ * `ANTHROPIC_DEFAULT_OPUS_MODEL` / `ANTHROPIC_DEFAULT_SONNET_MODEL` /
+ * `ANTHROPIC_DEFAULT_HAIKU_MODEL` env vars so the `opus`/`sonnet`/`haiku`
+ * aliases resolve to the cloud-native model ID instead of the latest
+ * version (which may not be enabled in the customer's account, causing
+ * a 404 or fallback at startup). The Anthropic docs explicitly call this
+ * out as required for production deployments.
+ *
+ * The field shape is shared across Bedrock / Vertex / Foundry — only the
+ * recommended *defaults* differ per cloud (see
+ * `RECOMMENDED_PINNED_MODELS_BY_PROVIDER`).
+ */
+declare const pinnedModelsSchema: z.ZodObject<{
+    defaultOpusModel: z.ZodOptional<z.ZodString>;
+    defaultSonnetModel: z.ZodOptional<z.ZodString>;
+    defaultHaikuModel: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type PinnedModelDefaults = z.infer<typeof pinnedModelsSchema>;
+/**
+ * Recommended model IDs per cloud. The dashboard pre-fills the pinning
+ * fields with these values, but the operator can edit. Update these
+ * alongside Anthropic's docs when a new model rolls out across all clouds.
+ */
+export declare const RECOMMENDED_PINNED_MODELS_BY_PROVIDER: Record<"bedrock" | "vertex" | "foundry", Required<PinnedModelDefaults>>;
+export declare const bedrockApiKeyConfigSchema: z.ZodIntersection<z.ZodIntersection<z.ZodIntersection<z.ZodDiscriminatedUnion<[z.ZodObject<{
+    authMode: z.ZodLiteral<"access_key">;
+    awsAccessKeyId: z.ZodString;
+    awsSecretAccessKey: z.ZodString;
+    awsSessionToken: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    authMode: z.ZodLiteral<"bearer_token">;
+    awsBearerTokenBedrock: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+    authMode: z.ZodLiteral<"profile">;
+    awsProfile: z.ZodString;
+}, z.core.$strip>], "authMode">, z.ZodObject<{
+    provider: z.ZodLiteral<"bedrock">;
+    awsRegion: z.ZodString;
+}, z.core.$strip>>, z.ZodObject<{
+    bedrockBaseUrl: z.ZodOptional<z.ZodString>;
+    useMantle: z.ZodOptional<z.ZodBoolean>;
+    mantleBaseUrl: z.ZodOptional<z.ZodString>;
+    skipMantleAuth: z.ZodOptional<z.ZodBoolean>;
+    smallFastModelAwsRegion: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>, z.ZodObject<{
+    defaultOpusModel: z.ZodOptional<z.ZodString>;
+    defaultSonnetModel: z.ZodOptional<z.ZodString>;
+    defaultHaikuModel: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>;
+export declare const vertexApiKeyConfigSchema: z.ZodIntersection<z.ZodObject<{
+    provider: z.ZodLiteral<"vertex">;
+    projectId: z.ZodString;
+    region: z.ZodString;
+    credentialsFile: z.ZodOptional<z.ZodString>;
+    vertexBaseUrl: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    defaultOpusModel: z.ZodOptional<z.ZodString>;
+    defaultSonnetModel: z.ZodOptional<z.ZodString>;
+    defaultHaikuModel: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>;
+/**
+ * Foundry needs *one* of `resource` (the Azure resource name; daemon
+ * routes to https://<resource>.services.ai.azure.com/anthropic) OR
+ * `baseUrl` (the full URL). API key is **optional** — when omitted,
+ * Claude Code uses the Azure DefaultAzureCredential chain (e.g. `az
+ * login` / managed identity).
+ */
+export declare const foundryApiKeyConfigSchema: z.ZodIntersection<z.ZodObject<{
+    provider: z.ZodLiteral<"foundry">;
+    resource: z.ZodOptional<z.ZodString>;
+    baseUrl: z.ZodOptional<z.ZodString>;
+    apiKey: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    defaultOpusModel: z.ZodOptional<z.ZodString>;
+    defaultSonnetModel: z.ZodOptional<z.ZodString>;
+    defaultHaikuModel: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>;
+export declare const openaiApiKeyConfigSchema: z.ZodObject<{
+    provider: z.ZodLiteral<"openai">;
+    apiKey: z.ZodString;
+}, z.core.$strip>;
+/**
+ * Codex CLI on Azure OpenAI. Codex CLI requires a `[model_providers.azure]`
+ * block in `config.toml` — env vars alone are insufficient. The daemon
+ * works around this by writing a managed `config.toml` to
+ * `<PA_DATA_DIR>/codex-home/config.toml` and pointing `CODEX_HOME` at
+ * that directory for spawned codex subprocesses, leaving the operator's
+ * personal `~/.codex/` configuration untouched.
+ *
+ * Required: `resource` (Azure resource name) and `apiKey` (mirrored to
+ * `AZURE_OPENAI_API_KEY`). Optional: `apiVersion` (defaults to the latest
+ * preview version Codex docs recommend) and `deploymentName` — when set,
+ * Codex's `model` setting is pinned to this deployment.
+ *
+ * **Known limitation: `--model` flag override.** The daemon's CodexCore
+ * spawns Codex with `--model <id>` where `<id>` is the per-process
+ * model from the registry (e.g. `gpt-5-codex`). On Azure, Codex treats
+ * the model argument as the *deployment name*, so the operator MUST
+ * name their Azure deployment to match the model IDs the daemon's
+ * routing uses. Renaming the deployment in Azure is the supported fix;
+ * a future round may plumb the active provider into CodexCore so the
+ * daemon can rewrite `--model` automatically.
+ */
+export declare const DEFAULT_AZURE_OPENAI_API_VERSION = "2025-04-01-preview";
+export declare const azureOpenAiApiKeyConfigSchema: z.ZodObject<{
+    provider: z.ZodLiteral<"azure-openai">;
+    resource: z.ZodString;
+    apiKey: z.ZodString;
+    apiVersion: z.ZodOptional<z.ZodString>;
+    deploymentName: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const googleApiKeyConfigSchema: z.ZodObject<{
+    provider: z.ZodLiteral<"google">;
+    apiKey: z.ZodString;
+}, z.core.$strip>;
+export declare const geminiVertexApiKeyConfigSchema: z.ZodIntersection<z.ZodDiscriminatedUnion<[z.ZodObject<{
+    authMode: z.ZodLiteral<"adc">;
+}, z.core.$strip>, z.ZodObject<{
+    authMode: z.ZodLiteral<"service_account">;
+    credentialsFile: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+    authMode: z.ZodLiteral<"api_key">;
+    apiKey: z.ZodString;
+}, z.core.$strip>], "authMode">, z.ZodObject<{
+    provider: z.ZodLiteral<"gemini-vertex">;
+    projectId: z.ZodString;
+    location: z.ZodString;
+}, z.core.$strip>>;
+export declare const backendApiKeyConfigSchema: z.ZodUnion<readonly [z.ZodObject<{
+    provider: z.ZodLiteral<"anthropic">;
+    apiKey: z.ZodString;
+}, z.core.$strip>, z.ZodIntersection<z.ZodIntersection<z.ZodIntersection<z.ZodDiscriminatedUnion<[z.ZodObject<{
+    authMode: z.ZodLiteral<"access_key">;
+    awsAccessKeyId: z.ZodString;
+    awsSecretAccessKey: z.ZodString;
+    awsSessionToken: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    authMode: z.ZodLiteral<"bearer_token">;
+    awsBearerTokenBedrock: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+    authMode: z.ZodLiteral<"profile">;
+    awsProfile: z.ZodString;
+}, z.core.$strip>], "authMode">, z.ZodObject<{
+    provider: z.ZodLiteral<"bedrock">;
+    awsRegion: z.ZodString;
+}, z.core.$strip>>, z.ZodObject<{
+    bedrockBaseUrl: z.ZodOptional<z.ZodString>;
+    useMantle: z.ZodOptional<z.ZodBoolean>;
+    mantleBaseUrl: z.ZodOptional<z.ZodString>;
+    skipMantleAuth: z.ZodOptional<z.ZodBoolean>;
+    smallFastModelAwsRegion: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>, z.ZodObject<{
+    defaultOpusModel: z.ZodOptional<z.ZodString>;
+    defaultSonnetModel: z.ZodOptional<z.ZodString>;
+    defaultHaikuModel: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>, z.ZodIntersection<z.ZodObject<{
+    provider: z.ZodLiteral<"vertex">;
+    projectId: z.ZodString;
+    region: z.ZodString;
+    credentialsFile: z.ZodOptional<z.ZodString>;
+    vertexBaseUrl: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    defaultOpusModel: z.ZodOptional<z.ZodString>;
+    defaultSonnetModel: z.ZodOptional<z.ZodString>;
+    defaultHaikuModel: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>, z.ZodIntersection<z.ZodObject<{
+    provider: z.ZodLiteral<"foundry">;
+    resource: z.ZodOptional<z.ZodString>;
+    baseUrl: z.ZodOptional<z.ZodString>;
+    apiKey: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    defaultOpusModel: z.ZodOptional<z.ZodString>;
+    defaultSonnetModel: z.ZodOptional<z.ZodString>;
+    defaultHaikuModel: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>, z.ZodObject<{
+    provider: z.ZodLiteral<"openai">;
+    apiKey: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+    provider: z.ZodLiteral<"azure-openai">;
+    resource: z.ZodString;
+    apiKey: z.ZodString;
+    apiVersion: z.ZodOptional<z.ZodString>;
+    deploymentName: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    provider: z.ZodLiteral<"google">;
+    apiKey: z.ZodString;
+}, z.core.$strip>, z.ZodIntersection<z.ZodDiscriminatedUnion<[z.ZodObject<{
+    authMode: z.ZodLiteral<"adc">;
+}, z.core.$strip>, z.ZodObject<{
+    authMode: z.ZodLiteral<"service_account">;
+    credentialsFile: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+    authMode: z.ZodLiteral<"api_key">;
+    apiKey: z.ZodString;
+}, z.core.$strip>], "authMode">, z.ZodObject<{
+    provider: z.ZodLiteral<"gemini-vertex">;
+    projectId: z.ZodString;
+    location: z.ZodString;
+}, z.core.$strip>>]>;
+export type AnthropicApiKeyConfig = z.infer<typeof anthropicApiKeyConfigSchema>;
+export type BedrockApiKeyConfig = z.infer<typeof bedrockApiKeyConfigSchema>;
+export type VertexApiKeyConfig = z.infer<typeof vertexApiKeyConfigSchema>;
+export type FoundryApiKeyConfig = z.infer<typeof foundryApiKeyConfigSchema>;
+export type OpenAiApiKeyConfig = z.infer<typeof openaiApiKeyConfigSchema>;
+export type AzureOpenAiApiKeyConfig = z.infer<typeof azureOpenAiApiKeyConfigSchema>;
+export type GoogleApiKeyConfig = z.infer<typeof googleApiKeyConfigSchema>;
+export type GeminiVertexApiKeyConfig = z.infer<typeof geminiVertexApiKeyConfigSchema>;
+export type BackendApiKeyConfig = z.infer<typeof backendApiKeyConfigSchema>;
+/**
+ * Every env var the daemon may set or clear when mirroring auth state for a
+ * backend. Returned as a stable list so `backend-api-key-env.ts` can snapshot
+ * the operator's shell values once at startup and restore them on UI clear.
+ *
+ * The list is the **superset** across providers: switching from Anthropic to
+ * Bedrock must clear `ANTHROPIC_API_KEY` and set `CLAUDE_CODE_USE_BEDROCK=1`
+ * + AWS_*, so both must appear here even though they are never set together.
+ */
+export declare function getManagedApiKeyEnvVars(backendId: BackendId): readonly string[];
+/**
+ * Build the `config.toml` Codex CLI consumes when the daemon points
+ * `CODEX_HOME` at the managed directory.
+ *
+ * Per OpenAI Codex docs (verified 2026-05), the wire_api must be
+ * `responses` and the API version must be supplied as a `query_params`
+ * entry. Codex resolves the API key by reading `env_key` against
+ * `process.env`.
+ *
+ * **TOML layout matters.** `model_provider` (and `model`, when set) MUST
+ * appear *before* the `[model_providers.azure]` table — once a `[section]`
+ * header opens, all subsequent keys belong to that section until the next
+ * header. Emitting `model_provider = "azure"` after the section header
+ * would silently nest it as `model_providers.azure.model_provider`,
+ * leaving the top-level `model_provider` unset and Codex routing through
+ * the OpenAI default. Tested with `smol-toml`.
+ */
+export declare function buildCodexAzureConfigToml(config: AzureOpenAiApiKeyConfig): string;
+/**
+ * Resolve which env vars to write for a given provider config. Returns a map
+ * of env-var name → value. Env vars omitted from the map should be cleared
+ * (or restored to their captured shell value) by the caller.
+ *
+ * Note on `GOOGLE_APPLICATION_CREDENTIALS`: this is the Google standard env
+ * var name and expects a **file path** (not inline JSON). The earlier
+ * iteration of this code wrote `GOOGLE_APPLICATION_CREDENTIALS_JSON` with
+ * inline JSON, which the Anthropic SDK and gcloud SDK both ignore. Operators
+ * who want service-account-based auth supply the file path; operators who
+ * want ADC leave it blank and use `gcloud auth application-default login`.
+ *
+ * Note on `CODEX_HOME` (Azure OpenAI): this map does NOT include it. The
+ * daemon owns the managed config.toml directory path and adds `CODEX_HOME`
+ * separately when materializing the assignment — see the daemon-side
+ * `materializeCodexAzureConfig` helper.
+ */
+export declare function getApiKeyEnvAssignments(config: BackendApiKeyConfig): Record<string, string>;
+/**
+ * Decode the raw keychain string for a backend into a typed config.
+ *
+ * Three accepted forms (highest priority first):
+ *   1. JSON-encoded `BackendApiKeyConfig` — the new format.
+ *   2. Legacy raw API key (non-JSON string) — promoted to the backend's
+ *      default direct provider (anthropic / openai / google).
+ *   3. `null` / blank — no config.
+ */
+export declare function parseBackendApiKeyConfig(backendId: BackendId, raw: string | null | undefined): BackendApiKeyConfig | null;
+/** Encode a typed config back into the JSON form stored in the keychain. */
+export declare function serializeBackendApiKeyConfig(config: BackendApiKeyConfig): string;
+export declare function isPlausibleAnthropicApiKey(value: string): boolean;
+export declare function isPlausibleOpenAiApiKey(value: string): boolean;
+export declare function isPlausibleGeminiApiKey(value: string): boolean;
+/**
+ * Best-effort format check on a populated config. Returns null when the
+ * shape looks plausible, or a human-readable hint when something obvious
+ * is wrong. Server-side probes are still authoritative — this catches
+ * cheap typos before the keychain write.
+ */
+export declare function validateBackendApiKeyConfigFormat(backendId: BackendId, config: BackendApiKeyConfig): string | null;
+export {};
+//# sourceMappingURL=backend-api-key-config.d.ts.map

package/dist/backend-api-key-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backend-api-key-config.d.ts","sourceRoot":"","sources":["../src/backend-api-key-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAI9C,eAAO,MAAM,wBAAwB,wDAK3B,CAAC;AACX,MAAM,MAAM,oBAAoB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE7E,eAAO,MAAM,uBAAuB,qCAAsC,CAAC;AAC3E,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,uBAAuB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE3E,eAAO,MAAM,wBAAwB,sCAAuC,CAAC;AAC7E,MAAM,MAAM,oBAAoB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE7E,MAAM,MAAM,cAAc,GACtB,oBAAoB,GACpB,mBAAmB,GACnB,oBAAoB,CAAC;AAEzB,eAAO,MAAM,4BAA4B,EAAE,MAAM,CAC/C,SAAS,EACT,SAAS,cAAc,EAAE,CAK1B,CAAC;AAEF,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,SAAS,GAAG,cAAc,CAE1E;AAED,wBAAgB,0BAA0B,CACxC,SAAS,EAAE,SAAS,EACpB,QAAQ,EAAE,MAAM,GACf,QAAQ,IAAI,cAAc,CAI5B;AAID,eAAO,MAAM,2BAA2B;;;iBAGtC,CAAC;AA6BH;;;;;;;;;;;;GAYG;AACH,QAAA,MAAM,kBAAkB;;;;iBAItB,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAErE;;;;GAIG;AACH,eAAO,MAAM,qCAAqC,EAAE,MAAM,CACxD,SAAS,GAAG,QAAQ,GAAG,SAAS,EAChC,QAAQ,CAAC,mBAAmB,CAAC,CAiB9B,CAAC;AAmBF,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;kBAaZ,CAAC;AAE3B,eAAO,MAAM,wBAAwB;;;;;;;;;;kBAaX,CAAC;AAE3B;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;kBAcnC,CAAC;AAEJ,eAAO,MAAM,wBAAwB;;;iBAGnC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,gCAAgC,uBAAuB,CAAC;AAErE,eAAO,MAAM,6BAA6B;;;;;;iBAMxC,CAAC;AAEH,eAAO,MAAM,wBAAwB;;;iBAGnC,CAAC;AAsBH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;kBAYxC,CAAC;AAEJ,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBASpC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAChF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AACF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAC5C,OAAO,8BAA8B,CACtC,CAAC;AACF,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAI5E;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,SAAS,GACnB,SAAS,MAAM,EAAE,CAsDnB;AAuBD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,uBAAuB,GAC9B,MAAM,CA6BR;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,mBAAmB,GAC1B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAiIxB;AAID;;;;;;;;GAQG;AACH,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC7B,mBAAmB,GAAG,IAAI,CA+B5B;AAED,4EAA4E;AAC5E,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,mBAAmB,GAC1B,MAAM,CAER;AAQD,wBAAgB,0BAA0B,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEjE;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAI9D;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE9D;AAED;;;;;GAKG;AACH,wBAAgB,iCAAiC,CAC/C,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,mBAAmB,GAC1B,MAAM,GAAG,IAAI,CAkFf"}